PC / INTERNET NEWS

Google using Chrome to reform slow Web sites

2010-10-04T22:09:00.000-07:00

Google plans to use Chrome as a tool to reform the Web by encouraging use of a technology the company says will reduce data-transfer delays.
The technology, called False Start, has the potential to reduce one round of back-and-forth communications between a browser and a Web server when establishing an encrypted connection. That's a significant time savings--about 7 hundredths of a second for communication across the United States and 1.5 tenths of a second from California to Europe.
Even better, unlike many protocol improvements that could improve communications, it doesn't even require changes on both sides of the network connection. Only the browser needs to be changed, according to False Start co-author Adam Langley. Naturally, Google has begun building False Start into its Chrome browser, judging by a Chrome command-line switch that lets Chrome users disable it.
Great, right? Free speed for everyone! Well, actually, there's a catch.
"We are aware that this change will cause issues with about 0.05 percent of Web sites on the Internet," Langley said in a blog post.
That may not sound like a lot, but according to NetCraft's measurements, there were 227 million Web sites in September. Proportionally, the problem is small, but in absolute terms False Start wouldn't work with about 114,000 sites by NetCraft's tally.
Google, undeterred, sees this as an opportunity to fix what it sees as wrong with the Web.
"Chrome still carries an idealism that means that we're going to try to make low-level changes and try to make them work," not just try to gloss over them with higher-level interfaces, he said.
Accordingly, Chrome will be endowed with a blacklist to disable the False Start acceleration feature for sites where it wouldn't work, and Google will try to reach those sites to encourage upgrades, he said.
Google can use the approach to discourage new Web sites from following predecessors' footsteps that lead to the problem, Langley said:
Blacklisting gives us two advantages. Firstly, it limits the accumulation of new problematic websites. Sites which have never worked are a very different case from sites which used to work.
Secondly, we can contact the problematic sites in question. We already have a good idea of where the problem lies with many of them and we're in contact with the stakeholders to plan a way forward.
It's possible Google's plan might ruffle some feathers, but the company is only trying to get Web sites to catch up with browser communication encryption technology that was standardized nearly 12 years ago, he said.
Specifically, the problem stems from the transition from an encryption technology called Transport Layer Security (TLS), formerly known as Secure Sockets Layer (SSL). This is the technology that's used to curtail snooping of communications with banks and e-commerce sites
During the transition to TLS 1.0, Web browsers were set up to fall back to the earlier SSL 3.0 standard for Web sites that weren't upgraded. But it turns out that old technology lingers on, and the fallback is what causes problems with False Start TLS.
"It was assumed that the problematic Web servers could be fixed in a few years and the fallback could be removed," Langley said. "Twelve years later, the fallback is in robust health and still adding complexity. A security update to TLS earlier this year was made much more complex by the need to account for SSLv3 fallback. The operators of the problematic Web servers are largely unaware of the problems that they are causing and have no incentive to change in any case."
Being blacklisted by Chrome could be that very incentive.
"Blacklists require effort to maintain, and we'll have to be responsive to make it work," but the fast-moving Chrome team is up to the challenge, said Langley. "With our near-weekly dev channel and even more frequently updated Canary channel, we think that we can do it."

Ten Things IT Professionals Should Know About Windows 7

2010-10-04T22:03:00.000-07:00

Every year, we get hit with a long drumbeat of “top 10 lists”—whether it’s the 10 worst-dressed celebrities at the Academy Awards, the 10 best ways to get in shape before spring, the 10 best ways to annoy the person in the office next to you.

At the Springboard Series, we pretty much have a one-track mind—what is in store for IT professionals responsible for desktop administration. While we might be tempted to share a couple of those weight-loss tips, it’s probably best we stick to what we know best—the top 10 things you need to know about the Windows 7 operating system.

With the Release Candidate of Windows 7 now available, we encourage you to download a version to your lab machine and begin testing your applications and devices to get to know what’s in it for you. As you begin testing, we offer this guide to the key features and capabilities in this new desktop operating system.

Here are the top 10 things to know about Windows 7:

1 - Application compatibility
The Windows Vista operating system introduced architectural changes down to the kernel level that made the OS inherently more secure than Windows XP. However, this came at a cost; many applications needed modification to function properly in a Windows Vista environment. While at this point in the lifecycle of Windows Vista (post Service Pack 1) most applications are now compatible, deploying Windows Vista into the desktop environment early on required some “heavy lifting” and creative shimming—not to mention a few late nights.

Windows 7 is built on the same basic architecture as Windows Vista, so most applications will retain their compatibility between these operating systems. This alone will make adopting Windows 7 much less challenging than migrating from Windows XP to Windows Vista. If your organization is like many that are still standardized on Windows XP, you will need to transition to updated versions of your key applications, but the availability of Windows Vista–compatible versions and well-proven shims will make this task more manageable.

2 - Hardware compatibility and requirements
Much like the application compatibility issues, adopting Windows Vista early-on was a challenge because of the higher system requirements—such as RAM and graphics. On the flip side, Windows Vista provides manageability and security that just isn’t available on Windows XP, and with more capable hardware, Windows Vista is able to perform a number of useful functions that improve productivity (such as Windows Search 4 and the Windows Aero desktop experience) and increase PC responsiveness (the ReadyBoost technology launches applications more quickly by maintaining a portion of frequently used applications in memory).

Windows 7 was designed to perform well on the same hardware that runs Windows Vista well, while delivering additional performance and reliability improvements. The design team for Windows 7 had a specific focus on the fundamentals—as well as maintaining compatibility with existing applications and hardware. In operation, you will find that Windows 7 boots faster and has a smaller memory footprint than Windows Vista.

3 - Better Together with Windows Server 2008
One of the key benefits of the modern operating system is that Windows 7 and the Windows Server 2008 operating system share a common code base, and are maintained with a single servicing model. This servicing model means updates and security updates are shared across both client PCs and servers, simplifying the process of maintaining an up-to-date infrastructure.

In addition, environments with both Windows Server 2008 and Windows 7 unlock capabilities that extend functionality and help ensure a more secure environment. One example is DirectAccess, which allows management and updating of remote mobile PCs that are connected to the Internet, even when they are not connected to the corporate network. This capability helps ensure that remote users receive security patches on a timely basis, and allows IT to update configuration setting via Group Policy. For the end user, DirectAccess allows access to locations on the corporate network without using a virtual private network (VPN) connection. (In addition to Windows Server 2008 R2, DirectAccess requires IPSec and IPv6 implementation.)

4 - Extend data encryption to removable media
News reports are rife with stories about companies losing control over sensitive information. In some industries, this is an issue with grave legal implications, while in other situations the issue is inconvenience. Regardless, smart compliance policy dictates that sensitive information be safeguarded in the event of a lost or stolen laptop. Further, preventing sensitive information from being removed from corporate resources is a pillar of effective compliance management.

Windows 7 includes BitLocker technology, first implemented in Windows Vista, which now provides full encryption of all boot volumes on a PC; along with introducing BitLocker To Go that offers data protection on portable storage, such as USB flash drives. In addition, BitLocker Drive Encryption and BitLocker To Go can be managed via Group Policy, placing more control over sensitive information in the hands of the professionals.

5 - Control the application portfolio available to end users
Windows 7 features AppLocker, a new capability that allows IT administrators to specify which applications are permitted to run on a laptop or desktop PC. This capability helps you manage license compliance and control access to sensitive programs, but also importantly, it helps reduce the opportunity for malware to run on client PCs. AppLocker provides a powerful rule-based structure for specifying which applications can run, and includes “publisher rules” that keeps the rules intact though version updates.

To see how AppLocker is set up and managed, click here for a screencast demonstration.

6 - Automate routine tasks with powerful scripting
To help IT administrators better maintain a consistent environment and improve personal productivity, Windows 7 includes an updated graphical scripting editor, Windows PowerShell 2.0—a powerful, complete scripting language that supports branching, looping, functions, debugging, exception handling, and internationalization.

• PowerShell 2.0 has an intuitive, graphical user interface that helps make script generation easier, especially for administrators who are not comfortable in command-line environments.
• PowerShell 2.0 supports two types of remoting—fan-out, which delivers management scripts on a one-to-many basis, and one-to-one interactive remoting to support troubleshooting of a specific machine. You can also use the PowerShell Restricted Shell to limit commands and command parameters to system administrators, and to restrict scripts to those who have been granted rights.
• PowerShell 2.0, with the Group Policy Management Console (available as a separate download), allows IT professionals to use scripting to manage Group Policy Objects and to create or edit registry-based group policy settings in Windows 7. Similarly, you can use PowerShell to configure PCs more efficiently, using richer logon, logoff, startup, and shutdown scripts that are executed through Group Policy.

Click here to take a quick tour of PowerShell 2.0.

7 - Troubleshoot faster and more effectively
Windows 7 provides rich tools to identify and resolve technical issues, often by the end users themselves. If a help desk call is unavoidable, Windows 7 includes several features and troubleshooting tools to help speed resolution.

• The Problem Steps Recorder allows end users to reproduce and record their experience with an application failure, with each step recorded as a screen shot along with accompanying logs and software configuration data. A compressed file is then created that can be forwarded to support staff to help troubleshoot the problem.
• Windows 7 includes a suite of troubleshooting packs, collections of PowerShell scripts, and related information that can be executed remotely by IT professionals from the command line, and controlled on the enterprise basis through Group Policy Settings.
• Windows 7 also includes Unified Tracing to help identify and resolve network connectivity issues in a single tool. Unified Tracing collects event logs and captures packets across all layers of the networking stack, providing an integrated view into what’s happening in the Windows 7 networking stack and aiding analysis and problem resolution.

8 - Create, deploy, and manage images more efficiently
Windows 7 includes several tools to streamline the creation and servicing of the deployment image, and to get users up and running as quickly as possible.

The Deployment Image Servicing and Management (DISM) tool in Windows 7 provides a central place to build and service Windows images offline. With DISM, you can perform many functions with one tool: mount and unmount system images; add, remove, and enumerate packages and drivers; enable or disable Windows features; configure international settings, and maintain an inventory of offline images that contain drivers, packages features, and software updates. Windows 7 also enables the same processes and tools to be used when managing virtual machine (VHD) and native file-based (WIM) image files.

Windows 7 also includes Dynamic Driver Provisioning, where device drivers are stored independent of the deployed image and can be injected dynamically based on the Plug and Play ID of the hardware, or as predetermined sets based on information contained in the basic input/output system (BIOS). Reducing the number of drivers on individual machines reduces the number of potential conflicts, ultimately minimizing setup time and improving the reliability of the PC.
When you are ready to deploy Windows 7, Multicast Multiple Stream Transfer enables servers to “broadcast” image data to multiple clients simultaneously, and to group clients with similar bandwidth capabilities into network streams to permit the fastest possible overall transfer rate while optimizing bandwidth utilization.

Watch a screen cast demonstration of the deployment tools for Windows 7 here.

9 - Easier migration of user data and profiles
Windows 7 includes enhancements to the User State Migration Tool (USMT), a command-line tool that you use to migrate operating system settings, files, and other user profile data from one PC to another. In Windows 7, USMT adds a hardlink migration feature for computer refresh scenarios, a capability that stores user data and settings in a common place on a drive, eliminating the need to “physically” move the files during a clean install.

10 - Improve user productivity in branch offices
Windows 7 introduces BranchCache, a technology that caches frequently accessed content from remote file and Web servers in the branch location, so users can access this information more quickly. The cache can be hosted centrally on a server in the branch location, or can be distributed across user PCs. One caveat: to take advantage of BranchCache, you will need to deploy Windows Server 2008 R2 on the related servers.

And, as a bonus:

Better support for client virtualization
Windows 7 delivers a richer experience when users are connected to a virtual desktop—much closer to the experience provides by a native Windows desktop. For example, Windows 7 provides multi-monitor support, bi-directional audio to enable Voice over Internet Protocol (VoIP) and speech recognition applications, and access to local devices, such as printers.

So there you have it—the top 10 things you need to know about Windows 7 (okay, we couldn’t stop until we hit “11”)—and if you have ideas for how to best annoy your office mates, it’s probably best to keep those to yourself!

----------------------------------------------------------------------------------------------

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, this document should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

Windows XP Service Pack 3 FAQ

2008-07-01T10:51:00.000-07:00

It's time to say goodbye to an old friend. Windows XP Service Pack 3 (SP3), due in the second quarter of 2008, will be the final XP service pack , according to Microsoft. It can't come a moment too soon: XP SP2 (see my review) shipped over three years ago at this writing, and the company has since shipped hundreds of hot-fixes for the OS, giving users a painful updating experience, with multiple reboots. XP SP3 will consolidate all of these fixes into a single package and, surprisingly, add a few new features, including some that--go figure--debuted first in XP's successor, Windows Vista. Here's what I know about Windows XP Service Pack 3.

Q: What is Service Pack 3?
A: Windows XP Service Pack 3 (SP3) is the final Windows XP service pack, a collection of previously-released fixes and product enhancements, as well as a few new features that are unique to this release.
Q: Does SP3 include everything from SP1 and SP2 or do I need to install those first?
A: Though XP SP3 aggregates all of the previously-released XP fixes, Microsoft now says that you will need to install at least SP1 on XP before installing SP3. The company recommends installing SP2 first as well, though that is not required.
Q: What versions of Windows XP will work with SP3?
A: You can apply Service Pack 3 to Windows XP Home Edition, Professional Edition, Tablet PC Edition (any version), or Media Center Edition (any version).
Q: What about Windows XP Professional x64 Edition?
A: SP3 does not apply to the x64 version of Windows XP. Instead, that operating system is updated via service packs aimed at Windows Server 2003. The latest Windows 2003 service pack is SP2.
Q: Windows XP SP2 was released over three years ago. Why the delay on SP3?
A: While Microsoft is an enormous company with over 77,000 employees worldwide and over $50 billion in annual revenues, its organizational structure actually constrains which products are actively developed in some cases. For example, while a large team of developers, product managers, and program managers are involved during the ramp-up to any major OS release, Microsoft then pushes the product into its support organization for follow-up development in the form of hot-fixes, service packs, and so on. Other teams work on out-of-band updates that are typically shipped via the Web and, eventually, a new or existing team is constituted to work on the next major release and the entire process begins anew.
With Windows XP, however, Microsoft was forced to temporarily halt development on XP's successor, Windows Vista, in order to complete XP SP2. That's because this release, though provided to customers for free as a typical service pack, was in fact a major OS upgrade and was developed outside of the company's support structure, a first for any service pack release. After XP SP2 was completed, the people involved with that project moved onto other things, typically Vista or Windows Server 2008.
In the case of Windows XP SP3, Microsoft simply dedicated every available employee it could to completing Windows Vista, which by that time was years behind schedule. So it's only been since the beginning of this year that anyone turned their attention back to XP's next and neglected service pack.
Q: What are these new features I keep hearing about?
A: Windows XP Service Pack 3 will not include any major new features, but it will include four minor new features that improve the system's reliability and security. Contrary to reports, Microsoft has been very up-front about these functional additions for quite some time now.
These new features include:
Network Access Protection compatibility. Announced years ago, this feature allows Windows XP machines to interact with the NAP feature in Windows Server 2008. This functionality is built into the RTM version of Windows Vista as well.
Product Key-less install option. As with Windows Vista, new XP with SP3 installs can proceed without entering a product key during Setup.
Kernel Mode Cryptographics Module. A new kernel module that "encapsulates several different cryptographic algorithms," according to Microsoft.
"Black hole" router detection algorithm. XP gains the ability to ignore network routers that incorrectly drop certain kinds of network packets. This, too, is a feature of Windows Vista.
And that's about it. Nothing dramatic, as promised.
Q: That's it? Is there anything else?
Nothing major. Some features have actually been removed, like the taskbar-based Address Bar option.
Q: Why is Microsoft even bothering to release this update? Isn't everyone moving to Windows Vista?
A: Given the relative security, stability, and reliability of XP with SP2, and the subsequent release of Vista, XP SP3 may seem like a pointless update, but nothing could be further from the truth. Many businesses will roll out new XP-based PCs in the coming years, and as anyone who's had to update an XP SP2 system can tell you, the 100+ updates that Microsoft has shipped since SP2 can be a nightmare to deploy. If you're already running XP and have been regularly updating your systems all along, the release of XP SP3 will be a minor event. But if you have planned XP deployments in the future, look very carefully at this release and consider it the baseline for your next generation of PCs. Or, you could always consider Vista, which will of course be updated with genuine new features far longer than will XP.
Q: When will Microsoft ship XP SP3?
A: Microsoft finalized Windows XP Service Pack 3 on April 21, 2008 and released it publicly to the Web on April 29, 2008.
Here's the complete Windows XP SP3 release schedule:
RTM (release to manufacturing): April 21 Windows Update (optional update): April 29 Microsoft Download Center: April 29 MSDN/TechNet download: May 2
Q: Is it possible to slipstream or integrate SP3 with Windows XP?
A: Yes! My complete Windows XP Service Pack 3 Slipstreaming Guide is now available.

AirPort Utility and Firmware updated

2008-07-01T10:46:00.000-07:00

In addition to releasing Mac OS X 10.5.4, Apple updated its AirPort Utility software and Firmware for the AirPort wireless base stations.
AirPort Utility 5.3.2 includes “general fixes and compatibility updates,” according to notes provided with the update. The Firmware is compatible with Time Capsule, AirPort Extreme and AirPort Express with 802.11n.
Firmware 7.3.2 includes “bug fixes” according to Apple.
There are three updates available – one for Leopard, another for Tiger and a third for Windows.

Sorting through the Mac OS X 10.5.3 update

2008-07-01T10:44:00.000-07:00

Editor’s Note: Due to an error, the original article analyzed the wrong bom file. The original article below has been corrected to reflect the correct file, and an explanation for the mistake can be found elsewhere on the site.

Eight months into the Leopard era, Apple unleashed the third update to Leopard, with Wednesday’s release of OS X 10.5.3. By way of comparison, the 10.3.3 and 10.4.3 updates both came within five months of the release dates for Panther and Tiger, respectively.
As with most of Apple’s recent OS X updates, the 10.5.3 version just screams for a broadband connection, weighing in at more than 400MB, depending on which Mac you have and which version your machine deems you to require. So what do you get in exchange for your download time investment? Apple details many—but not all—of the changes in this Knowledge Base document. I won’t bother repeating everything listed there, but here are a few of the more important highlights:
Spotlight searching on mounted AFP volumes has been improved.
Wireless connectivity has been improved, both for AirPort in general and when using Time Capsule.
A number of Automator bugs have been fixed, which is great news for many people, myself included. One in particular—a bug wherein a Finder plug-in wouldn’t work if the first step was “Get Selected Finder Items”—had affected a number of plug-ins that I use regularly. These now all work in 10.5.3.
Some bugs with Spaces have been fixed, including one where switching to another application via the Dock takes you to another Space, even if that program had an active window in the current space.
A number of Time Machine bugs have been fixed, and Time Machine backups can now be run when your Mac is running on its battery. Previously, you had to connect to a power supply before Time Machine would run.
There are fixes in other programs as well, covering programs such as iCal, iChat, Parental Controls, Voice Over, and the Finder, all of which are detailed in the linked Knowledge Base document.
But what else has changed in OS X 10.5 that Apple hasn’t told us about? I’ve been digging through the new release, looking for any areas that have received updates beyond what’s been disclosed. The only substantive visible change I found is in iCal, where there’s a new setting in the General section of the calendar app’s preferences for controlling how scrolling works in Week View mode. You can now choose between scrolling by weeks (the way OS X 10.5.2 worked) or by days.
It would’ve been nice if Apple gave us a hidden key override to toggle the settings in real time while scrolling (i.e. holding Option would scroll by weeks if you had the pref set to days), but if the update offers that, I can’t find it.
Beyond that visible change, there are many behind-the-scenes changes in 10.5.3, including both major and minor alterations. Here’s what I’ve discovered—and this is by no means a comprehensive list, so feel free to add your own observations as you use this latest update.
Something that’s not mentioned at all in Apple’s note, but is clearly quite important, are the revised graphics drivers for ATI and Nvidia graphics cards. The 10.5.3 update supposedly delivers improved graphics performance—something that was hinted at in this week’s news on Delicious Library 2.0, which shipped with a warning that those not running 10.5.3 will experience graphics slowdowns. Digging through the installer file, I can see that there are updated extensions for a large number of ATI and Nvidia cards (including on-board video in the mini and MacBooks) in the 10.5.3 update.
Other system extensions have also received updates—everything from AirPort to the keyboard backlight to fan management to power management to RAID to storage management. The Multitouch gesture capabilities get an update, as do USB, FireWire, and Bluetooth.
There are a ton of modified files in the CoreServices folder, where many critical features of OS X reside. Changes here include the Dock, the Finder, file synchronization, the installer, various menu extras, and the process that manages Time Machine, among others.
A number of Dashboard Widgets have been updated—the iCal widget, Unit Converter, and Weather. The Web Clip widget received updates to its non-English language files.
iSync received an update.
A number of other applications received updates of some kind, but the changes were either minor (noted in parentheses below), or I can’t find any detail on what’s changed. Items on this list include Dictionary (something to do with Wikipedia support), Exposè, Photo Booth, Preview, Safari (some language changes on preference panels; help files), Bluetooth File Exchange, Directory, Disk Utility (changes in many plug-ins, including those that handle disk first aid, info windows, partitioning, and RAID), Migration Assistant (lots of changes and a new version number, 1.2.1), RAID Utility (changes in the main window and menu), Remote Install OS X, and X11.
Whew. That’s a heck of a lot of stuff to update, and it’s nowhere near complete—these are only the things that seemed worthy of highlighting, out of more than 21,000 changed files in this update.
As an aside, if you’re curious as to how you can see what’s been installed by the 10.5.3 update yourself, the key is reading the “bom” file that’s created when you run the installer. You’ll have to use Terminal to read the file, but here’s how you can dump its contents to a text file in one command. Open Terminal and type the following, then press Return:lsbom /Library/Receipts/boms/com.apple.pkg.update.os.10.5.3.bom > ~/Desktop/1053changes.txt
You can then open the 1053changes.txt file (which will be on your Desktop) in any text editor, and see each and every file that was modified by the installer. Keep in mind that just because a given file was changed, that doesn’t mean you’ll see new features in that program—the changes could have been behind-the-scene bug fixes, or minor changes in language that only appear on certain screens. Still, scanning this file gives you a good sense of the breadth of this update.
In my limited time with 10.5.3, I haven’t found any new bugs that this update has introduced. That doesn’t mean Apple has fixed all the bugs in Leopard, of course—I’m still waiting for the ability to view more than three columns in Spotlight’s search results, as but one example. But Apple’s focus on continual improvements in OS X 10.5 is good news for all of us consumers.

Inside the OS X 10.5.4 update

2008-07-01T10:42:00.000-07:00

The most significant thing about what’s changed in OS X 10.5.4 may be what hasn’t changed with Monday’s release of the OS X update. The ARDAgent security hole—discovered just a few weeks ago—remains unplugged. This actually isn’t all that surprising—if the chatter around the Internet is to be believed, Apple has been working on the 10.5.4 update for quite a while, predating the discovery of the ARDAgent issue. System updates are complex things with many inter-related parts, and adding in a fix for the ARDAgent issue would have required more testing, and perhaps delayed the release of 10.5.4.
So what will happen with the ARDAGent hole? Only Apple knows, of course, but I think we’ll see a standalone security update released in the near future to address that issue (as well as any other security issues that haven’t been patched with the 10.5.4 release).
As for new things introduced in OS X 10.5.4, I dug around a bit in the bom files, as I did with May’s 10.5.3 release. This latest update is much smaller than 10.5.3, and I didn’t find anything nearly as interesting as I did last month, other than the non-fix for ARDAgent. There are a slew of extension updates, though it’s tough to figure out exactly what changes those may entail.
There were a number of updates to PDF-related utilities, including the Mail PDF, Save as PDF-X, and Save PDF to Web Receipts Folder workflows, as well as changes to many PDF-related Automator actions. Non-English language files in many programs were updated, and there was some sort of change to Mail’s preferences, though I couldn’t see any obvious change when compared with Mail on a 10.5.3 machine. iChat received updates to the balloons, boxes, and compact styles, as well as some (also not obvious) changes in its preferences.
The Apple-provided dictionary in Dictionary was also updated, adding (at a minimum) the definition of MobileMe, Apple’s soon-to-launch online service:
An Internet service from Apple Inc. for Macintosh computers, iPhone, iPod touch, and PCs. A MobileMe subscription provides push email, push contacts, and push calendar to keep your data automatically up-to-date on all your devices.
Given the size of the updated file, I expect there are more new definitions, but MobileMe was the only one I could think to check.
There are also changes on the Unix side of OS X. Some Perl and Ruby related bits were updated, as were snmp-related Unix programs, and various other Unix components, such as the pasteboard server.
I’ve been running 10.5.4 on two machines now for a few hours, and haven’t experienced any issues—though as with any update, I strongly recommend having a current backup before proceeding.

Setting up file Sharing on APPLE PC's

2008-07-01T10:40:00.000-07:00

In order to use a synchronization utility to sync two Macs, one computer must be able to access the other's hard drive.
On a Local Network The easiest way to set up file sharing is with OS X's built-in file-sharing feature. To turn it on, open the Sharing preference pane and select the File Sharing option (see "Sharing Preference Pane"). Click on the plus-sign (+) button under Shared Folders, and select a folder or volume to share; note that you'll be able to synchronize only items within this folder or volume, so you'll likely want to choose your user folder. Your name should appear in the Users list with read and write access, so you can use your own user name and password to log in to this computer from another Mac. To enable another user to connect with a password different from yours, click on the plus-sign button under Users, select an existing name or click on New Person, and enter a user name and password.
Now, on another Leopard-running Mac, look in the sidebar of any Finder window; the computer you just activated file sharing on should appear under Shared. Select that computer's icon, click on Connect As, and enter the user name and password you set up for that computer. Once you're connected, double-click on the name of the shared folder or volume to mount it-the other computer's files should now be visible to any synchronization utility.
By adding your user folder (or another folder) to the Sharing pane, you can make it available to other Macs on your network.
Over the Internet-Back to My Mac Accessing another Mac is trickier when the two computers are not on the same local network. If you're a .Mac member running Leopard and you've activated Back to My Mac (via the the .Mac preference pane's Back To My Mac tab) on each computer, you should be able to see your other computers even when you're on different networks (say, one computer at home and the other at work), though you may have to configure your router or firewall to enable outside access. (Apple provides detailed usage and troubleshooting information; check it out if the feature doesn't work as expected).
Over the Internet-Other Options If you're not a .Mac member or you're not running Leopard, accessing a Mac remotely requires more effort. One approach is to use a VPN (virtual private network). For example, if you have file sharing turned on at work and you connect to your corporate network from home via a VPN, your work Mac's volume should be accessible as with a local Mac.
Going in the other direction (accessing your home computer from work) without a VPN requires that you know your home Mac's public IP address. (To find this out, open a Web browser on your home Mac and go to whatismyip.com. If you don't have a static IP address, try a Dynamic DNS service such as DynDNS (basic service is free) to assign a domain name to your home Mac; then the included software informs the company's name servers whenever your Mac's IP address changes, so you can always connect using the domain name regardless of the current IP address.
In addition to knowing your home Mac's IP address or domain name, you may need to set up your router to use port forwarding, in which all requests from outside your home network directed to a particular port (such as 548, the one used by AFP for file sharing) go to a specific computer on your network. You can learn more about setting up port forwarding at PortForward.com.
Once you have port forwarding configured at home, go to your work Mac and choose Go: Connect To Server in the Finder. In the Server Address field, enter afp:// followed by your home computer's IP address or domain name, and click on Connect. If everything goes well, your home Mac's drive will mount in the Finder.
If All Else Fails If you lack the geek mojo to work through all those details but you still need to sync, say, a home computer and a work computer, consider a slightly lower-tech alternative: an external hard drive that you shuttle between locations. You can either use the drive to store all the files you need to access in both places, or synchronize your work Mac with the drive before and after switching locations.

Microsoft Extends Support for Windows XP To 13 Years

2008-06-25T06:25:00.000-07:00

With many business and individual PC users rejecting Windows Vista, Microsoft took an unprecedented step this week by promising support for Windows XP for a full 13 years. That is three years longer than it has allowed for previous Windows operating systems.

In a letter sent to customers this week, Bill Veghte, a Microsoft vice president, also seemed to confirm that Windows 7 will be released in 2010. That OS, Veghte wrote, will ship "approximately three years" after Vista became available in January 2007.

Avoiding Vista

Meantime, security patches and updates to Windows XP will be provided until April 2014, Veghte promised. In what could be considered an understatement, he wrote, "Our ongoing support for Windows XP is the result of our recognition that people keep their Windows-based PCs for many years."

Many large businesses have avoided upgrading to Windows Vista, which has been plagued with widely publicized problems, including incompatibilities with drivers for legacy hardware and applications. Upgrading to Vista could also be very expensive for enterprises that would need to upgrade older hardware. Many businesses and individuals have opted to buy Windows XP on new PCs.

While June 30 remains the cutoff date for selling Windows XP, retailers such as Dell are still selling preconfigured PCs with XP. And enterprises with volume licensing contracts will still be able to install XP even on new machines.

Downgrade Option

In addition, Microsoft has promoted a licensing loophole that allows new hardware buyers to purchase Windows Vista and then downgrade it to a previous version of Windows. Microsoft has cited such purchases as evidence of support for Vista, but many Web postings have disputed that.

"It's true that we will stop selling Windows XP as a retail packaged product and stop licensing it directly to major PC manufacturers," Veghte's letter says. "But customers who still need Windows XP will be able to get it."

Microsoft will also continue to sell a version of Windows XP to makers of low-cost computers through June 2010. Such machines as the Asus Eee PC are incapable of running Vista and the alternative would be for the makers to install open-source Linux as the operating system.

Symantec Admits Fault in Windows XP SP3 Registry Corruption

2008-05-30T00:02:00.000-07:00

You may recall my earlier story on registry corruption for certain users upgrading to Windows XP SP3. The cases of registry corruption seemed to have a common thread: Symantec security products. Originally Symantec blamed Microsoft, but in a post on a Symantec support forum, a senior manager with Symantec indicated the fault may indeed lie with Symantec's products.
Reese Anschultz said users of Norton Internet Security, Norton AntiVirus and Norton 360 should switch off the "SymProtect" feature before trying to install XP SP3.
After a lot of testing, we’ve reproduced a number of different cases where applying the XP SP3 upgrade adds additional registry keys within already existing Symantec registry keys. The Symantec keys affected vary from machine to machine and the effects of these added keys vary as well. We are still trying to understand why the upgrade is adding these keys. We have determined that the SymProtect feature is involved, though this issue is not exclusive to Symantec customers. We’ve seen reports from various users who are not running Symantec products.
To help prevent this issue from occurring, you should disable SymProtect prior to installing the Windows XP SP3 upgrade. This setting, in Norton Internet Security 2008 and Norton AntiVirus 2008, can be found within the Options page as “Turn on protection for Norton products.” In this case you should uncheck the box prior to the upgrade. After the upgrade is complete, please remember to re-enable this feature.
It should be noted, however, that this workaround only addresses issues with Symantec products. You may still run into similar problems with other products affected by this XP SP3 upgrade issue. For Norton SystemWorks 2008 you have to go to the Advanced Options UI that is under Settings. Next, click on "Norton SystemWorks Options" and select the General tab. Lastly, uncheck the box that says, "Turn on protection for my Symantec product”.
For Norton SystemWorks 2008 Premier you can use either the previous instructions or the Norton AntiVirus instructions.
For Norton 360, disable the "SymProtect Tamper Protection" quick control within the settings page.
For those who have already applied the upgrade and are running into problems, we’re working on a stand-alone tool that would delete the extraneous registry keys. We’ll post that on this forum as soon as it’s available.
No post of a tool yet. Additionally, a later post on the same thread seemed to indicate a similar issue with the installation of Vista SP1, although that same Symantec manager noted they hadn't noted such reports previously.
Last week, Symantec blamed a Microsoft file named fixccs.exe, part of the XP SP3 upgrade package, for the extra registry entries. Now, however, it seems that it was a combination of fixccs.exe and SymProtect which caused the issue. SymProtect is technology designed to protect Symantec security software from being hacked by malware.
"Fixccs.exe adds registry keys during the SP3 update process and then attempts to delete them," said a Symantec spokeswoman. "SymProtect prevents changes to the registry keys. Thus, it prevents the deletion of the keys added by fixccs.exe."
Makes sense, right? Of course, as noted in the forum post, Symantec continues to contend that the registry problems are not exclusive to Symantec products.

Source: By Tech Ex http://technologyexpert.blogspot.com/

Windows XP Service Pack 3 Issues

2008-05-30T00:00:00.000-07:00

The latest service pack for Windows XP continues to cause problems for users. According to an online user forum, the latest glitch in Windows XP Service Pack 3 (SP3) causes problems with the remote desktop access feature of Windows Home Server.
On the We Got Served U.K.-based Windows user forum, Windows XP users running Windows Home Server, Microsoft's home storage and local networking server, report that SP3 is cutting off their access to the server from their PCs. The remote desktop access feature would ask users to add their home server's Web site address in order to access it even after they already had, users reported.
According to a user on Microsoft's Windows Home Server forum, the problem arose because Windows XP SP3 by default disables Terminal Services Active X control as part of its security model. The user, ColinWH, posted a fix for the problem that outlines how to enable the Terminal Services ActiveX control in Internet Explorer.
The Windows Home Server problem is not the first that users -- or Microsoft -- have had with the latest XP service pack. Scheduled for release on April 29, Windows XP SP3 was held up for a week by Microsoft because of incompatibilities between the service pack and one of Microsoft's own applications, retail chain management software called Microsoft Dynamics RMS. The problem even affected the Windows Vista Service Pack 1 set of updates.
Then, after the service pack's release on May 6, users reported that XP SP3 put some AMD-based PCs into endless reboots. Eventually, the problem was identified as affecting certain Hewlett-Packard PCs, and Microsoft posted information for fixing it on the Web.
Microsoft could not be immediately reached for comment on Monday.

Windows XP Outlook Express Headaches: When I try to download mail, I sometimes get a server timeout message.

2008-05-16T23:06:00.000-07:00

Cause Outlook Express provides a timeout message

after a certain period of time when there is no activity with the mail server. If you are getting this message, you can increase the timeout value.
The Pain Killer To increase the timeout value, follow these steps:
In Outlook Express, click Tools Accounts.

1. Click the Mail tab. Select your account, and click the Properties button.
2. Click the Advanced tab, shown here. In the Server Timeouts section, increase the value by moving the slider bar to the right. Click OK when you are done.

How Do They Crack Your Password?

2008-05-16T23:04:00.000-07:00

Reader Rich Brozenec writes: I read your story about passwords. I have a question. Almost all my internet accounts (banks, Amazon, credit cards, etc.) have a limit on the number of password tries they allow [before timing out additional attempts]. Your story implies an infinite number of attempts using various combinations of letters and numbers, but is that really the case, or is there a way around these limits?
A little backstory on how passwords are cracked is in order. As some emailers and commenters have noted, "brute force" password cracking is probably not the most popular method by which passwords are broken. Social engineering, phishing, and other nefarious methods are actually much easier: All of these involve you willingly giving up your password to a malicious hacker through some form of misdirection and deceit. You may get a call from "your bank" with a problem on your account. Or you may get an email from "eBay" with a question about your listing... which takes you to a phony website.
The most secure password in the world won't protect you against hacking attempts like these. If you actually tell someone your password, you're out of luck.
The kind of password attacks I'm talking about when I write stories about password security and strength involve brute force attacks of various sorts. These attacks typically involve the theft of password records by various means. You read about them every day: Hackers compromise networks and abscond with user data. Or, more commonly, someone steals a laptop loaded with user records for some company or another. (User IDs are usually not encrypted and are linked directly to the hashed password.)
Most of the time, though, just having this user data doesn't mean your password is now in the hands of hackers (though if you read that a company you deal with has been victimized, you should always change your password as a matter of precaution). That's because most companies store passwords in encrypted formats called hashes. A hash is created by taking your password, applying a mathematical function to it, then storing the result of that function in the database instead of the actual password. When you log in to a website, the site runs that same math function against your password, then checks the database to see if the hashes match. If they do, you're in.
The reason hashes are secure is that they are not reversible. Say your password is daisy123; its hash may be 1b3c2c45d0a977b508f637097a94cbfb. (And in fact, it really is in one of the most common hash systems.) It's easy to go from daisy123 to the hash. Not so easy to go the other way. Thus, it's much safer to store the hash. Make sense so far?
So, what happens if a hacker knows the hash of your password? He tries out likely passwords to see if he can get a match. Again, it's easy to hash several hundred passwords per second, and eventually he'll get to daisy123, since it is, as noted in a prior article, a quite insecure password. But if your password is appropriately complex, he'll probably never be able to crack it: Having the hash will be as useless as having no information about your password.
There are copious other methods for cracking passwords (and there are even online databases of hashes that make looking up common passwords child's play), but this is the most common way, especially when cracking passwords in bulk (when you have thousands or millions of hashes to look through). It shakes out pretty much the same way every time: If a thief absconds with 100,000 user records, a relatively simple brute force attack against those hashes using common cracking software will probably net 20,000 passwords he can use.
In other words: Be safe out there.

Will update drive Vista use?

2007-08-30T07:50:00.000-07:00

The first Vista service pack may serve dual purposes for Microsoft: fixing the operating system's rough edges while simultaneously indicating that it's ready for mass adoption.
Microsoft initially downplayed the importance of service packs in an era where patches are easily available online. Also, the company urged businesses not to wait for a service pack to start testing and rolling out Vista.
Nonetheless, in announcing its plans to release Service Pack 1 early next year, Microsoft is noting that the milestone remains an important signal for some businesses that the operating system has reached a level of maturity.
Many analysts have consistently advised companies to hold off on Vista deployments until the first service pack's arrival.
"There's always a portion of the market that has that M.O. (modus operandi)," said Shanen Boettcher, a general manager in the Windows unit.
By talking about SP1, Microsoft hopes to sway some businesses that have yet to move forward in any fashion to start at least testing the OS.
"I would expect that we will see a little bit of an increase," Boettcher said.
Microsoft has said it expects businesses to move to Vista at twice the rate that they did with XP over its first 12 months. However, Al Gillen, an analyst at IDC, said that businesses seem to be moving at generally the same pace as with previous releases. "From what we can see, the adoption curve is running much like past releases," he said.
In part, that's because so much goes into upgrading the OS, Gillen said. Companies have to test it against their custom and packaged software, do security reviews, make sure they have enough machines capable of running the new operating system, and then budget for the hardware, software training and support costs.
"Customers drag their feet," Gillen said.
A few exceptionsWhile most businesses have yet to start deploying Vista in significant numbers, Microsoft is touting a few large companies that have started putting the operating system onto a sizable number of desktops. Infosys, for example, has 4,000 PCs running Vista now, with plans for 20,000 by year's end. Citigroup, Charter Communications and Continental Airlines all have more than 2,000 machines on Vista and plan to have 10,000 machines running the operating system by year's end.
"Yeah, there are some early adopters and Microsoft always parades them forward," Gillen said. "They are really the exception and not the norm."
Boettcher said that the adoption rate so far among businesses "is about how we expected it to be."
As for the company's goal of doubling adoption, he said, "It's still early to declare victory...All the signs are we are doing well versus our goal."
Gillen said that the timing of the service pack probably hasn't made a huge impact on when businesses move to Vista.
"If they had brought SP1 out in the first three to six months after the release, I don't think that would have dramatically changed the adoption," he said.
What's unclear is whether Service Pack 1 will help to dispel the notion that the operating system still has too many glitches and hitches to justify the effort of migration. Even some who were initially bullish on the OS, have lately criticized its trouble spots.
Microsoft says it now has better driver support and compatibility with existing software than it did at Vista's launch, which could help businesses justify making the move.
The company openly admits that the stars didn't align for a big-bang Vista launch--reminiscent of Windows 95's debut--that it clearly hoped for. "Frankly, the world wasn't 100 percent ready for Windows Vista," Corporate Vice President Mike Sievert said in an interview at Microsoft's recent partner conference in Denver. "That has changed in a very material way in the past six months."
Gillen said it was good to see Microsoft also commit to a timetable for Windows XP Service Pack 3, which is due out in the first half of next year. "It's a nice indication that they are not trying to subtly coerce customers to move forward onto Windows Vista."

Written by: By Ina Fried Staff Writer, CNET News.com -->
Published: August 30, 2007, 4:00 AM PDT

Vista opens new dawn for security

2007-07-31T09:56:00.000-07:00

Hi-tech criminals are looking forward to the consumer release of Windows Vista, say security experts.
Vista will be the big event in computer security in 2007, say experts and add that it will have a profound effect on both sides of the security world.
Many organised crime gangs are already tearing the new version of Windows apart looking for ways to exploit its weaknesses, say some.
Others are expecting to see Vista attacked soon after it debuts.
Fresh target
While Microsoft's business customers have been able to buy Vista since 30 November, consumers are being forced to wait until late January 2007 to get their hands on the next version of the Windows operating system.
Microsoft has said that the whole development process of the operating system has been run with better security in mind.
Within Vista are several technologies that could stop many people falling victim to the most common sorts of malicious attack, said Kevin Hogan, director of security operations at Symantec.
In particular, he said, the way Vista handles user accounts will limit the freedom malicious programs have to run and install themselves surreptitiously.
Increasingly, said Mr Hogan, hi-tech criminals were booby-trapping benign looking webpages with code that slips through vulnerabilities in the various versions of Windows. It should also help stop people being caught out by malicious attachments on e-mail messages.
"That'll deal with a lot of the current threats we are seeing," said Mr Hogan.
Mikko Hypponen, chief research officer at security firm F-Secure, said the warnings that these account controls display when malicious code tries to install itself will prove useful.
"It'll become much more obvious when they get infected," he said.
But, said Mr Hypponen, as well as stopping some of the threats hitting users, Vista is also likely to spur many hi-tech criminals to step up their research efforts and translate their old malicious wares to the new software.
"None of the existing bots, backdoors, trojans in general run on Vista," said Mr Hypponen.
Already security experts are seeing exploits for Vista vulnerabilities being sold on underground websites and proof-of-concept code appearing on discussion boards.
Gerhard Eschelbeck, chief technology officer at security firm Webroot, said he expected the hi-tech criminals to start exploiting the many ways that Vista tries to warn people about security threats.
He said it was only a matter of time before cyber criminals find a way to mimic the security warnings that Vista uses to try to trick people into installing a malicious program.
"They are thinking how to attack the user directly rather than try to penetrate the applications," he said.
Old iron
While Vista might help many users stay safer online, many criminals would be happy targeting the tens of millions of people who own older versions of Windows, said Mr Eschelbeck.
In 2007 he said he expected to see malicious code turning up on many different types of sites - many of which looked completely benign.
Those behind malicious programs were also more interested in having their creations hang around longer, said Mr Eschelbeck.
"The goal is to stay undetected for a long time," he said. "It's being driven by people looking for financial gain."
The diversity of the hi-tech underground was also shown by the new targets many were going after, said Paul Davie, chief executive of security firm Secerno.
He said many hi-tech criminals were now targeting web shops that use a database to handle orders in a bid to steal valuable information they can sell or use.
Many attackers, he said, were using sophisticated techniques to squeeze information out of databases.
"These attacks - examples of which include hackers exposing hundreds of thousands of credit card numbers worldwide - certainly will increase sharply in 2007," he said.
"The security sector is coming to terms with the fact that it is dealing with highly financially motivated, technologically advanced and professional database infiltrators," he said.

Written by Mark Ward Technology Correspondent, BBC News website

SF Municipal Wi-Fi Wait Grows

2007-07-31T09:52:00.000-07:00

The next crucial votes on San Francisco's municipal Wi-Fi proposal will be delayed until next month while chosen contractor EarthLink Inc. becomes increasingly skittish about building wireless networks for cities.
After a request by EarthLink, Board of Supervisors President Aaron Peskin plans to push back votes currently scheduled for this week until well into September. Peskin has proposed amendments to EarthLink's proposed contract with the city that could help move it through the board, which has final approval on the network plan and has been sharply divided.
Peskin said late Monday he plans to move a vote by the board's Budget and Finance Committee to Sept. 12. That committee vote, on whether to send the plan on to the full board, had been set for Wednesday after several earlier delays. Meanwhile, the full board had been set to vote Tuesday on whether the project should continue to be exempt from an environmental impact report. Its vote, also postponed several times, would be pushed back to Sept. 11.
San Francisco's municipal Wi-Fi project, originally proposed in 2004, is one of the most closely watched in the U.S. It would include a paid service provided by EarthLink and a slower, free service from Google Inc. The plan has run into a thicket of objections concerning privacy, health, quality of service, help for disadvantaged residents, the city's role, and the process of conceiving and approving the project. Plans elsewhere in the country, including in Philadelphia and Sacramento, California, also have run into problems and delays.
Meanwhile, EarthLink has scaled back its nationwide plans for municipal Wi-Fi networks as it grapples with the vagaries of this new type of business and with its own financial problems. Last week, EarthLink's recently appointed president and CEO, Rolla Huff, said the company's municipal network business as currently conceived can't make enough money. The business is now under review.
"Until we're confident that we can build new networks and get an acceptable return, we will delay any further new buildouts," Huff said on a conference call following EarthLink's second-quarter earnings report. The company lost US$16.3 million in the quarter, which ended June 30.
EarthLink now plans to ask cities that want municipal networks to sign up as anchor tenants, committing themselves to buying service for their own operations, Huff said.
San Francisco isn't ready to become such a tenant, according to Peskin, who said EarthLink raised the issue with him several weeks ago and he ran it by city IT officials. The government doesn't have enough Wi-Fi equipment to make use of the services it would be buying, he said.
"We still have people filling out paper in the police department," Peskin said. "Someday we'll get there, and the city could be a user, but it's not, at this point, the best use of our money."

Written by: Stephen Lawson, IDG News Service

Exploit code for two of Tuesday's patches have been posted to mailing lists by researchers.

2007-06-20T10:35:00.000-07:00

Exploits appeared within hours for two of the bugs that Microsoft Corp. fixed Tuesday.
Microsoft's June set of security updates patched 15 separate vulnerabilities, nine of them labeled "critical," the company's most serious threat rating. Exploit code for two of the bugs -- one in Internet Explorer (IE), the other in Windows XP, Windows 2000 and Windows Server 2003 -- have been posted to the Bugtraq and Full-disclosure mailing lists by researchers.
A. Micalizzi went public with a pair of exploits -- one successful against Windows 2000, the other against Windows XP -- that leverage one of the six IE bugs patched Tuesday. A bug -- actually two because both the ActiveListen and ActiveVoice ActiveX controls are flawed -- was tagged "critical" in IE6 on Windows 2000 and Windows XP SP2, and "critical" in IE7 on both XP SP2 and Windows Vista. ActiveListen and ActiveVoice provide speech processing and text-to-speech to the browser.
Microsoft's MS07-033 security update fixed the flaw.
The exploits, co-authored by Micalizzi and Will Dorman, a vulnerability researcher at the Carnegie Mellon Software Engineering Institute's CERT Coordination Center, produce buffer overflows on IE6 and would let attackers run additional malicious code. In other words, a malicious hacker can hijack a PC. "Under XP, with predefined settings, Internet Explorer immediately crashes without warning the user, and it's still possible [to run] arbitrary code," said Micalizzi in the Bugtraq writeup accompanying one of the two exploits.
On Wednesday, another researcher posted proof-of-concept exploit code on Full Disclosure for the critical SChannel (Security Channel) vulnerability patched in MS07-031. Thomas Lim, CEO of Singapore-based COSEINC, said his exploit "may lead to an unrecoverable heap corruption condition, causing the application to terminate," or in some cases, repeatedly crash an application to cause a system reboot. His exploit wasn't able to inject remote code, however.
That limitation jibes with what security professionals said Tuesday about the SChannel bug. Although Microsoft ranked it as "critical," which usually means that the bug allows for remote code execution, David Dewey, research manager at IBM's Internet Security Systems X-Force team, downplayed the threat. "It's not exploitable," said Dewey, although he acknowledged it would be relatively easy to crash an application. "A working remote code exploit would take a new discovery in how exploits are made," he argued.
As proof-of-concept exploits popped up, Symantec Corp. predicted that attackers would quickly incorporate them into their kits. "Expect to see exploits for this added to the currently available browser attack tool kits in the near future," Symantec said of the SChannel flaw.
Symantec currently has its ThreatCon security status indicator set at "Level 2: Elevated," which is normal for the day after Microsoft posts patches.

Google may find it hard to prove that Vista's desktop search violates Microsoft's antitrust agreement.

2007-06-20T10:32:00.000-07:00

Google Inc.'s claims that Microsoft Corp.'s built-in Vista desktop indexing and search tool violates its antitrust agreement could be difficult to prove even if the software does slow down the performance of Google's competitive Google Desktop offering.
As long as a user can run alternative software to Microsoft's Instant Search software, it's unlikely that U.S. federal antitrust officials would consider coming down on the software giant, analysts and users said.
Google's claims are far different than the ones posed by Netscape during the browser wars that led to the Department of Justice's antitrust suit in the 1990s, said Rob Helm, research director at Directions on Microsoft in Kirkland, Washington. "Microsoft beat Netscape in part by leveraging its relationship with PC manufacturers," he said. "This is a lot subtler."
Google seems to be alleging that "if two pieces of software don't play together, then it must be an anticompetitive tactic of Microsoft's," Helm said. "I don't recall any past antitrust cases asserting something so broad," he said.
The presence of Microsoft's Vista desktop search could be slowing down Google's product merely as an accident of product design, not because of any malicious intent by Microsoft, Helm said.
"Even if Microsoft's software was perfectly written, the way Google interacts with it might be bad, and either company might be at fault," he said. "They could have both done the right things in different ways that might conflict with each other."
According to a report in the Wall Street Journal Monday, Google sent a white paper to U.S. federal and state antitrust officials in April to try to convince them that Vista makes it difficult for consumers to use rival desktop search software.
In its white paper, Google claims that Vista's search boxes and bars -- available in several places in the OS, including the Start menu and in the Windows Explorer file manager -- work only with Microsoft's search and indexing tool. The company also said it is nearly impossible to turn off Vista's indexing, which means a competitor must add a second indexer that slows down a PC.
Google spokesman Ricardo Reyes confirmed the company's charge against Microsoft Monday.
Microsoft is disputing Google's charges and said that it has worked closely with federal officials to ensure its Vista OS, released to consumers in January, fosters rather than inhibits competition in the area of desktop search.
Users can disable Vista's desktop search service, but the company has not made it simple for them to do so, acknowledged Jack Evans, a Microsoft spokesman. He said this is because the company designed Vista's desktop search specifically "to not affect performance and back off any other programs running" -- including any third-party desktop search software -- in a way that should resolve any claims of anticompetitive behavior, Evans said.
Andrew Brust, chief, new technology of consulting firm Twentysix New York, said he used Google's desktop search when it first came out, but switched to Microsoft's product when it became available for Windows XP because he preferred it.
"Microsoft chose to integrate into Windows whereas Google decided to be browser-based," he said. "Plus, at least back then, Google installed their own local Web server as part of the product and I really didn't like all that baggage. Microsoft's was just more useful."
Brust, who has used Vista in beta form, said integrating desktop search into Vista is "common sense" and suggested that Google's complaints might be sour grapes over Microsoft's own antitrust charges against the search vendor when it unveiled plans to purchase online advertising and marketing powerhouse DoubleClick Inc.
Samir Bhavnani, research director for analyst firm Current Analysis West, said that Microsoft's integration of desktop search into Vista was a response to Apple Inc.'s inclusion of desktop search in their Mac OS, not a move against Google. He said it wouldn't be fair for Google to accuse Microsoft of being anticompetitive without leveling the same charge at Apple.
However, Helm contradicted this reasoning and said that Apple was not found in a U.S. court to have a monopoly on PC OSes, while Microsoft was in the DoJ case. "I don't have the impression that Google is worried about Apple," he said.

Written by: Elizabeth Montalbano, IDG News Service
Monday, June 11, 2007 4:00 PM PDT

Google complains about Microsoft's Vista

2007-06-12T07:08:00.000-07:00

Internet search leader Google Inc. is trying to convince federal and state authorities that Microsoft Corp.'s Vista operating system is stifling competition as the high-tech heavyweights wrestle for the allegiance of personal computer users.
In a 49-page document filed April 18 with the U.S. Justice Department and state attorneys general, Google alleged that the latest version of Microsoft's Windows operating system impairs the performance of "desktop search" programs that find data stored on a computer's hard drive.
The Vista operating system, which became widely available in January, includes a desktop search function that competes with a free program Google introduced in 2004. Several other companies also offer desktop search applications.
Besides bogging down competing programs, Google alleged Microsoft had made it too complicated to turn off the desktop search feature built into Vista.
With its allegations, Google hopes to show that Microsoft isn't complying with a 2002 settlement of an antitrust case that concluded the world's largest software maker had leveraged the Windows operating system to throttle competition.
The consent decree requires Redmond, Wash.-based Microsoft to ensure its rivals can build products that run smoothly on Windows — something that Google says isn't happening.
"The search boxes built throughout Vista are hard-wired to Microsoft's own desktop search product, with no way for users to choose an alternate provider," Google spokesman Ricardo Reyes said in a statement issued Monday.
In its own statement, Microsoft said it already has made more than a dozen changes to address regulators' concerns about Vista and pledged to address any other legitimate problems. "While we don't believe there are any compliance concerns with desktop search, we've also told officials we are committed to going the extra mile to resolve this issue," Microsoft spokesman Jack Evans said. Justice Department spokesman Eric Ablin declined to comment Monday, citing confidentiality concerns.
Although he wouldn't discuss Google's allegations, Connecticut Attorney General Richard Blumenthal confirmed that several states are taking a hard look at whether Vista is affecting the effectiveness of programs that aren't made by Microsoft.
"We really have reached a turning point in the process and expect to make a decision on how to proceed by the end of the week," Blumenthal said in a Monday interview.
Describing the Vista complaints as "troublesome," California Attorney General Jerry Brown said he has been in touch with the Justice Department, other state attorneys general and technology industry representatives in an effort to resolve the issue.
"Our goal is to provide consumers using the Vista operating system easier access to competing features," Brown said in a statement.
In a story Sunday, The New York Times reported that the state attorneys general are more inclined to press Microsoft to revamp Vista than the Justice Department.
A court hearing to review Microsoft's adherence with the consent decree is scheduled June 26.
Google's complaint is just latest example of its escalating battle with Microsoft — a duel that figures to shape the future direction of personal computing.
With its search engine already established as the Web's most popular gateway, Google has been offering an array of additional services that could become the building blocks for a Web-based computing platform that lessens the need for Microsoft's products.
Besides e-mail and instant messaging, Google also is distributing word processing and spreadsheet programs aimed at the Office suite of software that has long been one of Microsoft's biggest cash cows.
Google has been able to offer most of its services free because it makes so much money from the ads that it serves up alongside its search results and other content published by the thousands of Web sites that belong to Google's network.
Hoping to siphon away some of that revenue, Microsoft has invested heavily in its own search engine, which still ranks a distant third behind Google and Yahoo Inc. (Nasdaq:YHOO - news)
Microsoft engineered Vista so its desktop search and Internet search engine would operate independently in an effort to avoid legal problems, said Brad Smith, the company's general counsel.
"If we were creating a feature in Windows and somehow requiring people to jump from our feature to our Internet search, then I could at least understand an antitrust argument being raised," Smith said.
Google Chairman Eric Schmidt has been a longtime critic of Microsoft's business tactics. After raising antitrust concerns about Microsoft in his previous jobs at Sun Microsystems Inc. and Novell Inc., Schmidt again has been on the attack as he steers Google.
Last year, the Mountain View-based company reached out to the Justice Department to raise alarms about how the latest version of Microsoft's Web browser threatened to make it more difficult for computer users to install the toolbars of competing search engines. Although regulators decided not to intervene, Microsoft subsequently modified the way Explorer handled the selection of search toolbars.
Before putting its most recent misgivings on paper, Google began discussing the desktop search issue with authorities last year.
Those talks were apparently touched upon during a hearing in March when the Justice Department said it was investigating a claim that Microsoft had violated its antitrust settlement. Without identifying the complaining party, the Justice Department said the grievances were related to "middleware," or software that links different computer programs.
Google filed its written complaint just a few days after Microsoft publicly urged antitrust regulators to scrutinize Google's planned $3.1 billion acquisition of online ad service DoubleClick Inc. Microsoft contends the deal will give Google too much power over the rapidly growing online ad market. The Federal Trade Commission has opened a formal inquiry into the matter.
___
AP Business Writers Jessica Mintz in Seattle and Christopher S. Rugaber in Washington contributed to this report.

McAfee Study Finds 4 Percent of Search Results Malicious

2007-06-04T11:21:00.000-07:00

"The State of Search Engine Safety," a recent study by McAfee's SiteAdvisor group, has some classic good news and bad news for Internet surfers. Using several automated techniques, the SiteAdvisor study determined that 4 percent of the query results offered by the major search engines lead to potentially dangerous Web sites, and the total for sponsored links is nearly twice as high at 7 percent. The good news, however, is that the number of potentially dangerous search engine links has declined by roughly 20 percent from May 2006, when the SiteAdvisor group released its initial survey.
"We're encouraged to see some improvement in search engine safety this year. But with four out of five Web site visits starting with a search engine query, consumers are still exposed to hundreds of millions of risky searches per month," said Tim Dowling, vice president, Consumer Growth Initiatives, McAfee SiteAdvisor. "In fact, an active search engine user, one that performs more than 10 searches per day, is likely to visit a dangerous site at least once a day."
Internet analyst Greg Sterling of Sterling Market Intelligence said that the threat of hitting a risky site, particularly if it is a sponsored link, could become a problem for search engines. "It's definitely a potential concern," he said. "It's a question of how widespread the problem is in reality, and second, [whether it rises] to a level of publicity that makes it something that has to be addressed head-on."
Evaluating Search Engines
The "Search Engine Safety" study was compiled by testing the links offered by the Internet's five largest search engines: Google, Yahoo, MSN, AOL, and Ask. Using several sources, McAfee compiled a list of 2,300 search terms and ran them through the various search engines. The company then assessed the relative safety of the links produced on the first five results pages of each search engine.
For each site, McAfee ran several tests: signing up for newsletters to check for an increase in spam; inspecting available downloads for malware, including spyware, Trojan horses, and viruses; testing each linked site for possible security exploits; and testing outgoing links for similar problems. McAfee said in its report that it has examined over eight million sites for potential problems, a total that represents more than 90 percent of all Web traffic.
The study concluded that AOL currently offers the safest search results, with Google second. Yahoo, with more than 5 percent of its links rated "red" or "yellow," offered the highest number of potentially risky sites and also was the only search engine to show an increase in link risk since the SiteAdvisor group's last survey.
Surprising Results
One of the more surprising results in the survey was the fact that it can be more dangerous to search for online music than it is for sexually explicit materials. The SiteAdvisor team found that 19.1 percent of the searches in the category of "digital music" led to risky sites, compared to just 9.4 percent for adult search terms.
In fact, the category of "adult search terms" did not even make the top 10 most dangerous categories, unless one includes the No. 10 entry, "popular brunettes."
However, it is worth pointing out that, unlike many other categories, the risk of stumbling across a dangerous Web site while searching for adult content has increased over the past six months. The risk is growing particularly quickly in the category of sponsored links, where the percentage of dangerous sites rose from 13.3 percent to 22.9 percent.
The survey's authors took pains to point out that while some categories pose greater risk than adult searches, the risk of hitting a dangerous site while searching for nonadult content is roughly half what it is when searching for adult material.

Best Buy, 'Geek Squad' sued over videotaping

2007-05-14T17:10:00.000-07:00

A technician on a service call at a home is arrested after a woman is taped while in the shower.

By Ashley Surdin, Times Staff Writer

A woman and her mother sued Best Buy and its "Geek Squad" computer repair team Wednesday, claiming they were legally responsible for dispatching a technician who allegedly videotaped the daughter taking a shower.The suit, filed in Los Angeles County Superior Court on behalf of Sarah Vasquez, 22, and her mother, Natalie Fornaciari, 46, both from city of Industry, alleges that Geek Squad technician Hao Kuo Chi, 26, placed his cellphone in Vasquez's bathroom during a computer service call March 4 and recorded her showering.
Chi was arrested the same day on suspicion of using a camera to view a person without their consent and of annoying or molesting a child under 18, both misdemeanors, said Sheriff's Sgt. Bob Skudlarski.The family said that they relied on the national chain to screen and train agents before sending them into people's homes.They also relied on the Geek Squad's brochure, which promised to provide "agents you can trust.""Businesses need to do a better job of screening the employees whom they send to their customers' homes," said attorney Gloria Allred, who is representing the family.A Best Buy spokeswoman said she learned of the lawsuit shortly after it was filed Wednesday."Best Buy was not informed of this action prior to being contacted by the media today," the company said in a statement. "Obviously, we intend to cooperate fully with any investigation into this matter."According to the suit, Chi came to the family's home last month for a scheduled computer service appointment. After starting to work, he asked to use the bathroom and was shown to one shared by Vasquez and her 13-year-old sister, Kelly Rocha, the lawsuit said.Vasquez later showered in the same bathroom. When she stepped out of the stall, she noticed a cellphone propped up on her cluttered sink, the suit said. The phone was covered in a leather case; a small camera with a red, blinking light was sticking out, she said.Suspicious, Vasquez left the bathroom to tell her sister Kelly and when she returned, the phone was gone. Kelly then found the phone in her bedroom. Believing the phone was programmed to record her as well, she removed its memory chip and she and Vasquez took it to a Verizon store to see what was on it."You could see him on the video setting it up," Vasquez said. "I was shocked."The sisters called their stepfather, who reported Chi to police, and he was arrested at their house.The family is seeking compensatory and punitive damages for alleged fraud, negligent misrepresentation and hiring, invasion of privacy, intentional infliction of emotional distress and breach of warrant.

Written by: By Ashley Surdin, Times Staff Writer

YAHOO GOES UNLIMITED EMAIL STORAGE

2007-05-14T14:48:00.000-07:00

SAN FRANCISCO: Yahoo plans to offer unlimited e-mail storage to its roughly quarter of a billion users, starting in May.
The world's biggest e-mail service said Tuesday that it would scrap its free e-mail storage limit of one gigabyte, or about a billion bytes of data, responding to explosive growth in attachment sizes as people share ever more photos, music and videos via e-mail.
Microsoft has a two gigabyte free e-mail storage limit, while Google caps its Gmail service at 2.8 gigabytes.
"We are giving them no reason to ever have to delete old e-mails," David Filo, co-founder of Yahoo, said in a telephone interview. "You can keep stuff forever."
Officials said the decision to remove e-mail storage limits reflects the plunging cost of storage as new personal computers store up to a trillion bytes of data and owners of 80-gigabyte iPods can carry 100 hours of video in their pockets.

By contrast, when Yahoo first introduced its e-mail service a little under a decade ago, it capped individual storage at four megabytes per user. At that time, an "ultra high-density" floppy disk for personal computers then held 144 megabytes.
"People should think about e-mail as something where they are archiving their lives," said Filo, who remains active in managing technical operations at the Sunnyvale, California, company and carries the honorific title of Chief Yahoo.
Once it begins in May, the transition to unlimited storage should take a month, said John Kremer, vice president of Yahoo Mail.
"We have been closely monitoring average usage. We are comfortable that our users are far under one gig, on average," Kremer said. "What we see are an increasing number of rich media files as consumers send more photos."
One caveat Yahoo makes is that the offer is for personal use and subject to guidelines against abuse that apply to Yahoo Mail. No one can build a business giving away unlimited storage to other consumers using Yahoo Mail, executives said.
Two countries - China and Japan - are excluded. "We will continue working with these markets on their storage plans," Kremer said in a statement. Yahoo is a minority owner with partner Softbank in Yahoo Japan and a part owner with Alibaba of the Yahoo business in China.
Filo said Yahoo was looking at lifting caps on storage for other services such as its Flickr photo-sharing service. "We are looking at those on a case-by-case basis," he said.
It's a far cry from when giving away two megabytes of data was considered a big deal, said David Nakayama, Yahoo's group vice president of engineering and developer of RocketMail, which Yahoo acquired and relaunched as Yahoo Mail in 1997.
In a posting to Yahoo's corporate blog, he said that capacity when Yahoo Mail started was 200 gigabytes for all customers.
"I remember getting in a room to plan our RocketMail launch over a decade ago and worrying that our original plan of a two megabyte quota wasn't enough, and that we needed to be radical and DOUBLE the storage to four megabyte per account!" he wrote.

Outrage Continues Over Vista Upgrade Program

2007-05-10T17:13:00.000-07:00

Julie Marto of Medfield, Massachusetts, purchased a Dell Inspiron notebook running Windows XP last October. Through a program called Express Upgrade, she was promised a free copy of Windows Vista when the operating system became commercially available. It's been five months since Vista went on sale January 30. Marto is still waiting and steaming mad.
"I've done everything I can to get my Vista upgrade including e-mailing a request to Michael Dell himself," Marto says. She says she never received a reply from Michael Dell.
Marto isn't alone. Since PC World originally reported problems back in March with the Vista upgrade program, people have continued to send us e-mail and post complaints to our community forums citing paperwork nightmares, Vista upgrade disc no-shows, and long hold times when trying to contact vendors or third-party companies handling the upgrades.
One company handling the Vista Express Upgrades, ModusLink, acknowledges some problems persist, but maintains most customers have received their Vista upgrade discs by now. Dell complaints have been filtering into PC World, but can also be found by scanning the company's support forum.
In one Dell support forum a company representative offers an apology and the statement: "As of April 30, we have shipped approximately 80 percent of the upgrades. We expect the bulk of the remaining orders to ship by May 15, and all scheduled orders to be shipped should be completed by the end of May, barring any unforeseen additional delays."

Root of the Problem
Upgrade problems began when consumers purchased a new PC late last year. That's when computer makers enticed people to buy new systems preloaded with Windows XP prior to Vista's release by promising a free or reduced-cost Vista upgrade when the OS became commercially available.
When a PC was purchased, the new owner received a Microsoft Certificate of Authenticity number. The upgrade process was supposed to be simple: When Vista went on sale, all a customer had to do was visit a special upgrade Web site and enter their COA number to confirm their eligibility to receive a Vista upgrade disc in the mail. Finally, new owners were directed to mail or fax in their proof of purchase (Dell, however, waived this step).
"I was told it would be an easy process," says William Bond, of Tampa, Florida. But, he says, the process has been anything but simple. Bond purchased a Hewlett-Packard Pavilion desktop in November at Circuit City and is still waiting for his Vista upgrade disc from ModusLink, the company handling the program for HP.
Bond says he has been asked repeatedly for his proof of purchase. "I must [have] e-mailed, faxed, and mailed that proof of purchase five times by now," he says, but ModusLink still hasn't acknowledged receipt. "I'm exasperated," Bond says.
New Issues Delay Vista Upgrade Discs
ModusLink, which is processing Vista upgrade requests for people who bought Acer, Fujitsu, Gateway, HP, and Toshiba computers, says the company is very sensitive to the fact that customers are frustrated. "We are doing the best we can," says Christine Pothier, the company's marketing communications manager.
When PC World spoke to Pothier in early April she said the issues with handling extremely large volumes of Vista upgrade requests had been remedied by hiring extra staff. She now says that new issues are delaying shipment of some Vista upgrade discs.
Pothier says the remaining delays stem from customers whose Vista upgrade orders included a declined credit card (some PC makers made their customers pay the shipping cost of the Vista upgrade disc), address changes, and incomplete or erroneous shipment information. Dell echoed the same issues on its message boards.
Initially, problems delivering Vista upgrades in a timely manner, Pothier says, were because PC vendors were four to eight weeks late in sending ModusLink the Vista upgrade discs. "We are just the middlemen here," she says. "There was nothing we could do."

Vendors Tight-Lipped on Delays
HP declined to comment when asked about the delay, simply offering a statement that it had issued on February 9: "During the past few weeks HP has received e-mails and phone calls from many customers concerning the ordering process for the Express Upgrade kit for Windows Vista. We are aware of these problems and are working on an aggressive schedule with the fulfillment vendor and the software product supplier to resolve these issues."
Richard Black, director of marketing for Acer, says most of the company's shipping delays have been resolved. "There were some missteps on our side and on Microsoft's and ModusLink's," Black says. "These are the kinds of problems you do your best to resolve when you have to sort through hundreds of thousands of orders in a matter of months," he says.
Says ModusLink's Pothier: "Is it possible customers have had to resend things and are still not happy? Yes, and I apologize for that." She says ModusLink is doing the best it can to resolve issues with the "few remaining" people who haven't received their Vista upgrade yet.

What Now?
Keep an eye on PC World s Windows Vista & XP coverage to see how the upgrade rollout progresses. If you're one of the unlucky PC owners still pulling your hair out waiting for a Vista disc, we want to hear about it.

Written by: Tom Spring, PC World
Thursday, May 10, 2007 7:00 AM PDT

At NASA, Windows Vista Isn't Ready For Launch

2007-04-24T22:29:00.000-07:00

Space agency among the growing list of federal agencies that have put a temporary hold on Windows Vista rollouts.

The National Aeronautics and Space Administration is the latest federal agency to put a hold on PC upgrades to Windows Vista. NASA has decided against deploying Microsoft's five-month-old temporary bans on Vista.
NASA has set January 2008 as a "target" for beginning the transition from Windows XP to Vista, according to a spokesman for the federal agency, which has approximately 60,000 Windows PCs.
NASA typically waits until a service pack is released for any new operating system to ensure stability, the spokesman says. (Microsoft has not indicated if or when it will release a service pack for Vista.) The interim will also be used to ensure that NASA's applications are compatible with Vista and that its PCs meet the hardware requirements needed to run the operating system.
In a meeting with IT professionals and user-group representatives last week on Microsoft's campus, CEO Steve Ballmer rejected an assertion by a NASA computer scientist that Vista has been banned by most sectors of the federal government.
"Vista has been anything but banned from most parts of the U.S. federal government," Ballmer said, adding that he anticipated near-term adoption in "a number" of government accounts. He stopped short, however, of naming any government agencies that are in the process of deploying Vista or about to do so.

Written by John Foley

Mac vulnerability may also affect Windows

2007-04-24T22:17:00.000-07:00

It turns out that the vulnerability isn't in Apple's Safari web browser after all, but in the interaction between QuickTime and Java.That's not an academic issue, as it means that using an alternative browser such as Firefox gives no protection against the exploit. While we are waiting for a fix from Apple, disabling Java in whichever browser you favour seems to be a reasonable precaution. If you need to use a web site that requires Java, decide whether you trust the site before turning it back on, and don't forget to disable it again when you've finished.The other point is that QuickTime is also installed on a lot of Windows PCs. So it seems likely that the bad quys are trying very hard to replicate Dino Dai Zovi's work, and they'll now be looking very closely at QuickTime and Java, especially on Windows.One potential problem is that QuickTime and Java could be working as intended, but Dai Zovi has found a way of using a facility in a way that the designers didn't envisage. Such vulnerabilities can be difficult to patch without breaking legitimate software.Dai Zovi's exploit is an attractive one, as no user interaction is required beyond opening a malicious web page (much like the recent ANI flaw that led Microsoft to release an early patch). Although people are more cautious about clicking on links in emails, it would be easy to plant the URL in blog comments and other places on the web.People who complain that the CanSecWest competition rules were relaxed when participants were unable to gain access without user activity are missing the point. Sure, the fact that Mac OS X withstood network-based probing is a good thing, but following hyperlinks is an everyday action and people simply don't critically evaluate every link before they click.In my book, any vulnerability that can be invisibly exploited via a web page calls for prompt attention. Users shouldn't have to wait for 'in the wild' exploits before the risk is taken seriously by the vendor.

Article Written by: Stephen Withers

Microsoft Lawyer Rebuts 'Vista Ready' Gripes

2007-04-16T15:29:00.000-07:00

'Vista capable' information was not misleading, despite recent consumer complaints, top attorney says.

Written by: Martyn Williams, IDG News Service
Thursday, April 12, 2007 07:00 AM PDT

Microsoft's top lawyer said today that he is happy with the information the company provided about its Vista operating system, and its compatibility with existing PCs, ahead of the software's launch in January.
Last week, a class-action lawsuit was brought against the software maker claiming it unfairly labeled some PCs "Windows Vista Capable" when they could only run the most basic version of the operating system and not support more advanced versions that offer some of the most heavily-promoted features such as media center and advanced graphics.
"I actually don't think there have been a lot of problems that consumers have encountered although I think there are a few lawyers and law firms that have pursued an action that are presenting such a picture," said Brad Smith, a senior vice president at Microsoft and the company's general counsel, during a news conference at the Foreign Correspondents' Club of Japan in Tokyo.
"I actually feel good about the information that we provided," he said.
Systems, Software Vary
The lawsuit, which was filed in the U.S. District Court for the Western District of Washington, alleges that "a large number" of PCs that sported "Vista Capable" labels were only capable of running the Home Basic version of Vista.
Smith disputed that claim.
"Most of the PCs are able to run the kinds of versions like our home premium version that have virtually all of the bells and whistles," he said. "Even the machines that are not able to run something like Home Premium are able to run a version that provides many if not most of the major advances that are important to consumers."
There is fairly wide gap between PCs that are "Vista Capable" versus those that are "Premium Ready," according to information on Microsoft's Web site.
"Vista Capable" requires a PC with a processor running at a clock speed of 800MHz or faster, 512MB of memory, and a DirectX 9-capable graphics processor. But "Premium Ready" calls for at least a 32-bit or 64-bit processor running at 1GHz, 1GB of memory, DirectX 9 graphics with a WDDM (Windows display driver model) driver, 128MB of graphics memory, and other requirements like a 40GB hard drive, DVD-ROM drive and Internet access.
The lawsuit seeks class action status and says the size of the class likely exceeds 10,000 people

Wireless Spectrum Gets Crowded

2007-04-16T15:26:00.000-07:00

The use of multiple radios, or wireless transmitters, will push the adoption of mobile technologies, but will require industry coordination and careful construction, an Intel executive said Monday in Beijing.
"Radios are everywhere and yet we do very little with them," said Kevin Kahn, Intel senior fellow and director of its Communications Technology Lab, in a speech at the Intel Developer Forum (IDF). "If anyone other than the geeks among us are going to use this stuff, then it means that we need ease of use."
By 2009, each mobile platform will handle six or more radios for applications such as Wi-Fi, WiMax, 3G cellular, UWB (Ultra Wide Band), Bluetooth, digital TV and GPS (Global Positioning System).
Kahn said that the biggest problem is interference between the different radios, which exist on chips that are measured in square millimeters and sometimes use adjacent spectrum.
"Simultaneous operations are a fairly widespread problem," he said.
For example, this kind of spectrum conflict led to the Bluetooth standard being adjusted so that it Bluetooth could coexist with Wi-Fi, he said. Cooperation between different technology standards in different spectrums would be critical to their development. "We're going to have to work across the industry to put the hooks in to coordinate and provide this kind of advanced performance."
Kahn believes the solution lies in creating parallel modules for each radio standard, such as Wi-Fi and WiMax.
On the device level, the problem is solved by timing the use of the radios "so that they are never physically doing operations at the same time, even though the user never notices."
Looking to the future, Kahn said "Sixty GHz is the next chunk of unlicensed spectrum," and predicted that it would come into wide use by 2011 or 2012. He described it as likely being used for a "next generation personal area network (PAN)."
It is a "very large piece of spectrum," but "the difficult part is that 60GHz is very high frequency. Not surprisingly, building radio to run up there is more difficult. Doing that cost effectively will take a little while," Kahn said.
"Because it is so high, it tends to be very directional. We deal mostly with omnidirectional radio systems. When you get to very high frequencies, the signals in order to get good performance typically become much more directional, and we may have to use antenna steering techniques."

IRS Warns of Tax Phishing Scheme

2007-04-16T15:22:00.000-07:00

The U.S. Internal Revenue Service is warning taxpayers to be wary of e-mail messages that provide links to supposedly free tax-filing services endorsed by the agency.
The warning comes just before the IRS income tax filing deadline Tuesday. The IRS warned taxpayers of e-mails sent by Web sites "masquerading" as members of the Free File Alliance, a program allowing some taxpayers to file online for free. The only place to access the Free File program is on the IRS.gov site, the IRS said in a statement.
The IRS is investigating allegations that some Web sites claiming to be Free File partners are taking taxpayers' personal information, then depositing the returns into different bank accounts, the IRS said in a news release. The scam is a form of a phishing scam, in which fake e-mails purporting to be from banks or online retailers ask recipients for account numbers and other personal information.
After taxpayers complete their forms, the fake Free Filing site changes the bank account number that the tax refund goes to, said Paul Henry, vice president of technology at Secure Computing Corp., a cybersecurity products vendor.
"They're literally hijacking your tax return," Henry said.
In another scam, Henry got an e-mail recently saying he could speed up his tax return by depositing it into his credit card account. The e-mail asked for his credit card number and his personal identification number.
Henry expects tax scams will be prominent this week, as more people look to file taxes online than ever before. Then, after the tax filing deadline passes, he predicted there will be phishing e-mails claiming to be from the IRS, saying the recipient's filing had an error or the recipient is owed more of a refund than was claimed.
"That typically runs all the way through June," Henry said. "It's a long tax phishing season again this year."
In addition, scammers could take advantage of Microsoft DNS (Domain Name System) server vulnerability, announced last week, to redirect Web browsers from legitimate sites to phishing or other scam sites, Henry said. Taxpayers and other people doing business online should be especially careful that they're going to legitimate sites, he said.
Last week, the Computer & Communications Industry Association warned taxpayers of Web sites with IRS in the domain name that aren't affiliated with the U.S. government. Some commercial sites may be charging taxpayers for services they can get free at IRS.gov, the trade group said.
Henry gave this advice to taxpayers:
-- The IRS typically does not communicate by e-mail. If you have questions about an e-mail you received, don't click on the link or paste the link in a browser. Instead, call the IRS. "The IRS does not have every citizens' e-mail address," he said. "The IRS typically works only through mail."
-- Don't visit tax advice sites not associated with the IRS. Some sites say they offer free advice or free filing services, then charge customers.
-- Make sure computer security software is up to date.
The IRS noted that Free File is available for taxpayers with an adjusted gross income of US$52,000 or less. Ninety-five million of the 136 million U.S. taxpayers qualify for Free File.

Microsoft takes a 'Patch Tuesday' break

2007-03-08T21:16:00.000-08:00

Microsoft has no new security updates planned for Tuesday, despite at least five zero-day vulnerabilities that are waiting to be fixed.
In a note on its Web site Thursday, Microsoft said it won't release any security bulletins, yet it will release several updates that are not related to security. The second Tuesday of the month is Microsoft's scheduled patch release day.
Also on Tuesday, Microsoft will go ahead with an updated release of its Windows Malicious Software Removal Tool. The program detects and removes common malicious code placed on computers and is pushed out monthly.
The patch break could be a welcome respite for IT managers still busy testing the dozen fixes Microsoft released last month. Also, many IT pros may be occupied with the switch to daylight saving time, which at the behest of Congress, is happening three weeks earlier this year. Many computer systems don't have that change programmed in and require patching.
Microsoft occasionally has months when it has not released security updates. The last time Microsoft did not offer security updates as part of its monthly update cycle was September 2005, the company said.
"Microsoft continues to investigate potential and existing vulnerabilities in an effort to help protect our customers," a company representative said on Thursday. "Creating security updates that effectively and comprehensively fix vulnerabilities is an extensive process involving a series of sequential steps."
Still, the lack of security updates also means that cybercrooks have more time to exploit known security vulnerabilities. There are five known zero-day holes in Microsoft products, according to eEye Digital Security. Microsoft has warned that a bug in Word is being exploited in attacks. The company has said it is working on a fix.

Written By Joris Evers Staff Writer, CNET News.com -->
Published: March 8, 2007, 11:51 AM PST

Daylight saving change proves thorny for businesses

2007-03-08T21:12:00.000-08:00

With the early move to daylight saving time taking place this weekend, businesses not yet ready for the change are finding themselves in a race against the clock.
With many large companies still struggling to patch their computer systems, a backlog has emerged for customers trying to get help. In some cases, IT workers have been waiting three or four hours to get telephone support from Microsoft, whose Exchange Server serves as the official calendar for many of the world's largest businesses.
Aiming to shorten that wait, Microsoft has boosted the number of people addressing the time change issue. Earlier Thursday, the company opened up a "situation room" devoted to monitoring customer issues and providing support to the software maker's largest customers. The main situation room will be in Redmond, Wash., with centers in Texas, North Carolina and India overseeing things in the off-hours. Microsoft has also added more than 200 workers versed in Exchange and Outlook to its phone lines.
"The teams are working hard," said Rich Kaplan, the Microsoft vice president in charge of handling issues related to the early arrival of daylight saving time. "Everyone is going to be here through the weekend."
Thanks to a federal law aimed at reducing energy costs, daylight saving time starts three weeks earlier and runs one week later in the fall. However, without an update, many computers and digital gadgets can't automatically adjust to the new time, potentially wreaking havoc on corporate scheduling for the next three weeks.
The issue harks back to Y2K, when there were years of fretting over the fact that many computer programs were designed to enter years in only two digits, meaning that the 2000 might be mistaken for 1900. In the end, years of planning meant that there were no major crises and far fewer headaches than had been predicted.
With the daylight saving issue, the potential impact is seen as less, but there has also been far less preparation than there was for Y2K.
"The Y2K thing had tons of press," said Kaplan, who also managed Microsoft's efforts on that changeover. "Even if you didn't read the paper or go online or watch the news, you knew about Y2K because people talked about it."
And though the law mandating the change was signed in mid-2005, many of the necessary patches have been available only in recent weeks or months. With Windows, Microsoft was ready with patches last year, but waited until November, after the fall time change, to make them publicly available. But it only recently released automated tools for businesses to manage time change issues in Exchange. And customers have also had a significant number of challenges getting those patches to work, particularly if they are not applied in exactly the recommended order.
"The order that things are patched is important," Kaplan said.
Though both tech companies and corporate tech departments were later to the game than with Y2K, businesses are largely prepared, Kaplan said. Kaplan said that call volumes seemed to peak on Monday and have dropped since, as more companies now see themselves as ready.
"I can tell you, the wait times are unpredictable," Kaplan said, but added that the company has also added an option for large businesses to leave their call-back information and details of their issue and get a return phone call once an engineer is available. Microsoft has also expanded an online chat forum where users can query experts online. Initially running for 12 hours a day, Microsoft made the call to expand that to 15 hours a day.
While solutions are available, they aren't always cheap. Support calls to Microsoft about this issue are free, but the company is charging $4,000 to companies that need patches for products that are no longer widely supported.
Most large businesses are doing the necessary work--and shouldering any necessary costs. A big question mark, though, is what will happen Monday when small- and midsize-business workers arrive in the office and begin noticing the effects of the time change.
The most widespread of the problems that have been anticipated have been around scheduling. While people are advised to double check any meeting times for the next three weeks, the problems there aren't expected to be catastrophic, though there may be double-booked conference rooms, missed appointments and other scheduling issues. But there are other potential issues, particularly where computers are used to automate manufacturing processes or are required to record time-sensitive sales data, such as stock trading.
In manufacturing, there could be particularly thorny issues if only a portion of PCs properly make the switch to daylight saving time.
"If some change and others don't, you're going to have batching operations out of sequence," said David Milman, CEO of computer support company Rescuecom, which helps individuals and small businesses manage PC problems.
For some people, particularly home users or small businesses, the issue may hardly register.
"I talked to many people who said 'The time isn't right on my computer now; I don't care,'" Milman said.
The daylight saving challenges are not without precedent. In countries like Israel and Brazil, the time change differs each year. In many cases, that means that companies have to manually adjust their computers' clocks.
"There are lots of people who deal with this already," Kaplan said. Indeed, Microsoft had initially planned on updating Windows to adjust to the time change, but leaving it to individual users to make sure their calendar items were correct during the four additional weeks of daylight saving time.
It is not clear whether this year's exercise will have to be repeated. Congress gave itself an out to re-evaluate the expanded daylight saving time after two years.
"Stay tuned," Kaplan said.
One thing that is clear, Kaplan said, is the need for the technology industry to be clearer early on about the implications such changes can have.
"I do think at a high level, the technology industry was not engaged enough," he said. "Moving forward, as decisions are made that affect the infrastructure, we should work to make sure that we understand the impact."

"IPod doctors" repair critical damage

2007-02-14T15:28:00.000-08:00

NEW YORK - Doctors are often lauded as miracle workers, but even the most skilled have patients they can't help. Demetrios Leontaris keeps a picture of one on his cell phone organizer
Tapping at his keypad, he smiles as he pulls up a picture of the ill-fated patient: an iPod Nano left badly bruised after being run over by a car. While it still played, attempting to repair the casing could have broken the device.
A self-styled iPod Doctor, the affable Leontaris is a full-time iPod resuscitator, part of a cottage industry catering to music devotees whose musical companions have fallen ill, usually from mistreatment.
Aaron Vronko, co-founder of iPodmods.com, chuckles when recalling some of the grisly injuries he's seen. Some devices have been slammed in car doors, another was partially melted when left too close to a light bulb. Still others have unwittingly been made into rather expensive chew toys for dogs. Some are sent through washing machines.
For the grieving, the third-party repair shops offer hope. Even the most earnest-looking iPod owner would be too sheepish to try to exchange a water-logged iPod. In one such case, Vronko notes, the familiar whirr of the spinning hard drive took on more ominous sound: "You could hear it swishing around in there. There wasn't much we could do."
Apple Inc., maker of the popular music players, doesn't, for example, accept exchanges on iPods under warranty if their screens have been cracked or if it's clear they've been dropped. Customers can purchase a warranty extension that tacks a second year onto their coverage; the cost varies depending on the model.
The entrepreneurs have stepped in for those hoping to repair their iPods rather than buy new. Leontaris began repairing iPods and other digital music players about three years ago after he bought a used iPod online only to find it didn't work.
While Leontaris has long had an interest in tinkering with electronics he also has a well-ingrained entrepreneurial sense. As a child in Union, N.J., where he still lives, Leontaris and his brother would charge a dollar to haul groceries upstairs when their building's elevator went out.
"We were poor growing up so you didn't just throw it out and get a new one," the 32-year-old said. "If the VCR broke it was going to be another few months before we got one."
So the idea that people would want to repair portable music players — iPods range from about $80 to $350 — seemed logical to Leontaris.
He set up his Web site, http://us.rd.yahoo.com/dailynews/ap/ap_on_bi_ge/storytext/business_of_life/21925264/SIG=10uqkt80u/*http://www.nycipoddoctor.com, to draw customers from nearby New York City. Leontaris most often brings his SUV-cum-workshop to the customer, many of whom wait in the passenger seat, watching as he goes to work on their ailing device.
One customer, Tausif Husain, 38, of Queens, N.Y., recently watched as Leontaris gave a scratched video iPod a facelift by replacing the front and the back covers. Leontaris searched his cache of impossibly small screwdrivers — kept in what was once a cup holder — and placed the back plate of the now disjoined iPod over the windshield's defrost vents. The heat from the vents loosened the adhesive that helps hold some of the device's parts in place. Husain had a new protective case at the ready so the iPod wouldn't again be scarred by keys and loose change. "This is going to be a collector's item," he joked of the newly pristine iPod.
Leontaris said customers are often surprisingly happy to have their personal DJs back in working order. "It makes people happy." Adding to their sense of satisfaction: Leontaris' one-year guarantee.
As iPods and its competitors shed their girth and the devices rely on ever-smaller components, Leontaris expects his job will grow more difficult. "They're getting more complex. I'm probably going to be obsolete as time goes on."
For now, though, he has found a business that enables him to help support his wife and three children, charging $45 and up to replace a battery and $59 and up for a new screen, for example.
Others have carved out a business as well. Web sites likes http://us.rd.yahoo.com/dailynews/ap/ap_on_bi_ge/storytext/business_of_life/21925264/SIG=10pm7vodt/*http://www.iPodResQ.com and Vronko's http://us.rd.yahoo.com/dailynews/ap/ap_on_bi_ge/storytext/business_of_life/21925264/SIG=10p1fsg95/*http://www.ipodmods.com have sprung up for those looking to inject new life into their iPods.
Vronko, 24, founded iPodMods in Kalamazoo, Mich., with a friend after studying business in college; they set up the Web site in 2004. It has drawn customers from more than 65 countries.
With 90 million iPods sold, Vronko sees a growing pool of potential customers.
"We've gone from five a week to 500," he said. "Within a week of the model debuting, we get a phone call saying someone dropped it and broke the screen."
While the repairs could mean fewer iPods are sold, third-party repairers say iPod owners are more likely to feel confident about later buying a new iPod knowing there are options should an accident occur or the warranty expire.
Apple doesn't make repairs to products outside the warranty except to replace the rechargeable batteries. It will offer a 10 percent discount for trading in a broken iPod for a new one. Many third-party repair services buy broken iPods for parts.
Apple declined to comment on the role of third-party iPod repair.
"I think honestly they kind of happily ignore us," Vronko said.
Meanwhile, customers have posted recommendations for Web sites that do repairs in user forums on Apple's Web site.
Not all customers want to repair their iPods. Dan Williams, an 18-year-old college freshman in Akron, Ohio, has a nearly two-year-old iPod that's had difficulty retaining its charge since he dropped it. While he'd consider trying to have it repaired, he confessed to wanting to trade up to more storage capacity for a burgeoning music collection.
"I'm probably just going to go get a new one," he said.
And of course there are music lovers who might have difficulty facing a gloomy prognosis. Vronko recalled a man who was listening to his iPod while doing yard work and didn't realize he dropped it until after he'd run over it with the lawnmower.
"I don't think we did a lot for it," Vronko said. "We refunded his shipping to him and sent it to a metal recycler."
On the Net:
http://us.rd.yahoo.com/dailynews/ap/ap_on_bi_ge/storytext/business_of_life/21925264/SIG=10uqkt80u/*http://www.nycipoddoctor.com
http://us.rd.yahoo.com/dailynews/ap/ap_on_bi_ge/storytext/business_of_life/21925264/SIG=10pm7vodt/*http://www.iPodResQ.com
http://www.ipodmods.com

Written by TIM PARADIS, AP Business Writer Tue Feb 13, 2:10 PM ET

Pop-up Blocker Problem Found in Firefox

2007-02-14T15:25:00.000-08:00

A flaw in the pop-up blocker of the open-source browser Firefox could allow an attacker to access local files, according to security analysts.
The flaw, however, does not affect Firefox 2.0, the latest version of the browser, but version 1.5.0.9, according to Beyond Security, which credited the find to Michal Zalewski.
The attack could occur if a user manually allows a pop-window to appear. The browser normally blocks access to local files, but when a pop-up is manually allowed, "normal URL permission checks are bypassed," Beyond Security said.
To make the hack work, however, a malicious file containing the exploit code would have to already be on the system, the advisory said. The file could be planted on the system by enticing a user to click on a link that would download the file.
The malicious file could then enable access to other files, which could be transferred to a remote server. Mozilla Corp., the distributor of Firefox, could not immediately comment on the report.

Written by: Jeremy Kirk, IDG News Service Thu Feb 8, 2:00 PM ET

New hack simplifies high-definition video copying

2007-02-14T15:21:00.000-08:00

San Francisco (IDGNS) - A hacker claims to have discovered a cryptographic key that can be used to circumvent copy restrictions on HD DVD and Blu-ray movies.
The key, which was published Sunday on the Doom9.org discussion forum, is a further step toward undermining the next-generation AACS (Advanced Access Content System) encryption system used to copy-protect high-definition media.
The hacker, going by the name of Arnezami, said he discovered the key by examining what was happening in his computer's memory while it processed an HD DVD video.
A spokeswoman for the group that sets the AACS specification, called the AACS Licensing Administrator, said Arnezami's claims were being investigated but declined to provide further comment.
In late December, a different hacker, named Muslix64, posted a software program that could decrypt high-definition movies. Users needed to first enter another type of encryption key, called the "volume key," for the software to work. More than 100 of these volume keys have since popped up, allowing users to freely copy such films as King Kong, Mission: Impossible and Jarhead.
The publication of this latest key, called a processing key, gives users a much easier way to figure out the volume keys they need in order to make movie copies with the HDDVDBackup software, according to Arnezami.
Introduced in April 2005, AACS is supported by media and technology companies such as Microsoft, Matsushita Electric Industrial Co. (Panasonic), Sony, Toshiba, The Walt Disney Co., and Warner Bros.
The encryption system is designed to be more robust than the CSS (content scrambling system) encryption scheme used by DVDs, which was completely cracked in late 1999.

Written by Robert McMillan Wed Feb 14, 10:01 AM ET

MySpace teen suit dismissed by Texas court

2007-02-14T15:19:00.000-08:00

NEW YORK (Reuters) - News Corp.'s MySpace said on Wednesday a federal court dismissed a negligence lawsuit filed by the family of a teenage girl who was a victim of an adult sex predator she met on the popular Internet social network.
Judge Sam Sparks of the U.S. District Court for the Western district of Texas granted MySpace's motion to dismiss charges for negligence and fraud and negligent misrepresentation.
MySpace separately faces several other lawsuits filed by families of teenage girl victims of predators on the service.

NY, Calif more likely identity theft targets: study

2007-02-14T15:15:00.000-08:00

NEW YORK (Reuters) - New Yorkers, especially around New York City, and Californians, especially around Los Angeles, are more likely to be targets of identity theft, according to a new study.
The study released Wednesday by ID Analytics Inc., a San Diego fraud security firm, found that New York, California and Nevada have the highest incidence of attempted identity theft, while Wyoming, Vermont and Montana have the lowest rates.
Three other Western states ranked in the top 10 in fraud attempts: Arizona (4), Oregon (7) and Washington (9).
Among states with large populations, Illinois ranked 5th, Michigan 8th, Texas 10th, New Jersey 12th, Florida 14th, Pennsylvania 36th, and Ohio 46th.
Urban areas had higher fraud rates because larger populations make it easier for criminals to "operate under the radar," according to Stephen Coggeshall, chief technology officer at ID Analytics.
"With respect to income," he added, "(fraud) rates are elevated at the high and low income ranges, and lower in middle income levels. In New York, for example, that could help explain some rates, and why there appear to be 'pockets' of fraud."
The study was released two weeks after Javelin Strategy & Research, a Pleasanton, California firm, said identity theft cost Americans $49.3 billion last year, an 11.5 percent drop that might reflect increased vigilance.
It said people with incomes above $150,000 were among those most at risk.
ID Analytics studied incidents from January 2003 to June 2006, including attempted thefts as well as reported crimes, using data collected from clients and public sources.
It said 10 percent to 15 percent of fraud attempts involve stolen identities of actual consumers, while the balance involved criminals creating identities with real and false data.
According to the study, Manhattan residents with zip codes beginning with "100" were four times as likely to be targeted. Next were Brooklyn, New York residents with 112 codes, and Detroit residents with 482 codes.
The next four zip codes were in the Bronx, Manhattan and Nassau County, New York, followed by the 948 code in Contra Costa County, near San Francisco, and Los Angeles' 900 code.
Of the top 50 codes, two-thirds were in New York and California.
Some findings appeared unusual.
The fraud rate in one zip code for Floral Park, New York was 63.3 times the national average, which Coggeshall attributed to an unexplained surge in 2005.
That rate dwarfed the next highest rate, 12.3 times the national average, in the zip code for Faulkton, South Dakota -- population 703.
Coggeshall said the data suggested that for consumers, "it's important to be aware of your general level of identity risk."
Experts urge consumers not to divulge personal data in response to unsolicited communications. They also recommend consumers notify financial services providers and file fraud alerts with credit bureaus if they suspect identity theft.

Written By Jonathan Stempel Wed Feb 14, 10:42 AM ET

Hackers Use Virtual Machine Detection To Foil Researchers

2006-11-21T00:03:00.000-08:00

Hackers are adding honeypot refused to run in VMware," said Lenny Zeltser, an analyst at SANS Institute's Internet Storm Center (ISC) in an online note Sunday.
Malware writers use a variety of techniques to detect virtualization, including sniffing out the presence of VMware-specific processes and hardware characteristics, said Zeltser. "More reliable techniques rely on assembly-level code that behaves differently on a virtual machine than on a physical host," he added.
Researchers can fight back, Zeltser said, by patching the malicious code so that the virtual machine routine(s) never executes, or by modifying the virtual machine to make it more difficult for malware to detect that it's running in a virtual environment.
Two other ISC researchers, Tom Liston and Ed Skoudis, spelled out anti-detection techniques at a recent SANS conference. The paper can be downloaded from the ISC site as a PDF file.

Written by Gregg Keizer TechWeb

California court expands immunity for bloggers

2006-11-21T00:01:00.000-08:00

SAN FRANCISCO (Reuters) - Individuals who use the Internet to distribute information from another source may not be held to account if the material is considered defamatory, the California Supreme Court ruled on Monday in a reversal of a lower court decision.
The ruling supports federal law that clears individuals of liability if they transmit, but are not the source of, defamatory information. It expands protections the law gives to Internet service providers to include bloggers and activist Web sites.
"We acknowledge that recognizing broad immunity for defamatory republication on the Internet has some troubling consequences," California's high court justices said in their opinion.
"Until Congress chooses to revise the settled law in this area, however, plaintiffs who contend they were defamed in an Internet posting may only seek recovery from the original source of the statement," the decision stated.
The opinion, written by Associate Justice Carol Corrigan, addressed a lawsuit by two doctors who claimed defendant Ilena Rosenthal and others distributed e-mails and Internet postings that republished statements the doctors said impugned their character and competence.
Rosenthal operates a San Diego-based Web site known as the Humantics Foundation (http://www.humanticsfoundation.com), which is critical of silicone breast implants.
Rosenthal had countered that her statements were protected speech and immune under the Communications Decency Act of 1996. It holds that: "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider."
A California appeals court had ruled that Internet service providers and users could be held liable if they republish a statement if it is known to be defamatory.
California's high court took that decision up for review because the lawsuit against Rosenthal involved an individual instead of a service provider, and opted for a broad view of immunity under the Communications Decency Act.
"Requiring providers, users, and courts to account for the nuances of common law defamation, and all the various ways they might play out in the Internet environment, is a Herculean assignment that we are reluctant to impose," the court's justices held in their opinion.
"By declaring that no 'user' may be treated as a 'publisher' of third party content, Congress has comprehensively immunized republication by individual Internet users," they added.
Mark Goldowitz, the defense counsel who represented Rosenthal, said in a statement that the ruling offers protection against those who would chill free speech on the Internet.
"The soapbox is not liable for what the speaker has said," said Kurt Opsahl, a staff attorney with the Electronic Frontier Foundation who filed a brief arguing free speech protections should cover individuals, not just Internet service providers.
(Additional reporting by Eric Auchard in San Francisco)

As far as PC security, Goldilocks got it just right

2006-11-20T23:56:00.000-08:00

SAN FRANCISCO - When Jud Fink decided to protect his PC, he treated it like a glorified science project. With a zeal that would put TV's resident obsessive Monk to shame, Fink evaluated every conceivable software and hardware program to come up with the best options for security and ease of use.
During the weeks-long process, Fink, 52, who does regulatory-compliance work for a health insurer near Philadelphia, left no technology stone unturned.
He looked at three browsers and chose Opera because he judged it faster and more secure than Microsoft's Internet Explorer and Mozilla Firefox. He appraised free and for-charge firewalls before opting for a hardware router.
Fink relies on e-mail services from Opera and FastMail, a local Internet service provider with advanced spam and virus-protection features. And he is thinking about adding the Macintosh OS to his Intel-based PC. He occasionally uses Linux, Unix and a beta version of Windows Vista as secondary operating systems. Oh, and he assiduously updates his system.
From all indications, Fink's approach has worked: He has never been victimized by a virus or spyware. Folks are so impressed with Fink's setup, they ask him for security tips.
"I've seen, and helped, lots of friends who are stuck in one of two situations: Either their computers are full of viruses and spyware, or they are unusable because they have so much (security) stuff and their systems slow to a crawl," he says.
Computing at home has never been so powerful - and treacherous. Just as millions of Americans are buying new PCs and signing up for blur-fast Internet connections, cybercrooks are hatching schemes to take control of their machines.
Consumers' 3 approaches
Americans, in turn, are beefing up their PC defenses to varying degrees. You might compare them to Goldilocks and the Three Bears.
Consumers are taking three distinct paths to the way they manage computer security. There are those of the fortress mentality, ever-vigilant taskmasters who overload their machines with every newfangled device. There are those who have it just right, with the proper mix of hardware and software. And there are those who simply plug in their machines with a wing and a prayer.
"Most people give careful consideration to security on their car or house, but when it comes to computers, most are not well educated," says Ed Rose, 59, a safety trainer in Orlando who attentively guards his personal computer at home. "It is not just the contents of your computer that must be safeguarded, but the possibility of someone entering your system and causing malicious damage."
Wave upon wave of infectious programs are scouring the Internet, allowing hackers to hijack millions of PCs and turn them into so-called bots - mostly in homes, at small businesses and on college campuses. The bots heed the orders of cybercrooks to spread spam, phishing e-mail and other nasty things.
If bots don't bite consumers, scores of other digital gremlins just might. They come in the form of virus-infected e-mails, Web pages crawling with contagious computer code or dozens of network worms - voracious, self-replicating programs that bounce around the Web, searching for security holes in Windows PCs.
The dangers have rattled consumers: 94% cite identity theft as a serious problem, according to a May report by the Cyber Security Industry Alliance and Pineda Consulting.
There are no studies available on the various degrees to which people protect their PCs. But security experts agree most fall somewhere in the vulnerable category. Indeed, 81% of home PCs lack fundamental protection in the guise of updated anti-virus software, a firewall and spyware defenses, according to a survey of 354 homes by AOL/National Cyber Security Alliance (AOL/NCSA) in late 2005. More than half lacked current virus protection.
The well-protected tend to be computer-literate and from safety-related fields. The defenseless tend to be novice or first-time users.
"Users should have to complete a driver's exam before they go on the Internet. They're that dangerous," says Toby Lucas, 49, a Web master in Newfoundland.
How PC users stack up:
Fortress mentality
There are cautious folks, and then there is Bruce Purcell.
Purcell is as overprotective of his home PC network as a mother bear of her cubs. His PCs are barricaded behind a phalanx of DSL routers that act as a sentinel to incoming Internet traffic. The second line of defense is
Windows XP's built-in firewall, McAfee's anti-virus software and Windows Defender for malware and spyware removal. Within Internet Explorer, Purcell uses the maximum setting on the pop-up blocker.
His e-mail is Google's ultra-secure Gmail system, which he deems less prone to spam and phishing e-mail than AOL and Microsoft MSN. Just to be extra careful, Purcell often creates temporary e-mail addresses when he shops online so he can delete them later.
Purcell, 48, also backs up photos, music and important documents to a disk in the event of a security mishap.
"All in all, it works," says Purcell, 48, the registrar at California State University, East Bay in Hayward, who also manages a tech team at the university.
Using the same concepts, his department of 100 people has endured only one virus in four years.
There is a limit to Purcell's caution, however. He does not overload his PCs with security accessories out of fear of dragging their performance. "Ironically, that's what happens when your PC gets hit by a virus," he says.
Purcell is among the technophiles who have made it their personal mission not to fall prey to cybercrooks. But in their zest, some overdo it with too many security programs, rendering their machines slower and - in isolated cases - disabling their firewalls, says Ross Brown, CEO of eEye Digital Security.
Another large group in the fortress category are those who have been burned by cybercrooks and are justly paranoid, Brown says. "They go belts and suspenders so, figuratively, their pants don't fall down," Brown says.
Somewhere between the obsessive and the indifferent are computer users with a healthy balance of hardware and software security tools. They often configure their system and heavily self-police their e-mail.
Just right!
Rick Kiphut, a 33-year-old firefighter in Memphis, typifies the middle-of-road approach. A self-taught PC user, Kiphut has read about computer security and, as a safety professional, is naturally cautious. His three laptops at home require encryption to log on. "People bring (a PC) home from Best Buy, plug it in and expect that's all they have to do," Kiphut says. "Me, I've always been pretty safe."
Thomas Gasque, 36, director of e-learning at a major retailer in Alabama, ascribes to a sensible approach. He keeps his McAfee Internet Security Suite - a combination of firewall, virus protection, spam filter and spyware detector, among other things - up to date. He uses a secure router. And he also backs up important files, photos and music.
"The generally prudent person does not do foolish things, like download unfamiliar applications or attachments from e-mail," Gasque says.
A wing and a prayer
Then there is the open gate, or laissez-faire, approach. Despite the inherent risks of computing and dire warnings from security experts, a large swath of consumers have little or no protection. Most aren't aware of the problem, while others take calculated risks.
Many of them, ironically, buy PCs preinstalled with security programs that last anywhere from 30 days to one year. Though it is their responsibility to maintain that security through paid subscriptions after the license of the preinstalled software expires, few do, says Brian Trombley, a product manager at McAfee.
"It's a case of not caring, knowing, or both," Trombley says. "Most consumers need simple programs that update themselves. Otherwise, they're in trouble."
Consumers, in general, remain blissfully unaware of computer security, based on the AOL/NCSA survey results. While two-thirds said they kept sensitive financial or health information on their PCs, 56% said they had never heard of phishing, e-mail scams designed to trick consumers into surrendering personal information.
"Most consumers blindly have total faith in their PCs and Internet providers to provide a secure and reliable connection," says Michael Pompura, an Orlando consumer who closely follows security issues. "These people typically have no qualms about sending personal information for banking or shopping with little thought (of security)."
Rob Carli considers himself lucky.
What other explanation, then, for Carli dodging a major computer problem for five years without the aid of any discernible security?
Carli, a 23-year-old sales consultant in Salt Lake City, says he just "rolled" with basic security updates and relied on software already installed on his PCs at home and at work. "My buddies always seemed to have a problem," he says. "I take (security) for granted."
Yet it is only a matter of time before folks like Carli get burned, computer experts say.
"Once you plug a high-speed PC in, the troubles begin," says John Kaufeld, 44, a Fort Wayne, Ind.-based author of 27 how-to computer books. "The bad guys are constantly seeking those connections to wreak havoc - and it's up to consumers to protect themselves."

Written by Jon Swartz, USA TODAY Mon Nov 20, 6:41 AM ET

Microsoft to face challenge over Linux licenses

2006-11-20T23:49:00.000-08:00

BRUSSELS (Reuters) - Supporters of PC operating system Linux are preparing to counter a recent deal penned by Microsoft Corp (Nasdaq:MSFT - news) which establishes for the first time the principle of paying the software giant for the operating system, whose license requires it to be free. Microsoft signed a deal with Novell, one of the providers of Linux, in which Novell paid it a lump sum in return for a guarantee that Microsoft would not sue Novell's clients for what it calls a violation of its own patents in the Linux program.
The prospect of a drawn-out legal battle with Microsoft, an experienced litigator, could push users of Linux into the hands of Novell (Nasdaq:NOVL - news) and away from dominant Linux provider, Red Hat (Nasdaq:RHAT - news), which does not have such a deal with Microsoft.
Although Linux is free, providers of the system offer the software with packaging, documentation and -- most important -- installation and maintenance, so any client shift from Red Hat would cost it money. "Either customers desert Red Hat to go to Novell, to get safety, or Red Hat will be forced into a similar deal with Microsoft," said Eban Moglen, a professor at Columbia Law School and founding director of the Software Freedom Law Center in New York.
Moglen, one of the pioneers of free software, said Microsoft's deal skirts the requirements of the GNU General Public License, used by Linux and other free programs, which requires the software to be given away.
He and others have started work on updating the license to close the loophole by saying a promise not to sue, such as the one given by Microsoft, would be automatically applicable to everyone. That would effectively flip Microsoft's agreement on its head and guarantee that no one would face a suit from Microsoft if anyone were protected.
"A clause like that would not be difficult to get community agreement on these days," Moglen said, adding that a change could be ready in weeks or months.
LIABILITY?
Under the Novell deal, in which both companies agreed not sue each other's clients for patent violation, Microsoft agreed to pay Novell $348 million, while Novell pays Microsoft $40 million, on the basis that Novell has fewer customers.
Microsoft says it has patent rights to some of the technology in Linux, although it has never said exactly what those rights might be or what patents are involved.
Microsoft Chief Executive Steve Ballmer said if customers bought Linux from anyone but Novell, they could face trouble.
"If a customer says, 'Look, do we have liability for the use of your patented work?' Essentially, if you're using non-SUSE Linux, then I'd say the answer is yes," Ballmer told eWeek.com recently, referring to the Linux system sold by Novell.
"I suspect that (customers) will take that issue up with their distributor," Ballmer said, adding that if customers considered doing a direct download of a non-SUSE Linux version, "they'll think twice about that."
Microsoft makes the Windows operating system, for which it charges billions of dollars a year, but Linux has been a thorn in the software giant's side because it is freely available.
Linux was created, maintained and improved by volunteers working under a license requiring that it be freely available for copying, modification and improvements.

MySpace Banner Ad Infects Million Users

2006-07-27T13:01:00.000-07:00

A banner advertisement posted on the MySpace Web site may have infected more than one million users with adware, according to security firm iDefense. The advertisement was included in user profiles on MySpace and could have been operating for about one week.
The deckoutyourdeck.com advertisement exploited a flaw in the way Microsoft's Internet Explorer (IE) browser handles Windows Metafile (WMF) image files. Users running unpatched versions of IE would never have realized that the banner ad had silently installed programs that generate pop-up ads on their system.
"This is a criminal act," said Hemanshu Nigam, chief security office at MySpace, in a statement. "This ad is being delivered by ad networks who distribute these ads to over a thousand sites across the Internet in addition to ours. We are working to have these ad networks remove this ad so that they do not appear on our site."
Banner Patch
An iDefense spyware analyst, Michael La Pilla, told The Washington Post that he discovered the attack on Sunday as he browsed the MySpace site. When he came across a page with the offending ad, he received a message from his browser asking him if he wanted to open a file named exp.wmf.
After a brief investigation, La Pilla found out that the spyware installation program contacted a Russian-language Web server in Turkey that tracks the PCs on which the program has been installed. The tally had climbed to 1.07 million machines, though La Pilla said the seven Internet addresses contacted by the downloader seem to be inactive now.
According to La Pilla, the ad also attempted to infect users of Webshots.com, a photo-sharing site. Though he cannot pinpoint the date the ads began sending out their spyware, it is believed that it coincided with the occurrence on MySpace on July 12.
The WMF vulnerability was originally discovered last December after hackers exploited the flaw using a specially created WMF image distributed via e-mail, instant message links, and Web sites. When users opened the image, the hacker could take control of the infected PC. Microsoft released a patch for the bug back in January, but many people did not install the patch.
PCs with unpatched systems can become infected simply by accessing a Web page with the deckoutyourdeck.com ad. The exp.wmf Trojan horse program could upload automatically without the warning prompt that La Pilla received.
Once installed, PCs running the Trojan horse will contact multiple Web sites and download a slew of unwanted programs such as PurityScan advertising software. PurityScan is an adware program that can cause pop-up windows containing unsolicited ads to appear. The application also keeps track of the user's online activity.
Two Wrongs
Rob Ayoub, an analyst at the research firm Frost & Sullivan, said two facts stand out regarding the MySpace infections. First, home users are clearly not as educated about the need to make sure they have up-to-date patches and other security fixes installed. Second, MySpace needs to have a better security system to identify dangers hidden in the ads they serve.
If you are a legitimate business with a legitimate Web site hosting banner ads, you have a responsibility to keep the service clean, Ayoub said. "MySpace has some problems and this is a real blunder on their part. I can't believe any business would not scan or take more caution with banner ads posted on their sites. Ad network or not, there is no excuse for them not having a checking system."
One million people is a very large number, Ayoub said, and it demonstrates that the technology industry, and security firms and software makers in particular, might not have done enough to impress upon home users the importance of downloading patches. PCs that have not been updated exponentially increase problems with viruses, spyware and adware.
"MySpace should have been checking and users should have been patching," Ayoub said. "And because of that combination you have a million downloads."
Some PC users have said their reluctance to install patches and updates centers around the fear that any changes will negatively impact their computers. However, Ayoub pointed out, unwanted changes or problems with updates is relatively rare these days.
"There was a time when you had to watch and be very careful with your patches," Ayoub said. "And some of the big ones are a problem, but there haven't been big problems with patches for ages."
Home users, Ayoub predicted, will not start to take security seriously until Internet service providers start to make antivirus and antispyware software compulsory. That may or may not be the best solution, he said, but incidents like this are a "perfect storm" for users not protecting themselves.
"That's extremely dangerous," Ayoub said. "Maybe what we need to do is run public service announcements."
MySpace is "strongly" urging all Internet users to "follow basic Internet security practices such as running the latest version of the Windows operating system, installing the latest security patches, and running the latest anti-spyware and anti-adware software."

Companies take costly steps to secure laptops

2006-07-27T12:59:00.000-07:00

Big U.S. companies are taking tough measures to shore up laptop security amid a rash of thefts. The actions of Ernst & Young, Fidelity Investments and other high-profile victims underscore the balancing act for executives, who must weigh the costs of additional security and customer privacy with the financial benefits of a mobile workforce.
"There is a trade-off between the cost of security and how much security you actually get," says Robert Seliger, CEO of Sentillion, a data-security company.
About 88 million Americans have been exposed to potential ID theft since February 2005 as a result of reported data breaches, says the Privacy Rights Clearinghouse. In at least 43 instances - a fourth of all reported breaches - stolen or missing laptops were involved. Few of the laptops have been recovered.
What companies are doing:
• Ernst & Young started encrypting - or scrambling - data on laptops for its 30,000-person workforce in the USA and Canada after a laptop with personal information on about 38,000 customers was stolen from an employee's car in February.
• Fidelity accelerated encryption on thousands of employee laptops. The mutual fund giant was the victim of a laptop breach in March that affected data of 196,000 current and former Hewlett-Packard workers. It also is increasing training on laptop security and protection of customer data.
• Aetna undertook several preventive measures after a laptop containing names, addresses and
Social Security' name=c1> SEARCHNews News Photos Images Web' name=c3> Social Security numbers for 59,000 members was swiped from an employee's car in April. The insurer had employees re-encrypt and recertify files. Every company PC was audited to ensure files were properly encrypted. Aetna also tightened restrictions for storage devices such as thumb drives.
Encryption can be pricey. Gartner estimates a company with 100,000 customer accounts can spend $30 to $40 per laptop on data encryption. Yet, the cost of a data breach is even higher. Companies with 100,000 customer accounts will spend at least $90 per account if data are compromised or exposed - not including fines and lawsuits, Gartner says.
Walking off with a laptop is easy. Few have alarms, and only a few have encrypted data. People also tend to leave them in unlocked cars or unattended at airports, says Keith Burt, project director of San Diego's Computer and Technology Crime High-Tech Team.
As more people store data in a mobile environment, laptops have become more attractive to identity thieves, says Bob Egner, a marketing executive at security software maker Pointsec Mobile Technologies. Personal information sells on the Internet for about $1 per stolen record, Egner says.

Microsoft sees no reason for Vista shipment delay

2006-07-27T12:53:00.000-07:00

REDMOND, Washington (Reuters) - Microsoft Corp. said on Thursday it sees no reason why its new Windows Vista operating system would be delayed, but it stopped short of committing to its previously stated launch target. We will ship Windows Vista when it is available," Kevin Johnson, co-president of Microsoft's platforms and services unit, said at the company's annual financial analyst meeting.
"However, we are going to ship the product when it is ready and we are just going to take it milestone by milestone," he said of the upgrade to Windows, which sits on more than 90 percent of the world's personal computers.
Microsoft has already postponed the release of its new Windows for consumers until early 2007 -- after the crucial holiday shopping season -- to improve the system's quality.
Vista is set to ship to corporate customers this November.
Uncertainty over when Microsoft will begin benefiting from the surge in revenue growth that typically accompanies a major Windows software upgrade led the company's shares to dip 43 cents or 1.8 percent to $23.94 in early afternoon Nasdaq trading.
"There was a lot of speculation that Vista will be late and they did not come out and definitely say that it is on time either," said Greg Palmer, head of equity trading at Pacific Crest Securities.
Johnson said he sees revenue from the core desktop Windows business growing 8 percent to 10 percent in the current fiscal year ending June 30, 2007. Windows, nearly a third of Microsoft's total revenue, should generate between $14.3 billion and $14.5 billion in fiscal 2007, he said.
"Explain why I'm paying 20 times for a stock that is growing at 10 with a whole lot of investments that are not really going anywhere," Palmer complained.
MANY PILLARS BEYOND WINDOWS
Chief Executive Steve Ballmer told analysts and reporters at the company's annual financial analysts' meeting here that Microsoft is confident it can build two great new businesses -- online services and entertainment -- on top of its industry-dominating desktop and server software businesses.
"We see incredible amounts of opportunity," Ballmer said.
The giant software company also reiterated that it expects to maintain its double-digit revenue growth in the coming year. Last week, Microsoft had forecast revenue in the fiscal year ending in June 2007 to grow 12 percent to 14 percent, to between $49.7 billion and $50.7 billion.
The new Microsoft is being built on "four pillars," Ballmer said.
He said upgrades to the company's two core products -- the Windows operating system and the Office applications suite -- should act as engines to drive its growth and buy it time to erect two new pillars -- its Internet and
Xbox' game businesses.
Underscoring leadership transition that is taking place at the company,
Bill Gates', the company's co-founder and chairman, is missing from the annual analysts' meeting for the first time ever. He is vacationing in Africa, Ballmer said.
In mid-June, Microsoft announced that Gates planned to move from full-time involvement to part-time in 2008. The company split Gates' technology responsibilities between Chief Software Architect Ray Ozzie and Chief Research and Strategy Officer Craig Mundie.
(Additional reporting by Chris Sanders in New York)

Microsoft: Internet Explorer 7 'High-Priority' Update

2006-07-27T12:50:00.000-07:00

Microsoft has announced plans to distribute its upcoming Internet Explorer 7 Web browser as a "high priority" upgrade via its Windows Automatic Update tool. The browser, currently in its third and final beta testing phase, is scheduled for release later this year. The updated version of Microsoft's Web browser, Internet Explorer 7 (IE7), will be delivered using Automatic Updates (AU) to "help our customers become more secure and up-to-date," Tony Chor, group program manager at Microsoft, wrote on the company's IEBlog Web site.
According to Chor, advanced security features in IE7, such as ActiveX Opt-in, the Phishing Filter and Fix My Settings, will help make IE users more secure. Microsoft has designed IE7 to help protect users from malicious software and fraudulent Web sites, Chor continued, and Microsoft recommends that all Windows customers install IE7.
Consumer Considerations
IE7 is the first significant update for Microsoft's Web browser in five years. Microsoft has said that improving security in the browser was priority number one. Since the release of its predecessor, IE6, critics have very vocally berated Microsoft because of the plethora of security flaws with which that browser has been riddled.
The AU distribution strategy is seen as a fairly aggressive tactic. However, it very likely could achieve Microsoft's apparent goal to have the majority of Windows users install the new browser. However, this is not a forced installation. Consumers will be able to choose whether to accept the software or not. Prior to downloading the new browser, the AU tool will notify consumers that the update is ready and ask them whether they would like to continue with the installation.
Users who want to download the new version of IE7, don?t have to wait to be prompted by the Automatic Update utility. They can head to the Windows Update or Microsoft Update sites and download IE7 by performing an "Express" scan for high-priority updates, Chor continued. During installation, users' current settings including toolbars, home page, search engines and favorites will be preserved and will not revert to default setting in the browser.
In addition, Chor added, consumers who want "roll back" to IE6 can do so at any point by using the Add/Remove Programs functions in the Control Panel.
Business Considerations
Enterprise customers who prefer not to have Microsoft automatically install IE7 on their networks can take advantage of a tool Microsoft released on Wednesday. The special "Blocker Toolkit," available for download from Microsoft's Download Center, will allow business users to prevent the automatic distribution and installation.
The tool, according to Microsoft, is intended for companies who may not be prepared to handle the update or would like to have more hands-on management of software installed on its computers.
"I think this approach strikes a good balance across a couple of dimensions -- helping customers become more secure, giving them control, and providing options for enterprises," Chor wrote.
Web developers could be left scrambling to ensure that their sites are compatible with the changes made in IE7. Developers of some online applications will have to change their code to make sure that it will work with the new browser. While beta versions of IE7 have been available since February, many online applications are expected to encounter compatibility issues when the browser is released.
"If my lowest browser support level was IE7, then it would be a dream. However, seeing how many bugs and compatibility issues still exist with IE7, I see this as a nightmare for supporting various apps currently available, and Web sites (Web apps) too," one developer wrote on the IE blog.

Written by: Walaika K. Haskins, newsfactor.com Thu Jul 27, 12:31 PM ET

Judge OKs $90M 'click fraud' settlement

2006-07-27T12:49:00.000-07:00

TEXARKANA, Ark. - An Arkansas judge on Thursday approved a $90 million settlement between Google and its advertisers who claimed the leading Internet search company improperly billed them for fraudulent "clicks" on their ads.
Miller County Circuit Judge Joe Griffin called the settlement "fair, reasonable and adequate" and downplayed claims it hurt small advertisers. More than 70 objections were filed, with smaller companies saying they didn't have the resources to prove "click fraud" losses.
By settling claims made in the plaintiffs' class-action lawsuit, Google will give advertising credits that are the equivalent of a $4.50 refund on every $1,000 spent in its advertising network during the past 4 1/4 years.
No one will receive cash except the lawyers, who will split $30 million.
In Internet advertising, clicking on ads — typically displayed at the top and sides of Web pages — triggers sales commissions even if the activity doesn't lead to a sale. Click fraud cropped up several years ago as a way for scam artists, rivals and mischief makers to drain ad budgets or funnel illicit revenue to Web sites.
Some of the plaintiffs in the Arkansas case went before Griffin on Monday to argue that Google Inc. hadn't taken reasonable care to prevent click fraud and overstated the steps it has taken against would-be swindlers.
A Texarkana company — Lane's Gifts and Collectibles — filed the lawsuit, which Griffin certified as a class action. Google did not admit liability in the case, which also involves other Internet companies whose cases continue.
Google lawyer Nicole Wong said the company was pleased by Griffin's decision.
"We look forward to continuing to manage invalid clicks effectively and provide our advertisers with an outstanding return on their investment," she said in a statement.
In his ruling, Griffin said he based his decision on the strength of Lane's case, Google's ability to pay, the potential expense of further litigation and the limited amount of opposition.
Those who opposed the settlement said the agreement switched the burden of proof to them, and they argued they didn't have the resources to easily pursue their claims. Griffin said, however, their task wouldn't be impossible.
"The settlement class is not required ... to submit records or documents that they simply do not possess," Griffin wrote. "The settlement class is not burdened or discouraged from filing claims because they are required only to provide information to the best of their knowledge in submitting a claim form."
Daralyn Durie, an attorney representing Google, said the majority of class members have agreed to the settlement, including 19 of the company's 20 largest advertisers.
An independent report filed in court last week said while Google appears to be doing reasonably well protecting advertisers from scam artists preying upon Internet advertisers, it remains unclear how much the system is being bilked by click fraud.
Since 2001, the ads have generated $15.7 billion in revenue for Google and its partners, turning the Mountain View, Calif.-based company into one of the world's most prized businesses.
Under the settlement, if advertisers do not claim the full amount available, a portion would be made available to charitable organizations. Griffin also said 556 advertisers notified him they did not want to participate in the class-action lawsuit.

Kazaa pays $100 mln to settle lawsuits

2006-07-27T12:47:00.000-07:00

LONDON (Reuters) - The music and movie industries have reached a legal settlement with their longtime antagonist Kazaa, one of the world's best known file-sharing networks and a once-popular source of illicit downloads. Under the terms of the deal, Kazaa's owner Sharman Networks will pay the world's four major music companies -- Universal Music, Sony BMG, EMI and Warner Music -- more than $100 million and commit to going legitimate, according to the International Federation of the Phonographic Industry.
"There are very substantial damages being paid -- in excess of $100 million -- and Kazaa will go legal immediately. They've had time to prepare for this," said IFPI Chairman and Chief Executive John Kennedy.
The Motion Picture Association of America said Sharman "will continue operations while employing new technologies to prevent unauthorised distribution of copyrighted works on its system."
Terms of the MPAA's settlement were not immediately available.
Two suits were settled as part of the agreement: one in Australia, where a judge had already ruled that the company breached copyright; and another in California, in which Kazaa creators Niklas Zennstrom and Janus Friis were named as co-defendants.
Zennstrom and Friis, who sold Kazaa to Sharman Networks in 2002, later went on to create the popular Internet telephony software Skype, which they sold to eBay last year for an initial $2.6 billion in cash and stock.
Zennstrom declined to comment when reached by Reuters on Thursday.
The music industry has pursued an aggressive legal strategy in its attempts to curb Internet piracy, filing lawsuits against file-sharing companies like Kazaa and
Grokster', as well as individual users who uploaded copyrighted material. Their efforts were bolstered last year when the U.S Supreme Court ruled that content companies can file lawsuits against technology firms that encourage copyright infringement.
Meanwhile, legitimate music services like Apple's iTunes have become wildly popular, offering legal alternatives to illicit file-sharing.
Ovum analyst Jonathan Arber said the settlement would have a mostly symbolic importance, as Kazaa was past its prime.
"It's nowhere near as popular as it used to be. Very few people are thought to be using it anymore because better services came out," he said. "It is a big legal victory, a good symbol for them to put out, but in terms of actually reducing piracy, people migrated to other file-sharing networks a long time ago."
The IFPI said in a report on Thursday that last year there were $4.5 billion in pirated CD sales, or more than one in three CDs sold worldwide, and that there were 20 billion illegal downloads -- roughly three for every human being on Earth.

By Adam Pasick Thu Jul 27, 8:29 AM ET

Web services increasingly under attack

2006-06-23T15:50:00.000-07:00

SAN FRANCISCO - As more people turn to Web applications for everyday tasks like e-mail, friendship and payments, cyber criminals are following them in search of bank account details and other valuable data, security researchers said. Users of Yahoo Inc. (Nasdaq:YHOO - news)'s e-mail service, Google Inc.'s Orkut social networking site and eBay Inc.'s PayPal online payment service were among the targets of attacks in recent weeks. All three companies have acknowledged and plugged the security holes.
The attacks come as Microsoft Corp., whose Windows operating system runs about 90 percent of the world's computers, has plugged many of the most easily exploited holes in its e-mail program, browser and other products following dozens of embarrassing breaches over the past several years.
They also come amid the growing popularity of online communities such as MySpace.com and of Web-based calendar, messaging and other services offered by Google, Yahoo and others.
As larger audiences flock to Web sites that run on ever more powerful programming scripts, malware writers are finding them fertile ground.
"People are just now realizing that there are a ton of scripts that are vulnerable to hacking," said Eric Sites, vice president of research and development at Sunbelt Software, which sells security products to businesses. "It's much easier to go after these applications that haven't been as exploited."
One of the latest discoveries, announced earlier this month by FaceTime Security Labs, is a worm attacking Orkut.
It tricks visitors into clicking a link that promises photos but instead loads a malicious program, which automatically logs and sends to the worm's anonymous creator data such as names and passwords along with Windows files that often store banking details.
"The bad guys are just stepping up a level and becoming a lot more malicious in what they're trying to do," said Chris Boyd, a FaceTime security research manager who discovered the worm. "Sadly, it's quite a brilliant idea, and we'll probably see a lot more of it in the months to come."
Statistics detailing the rise of Web sites as security targets are hard to come by because companies such as Secunia and Symantec Corp., which track computer attacks, generally don't break them out that way.
But anecdotal evidence isn't hard to find.
In October, MySpace.com, which now has 88 million registered users, was hit by a malicious program that allowed a single user to automatically add millions of others as friends. The attack caused performance problems for MySpace — and underscored for security researchers the potential risks Web applications and services face.
Security experts say that attackers are having to look for new avenues because users have become better at running security software and applying security updates.
"In some ways, we've forced them to be more clever because we've shut down the old means they had of infecting people," said Dave Cole, director of security response at Symantec. "What we see the attackers doing is trying to slide under the radar by moving into new areas where people's guards may be down."
Nick Ianelli, an Internet security analyst with the federally funded
CERT Coordination Center', said criminals who once launched broad attacks by sending malicious e-mails to millions of people are finding it more effective to target smaller groups of people who congregate in online communities.
"If you can send e-mails to those addresses and make it look like it's one of their friends, the chances they're going to do what you want them to do is better," he said.
Also spurring the attacks is the growing power and flexibility of Web programming languages that allow Web browsers to look and act more like word processors, spreadsheets and other computer programs. The recent Yahoo worm targeted faulty scripts based on a technology called Ajax, or Asynchronous JavaScript and XML.
The worm didn't require a user to click on an attachment, making it more virulent than many. An undisclosed number of users got infected simply by opening an e-mail from another infected user. The worm then sent itself to others in a person's address book and transmitted those addresses to a remote server, possibly for junk e-mail, security researchers said.
The ability of Yahoo, Google and PayPal to quickly plug this month's holes highlights one of the differences between combatting worms that target Web sites and those that go after flaws running on an individual's PC.
PayPal was able to roll out a fix almost immediately by altering several lines of code on its server, company spokeswoman Amanda Pires said. That blocked the ability to exploit a flaw that let cyber criminals intercept users who typed in a genuine PayPal Web address, security researchers say.
By contrast, companies such as Microsoft that plug holes on individual PCs have to get millions of users to download and install a patch, a process that's more time consuming.
Over time, computer security experts said, Web site designers will get better at anticipating the ways their code can be exploited, but by then criminals are likely to move on to newer targets.
"The trend is definitely for blended attacks and leveraging different kinds of vulnerabilities to take the next step," said Rick Wesson, chief executive of Support Intelligence, which tracks online abuse for corporate customers. "The arms race is going to continue."

SPYWARE WEBSITE

2006-05-22T17:00:00.000-07:00

In searching for SPYWARE on my last repair I found a good website to give you info about the pesty bugs out there. Go to http://blog.spywareguide.com/ to see it.

IM Worm Installs Bogus Browser

2006-05-22T16:57:00.000-07:00

Malware writers have created a new worm that installs a new browser and plays screeching music.
The annoyance starts with a link apparently sent by a friend in Yahoo's instant messaging program.
Instant messaging security company FaceTime Communications described the malware, which it calls "yhoo32.explr", as "insidious" in a security advisory.
When the link is clicked, a worm installs the so-called "Safety Browser," a program that leads the user to pages mined with adware and viruses, FaceTime said. The Safety Browser uses an Internet Explorer logo to make it look more legitimate.
New Type of Attack
Malware spread through instant messaging programs is on the rise. However, FaceTime said this malware appeared to be the first to install a browser without the user's permission.
The bug also hijacks Internet Explorer's home page, directing users to the Safety Browser's Web site.
After it is launched, the worm sends itself to others on the user's instant messaging contact list.
The malware is engineered to overwrite instant messages typed by a user, FaceTime said. The infected message can also be changed on-the-fly, the company said.
The screeching music, however, is blocked by Microsoft's
Windows XP Service Pack 2, FaceTime said.
FaceTime has posted screenshots of the infection process on its blog.

Written by: Jeremy Kirk, IDG News Service Mon May 22, 10:00 AM ET

Symantec sues Microsoft on storage tech

2006-05-18T14:36:00.000-07:00

Symantec on Thursday filed a lawsuit accusing Microsoft of intellectual property theft and breach of contract related to data storage technology.
The suit, filed in U.S. District Court for the Western District of Washington in Seattle, seeks unspecified damages and an injunction barring Microsoft from using the Symantec technology, according to a copy of the lawsuit.
The complaint involves Symantec's Volume Manager product, acquired as part of the company's takeover of Veritas Software. Volume Manager allows operating systems to store and manipulate large amounts of data, according to a Symantec statement.
A Microsoft representative had no immediate comment.

Written by: By Joris Evers Staff Writer, CNET News.com -->
Published: May 18, 2006, 1:49 PM PDT

Microsoft to Reissue Buggy Security Patch

2006-04-21T17:30:00.000-07:00

SAN FRANCISCO-- Microsoft plans to reissue a security patch for its Windows operating system that caused serious headaches for some users.
The MS06-015 security update was released last week, but Microsoft customers soon reported that it was causing applications to crash, thanks to a conflict between the patch and nVidia's video drivers and Hewlett-Packard's Share-to-Web photo-sharing software.
The revised update is being tested now, and is expected to be released April 25, the same day that Microsoft is scheduled to release its nonsecurity updates for the month.
The Solution
"What we have done is re-engineered the MS06-015 update to avoid the conflict altogether with the older Hewlett Packard and nVidia software," writes Microsoft security response center program manager Stephen Toulouse in a blog posting today. "What the new update essentially does is simply add the affected third party software to an 'exception list' so that the problem does not occur."
The update will also provide an automated way of fixing the Windows registry configuration database on affected systems, a workaround that had been previously suggested by Microsoft.
MS06-015 fixes a critical vulnerability in the way Windows Explorer handles Component Object Model objects. This vulnerability could be used by attackers to seize control of an unpatched machine, and though some users have resolved their problems by simply uninstalling the buggy update, this course of action is not advised by Microsoft.
Hewlett-Packard's (HP's) Share-to-Web software is no longer distributed, but it was included with a variety of HP products including the company's scanners, cameras, CD and DVD devices, PhotoSmart software, and DeskJet printers, Microsoft says in an article addressing the issue.
Other Problems
Users have also reported that Sunbelt Software's Kerio Personal Firewall tries to stop the MS06-015 update from running an application called Verclsid.exe. Users who have this problem should configure Kerio so that it allows Versclid.exe to run, Microsoft says.
Those who have had problems with the patch are advised to try the workarounds suggested in the knowledge base article or to upgrade or simply uninstall affected software until the revised patch arrives, Toulouse says.
Microsoft's automatic update services will be able to detect whether or not users require the revised patch and will only offer the software to users who need it. "If you have already installed MS06-015 and are not having the problem, there's no action here for you," Toulouse says.
This is not the only Microsoft update that has given users headaches this month. ActiveX changes made in a second Internet Explorer patch, numbered MS06-013, have caused major problems with Oracle's Siebel 7 client. Microsoft has released a "compatibility patch" that undoes these ActiveX changes, and Oracle has said it will release a patch that resolves the issue sometime next month.

Robert McMillan, IDG News Service Fri Apr 21, 5:00 PM ET

Vista debut hits a delay

2006-04-20T13:11:00.000-07:00

The software maker said it will still wrap up development of the operating system this year and make it available to volume-licensing customers in November. However, Microsoft said a delay of a few weeks in Vista's schedule meant that some PC makers would be able to launch this year and others would not. As a result, Windows chief Jim Allchin said the company is delaying the broad launch of the product until January.

"We needed just a few more weeks, and that put us in a bubble...where some partners would be impacted more than others," Allchin said during a Tuesday afternoon conference call with reporters and analysts.

The delay is the latest setback for Vista. Microsoft scaled back several key features of the operating system last year in order to try to ensure a 2006 release. The operating system, which has been in development for years, was delayed by, among other things, the fact that Microsoft had to put so much time and testing effort into Windows XP Service Pack 2, a largely security-oriented upgrade to the current version of Windows.

Allchin said that although PC makers were not universal in wanting the delay, there were concerns from some companies that they could not ensure a holiday quarter launch if Microsoft pushed back its development schedule even slightly.

Analysts have been warning that Microsoft's schedule left little room for error if it was to make a fourth-quarter launch.

As recently as January, Allchin expressed confidence that Microsoft would make its deadline, although he reiterated his caveat that quality issues could lead to a postponement.

The delay would likely hurt retail PC vendors the most, said Stephen Baker, vice president of industry analysis at NPD Techworld. Dell, which sells most of its PCs directly, could probably handle a delay of a few weeks without too much trouble. Hewlett-Packard and Gateway, on the other hand, have to have their PCs ready for retail partners weeks ahead of when they will actually go on sale, and can't change gears as quickly, he said.

"It scares you," Baker said, when asked about the impact of the delay on fourth-quarter PC sales. The PC industry's largest quarter of the year always comes around the holiday shopping season, and expectations were high for that period this year, given the expected introduction of the new operating system.

Microsoft does not expect the move to affect this year's overall PC sales, Allchin said.

"There's no (change) to the PC forecast from our perspective," he said. "You can ask the partners what they think."

Allchin also said the product will still launch in the same earnings period for Microsoft, whose fiscal year runs from July to June. That means Microsoft's overall business for next year shouldn't be affected, he said.

Tweaks in the works
Allchin said some of the additional time would be used to ensure security levels, and the company is also working on ironing out usability issues.

"We're trying to crank up the security level higher than ever," Allchin said. "This came down to a few weeks. We're trying to do the responsible thing here."

Microsoft released its most recent test version of Vista in February. Late that month, the company also announced plans for six distinct editions of the operating system.

Allchin said Tuesday that Microsoft still plans next quarter to launch a broader test version of Vista, with the new version to be tested by about 2 million people.

Microsoft had hoped to have a massive marketing push around Vista and Office 2007, which is slated for the second half of this year. It is not immediately clear how the delay will affect those plans.

Allchin, whose official title is co-president of Microsoft's platform, products and services division, is slated to retire later this year.

CNET News.com's Tom Krazit contributed to this report.

'Critical' megapatch sews up 10 holes in IE

2006-04-15T20:46:00.000-07:00

update Microsoft on Tuesday released a "critical" Internet Explorer update that fixes 10 vulnerabilities in the Web browser, including a high-profile bug that is already being used in cyberattacks.

The Redmond, Wash., software giant sent out the IE megafix as part of its monthly Patch Tuesday cycle of bulletins. In addition, Microsoft delivered two bulletins for "critical" Windows flaws, one for an "important" vulnerability in Outlook Express and one for a "moderate" bug in a component of FrontPage and SharePoint.

"This patch release is a big one with lots of aftershocks," said Jonathan Bitle, a product manager at security company Qualys. "Three of the five updates, the IE and Windows updates, are especially critical as they take advantage of inexperienced users...Although a worm epidemic is unlikely, users can be easily enticed to visit malicious Web pages."

Eight of the 10 vulnerabilities repaired by the IE update could be abused to gain complete control over a Windows computer running vulnerable versions of the Web browser. In all instances, an attacker would have to create a malicious Web site and trick people into visiting that site to hook into a PC, Microsoft said in its Security Bulletin MS06-013.

Microsoft rates its browser update "critical" for IE 5 and IE 6, the most-used versions of the popular software. IE is vulnerable on all current versions of the Windows operating system--Windows 2000, Windows XP and Windows Server 2003--as well as on the older Windows 98 and Windows Millennium Edition, the company said.

"An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system," Microsoft said in its alert. "We recommend that customers apply the update immediately." Windows users who have automatic updates enabled for the operating system will have the fixes delivered to them.

Microsoft had been under pressure to rush the IE patch out before Tuesday because miscreants were already exploiting one of the flaws. Third parties had even provided temporary fixes for this "CreateTextRange" bug, which experts said was being used by malicious Web sites to try to drop code such as spyware on vulnerable PCs.

According to Microsoft's bulletin, three of the 10 vulnerabilities fixed by the update had been publicly disclosed. Only the CreateTextRange flaw was being exploited in attacks, the software maker said.

But Symantec has information that three of the flaws were already being exploited in attacks prior to Microsoft's patch release. More attacks are likely to follow, Oliver Friedrichs, a director at Symantec Security Response, said in a statement. "According to the latest Symantec Internet Security Threat Report, the average time between the release of a security patch and the development of an exploit is six days," he said.

Holes in Windows
In a double-whammy for Windows users, all versions of the operating system vulnerable to the IE problems are also affected by two other "critical" flaws, Microsoft said. These holes could also allow an intruder to commandeer a PC. One is related to a specific ActiveX control, a kind of Web program, (MS06-014), and the other deals with a bug in Windows Explorer (MS06-015).

In these cases also, an intruder would have to build a special Web page to take advantage of the security hole. Some of the vulnerabilities in Windows and IE could also be exploited using an HTML e-mail, which essentially is a Web page sent in an e-mail message.

Users of Outlook Express face an additional security risk, in that the e-mail application is flawed in the way it handles Windows Address Book files. Opening a specially crafted WAB file can result in execution of malicious code, giving an attacker control of the Windows PC, Microsoft said in Security Bulletin MS06-016.

The Windows bugs as well as the Outlook Express flaw were reported privately to Microsoft and have not been used in any attacks, the company said.

The last of the five security alerts issued by Microsoft, MS06-017, affects the lowest number of users and is deemed a "moderate" risk. The cross-site scripting flaw in FrontPage Web site building software and SharePoint collaboration software could lead to a system compromise, the company said.

Eolas tweaks
The IE update, in addition to security fixes, makes a change to the way IE handles ActiveX controls. These tweaks are a response to a long-running patent dispute between Microsoft and Eolas Technologies, a start-up backed by the University of California. The changes can affect how certain sites display in the browser.

People who need more time to adjust to the ActiveX changes can download a special patch that will disable them for two months. This "compatibility patch" is specifically designed for businesses that may have homegrown applications that use ActiveX, Microsoft has said.

By Joris Evers
Staff Writer, CNET News.com

Published: April 11, 2006, 1:19 PM PDT

Last modified: April 11, 2006, 1:57 PM PDT

Internet Agency Weighs New Domain Name

2006-04-15T20:38:00.000-07:00

NEW YORK - Reaching out and touching someone used to be as simple as dialing a string of numbers. But now there are home, cell and work phone numbers from which to choose, and sometimes work extensions to remember.

There are also e-mail addresses — at home and at work — and instant messaging handles, perhaps separate ones for the various services, some of which now do voice and video besides text. Some people even have Web pages — through their employer or Internet service provider, or perhaps a profile or two on MySpace.

To help people manage all their contact information online, the Internet's key oversight agency is considering a ".tel" domain name. If approved, the domain could be available this year.

As proposed, individuals could use a ".tel" Web site to provide the latest contact information and perhaps even let friends initiate a call or send a text message directly from the site. Businesses could use a ".tel" site to determine customers' locations and route them automatically to the correct call center.

Its proponents also envision ".tel" as a place from which the various people-finding services on the Internet could pull the latest contact information as individuals move about. Now, data typically come from third-party sources like phone listings, which may be old or incomplete, particularly if an entire household is listed under one name.

And telephony applications and devices yet to be built could one day make use of such data, especially as wireless and wireline networks converge, according to London-based Telnic Ltd., which proposed and would run the domain if it is approved.

There's nothing inherent in ".tel" that would enable these features; rather, its aim is to create a place to which people would know to go to find contact information.

Todd Masonis, a co-founder of contact management service Plaxo Inc., is familiar with the hassles of keeping track of everyone.

His parents have had the same house and phone number for some 30 years, and "for a long time that was how they are identified," Masonis said. "But in the last two years, even they have had a couple of cell phones, a couple of e-mail addresses and Web pages and instant message IDs."

Still, he questions the need for ".tel" when companies like his already use ".com" to host services that help manage contacts. He worries that a ".tel" name would create yet another identifier for people to remember, without doing away with the others.

The board of the Internet Corporation for Assigned Names and Numbers plans to review the proposal Tuesday, although it may wait until next month or later to decide.

Telnic officials likened ".tel" to the creation of domain names decades ago as an easier-to-remember alternative to the series of numbers behind every Internet-connected computer. Instead of memorizing a friend's phone numbers, they say, just remember the ".tel" address.

But Telnic was vague on how all this would work, saying it is merely enabling developers to come up with innovative ways to use ".tel."

Nor did the company say in its application how much a ".tel" name would cost. A spokesman said Friday that officials were unavailable because of the Easter holiday.

ICANN sought bids in 2004 for new domain names. John Jeffrey, ICANN's general counsel, said the other ".tel" applicant had failed to correct deficiencies identified by an independent review panel. But that applicant, Internet telephony pioneer Jeff Pulver, blamed politics for the rejection.

European Union, ".jobs" for human-resources sites, ".travel" for the travel industry, ".mobi" targeting mobile services and ".cat" for the Catalan language, bringing the number of domains to 264.

The organization also is in negotiations to create ".xxx" for porn sites, ".asia" for the Asia-Pacific community and ".post" for postal services.

The few who submitted comments to ICANN on ".tel" were skeptical.

Francisco Cabanas, owner of Canadian domain registration company FineE.com, said an organization like The Associated Press could simply create an address at "tel.ap.org," rather than require an "ap.tel."

Otherwise, who would get the ".tel" name? The AP? Internet service provider AccessPort, which uses "ap.net"? Or Audio Precision Inc., at "ap.com"?

"It kind of magnifies the problem," Cabanas said. "If I'm looking for a phone number or an e-mail address or whatever and I'm getting a totally different (company), it defeats the purpose."

Also unclear is what the demand would be like, giving the popularity of ".com."

The seven domains approved in 2000 — including ".aero," ".museum," and ".info" — "just never have caught on," said Dan Tobias, a Boca Raton, Fla., computer programmer who runs a site on domain names. "Nobody's figured out how to educate the public enough to seek out a different ... domain."

Written By ANICK JESDANUN, AP Internet Writer

Experts: 'Hype' May Have Mitigated Worm

2006-02-03T15:04:00.000-08:00

Companies and individuals heeded this week's warning — some may call it "hype" — about a file-destroying computer worm known as "Kama Sutra," helping minimize its damage Friday, security experts said.
One Italian city shut down its computers as a precaution, but otherwise the worm's trigger date arrived with relatively few reports of problems.
For days, experts warned that the worm could corrupt documents using the most common file types, including ".doc," ".pdf," and ".zip." It affects most versions of Microsoft Corp.'s Windows operating system, prompting the software giant to issue a warning Tuesday.
Hundreds of thousands of computers were believed to be infected, but security vendors say many companies and individuals had time to clean up their machines following the alarm, carried by scores of media outlets including The Associated Press.
"Certainly, right now, we and our anti-virus partners are not seeing a widespread impact of this attack," said Stephen Toulouse, a Microsoft security program manager.
For Milan, Italy, though, the discovery came too late. Technicians switched off 10,000 city government computers after discovering the infection Thursday and deciding they didn't have enough time to clean the machines.
"It has spread to all our computers," said Giancarlo Martella, Milan's councilman for technological innovation and public services. "Knowing how destructive it is, we turned off all personal computers to avoid losing our data."
Only the municipality's registry office had been kept open because its "passive terminals" don't store data, Martella said, adding he hoped the computers would return to normal by Monday.
Unlike other worms generally designed to help spammers and hackers carry out attacks, Kama Sutra sets out to destroy documents by overwriting data.
The worm — called "CME-24" but nicknamed after the Hindu love manual Kama Sutra because of the pornographic come-ons in e-mails spreading it — also tries to disable anti-virus software, but vendors have generally posted updates that should protect users.
Assuming the computer's calendar settings are correct, users can also avoid the worm by leaving their machines off until Saturday, although the worm is set to trigger again on March 3.
Security vendors Trend Micro Inc. and CA Inc. both assessed the overall risk and distribution as low. The worm wasn't designed to spread any more quickly Friday. Rather, Friday was the first trigger date for the file-destroying code.
Ajit Pillai, India's manager for U.S. security firm Watchguard Technologies Inc., said about 10 percent of his customers in the country had the worm, but they "followed the remedies and managed to avoid any problem."
"We didn't have to do any firefighting today," Pillai said.
So was the public bamboozled by the warning?
Hardly, experts say.
"The importance of media attention from an awareness and educational standpoint has been a very good thing," said Marc Solomon, director of product management at security vendor management McAfee Inc. "It alerts users to what may have happened and the destruction that could have occurred."
Call it hype if you wish, but "the hype was probably what prevented the disaster from happening," said David A. Milman, chief executive of the Syracuse, N.Y.-based Rescuecom.
He said his U.S. computer-repair chain initially saw a 20 percent increase in call volume, but mostly from customers seeking reassurance.
Security experts benefited from advance warning. The worm has been circulating for weeks but is set to destroy files only on the third day of each month. That gave vendors time to update their products and warn customers.
It's possible virus writers next time will have the file destruction start immediately, but that could also blunt a worm's ability to spread, said Ken Dunham, director of the rapid response team for VeriSign Inc.'s iDefense.
If files get wiped out right away, "you would notice that immediately, and people would start mitigating it," Dunham said. "If you let it build up, there's a much (greater) chance of spreading."
___
Associated Press writers Ariel David in Rome, Sylvia Hui in Hong Kong, S. Srinivasan in Bangalore, India, and Doug Esser in Seattle contributed to this report.

Free website to list programs with spyware

2006-01-25T18:38:00.000-08:00

Here's a new way to attack spyware: embarrass its purveyors.
A free website (StopBadware.org) launching Wednesday plans to provide a list of programs that contain spyware and other malicious software. It will also identify companies that develop the programs and distribute them on the Internet.
Consumers can then decide if a program is safe to download.
"For too long, these companies have been able to hide in the shadows of the Internet," says John Palfrey, who heads the Berkman Center of Internet & Society at Harvard Law School and is spearheading the project. "What we're after is a more accountable Internet."
The initiative is being run by Harvard and the Oxford Institute and is backed by high-tech heavyweights including Google and Sun Microsystems. Consumer Reports' WebWatch is serving as a special adviser.
Spyware invades PCs without users' knowledge when they download applications such as music file-sharing programs or screen savers, or visit certain websites. Often, spyware tracks Web-surfing habits and bombards victims with related pop-up ads. More nefarious versions monitor keystrokes to steal Social Security numbers or passwords for identity theft.
Also on the hit list of the StopBadware coalition are malicious "adware" programs that serve up onslaughts of pop-up ads or software that contains hidden viruses and worms.
At least 60% of home PCs are infected with one or more of these "badware" programs, says Forrester Research analyst Natalie Lambert.
The prevalence of the programs has spawned a booming industry of anti-spyware and anti-virus software. Internet providers such as America Online and EarthLink include the software free with service. But such programs typically can't identify all the rogue software on a PC and might not be able to eradicate a deeply embedded program even if they do, says Ferris Research analyst Fred Berlack.
By checking StopBadware.org, its organizers say, consumers can choose, in the first place, not to download a program containing the malicious software. The coalition is encouraging consumers to visit the website to log their experiences with harmful programs.
It will then use that information to compile reports on suspect programs, websites and companies that foist the software on consumers without getting their consent. The worst offenders will be spotlighted. It will take several months to gather a significant-size database, Palfrey says.
Some websites already provide information on spyware. Others identify suspect software for a fee. But the StopBadware group says it aims to be the biggest free clearinghouse.
Berlack is skeptical that many consumers will use the service. "I don't think the average Joe has the time or inclination to check every time he opens up a new website or downloads a program," he says.
But Te Smith of consultants FFW Partners, says, "Anything that helps people be more informed is useful. I applaud these companies for using their market presence and reach to try to educate consumers."

Written by: By Paul Davidson, USA TODAY

The Worst-Case Hack Scenario

2006-01-25T18:34:00.000-08:00

A flurry of data breaches at major corporations late last year seemed to confirm a growing consensus among computer-security experts that 2005 was the worst year yet for such transgressions. Incidents at Marriott International, Ford Motor Company, and ABN Amro Mortgage Group served as eerie reminders to CIOs that they could be the next victims of thieves looking to poach
Social Security and credit-card numbers, or of business-process breakdowns that cause sensitive information to fall into the wrong hands.
Most CIOs will tell you that getting hacked is inevitable. But there is getting hacked, and then there is getting sacked.
As the volume of information increases and criminals grow more brazen, the chances of companies suffering a worst-case scenario seem less remote every day. Part of any CIO's duty is to convince the boss that the company is ready for the very worst security crisis imaginable.
Tales of Tech Terror
An example of just how easily a security problem can hit a company is the data breach Ford Motor Company reported in the first week of January. Ford officials reported the theft of a computer with files that have the names and Social Security numbers of approximately 70,000 current and former employees of the company.
Adding insult to significant injury, that theft had nothing to do with network intrusion or social-engineering tricks typically employed by data thieves. Neither did the disappearance in December of a box containing information on some two million customers of ABN Amro Mortgage Group, one of the nation's largest mortgage lenders.
ABM Amro's customers learned that their Social Security numbers and other personal information were lost by a DHL courier on the way to the credit bureau Experian. A month later, a DHL worker found the unlabeled carton of data in the same DHL facility where it had been lost.
Meanwhile, someone at the corporate offices of Marriott Vacation Club International, in Orlando, Florida, either misplaced or removed computer backup tapes containing data about some 206,000 associates, timeshare owners, and customers. The company reported the missing tapes in late December.
Marriott officials mailed notifications to the affected people. In an effort to quell panic about possible identity theft, corporate officials said that the tapes require specialized equipment to read their content. Marriott is investigating how the tapes went astray and will monitor for unusual activity or possible misuse of the data.
We Have a Situation
Data security is a topic most corporate CIOs are reluctant to discuss. The consensus is, the less said, the better for the corporate image. But that does not mean CIOs are sitting around with their hands in their pockets wondering how to convince their bosses that the sky is not about to fall.
"Actually, believe it or not, many CIOs do already have a worst-case scenario list," said Ed Moyle, manager of Information Security Services at CTG and an analyst at Illuminata. "The specific terminology varies from firm to firm, but a situation report is one common way that a CIO can keep an eye on how the firm's I.T. infrastructure is impacted by developments in the outside world such as worms, viruses, and fraud activity."
The situation report might be prepared by CIO staff and contain high-level information about threats in the environment and the company's position with respect to each threat. Moyle said the staff might draw on data from Web sites like the SANS Internet Storm Center, which actively monitors and warns of attacks, or they might collaborate with peers to gauge the effectiveness of their security measures.
Keeping a list of threats is only the first step in crisis management, Moyle said. Most large companies also are likely to have an incident-response plan that details how I.T. personnel will respond to particular types of threats, including information about whom to call when a threat occurs and how to make sure the right people are involved.
Opening It Up
At General Motors, the approach to crisis management is very different than it was a few years ago. Back then, responding to worst-case scenarios was much like applying triage to a catastrophe, said Eric Litt, chief information security officer for Global Information Security at GM Information Systems and Services.
"Now we try to assess threats and decide how to handle them before the crisis hits," he said.
GM is unique in that it outsources 100 percent of its I.T. By necessity, the global operation requires around-the-clock scrutiny, and that includes preparation for nightmare scenarios. "We operate 24-7 so computer security incidents and events are handled no differently than other kinds of incidents," Litt said.
GM follows a model that aligns Litt with each sector of the corporate structure while allowing him oversight of the operations and support of the I.T. department. Because the company is always functioning at multiple locations worldwide, the data security infrastructure is more expansive, and concerns over data breaches are not treated as a separate entity linked only to I.T.
Litt said that this is a big change in the way he approaches his job. "I no longer worry about what could go wrong," he said.
Assessing Risk Clearly
Today's CIOs are more keyed in than ever on the risks that hackers pose, said Paul Stamp, an analyst at Forrester Research. That focus has strengthened the defenses around company perimeters and shifted focus somewhat to threats from within.
"CIOs are now better equipped to stay ahead of the security curve," said Stamp. "The feeling now is that the perimeter holes have been licked." In fact, he said, studies have shown that most security breaches in the last two years have come fairly consistently from inside corporations.
Despite this recent success against outside threats, CIOs are still struggling with how to communicate specific threat information to the bosses, said Moyle. "That's where the situation gets tricky," he said.
Since CEOs are focused on increasing the profitability of the firm, he said, many of them regard security as an expense that draws money away from investment in the business. To win over the CEO, information officers must demonstrate how activities within their purview affect the bottom line.
"By using data from their threat-tracking efforts, the CIO can demonstrate how I.T. investment impacted the bottom line in terms of cost savings," said Moyle. In other words, if a CIO can prove that money spent resulted in money saved, it could ease the pain involved in outlining a worst-case scenario.
"Granted, it is very difficult to get anything but a rough estimate from these metrics," Moyle said, "but a rough estimate is better than no estimate at all."
As to the degree of worry that CIOs have, Moyle conceded that quite a few CIOs are worried about attacks, incidents, and other types of security threats. And to him that is not a good sign.
"Worry in a CIO reflects uncertainty in the management process," said Moyle. For example, in a well-prepared company, a CIO might have metrics to help predict how likely an incident is to occur and how much it is likely to cost the company. He or she can then look at the balance sheet and make a considered determination as to how much to spend.
But if CIOs are panicked, it's a sign that their confidence in that process is not there for one reason or another, Moyle said. "The metrics might be so skewed as to be useless. They might not have metrics at all. They might have no way of tracking threats, or they might not have a defined response process, and so on."
The Best Defense
Moyle likened the role of the CIO in handling risk management to having flood insurance. Financial officers do not stay up late at night worrying whether there will be a flood, and adequately prepared CIOs shouldn't lose any sleep either.
The CIOs who manage risks effectively have become successful in showing their bosses the need to build computer systems from the ground up rather than to bolt on fixes, according to Forrester's Stamp. "[Risk management] is now a laundry list of things to do. Security is no longer a separate department. Rather, it is integrated into business practices," he said.
That integration seems to be the key to understanding and preparing for a worst-case scenario. Instead of having a plan waiting behind a pane of glass, to be broken out only in case of emergency, CIOs would seem to be best served telling their bosses that the systems are already in place to respond to a data-security crisis.
Besides, as GM's Litt sees it, a worst-case scenario, in the truest sense of the term, is one that is not survivable. The best CIOs can do is to have a plan in place to mitigate attacks effectively and be ready to follow it whenever needed.
"That doesn't mean an attack will never have an impact on the business," Litt said. "There is no such thing as a perfect security plan."

Written by: Jack M. Germain, cio-today.com

Nyxem Worm Programmed to Erase Files

2006-01-25T18:29:00.000-08:00

Antivirus vendors are warning of a rapidly-spreading worm that is carrying a potentially destructive set of instructions. The Nyxem worm--also nicknamed the Kama Sutra worm--is programmed to overwrite all of the files on computers it infects on February 3, says Mikko Hypponen, chief research officer at F-Secure.
F-Secure researchers found the worm truncates files to 20 bytes and causes an error message when one is opened, he says.
"We are expecting to see problems in two weeks' time," Hypponen says.
The worm appears to be programmed to overwrite all files on the third day of every month, Hypponen says. So far, there's no indication where Nyxem originated.
While most antivirus vendors have issued updates for their software, Nyxem is spreading quickly, and its creators have posted a counter on a Web site that records new infections. According to F-Secure's security blog, the counter was showing around 510,000 infections as of Sunday night.
Nyxem infections may be rising because it is taking advantage of computers that have already had their antivirus software disabled by some other virus such as Bagle, Hypponen says.
Dated Technique
The worm, which is spread through e-mail, uses a dated technique to entice users by promising pornography, says Graham Cluley, senior technology consultant, at Sophos. Nyxem lacks the sophistication of recent Trojan horse-style viruses that are more targeted and less prevalent in order to evade detection, Cluley says.
Nonetheless, users appear to still be clicking, and the worm was accounting for about 35 percent of virus traffic as of Monday morning, he says.
"It's a bit of a throwback to an old trick," Cluley says.
The worm harvests e-mail addresses and then sends itself out again. The e-mail subject line may contain text that says "Miss Lebanon 2006" or "School girl fantasies gone bad," according to Sophos.

Written by: Jeremy Kirk, IDG News Service

Windows Security Flaw Is 'Severe'

2005-12-30T12:33:00.000-08:00

A previously unknown flaw in Microsoft Corp.'s Windows operating system is leaving computer users vulnerable to spyware, viruses and other programs that could overtake their machines and has sent the company scrambling to come up with a fix.
Microsoft said in a statement yesterday that it is investigating the vulnerability and plans to issue a software patch to fix the problem. The company could not say how soon that patch would be available.
Mike Reavey, operations manager for Microsoft's Security Response Center, called the flaw "a very serious issue."
Security researchers revealed the flaw on Tuesday and posted instructions online that showed how would-be attackers could exploit the flaw. Within hours, computer virus and spyware authors were using the flaw to distribute malicious programs that could allow them to take over and remotely control afflicted computers.
Unlike with previously revealed vulnerabilities, computers can be infected simply by visiting one of the Web sites or viewing an infected image in an e-mail through the preview pane in older versions of Microsoft Outlook, even if users did not click on anything or open any files. Operating system versions ranging from the current Windows XP to Windows 98 are affected.
An estimated 90 percent of personal computers run on Microsoft Windows operating systems. Microsoft has found itself under attack on several instances and has been forced to issue a number of patches to keep computers running Windows safe. Mac and Linux computer users are not at risk with this attack, even if their computers run Microsoft programs such as Office or the Internet Explorer Web browser.
Reavey encouraged users to update their anti-virus software, ensure all Windows security patches are installed, avoid visiting unfamiliar Web sites, and refrain from clicking on links that arrive via e-mail or instant message.
"The problem with this attack is that it is so hard to defend against for the average user," said Johannes Ullrich, chief research officer for the SANS Internet Storm Center in Bethesda.
At first, the vulnerability was exploited by just a few dozen Web sites. Programming code embedded in these pages would install a program that warned victims their machines were infested with spyware, then prompted them to pay $40 to remove the supposed pests.
Since then, however, hundreds of sites have begun using the flaw to install a broad range of malicious software. SANS has received several reports of attackers blasting out spam e-mails containing links that lead to malicious sites exploiting the new flaw, Ullrich said.
Dean Turner, a senior manager at anti-virus firm Symantec Corp. of Cupertino, Calif., said the company has seen the vulnerability exploited to install software that intercepts personal and financial information when users of infected computers enter the data at certain banking or e-commerce sites.
Eric Sites, vice president of research and development for anti-spyware firm Sunbelt Software, said he has spotted spyware being downloaded to a user's machine by online banner advertisements.
"Pretty much all of the spyware guys who normally use other techniques for pushing this stuff down to your machine are now picking this exploit up," Sites said.
Because the vulnerability exists within a faulty Windows component, security experts warn that Windows users who eschew Internet Explorer in favor of alternative Web browsers, such as older versions of Firefox and Opera, can still get their PCs infected if they agree to download a file from a site taking advantage of the flaw.
Richard M. Smith, a Boston security and privacy consultant, said he was particularly worried that the vulnerability could soon be used to power a fast-spreading e-mail worm.
"We could see the mother of all worms here," Smith said. "My big fear is we're going to wake up in the next week or two and have people warning users not to read their e-mail because something is going around that's extremely virulent."

Written by: Brian Krebs is a washingtonpost.com reporter.

Web services thrive, but outages outrage users

2005-12-30T12:10:00.000-08:00

LONDON (Reuters) - Web sites that share blogs, bookmarks and photos exploded in popularity in 2005, but in recent weeks a number of major outages left users stranded and frustrated.
The new breed of Web site includes blogging services such as TypePad, the photo site Flickr, the shared bookmark site del.icio.us and many others. They are sometimes known collectively as "Web 2.0": hosted online, relying heavily on users' submissions, and frequently updated and tweaked by their owners.
Their growth in the last year has been huge. Flickr and del.icio.us were high-profile acquisitions for Internet giant Yahoo, and there are now at least 20 million blogs in existence, according to some estimates, with tens of thousands being added every day.
But the surge in Web-based applications hasn't come without some serious hiccups as several notable services have crashed.
Six Apart, whose TypePad service is used by many high-profile bloggers, experienced nearly an entire day of downtime on December 16, when it suffered a hardware failure. Del.icio.us had a major power failure on December 14. Services including Bloglines, Feedster and WordPress have also experienced problems.
Nothing underlines the importance of these "social media" services as much as the outcry of users when the sites crash. While the services were usually back up and running within a few days at most, the outages prompted much consternation from users who were temporarily unable to share their blogs and bookmarks with the world.
Russell Buckley and Carlo Longino wrote on their blog MobHappy (http://mobhappy.typepad.com/) that waiting for TypePad to be fixed was like "waiting for a train to arrive, when you're sitting on a cold, damp platform. It's mildly irritating for the first 5 minutes, but then annoyance levels start to rise exponentially."
"TypePad has been growing so rapidly that it is finding the hard way that scale and scalability matter," Business 2.0 technology writer Om Malik wrote on his blog (http://gigaom.com/). "Are they the only ones? Not really -- over (the) past few days Bloglines, Feedster and Wordpress.com have been behaving like a temperamental 3-year-old."
The usefulness of Web 2.0 services -- which also include the collaborative Web pages known as Wikis and RSS feeds that deliver customized information to users -- is highlighted when they are abruptly taken away.
"You need those services to be 'on.' I have come to expect 99.9 percent uptime, and when a service crashes there is significant frustration," said David Boxer, director of instructional technology and research at the Windward School in Los Angeles, where he runs workshops on subjects like podcasting and photoblogging.
"When those services go down, then we are stuck in a ditch," he said.
Boxer's students have worked on projects aimed at making them "citizen journalists" via publishing their own blogs, podcasts, documentaries and photo essays. But when those services suffer outages, everything grinds to a halt.
When the Blogger Web site went down, Boxer's students lost some of their work. And when del.icio.us crashed recently, "it left me personally in a lurch," he said.
"I knew that eventually a machine or software application will crash, but I always expect a third-party provider like del.icio.us will build enough redundancy into the infrastructure that it will never go down," Boxer said.
It is still early days for Web 2.0, and some of the recent difficulties are likely just teething problems as companies adapt to their new popularity. However, the outages may make it harder to convince businesses and investors that blogging is ready for primetime.
Boxer, for one, is willing to ride out a few outages to take advantage of the new services.
"They allow for elements of personalization, content delivery and information pushing unlike any previous incarnation of the Net," he said.
WEB 2.0 LINKS
TypePad (http://www.typepad.com/): A paid-for service for publishing blogs and photo albums. Competitors include Wordpress (http://wordpress.org/) and Google's Blogger.com (http://www.blogger.com).
Flickr (http://www.flickr.com/): An online service for sharing and managing photos.
Del.icio.us (http://del.icio.us): A site for storing and sharing bookmarked Web pages.
Computer book publisher Tim O'Reilly's essay on Web 2.0 (http://www.oreillynet.com/pub/a/oreilly/tim/news/2005/09/30/wha t-is-web-20.html)

Written by: By Adam Pasick

Microsoft Fixes Critical IE Problems

2005-12-13T21:49:00.000-08:00

Microsoft this week fixed a widely reported flaw in its Internet Explorer (IE) browser that had been used by attackers over the past few weeks to take over the PCs of unsuspecting users. The flaw was one of four IE bugs fixed Tuesday in Microsoft's regularly scheduled software update. Although attacks based on the vulnerability have not been widespread, it is important that IE users now install the patch, said Neel Mehta, team lead of Internet Security Systems' X-Force group. "It's not of epic proportions," he said. "But isolated attackers here and there have used it to install malware."
Bug History
Security experts had known about the flaw since May, but on Nov. 21 hackers with a U.K. organization called Computer Terrorism posted sample code that showed it to be much more serious than originally thought. Within days that sample code was adapted and being used by attackers, prompting many security experts to erroneously predict that Microsoft would rush a patch ahead of its December update.
The bug concerns the way IE processes the "Window()" function in JavaScript, a popular scripting language used by Web developers to make their sites more dynamic. It affects IE users on Windows XP, Windows 2000, Windows 98' In order to exploit this problem, attackers must first trick users into visiting a maliciously encoded Web site, which has helped prevent the bug from being more widely used.
Critical Update
Microsoft fixed this problem, along with the other three IE bugs, in one of two security updates, released Tuesday. More details on the IE fixes can be found in the MS05-054 Security Bulletin here. This update is rated "critical" by Microsoft.
A second update, assigned Microsoft's less severe security rating of "important," fixes a problem in the Windows 2000 kernel. That update can be found here. This bug could help an attacker to circumvent Microsoft's user privileges mechanism and perform unauthorized tasks on a PC.
Typically, this flaw could not be exploited remotely, as it requires that the attacker gain access to the targeted computer's keyboard, said Steve Manzuik, security product manager with the company that discovered the bug, eEye Digital Security. Its advisory may be read here.

Written by: Robert McMillan, IDG News Service

2005-11-09T04:27:00.000-08:00

Hello, there to everyone who looks for this BLOG for new Internet, PC, and Technology changes.
I have been posting articles from other websites to this blog to inform the public on what is going on with new stuff that comes out. I have been getting some wierd posts and comments from the public on why I don't post my own thoughts and comments.
Well, in reality I could write about bluetooth technology and the good and the bad and give my 2 cents on it. But why when there are so many good reporters and writers out there that have done the reseach and give public info.
The goal for this blog is get the good stuff out there and put on here so that you have one place where the news for techie stuff is....

I appreciate all the good comments that I have been receiving and the BAD SPAM that I have gotten and will be going to have to fix that as of today to prevent those bad comments from posting.

Thanks for viewing my blog and I will be updating it in the next coming weeks....

LOOK FOR:

NEW ANTI-VIRUS SOFTWARE
NEW SPYWARE SOFTWARE
NEW PC INFO
NEW SOFTWARE INFO
NEW CELL PHONE INFO
NEW ISSUES ON SECURITY ON ROUTERS and WIFI
NEW ISSUES on HACKING into PC's

I generally try to post every week and my goal is to post a new article every Friday....

HAVE A NICE WEEK AND TALK TO YOU SOON.....

Dutch Say Suspects Hacked 1.5M Computers

2005-10-20T23:12:00.000-07:00

AMSTERDAM, Netherlands - Three suspects in a Dutch crime ring hacked 1.5 million computers worldwide, setting up a "zombie network" that secretly stole credit card and other personal data, prosecutors said Thursday.
The three, who were arrested Oct. 6 and originally were estimated to have hacked 100,000 computers, have yet to enter a plea.
A court in the town of Breda extended the custody of the 19-year-old main suspect and a 22-year-old accomplice for a month Thursday, and ordered the release of the third, aged 27, pending trial, prosecution spokesman Wim de Bruin said. The suspects' names have not been released.
Prosecutors said, however, more arrests were likely as the investigation continues.
The two still being held are accused of blackmailing a U.S. company by threatening it with a "denial of service" attack, in which thousands of computers that have been infected are used to bombard a target with e-mail. De Bruin said the company did not want its identity known.
The software the hackers used, a variation of the worm known as "W32.Toxbot," was first detected this year. Antivirus software can remove it, but the hackers adjusted the program constantly to defeat protections.
The existence of the "zombie network" of infected computers was first detected by Dutch Internet provider XS4ALL. The company noticed unusual activity coming from a handful of its users' infected computers, said the company's chief technical officer, Simon Hania.
The company traced the network as far as it could, and then turned the matter over to prosecutors.
De Bruin said prosecutors worked with computer crime experts to trace the network to its source and then installed taps on the suspects' computers. The taps showed the suspects manipulating the zombie network to steal passwords and credit card data, De Bruin said.
They also are accused of stealing PayPal and EBay Inc. account information to order goods without paying for them, he said. Authorities have seized computers, a bank account, an undisclosed amount of cash and a sports car in the investigation.
About 30,000 of the infected computers were in the Netherlands. When investigators dismantled the global network, they found more than 15 times the number of infected computers they originally estimated.
XS4ALL's Hania said that although the zombie network may be the largest of its kind whose controllers were busted, it was only a "drop in the ocean."
"It destroys the Internet," he lamented.

By TOBY STERLING, Associated Press Writer

Consumer confusion abounds over spyware

2005-10-18T20:58:00.000-07:00

According to exclusively provided results from the 2005 National Spyware Study, prepared by The Ponemon Institute, sponsored by Unisys Corporation and assisted by Chappell Associates, while most consumers believe that they have been victims of spyware and many of them are confused when it comes to issues relating to spyware, most prefer access to free downloadable software than laws designed to grapple with spyware problems.
An astounding 84% of respondents report that they have been spyware victims. From this group, an overwhelming 97% do not remember viewing end user licensing agreements (EULAs) before downloading spyware software on their computers.
Many respondents do not know how spyware is downloaded on their computers. Indeed, more than 42% report that they have "no idea" where the spyware comes from.
The primary reported negative consequence of spyware appears to be computer malfunctioning. This results in reported productivity losses for many people.
Approximately 15% of respondents report that they have suffered monetary damages from spyware on their computers. The average loss for this group is estimated at about $50 over the past 12 months. While this amount is not large on an individual basis, it is on a macro level.
A substantial number of respondents, 76%, report that they have experienced time losses emanating from spyware on their computers. The average time loss is estimated at 1.6 hours over the past 12 months. Again, while this time loss is not huge for an individual, it represents a large time loss on a cumulative basis.
Most respondents report downloading free software on the Internet. The most common of such programs include games, screen savers, and music players. These types of software programs are known to download spyware and adware desktop applications.
The respondents generally do not have a clear understanding of differences between spyware and adware. Indeed, almost half of them failed a test question that properly seeks definitions of spyware and adware.
The majority of respondents appear not to understand Internet economic issues. For example, they do not know how "free" software programs earn profits for their suppliers.
Interestingly, when available, most respondents concede that they do not read EULAs. The main cited reason is that language contained in EULAs is too complex and confusing.
Roughly half of respondents believe that it never is acceptable or appropriate to be tracked by spyware or adware on the Internet.
Still, most respondents do not desire new anti-spyware laws to prevent them from obtaining free software.
Thus, while most respondents have been subject to spyware, do not want to be tracked by such programs, and have confusion about some spyware issues, they appear more interested in obtaining free software than thwarting spyware problems.

Written by: Eric Sinrod is a partner in the San Francisco office of Duane Morris
His Web site is www.sinrodlaw.com, and he can be reached at ejsinrod@duanemorris.com.

Regulators: Banks Must Beef Up Web Security

2005-10-18T19:13:00.000-07:00

BOSTON (AP)--Federal regulators will require banks to strengthen security for Internet customers through authentication that goes beyond mere user names and passwords, which have become too easy for criminals to exploit.
Bank Web sites are expected to adopt some form of "two-factor" authentication by the end of 2006, regulators with the Federal Financial Institutions Examination Council said in a letter to banks last week.
In two-factor authentication, customers must confirm their identities not only through something they know, like a PIN or password, but also with something they physically have, like a hardware token with numeric access codes that change every minute.
Other types of two-factor authentication include costlier hardware involving biometrics or "smart" cards that would be inserted into designated readers on a user's computer.
Banks might also issue one-time passwords on scratch-off cards or require "secret questions" about a customer's account, such as the amount of the last deposit or mortgage payment.
The council also suggested that banks explore technology that can estimate a Web user's physical location and compare it to the address on file.
The most common way of stealing consumers' personal identity data and financial account credentials online, known as phishing, typically involves sending e-mails that direct unwitting users to phony Web sites. Data harvested at such sites is then used fraudulently.
The Anti-Phishing Working group, an industry association, reported 13,776 unique types of phishing attacks in August.
While some financial institutions have given their customers electronic password tokens, those have tended to be optional. Other banks have instituted password entry through mouse clicks instead of typing, a protection against keystroke-snooping programs.
But in general, the industry can do more to stop account fraud and identity theft, according to the financial institutions council--which includes the
Federal Reserve' name=c1> SEARCHNews News Photos Images Web' name=c3> Federal Reserve; the Federal Deposit Insurance Corp.; the U.S. Comptroller; the Office of Thrift Supervision, and the National Credit Union Administration.
"The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of information to other parties," the council wrote. "Account fraud and identity theft are frequently the result of single-factor ... authentication exploitation."
FDIC spokesman David Barr said the rules will serve as standards that will be checked when banks' practices are audited.
Although the requirements apply just to financial services companies, the policy could stimulate wider use of two-factor authentication by other merchants that are willing to "federate" their Web sites with banks, said Michael Aisenberg, director of government relations for Internet services provider VeriSign Inc.
VeriSign is a member of the Liberty Alliance, a group that is working to develop standards for federated authentication.
In a federated system, a two-factor login at one site would be recognized by another, so a travel agency associated with your bank would automatically grant you access if you came straight from the financial institution's Web site.
At the very least, Aisenberg said, "The securities industry is going to have to go along and other regulated sectors will no doubt follow along as well."

Written by: Brian Bergstein @ TechWeb.com

Nigeria and Microsoft sign deal to fight e-mail fraud

2005-10-18T13:57:00.000-07:00

ABUJA (AFP) - Nigeria and the US software giant Microsoft have formed an alliance to combat the Internet fraudsters who have damaged the country's international image, Nigeria's anti-graft agency said.
"Millions of people all over the world can only link the country and her nationals to the infamous scam letter," said Nuhu Ribadu, chairman of the Economic and Financial Crimes Commission (EFCC), in a statement released here.
"EFCC and Microsoft have teamed up to fish out Internet fraudsters in Nigeria and the west African sub region," he said.
Computer users across the world have become accustomed to being bombarded by e-mails from Nigerians seeking to trick them into handing over bank details or making advance payments on non-existent money-making schemes.
Experts say that the so-called 419 fraudsters -- named after the relevant section in Nigeria's criminal code -- steal hundreds of millions of dollars every year from unsuspecting marks.
In the biggest such case to date, a Brazilian bank collapsed after Nigerian confidence tricksters persuaded a corrupt employee to divert 242 million dollars (192 million euros) of his employer's capital into an imaginary deal to develop Abuja airport.
Microsoft markets the most popular computer programmes controlling access to the Internet, and Nigeria hopes that after signing a deal with the company in London at the weekend, the firm will help it track scammers, who now face stiffer laws at home.
The Nigerian parliament recently passed the stringent "Advance Fee Fraud Act 2005", which holds liable not only the fraudster but also cybercafe owners and office managers who allow their premises and facilities to be used for the crime.
President Olusegun Obasanjo has proposed an amendment to the act to make it a crime for scammers -- who are known in Nigeria as "Yahoo-Yahoo boys" after the popular free e-mail service -- to send unsolicited messages.

Feds Want Banks to Strengthen Web Log-Ons

2005-10-17T23:39:00.000-07:00

BOSTON - Federal regulators will require banks to strengthen security for Internet customers through authentication that goes beyond mere user names and passwords, which have become too easy for criminals to exploit.
Bank Web sites are expected to adopt some form of "two-factor" authentication by the end of 2006, regulators with the Federal Financial Institutions Examination Council said in a letter to banks last week.
In two-factor authentication, customers must confirm their identities not only through something they know, like a PIN or password, but also with something they physically have, like a hardware token with numeric access codes that change every minute.
Other types of two-factor authentication include costlier hardware involving biometrics or "smart" cards that would be inserted into designated readers on a user's computer.
Banks might also issue one-time passwords on scratch-off cards or require "secret questions" about a customer's account, such as the amount of the last deposit or mortgage payment.
The council also suggested that banks explore technology that can estimate a Web user's physical location and compare it to the address on file.
The most common way of stealing consumers' personal identity data and financial account credentials online, known as phishing, typically involves sending e-mails that direct unwitting users to phony Web sites. Data harvested at such sites is then used fraudulently.
The Anti-Phishing Working group, an industry association, reported 13,776 unique types of phishing attacks in August.
While some financial institutions have given their customers electronic password tokens, those have tended to be optional. Other banks have instituted password entry through mouse clicks instead of typing, a protection against keystroke-snooping programs.
But in general, the industry can do more to stop account fraud and identity theft, according to the financial institutions council — which includes the
Federal Reserve' name=c1> SEARCHNews News Photos Images Web' name=c3> Federal Reserve; the Federal Deposit Insurance Corp.; the U.S. Comptroller; the Office of Thrift Supervision and the National Credit Union Administration.
"The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of information to other parties," the council wrote. "Account fraud and identity theft are frequently the result of single-factor ... authentication exploitation."
FDIC spokesman David Barr said the rules will serve as standards that will be checked when banks' practices are audited.
Although the requirements apply just to financial services companies, the policy could stimulate wider use of two-factor authentication by other merchants that are willing to "federate" their Web sites with banks, said Michael Aisenberg, director of government relations for Internet services provider VeriSign Inc.
VeriSign is a member of the Liberty Alliance, a group that is working to develop standards for federated authentication.
In a federated system, a two-factor login at one site would be recognized by another, so a travel agency associated with your bank would automatically grant you access if you came straight from the financial institution's Web site.
At the very least, Aisenberg said, "The securities industry is going to have to go along and other regulated sectors will no doubt follow along as well."

By BRIAN BERGSTEIN, AP Technology Writer

Cisco adds security to switches, wireless devices

2005-10-17T15:50:00.000-07:00

NEW YORK (Reuters) - Cisco Systems Inc. (Nasdaq:CSCO - news) is adding security features to its network switches and wireless products, in the networking gear maker's latest push to sell software to help corporations combat spyware, worms and viruses.
Cisco already sells security software for its routers, which allows businesses to add a layer of security to their Web-based networks, which are often used by far-flung workforces. On Monday, Cisco said it is now selling the software for its switches, which companies often use in simpler local area networks within their own buildings.
The expansion of the security features to business' internal networks also includes wireless access points, which corporations are increasingly installing on their campuses.
The software is designed to protect corporations from computers and mobile devices which may have been infected through use outside of the office, as well as from outside attacks against the network itself.
The software, which Cisco sells under the brand name Network Admission Control, has proven to be a popular add-on for Cisco's corporate clients, who are wrestling with a wide range of security threats. The technology has also allowed Cisco to expand into the lucrative area of security software.
The market for network security software and appliances will reach $4.3 billion by the end of 2005 and could grow to $6.3 billion by 2009, according to the Synergy Research Group in Scottsdale, Ariz. Overall security spending will compose 7.9 percent of the U.S. IT budget in 2005, or $59.6 billion, according to Forrester Research Inc. (Nasdaq:FORR - news) in Cambridge, Mass.
This growth is being spurred by the constant assault on corporate and home networks by worms, viruses and other harmful programs.
"I've seen a big increase over the year in terms of attention paid to it by security managers and CIOs to this problem," said Gregg Moskowitz, an analyst at Susquehanna Financial Group.
Cisco's software is designed to be compatible with devices that do not contain Cisco's own verification system, known as the Cisco Trust Agent. This is important for companies that open up their networks to deal with outside business partners, such as suppliers or contractors, who might be running security software from other vendors, said Bob Gleichauf, chief technology officer in Cisco's Security and Technologies Group.
Cisco's focus on network security pits it against traditional rival Juniper Networks Inc, as well as Check Point Software Technologies Ltd, Microsoft Corp (Nasdaq:MSFT - news), Internet Security Systems Inc (Nasdaq:ISSX - news). and McAfee Inc (NYSE:MFE - news).
Cisco officials declined to say how much revenue and profit it expects from its network security business.
Cisco shares were down 7 cents, or 0.41 percent, in after-hours INET trading.

Expect Bigger Attacks After Microsoft, Yahoo Connect IM Networks

2005-10-14T11:11:00.000-07:00

IM attacks are already exploding, up a whopping 2,000% since last year. The bigger, combined Microsoft-Yahoo network will let attacks spread even further and faster.

The deal struck Wednesday by Yahoo and Microsoft to make their instant messaging (IM) networks work together in 2006 may sound great at first glance, but security experts say that the merger will make IM an even bigger target for hackers and hucksters.
"Ninety-eight percent of the stories about Yahoo and Microsoft will be about the benefits of interoperability, how the deal will eliminate the traditional hurdles in IM," said Jon Sakoda, the chief technology officer for IMlogic, an Internet security firm that specializes in defending against IM and file-sharing threats.
Instead of those silver linings, Sakoda sees some possible gray clouds on the horizon. "IM worms have generally targeted individual networks, say, only Yahoo or MSN. That's why you haven't seen a global worm that propagates to millions," he said.
"There hasn't any interoperability, but this deal changes that."
Christopher Dean, the senior vice president of business development at rival FaceTime, agreed. "As you increase the size of network, there's a greater chance that [malicious] things can spread. It's a bigger network effect."
Although the speed with which IM attacks spread -- very very fast, compared to e-mailed attacks -- the size of the attacks will, said Dean. "The malware writers discovered IM networks for the first time this year, and once they discovered it, they're focusing on it. And yes, [the Yahoo-Microsoft announcement] will increase the spread of IM worms."
Security vendors such as IMlogic have reported a massive surge in IM threats during 2005. Year-to-date, IMlogic said in a recently published third quarter threat report, IM threats are up a whopping 2,083 percent over 2004.
"Attackers are comfortable in using e-mail and the Web," said IMlogic's Sakoda. "And they've now added IM."
The larger attack surface of an interoperable Yahoo-MSN IM network -- estimated at 49.2 million users, only slightly fewer than AOL's 51.5 million -- means that Yahoo and MSN users should expect more attacks.
"We really haven't seen [IM worms] propagate because networks have been closed and non-interoperable," said Sakoda. "Historically, AIM and MSN have received the lion's share of attacks, because malware writers know where the users are, just like bank robbers know where the money is."
Attacks across IM networks -- whether delivering worms, spim, or adware/spyware -- are notorious for arriving like a whirlwind, and disappearing just as fast. That's due, said FaceTime's Dean, to IM users' habit of clicking on links within messages, the fact that all messages seem to come from trusted sources (i.e., IM buddies), and because IM is, unlike e-mail, a real-time communication mode. That trio, he said, conspire to make IM attacks fast acting.
So fast, said Sakoda, that defenses have a hard time keeping up.
"The speed with which attacks hit is measured in minutes, and their worms spread faster than either the IM or security industry can respond. That's why they're becoming such a popular method of attack."
Even so, argued Dean, the benefit of Wednesday's cooperation is a good thing. "Having interoperability makes a great deal of sense," he said, "and I think it far outweighs any possible increase in attacks."
Sakoda's not so sure. "SMTP and open e-mail standards created a lot of benefits, but they opened a lot of security holes, too," he cautioned. "I see similar types of trends in the IM world."

Written by Gregg Keizer TechWeb News

Microsoft, Nigeria fight email scammers

2005-10-14T10:00:00.000-07:00

LONDON (Reuters) - Microsoft has announced an anti-fraud partnership with Nigeria, the country of origin for some of the Internet's most notorious email scams.
Microsoft, which has been working to improve security and reliability amid an onslaught of malicious software targeting weakness in Windows and other Microsoft software, signed a memorandum of understanding with the Nigerian Economic and Financial Crimes Commission (EFCC) on Friday.
The agreement is designed to foster cooperation to combat issues such as spam, phishing, spyware, viruses and counterfeiting.
The email scam, known as a 419 scheme after the relevant section of the Nigerian Criminal Code, is a computer age version of a con game that goes back hundreds of years and is sometimes called "The Spanish Prisoner."
Victims are contacted by a stranger who claims to have access to large sums of money. They are told that the money can only be accessed if they disclose the details of their bank account or put up an advance fee, but the promised funds never materialize.
The EFCC said its Advance Fee Fraud Section "is currently investigating hundreds of suspects and prosecuting over 50 cases, involving close to 100 accused persons, in courts throughout Nigeria."
Under terms of the pact, "Microsoft and the EFCC will work together to combat the problem of internet crime through information sharing and training on Microsoft's technical expertise in this area," the parties said.

Article found in Reuters.

Windows Media Center Edition Gets Big Update

2005-10-14T09:00:00.000-07:00

Microsoft is expected to issue a major update Friday to its
Windows XP Media Center Edition operating system. The update, called Windows XP Media Center Edition Rollup Update Version 2, will add support for sending high-definition video over a home network to Microsoft's upcoming Xbox 360 game console and will include more than 500 bug fixes.
Tom Laemmel, product manager of the Windows Client Division, says the fixes don't address anything really major, "just lots of little things." He adds that the update will provide greater stability, but you won't see any performance difference over Rollup Version 1 (which came out last December).
Version 2 will also allow a Media Center PC to run two ATSC television cards (versus one for the previous version). Each card can carry two tuners, so theoretically you could play and/or record up to four TV programs (two high-definition and two standard-definition) at once. You can stream HD or SD programming from the PC to a Media Center Extender or to the Xbox 360, which is supposed to go on sale in November. The old version of the OS would stream only standard-definition content.
However, you'll still be limited to accessing only over-the-air high-definition programming: While Media Center PCs usually come with infrared blasters for use with cable-television set-top boxes, they will allow access only to standard-definition broadcasts. Furthermore, even if you can access over-the-air HD programs, if you try to burn one to a DVD, Media Center Edition will downcode it to standard resolution.
No CableCard Support
Laemmel says Media Center Edition does not support the CableCard standard, but that "there's a lot work going on by Microsoft and others in this area." A CableCard is a PC Card-like device that you insert into a slot in a compatible television to decrypt digital television broadcasts; the main advantage is that you don't have to use a cable set-top box. If you could insert such a card into a PC, you could then bring in HD cable broadcasts, not just over-the-air ones.
Media Center Edition Rollup Version 2 will also add support for PCs with Away Mode, a new power-management feature that cuts off the speakers and display, and perhaps lowers CPU power, but still allows the computer to perform unattended tasks (such as streaming video to an Extender). Laemmel cites having a babysitter over as an example of the mode's usefulness: You don't have to show how to start up or shut down the PC; just pressing the off button on the remote control will put the PC into Away Mode.
A big complaint about the Media Center OS is that it hasn't been as reliable as the consumer electronics devices it's supposed to compete with, mainly because it is, after all, a Windows OS. Laemmel admits that, with any version of Windows, periodically "it's best just to restart the darn thing." To this end, a new setting prompts the PC to restart Media Center-specific services. The default is for it to perform that task at 4 a.m.; but you can change the time, and the PC will skip the restart if it's busy.
Windows Vista Takes the Stage
Laemmel reveals that the majority of the Windows development team has moved to work on Microsoft's Vista operating system, expected out next year, and its media-specific features, so some Media Center elements--for example, music playback--were deliberately left alone. Vista will have all of the new features in Rollup 2, yet Media Center Edition will live on after Vista appears.
Microsoft recently introduced the Remote Keyboard for Windows Media Center Edition, which will sell for about $90. The wireless keyboard will have a built-in scrolling device (not quite a trackpad, because it has only up/down/left/right, with an OK button in the middle), plus dedicated buttons for Media Center functions. Your Media Center PC will need at least Rollup Update Version 1 for it to work.
Windows XP Media Center Edition Rollup Update Version 2 will be available via Windows Update or Microsoft Update; the download is about 30MB.

Written by: PCWORLD

HP Recalls 135,000 Laptop Battery Packs

2005-10-14T04:59:00.000-07:00

Hewlett Packard is recalling about 135,000 battery packs for some HP and Compaq laptop computers because of reports they overheated and melted, the Palo Alto, Calif., company announced Friday.
The lithium ion rechargeable battery packs are used with HP Pavilion, Compaq Presario, HP Compaq and Compaq Evo laptop computers.
The company has received 16 reports of the batteries' overheating; four cases occurred in the United States.
The recalled packs bear a barcode label starting with GC, IA, L0 or L1.
The battery packs were sold internationally from March 2004 through May 20005 by national and regional electronics stores and on Internet sites such as http://www.hp.com and http://www.hpshopping.com
Consumers should stop using the products and contact the company for a free replacement. For more information, call Hewlett-Packard at 888-404-7398 or visit http://www.hp.com/support/ or http://www.cpsc.gov.

By The Associated Press Fri Oct 14, 6:59 AM ET

Adobe Acquisition of Macromedia Gets OK

2005-10-13T18:00:00.000-07:00

SAN FRANCISCO - Adobe Systems Inc. said Thursday the Justice Department has approved its $3.4 billion acquisition of Macromedia Inc.
Adobe and Macromedia, two of the largest providers of graphic design software, must wait for several European jurisdictions to sanction the deal before it can close.
Adobe's Illustrator and Macromedia's Freehand are two of the leading products for vector graphics illustration, a term for drawings that are stored as collections of points and objects instead of pixels.
A combined company would also own a huge chunk of the market for Web site-building tools: Macromedia makes Dreamweaver while Adobe sells GoLive.
Analysts have said that teaming Adobe with Macromedia would also create a formidable competitor for Microsoft Corp., which announced last month that it will launch Web and graphic designer tools next year.
Last April, Adobe announced an agreement to acquire Macromedia in an all-stock transaction. Adobe said in a statement that it continues to expect the transaction will close sometime this fall.

Article found in the Associate Press.

Comcast, Google May Acquire Part of AOL

2005-10-13T15:00:00.000-07:00

PHILADELPHIA - Comcast Corp., the country's largest cable TV company, is teaming up with Internet search leader Google Inc. in talks about taking a stake in Time Warner Inc.'s AOL Web portal, a person familiar with the discussions said.
Comcast, Google and Time Warner are discussing a possible deal under which the three companies would form a new entity through which they would jointly own the Web portal, according to the person, who asked not to be identified because release of the information was not authorized.
The potential deal could derail separate talks that have been reported between AOL and Microsoft Corp., which is believed to be interested in an alliance between AOL and Microsoft's MSN, another major Internet portal.
Any deal between AOL and MSN could threaten Google, since AOL is major contributor to Google's thriving Internet ad business, accounting for 11 percent of Google's $2.6 billion in revenue during the first half of this year.
AOL was long considered a drag on Time Warner due to the rapid exodus of its core dial-up Internet users, but recently AOL has been revamping its business model, opening up its content to all Internet users in order to tap into the booming market for Internet advertising.
AOL's original online content now makes it an attractive target for companies like Google and Comcast, which are eager to build up their audiences of Internet users.
The three companies plan to leverage their content and consumer reach to create a Web portal powerhouse, the person said. Google, which is based in Mountain View, Calif., is the nation's most popular search engine, while Comcast and Time Warner are the top two cable operators. Time Warner also owns many media properties including Warner Bros., CNN and HBO.
Google contacted Comcast last week to gauge the cable giant's interest in such a deal, the person said. Philadelphia-based Comcast had been on the prowl for content to avoid the commoditization of its cable lines.
Reports of the talks among Google, Time Warner and Comcast sent Time Warner's stock up 10 cents to close at $17.59 Thursday on the
New York Stock Exchange' name=c1> SEARCHNews News Photos Images Web' name=c3> New York Stock Exchange.
Time Warner's CEO Dick Parsons said recently that revving up AOL's turnaround is a top priority for the company and the greatest opportunity for creating value. Activist investor Carl Icahn, meanwhile, has been pressuring the company to boost its share buyback program and spin off its cable TV unit.
No price for any deal has yet been discussed, as the talks remain at an early stage, the person said. Reports Thursday in The Wall Street Journal and The New York Times said the deal would focus on AOL's Web portal business, not on its still-profitable but declining dial-up Internet access business.
Google has been seeking a closer relationship with cable operators because of their close ties with content programmers.
Asked about the talks, a Google spokesman said: "Google and AOL have a healthy global partnership, and AOL remains a valued partner. Your inquiry is about rumored conversations and we're not able to respond to questions of this type."
An AOL spokeswoman declined to comment. AOL was the fifth most-popular Web brand in September, according to Nielsen/NetRatings, while Google came in fourth.
___
Business Writer Michael Liedtke in San Francisco contributed to this report
news link: http://news.yahoo.com/s/ap/20051013/ap_on_hi_te/aol_comcast_google;_ylt=AkR36b6bH0LDXRxRgbd5b2f6VbIF;_ylu=X3oDMTBjMHVqMTQ4BHNlYwN5bnN1YmNhdA--

OpenOffice.org 2.0 Release Delayed

2005-10-13T02:47:00.000-07:00

OpenOffice.org had hoped to celebrate its fifth birthday today by launching the next generation of its office software suite, but a glitch has delayed release of the product for one week.
According to a blog posting by OpenSource.org community member Stefan Taxhet, "a serious showstopper" apparently related to graphics was detected at the last moment, and developers agreed to postpone the release until the problem has been fixed.
The delay also allows developers to apply patches for other problems with OpenOffice.org 2.0 related to the printing of text and two issues related to Mac OS X.

OpenDocument Support Is Key
The OpenOffice.org suite, backed by a group of developers organized by Sun Microsystems includes word processing and spreadsheet applications. It offers default support for the new XML-based OpenDocument format, approved by the Organization for the Advancement of Structured Information Standards (OASIS).
That format got a boost recently when Massachusetts' I.T. department announced that OpenDocument would be the preferred program for state documents starting in January 2007. Also, Sun and Google have agreed to collaborate on several initiatives, including promotion of the OpenOffice.org software suite.
OpenOffice.org community development manager Louis Suarez-Potts said that the group has recorded some 47 million downloads since the inception of OpenOffice.org. With the release of version 2.0, that number is expected to reach 100 million in short order, he said.
Suarez-Potts suggested that, in light of the Google partnership with Sun, the profiles of OpenOffice.org and the Open Document Format (ODF) have been raised to a new level.

No Cause for Concern
Because the earlier iteration of OpenOffice.org is still functional, the delay should pose no problems for the organization, said IDC analyst Dan Kusnetzky. While use of OpenOffice.org software on Windows-based hardware remains limited, he said, it is making headway among
Linux and Unix users.
Yankee Group analyst Laura DiDio noted that launch delays are common in the software industry, and that as long as the delay is relatively short it is not cause for concern. "It's better to fix the glitches before the release than after," she said.
As for the popularity of OpenOffice.org, DiDio said Microsoft's (Nasdaq: MSFT - news) Office suite dominates the market by a large margin. She did point out, though, that Sun's StarOffice open-source offering has attained a 19 percent market share among small to midsize businesses.

Written by: Jay Wrolstad, newsfactor.com

QuickTime 7.0.3 updated for iPod video creation

2005-10-12T15:12:00.000-07:00

Apple on Wednesday released QuickTime 7.0.3, an update to their core multimedia software. The 34MB update can be downloaded from Apple’s Web site and is also available from the Software Update system preference panel.
The new update “delivers several important bug fixes, primarily in the areas of streaming and H.264 video,” according to Apple, which recommends it highly for all QuickTime 7 users.
What’s more, users who have installed QuickTime 7 Pro — the US$29 upgrade to QuickTime that adds authoring capabilities — will gain the ability to create video and audio files that can be played back on compatible iPods. Apple on Wednesday introduced new color iPods that can play MPEG-4 and H.264 video.
An important caveat, if you have not yet updated to QuickTime 7 — the update disables QuickTime Pro functionality in versions prior to QuickTime 7. You need to purchase a new QuickTime 7 Pro key in order to restore that capability.
Click here for all of today's news at MacCentral.

Vendors Rally for Fast New Wi-Fi

2005-10-11T06:33:00.000-07:00

More than two dozen leading manufacturers of wireless LAN equipment have formed an industry coalition aimed at breaking a deadlock in efforts to establish a new, faster Wi-Fi standard.
The Enhanced Wireless Consortium (EWC), announced Monday, hopes to speed ratification of an IEEE 802.11n standard by introducing its own specification with widespread industry support. The industry coalition consists of 27 companies, including Atheros Communications, Broadcom, Cisco Systems, and Intel.
"These members represent a good cross-section of the two groups that were unable to agree to an 802.11n standard as part of the IEEE standardization process," said Gwen Carlson, a spokesperson at Conexant Systems, which is an EWC member.
Warring Sides
For the past several months, the two camps had argued bitterly over a standard, failing to achieve the majority support required by IEEE.
In the one camp was the World-Side Spectrum Efficiency (WWiSE) group, and in the other was TGnSync.
The members will continue to work within the IEEE Task Group "N" in an effort to agree on an 802.11n standard, according to Carlson.
The EWC specification will benefit users by, among other things, ensuring interoperability of next-generation wireless producers across a range of brands and platforms, such as PCs, handheld devices and networking systems, Carlson said.
Faster Wi-Fi

Written by: John Blau, IDG News Service
The planned 802.11n standard will significantly boost throughput on Wi-Fi systems. The EWC specification aims to support speeds of up to 600 megabits per second. That compares to today's 802.11a and 802.11g throughput of 20mbps to 24mbps.
The EWC specification includes a number of other technical elements, including mixed-mode interoperability with 802.11a, b and g networks; use of 2.4GHz and/or 5GHz unlicensed bands (thus matching the frequency plan of existing 802.11 devices); 20MHz and/or 40MHz channel support; and spatial multiplexing modes for simultaneous transmission using one to four antennas.
The specification will also support 4 x 4 MIMO (multiple-input/multiple-output) technology, according to Carlson.

SUREWEST PROBLEMS in Roseville, CA

2005-09-07T02:15:00.000-07:00

Many customers had trouble accessing Internet and e-mail.
Thousands of SureWest Communications' Internet subscribers were hit with a double-whammy over the weekend as a digital "attack" caused some customers to lose Web access, while unrelated software upgrades made accessing e-mail more difficult, company officials said Tuesday. The problems started Sunday morning with a "denial of service attack" in which SureWest's servers were bombarded by a coordinated barrage of repetitive messages designed to tie up the computers.
About 15 percent of SureWest's 40,000 Internet customers had difficulty going online because of the attack, said Scott Barber, SureWest's vice president of network operations. Most of those affected had DSL accounts, he said.
The attacks lasted from Sunday morning through Monday afternoon. Barber said the company didn't know the source of attacks but had contacted law enforcement officials.
Also beginning Sunday, many SureWest e-mail customers were unable to log on to their e-mail accounts because of software upgrades designed to help with spam filtering and other issues, Barber said.
The upgrades required a new sign-in procedure, which apparently confused many customers.
"A lot of people were struggling with the new log-in screen and calling in and having to get their passwords from us," Barber said.
The company's tech-support lines were jammed with callers trying to work through their e-mail problems, he said. SureWest hosts about 65,000 separate e-mail addresses.
Barber said the company had sent several e-mail notices plus a registered letter to its e-mail customers advising them of the new sign-in procedure.
But apparently that wasn't sufficient. SureWest customer Michael Heenan said he wasn't aware of a change until he called in and, after waiting 55 minutes on hold, talked to a customer relations representative.
"They are maddeningly primitive in their customer communications, but when you get somebody on the phone they are invariably super-nice," said Heenan, who has a public relations business.
He also said even after using the new sign-in procedures, e-mails were only "trickling in" to his account. "If I didn't have so much tied up in stationery and letterhead (including a SureWest e-mail address) I would have fled them on principle alone a long time ago," he said.
Despite bringing on more customer support staff, Barber said he expected phone lines to remain busy, though wait times are shortening. The company said its phone message for customers on hold has instructions for working through e-mail problems, and also directs callers to a Web site - www.surewest.com/email/ -for more instructions.
Barber advised customers with continuing problems to send SureWest an e-mail - via other accounts such as Yahoo or their work e-mail - to: support@surewest.net.

By Clint Swett -- Bee Staff WriterPublished 2:15 am PDT Wednesday, September 7, 2005Story appeared in Business section, Page D1

Google to Launch Messaging, Voice Service

2005-08-24T01:50:00.000-07:00

MOUNTAIN VIEW, Calif. - Further expanding beyond its roots in Internet search, Google Inc. plans to launch a long-rumored program Wednesday that provides both text instant messaging and computer-to-computer voice chat.
The new program, Google Talk, will compete against similar free services offered for several years by America Online Inc., Microsoft Corp. and Yahoo Inc. All are vying to increase their presence on PCs to boost online ad revenue and name recognition.
The launch was due to come two days after Google unveiled another free program that aggregates information on a computer desktop. It also comes less than a week after the company announced plans to raise $4 billion in a secondary stock offering — which some analysts speculated could be used to fund far-flung projects such as Internet telephony.
As a newcomer to messaging, Google could face an uphill battle.
AOL's messaging program has about 41.6 million U.S. users, followed by Yahoo Messenger with 19.1 million and MSN Messenger with 14.1 million, according to ComScore Media Metrix's July report.
Users of those services are unlikely to switch unless the friends and colleagues on their "buddy lists" do the same. The top instant messaging services still do not communicate with each other, though promises of such "interoperability" have been made for years.
Google based its software on open standards, so it will work with smaller networks that are based on the same technology. Text messages can be exchanged with users of Apple Computer Inc.'s iChat, Cerulean Studios' Trillian and the open-source Gaim program.
Google also is inviting programmers to build its technology into their software.
"It means other people and developers will be able to add value to our network by being able to add this to computer games, productivity applications and anywhere else they want," said Georges Harik, director of product management at Google.
The new Google program features a basic user interface with few graphics, much like the main Google search site. It does not spawn pop-up windows or display ads like America Online's Instant Messenger.
"We'll have an uncluttered interface that allows you to search over your contacts pretty easily," Harik said. "It just stays out of your way unless you want to connect to someone."
Google Talk, which is being released in a beta test version, works only on PCs running
Windows 2000 and Windows XP. Eventually, the company plans to release a version for Apple's Mac OS X. Google Talk also requires users to have an account with the company's free Gmail e-mail system. Gmail previously was available only to those invited by a current account holder, but now Google is opening up registration to anyone in the United States.
Voice chat requires that both the caller and recipient have speakers and a microphone hooked up to their computers. It does not currently offer an adapter to which regular phones can be connected. And unlike Internet phone services such as Vonage and Skype, Google's voice service does not support calls to the regular telephone system.
Harik also made clear that Google has no intention of trying to become a popular bridge to the other major instant-messaging providers. "We're not going to do anything like force other networks to interoperate with us," he said. "We're not going to arbitrarily break into their protocols."
However, since Google Talk runs on open standards, outside developers who incorporate the service into their programs could try to enable such interoperability.
Because of Google's large and loyal user base, the company's foray into instant messaging could threaten the other players, said Sara Radicati, head of The Radicati Group Inc., a technology research firm. As evidence, Radicati cited Google's entry into e-mail, when it became chic to have a Gmail account.
"We've seen people show off their Google address," she said. "It's on the level of `Hey, look at my new Swatch. I've got the yellow one while you're still wearing the blue.' ... It's a little thing, but it helps."
___

By MATTHEW FORDAHL, AP Technology Writer Wed Aug 24,12:36 AM ET
AP Technology Writer Greg Sandoval contributed to this report.
___
On the Net:
http://www.google.com/talk

New Internet worm targeting Windows

2005-08-14T00:45:00.000-07:00

SEATTLE (Reuters) - A new Internet virus targeting recently uncovered flaws in Microsoft Corp.'s (MSFT - news) Windows operating system is circulating on the Internet, an anti-virus computer software maker said on Monday.
The ZOTOB virus appeared shortly after the world's largest software maker warned of three newly found "critical" security flaws in its software last week, including one that could allow attackers to take complete control of a computer.
Trend Micro Inc. (4704.T) said that the worm exploits security holes in Microsoft's Windows 95, 98, ME, NE, 2000 and XP platforms and can give computer attackers remote access to affected systems.
"Hundreds of infection reports were sighted in the United States and Germany," Tokyo-based Trend Micro said.
But computer security engineers at Microsoft said that the worm is only targeting
Windows 2000 and not the other versions of Windows.
"It only affected Windows 2000," said Stephen Toulouse, a manager at Microsoft's Security Response Center. "So far its has shown a very limited impact -- we're not seeing any widespread impact to the Internet, but we remain vigilant."
The latest virus drops a copy of itself into the Windows system folder as BOTZOR.EXE and modifies the system's host file in the infected user's computer to prevent the user from getting online assistance from anti-virus Web sites, Trend Micro added.
The worm can also connect to a specific Internet relay chat server and give hackers remote control over affected systems, which can be used to infect other unpatched machines in a network and slow down network performance.
"Since most users may not be aware of this newly announced security hole so as to install the necessary patch during last weekend, we can foresee more infections from WORM_ZOTOB," it said.
Last Tuesday, Microsoft issued patches to fix its security flaws as part of its monthly security bulletin. The problems affect the Windows operating system and Microsoft's Internet Explorer Web browser.
Microsoft has warned that an attacker could exploit a vulnerability in its Internet Explorer Web browser, lure users to malicious Web pages and could run a software code on the user's PC giving the attacker control of the affected computer.
Computer users should update their anti-virus pattern files and apply the latest Microsoft patches to protect their computer systems, Trend Micro said.
More than 90 percent of the world's PCs run on the Windows operating system and Microsoft has been working to improve the security and reliability of its software.

The exploits of August

2005-08-12T17:14:00.000-07:00

Within hours of Microsoft's critical patch release Tuesday, security experts were banging the alarm bell with a hammer.
Marc Maiffret, chief hacking officer of Aliso Viejo, Calif.-based eEye Digital Security, sent this message to the patch management forum hosted by Roseville, Minn.-based Shavlik Technologies: "All in all… it's a nasty time in IT between the two very critical remote SYSTEM Microsoft flaws released… and the Cisco IOS shellcode exploits floating around. You better be paying attention to your security."
Then Glendale, Calif.-based Panda Software sent out this statement: "In recent years, the month of August has seen a series of alerts caused by the propagation of malicious code, which have in some cases caused serious damage to IT systems." Panda offered up these examples: the Sircam and CodeRed attacks of August 2001, the Mimail, Blaster and Sobig-F attacks of August 2003; and the Bagle-AH, Mydoom-N and Bagle-AM worms that came along during the "black period" of August 2004.
Are these warnings simply hype to sell the latest security products? Or are they a prudent response to cyberthreats that have clearly gotten grimmer this past year? Users asked for their opinions seemed to lean toward hype. But in the end, a little FUD may be necessary to save IT professionals from complacency.

Todd Towles, a network systems analyst at a medium-sized, Southeastern-based retail chain, said in an e-mail interview that it should surprise no one that some security vendors "may use the media frenzy to their business advantage."
But, he added, "In today's security world, every possible attack angle must be taken into account and researched. Security professionals have to be right 100% of the time while the attackers only have to be right once. Companies hope for the best-case scenario, yet must prepare for the worst. Each company must examine its current security posture and then set the alarm bell threshold accordingly."
Exploits circulating One reason IT shops may want to set the threshold high this month is that exploit code is already circulating for flaws outlined in four of the six bulletins Microsoft released Tuesday.
"The vulnerabilities addressed in MS005-038, MS005-039, MS05-040 and MS05-043, all covered in this month's Fat Tuesday festivities… have fallen victim already to publicly released exploits," George Bakos, a handler for the Bethesda, Md.-based SANS Internet Storm Center (ISC), wrote in his shift diary Friday. "I haven't built or tested any of it, so I can't personally vouch for the effectiveness [of] any of it, but if it isn't working as intended you can bet it will be shortly. Patch up, folks."
Some of that exploit code was outlined Friday in several advisories from the French Security Incident Response team (FrSIRT).
As far as Maiffret is concerned, the two most critical patches to install are MS05-039,which fixes flaws in the Plug and Play program, and MS05-043, which fixes an unchecked buffer in the Printer Spooler service. Both programs are embedded in Windows and attackers could exploit the vulnerabilities to take complete control of affected systems.
"MS05-039 is a remote RPC vulnerability that can lead, in some configurations, to remote SYSTEM compromise or at least local SYSTEM privilege escalation," he said in the posting to Shavlik's patch management forum. "This is a very easy-to-exploit vulnerability. The time to reverse engineer this patch and find the vulnerability to exploit should only be a few hours (it took us an hour, as we didn't report the bug). There is a good chance you will see exploits for this within the next few days and if someone is bent out of shape this would be easy for them to base a worm on." The risks are similar with MS05-043, he said.
That assessment, made Tuesday, proved correct, and Microsoft has since issued an advisory acknowledging the exploit code for the Plug and Play flaw.
Nobody's panicking -- yet Asked what he makes of all this, Eric Case, support systems analyst for the University of Arizona's Department of Chemical and Environmental Engineering, said in an e-mail exchange that he's "a little worried about the holes that now have exploits in the wild," but isn't about to panic. Of course, that may change when students return soon.
"As a university, we're a big target and the students come back next week and classes start on the 22nd," he said. "So I'm more worried about the infected/exploited laptop[s] that are about to descend on campus. I can patch all the faculty, staff, lab machines but I won't see the students' laptops until after they're on the wire."
John Gehrke, a systems administrator for the U.S. Geological Survey's Denver, Colo.-based Branch of Quality Systems, expressed confidence in an e-mail interview that the right tools are in place to protect his department.
"I myself do certain things like run IE through Freedom Websecure's proxy, so that tends to filter out some potential crud," he said. "And, of course, we have current antispyware, antivirus, port monitoring, system file integrity checks and so on, so normally I have some idea of what could slip in to a local network -- hopefully!"
Towles said he's keeping a wary watch on the Internet Explorer flaws that were patched Tuesday, but he isn't panicking, either. After all, he said, any experienced IT administrator knows what it takes to minimize the threat.
"The vulnerabilities were serious and the quick release of exploit code only drove home that point," he said. "However, by utilizing proxy servers and advanced Web content filtering software, the threat of those vulnerabilities can be reduced. This is a perfect example of the 'defense-in-depth' security approach."
Indeed, the Plug and Play vulnerability could potentially be crafted into a Sasser-type worm in the near future, he said. But if that happens, he added, "The global impact will most likely not reach Sasser's epidemic proportions. Patch administrators learned a hard but valuable lesson from the CodeRed and Sasser worms. Patch management is no longer viewed as a luxury. It is now viewed as a necessity."

By Bill Brenner, News Writer12 Aug 2005 SearchSecurity.com

Copyright Crackdown

2005-08-01T04:18:00.000-07:00

The record industry has been targeting online music sharing for years, but now it has undertaken a new war--against "casual piracy."
Sony BMG and EMI have begun shipping compact discs using technology that limits the number of copies you can make of any disc to three. And you can't port songs from affected CDs to Apple IPod players unless you request a workaround from Sony.
The move, along with other recent developments in copyright protection such as the Supreme Court's ruling this summer in MGM v.
Grokster, a copyright infringement case pitting Hollywood against the Grokster peer-to-peer network (see "Court Sets File-Sharing Limits"), could have a lasting impact on your entertainment choices. And you may not like the remix.
Sony BMG's copy-protected CDs incorporate First 4 Internet's XCP2 (extended copy protection) technology. The company is the first major label to offer XCP2-protected CDs to consumers, although Sony BMG already ships some CDs using MediaMax copy protection from SunnComm. The new effort uses different technology, but with the same end result for consumers: a limited ability to copy. By the end of this year, Sony BMG says, most of its CDs sold in the United States will incorporate one of these technologies.
EMI is employing a similar strategy with its CDs, using technology from Macrovision that lets you make just three copies; the first titles using the technology should be on sale in stores by the time you read this.
'Speed Bumps'
"Our goal is to create a series of speed bumps that make it clear to users that there are limits [to copying]," says Thomas Hesse, president of Sony BMG's Global Digital Business Group. "If you attempt to burn 20 copies and distribute them to all of your friends, that's not appropriate."
Sony BMG labels discs that use the technology as copy-protected. The company says that its customers find a limit of three copies to be fair.
Sony BMG CDs using the XCP2 technology launch their own software to track the number of copies you make.
When you insert the CD into your Windows-based computer, the disc launches its own audio player software, which warns you that you'll be allowed to make only three copies of the disc. You can make those copies from within the Sony BMG audio player, or you can use that software to rip the files to your music library. (For this purpose you must use a music player that supports secure Windows Media Audio files, like Musicmatch, RealPlayer, or Windows Media Player, but not Apple's ITunes.)
The copy protections are not iron-clad, however: You can make three copies of the CD on each PC on which you load it. You can also make three additional copies of the CD from the tracks that you have ripped to your Windows Media Player library. Once you have burned CDs using Windows Media Player, the tracks cease to be protected, and you can upload this audio CD into another media player, such as ITunes. And once the tracks are uploaded, you can burn them as often as you like.
One potential problem for consumers is that the protected CDs prevent PC users from moving songs to Apple IPods. That's because Apple refuses to license its FairPlay digital rights management technology so that other companies can accommodate it. If you inquire, though, Sony BMG will e-mail you a workaround.
This raises a key point about XCP2: It's not meant to be unbreakable, according to First 4 Internet's chief executive Mathew Gilliat-Smith. "We have achieved a good balance of protection and playability."
In fact, XCP2 is not as strict as XCP, the company's original product. Sony BMG and the other major labels have been using XCP since 2002 on prerelease CDs sent to radio stations and internal employees, Gilliat-Smith says. XCP not only prevents copying, but in some cases prevents discs from playing in certain devices, he says. Sony chose XCP2, not XCP, for consumer CDs because discs with that encryption play well in most devices.
XCP2 may affect more than just CDs: The company is currently working on versions for DVDs and online music files, Gilliat-Smith says. Sony BMG will ship the DVD technology to U.S. movie studios for use in prerelease copies of movies by late 2005, he hopes, and will introduce a version for commercial DVDs later. He declines to say which movie studios have expressed interest in using the technology.
What's Fair Use?
Not everybody thinks that record companies' focus on "casual piracy" is smart. Some copyright law reform advocates say that sharing copies of music with family members and friends and making "mix" compilations have long been social norms--it's the sharing with strangers that costs record companies significant revenue. If record companies insist otherwise, they'll make people ignore copyright rules wholesale, says Ernest Miller, a Yale Law School fellow who works on copyright reform issues. (See his blog here.)
The term "casual piracy" is "really a bit of propaganda," according to Miller. "It's an effort to use language to frame the legal arguments," he says.
The record companies want to chip away at the existing standard for fair use and move casual copying into the realm of copyright infringement, he says. Someday, the definition of "casual piracy" could be important in a lawsuit.
What's next? Like it or not, copy protection on CDs will only increase, in the opinion of IDC senior analyst Susan Kevorkian. She expects that more companies will follow Sony BMG's lead. "There's a very narrow line between casual copying and proliferation of content online," she says.
As for the war against casual piracy, you should understand that Sony BMG is not looking to prosecute you for making more than three copies, Miller says. The company is really attempting to shape future legal battles.
"They're looking for ways to extend their control over music and charge for the various ways we use music," he says. Whether companies can do so and avoid a consumer backlash remains to be seen.
Court Sets File-Sharing Limits
The long-brewing court case of MGM v. Grokster finally came to a head in late June, when the
U.S. Supreme Court ruled in favor of the recording industry. Movie and recording companies had sued Grokster and StreamCast Networks (owners of the Morpheus peer-to-peer service) for encouraging users of their peer-to-peer services to download and trade copyrighted songs without paying for them. Grokster argued that it wasn't liable for the actions of consumers using the service, but the Supreme Court disagreed.
Why should you care about this decision? For starters, the Grokster ruling will change the way courts interpret the precedent set by the famous Sony v. Universal (or Betamax) case of the mid-1980s. Movie companies had sued Sony, claiming that the VCR could help consumers break copyright laws; but the Supreme Court ruled in Sony's favor, declaring that if a product had significant legal uses, the creator was not responsible if some people used it illegally.
The Grokster ruling could affect the way companies design their products in the future, discouraging innovation.
It will probably be some time before the ruling's exact impact becomes clear. U.S. appellate courts must apply this Supreme Court opinion to cases before them. (For more on the ruling, see "Technology on Trial: What's at Stake").
What the Grokster decision won't do is shut down online piracy, says Forrester Research vice president Josh Bernoff. And record companies are still free to sue individuals for piracy.
Copy Controls May Be Stalling Mobile Music
Users of Rhapsody 3, RealNetworks' newest version of its music service, weren't singing a sweet tune when the upgrade was released in May. When the software debuted, many users--including some PC World editors--had trouble transferring songs to music players. Yahoo's new Music Unlimited service (still in beta) has been serving up some similar glitches. Is the culprit Microsoft Windows Digital Rights Management 10 technology, which both Real and Yahoo are using?
Though some of the problems have now been fixed, Rhapsody's troubled debut illustrates how copy-control technology can alienate music customers. Real, in an effort to make its music portable, offered users the ability to copy songs to a music player for an additional $5 a month. To do so, Real relied on Microsoft's DRM, which is designed to allow users to play back music from a subscription service such as Rhapsody or Yahoo Music Unlimited on a portable player. The software makes the song unavailable as soon as your subscription ends.
Finding a Fix
With so many companies involved--Microsoft, Real, Yahoo, and the various device makers--it's hard to determine exactly what's causing the problem. "There are too many moving parts," says Mike McGuire, research director for GartnerG2.
Real and Yahoo both say that they are working on the problems and that reliability has improved since we first reviewed the services (see this article and this article). Yahoo released an upgrade in late June that corrects some bugs, notes Ian Rogers, a developer for Yahoo Music Unlimited, but he admits that it doesn't solve every problem. "The top customer service issues are related to DRM," Rogers says. "The biggest issue is, customers get into a state where the Microsoft DRM doesn't work anymore and they can't play protected tracks," he says.
Microsoft has developed a workaround, which Yahoo passes on to customers, Rogers says. The hitch has affected only about 1 percent of the service's users, he points out, but "for them, it's a show-stopper."
Real has released several updates for Rhapsody 3, including one in mid-June that addresses the top complaints, according to spokesperson Matt Graves. As for Microsoft DRM 10 failing occasionally, "it's something we've heard," Graves acknowledges. But he says that he doesn't know it to be a "significant" problem for Rhapsody users.
Working Together
Microsoft says that it is collaborating with music player makers to improve the devices' firmware and eliminate troubles. "Microsoft continues to work with our device partners to offer 'out of the box' support for the growing number of subscription music services, and we're making great progress," says Kevin Unangst, director of marketing for the Windows Digital Media Division. "We're working closely with our partners to ensure the best possible consumer experience," he says.
Even if you buy a player now, you may need a firmware upgrade from the vendor, says GartnerG2's McGuire. These companies have not done as well for consumers as Apple has with ITunes and the IPod, he says. "You have to make this appear seamless and easy the way Apple does," he says.

Japan Plans World's Fastest Computer

2005-07-25T19:47:00.000-07:00

TOKYO - Japan has plans to start building a supercomputer next year that can operate 73 times faster than the world's fastest supercomputer, the government said Monday.
The American Blue Gene/L system supercomputer developed by International Business Machine Corp. at Lawrence Livermore National Laboratory in Livermore, California, currently holds the title of the world's fastest. That machine is capable of 136.8 teraflops, or 136.8 trillion calculations per second, according to Japan's Ministry of Education, Culture, Sports, Science and Technology.
Japan wants to develop a supercomputer that can operate at 10 petaflops, or 10 quadrillion calculations per second, which is 73 times faster than the Blue Gene, an official of the ministry said on condition of anonymity.
Kyodo News reported that the total amount for the project is estimated between 80 billion and 100 billion yen ($714 million to $893 million) and the ministry will request 10 billion yen ($89 million) for the next fiscal year's budget.
The ministry official could not confirm the figures, saying it has yet to reach a formal decision on the project, which is expected by the end of August.
But he said that if the budget for next year is approved, the ministry hopes to complete the next-generation supercomputer sometime in fiscal 2010, which ends in March 2011.
Japan's Earth Simulator supercomputer, introduced in 2002, had been the world's fastest until 2004, when the IBM's Blue Gene took the title, he said.
Currently, the Earth Simulator, at a speed of 35.9 teraflops, is ranked fourth after the IBM's two Blue Gene systems and
NASA's Columbia system, all in the United States, according to the top 500 list of the world's fastest supercomputers, released at the International Supercomputing Conference held in June in Heidelberg, Germany.
The Earth Simulator is used to track global sea temperatures, rainfall and crustal movement to predict natural disasters over the next few centuries.
The ministry wants to use the planned supercomputer for a wider use such as simulating the formation of galaxy and the interactions between a medicine and the human body.

By CHISAKI WATANABE, Associated Press Writer Mon Jul 25,10:47 AM ET

Airborne Viruses: Real Threat or Just Hype?

2005-07-25T13:41:00.000-07:00

When it comes to viruses, worms and other forms of malware infecting smartphones and PDAs, security vendors have been warning of the possible dangers for months. Until recently, however, their cries of alarm drew yawns from most industry analysts and security experts.
A case in point is a Gartner (NYSE: IT - news) report, released this summer, that concluded mobile-phone users will not see much virus activity in their mobile devices for at least two years. The report said that, for one, not many U.S. consumers have smartphones with which they exchange executable files. Second, the U.S. mobile-phone market lacks a dominant operating system for virus writers to target.
IDC research analyst David Linsalata presented a similar viewpoint about the impact of a new malware threat that targets smartphones running the Symbian Series 60 operating system. "Viruses and malware are certainly a threat that should be watched, but they are not necessarily an immediate threat," he said.
"These types of viruses only tend to affect smartphones that have the advanced capabilities that can run them," he explained. "With Doomboot.A, once the smartphone is infected, it sends out SMS messages, which drains the battery, and you end up losing your data."
However, the occurrence of Doomboot.A might signal that it is time to review the dangers and determine just what enterprises need to know to protect wireless devices in the hands of mobile workers.
Measuring the Threat
"The threat, meaning the essential impact of losing data to a virus, is pretty serious, and I base that on the extent of mobile connectivity and the damage that could be done," said McAfee Mobile Solutions senior product manager Drew Carter.
The Doomboot.A virus, for example, features an embedded worm called CommWarrior.B that perpetuates itself by sending out a flurry of unauthorized messages using the Symbian smartphone's Bluetooth radio.
The malware program relies on smartphone users downloading infected files onto their handsets, either from the Internet or by way of wireless Bluetooth or infrared connections.
Smartphones represent only a fraction of the total mobile-phone universe, and the Symbian OS is just one system among many offerings for smartphones. However, one disturbing implication of this particular threat is its proof-of-concept demonstration of how to hit user finances by surreptitiously sending out thousands of costly text messages.
Potential Impact
Perhaps the most immediate threat from a smartphone virus is the potential access to contact lists in infected phones. Even worse than inconvenience, such an attack could be costly.
"The biggest threat that I see right now is that Research In Motion's Blackberries and palmOne's PDAs are connected to names and addresses," said IBM Global Solutions Manager for Managed Security Services Doug Conorich.
"If somebody devised a virus sent out with a 'payload pull' and an 'address book out' it could send out messages to all those listed in the [handset's] address book," noted Conorich. "At 10 cents a message or more on some of the [wireless] plans, you can see that that cost to smartphone end-users could add up rather quickly."
And, as mobile malware evolves, the threat to enterprises could become even greater. "If you work for a multimillion dollar enterprise and a virus zips off all your files and sends them to someone else, then that could be a big problem," Linsalata said.
"One of the things that the OS people will have to change is the way that their phones accept applications...so that an SMS message will not be able to download an application and install it on the smartphone, which is the way that the Symbian one works," Conorich said.
Determining Responsibility
The question of who bears the burden of blame and liability is one of the first issues that mobile service providers will have to tackle when mobile viruses become widespread.
"The software vendors that produce mobile phone operating systems definitely have the responsibility of issuing patches to their products," said McAfee Mobile Solutions senior vice president Victor Kouznetsov. "But this is a totally separate issue from determining who is responsible for protecting smartphone users from a financial standpoint."
In today's wireless world, most operators focus their sales efforts on individual consumers despite the increasing popularity of taking enterprise data mobile, noted Kouznetsov. So the temptation is to blame the individual end-user.
Kouznetsov admitted, however, that antivirus tools are not yet widely available for mobile users. Thus, dealing with malware is currently outside the scope of individual subscribers.
"At this point it is the wireless operator's financial responsibility to address the issue," advised Kouznetsov. "Otherwise, consumers might feel threatened into not buying a
Nokia's phone running the Symbian OS."
Pressuring Wireless Carriers
In the U.S., cell-phone manufacturers are not directly accessible to the consumer, whether the user is an individual or a company buying many phones. The wireless provider selects the phones available and handles the configuration options. So the phone users have to rely on the service provider on matters involving virus protection.
"Enterprises, therefore, would be well advised to contact the operator they are using and standardizing on, and then demand that the operator include the technology and provide it on their handsets, or ask whether the operator will be including it in the future," Kouznetsov said.
Wireless carriers already are starting to feel the responsibility for embedding protection into their networks. In fact, McAfee already provides Japanese carrier NTT DoCoMo with malware-protection software that has been embedded in seventeen different phone models, Kouznetsov said.
"For the carrier it could be a powerful differentiating factor to say, 'We will protect you and make sure you are secure,'" Linsalata suggested. "But I can't see a carrier simply saying, 'You will always have antivirus protection and we will provide it for you.'" Linsalata sees malware protection emerging as a series of partnerships between wireless providers and security vendors.
Requirements for I.T. Managers
Another challenge that enterprises face is establishing the right standards and policies for the mobile workforce. "Mobile devices are often purchased by individuals who also want to access enterprise resources," Carter said.
"But does this really make sense? Today the technology is somewhat immature, but as it reaches a higher level of penetration, companies will need to adopt a more sophisticated approach," he suggested. "The other option is for enterprises to provide the mobile devices and set the standards, so if mobile workers want to connect to the network, then they need to buy these devices."
Despite all the malware hoopla, many viruses can be defeated using common sense. Mobile-device users will have to start following the same safe-use practices that they should be using on their computers, security experts emphasized.
"If you get a file from a friend, make sure he really wants you to install that new game or whatever," Linsalata said, adding that smartphone users should look for the industry certification standard for smartphones running the Symbian OS before installing anything. "If you get a message that the program is not Symbian Signed, first ask yourself whether you are really sure you want to install it," Linsalata said.
Bigger Enterprise Concerns
Going forward, one key for enterprises is to stay aware of this problem. According to Linsalata, mobile malware will only grow into a more significant threat as time goes on. But at the moment, the bigger concerns enterprises face are much simpler, he said.
Enterprises should remain centered on physical device security. They should concentrate on being able to wipe devices remotely and make sure that policies for passwords and data encryption are in place.
"Make sure the devices are physically secure with the data they contain backed up and encrypted," Linsalata said.
These more pressing needs should take priority because anyone can lose a device, but not everyone's device can get infected by a virus, at least right now, Linsalata said. "Focus on the more pressing security concerns about theft or physical loss in some other capacity," he added.

Written by: Mark Long, wireless.newsfactor.com

Hackers target flawed backup software-survey

2005-07-25T13:04:00.000-07:00

WASHINGTON (Reuters) - Flawed backup software has emerged as the latest target for hackers looking for corporate secrets, according to a survey released on Monday.
The survey by the nonprofit SANS Institute found new holes in widely used software products, even as computer users are getting better at patching some favorite hacker targets.
Attackers are now focusing on desktop software, like Web browsers and media players, that might not get fixed as frequently as Microsoft Corp.'s Windows operating system and other software widely used by business, the cybersecurity research organization found.
More than 422 significant new Internet security vulnerabilities emerged in the second quarter of 2005, the cybersecurity research organization found, an increase of 11 percent from the first three months of the year.
Particularly troubling are holes in backup software made by Computer Associates International Inc. and Veritas Software Corp., which together account for nearly one-third of the backup-software market, said Ed Skoudis, founder of the security company Intelguardians.
"If you think about it, people back up information that is their most important information, otherwise they wouldn't back it up at all, right?" Skoudis said on a conference call.
"By exploiting one of these vulnerabilities, an attacker can get in there and exploit some of the most sensitive information for some of the most sensitive organizations."
Fixes are available for all the problems outlined in the SANS report, but many of the new flaws aren't fixed as quickly as older ones.
Administrators take an average of 62 days to fix backup software and other software inside their firewall, compared to an average of 21 days for e-mail servers and other products that deal directly with the Internet, said Gerhard Eschelbeck, chief technical officer of business-software maker Qualsys.
Home users typically take even longer to fix problems, said SANS chief executive Allan Paller.
Many of the new flaws were found on products popular with home users.
Flaws in media players like Apple Computer Inc.'s iTunes and RealNetworks Inc.'s RealPlayer could enable a hacker to get into a user's computer through a poisoned MP3 file.
Users of Microsoft's Internet Explorer Web browser could be compromised simply by visiting a malicious Web site, SANS said.
Even the open-source Mozilla and Firefox Web browsers, which has gained in popularity thanks to security concerns, had flaws as well, Paller said.

By Andy Sullivan Mon Jul 25, 3:04 PM ET

AOL's Case finds Lime twist in Wisdom

2005-07-25T05:58:00.000-07:00

LOS ANGELES (Hollywood Reporter) - The man who packaged the Internet to the masses is trying his hand at television, but for a more discriminating audience.
In April, America Online co-founder Steve Case rose from the ashes of his company's ill-fated merger with Time Warner by declaring his intent to build a new empire based in the health care industry.
His private holding company, Revolution, has been on a buying binge funded in part by $500 million of his own fortune. Among the companies acquired was Wisdom Media Group, a small, family-run cable venture based in Bluefield, W.Va., not too far from AOL's Dulles, Va., headquarters.
At this past weekend's Cable & Telecommunications Association for Marketing convention in Philadelphia, Revolution announced plans to rebrand and relaunch the Wisdom cable channel as the keystone of a multiplatform media play including radio, Internet, wireless and DVD.
In line with Case's ambitions in the health care business, his media strategy is aimed at a loosely defined market segment interested in healthy, eco-friendly goods and services ranging from Whole Foods groceries to Toyota Prius hybrid vehicles. Known to market researchers by the acronym LOHAS, or lifestyles of health and sustainability, the group has a spending power pegged at more than $230 billion.
But Case will have his work cut out for him, notwithstanding the difficulties independent cable ventures have had amassing significant distribution. The tens of millions of Americans that comprise the LOHAS market have proved to be notoriously resistant to television itself, which falls somewhere between the Twinkie and the Humvee on their list of favorite inventions.
"If you are used to doing mass-market TV, you are going to run into trouble," said Paul H. Ray, a leading market researcher studying LOHAS who wrote the defining text on them in 2001, "The Cultural Creatives." "Their allergy to hype is huge, and that is the big problem with conventional TV. It is built around hype."
But Revolution believes they are preparing a more sophisticated approach appropriate for an audience that has grown too large to dismiss. "This category has moved out of the subculture and into the mainstream," said the channel's CEO, C.J. Kettler, who was president of sales and marketing at the Oxygen network.
Case could not be reached for comment.
By the fourth quarter of the year, Wisdom will be rechristened Lime -- "healthy living with a twist" is the tagline. Complete with wedge-shaped logo, the brand alludes to the color of the titular citrus, green being synonymous with ecological concerns. But Lime connotes a "lite" green, as Kettler puts it, befitting a hipper sensibility the brand aspires to in hopes of deflating stereotypes associated with such new-age totems as granola or healing crystals.
"What would be best for us is to take a more unexpected approach to the category, something with a sense of humor," Kettler said. "The category has been so serious. We're a media brand, we want to appeal on emotional level."
True to form as an ecologically conscious venture, Revolution is recycling a used channel to create its own, crafting Lime out of pieces of Wisdom (mainly its distribution deals), a pact with Sirius Satellite Radio and 1,000 hours of such library programming as "Yoga Zone" and "Lectures With Deepak Chopra." Kettler plans to add original programming as well as acquired comedy and drama series or films that have eco-friendly themes.
Another environmentally aware cable magnate,
Al Gore', adopted a similar strategy, acquiring NewsWorld International from Vivendi Universal to be remade into Current, a youth-targeted network that launches Aug. 1.
With cable operators no longer interested in adding linear channels to crowded digital lineups, "rebranding an existing channel is a smarter way of getting distribution than starting from scratch," said Debra Sharon Davis, a media strategist who also attempted to acquire Wisdom for a consortium of clients.
Launched in 1998, Wisdom has largely been in a vegetative state since the death of its founder, cable pioneer Bill Turner, in 2002. Revolution will harvest carriage agreements with distributors including Comcast and EchoStar, which will put Lime in 6.5 million homes.
Sources indicate it is Wisdom's deal with Comcast, inherited from the operator's acquisition of AT&T Broadband, that will enable Case to turn this cable-industry lemon into Lime. The channel has a place on select Comcast systems until at least 2009. Comcast and EchoStar declined comment.
Lime is aiming for a breakthrough this category has yet to sustain; bit players come and go, and such existing channels as Oxygen and Lifetime have dabbled here. Los Angeles-based Oasis TV is primarily broadband, but the outfit recently secured video-on-demand deals with Time Warner and Akimbo.
The problem might lie with the nature of the medium. Both programers and advertisers tend to rely on the glitz and glibness that the Birkenstock crowd detest, Ray argues. He believes they favor more plain-spoken information available via print or Web that rarely translates to TV. "They've turned to the Internet because they are tired of shlocky programing," Ray said.
But the timing of Lime could be to its benefit. Corporate America is waking up to a slice of the population willing to pay a premium for such products as hybrid vehicles (Toyota, Ford) and energy-efficient appliances (General Electric) with targeted marketing efforts. Giant food companies like General Mills quietly are backing boutique gourmet labels.
"Lots of sectors are transforming, and the media has an huge opportunity to transform as well," Kettler said.
What remains to be seen is as how Lime fits together with the rest of Case's holdings, which include controlling shares in real estate properties like Miraval, an Arizona-based wellness resort. A chain of private health clinics is rumored to be his next project.
"It's still early in the game, but if there's synergies to be had, they will happen," Kettler said. "Steve is very involved from a strategic perspective."

By Andrew Wallenstein Mon Jul 25, 8:58 AM ET
Reuters/Hollywood Reporter

Major Advertisers Caught in Spyware Net

2005-06-24T16:17:00.000-07:00

ALBANY, N.Y. - Unwanted software slithered into Patti McMann's home computer over the Internet and unleashed an annoying barrage of pop-up ads that sometimes flashed on her screen faster than she could close them. Annoying, for sure. But the last straw came a year ago when the pop-ups began plugging such household names as J.C. Penney Co. and Capital One Financial Corp., companies McMann expected to know better. Didn't they realize that trying to reach people through spyware and its ad-delivering subset, called adware, would only alienate them? "It irritated the heck out of me," said McMann, a 45-year-old former corporate executive from Klamath Falls, Ore. "It took a week to take off every little piece of crap that was put on my computer. Every time I rebooted, it started to come up again." Pop-up ads carried by spyware and adware aren't just employed by fringe companies hawking dubious wares — such as those tricky messages that tell you your computer has been corrupted. You can count some big tech companies among its users, including broadband phone provider Vonage Holdings Corp., online employment agency Monster Worldwide Inc. and online travel agencies Expedia Inc., Priceline.com Inc. and Orbitz LLC. These companies acknowledge they've used adware to reach potential customers, though they say they shun any programs that monitor online surfing or extract personal information. Even Fortune 500 companies have turned to adware: Sprint Corp. for its PCS mobile phones, major banks peddling Visa credit cards, Sony Corp (NYSE:SNE - news). and retailers including Circuit City Stores Inc. And Mercedes-Benz USA had its cars flashing on consumer's computer screens before the company, fielding complaints, put on the brakes. Repeated requests to Capital One about its use of adware pop-ups weren't returned. J.C. Penney spokesman Quinton Crenshaw said Friday the retailer stopped using adware less than a year ago and never used spyware, but does use "cookie-base advertising." Spyware and adware often land on computers without their owners' full knowledge, hitching a ride during visits to porn and gambling sites or in downloads of free games and screensavers. Often, the payload arrives with downloads of cartoon-character wares aimed at children. Infected computer users can get barraged with pop-up ads and find the unwanted programs difficult to remove. So far, law enforcement has mostly targeted the transmitters. Intermix Media Inc. has agreed to pay $7.5 million in a tentative settlement of a lawsuit by New York Attorney General Eliot Spitzer. But Spitzer isn't stopping there. He is threatening to hold accountable household-name advertisers that use adware networks. No longer, says Spitzer, can companies play dumb. That's making many advertisers nervous, though they insist they work with subcontractors and often don't know about any adware use until they get a complaint. "There's plausible deniability at each tier," said Chris King, product marketing manager at anti-spyware vendor Blue Coat Systems Inc. Big-time online advertising is built on layers: A big advertiser, such as a Fortune 500 company, directs an agency to handle a campaign. The agency then farms that message out to specialists in various media, which can include spyware and adware purveyors. "We do everything we can to make sure our partners adhere to our standards," said Jeffrey Citron, Vonage's chief executive. Yet a pop-up ad for Vonage appeared in a screen shot that Spitzer used in his case against Intermix. Citron said he was unaware of the ad and promised to look into it, as he said the company does with similar complaints. Mercedes-Benz says its ad was carried to hard drives last year by an agency it has since fired, while computer maker Dell USA has fired "a handful" of affiliates for carrying Dell's coupons and ads over adware. "This is not a practice we condone," said Dell spokeswoman Jennifer Davis. Dave Methvin, chief technology officer with tech diagnostic site PC Pitstop, said problems are no surprise given the many layers involved, but big advertisers have the clout to stop them. "If you're going to be a good corporate citizen, part of your responsibility is to make sure that kind of thing doesn't happen rather than to say it's three levels down," Methvin said. "If a big company advertising on the Internet makes all of its suppliers down the chain sign a statement (and agree to penalties for breaking the rules), quickly the problem would go away." It's not just big advertisers who have ties to spyware and adware. Yahoo Inc. (Nasdaq:YHOO - news) made a deal with adware company Claria Corp., formerly known as Gator Corp., to provide search listings for its SearchScout toolbar. The popular search engines Ask Jeeves and Google also benefit from adware, says Internet researcher Benjamin Edelman. He says an Ask Jeeves toolbar generates ads without users' full consent, while Google's search listings appear in queries made through a questionable third-party toolbar. Ask Jeeves and Google officials dispute Edelman's account and say they don't use any spyware or adware. Company policy bans the use of adware by Google, said spokesman Barry Schnitt. Several states have adopted anti-spyware bills, and the U.S. House approved two in May that carry jail sentences of up to five years in prison. The bills, which don't target advertisers, are now before the Senate, where similar legislation died last year. While Spitzer and some lawmakers in Alaska, Pennsylvania and Utah say advertisers should also be held accountable, not everyone agrees. "So many people have such antipathy toward adware and spyware vendors that it blinds them to the underlying legal principles," said Eric Goldman, a cyber law professor at Marquette University. He said any liability would be unprecedented and would be akin to holding an advertiser responsible for libel by the newspaper in which the ad appears. Some advertisers defend the practice. "It is just a marketing tool that we use," said Expedia spokesman David Dennis. Expedia, like many other adware users, insists it has rigorous standards and checks to make sure customers want their ads and can easily remove the software if they don't. Dennis said the company works closely with its ad agencies to make sure. Melinda Tiemeyer, spokeswoman for Sprint PCS, said Internet users have clicked on ads delivered by adware, meaning they find them useful. Sprint is OK with using adware because users, she said, accept it in exchange for phone service offers and discounts. But other advertisers including Netflix Inc. and Verizon Communications Inc. have changed their attitudes. "I think it was more of a realization that this was becoming more of a concern in consumers' eyes and there was a growing level of frustration," said John Bonomo of Verizon, which discontinued adware last July. Still, "it was effective," he said. "Clearly folks are uncomfortable about it," Edelman said. "Everyone knows that everyone hates pop-ups ... eventually companies just got embarrassed, especially when they get on your computer through this kind of trickery."

Written by: MICHAEL GORMLEY, Associated Press Writer