Friday, December 28, 2007

Apple's WGA

Apple has filed an updated application to the US Patent & Trademark office for a product activation similar to Microsoft Windows Genuine Advantage.

Apple Readies Anti-Piracy Patent
Apple Inc has filed an application with the U.S. Patent & Trademark Office for a product activation and anti-piracy technology that would give it the same kind of control over its software, similar to what the often criticized Windows Genuine Advantage from Microsoft provides.

The patent application 20070288886, titled "Run-Time Code Injection To Perform Checks" and dated Dec. 13, spells out a "digital rights management system" that would "restrict execution of that application to specific hardware platforms."

In the application, Apple noted the ease with which digital information can be copied and the just-as-easy way users could break promises not to illegally distribute copies of that data. It also admitted that, in the end, copy-protection schemes such as dongles or encrypting software wouldn't stop pirates on a mission. "There is very little, however, that these approaches can do to thwart a determined user," the patent filing stated.

"Thus, it would be beneficial to provide a mechanism to restrict the execution of one or more applications to a specific hardware platform that is transparent to the user."

Apple currently does not have any copy protection over its Mac OS X operating system, or provides a check to tie a specific copy of the OS to a given notebook or desktop Mac.

The patent relies on a scheme where a cryptographic key generated before the actual hardware reaches the user. When an application opens, the system would insert a code into the execution code stream, generate data that's sent to a digital rights management module, then compare that signed data with the key. If they match, the application continues to open. If not, it's stopped in its tracks.

Such checks could be done on a very frequent basis, said Apple's patent application.

"In general, the selected time period should be small enough to prevent significant use of an unauthorized application or system, yet long enough so as not to degrade system performance," the filing read. Apple used an example of a check every five to ten minutes, which is much more often than Microsoft's Windows Genuine Advantage (WGA) technology. In June 2006, Microsoft took heat, then modified WGA, after users found out it was "phoning home" to the company's servers daily.

Patent application 20070288886 isn't new, the December filing noted, but rather builds on other applications, including one first filed in mid-2005 but not publicly posted until early January 2007.

Thursday, December 27, 2007

Storm Worm Changes Tactic

Storm Botnet changes the message it sends to unsuspecting victims, prefering to exploit the new year celebration instead.

Storm Botnet Drops Strippers Lure, Switches to New Year's

Just a day after unleashing spam featuring Christmas strippers, the Storm botnet switched gears yesterday and began duping users into infecting their own PCs by bombarding them with messages touting the new year, said security researchers.

According to U.K.-based Prevx Ltd. and Symantec Corp. in Cupertino, Calif., the botnet of Storm Trojan-compromised computers started sending spam with subject headings such as "Happy 2008!" and "Happy New Year!" late on Christmas Day. The messages try to persuade recipients to steer for the Uhavepostcard.com Web site to download and install a file tagged "happy2008.exe," said researchers at both firms.

However, the file is actually a new variant of the Storm Trojan.

Marco Giuliani of Prevx reported that the company had seen two general variants by early Wednesday. "The first has been online for about 10 hours, and we've seen 166 different repacked versions of it," said Giuliani in a posting to the Prevx company blog. The Storm code has been repacked every few minutes using a polymorphic-like technique since Monday, when the botnet started spreading stripper spam. Frequent repacking is a trick malware authors use to deceive signature-based antivirus software.

The Storm botnet's herders are also using fast-flux DNS (Domain Name System) tactics to keep the Uhavepostcard.com site operational, said Symantec. Fast flux, which the Storm botnet did not originate but has often used, is another antisecurity strategy; it involves rapidly registering and de-registering addresses as part of the address list for either a single DNS server or an entire DNS zone. In both cases, the strategy masks the IP address of the malware site by hiding it behind an ever-changing array of compromised machines acting as proxies.

The notorious Russian Business Network malware hosting network has become infamous for using fast flux to hide the Internet location of its servers, making it difficult for security researchers, Internet service providers or law enforcement officials to track the group's cybercrimes

source: www.computerworld.com

Wednesday, December 26, 2007

Storm Worm Strikes Again

The Storm botnet delivers unwanted Christmas presents.

Storm Worm Tempts With Christmas Strip Show

The criminals behind the Storm botnet waited until the last minute, but they've finally started delivering unwanted Christmas presents.

Starting Monday, Storm-infected machines began sending out Christmas-themed spam in yet another attempt to trick victims into downloading malicious software. In this case, the site is named Merrychristmasdude.com, and the malware is a variation of the Storm Trojan horse program that has been plaguing systems around the world since January.

The e-mails contain titles such as "Find Some Christmas Tail," "Warm Up this Christmas" and "Mrs. Clause Is Out Tonight!"

One message reads "Yo, I am pretty sure this is up your alley, from the things you have told me before. This will be the best 2 min you spend this holiday. hehe."

Once the user clicks on the link to Merrychristmasdude.com, he is taken to a Christmas-themed Web site with photos of scantily clad women and offered a free download. That download is a malicious program, called Email-Worm.Win32.Zhelatin.pd by F-Secure, that connects to a P-to-P (peer-to-peer) network and begins downloading even more malware.

Storm's creators have built up networks of infected PCs -- called botnets -- over the past year by using a combination of sophisticated hacking tricks to avoid detection and by spamming potential victims with clever and timely e-mail messages. The network is called Storm because its original messages offered victims video of the deadly storms that battered Europe a year ago, but has also perfected the tactic of sending out holiday-themed messages.

Security experts estimate that the Storm has infected more than 15 million computers over the past year, although the current size of the network is much smaller than that.
This latest variant is being blocked by some antivirus vendors, including Kaspersky, Microsoft and Symantec, according to a technical write-up of the Christmas outbreak.

The SANS Internet Storm Center recommends that administrators block Web and e-mail access to the Merrychristmasdude.com domain.

source: www.pcworld.com

Tuesday, December 25, 2007

IE Still has Problems

After users reported problems with the recent patch of Internet Explorer, Microsoft offered a way to work around the unexpected bug.

Microsoft Offers Work-Around IE's Problem

Microsoft released a critical security patch for Internet Explorer last Tuesday, fixing some bugs in the browser. However, soon after users installed it, they began reporting that Internet Explorer would crash when visiting certain websites. Windows would then report that 'Internet Explorer has encountered a problem and needs to close'

Microsoft has offered a technical work-around for Internet Explorer users who have found their browsers crashing after installing a recent set of security patches. Microsoft now says that the problem is not widespread and affects certain custom installations of Internet Explorer 6 on Windows XP, Service Pack 2.

Users who have experienced this problem can fix it by making some tweaks in the Windows Registry, described in this Knowledge Base article.

Microsoft did not say what kind of customization would cause the bug, and company representatives were not immediately available for comment.

Some newsgroup users are speculating, however, that the issue may be related to antivirus software. Symantec and McAfee users who have been experiencing the problem have been able to resolve the issue by uninstalling the security update and then uninstalling their antivirus software, installing the update and then reinstalling their AV products, said Frank Saunders, a Windows user who has been following discussion of the issue.

The Internet Explorer patch associated with this problem -- MS07-069 -- is considered to be the most important of last week's updates because it fixes four critical vulnerabilities in the browser.

Monday, December 24, 2007

Store Caught Scalping Wiis

Reports say store is selling Wiis on Ebay for a premium over the retail selling price.

Game Store Caught Scalping Wiis on Ebay

According to Ars Technica, Slackers of Illinois/Missouri are taking retail Wiis and dumping them on Ebay for US$399, $150 above the MSRP.

When confronted with the breech of contract with Nintendo, a Slackers representative begrudgingly said, "That is something you'll have to speak with the owner about." Management has not responded.

Retailers have unfairly, though legally, used bundle gouging to nickel and dime gamers seeking Wiis in short supply. This is the first report of retailers bypassing retail to become resellers online which yield better returns.

"We don't have to remind retailers of the strength we have right now," said Nintendo president Reggie Fils-Aime in a recent interview. "We are simply making an observation and that reinforces our point quite nicely with retailers."

source: http://www.pcworld.com/

Sunday, December 23, 2007

Nintendo Shortage of Wiis

You can blame this year's Nintendo Wii shortage on, well, Nintendo. But consumer frustration over the shortage of Wii consoles is compounded by resellers and retailers who are using the Wii drought as a marketing tool and way to make money.

Don't Just Blame Nintendo
There had been a shortage of Nintendo Wiis this year, and don't just blame Nintendo. A large number of resellers and retailers who are using the Wii drought as a marketing tool are guilty, too.

Some resellers, and even consumers, buy Nintendo Wii and resell the unit for a profitable amount. There are also some gamers who bought the Wii but decided to resell it for a quick buck instead of keeping it. Others bought the Wii just to resell it for a substantial profit.

But in 2007 the reseller market has matured in ways that Tony Soprano might be envious of.

I've heard of people who have made a fulltime job out of reselling Nintendo Wiis. Just search for "Wii resellers" on Google or check eBay to see what I mean. There are loads of Web sites and Wii dealers on eBay selling the Nintendo console for at least twice the MSRP of $250 the unit sells for at retail stores such as Best Buy.

I've heard of some resellers stalking UPS drivers that deliver Wii shipments to retailers. Why? so they can get a jump on the stores that have fresh Wii inventory. Other Wii resellers make friends with the inventory managers at stores just to get first dibs on a Wii.

Reselling may sound like an easy job on paper, but it isn't. One reseller told the Web site Consumerist he received death threats from frustrated buyers wanting to buy a Wii at a reasonable price.

Friday, December 21, 2007

Microsoft Internet Explorer 8

Microsoft is developing Internet Explorer 8, and expects the first beta version to be released in the first half of 2008


Internet Explorer 8 in 2008
Microsoft is planning the release of the first beta of the next version of Internet Explorer in the first half of 2008. The corporation also said the Internet Explorer 8 has passed a key web standards test that ensures the browser won't "break" the web.

IE 8 has passed the "Acid2 Browser Test" from the Web Standards project. The test shows whether the browser renders a website in a certain way. If the browser displays the site correctly, it means the browser support certain accepted web standards.

Microsoft developed Internet Explorer before some web standards, such as CSS and RSS were developed, so older versions doesn't support some of the current standards. Since Internet Explorer was the de facto of web browsers, developers would often write web sites and codes to work with Internet Explorer, rather than to support the web standards. Microsoft also was lax in updating IE to meet the demands of web standards, since there was little competition in the browser market for years.

When Mozilla Firefox was released three years ago, the browser's need to stay current with web standards was once again moved to the forefront. Microsoft released Internet Explorer 7 in October 2006, and the company had good intentions - they decided to improve support for web standards with the new release.

However, some websites that were created for the older versions of IE didn't work properly on IE7. Microsoft hopes to remedy this problem so the situation is not repeated with IE8, according to an IE Blog posting attributed to Dean Hachamovitch, a Microsoft general manager on the IE team.

"With respect to standards and interoperability, our goal in developing Internet Explorer 8 is to support the right set of standards with excellent implementations and do so without breaking the existing Web," according to the blog posting.
Hachamovitch said Microsoft is taking a cue in lessons learned from making improvements to CSS in IE7 that "made IE more compliant with some standards and less compatible with some sites on the Web as they were coded." The key design goal for IE8, he said, is compatibility with existing Web sites and Web standards supported in other browsers to provide a premium user experience.

"As a developer, I'd prefer to not have to write the same site multiple times for different browsers," according to Hachamovitch's post. "Standards are a (critical!) means to this end, and we focus on the standards that will help actual, real-world interoperability the most. As a consumer and a developer, I expect stuff to just work, and I also expect backwards compatibility. When I get a new version of my current browser, I expect all the sites that worked before will still work."

Microsoft said the final release of IE8 depends upon feedback received from the beta process.

Thursday, December 20, 2007

Windows XP's Final Service Pack

Microsoft lets everyone try Windows XP SP3 Release Candidate, available last night. However, it warns off people who are not comfortable using pre-release code.

Windows XP's Final Service Pack
Microsoft has made available the Release Candidate (RC) for Windows XP Service Pack 3. The update, available at the Microsoft Download Center, would be the last Service Pack for the six-year-old operating system.

The service pack is finally available to the public, after giving thousands of users access to the update in an invitation-only basis.

According to a company spokeswoman, the version that was released, was dubbed a 'release candidate' to note the progress from earlier betas. She was unable, however, to say when the service pack would be available to Windows Update so users can download and install it with Windows Automatic Updates.

The final version of Windows XP SP3 remains slated for delivery sometime in the first half of 2008, the spokeswoman said. She also warned off casual users from trying the preview. "As this is a release candidate, we strongly encourage only those who are comfortable installing prerelease code to download Windows XP SP3," she said.

Recently, Microsoft has been downplaying the significance of Windows XP SP3. In a white paper posted to its Web site last week, and also Tuesday, the company praised Windows Vista at XP's expense, reminding users that "Vista provides the most advanced security and management capabilities of any Windows operating system."

"Windows XP SP3 does not bring significant portions of Windows Vista functionality to Windows XP," the spokeswoman said.

According to the white paper, the Download Center version of XP SP3 will weigh in at about 580MB; the version downloaded and installed via Windows Update, however, will be much smaller, typically around 70MB.

Windows XP debuted in October 2001 and was last updated as SP2 in August 2004; SP3 will be the final major upgrade of the operating system.

Wednesday, December 19, 2007

IE Crippled By Update

Microsoft is investigating a security update released last week that has crippled Internet Explorer and prevented users from surfing the Web.

Microsoft Update Cripples IE
Microsoft has confirmed that it is investigating reports regarding a security update for Internet Explorer issued last week, crippling some users' ability to get on the web with the said browser.

Users started posting messages on forums and Microsoft support newsgroup after Microsoft released the MS07-069 Security Bulletin on December 11. Most of them are saying that they could not use Internet Explorer to connect to the internet, either because Internet Explorer refused to launch, or because when it did open, it could not open various websites.

"About 60% of the time, I would get an 'Internet Explorer has encountered a problem and must close' dialog," reported Bill Drake on the Windows Update newsgroup. Others echoed those comments on IE-specific forums, noting that both IE6 and IE7 balked at loading, or while loading, some pages, particularly home pages, on both Windows XP and Windows Vista machines.

Harold Decker, operations manager at San Diego-based Gold Peak IndustriesNA Inc., started fielding calls from users last Wednesday morning as soon as people hit the office. "I stopped everyone who hadn't installed the update from installing it, after four PCs out of 14 had the problem," said Decker, who manages a total of 35 Windows XP SP2 machines. "We're a pretty plain shop; all our systems run Windows XP SP2 and IE6," said Decker. "But some kept crashing. It seemed limited to the window that was opened, and changing the home page to something simple, like a blank page, gave a better success rate."

Microsoft said it is currently creating a patch. "Our customer service and support teams are investigating public claims of a deployment issue with Microsoft Security Bulletin MS07-069," Microsoft's Mark Miller, director of security response. "If necessary, Microsoft will update the Knowledge Base article associated with MS07-069 with detailed guidance on how to prevent or address these deployment issues," Miller added.

Other users on the support forums weren't much help, except to suggest uninstalling last Tuesday's security update. That's what Decker did. "We uninstalled [MS07-069] and have had no problems since then," he said.

Tuesday, December 18, 2007

Google Yourself!

Have you Googled your name lately? A research firm made a survey on how many people are doing a Google Search on their names.

Go Ahead, Google Yourself
Have you Googled yourself lately? A survey made by Pew Internet and American Life Project said that there's a good chance you have.

The survey found that 47 percent of Internet users have searched for themselves through Google, an increase from 22 percent in 2002. Only 3 percent of those searching for themselves on Google claim to do it on a regular basis, with 22 percent claiming to search for themselves "every once in a while." A majority of 74 percent said they have searched for themselves once or twice.

Another interesting tidbit from the Pew survey is 53 percent of Internet users have Googled someone else’s name. Reasons include reconnecting with past friends (36 percent), searching about a coworker (19 percent) or a job applicant (11 percent), or even finding information about someone they are dating (9 percent).

Not included in the survey is the statistic that approximately 100 percent of those who read about the survey will Google their own name just to see what all the fuss is about. I of course did, and was both disappointed and relieved to find no information about myself.

While it's nice to know Google gawkers can't pull up anything on me if they tried, there's a strange emptiness to not having a digital footprint.

The Pew survey found that 60 percent of Internet users are not concerned with how much information is available online about them. A similar number of online adults (61 percent) claimed not to limit the amount of personal information they reveal online, while only 38 percent claimed to have taken extra precautions to limit that information.

Source: http://www.pcworld.com/

Monday, December 17, 2007

Wikipedia's Rival

Google is developing an online publishing service where people can write entries based on subjects they know


Google Creates Wikipedia Rival
Google is developing an online publishing platform where people can write entries on subjects they know, and idea that's close to Wikipedia's user-contributed content but with several differences.

Currently, the project is in an invitation-only beta stage, similar to Gmail way back. It allows users to create clean-looking web pages with their photo and write entries on a particular subject, like exercise. These entries are called "knols", for "unit of knowledge", Google said.

The search giant aims to develop a deep repository of knowledge, covering a wide gamut of topics, such as history and entertainment. This looks promising, but it has to catch up with Wikipedia's already 7 million articles in 200 languages. Anonymous or registered users can contribute to an entry in Wikipedia that's edited by a network of vetted editors.

But Google asserts that the Web's development so far has neglected the importance of the bylined author.

"We believe that knowing who wrote what will significantly help users make better use of web content," wrote Udi Manber, vice president of engineering, on the official Google blog.
Google said anyone can write about any topic, and repetition of entries on the same subjects is beneficial. Google will provide the Web hosting space, as well as editing tools.

Google also gives users an option to place ads on their created knols, giving contributors a "substantial" portion of the revenue generated by those ads.

Entries cannot be edited or revised by other people, unlike Wikipedia. However, readers will be able to rank and review others' entries, which the Google's search engine will utilize.

The concept of peer-reviewed information is nothing new and is implemented in different ways on various Web sites. Yahoo, for example, has an "Answers" feature where users can ask questions, and the response is ranked on quality. Also, most blogs have forms where readers can comment on the author's entry.

Despite those other formats, Google probably feels that "a service like Knol might be necessary to stay competitive," wrote Danny Sullivan, editor in chief of Search Engine Land, in a review.

Saturday, December 15, 2007

Office Update Confuses Users

An automatic update for Windows XP and Vista included the massive 200MB Office 2007 SP1, which according to Microsoft, won't be pushed out with Windows Automatic Update

Office Update Installs Automatically
Some Windows users are surprised to know they have gotten the massive Office 2007 SP1 update automatically, even though Microsoft said it would not use Windows Automatic Updates to push out the large upgrade; at least not for several months.

Users running a preview copy of Windows Vista Service Pack 1 will receive the Office 2007 upgrade automatically, as well as those users running Windows XP SP3, which is still in limited beta testing. The update weighs in at almost 220 megabytes.

"As noted to beta customers, if [they] are running Vista SP1 beta software, as part of the beta program, Office 2007 SP1 on pre-release Windows Vista SP1 will automatically install as planned for this beta program," said Bobbie Harder, a senior program manager with the WSUS (Windows Server Update Services) group.

Other users noticed tha automatic download and install of Office 2007 SP 1, and that even if the update was installed manually, Automatic Update later automatically installs, or reinstalls, the service pack.

Microsoft, when it unveiled the service pack, said Automatic Updates would not be used to deliver SP1 for at least three months, and maybe even six months. The corporation also promised to give a 30-day notice before pushing the update out using Automatic Updates.

Harder said that "On Vista in the Windows Update Control Panel Applet, the Office 2007 SP1 will appear as an available update to download and install, but it will NOT automatically download and install, regardless of the automatic settings" However, the update is checked by default, and users can easily miss the update information, countered Bradley. "If you are a bit asleep and just blindly approve all of the patches, you get a very large wait while SP1 for Office 2007 is downloaded," she said.

A Computerworld reader reported exactly that. "I received [Office 2007 SP1] last night Dec 11 as part of Windows Auto-update," said someone identified as 6monthVistaUser in a comment attached to a story about SP1. "Last night was the largest auto-update ever (230 MB download) filled with 11 updates. 1 was for IE v7, 6 were for Vista cumulative patches, 1 was the Office 2007 Service Pack 1, the other one was for Business Contacts Manager SP 1."

Harder defended the process. "For customers who want the benefits of Office 2007 SP1 now, we have made it available," she said. She also noted that users could choose not to pull in the service pack. "Download and installation of the Office 2007 SP1 via the Vista Windows Update control panel applet requires explicit user interaction, just as with the Microsoft Update site," she said. "Once the list of available updates appears, they can de-select or uncheck the box next to Office 2007 SP1 and choose to download and install other updates, or just close the applet."

Friday, December 14, 2007

QuickTime Bug Squashed

Apple releases a patch to update a critical flaw, making it the eight update this year for QuickTime.

Apple Fixes QuickTime Bug
A new security patch for QuickTime has been released by Apple, making it the eight update for this year for the media player software. The update addresses three critical security flaws in Quicktime that also includes a vulnerability that has been used by online criminals.

The most critical of the flaws patched is the implementation of QuickTime of the Real Time Streaming Protocol, or RTSP, which is used to play video and audio over the internet. Attackers began exploiting the flaw early December after it was made public last November. The online attack includes tricking victims into visiting a malicious website that exploited the flaw, and hackers were able to install malicious software on the victims' PCs.

These attacks have targeted Windows-based systems, but experts says that Mac OS X users are also at risk. Apple issued patches for both Windows and Mac OS X users last Thursday.

Security researchers are looking at the way QuickTime works with QuickTime Media Link (QTL) fire format used by the media player. The second critical vulnerability, which had apparently not been publicly disclosed, has to do with this file format.

Apple also patched a handful of similar bugs in the way that QuickTime handles Adobe's Flash media format. The most serious of these flaws could let attackers run unauthorized software on the computer, much as the RTSP bug does, Apple said.
With security researchers paying special attention to media format bugs, Apple has had to patch QuickTime frequently this year. Some of these updates have come just weeks apart. Apple last patched QuickTime on Nov. 5.

Thursday, December 13, 2007

FolderShare Deletes Files

Microsoft fixed a bug in its online file storage and sharing service that deleted files without user authorization.

The Microsoft AutoDelete Bug
After users reported problems about Windows Live FolderShare, an online file storage and sharing service, Microsoft went to fix the bug. The bug in the service, the users reported, was deleting files without their authorization.

Windows Live FolderShare is a feature that allows users to store files online and then download and synchronize them to and between different devices and computers. This feature is currently available in beta release.

Microsoft acknowledge the bug and said, in an email on Friday, that it has fixed the problem. The bug may have "accidentally moved" user files from their original folders into the FolderShare Trash folder, and that users should not delete files in the Trash until they are sure all of them were meant to be deleted. Microsoft also advised users on how to retrieve deleted files from the Trash folder. The statement sent to the users was also posted on the FolderShare web site.

The company said it is working to assist users who have lost their files on how to retrieve them. It also said that another online storage service that is also in beta, Windows Live SkyDrive, had not been affected by the bug.

Even after Microsoft said it has fixed the problem, users on the discussion board were still reporting buggy behavior from the service. Users noted that they were having trouble synchronizing files between computers and locating directories when using the service on Windows Vista.

Wednesday, December 12, 2007

Vista Market Share Increases

Windows Vista and Mac users are still increasing, and Linux, despite its small percentage, doubled in number last year, research shows.


Vista and Mac Shares Increase
According to a research firm, Windows Vista made its biggest leap yet in November. It was used on nearly one out of ten Internet-connected computers last month.

Vista's exact share rose about one percentage point to 9.19 percent in November, up from 7.94 percent in October, according to Net Applications. In contrast, Vista's predecessor, Windows XP, fell by about one percentage point from 79.41 percent of all Internet-connected computers in October to 78.37 percent in November, according to Net Applications. Meanwhile, the Mac platform's share continued to grow, reaching nearly 7 percent.

Windows' overall share continues to exceed 92 percent, according to the Aliso Viejo, Calif.-based research firm.

Linux was in use on 0.6 percent of PCs worldwide, according to Net Applications. Despite its small share, Linux's slice of the market has nearly doubled since the beginning of the year.
Vista's share has grown from 0.2 percent to 9.2 percent since the beginning of the year. XP's share, meanwhile, has fallen from to 78.4 percent from 85 %at the beginning of the year.

Internet Explorer 7's share continued to grow, reaching nearly 37 percent. It is poised to eclipse its predecessor, IE6, which has fallen more than 14 percentage points since the beginning of the year, to 40.2 percent. Altogether, IE was in use on 77.4 percent of Internet-connected computers, down from 80 percent at the beginning of the year.

IE's main competition, Firefox, held a 16 percent share of all Internet-connected computers. That's up from 13.7 percent at the beginning of the year.

Apple Inc.'s Safari held 5.1 percent, up from 4.7 percent at the beginning of the year.

Source: http://www.pcworld.com/

Tuesday, December 11, 2007

Gmail Combats Spammers, Blocks Users

An overzealous antispam measure mistakenly blocked legitimate users from their accounts


Antispam Measure Blocks GMail users
As an attempt to combat spammers, Google recently mistakenly disabled Gmail accounts of some users. Midweek, people started reporting in the official Gmail Help Discussion forum, that Google had locked them out of their accounts.

A Google staffer who oversees the forum and posts messages on behalf of Google acknowledged the existence of a problem at midafternoon Thursday.

"I understand that some of you have had a frustrating experience with your accounts being inappropriately disabled. Our team is aware of the problem, and our engineers are continuing to investigate," this person, identified as Google Guide, wrote.

Several hours later, the Google staffer declared the problem fixed "Our efforts to prevent breaches of our Terms of Use caused a number of users to be incorrectly identified," the staffer wrote.

The Google Guide also detailed some information about the situation in a subsequent post to the forum. The staffer said that it was the result of an effort to rid users who abuse the mail service, such as spamming.

Accounts which were disabled by mistake should have regained access to their mail with no data lost, said the staffer.

However, spokesperson Courtney Hohne said that Gmail would not reject any incoming messages to those disabled account, returning a "bounce-back" notice to senders, and will not automatically attempt to redeliver those rejected messages.

"Our goal has always been to keep Gmail free of people who abuse the service and to keep Gmail inboxes free of spam. We've been targeting a large network of spammers to keep them out of the Gmail system and accidentally disabled access to some other accounts," she wrote. Hohne said the mistakenly disabled accounts affected "a small fraction," well below 1 percent of the tens of millions of Gmail users.

Late Friday morning, some people are still complaining that their accounts were still locked.

The discussion thread is one of the longest in recent months, and is full of frantic pleas for help from affected people who use Gmail as their primary e-mail service for personal or work communications.

Along with disabled Gmail accounts, users were also complaining in the past month about a problem with the mail service. The new version of Gmail, dubbed Gmail 2.0, became extremely slow, often fails to load pages, and even crashes their browsers, users complained.

Gmail, which features an ungraded contacts manager and is designed to be faster and more stabled, is based on what the company calls "a major structural code change".

One of several threads devoted to this issue in the Gmail Help Discussion forum continues to grow, with nearly 300 messages at this time.

Monday, December 10, 2007

Microsoft to Release 7 Patches

The last batch of updates this year focuses on security fixes for Windows and Internet Explorer.


A Round of Patches from Microsoft
Microsoft corporation promised to end the year with a bang by scheduling
seven security updates Tuesday to fix flaws in Windows and Internet Explorer.

Even though Microsoft pledged that Windows Vista, the year-old operating system, is the most secure version of Windows ever, it will still be affected by five of the seven updates. "That's no small percentage," noted Andrew Storms, director of security operations at nCircle Inc. "The perpetuates the fact that even though Microsoft said it was secure, it still needs plenty of patches."

Three of the seven updates will be rated "critical" - Microsoft's highest ranking, while the remaining four will be labeled "important", the next lower rating. Microsoft has revealed limited amount of information about the updates in a prepatch notification posted to its website last Sunday.

One of the seven is a sure bet, Storms said, referring to an update for Windows dubbed as important that will affect Windows XP, and Windows Server 2003. "The Macrovision patch is the most likely candidate for what they're calling bulletin 5," said Storms.

Early last month, Microsoft confirmed that attackers were actively exploiting a bug in third-party anti-piracy software bundled with Windows. The software, which Microsoft licenses from Macrovision Inc., had been updated for Vista, which was why that OS was not at risk. Although Macrovision quickly issued a replacement driver for Windows XP and Server 2003, Microsoft said it needed time to prepare and test the update, which meant it missed the November patch deadline.

"The rest of these are a complete surprise to me," admitted Storms. With one exception, he also hesitated at guessing the contents of the remaining half-dozen updates. His one prediction: "Bulletin 7 might be the fix for the WPAD vulnerability."

On Monday, the Microsoft Security Response Center advised users of a bug in the way Windows looks up other computers on the Internet that has resurfaced. The flaw could allow attackers to steer users to an untrustworthy Web Proxy Auto-Discovery (WPAD) server, where they would receive directions to, say, malicious Web sites rather than the legitimate destinations.
"That would be a very quick fix, and unlikely Microsoft behavior, but if the fix is as simple as some have said, it's possible," said Storms.

Unless it yanks one or more from the list at the last minute, Microsoft will end the year having released 69 security bulletins in 2007, nine fewer than 2006's total but 14 more than in 2005.

Sunday, December 9, 2007

Facebook Tracks Offline Users

The social-networking site acknowledges that its Beacon ad service tracks even logged-off users who are visiting their partner's website.

Facebook Tracks Even Logged-Off Users
The social-networking site Facebook confirms the findings of a CA security researcher that its Beacon ad service is more intrusive and stealthy than previously acknowledge. This contradicts the statements previously made by Facebook executive and representatives.

The ad service, Beacon, tracks users' off-Facebook online activities even if those users are logged off from the social-networking site. The Beacon tracks user's online activities on specific external websites and broadcasts it to their Facebook friends. Although this feature has an option to opt-out, Beacon still transmits data gathered to Facebook servers even if the user has previously declined to use Beacon.

According to a company spokesman, Facebook does nothing with the data transmitted back to its servers, and, in these cases, deletes it. The admission will probably fan the flames of the controversy engulfing Beacon, which has been criticized by privacy advocates.
The Facebook spokesman did not initially reply to a request for further explanation on how the Beacon action gets triggered if a user is logged off from Facebook, when the social-networking site's ability to track its users' activities should be inactive. It's also not clear whether the website plans to modify Beacon so it doesn't track and report on the off-Facebook activities of logged-off users.

Beacon is a major part of the Facebook Ads platform that the website introduced with much fanfare several weeks ago. Beacon tracks certain online activities of Facebook users on more than 40 participating websites, including those of Fandango and Blockbuster. These include purchasing a product, signing up of a service, and including an item on a wish list. It then reports those activities to the users' set of Facebook friends.

The program has been blasted by groups such as MoveOn.org and by individual users who have unwittingly broadcast information about recent purchases and other Web activities to their Facebook friends. This has led to some embarrassing situations, such as blowing the surprise of holiday presents.

On Thursday night, Facebook tweaked Beacon to make its workings more explicit to Facebook users and to make it easier to nix broadcast messages and opt out of having activities tracked on specific Web sites. Facebook didn't go all the way to providing a general opt-out option for the entire Beacon program, as some had hoped.

Facebook users are not informed that data on their activities at these sites is flowing back to Facebook, nor given the option to block that information from being transmitted.

If users have ever checked the option for Facebook to "remember me" -- which saves users from having to log on to the site upon every return to it -- Facebook can tie their activities on third-party Beacon sites directly to them, even if they're logged off and have opted out of the broadcast. If they have never chosen this option, the information still flows back to Facebook, although without it being tied to their Facebook ID, according to Stefan Berteau, senior research engineer at CA's Threat Research Group.

Facebook's admission over the weekend contradicts previous statements from the company regarding this issue. For example, in e-mail correspondence with Facebook's privacy department, Berteau was told, among other things, that "as long as you are logged out of Facebook, no actions you have taken on other websites can be sent to Facebook."

Saturday, December 8, 2007

Microsoft Internet Explorer Flaw

Microsoft acknowledges that there is a vulnerability with Internet Explorer 7 and rushes out fix


Microsoft IE7 to Patch
Microsoft went to work to fix a vulnerability with Windows Internet Explorer and its URI, or Uniform Resource Identifier. The fix is to address the problem in the way Internet Explorer 7 interacts with other programs. But with no fix available at the time, using IE7 on Windows XP machines is risky business.

The vulnerability of IE 7 lies in how it interacts, via the URI handler, with products such as Adobe's Acrobat Reader or Mozilla's Firefox. Before, Microsoft pointed fingers to Firefox. Then, the company, after acknowledging that the problem was its own, went to a slow work on a fix because no known exploit existed at the time. But it went on a frenzy when a Trojan horse attack started infecting machines in October.

The Trojan horse attack, which a user receives as an infected PDF, brings an old social-engineerin ploy, which malware filters usually don't vet. It tricks you into clicking the link by carrying a subject line such as "invoice" or "bill".

Adobe patched Reader, but that only covers one end of the worm home. Microsoft's patch has been in testing for quite a while, and may remain in that state for some time. As of now, try to avoid using Windows Internet Explorer 7 to browse sites that are suspicious. Try other alternatives, such as Firfox version 2.0.0.6 and up, which already has a patch for the URI vulnerability.

Opening e-mail attachements is growing riskier. A Microsoft report found that the first half of 2007 saw a 150 rcent increase in phishing scams and a 500 percent increase in malicous payloads.

Obtain a patch of Adobe Reader fix at the Adobe's site if you don't have the PDF fix yet.

Friday, December 7, 2007

Windows Genuine Disadvantage?

Thousands of Windows users went berserk after Windows Genuine Advantage (WGA) system crippled their system, accusing them of conterfeit software. In Windows Vista SP 1, Vista cripples WGA.


WGA - Change or Go Away
Back in August, a glitch in Microsoft's servers for Windows Genuine Advantage (WGA) accused thousands of users of counterfeit copies of Windows. Users, who paid for their software, were inconvinienced by the fact that WGA crippled their Windows machine, especially Vista. Microsoft has announced that Windows Vista SP1, shipping early next year, will end the kill-switch measure that cripples every aspect of Windows Vista except limited Web browsing if it believes you to have a pirated copy of the operating system

Windows Genuine Advantage is Microsoft's way of determining whether you have an original, genuine copy of Windows, or just a counterfeit copy. The system is installed during Automatic Updates or when you try do download a software off the Microsoft website that requires WGA validation. What it does is scan your system, mainly the product key of Windows, to generate a code that it sends over to Microsoft. If the servers in Microsoft determines your copy of Windows is counterfeit, it tells WGA to run Windows in Reduced Functionality Mode.

With Windows XP, nothing much is changed except for occasional message that your copy of Windows did not pass the WGA test, on your system tray or in the log-on screen. In Windows Vista, however, the effect is more severe. Failing the WGA test on Vista will disable key features, such as the Aero interface, ReadyBoost, and a limited time of using the computer (you are automatically logged off after an hour).

Microsoft has reduced the impact of WGA on Windows Vista users, and it does this with SP 1. It no longer disables the Aero interface or any other features. Instead, it will only annoy them with messages accusing them of piracy. It'll also change their wallpaper, and it'll give them a dialog box that makes them wait until they can postpone activation.

Killing the kill switch is a good start, since it'll reduce the chances that Vista will mistakenly prevent deny functionality to paying customers. But it doesn't represent fundamental change to WGA. In fact, Microsoft VP Mike Sievert says that "It's worth re-emphasizing that our fundamental strategy has not changed. All copies of Windows Vista still require activation and the system will continue to validate from time to time to verify that systems are activated properly."

Still, a lot of users have no confidence with Microsoft's WGA. Of course, that includes those innocent Windows users who were accused of counterfeit software when they were in fact, genuine copies. Users say that either Microsoft has to change WGA to be integrated perfectly with Windows, or better yet, make it go away.

For years, the Microsoft monopoly made it very hard for anyone to opt out of using Windows. Thanks to the resurgent Mac OS X and ever-improving Linux--neither of which are burdened with copy protection--that's no longer true. WGA remains a significant argument against choosing Windows, and will be one until it gets far more seamless or simply goes away.

Thursday, December 6, 2007

Firefox Flaw

Four days after releasing version 2.0.0.10 of Firefox 2.0, Mozilla Corp. has to scramble to release another update. For the first time, Mozilla has issued two updates to fix Firefox bugs in one week.


Firefox to Fix 'Canvas' Problem
Just four days after releasing version 2.0.0.10 of Firefox 2.0 to fix six known bugs, browser developers at Mozilla Corp had to scramble to push out another update. Version 2.0.0.11 was released, last Monday, to fix a new known bug that caused problems when the browser was rendering "canvas" HTML elements. Mozilla released the update last Friday, marking the first time Mozilla has issued two updates to the open-source browser in one week.

The most recent canvas problems were detailed last week by Mozilla, which said at the time is expected to have an update out by last Friday.

The Canvas elements were first used by Apple Inc. in its Safari browser to allow web designers to dynamically render bitmap images in HTML. Microsoft Internet Explorer does this with a plug-in, but Firefox, Safari, and Opera support Canvas natively;

Firefox 2.0.0.10 for Windows, Mac OS X, and Linux, break pages that include the Canvas element, and cripple at least two Firefox extensions, FoxSaver and Fotofox.

The new version of Firefox is available for free download on the Mozilla website.

Wednesday, December 5, 2007

PC + Mac QuickTime Flaw

Symantec warns that both Windows and Mac systems may be vulnerable to exploits of an unpatched Quicktime flaws



Windows and Mac Shares QuickTime Flaw

Last Sunday, Symantec warned in a DeepSight Threat Management System alert that attackers are trying to exploit an unpatched vulnerability in Apple's QuickTime software that could let them run code on a victim's computer.

Attackers appear to be aimed at Windows users, but Mac OS users could be open to the risk as well, as QuickTime vulnerability in question affects both operating systems. The vulnerability, called the Apple QuickTime RTSP Response Header Stack-Based Buffer Overflow Vulnerability, was first revealed on November 23, and still remains unpatched by Apple.

Windows XP and Windows Vista running Internet Explorer, Firefox, Opera, and Safari are affected by this vulnerability, as well as Apple's own MacOS X 10.4 and 10.5.

Symantec said that there are two types of attacks underway. One involves redireting the victim's computer from an adult web site, Ourvoyeur.net, to another web site that infects the computer with an application called loader.exe. It can be saved to the victim's computer as metasploit.exe, asasa.exe, or syst.exe. Once installed on a computer, this application downloads another binary file, which Symantec identified as Hacktool.Rootkit, a set of tools that can be used to break into a system. It's possible that Ourvoyer.net was compromised as part of the attack.

The second method of attack also involves redirection, however, Symantec is currently investigating the attack to determine what, if any, malicious code is involved.

To protect systems from attack, Symantec recommended blocking access to affected sites. "Filter outgoing access to 85.255.117.212, 85.255.117.213, 216.255.183.59, 69.50.190.135, 58.65.238.116, and 208.113.154.34. Additionally 2005-search.com, 1800-search.com, search-biz.org, and ourvoyeur.net should be filtered," it said, adding IT managers can also block outgoing TCP access to port 554.

Alternatively, IT managers could take more drastic steps. "As a last measure, QuickTime should be uninstalled until patches are available," the alert said.

Monday, December 3, 2007

Vista Confusion

Users, and even lawyers, gets confused with the Vista Capable slogan of Microsoft.


Windows Vista Capable Confusion
A Microsoft Corp. product manager couldn't correctly explain the "Vista Capable" marketing slogan, according to recent filings in a lawsuit that claims the company misled consumers with a pre-release Vista campaign last year.

Dianne Kelley filed a case against Microsoft with deceptive practices in letting PC makers put "Vista Capable" stickers on PCs, letting users believe the configuration can run any version of Vista. The truth, however, is only a limited number of PCs can run a version higher than Windows Vista Home Basic, the simplest version of Windows Vista. Any other higher version would then require the "Premium Ready" sticker slapped on the unit, which was introduced in the late 2006. It can run Vista versions as high as Ultimate.

Both stickers were used to further sell machines running Windows XP before the delayed public release of Windows Vista.

About two weeks ago, lawyers for Kelley requested that the lawsuit be given class-action status, which would open the plaintiff list to all U.S. residents. Last week, Microsoft opposed that move in its own filing with the federal court in Seattle.

Microsoft argued that it spent considerable time and effort educating the public and providing information to its OEM hardware partners about the Vista Capable program. "From the inception of the WVC [Windows Vista Capable] program, Microsoft emphasized that not all Windows Vista Capable PCs were equal," Microsoft said in its Nov. 19 filing. "As Microsoft repeatedly told the public, 'premium features and advanced experiences' such as Windows Aero would require a PC labeled 'Premium Ready.' "

But in a deposition taken by Kelley's lawyers that was included in their Nov. 9 brief, a Microsoft manager couldn't correctly explain what "capable" meant in the Vista marketing blitz.
"Capable is a statement that has an interpretation for many that, in the context of this program, a PC would be able to run any version of the Windows Vista operating system," said Mark Croft, the company's director of marketing. " 'Ready' may have [prompted] concerns that the PC would run in some improved or better way than -- than 'Capable,' therefore the word capable was deemed to be a more fitting word for this program."

After a 10-minute consultation with Microsoft's lawyers, Croft corrected himself. "I made the statement that ... Capable would be able to run any version of Windows Vista, whereas, in reality, our intent with Capable was that the system would be able to run a version of Windows Vista," he said. "So quite an important difference in the two -- two terms there."

Last April, just weeks after Kelley filed her lawsuit, Microsoft denied that it had changed its online description of a Vista Capable PC's capabilities. "We have made no changes to how we communicated Vista Capable in the past few months, other than to make some [verb] tense changes to indicate that [Vista] had shipped," a company spokeswoman said at the time.

Microsoft also disputed the contention that Vista Home Basic is, as Kelley's lawyers have argued, nothing more than "a gimmick Microsoft designed" to help computer makers unload "soon-to-be-obsolete PCs that Microsoft knew lacked the horsepower to run the 'real' Vista."

"Windows Vista Home Basic represents a major advancement over Microsoft's earlier operating systems," said the company in its filing last week, listing desktop gadgets and parental controls as two features that distinguish Home Basic from the earlier XP Home.

Saturday, December 1, 2007

Google to Combat Malicious Sites

Last month, news about malicious sites taking advantage of Google's PageRank to stay on top of the search results, drawing unsuspecting users into their malware-ridden sites. Google creates an online form so users can report any malicious sites they may see.


Google's Response to Malware Sites
News leaked out about malicious sites using a technique called Google Bombing and spamdexing to stay on top of the search results, last month. Malware sites will likely to occur on the top of the search results, drawing unsuspecting victims into their malware-ridden sites, by exploiting Google's PageRank system. Once the user enters the site, it will try to install a number of malwares on the system.

Security vendor Sunbelt Software said hackers appeared to be using various tricks to ensure their malicious sites appear high in Google's search results. Sunbelt said it turned up 27 different domains hosting malware, each with up to 1,499 malicious pages, or some 40,000 pages in total.

Google's initial response was to purge from its index these sites, although Google has not confirmed that this happened. At least, your search result will now less likely contain a malicious website. It was the first search engine to act on this situation. After all, it is its technology being used to bait users. Yahoo and Windows Live Search has not yet reported to the said breakout.

Currently, we know of hundreds of thousands of Web sites that attempt to infect people's computers with malware. Unfortunately, we also know that there are more malware sites out there," Google's Ian Fette wrote in the company's security blog.

To protect online users even more, Google launched an online form so ordinary web users can report any website they suspect that contain malicious code. It contains a simple form that lets users enter the URL of the site and additional information. It also features a CAPTCHA to prevent automated bots from reporting sites automatically.

Thursday, November 29, 2007

Google Cleans Up Malware

Reports say that certain malware distributing sites are making their way to the top of Google's search results, taking advantage of their PageRank system.


Google Purges Malware Websites
This week, news spread in the web saying that malware sites are taking advantage of Google's PageRank system to appear on the top of the search results. Researchers confirmed this Wednesday that Google Inc. has cleaned its index for malware websites.

Malware websites forced its way to the top of search results in Google search by processes known as spamdexing and Google bombing. Spamdexing creates invisible text in the websites that is used to lure users to the websites and is usually irrelevant to the page's content, while Google bombing employs the work of bots that increases the PageRank of a page. For more information about these techniques, see the article, Clicking Google Search Result May Lead to Malware in Sonicsoft Wired.

Researchers, however, said that Google has purged the malware sites from its index, effectively removing these sites from appearing on their search results.

The malware sites, once visited, will attempt to install tons of spywares, viruses, password stealers, rootkits onto the user's system. These malwares are easily prevented by the most recent patches available and uses no new exploits of software.

"They look gone to us," said Alex Eckelberry, the CEO of Sunbelt Software Distribution Inc., the company that broke the news Monday of a massive, coordinated campaign by attackers to spread malware through search results on Google, Yahoo, Microsoft Live Search and other sites.
Google did confirm yesterday with us that they were working the case, and they are good about nailing this stuff," Eckelberry added. He notified Google about his research this Monday.

Ironically, Google refuses to confirm or deny that it did remove from its index the 40,000 malware hosting sites, or even that they had existed. "Google takes the security of our users very seriously, especially when it comes to malware," a company spokeswoman said Wednesday. "In our search results, we try to warn users of potentially dangerous sites when we know of them. Sites that clearly exploit browser security holes to install software, such as malware, spyware, viruses, adware and Trojan horses, are in violation of the Google quality guidelines and may be removed from Google's index."

However, she did not mention how long Google made the purge, and if the company had ever done any countermeasures against malware sites from perform this kind of trick in the future.

Microsoft has just confirmed the presence of the malware sites, and are working on it, says a representative of the Live Search team. Yahoo has not yet made a comment.

Wednesday, November 28, 2007

Google Trouble

A new wave of malware distribution is stewing, and it utilizes Google's PageRank system to appeal to users.


Clicking Google Search Result May Lead to Malware
Google is really famous for this technology, and is probably why it's service is leading from its rivals, Yahoo! Search and MSN Search. Google's PageRank technology was designed so popular websites appear on top of search results.

Google's PageRank uses a nifty logic to determine which page is important and which are not by counting the websites that links to the website. In an example, let's say we will need to rank Page A. Google's spiderbot will count how many websites will link to Page A, thus adding a vote to the site, and increasing its rank. The higher the number of sites, the higher the rank would be. All websites are ranked using this technology. For more information about Google PageRank, see this page.

Although this may look like a very good system, it's not without its flaws. A technique known as Google bombing is a technique used to manipulate the search results of Google Search. Since Google uses PageRank, which counts how many websites that links to a page, Google bombing involves creating tons of websites, or blogposts, that links to a page you want its rank to increase. If enough false websites or posts links to the page, it might appear on top of the search result of Google. Also, a technique called Spamdexing, is closely related to Google bombing, employing a different technique, usually involves creating invisible text (like white text, that blends perfectly with the background) to increase the likelihood that the page is ranked higher.

Malwares are now using these techniques to direct unsuspecting users to enter the website, that installs tons of viruses, trojan horses, rootkits, and password stealers. A bot may be used to create hundreds of blogposts that links to the malware page, effectively increasing its rank, and increasing its chance to appear on top of the search result page. Innocent keywords, from 'how to I teach my dog to play fetch' to 'how to cisco routing vpn dial in', may produce links that leads malicious websites on the very top of the results. Most users wouldn't suspect anything's amiss with the rogue results, although the ultra-wary might be suspicious because many of the malicious URLs are just a jumble of characters, with China's .cn top-level domain at their ends.

Once a user enters the bogus site, he'll be bombarded with malware installation. It may guise itself as a fake video codec. If that doesn't get the user, its IFRAME will. "This is what's doing the most damage," added Sunbelt malware researcher Adam Thomas. "It's loaded with every piece of malware you can think of, including fake toolbars, rogue software and scareware."

One site that Thomas encountered tried to install more than 25 separate pieces of malware, including numerous Trojan horses, a spam bot, a full-blown rootkit, and a pair of password stealers. All the malicious code pitched at users is well-known to security vendors, and can only exploit PCs that aren't up-to-date on their patches.

Tuesday, November 27, 2007

Service Pack 3 Speeds XP

Microsoft has released the beta version of Windows XP to a limited number of testers just days after Windows Vista Service Pack 1 was released. Testers say SP3 speeds up Windows XP.



Service Pack 3 Boosts XP's Speed
Looks like the six-year old operating system is improving, as early testers of Windows XP SP3 reveals that it speeds up Windows XP. Microsoft has released the beta version of SP3 to a limited number of tester just days after the release of SP1 for Vista.

Devil Mountain Software tested the SP1 for Vista earlier, and claimed that Vista with SP1 is no faster than the original, unpatched version. They repeated some of the same tests on the release candidate of Windows XP SP3.

"We were pleasantly surprised to discover that Windows XP SP3 delivers a measurable performance boost to this aging desktop OS," said Craig Barth, Devil Mountain's chief technology officer, in a post to a company blog Friday.

Devil Mountain ran its OfficeBench suite of performance benchmarks on a laptop equipped with Office 2007, Microsoft's latest application suite. The notebook - the same unit used in the Vista/Vista SP1 tests earlier - featured a 2.0GHz Intel Core 2 Duo processor and 1GB of memory. The results reported a 10% speed increase under XP SP3 when compared to SP2, the service pack released in 2004.

"Since SP3 was supposed to be mostly a bug-fix/patch consolidation release, the unexpected speed boost comes as a nice bonus," Barth said. "In fact, XP SP3 is shaping up to be a 'must-have' update for the majority of users who are still running Redmond's not-so-latest and greatest desktop OS."

According to the Office performance benchmarks, Windows XP SP3 is also considerably faster than Vista SP1. "None of this bodes well for Vista, which is now more than two times slower than the most current builds of its older sibling," said Barth.

This may be the Service Pack that could snatch away Vista's selling points. Since companies are still reluctant to upgrade to Vista, they may test out this service pack and eventually skip Windows Vista altogether if all goes well. For one thing, upgrading to Windows Vista costs money - to purchase the operating system, to upgrade the computer components to match the requirements of Vista, and to train people on how to use the new operating system. Upgrading Windows XP to Service Pack 3, is free, however. In addition, XPs performance is better than Vista, considering the application incompatibilities, and with this upgrade, it looks like XPs the clear winner.

But we can't tell for sure. Even though Microsoft extended the support for the six-year old operating system, they may come up with some scheme to force Windows XP users to upgrade to Vista.

Windows XP Service Pack 3 is scheduled to be released in the early quarter of 2008, but Microsoft said this lock is not definite, but will respond accordingly to consumer demands.

Monday, November 26, 2007

Windows XP Service Pack 3

Windows Vista's Service Pack 1 has been quite a buzz during the past few months, but Microsoft is quiet about its Service Pack 3 for Windows XP


Microsoft Quietly Readies XP SP3
Just days after Microsoft delivered the release candidate of Windows Vista's Service Pack 1, Microsoft issued a quiet release of the Windows XP SP3 beta, to about 15,000 testers, the company said.

The next major service pack, a critical fix to the six-year old operating system, will be scheduled to be released in the first half of 2008. Microsoft, however, reminded everyone that this is not definite rather an estimate. "We are targeting [the first half of] 2008 for the release of XP SP3 RTM, though our timing will always be based on customer feedback as a first priority," a company spokesperson said. RTM means release to manufacturing, and when a software is given to a publisher to be boxed and shipped to consumers.

Like Windows Vista SP1, Microsoft will at some point offer the beta version to anyone who wants to test it, the spokesman said.

Microsoft has been quiet about what will be in Windows XP SP3, and in general has been reluctant to even mention the update as it publicizes the progress of Vista SP1 in company blogs and regular communications with the press. Analysts have speculated that Microsoft, which has already made several XP-related concessions, including extending support for the aged OS and pushing the end of retail and OEM sales out five more months, wants to downplay SP3 to make sure it doesn't steal any more thunder from Windows Vista.

According to accounts published last month, XP SP3 will feature more than 1,000 hot fixes and patches that have been issued in the past three years, as well as at least four new features, some of which will be ports of Vista tools.

Sunday, November 25, 2007

The Google Edge

Google extended its lead in web searches, ComScore says.


Google Remains On Top of Web Searches

Google still remains on the top of the pack, with still increasing share of internet search engine market in October. According to market researcher ComScore, Google broadened its lead over its rivals Yahoo and Microsoft by winning 58.5 percent of all US searches in October, an increase of 1.5 percentage points over September.

Yahoo took second place with 22.9 percent of the search market, down from 23.7 percent, while third ranked Microsoft dropped to 9.7 percent from 10.3 percent. Ask Network remained steady at fourth place with 4.7 percent of the U.S. search market in October, while Time Warner Network dropped a tad to 4.2 percent from 4.3 percent a month earlier, ComScore reported.

Google captured 6.1 billion of the 10.5 billion Internet searches Americans conducted in October, ComScore said, far more than second place Yahoo's 2.4 billion.

Leading Search Engines - October 2007
  • Google: 58.5 percent (+1.5 points)
  • Yahoo: 22.9 percent (-0.8 points)
  • Microsoft: 9.7 percent (-0.6 points)
  • Ask Networ: 4.7 percent (no change)
  • Time Warner Network: 4.2 percent -0.1 points)

Source: ComScore. (The company only counted search engines with nearly 5 percent or more of the search market in its survey.)

Friday, November 23, 2007

War in Microsoft

Analysts say that Microsoft Windows Vista's biggest problem is not competition from other companies like Apple. It's more like Family Feud, actually.


Vista's Biggest Problem
Microsoft's biggest worry shouldn't be rival operating systems from Apple Inc. or Red Hat, but competition from it's own Windows XP, analysts said last week.

The big story isn't that 32% of the companies we surveyed said that they would start Vista deployments by the end of next year," said Benjamin Gray, an analyst at Forrester Research Inc. "It's that companies have been hugely successful in standardizing on Windows XP."

About 85% of US and European companies with more than 1,000 employees use Windows XP, up from 65% a year before. Although Windows XP is already six years old, Gray warned not to bet against it. "There are plenty of companies looking forward to XP SP3," he said. That next hot-fix and patch rollup is to ship sometime in the first quarter of 2008, Microsoft has said, and it will reportedly be XP's last service pack.

Vista's biggest competition isn't Apple or Novell or Red Hat; it's Microsoft itself, it's XP," Gray said. A lot of companies use Windows XP that Microsoft may feel obligated to extend the product mainstream support past its April 2009 expiration date. "I wouldn't be surprised," Gray said, "although it might require some additional pressure on the company by its largest customers."

Still, XP will eventually get the boot in favor of Vista. Vista isn't a matter of if, but of when and how," he noted.

Businesses will start upgrading their operating system to Vista by the end of 2008, while some will do this in 2009, and 2010. Still, some companies are skittish about upgrading, according to Forrester's data.

He attributed the lowered expectations to a lack of detailed information about Vista in 2006; too-high prices for PCs with 2GB of memory, which is essentially the minimum needed for Vista, according to company managers; and a larger-than-expected number of incompatible applications.

"Application incompatibility is a big, big headache," Gray said, citing reports from companies preparing for a migration to Vista. Those firms said applications incompatible with Vista made up between 10% and 40% of their software portfolios. "That's causing a lot of XP shops to take a wait-and-see approach to Vista."

But Gray said he was convinced Microsoft will win out in the end, if only because it has virtually no competitor worth the name in the enterprise market. "Linux and Mac have 1% or 2%, and in some cases, such as Europe and the largest corporations, they don't even register," he said. "Microsoft owns this space, and I don't see that changing."

Thursday, November 22, 2007

Month Special: 404 - Not Found

Ever heard of a 404 page? It's a page that is displayed by a website, or the web browser, to inform the user the page he or she is trying to access does not exists. It's not a good sight, but these website make 404 pages the destination page for a few


Cool Pages We Haven't Found

Stereotyped as the 'Page cannot be displayed' page in Internet Explorer, 404 (or four oh four) pages is the page displayed by a website telling the user the requested page is not available.

Possible reasons could be the page has been moved to another location, or the page does not exist, or the user have typed the website address wrong. In any cases, a 404 page shows up if the web server can't access the required page.

It's sometimes dreadful to find yourself on a 404 page. There is no usable content, and more often than not, the only way to go back is pressing the Back button on your browser. Not only that, some web servers are placing ads on their 404 pages, making it impossible to discern you've reached a non-working page.

Still, some websites make their 404 pages cool and imaginative. They include fancy graphics, unique ideas, and even poetry to convey to the users they have reached a bad link. Not only that, they also provide a link to the home page, sometimes a search feature, and even an option to report the bad link, so you're not left lost.

Anyway, here are some of the fun 404 pages we haven't found (since technically, the web page is supposedly not existing):


Do Whatever You Need to Do. These characters are talking about 404 errors and are hilarious!
http://www.homestarrunner.com/systemisdown.html

While you're lost... you must die!
http://www.f23.com/404.shtml


Be poetic. Lumino.us gives you three haikus, and beer!
http://lumino.us/404

Another Haiku. Informative, but a direct link back to the homepage would be useful.
http://www.jackfig.com/404


Road Not Found.
http://iamww.com/404


The Blue Screen of Web Death. Yep, it's still here. BSOWD.
http://www.galiacho.es/404


Be sincere. He seems to be very sorry for the missing page...
http://jeremyfuksa.com/404



Don' Count up to 404. The page already did it for you.
http://www.porcupine.gr/404



Poetic again. A small poem about the 404 error.
http://www.poemofquotes.com/404


Unusual Solutions. Shocking visitors with colors - interesting, but not quite appealing
http://www.palmflying.com/404

Tell Them What Happened. A nifty flowchart of what happened
http://www.nextwaveperformance.com/404

Lost? Nowhere to go?
http://www.martinkorner.co.uk/404df


Robots. Computers. Jamie Huskisson communicates with “lost” visitors using imagery
http://www.jhuskisson.com/404



Good design. A really dirty, hand-made image with a comment - for despaired visitors only. The page also includes a search box.
http://www.ateaseweb.com/404/

Emergency Test! Apparently, this is a test of the emergency broadcast systems. You should remain calm, these kinds of things happen all the time. The “four oh four error” by Poropoptrt.com.
http://www.pyropoptrt.com/404

What Can be Done? This site offers some suggestions
http://www.psyked.co.uk/404





Clean and simple. BlueVertigo offers a poem with horizontal scrolling
http://bluevertigo.com.ar/404



Run! Servers on the loose!
http://tysontate.com/404/

Time for oh-four! The 404 on the clock
http://www.tix02.be/404 Use Emotions. Isn't he sad?
http://suspendedanimations.com/404
Hmmm. Slonky uses a bizarre image.
http://slonky.com/404




More Haiku.
http://alt-web.com/404


Page Cannot be found. My favorite
http://www.vi-su.de/404


Crash with style. Even a 404-error page can look stylish.
http://www.cgcraft.com/404


While you're here. The site gives cocktail recipe:
http://www.cssleak.com/404.php

We all make mistakes!
http://www.darrenhoyt.com/404




Neat, huh? Click the images for a larger view.



Wednesday, November 21, 2007

Zune Can't Win

Microsoft's answer to Apple's digital music player, the iPod, is the Zune. It wasn't a big hit when it was first released. However, with Zune 2.0, it may turn the tides, but Apple have had a big head start.

Zune too Late?

Finally, Microsoft got digital music right -- to bad it's five years too late. PC Magazine just awarded the Microsoft Zune 80GB player an Editor's Choice. Unfortunately, it's the best of a dying breed - hard drive-based players, but still sports a brilliant blend of elegant design, intuitive interface, and strong features.

Hard drive-based players are becoming rarer, with flash-driven players with all the rage. The Apple iPod touch, the number one most-coveted player today, is an 8GB flash player. So are the Apple iPod nano, SanDisk's best players, and the Samsung p2. Microsoft did produce a new flash-based player too. The Microsoft Zune 8GB model uses flash memory, pleasingly thin, and shares that same smart interface to the new Zune Marketplace as its big brother.

Several tests show, however, that the display is sluggish, and iPod nano and touch thumps that area. Whatever issues exist with the flash-based Zune are probably easily fixed, though it's hard to imagine that Microsoft can do anything to the player that would make it more attractive than Apple's flash offerings.

Microsoft does present some minor innovations. (No, not the integration of FM radio—SanDisk and just about every other iPod competitor does that.) The ad hoc music sharing is a nifty curiosity: Share music with other Zune owners, who get to play the songs three times (over three days, three months, three years or any time span you want). The fundamental flaw here is, I'm sure, obvious to you: You have to know other Zune owners for this to work. Do you know any? In the year since Zune first launched, I have yet to meet one.

This, of course, invites the question: If Microsoft could build in Wi-Fi, why didn't the company make a deal with some service provider to turn thousands of hot spots into music-download spigots? Could it be that no one wanted to make a deal with Microsoft? Music partners haven't always fared so well with the Redmond-based company. Just look at what happened with PlaysForSure, which Microsoft left out of the first- and second-generation Zunes, and the disastrous, short-lived MTV/Urge relationship.

Still, companies like Verizon like to make money, and they must be gnashing their teeth over the Apple/T-Mobile hot spot/Starbucks deal. Any wireless service provider could be making pennies per download with Microsoft and its new Zunes. Multiply this by a million downloads and you're talking some serious cash.

The harsh reality is that Microsoft will never win in the digital music market—unless someone discovers that iPods cause cancer. I have to believe that Microsoft knows this and accepts it. It's not looking for Apple converts—a good plan because there won't be any. Instead, Microsoft will go for digital music virgins. There are still millions of them. Many are adults who don't understand why everything Apple does is so cool. Others always considered Apple's products too expensive. The Zune is cool in its own right, though it lacks that intangible quality of every Apple product.

Young people graduating from the Nintendo DS to music players may not accept the Zune ("cool" plays too large in their lives and they'll likely demand an iPod touch or nano), but young adults, grown adults, and the elderly could be perfect target markets for the new Zunes. With that in mind, Microsoft may want to take another look at its ad campaign, which is obviously designed to appeal to people who love the iPod ads.