Monday, June 30, 2008

Microsoft Patches its XP Patch

A free tool repairs PCs impaired by the XP SP3 update and a conflict with Symantec's software.

Microsoft Patches its XP Patch

Nearly three weeks after security vendor Symantec Corp. released a free tool to clean up PCs crippled by the Windows XP Service Pack 3 (SP3) update, Microsoft Corp. issued a fix that should reestablish lost Internet and wireless connections.

Last week, Microsoft posted a hotfix for a problem users first reported in mid-May. Users of Symantec's consumer security software said that after updating their PCs to XP SP3, a bug emptied Windows' Device Driver and deleted network connections.

Although Symantec initially blamed Microsoft for the snafu, it later accepted some responsibility. In late May, Symantec acknowledged that Microsoft's updating process and a security feature in its own Norton-branded software combined to swamp the Windows registry with hundreds, sometimes thousands, of bogus and corrupted keys. That security feature, dubbed "SymProtect" by Symantec, was designed to protect the company's security software from attack by guarding against unauthorized changes to the registry.

Although Microsoft had previously declined to comment on the episode, the support document that accompanied the hotfix fingered Symantec's software. "This problem occurs when the Fixccs.exe process is called during the Windows XP SP3 installation," said Microsoft. "This process creates some intermediate registry subkeys, and it later deletes these subkeys. In some cases, some anti-virus applications may not let the Fixccs.exe process delete these intermediate registry subkeys."

The hotfix replaces the Fixccs.exe file with an updated version, but it can only be applied if the user has booted into Windows' Safe Mode, according to the support document.

Symantec has contended that other security software with registry-change monitoring defenses also caused similar problems for users updating to Windows XP SP3, but there have been few reports logged to Microsoft's support forums. Microsoft, however, intimated that Symantec might not be alone when it used the generic, and plural, "some antivirus applications" in its explanatory document.

Users can download the hotfix from the Microsoft site.

Microsoft has not yet begun serving up Windows XP SP3 via Windows Update's Automatic Updates feature, and conceivably could prevent machines that have specific security programs installed from receiving the update. It's already done exactly that by blocking other systems, notably those running AMD processors, from getting XP SP3 to sidestep an endless reboot bug.

Saturday, June 28, 2008

Intel Backstabs Microsoft by Abandoning Vista

The news that Intel has decided it won't upgrade its PCs to Vista - is this the kind of payback that Microsoft expected?

Intel Backstabs Microsoft by Abandoning Vista

The news that Intel has decided it won't upgrade its PCs to Vista must be especially
bitter for Microsoft because court documents show that Microsoft may have launched its ill-fated "junk PC" Vista scheme at the behest of Intel. Is this the kind of payback that Microsoft expected?

According to the New York Times, Intel has decided that it won't upgrade the PCs of its 80,000 computers to Windows Vista. The Times reports:

the company made its decision after a lengthy analysis by its internal technology staff of the costs and potential benefits of moving to Windows Vista, which has drawn fire from many customers as a buggy, bloated program that requires costly hardware upgrades to run smoothly.

Microsoft has good reason to feel bitter about the decision. Microsoft's "Vista Capable PC" scheme may have been launched specifically to help Intel meet its quarterly earnings by selling older Intel chipsets that couldn't properly run Vista.

A refresher for those who might not remember the "Vista Capable PC" scheme: It was a marketing scheme in which people claim that Microsoft misled consumers into buying the Windows Vista Capable PCs, even though the PCs couldn't run the most important features of Vista.

According to court documents released in a suit related to the scheme, Microsoft's John Kalkman sent an email to Scott Di Valerio, who was in charge of the company's relations with PC makers, noting that the Vista Capable PC scheme was being launched on behalf of Intel:

In the end, we lowered the requirement to help Intel make their quarterly earnings so they could continue to sell motherboards with the 915 graphics embedded. This in turn did two things: 1. Decreased focus of OEMs planning and shipping higher end graphics for Vista-ready programs and 2. Reduced the focus by IHV's to ready great WHQL [Windows Hardware Quality Labs] qualified graphics drivers. We can see this today with Intel's inability to ship a compelling full featured 945 graphics driver for Windows Vista.

Kalkman makes clear in the email that it was a mistake to try and bail out Intel:

So Microsoft went out on a limb to bail out Intel, and this is the payback it gets? They're not doubt talking about back-stabbing at Redmond these days.

Friday, June 27, 2008

Expect Firefox 3.1 in July

Mozilla just released the final version of Firefox 3.0, but an alpha update is already scheduled.

Expect Firefox 3.1 in July

Just a week after Mozilla Corp. shipped Firefox 3.0, the open-source developer has proposed ship dates for the next version that, if approved, would produce an alpha release next month and a final no later than early 2009.

According to a draft schedule discussed at a Tuesday meeting, Mozilla wants to have the first Firefox 3.1 developer preview, or alpha, ready by July, then move to a beta by August. The schedule slates final code delivery in the last quarter of this year or the first quarter of 2009. A month ago, when Mozilla first started discussing Firefox 3.1 internally, Mike Schroepfer, the company's vice president of engineering, said the upgrade's target ship date was the end of 2008.

If Mozilla holds to that plan, Firefox 3.1 would be its first fast-track update, with a development timeline significantly shorter than usual. Firefox 3.0, for instance, launched approximately 20 months after its predecessor, Firefox 2.0.

Previously, Mozilla said that it would be able to meet the shorter deadlines because Firefox 3.1 would be composed of features that didn't make it into Firefox 3.0, but were "nearly complete," Schroepfer said.

In the meeting notes published online Tuesday, Mozilla listed some of the improvements it hopes to slot into Firefox 3.1, including changes to the revamped bookmarking that debuted in 3.0 and modifications to the new amped-up location bar.

Several of the proposed changes, however, rely on improvements to the Gecko engine that underpins Firefox, as well as other applications, such as Mozilla Messaging's Thunderbird e-mail client. Developers are working on Gecko 1.9.1 at the same time as Firefox 3.1, and programmers on the latter project expect some of those refinements will make it into the browser's next upgrade, including additional improvements in JavaScript performance and better compliance with the Acid3 test, which checks how closely a browser follows certain Web standards.

In March, when both Apple Inc. and Opera Software ASA touted gains in matching Acid3's requirements with their Safari and Opera browsers, respectively, Mozilla called the race to a perfect score "a puzzle game" and said it wouldn't divert resources from the still-under-construction Firefox 3.0 to match its rivals.

Since the June 17 launch, more than 21.8 million copies of Firefox 3.0 have been downloaded, according to Mozilla's own counter.

Wednesday, June 18, 2008

Firefox 3 Download Day Stumbles

Mozilla hyped today's Firefox 3 launch with a 'Download Day', but some network difficulties handling that huge rush of traffic is keeping Mozilla from reaching that goal.

Firefox 3 Download Day Stumbles

Mozilla hyped today's Firefox 3 launch with a 'Download Day' appeal to Firefox users to all come get the new version at once and shoot for a new Guinness World Record. But some network difficulties handling that huge rush of traffic is keeping many visitors from helping Mozilla reach that goal.

Mike Schroepfer of Mozilla wrote on the Mozilla developer center blog that you should head to for the new browser (you can't yet get it by going to Help Check for Updates within Firefox 2). That page appears to be coming up now, but for a good while the site was unresponsive. After a few tries on the download link on that page I was just able to start a download.

Per Melissa Shapiro on a Mozilla blog posting from earlier today, "Our servers are currently feeling the burn and should be back to normal shortly."

Kristen Whisenand, PR for Mozilla, said their servers are churning out 14,000 downloads a minute. At 7.8MB per download that's one giant flood of data, and most companies try to spread out the traffic instead of encouraging people to focus the spike. Here's hoping Mozilla gets a better grip on the reins of this digital bucking bronco.

So if you're trying to download and can't get through, or maybe get an "Http/1.1 Service Unavailable" error, keep at it. Whisenand says some individual requests may not get through because the systems are so busy, but that the servers are up.

Monday, June 16, 2008

Sony working on 'break apart' motion PS3 pad

Sony Computer Entertainment is working on a new controller for the PlayStation 3which contains an accelerometer for 'Wiimote-like' motion-sensing functionality

Sony working on 'break apart' motion PS3 pad

Sony Computer Entertainment is working on a new controller for the PlayStation 3, which features the ability to 'break apart' into two separate units, each of which contains an accelerometer for 'Wiimote-like' motion-sensing functionality, reports.

It's not clear when the pad will be officially announced, but it is believed that working units have already been supplied to certain developer partners, according to sources.

The potential for new game types to be developed with the additional motion-sensing functionality should open up the PlayStation 3 to the sorts of gaming audiences that the Nintendo has been so successful at gathering with its Wii console.

Sony Computer Entertainment will therefore hope that, with the ongoing development of the PlayStation Network, the success of Blu-ray as the de facto next generation standard of video, the gradual roll-out of Home later in the year and the release of additional high definition titles over time, it will be able to overwhelmingly position the PS3 as the best all-round home entertainment unit on the market.

The original controller released with the PS3, the Sixaxis, did contain some motion-sensing ability, although it came at the expense of the popular 'rumble' functionality and was nothing like as free as the movement that the Wiimote offered. The Corporation later released a DualShock pad for the console.

Sunday, June 15, 2008

PS3 Beats Xbox 360, but Wii Outsells All

Sony eeks out another win over Microsoft's Xbox 360 console in the month of May, while Nintendo reigns supreme with Wii and DS sales.

PS3 Beats Xbox 360, but Wii Outsells All

NPD figures for the month of May show PlayStation 3 outsold Xbox 360. A mere 22k separated the two consoles, hardly putting a dent in Microsoft's huge lead over the battle for total sales. 208,000 PS3 consoles were purchased last month and 186,000 Xbox 360s were snatched up by gamers. To date, 19 million Xbox 360s have sold worldwide compared against 13 million PlayStation 3s.

Unsurprisingly, both consoles were obliterated by Wii at 675,000. Even Nintendo DS performed better than either PS3 or Xbox 360, generating more sales than both consoles combined with 452,000 handhelds sold. Nintendo pushed through over a million game systems during May, which nearly doubles PS3, Xbox 360, and PSP sales combined. Counting PlayStation 2 sales and Nintendo still boasted larger sales.

Hand-in-hand with Wii and DS were solid game sales. Seven of the top ten selling games in May were on either platform. Mario Kart Wii took second place with 787,000 copies in a photo-finish behind the Xbox 360 version of Grand Theft Auto IV with 871k. Both the Xbox 360 and PS3 versions of GTA IV were the only games to make the list for those consoles.

Monday, June 9, 2008

Game Console Choice Shows Generation Gap

How much time do gamers spend playing Xbox 360, Wii, and PS3? A Nielsen consumer report takes a crack at the answer with a new technology called "polling."

Game Console Choice Shows Generation Gap

According to Nielsen respondents (via IGN), gamers between the ages of 10 and 26 spend most their time playing Xbox 360 by 63 percent, followed by 25 percent total console time playing Wii, and 12 percent playing PlayStation 3.

Conversely, gamers 27 and older spend a majority of their console time on PS3 by 52 percent, followed by Wii with 28 percent, and Xbox 360 at 20 percent.

In both demographics, both Xbox 360 and PS3 were played more consistently than Wii and for longer periods of time, supporting the widespread belief that Nintendo's latest console is lacking in deep, entrenching games.

In any case, suffice it to say that gamers love consoles.

Sunday, June 8, 2008

Public's Still Not Buying Blu-ray

Despite resolution of the standard battle, the high-def DVD players and discs are posting slow sales.

Blu-ray Won, But the Public's Still Not Buying

Consumer awareness about the Blu-ray high-definition DVD format is rising, but adoption of the technology still faces challenges, according to data released last week by research company NPD Group.

Until earlier this year, consumers seeking sharper movies on high-definition DVDs had to choose between two competing standards -- Blu-ray backed by Sony Corp and the rival HD DVD, backed by Toshiba Corp.

The standards war ended in February when Toshiba threw in the towel, but NPD said Blu-ray player manufacturers still face hurdles due to price and perceptions among consumers who are content with standard-definition DVD players and content.

Hollywood and consumer electronics makers are hoping the technology would ignite a slowing $24 billion home DVD market.

NPD said 45 percent of U.S. high-definition television owners now claim to be familiar with Blu-ray, up from 35 percent in June 2007.

While just 6 percent of all consumers surveyed said they plan to buy a Blu-ray device, 9 percent of high-definition TV owners plan to buy one in the next six months, NPD said. An earlier NPD study had actually showed a drop in sales earlier in the year.

"With HDTVs now in approximately 40 million U.S. households, that percentage translates to a pool of almost 4 million potential BD (Blu-ray) player buyers," according to Russ Crupnick, entertainment industry analyst for NPD.

Earlier in the week, Wal-Mart Stores Inc said it was now aggressively promoting sales of Blu-ray players by offering from June 8-14, a $100 Wal-Mart gift card with the purchase of any Blu-ray player in its stores.

Wal-Mart has also increased the brands of Blu-ray players it sells, adding Magnavox, Samsung and Panasonic, and will sell select Blu-ray movie titles for $15 starting June 8, including "3:10 to Yuma," "Shooter" and "300."

Saturday, June 7, 2008

Microsoft Plans to 'fix' Its Online Branding

Microsoft is moving quickly to "fix" its online branding problem.

Microsoft Plans to 'fix' Its Online Branding

Now that a Yahoo acquisition is off the table, Microsoft is moving quickly to "fix" its online branding problem, an executive said Tuesday.

Microsoft has been criticized for the introduction of the Live brand, particularly because it didn't fully replace the MSN brand. That has created some confusion in the market, because some services from Microsoft, like Hotmail and Messenger, have both brands and it's difficult to determine if there is a difference between the differently branded services.

Now that Microsoft has pulled its acquisition bid for Yahoo, it plans to focus on solving its branding problem, said Kevin Johnson, president of Microsoft's platform and services division, speaking in Seattle on Tuesday at the Search Marketing Expo conference.

"When we made the bid for Yahoo, the full combination of those companies would have created a whole different set of brand opportunities for our marketing teams to solve," he said. "Since we've moved forward in not pursing a full combination at this time, our marketing teams are liberated to go solve that brand problem."

He suggested that his marketing executives essentially have free rein in deciding what to do. "Fix means fix," he said. The marketers may decide to build a new brand, and spend money to do so, and he'll support that decision, he said.

While a Yahoo acquisition is off the table, the companies do continue to discuss other alternatives, he said, despite very little comment from either company since acknowledging that talks about a more limited deal were happening. "We'll see where that dialogue leads, but there's nothing new to report," Johnson said.

Johnson also reiterated some of the themes that Microsoft executives have been talking about since the company pulled the Yahoo bid. "When you have a competitor that is entrenched, you have to focus on disruptive ways to change the paradigm," he said, referring to Google. Those changes could be in the form of user experience, the business model or the way consumers connect to the service, he said.

Microsoft has begun executing on this vision already, he said. The company's recently introduced Cashback service gives online shoppers money when they buy products from advertisers in Live Search. That's an effort to change the business model and the user experience.

In addition, on Monday Microsoft announced a deal with Hewlett-Packard that will result in a Live Search toolbar on HP PCs sold in North America starting next year. That deal will help distribution of the service, Johnson said.

Friday, June 6, 2008

Bluetooth, IE to Get Critical Microsoft Patches

Microsoft plans to issue seven sets of security patches next week for Windows.

Bluetooth, IE to Get Critical Microsoft Patches

Microsoft plans to issue seven sets of security patches next week, including critical fixes for DirectX, Internet Explorer and Bluetooth wireless software for Windows.

The updates are due Tuesday, the day Microsoft had previously scheduled to release its security patches. Fixes are also slated for Active Directory, the Windows Internet Name Service (WINS) and the Pragmatic General Multicast (PGM) protocol, used by Windows to stream media to many recipients. These updates are all rated "important."

A seventh update, rated "moderate," is listed as a "Kill Bit" update for Windows. This type of patch will disable code that is known to have a security bug.

"The Kill Bit will more than likely be for a third-party application," said Andrew Storms, director of security operations with security vendor nCircle.

Lately, Microsoft's security group has had to pay more attention to software that runs on top of Windows, as attackers have increasingly looked to products like QuickTime, Adobe's Flash and other media players when devising their attacks.

Last Friday, Microsoft warned that a widely publicized flaw in Apple's Safari browser could be combined with another Microsoft bug to let attackers run unauthorized software on a victim's PC.

It's not clear whether Microsoft plans to patch that bug. The IE update could include a fix, although it's unlikely that Microsoft has had enough time to run this software through its testing process, Storms said.

It is unusual for Microsoft to patch Bluetooth, a protocol used to connect devices like headsets to Windows, but added that "the more interesting question is will this patch and/or the bug extend into Windows mobile where it will more than likely have a greater impact?"

Microsoft announced the planned patches in a note posted to its Web site on Thursday.

World's Most Dangerous Domain

Hong Kong's ".hk" is now the world's most dangerous domain for surfing according to a report released by McAfee

McAfee Names '.hk' World's Most Dangerous Domain

Hong Kong's ".hk" is now the world's most dangerous domain for surfing and searching, according to a report released Wednesday by security company McAfee, but the survey's methodology may mean it is not as risky as its seems.

The Hong Kong Special Administrative Region (SAR) moved from number 28 in 2007 to the top of the company's "Mapping the Mal Web" survey, edging out its northern neighbor China's ".cn," which placed second. Finland's ".fi" was the safest, followed by Japan's ".jp."

Just over 19 percent of ".hk" contain malware, viruses, have a high rate of spam or feature aggressive pop-up ads, McAfee said, as determined by a survey of 74 top-level domains using its SiteAdvisor software. Over 11 percent of ".cn" sites for China were similarly found to be dangerous. Comparatively, only 0.05 percent ".fi" sites were found to be hazardous.

However, one Hong Kong-based security analyst said the survey did not demonstrate any real risk as emanating from the SAR. "McAfee are only looking at the top-level domain bit, they are not looking at the location of the server," said Richard Stagg, director and managing consultant at Handshake Networking, a vendor-independent security consultancy. "They're not paying attention to where sites are actually hosted."

The report is also not specific on the degree of "badness" of the sites using the ".hk" domain, Stagg said, as McAfee puts risks such as malware and annoyances like pop-up ads together.

Malware purveyors and spammers choose their top-level domain registrations based in part on where it is difficult to get a domain name shut down, Stagg said. There are "huge, huge numbers of organized crime Web sites and porn Web sites are registered with .cn domains, but most of them are not hosted in China," he said.

Purveyors of malware and spam choose top-level domains in part based on how difficult it is to shut those domains down. For example, the U.S. Federal Bureau of Investigation can ask Network Solutions to close a .com domain, hosted in the U.S., within days, Stagg said, whereas it would have no jurisdiction with foreign domain registrars.

Thursday, June 5, 2008

PDF May Embed Flash Content

Adobe announced that the next iteration of its Acrobat line of product, but may be taking the wrong direction by adding the ability to add Flash Content to PDFs.

Has Adobe Taken a Wrong Turn with Acrobat 9?
Niel McAllister

This week, Adobe announced details of the next iteration of its Acrobat line of products, due in late June or early July. Perhaps the most prominent new feature of Acrobat 9 will be the ability to embed live Flash animation and video directly into PDF documents.

But while this capability sounds appealing, I can't help but be skeptical. PDF stands for Portable Document Format. It seems to me that this new direction that Adobe is taking in some ways flies against the original idea of what PDF is all about.

For starters, adding Flash to PDF documents is instantly going to make them a whole lot less portable. Flash support is nearly ubiquitous on the Windows and Mac OS platforms, but Adobe's track record with Flash on Linux leaves something to be desired. Also, there are a whole lot of handhelds and other devices that can render PDF documents just fine, but lack the power to render video animation.

Second, if something is moving, dancing, and singing across the screen, is it still a "document"? Historically, PDF has been a way to deliver nicely formatted, graphically rich pages in an electronic way. One of the most popular uses of PDFs, in fact, is to print them out on plain, old-fashioned paper. What happens when you go to print a document with embedded video? If nothing else, the printout will not be an accurate representation of the original file.

One of PDF's strengths has been that it has been somewhat less of a moving target than online file formats, such as Flash. By wedding the two, Adobe risks lessening the value of one of its strongest properties.

What's more, if Adobe is now positioning PDF as primarily an online (or mixed-media) file format, what message does that send to the print publishing community, which has long relied on PDF to manage prepress workflows? Will Adobe continue to act with their best interests at heart?

Though the distinctions are subtle, the new features of Acrobat 9 seem likely to create confusion about PDF in the minds of customers. I wonder if, in its zeal to be viewed as a major player in the online content creation business, Adobe might be taking a wrong turn here.


Wednesday, June 4, 2008

Microsoft Clarifies XP SP 3 Flash Issue

Amid concerns that users of its Window XP SP 3 may be vulnerable to online attacks, Microsoft has finally explained XP users need to upgrade Adobe Flash Player

Microsoft Clarifies XP SP 3 Flash Issue

Amid concerns that users of its Window XP Service Pack 3 operating system may be vulnerable to online attacks, Microsoft has finally broken its silence and explained which XP users need to upgrade their Adobe Flash Player software.

The confusion started Monday, when handlers at the Internet Storm Center pointed out that Microsoft had quietly noted that the recent XP SP 3 was vulnerable to five Flash bugs patched in November 2006. Some took this to mean that if an XP system was updated to Service Pack 3, it would somehow wind up with an older, buggy, version of the Flash Player.

Microsoft originally declined to comment on the matter, but on Tuesday it reconsidered and said that this is not the case.

"Microsoft does not ship any version of Flash in the Windows XP Service Pack 3 update that customers use to update existing SP2 machines," the company said in a statement.

However some people who build new XP systems using SP3 will need to update their software. "A new system built using a copy of Windows XP with SP3 integrated will install the original Flash 6 that shipped with Windows XP Gold and will need MS06-069 installed from Windows Update," Microsoft said.

They should, however, be running the latest version of the player,, which includes bug fixes that protect against an attack currently being used by criminals.

Just last week Symantec mistakenly reported that attackers had discovered an unpatched zero-day flaw in the Flash Player. The bug turned out to be something patched in April, but nevertheless, it is being exploited in a fairly widespread attack, so having a vulnerable version of Flash is a dangerous proposition.

But that incident, combined with Microsoft's initial silence on the XP SP 3 issue, has made things tough for Windows users, said Susan Bradley, a Windows blogger who is chief technology officer with Tamiyasu, Smith, Horn and Braun, Accountancy Corp. "It is very confusing," she said. "First we were really freaking out because we thought we had a zero-day," she said, "Now we've got this bulletin that says if you apply this, you're [in trouble]."

Users can find out if their PCs are running the latest version of the player by checking with this Adobe Web site.

Tuesday, June 3, 2008

Microsoft Extends XP Deadline for Low-Cost PCs (Part 1)

Microsoft has extended the life of Windows XP so that computer makers can include the operating system on low-cost PCs

Microsoft Extends XP Deadline for Low-Cost PCs
Part 1

Microsoft has further extended the life of Windows XP so that computer makers can include the operating system on low-cost desktop PCs, the company announced at the Computex trade show on Tuesday.

Microsoft has been under pressure from computer makers to provide a version of its OS for an emerging class of very low-cost laptops and desktops. Its new Windows Vista OS is widely seen as too resource-hungry for those machines.

In April Microsoft extended its deadline for selling Windows XP licenses for low-cost laptops like the Asus Eee PC. It had originally planned to stop selling most XP licenses on June 30.

At Computex on Tuesday it said it has now also extended the deadline for low-cost desktops. PC makers can now include Windows XP in those systems until 2010, the same as the deadline for low-cost laptops, said Rob Young, a senior director with Microsoft's OEM group.

In a statement, Microsoft said the extension applies to "nettops," a term coined by Intel to refer to low-cost desktops that have limited system configurations and are intended for simple tasks like surfing the Internet and sending e-mail. Examples include the upcoming Asus Eee Box, which is on show here at Computex.

It was unclear what limitations Microsoft may put on PC makers to prevent them from installing Windows XP on more capable machines. Young said Microsoft and PC vendors are in general agreement over what constitutes a nettop and suggested that Microsoft won't specify the hardware configurations that vendors can use with XP.

Microsoft said it was responding to the growing popularity of nettops and netbooks, and to demands from PC makers to provide a suitable OS for those machines.

"We've had a lot of feedback from customers and partners, and they're very interested in seeing these devices with Windows on them," said Steve Guggenheimer, the head of Microsoft's OEM business, during a speech at Computex.


Microsoft Extends XP Deadline for Low-Cost PCs (Part 2)

Microsoft has extended the life of Windows XP so that computer makers can include the operating system on low-cost PCs

Microsoft Extends XP Deadline for Low-Cost PCs
Part 2


It was unclear what limitations Microsoft may put on PC makers to prevent them from installing Windows XP on more capable machines. Young said Microsoft and PC vendors are in general agreement over what constitutes a nettop and suggested that Microsoft won't specify the hardware configurations that vendors can use with XP.

Microsoft said it was responding to the growing popularity of nettops and netbooks, and to demands from PC makers to provide a suitable OS for those machines.

"We've had a lot of feedback from customers and partners, and they're very interested in seeing these devices with Windows on them," said Steve Guggenheimer, the head of Microsoft's OEM business, during a speech at Computex.

Microsoft's statement was ambiguous, saying only that it would extend the deadline for "the Windows offering" to include nettops. Young confirmed that the extension applies to Windows XP.

"We have seen much demand for Windows on the Eee PC," Jerry Shen, CEO of Asustek Computer, said in the statement. "It is great that Microsoft is addressing this customer demand and providing a Windows solution on these devices, which will provide a familiar computing experience."

Intel has said nettops and netbooks are intended as a second PC for the home or for people in developing countries who can't afford a full-featured PC. However, Guggenheimer acknowledged Tuesday that no one knows yet where the devices will prove popular.

"We've had standalone Internet devices come out before, not too many of them have been successful, but now we are getting towards the right price points," he said. "How they'll land and who will buy them we don't really know yet, but we'll wait and see."

Netbooks and nettops are intended to be powerful enough to consume content, such as streaming video, but not powerful enough for content creation tasks like video editing. Many will use Intel's new Atom chips or Via's low-power C7 processor.

The Eee Box is due to go on sale in July for about $300 and will be offered with Windows XP or Linux. It will come with a maximum hard drive capacity of 250GB and use 802.11n Wi-Fi for Internet access.

Monday, June 2, 2008

Safari Flaw Worse Than First Thought

Microsoft is warning that a previously disclosed flaw in Apple's Safari browser could have dire consequences for Windows users.

Safari Flaw Worse Than First Thought, Microsoft Warns

The Safari bug, originally disclosed on May 15 by security researcher Nitesh Dhanjani, allows attackers to litter a victim's desktop with executable files, an attack known as "carpet bombing."

It turns out that if this flaw is exploited in combination with a second unpatched bug in Internet Explorer, attackers can run unauthorized software on a victim's computer, according to Aviv Raff, a security researcher. Raff says he originally reported the IE flaw to Microsoft more than a year ago, and then told them about how it could be combined with the carpet bombing bug just over a week ago.

IDG News Service tested Raff's demonstration attack code, which runs Windows Calculator on a victim's system. For the attack to work, a victim must first visit a maliciously crafted Web page with the Safari browser, which in turn will trigger the carpet bombing attack and exploit the IE flaw.

Both the Safari and IE bugs "are moderate vulnerabilities that, combined, produce a critical flaw, which allows remote code execution," Raff said in an instant message interview.

Microsoft is taking the issue seriously. It released a security advisory on the problem late Friday, a sign that it may be working on a patch for the IE flaw. The advisory says that the vulnerability has to do with the way Windows handles desktop executables and recommends that Windows users "restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple."

The attack reportedly affects all versions of Windows XP and Vista, Microsoft said.

Apple may not be rushing out to patch this bug, however. Dhanjani says that Apple has told him that it is not treating the Safari bug as a security issue, a response that has generated criticism from the security community. Last week, for example, the consumer advocacy group urged Apple to reconsider this stance.

According to Raff, unless Apple patches the bug, more attacks like the one he found in IE are likely to pop up. "This is not the only issue that can be combined with the Safari vulnerability," he said. "If Microsoft fixes this, Safari users will still be vulnerable."