2/20/2007

Vista security overview: too little too late

By Thomas C Greene in Dublin
Published Tuesday 20th February 2007 20:30 GMT

Review Microsoft has gone out on a limb to promote Vista not merely as "the most secure version of Windows ever" (every recent version is marketed with that tired slogan), but for the first time as an adequately secure version of Windows. "We've got the message and we've done our homework", the company says. So let's see if the reality lives up to the marketing hype.

As Billg likes to point out, Windows is the platform on which 90 per cent of the computing industry builds, and this naturally means that it's the platform on which 90 per cent of spyware, adware, virus, worm, and Trojan developers build. That translates into 90 per cent of botnet zombies, 90 per cent of spam relays, 90 per cent of spyware hosts, and 90 per cent of worm propagators. In a nutshell, Windows is single-handedly responsible for turning the internet into the toxic shithole of malware that it is today.
Click here to find out more!

That's not going to change any time soon, no matter how good Vista's security might be, but a version of Windows with truly adequate security and privacy features would certainly be a step in the right direction.

And indeed, there have been improvements. For one thing, IE7, at least on Vista, is no longer such a dangerous web browser. It may still be the buggiest, the most easily exploited, and the most often exploited browser in internet history, and probably will be forever, but it has become safer to use, despite its many shortcomings. This is because MS has finally addressed IE's single worst and most persistent security blunder: its deep integration with the guts of the system.
Browser woes

At last, MS has, in a sense, sandboxed IE on Vista. In IE7's new protected mode (Vista only), which is enabled by default, IE is restricted from writing to locations outside the browser cache without the user's consent, even if the user has admin privileges. IE is essentially denied write access to the wider file system and to much of the registry. Hallelujah.

To oversimplify this, IE7 protected mode runs as a low-integrity process which is restricted to writing to corresponding low-integrity locations, where rights are minimal. A process started from such a location would have very low rights, as would each child process it spawns. This helps to reduce the impact of malware on the system overall. However, there is a brokering mechanism that enables users to download files to any location they have access to, or to install browser plugins and extensions, and the like. So users are still invited to make a mess of their systems, and no doubt many will, while Microsoft has a chance to shift blame away from itself.

However, IE7 on Vista does still write to parts of the registry in protected mode. And it appears to write to parts that MS says is won't (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/IETechCol/dnwebgen/ProtectedMode.asp). The company says that "a low integrity process, such as Internet Explorer in Protected Mode, can create and modify files in low integrity folders". We are assured that such low integrity processes "cannot gain write access to objects at higher integrity levels". And again, MS emphasises that a low integrity process "can only write to low integrity locations, such as the Temporary Internet Files\Low folder or the HKEY_CURRENT_USER\Software\LowRegistry key".

So I tested this assurance. I ran IE in protected mode, typed a URL into the location bar and went there. Then I opened regedit, and searched for a string of text from that URL.

Sadly, IE7 is still stashing typed URLs in the registry, and not in the ...\LowRegistry location, either. I found them in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs (if you want to fix this, navigate to the key in the left-hand pane of regedit and right click, and choose permissions. Deny permission for each account. That ought to delete all the entries and take care of all related keys in one go).

No doubt one of those brokering mechanisms decided to write to that location, because a URL hardly carries the risk of causing malicious activity. So it's "safe", at least to some. But I wasn't asked if IE could write anything there. It was done automatically. And this behaviour does carry a security risk, if, like me, you think that user privacy and data hygiene are at all related to computer security. Surely, users should not have to hack their registry merely to purge their browser's data traces once and for all.

Next, there is IE7's anti-phishing filter gimmick. I disabled it almost immediately. It's very showy and it says, "Message: We Care", but I found it more irritating than actually helpful. I think a lot of users will disable it, and trust their instincts instead. Remember, if you put your mouse pointer over a link, the actual URL will be displayed in the status bar. The link may say Bank of America, but if the actual URL is http://123.231.123.231/bankofamerica.com/u/0wn3d/dummy/ then it should be pretty clear that it's a dodgy link.

IE7 also has a handy menu for deleting your history, cookies, cache, and so on. This is similar to the Mickey Mouse privacy utility in Firefox (http://www.theregister.co.uk/2007/01/30/firefox_makes_steady_progress/). Remember that these data traces are not securely wiped, but merely deleted. They remain on your HDD until they happen to be overwritten. Firefox will let you delete all that stuff automatically each time you exit; IE won't: you have to do it manually. And remember, with IE your typed URLs are in the registry, where they definitely don't belong, and this utility won't purge them. Oh, and you have to enable User Account Control (UAC) for IE's protected mode to work. Not everyone is going to want to do that, as we will see later.

IE sorely needs cookie and image management like Mozilla's, allowing third-party or offsite cookies and images to be blocked, and allowing users to set all cookies to be deleted on exit. IE won't let you set cookies to be deleted on exit, but will happily block cookies from websites that don't have a "compact privacy policy", a meaningless cookie policy statement (http://msdn.microsoft.com/workshop/security/privacy/overview/createprivacypolicy.asp) that any malicious website could easily have. But this is something MS has been involved with, so they're all excited about it, even though it's rubbish. Unfortunately, they force users to depend on it, which is worse rubbish.

The default security settings for IE are basically sensible and I would change only a few, and this is the first time I've ever said that. I would tighten things up just a bit, disabling MetaRefresh, disabling "Launching programs and files in an IFRAME", disabling "websites in less privileged web content zone can navigate into this zone", and disabling Userdata Persistence. Otherwise, IE7 on Vista offers a decent compromise between security and usability. The privacy conscious are, as always, encouraged to use Mozilla for browsing instead, and leave IE in its default configuration, to be used solely for manual sessions with Windows Update.
Spambuster?

Next up, we have the successor to Outlook Express, called Windows Mail. I always considered Outlook Express to be hands down the worst email client ever devised. Windows Mail is a little better. There now are half-decent junk mail controls and, of course, the famous anti-phishing filter. Email memos are now stored as individual files instead of in a database file, which means they can be searched faster, and email contents will show up in the Windows main search, which is either very handy, or a privacy nightmare, depending on what you get up to with your email. This type of storage also makes it easier for you to nuke messages with a wipe utility, either by wiping free space after deleting, or wiping them manually if you have the patience.

However, junk mail controls are awkward. Flagging memos as spam is a hassle; you do this in a list above the preview pane with the right mouse button, and then select from a list of actions. This can be quite tedious if you get a lot of spam, because one can't select several emails for the same action. There really ought to be a junk button that one can use to mark memos as spam and delete them with a single click, as there is with Thunderbird. It would be nice if the default rule for such a junk button were to be blocking the sender, rather than the sender's domain. One can always block a troublesome domain manually if need be.

Interestingly, an email from Microsoft Press Pass - a mailing list of self-congratulatory press releases for tech journos - was automatically flagged as spam. I find it hard to disagree with that call.

Memos can be displayed as HTML with all the risky stuff, such as online images and scripts, blocked. And Windows Mail doesn't give you a hard time about displaying all memos as plain text, which I recommend. Or rather, it displays lightly formatted text; you don't get the raw text as you do with Kmail, so links show up as they would in HTML, with the actual URL hidden. Now, with IE7, such links show up in the status bar as the full URL when you mouse over them, but in Windows Mail they don't. This should be fixed, because otherwise one is stuck relying solely on Microsoft's anti-phishing filter gimmick.

While not security related, I will note briefly that there is no undelete button or Edit menu option to undo a deletion, for those of us who tend to delete first and ask questions later.
Click yes to continue

Data Execution Prevention (DEP) is a feature from XP SP2 that shuts down programs that handle memory oddly, and it is now set to full on by default. It works with address space layout randomisation, a new feature in Vista that loads some system code in unpredictable memory locations to defend against buffer overflow attacks. Both are very good ideas, and should help reduce the impact of malware to some extent.

However, DEP, when full on, may cause a number of applications to crash, or interfere with their installation. I'm betting that a majority of users will opt for the more conservative setting, and this of course means less defense for everyone.

User Account Control (UAC) is another good idea, because it finally, finally, finally allows the machine's owner to work from a standard user account, and still perform administrative tasks by supplying admin credentials as needed on a per-action basis. You know, the way Linux has been doing it forever.

This is one way of helping protect a multi-user system from being loaded with malware by users, and for ensuring that any malware on the system runs with reduced privileges. When you are in a user account, and you wish to perform an administrative task, you will be prompted for the required credentials. Aside from the prompt, the GUI shell will be disabled during this time, to help prevent certain kinds of privilege escalation attacks where the GUI shell or elements of it are spoofed by malicious software.

Of course, it only works if everyone stays out of the admin account as much as possible, and if everyone with an admin password knows better than to install a questionable program with admin privileges. And there's the catch: "Windows needs your permission to install this cleverly-disguised Trojan nifty program. Click Yes to get rooted continue."

So you see that, here again, MS's security strategy involves shifting responsibility to the user.

UAC is all well and good in theory, but here's the problem: it's never going to work. And the reason why it's never going to work is because MS still encourages the person who installs Vista (the owner presumably) to run their machine with admin privileges by default. I was delighted, when I set up Vista for the first time, to be presented with an opportunity to set up a "user" account. But moments later, when I saw that I was not invited also to create an admin account, I knew that the "user" account I had just set up was indeed an admin account. And so it was.

Until MS gets it through their thick skulls that a multi-user OS needs a separate admin account and a user account for the owner, and that the owner should be encouraged to work from a regular user account as much as possible, UAC will never work as intended.

In fact, UAC is the most complained-about new feature of Vista, and most people are disabling it as soon as possible. Why? Because MS still encourages the owner to set himself up as the admin, and work from that account. And when you're running in an admin account, UAC is nothing but a bother. Every time you try to take an action, and this could be as simple as opening something in Control Panel, UAC disables your screen and pops up a little dialog asking you if you really want to do what you just did. A pointless irritant that will cause the vast majority of Vista users to disable UAC, because the vast majority of Vista users will, unfortunately, be running as admins, thanks to MS's stubborn refusal to try to put everyone into a user account to the extent possible.

And once UAC is disabled, all of its security enhancements are lost. Yes, the basic idea is good, but the implementation has been completely bungled.
A few irritating details

The default folder view options could be improved for the security conscious user. One should definitely not hide file extensions, as the default file view has it, because it is possible to spoof icons and use bogus extensions that can make executables appear to be other than they are. Yes, UAC and DEP are supposed to help with this, but DEP will be set to its lower setting, and UAC will be turned off, on the vast majority of Vista boxes, for reasons we've already discussed. And since it's very likely that you will still be running your Windows box as an admin, if you're going to open a file with Windows Explorer, you'd better look to see whether or not it's an executable, because it will run with your privileges. So, at a minimum, the folder view should default to showing file extensions.

As usual, Windows enables far too many services by default. It would be a tremendous help if MS could somehow use its many wizards to enable only the services needed for each bit of hardware or software installed. That would take some effort on Microsoft's part, and on the part of device and software vendors, but the alternative so far has been to leave every single bell and whistle blaring. Unnecessary services waste RAM, and worse, those related to networking are a needless target for worms and other online attacks.
Data hygiene

The start menu now offers the option of not storing or displaying a list of recently-accessed files and programs. This used to be a real nightmare for data hygiene. Finally, it's fixed.

Oh wait; it's not fixed. In fact, things just got a lot worse. There is the new "Recently Changed" directory, which will show up as one of your "Favourite Links" in the left-hand column of your home or user directory, and in Windows Explorer. And guess what: all the files you've been fiddling with recently will show up in it. Its contents are identical to the "Recent Documents" folder that Microsoft let you think you had shut off.

But worse, the contents of your recently-changed directory will not show up in main search, even if you use advanced search, and search "everywhere". So you might not even know it's there. And still worse, you can't empty this directory without deleting all of the files it points to. You can empty your "Recent Documents" folder, and only the pointers or links will be gone; you don't lose the actual files. But with this new gimmick, you've got an archive of all the files you've looked at, regardless of where you've buried them in the file system hierarchy in hopes of keeping prying eyes off them, and you can't empty it unless you want to say goodbye to the files themselves.

The worst part of this is that by offering the option to disable the list of recent files, MS has given users a false sense of privacy and security. The reality is that privacy and data hygiene are even more difficult than before. What a blunder.
Child safety first

Now there is some good news, finally. Vista ships with parental controls that are reasonably easy to implement. You can set up accounts for the kiddies, and prevent them using all sorts of programs, like email, chat, and IM, or even deny them internet access altogether if they're too young. One thing that I like is the ability to prevent the little porn fiends from downloading files via IE7. But remember, if you have any other browsers loaded on the system, you must disable them all individually via the parental controls, because download blocking only works with IE.

The whole setup is sensible and allows for fine-tuning depending on each child's level of maturity and responsibility. And parents can schedule regular reports on their children's internet use.

Now, parental controls and filtering are all well and good, but we should beware of any false sense of security they might encourage. In a recent Today Show interview (http://www.youtube.com/watch?v=p6TcxNjK7Kc) (video), Billg dilated glowingly about Vista's new parental control centre; but we should remember that it's merely a tool, not a solution. Parental controls are not a substitute for adult supervision. The internet is adult space, and so it should remain. Nothing sends my blood pressure into aneurysm territory faster than talk of legislation that would make the internet safe for children. The internet has been created by adults for adults, and children venturing online simply have got to be supervised, either by a parent or by a mature and responsible older sibling. Filtering is not a panacea.
Package deal

Now, for the Vista Security Centre. This has been controversial, involving MS in skirmishes with security software vendors who claim that Vista's built-in product is anti-competitive.

I'm not sure why anyone would worry. The Security Centre doesn't do very much except remind users, "Message: We Care". It's a little craplet with a stereotypical icon that looks like a shield, and it simply informs you of whether or not the firewall is on, whether or not you've got anti-virus software installed, and so on. It is integrated with an improved version of the malicious software removal tool, or anti-spyware tool, in the form of Windows Defender.

There's nothing much in Security Centre that XP SP2 doesn't have, except a warning that you've turned off UAC. It's something that one might wish to run or consult after installation, and maybe once a month thereafter. But it's on all the time, ready to harangue you, and it's rather difficult to make it go away.

It doesn't contain AV software, but a query for further information on virus issues will bring you to this web page (http://www.microsoft.com/athome/security/update/windowsvistaav.mspx), where MS recommends the vendors it thinks are ready to handle Vista (McAfee is notably absent). Nor does it have a packet filter (firewall) with many features. It's not too bad to configure, but third-party packet filters offer many more options in terms of notification and controlling individual applications. I noticed one exception in the default firewall configuration that I didn't care for, for allowing remote assistance. I don't think that should be allowed unless you're actually using remote assistance.

Windows Defender is certainly better than nothing; it monitors files for changes that can indicate malicious activity, and searches for known spyware. It is also integrated with IE7 to some extent. However, what constitutes spyware is a judgment call, and it's never a bad idea to use more than one anti-spyware/anti-adware product, in hopes that one will pick up what another overlooks. (And WD does seem to miss (http://www.theregister.co.uk/2007/02/20/anti-spyware_tests/) an awful lot of spyware.) I certainly wouldn't recommend depending solely on Windows Defender. But it's nice that it's there.
In a nutshell

So, what have we got here? An adequately secure version of Windows, finally? I think not. We have got, instead, a slightly more secure version than XP SP2. There are good features, and there are good ideas, but they've been implemented badly. The old problems never go away: too many networking services enabled by default; too many owners running their boxes as admins and downloading every bit of malware they can get their hands on. But MS has, in a sense, shifted the responsibility onto users: it has addressed numerous issues where too much was going on automatically and with too many privileges. But this simply means that the owner will be the one making a mess of their Windows box.

Data hygiene is still an absolute disaster on Windows. In fact, it's worse than it ever was in some ways, and that's very bad indeed. Browser traces still in the registry, heavy and complicated indexing to improve search, new locations where data is being stored. It all adds up to a privacy nightmare. Keeping a Vista box "clean" is going to be impossible for all but the most knowledgeable and fastidious users.

So don't rush out to buy Vista in hopes of getting much in return security-wise. I do like some of the changes, at least in theory, or as a decent platform on which to build an adequately secure version of Windows one day. But that day, if it ever comes, will be well in the future. ®

Windows Defender spyware-blocking under fire (again) (20 February 2007)
http://www.theregister.co.uk/2007/02/20/anti-spyware_tests/
Vista security overhaul questioned (19 February 2007)
http://www.theregister.co.uk/2007/02/19/vista_uac/
Vista first look: Bugs and confusion (14 February 2007)
http://www.theregister.co.uk/2007/02/14/pricey_beta_bugger/
How to install a Vista upgrade on any PC (12 February 2007)
http://www.theregister.co.uk/2007/02/12/cheap_vista_for_everyone/
The Fear biz is the computer security biz (11 February 2007)
http://www.theregister.com/2007/02/11/computer_security_fearmongering/
Symantec: Microsoft conflict of interest is damaging internet (7 February 2007)
http://www.theregister.co.uk/2007/02/07/symantec_thompson_microsoft/
Gates: protect Windows Vista users with IP (6 February 2007)
http://www.theregister.co.uk/2007/02/06/gates_rsa/
Microsoft enters the anti-virus bear-pit (9 October 2006)
http://www.theregister.co.uk/2006/10/09/av_market_analysis/

© Copyright 2007

Windows Live Messenger ads serve up malware

Rogue banner ads slip through safety net
Tom Sanders in California, vnunet.com 21 Feb 2007

Microsoft's Windows Live Messenger client for several days has displayed banner ads that attempted to install malware on user's systems.

Microsoft has acknowledged the incident and has removed the offending advertisements.

"We apologize for the inconvenience and are reviewing our ad approval process to reduce the chance of an occurrence such as this happening again," Whitney Burk, a PR manager with Microsoft said in an emailed statement.

The banners inside the Windows Live Messenger advertised Errorsafe, an application that claims to detect and repair computer problems. The software is notorious because it often gets installed without the user's permission and because it presents false security warnings that are intended to make the user purchase a licensed copy of the software.

Most security vendors list Errorsafe and related software such as Winfixer as a potentially unwanted program or a security risk.

"This is very bad news for users of MSN Messenger, and for MSN and Microsoft, " Sandi Hardmeier, a Microsoft 'MVP' wrote on her Spyware Sucks blog.

Security experts in the past have pointed to banner advertisements as a potential way to distribute malware and exploit software vulnerabilities. They offer malware authors a potential way to post their attack code on trusted, mainstream websites.
The Windows Live Messenger incident further confirms the risk of such attacks.

"I am struggling to express how upset, and disappointed, and worried, I am that this has happened. For years I have been holding up MSN Messenger banner advertisements as an example of how advertisements can be safely served up to end users without putting them at risk of malware."

"Now, everything has changed. Users have been put at direct risk through no fault of their own and they can't avoid the MSN banner advertisements when the contact pane is open without using a third party hack that is ethically wrong to use," Hardmeier concluded.

Microsoft falls victim to shady 'scareware'

Jeremy KirkTue Feb 20, 10:40 AM ET

Microsoft said it moved quickly to remove a banner advertisement that appeared on its instant-messaging program for a software application that falsely hypes security threats on a user's computer.

"We immediately investigated the reports and removed the offending ads, as this is a violation of our ad-serving policy," wrote Microsoft spokeswoman Whitney Burk, in an e-mail Tuesday.

Last week, computer security analysts noticed two advertisements for Winfixer -- a self-described security program that also goes by the name ErrorSafe -- on Windows Live Messenger.

Security companies have labeled it as a "potentially unwanted program." They believe the program falsely alerts users to problems with their computer and encourages them to purchase the application. It falls into an informally named category of program called "scareware," whose creators try to bully users into downloading their program or face problems with their computer.

Microsoft, which called Winfixer "malware," did not detail how the ads appeared. However, the Center for Democracy and Technology (CDT), a civil liberties and consumer group in Washington, D.C., has investigated how questionable ads promoting spyware and other malicious software have appeared on ad networks.

The incident highlights how even a well-resourced company such as Microsoft can be vulnerable to the vagaries of complex associations of Internet advertising networks.

"There are often a host of parties involved in the advertising chain, making it difficult to track the journey an advertisement takes from its original source to a user's computer," according to a CDT report released last year.

It's extremely hard to police advertisements, as the organizations which supply them could suddenly substitute new ones, said Graham Cluley, senior technology consultant for Sophos, a security software company.

"There remains a risk that advertisements may be vetted and approved when first placed with an advertising network only to be later 'updated' to advertise less savory products," Cluley said. "This isn't just a problem for Microsoft, it's a problem for any company which is delivering advertisements to its userbase."

The U.S. Federal Trade Commission (FTC) has undertaken several actions against companies that have created special programs designed to exploit security vulnerabilities in computers, that -- like Winfixer -- purport to repair the machine.

The Winfixer incident sparks concerns over end-user security and could be especially important for Microsoft. The company seeks to use advertising to subsidize the cost for free services such as Windows Live Mail, formerly Hotmail, and other Web-based services it's using to compete with online offerings from Google Inc.

"For years I have been holding up MSN Messenger banner advertisements as an example of how advertisements can be safely served up to end users without putting them at risk of malware," wrote Sandi Hardmeier, a Microsoft Most Valued Professional and specialist in Internet Explorer, on her blog. "Now, everything has changed. This simply shouldn't have happened."

Winfixer, which sells for around $39.95, has a shady history, experts says. It's a persistent program, constantly popping up on newly-created domains under various aliases, including ErrorSafe, WinAntiVirus and DriveCleaner, said Chris Boyd, security research manager for FaceTime Communications Inc.

The changing names and versions are hard to keep up with for security analysts, let alone for ad network managers who may have no idea of the true nature of the program, Boyd said.

"The suspicions are that it [Winfixer] is a quite sophisticated operation," Boyd said.

At one time, Winfixer was one of several bad programs installed in a bundle by hackers on vulnerable machines, wrote Ben Edelman, a malware researcher and doctoral candidate at Harvard University, on his Web site.

The hackers exploited the Windows Metafile (WMF) problem, a particularly dangerous security hole that appeared in December 2005 and prompted Microsoft to hurriedly issue an off-schedule patch.

As always, users should be careful. "The responsibility ultimately falls on the users to be wary of advertisements which may be selling inappropriate or potentially damaging -- to data or finances -- goods," Cluley said.

Microsoft Takes Aim At Big Piracy Problem

Patrick SeitzTue Feb 20, 7:00 PM ET

Microsoft is acting to cash in on one of its big opportunities: getting people who are using illegal copies of its software to pay up.

The problem of piracy is nothing new for Microsoft (NasdaqGS:MSFT - News). But the company hopes new incentives it's offering customers will help it recover some revenue it would otherwise lose to pirates.

Under the company's "genuine advantage" program, users of Microsoft's newly released Windows Vista and Office 2007 won't get the full functionality of those products unless they validate their copies online, and this won't work with pirated copies. Only users with legal copies of Windows can download such programs as Windows Defender anti-spyware software or the latest Internet Explorer Web browser and Windows Media Player.

And only users with legal copies of Office 2007 can get extra features such as the ability to save Word documents, Excel spreadsheets and other pages as PDF files. Microsoft originally planned to include the Save as PDF feature in the shipped product, but decided instead to make it a free add-in as an incentive for legitimate users.

Microsoft Chief Executive Steve Ballmer estimates that two-thirds of those using pirated Microsoft software are unaware of it and probably would want to have a legal version.

Send In Receipt

The genuine advantage program is about making it easy for users to know whether they have a genuine copy, says Chris Capossela, corporate vice president of Microsoft's business division product management group. The program gives users incentives to make their copy legal, he says.

In many cases, that incentive is a cheap price, he says. For instance, if customers have a receipt from where they got Office, they can submit that to Microsoft for a free copy. Microsoft then would use the receipt to track down the offending seller.

While Microsoft will now let only legal-software users download non-critical updates, it will still share critical updates, such as security patches, with all Windows and Office users, Capossela says.

"For really critical updates, it's still pretty important for everybody to be able to get those," he said. "It's a really delicate line that we're trying to walk. Because you don't want someone having a terrible experience with the product -- even if they didn't pay for (a legal copy)."

Microsoft is taking the initiative, says Yun Kim, an analyst with Pacific Growth Equities. It's working with personal computer makers in Third World countries such as China to make sure that they don't ship PCs without operating systems. Those machines usually end up running pirated copies of Windows. To avoid that, Microsoft is offering those makers a low-price, stripped-down edition of Windows, Kim says.

Nearly 60 million PCs were sold with pirated versions of Windows during Microsoft's fiscal 2006 ended June 30, the company says.

Half Could Be Pirated

Microsoft also faces a big piracy problem with its Office suite, which includes such popular programs as Word, Excel and PowerPoint.

Microsoft estimates there are 500 million users of Office software, legal and illegal, worldwide. As many as half could be using pirated copies, says Charles Di Bona, an analyst with Sanford C. Bernstein & Co.

"So there's a lot of opportunity there" for recovering lost revenue, Di Bona said.

The Business Software Alliance says 35% of the world's software is pirated. The BSA estimates that software vendors and associated service and support businesses lose at least $50 billion a year to piracy.

Copyright 2007 Investor's Business Daily, Inc.

Independent Research Confirms Allegations That Vista's Anti-Spyware Protection Has Holes

Monday February 19, 10:04 am ET
An Independent Test of Windows Defender Against Third Party Vendors Demonstrates Why Best of Breed Products Are Still Vital

SAN FRANCISCO--(BUSINESS WIRE)--PC Tools announced today the results of an independent comparison by Enex Testlab of anti-spyware software including Microsoft's own Windows® defender.

PC Tools hired independent testing facility -- Enex Testlab -- to evaluate how Windows Defender stacks up against Spyware Doctor(1) and other third party vendors. The internationally renowned, independent lab has been performing comparison tests for the past 17 years. The lab compared identical threats against a number of leading anti-spyware products throughout 2006 -- Spyware Doctor was the conclusive overall winner.

"We have taken a look at several anti-spyware vendors over time to determine the current level of accuracy against spyware threats in 2006. These results show Vista requires more work to protect users. Third party security vendors -- especially in the area of anti-spyware are still essential components in protecting users," said Matt Tett, Senior Test Engineer for Enex TestLab.

"We have been watching with interest the development of Microsoft's Vista security effort. We know that Microsoft is facing difficult challenges with the broadening scope of dangerous malware attacks while also trying to maintain backwards compatibility and usability. This independent research was designed to show how we compare in combating real-world threats over an extended period of time," said Simon Clausen, CEO of PC Tools.

Research from other security vendors revealed weaknesses in Vista's security -- demonstrating ineffective blocking capabilities, slow definition updates and weak in-built anti-spyware protection. These independent results from Enex Testlab further illustrate how Microsoft must continue to improve the Vista security component to protect consumers.

Recently, a third party vendor chose its own testing sample-set and performed basic tests out of their own threat research lab. They also reported weaknesses in the spyware blocking capability of Windows® Defender.

"While we agree with the overriding conclusion that Vista security is lacking, this approach fundamentally contradicts the laws of statistical analysis, and clearly creates a bias result. By hand-picking the sample-set, it is easy to return results showing whatever you want. It would even be possible to show Vista had 0% blocking ability," Clausen explained.

"We wanted to prove through an independent and unbiased review - where PC Tools did not choose or supply the sample-set, that Vista's anti-spyware protection is in fact inadequate, and could result in a false sense of security to consumers."

According to the aggregate Enex test results for the entirety of 2006, Microsoft Defender's quick scan was able to block only 46.61 percent of dangerous threats while their full scan blocked 53.39 percent. Tested at the same time and using the same sample-set, PC Tools' Spyware Doctor quick scan blocked 83.26 percent and the full scan blocked 88.69 percent receiving the overall number one ranking for the complete year, against Defender, and other leading anti-spyware products.

"These independent results demonstrate that consumers must continue to rely on third party products such as PC Tools' Spyware Doctor(1) to keep them secure from spyware and other malware threats," Clausen said.

(1) Current awards include: PC Magazine Best Anti-Spyware 2005, Editor's Choice 2006; Windows XP Magazine, Editor's Choice; PC Pro Recommended 2006, A List product; PC Answers Editor's Choice 2006; PC Advisor Gold award 2006; PC User 'Top Buy' 2006; Computer Shopper Best Anti-Spyware of 2006.

ABOUT PC TOOLS(TM)

PC Tools is a global software leader with a cache of security and utility products, including the multi award-winning Spyware Doctor(TM). PC Tools is an industry leader in real-time anti-spyware and has a number of key patents pending.

The PC Tools Malware Research Center monitors trends and emerging spyware issues and provides security solutions for the consumer and enterprise marketplace. The company is headquartered in Sydney, with offices in San Francisco, London, Dublin, Melbourne, and Kiev. PC Tools has a global network of distributors, resellers, and retailers.

ABOUT ENEX TESTLAB

With a heritage stemming directly from RMIT University, Enex TestLab provides high quality, independent testing services to government and corporate clients internationally.

Enex TestLab's reputation is founded on independence, rigor, accuracy and the usefulness of our work in saving customers money and reducing their risk. Enex TestLab's testing services have evolved over decades to represent one of the worlds most sophisticated, experienced and creative testing enterprises.


Contact:

PC Tools
Vernon Thompson, 415-547-1806
pr@pctools.com
http://www.pctools.com/

Source: PC Tools

Windows Defender spyware-blocking under fire (again)

By John Leyden
Published Tuesday 20th February 2007 18:52 GMT

Microsoft's Windows Defender has once again come under criticism for alleged shortcomings in blocking invasive spyware applications.

In tests sponsored by anti-spyware vendor PC Tools, and carried out by independent testing facility Enex Testlabs, Microsoft’s Windows Defender blocked less than half (46 per cent) of current spyware threats, scoring well below third party anti-spyware providers. The findings, published on Tuesday, follow earlier in-house research by security rival Webroot that Windows Defender failed to block 84 per cent of a testing sample-set that included "15 of the most common variations of existing spyware and malware". Threats of various types - including adware, system monitors, key loggers and Trojans - were able to reside on the testing environment undetected by Windows Vista, Webroot reports.

Microsoft has declined to comment on Webroot's criticism and is also staying quiet on the latest reports.

Microsoft's rivals are understandably keen to promote the message that while Vista might be more secure than previous versions of Windows, users still need additional protection from malware threats. Redmond itself isn't up to the job so users ought to continue relying (buying) third-party products, the argument goes.

The problem with both the PC Tools and Webroot's survey is the result of the tests depends on the spyware sample used, who supplies it and the complete objectivity of the testing agency. In the case of the Webroot test, the sample data was "randomly chosen from a database of over 8,000 spyware installation programs that was provided by Webroot" (our emphasis). PC Tools criticised this approach as "hand picking" the sample set. It said PC Tools did not choose or supply the sample-set used by Enex, described as real-world spyware threats circulating in 2006.

According to the aggregate Enex test results for the whole of 2006, Microsoft’s Windows Defender quick scan was able to block only 47 per cent of dangerous threats while their full scan blocked 53 per cent. Tested at the same time and using the same sample-set, PC Tools’ Spyware Doctor quick scan blocked 83 per cent and the full scan blocked 89 per cent better than other unnamed anti-spyware products put through their paces.

However since PC Tools hired Enex to conduct the tests they inevitably carry less authority than would be the case if they were done completely independently.

In the anti-virus world, vendors have agreed to submit to testing against a set of viruses at large on the internet in tests conducted by independent testing houses such as Virus Bulletin and not paid for by any one vendor. The anti-spyware industry hasn't reached this level of maturity.

It's quite possible, for example, that Webroot and PC Tools products might only detect a small proportion of a sample set supplied by Microsoft or McAfee or anyone else. That's not to say these products are ineffective, simply that tests are meaningless until an independently-produced sample is used in tests conducted by wholly disinterested parties.

Until we get to that point anti-spyware tests will be more about marketing than objective product performance assessments. ®

Vista security overview: too little too late (20 February 2007)
http://www.theregister.co.uk/2007/02/20/vista_security_oversold/
Security watchers lambast Vista (5 February 2007)
http://www.theregister.co.uk/2007/02/05/vista_security_criticisms/
Security rivals tried to 'castrate' Vista - Gates (10 November 2006)
http://www.theregister.co.uk/2006/11/10/vista_castration_averted/
Microsoft enters the anti-virus bear-pit (9 October 2006)
http://www.theregister.co.uk/2006/10/09/av_market_analysis/
Share the Vista vision, Microsoft tells security rivals (3 October 2006)
http://www.theregister.co.uk/2006/10/03/mcafee_windows_vista_security_risk/
MS to omit anti-virus from Vista (30 January 2006)
http://www.theregister.co.uk/2006/01/30/vista_security_allchin/
Say hello to Windows Defender (7 November 2005)
http://www.theregister.co.uk/2005/11/07/windows_defender/
US tops poll of spyware purveyors (23 August 2005)
http://www.theregister.co.uk/2005/08/23/webroot_spyware_report/
Spyware scumbags make $2bn a year (4 May 2005)
http://www.theregister.co.uk/2005/05/04/spyware_report/
Anti-spyware group collapses (13 April 2005)
http://www.theregister.co.uk/2005/04/13/coast_collapse/

© Copyright 2007

FTC chief: Pop-ups and adware are bad business

Corporate America in general ought to do a better job of figuring out where their ad dollars are going
By Robert McMillan, IDG News Service | Wednesday, 21 February, 2007

Over the past few years, dealing with computer crimes and annoyances has become an increasingly important part of the Federal Trade Commission's work. In the past year, the FTC has announced settlements with spammers, adware distributors, and even Sony BMG Music Entertainment, over its distribution of rootkit software.

FTC Chairman Deborah Platt Majoras recently sat down with the IDG News Service to discuss some of the work her organisation is doing to keep the scammers and criminals at bay. She talked about the Sony settlement, the role that online advertisers play in the adware and spyware plague, and whether buried disclosures in licensing agreements really count.

Following is an edited transcript of the interview.

IDGNS: Although there's this perception that much of online criminal activity happens outside of the US, there's actually a lot of money that makes its way to the pockets of US spyware vendors, hosting providers, and even advertisers. What can the FTC to go after the US money?

Majoras: It's a very interesting point. I spoke [recently] to a corporate council. I told them that corporate America in general ought to do a better job of figuring out where their ad dollars are going. Because what we think is happening is that some of the ad dollars are making their way to adware providers who may be providing the software without the consumer's knowledge and consent. And these companies may not even know about it at the end of the day.

If I were a company, I wouldn't think that having a consumer bombarded with pop-up ads advertising my product would be a great way to sell.

We want companies to have a better understanding of where these advertising dollars are going, so in a couple of our high-profile spyware cases, like the one against Zango, we tried to be very public. That's a company that has changed its business model now. They have told us, "We've changed our ways; we're going to do things differently." But the people who hire them need to understand exactly what is going on with this advertising.

IDGNS: Well, you could get their attention if you sued them. Do you think that's likely?

Majoras: That would certainly get their attention. I don't know right now.

IDGNS: You recently settled an action against Sony over its use of rootkit technology to protect copying. That was a case of computer owner's property rights bumping up against the entertainment industry's enforcement of its intellectual property rights. Do you anticipate more of this type of conflict in the future?

Majoras: Yes, we may see some additional collisions, but from our perspective, companies should think about the legal principles that we've developed in the industrial economy and continue to apply them in this new economy.

The principles we applied in the Sony case are not really new and different. It's not that they endeavored to protect their intellectual property, which they're entitled to do, it's that they didn't tell consumers what they were doing. We felt that how a consumer could use the CDs, where the music could be played ultimately, and whether or not their habits were being monitored, those were things that consumers would want to know about before they made their purchase. From our perspective, disclosure to consumers is a first principle.

As we look at principles that we're applying in spyware and the like, the first principle there is, the computer belongs to the user, not to the software distributor. You have to think of it that way.

IDGNS: There is something about the way legal agreements are evolving that offends common sense. I don't think people read most disclosure agreements, and I don't blame them. If you just want to download a plugin or play a CD, is it reasonable to expect someone to read a three-page boilerplate legal agreement?

Majoras: That's a tough issue that you're raising, and an important issue. One of the things that has always been the case, though, is that buried disclosures have never worked and have never been adequate. So if you are burying an important disclosure that's going to make a difference to a consumer, then there's a real question about whether that's a true disclosure.

This is also something that we worry about with some of the spyware legislation that's been proposed. People say that as long as it's disclosed to folks that, "this is what's going to happen," then that may be good enough. We actually had a case in which buried in the EULA was this disclosure that said, "We reserve the right to take over your computer."

But we said there, "No, that is not good enough." That is the type of disclosure that would need to be front and center for the consumer that they really couldn't get past.
Copyright © Fairfax Business Media A Division of John Fairfax Publications Pty Limited, 2006 Privacy Policy

AVG Security Software Named a Leading Alternative Brand By VARBusiness Magazine Readers

February 20, 2007 10:00 AM Eastern Time


GRISOFT Ranked #1 Alternative Vendor in the Security Software Category

MILBURN, N.J.--(BUSINESS WIRE)--GRISOFT, the developer of AVG Internet security software, has been identified by North American information-technology (IT) solution providers who read VARBusiness magazine as being the top alternative to other security market leaders.

Lawrence M. Walsh, editor of VARBusiness magazine, which covers the business of technology integration, explains that there are numerous reasons why such brands are preferred to category leaders. “Products such as AVG often provide value-added resellers with superior performance, innovative technology and preferential price opportunities,” says Walsh.

GRISOFT’s AVG product line for home, small and medium business users protects against growing Internet-based threats including worms, viruses, Trojans, adware, spyware, spam and keyloggers. AVG Internet Security 7.5 is a comprehensive suite of computer security tools including antivirus and anti-spyware protection, an easy to use personal firewall, a spam filter and anti-phishing tools. Other AVG bundles include AVG Anti-Malware, which combines the latest anti-spyware and antivirus technologies within a single, easy-to-use interface. Network and server editions are also available with remote administration as well as compatibility with the latest operating systems including Windows Vista. All AVG security products include reliable automatic updates and use a low level of computer resources. Free 24/7 technical support is available for all commercial versions.

Larry Bridwell, VP of Global Security Strategies of GRISOFT says: “It is great news for GRISOFT that readers of VARBusiness rank our software as the best choice for resellers and distributors but it is not a surprise by any means. We work closely with our partners and distributors providing them with comprehensive marketing and sales support. We focus similar attention to all AVG commercial version users in the form of worldwide, professional and 24/7 technical support.”

GRISOFT is recognized in the special Feb. 19 “Alternatives” issue of VARBusiness magazine and online at www.varbusiness.com.

About VARBusiness Magazine

For the past 20 years, VARBusiness’ strategic resources have been the gateway to the Solution Provider community. VARBusiness provides strategic insight for technology integrators through industry-defining research, in-depth editorial, channel events and innovative Web services, enabling these IT professionals to make educated decisions for their businesses, partnerships and customers. VARBusiness has been the recipient of numerous industry awards for both editorial content and design. Additional information about VARBusiness products, events and services, is available at its Web site, www.varbusiness.com.

About GRISOFT

www.grisoft.com

GRISOFT is a leading provider of antivirus, firewall protection and security solutions for consumers and SMEs. It is one of the fastest growing companies in the industry with more than 40 million users around the world that rely on GRISOFT AVG products to protect their computers and networks.

Established in 1991, GRISOFT employs some of the world’s leading experts in antivirus software, specifically in the areas of virus analysis and detection, software development, and antivirus support. GRISOFT award-winning products are distributed globally through resellers and the Internet as well as via AVG Anti-Virus Software Developer’s Kit (SDK) to interested partners.

Contacts
PR@vantage for GRISOFT
Fran Bosecker, 845-536-1416
fbosecker@pr-vantage.com
or
GRISOFT, Inc.
North American Marketing
Jim Gildea
jgildea@grisoft.com

PC help: Prolonged shutdown

Get your computer to close down more quickly
Tim Smith and Anthony Dhanendran, Computeract!ve 20 Feb 2007

Q My computer takes a very long time to shut down; I have time to make a coffee between clicking on Start, then Shut Down, and waiting for the Close down dialogue box to come up on the screen. It then takes several minutes before the computer actually closes down. Can anything be done?
Brian Wadsworth

A Lengthy shut-downs are often caused by rogue programs clogging up the computer or by a single program failing to shut down properly. These rogue programs could be spyware or adware, or they could simply be genuine software that is clashing in some way with another piece of software.

Firstly, make sure that the computer is free of viruses, adware and spyware by running full scans with your anti-virus program and the appropriate cleaning tools. Try Ad-Aware and SpyBot if you don’t have your own programs already.

The next thing is to get rid of any programs that you’re not using. Click on Start, then Control Panel (or Settings, then Control Panel) and select Add or Remove Programs. Browse through the list and select a program that you installed but no longer use. If a program looks unfamiliar, it may be a system program, so it’s best to leave it as it is.

However, once you find any programs suitable for removal, click on Remove and follow the prompts. Do this for any similar entries.

Finally, check the Notification Area at the bottom-right of the screen for icons you might not need – right-click any you don’t need and click on Close or Exit. Do this one at a time, and if the PC shuts down quicker after this, that indicates which program is holding things up. This can be removed, or contact the maker for a possible fix.

ESET NOD32 Rated Fastest Antivirus on Microsoft Vista

(Newswire Today) — Dubai, UAE, United Arab Emirates, 2007-02-20 - ESET, the leader in proactive threat protection, today announced that ESET NOD32 Anti-virus received its 42nd VB100 award in the February 2007 Virus Bulletin Comparative Review.



NOD32 was rated the fastest in comparative testing of 15 antivirus products running on Microsoft Windows Vista Business Edition (32-bit). ESET further extended its nine-year track record as the vendor with the most VB100 awards.

"ESET is one of the first security vendors in the world to offer a Microsoft Vista compatible antivirus solution. Our award-winning NOD32 solution, which works as a single integrated engine to offer the best unified anti-threat system, provides real-time protection from known and unknown viruses, spyware and other malware. The 42nd VB100 award is a testimonial of ESET's commitment towards offering the fastest and most effective antivirus solution to its customers," said Mr. Neo Neophytou, Managing Director at ESET Distribution Middle East.

“Over the past nine years, ESET has achieved 42 Virus Bulletin VB100 awards, more than any other vendor,” said John Hawes, of Virus Bulletin. “In this most recent Comparative Review, not a single miss or false positive gives ESET another perfect score, and NOD32’s ever-impressive speed makes it a top performer on the Vista platform.”

“We’re pleased to be celebrating our 42nd VB100 win, a milestone that underscores NOD32’s unparalleled proactive detection across a range of platforms,” said Andrew Lee, chief research officer at ESET, LLC. “Hands down, ESET is the fastest antivirus solution on Windows Vista. NOD32 is a top performer that delivers the most advanced technology for combating malware in a fast and easy-to-use product.”

High-performance, low-impact ESET NOD32 Antivirus software offers consumers and businesses comprehensive protection in a product designed to automatically update behind-the-scenes without impacting other applications, so users always have the most current protection available. ESET NOD32 Antivirus version 2.7 utilizes ThreatSense® technology, a sophisticated detection system based on advanced heuristics, to proactively identify previously unknown viruses, Trojans, spyware, rootkits and phishing attacks in real time. ThreatSense is built into NOD32’s single scanning engine to provide comprehensive protection so users do not need to rely on additional point solutions for spyware and adware protection. NOD32 runs on both 32 and 64-bit versions of Windows Vista.

To learn more about emerging threats and what businesses and consumers can do to protect themselves, ESET has produced a podcast series available on iTunes or at the ESET website.

VB100 Overview
The VB100 award was first introduced in 1998. In order to display the VB100 logo, an antivirus product must have demonstrated in tests that:
• It detects all In the Wild viruses during both on-demand and on-access scanning
• It generates no false positives when scanning a set of clean files
• The product must fulfill these criteria in its default state

About ESET Distribution Middle East
ESET Distribution Middle East is the Regional Business Development Center of ESET NOD32 Antivirus for the Middle East. Founded in 1992, ESET is a global provider of security software for enterprises and consumers. ESET’s multiple award-winning, anti-threat software, NOD32, provides real-time protection from known and unknown viruses, spyware and other malware. NOD32 offers the smallest, fastest, and the most advanced protection available, with more Virus Bulletin 100% Awards than any other antivirus product. ESET was named in Deloitte’s Technology Fast 500, for four years running, and has an extensive partner network, which includes corporations like Canon, Dell, and Microsoft. For more information call +971 7 2077813.



Agency / Source:


# # #

Related Link: http://www.esetme.com
Contact name: Nirmala D'souza
Related Link:
+971507343840 / nimi[.]oakconsulting.biz

2/14/2007

Updating Windows Defender

By J. D. BIERSDORFER

Updating

Windows Defender

Q. Every time I turn on my computer I receive a long message that includes “Windows Defender Application failed to initialize: 0x800106ba. A problem caused Windows Defender Service to stop.” What can I do to fix this error?

A. Windows Defender is Microsoft’s own free software for blocking pop-up advertisements, spyware and other malicious programs that could invade and hobble the Windows operating system on your PC.

The most recent version of the program was released last fall, but you may be getting the error message if you are running an earlier version of Windows Defender. A note on Microsoft’s site says the Windows Defender Beta 2 version of the software expired on Dec. 31, 2006, and it urges users to upgrade to the latest version.

You can upgrade to the newest edition of Windows Defender by clicking the “Download It Here” button at www.microsoft.com/defender. According to a support article on the site, older versions of the program will be automatically removed when you install the new Windows Defender. In addition to technical support, the site also offers discussion groups, a Frequently Asked Questions page and the full list of system requirements for the program.

Earlier versions of the software included support for Windows 2000 systems, but the current version of Windows Defender now requires at least Windows XP, Service Pack 2. As part of the Windows Defender installation, you need to validate your copy of Windows, an online process that lets Microsoft verify that your computer is running a legitimate copy of the company’s software.

Camera Issues

With the iMac

Q. Why do I sometimes get a message saying the camera on my iMac is “in use by another application” when I try to use it with the Mac OS X PhotoBooth software?

A. Many recent Macintosh models, including iMac desktop systems as well as MacBook and MacBook Pro laptops, now include a tiny iSight camera above the screen. This camera can be used for video conferences with Apple’s iChat AV instant-message program or to take pictures with the free PhotoBooth software that comes on many new Macs.

The Classic environment — software that lets Mac OS X run programs written for older versions of the Macintosh operating system — has been known to interfere with the iSight cameras on iMac G5 models running Mac OS X 10.4.8. If you are running an old Mac OS 9 program in the Classic environment and cannot use your iSight camera with the PhotoBooth software, Apple suggests restarting the computer and then opening the PhotoBooth program.

The company also notes that you may be able to use PhotoBooth while Classic is running if you open the photo program first.

Too Many

Antivirus Programs

Q. I have an expired copy of Norton AntiVirus on my computer. If I install a copy of the free AVG antivirus program, should I delete the old Norton software?

A. Because they are designed to monitor a computer continually for threats, many antivirus programs that offer “real time” protection work closely with the operating system. Having more than one such program running has been known to cause problems because the two can interfere with each other’s attempts to keep tabs on your system.

To prevent software conflicts, it’s generally a good idea to stick with one antivirus application and keep it rigorously updated. (Running two competing antivirus programs may also have the effect of slowing your computer as well.) If the old Norton program did not come with its own uninstaller software, you can remove it by going to the Start menu to Control Panel and opening the Add or Remove Programs icon. Select the program from the list on screen and click the Remove button.

Antivirus software keeps your computer protected from new threats by regularly downloading program updates from its maker. Once your subscription for these updates runs out, the program may not be able to block the latest threats flying around the Internet, which is why it is important to have up-to-date antivirus software.

Grisoft’s AVG Anti-Virus Free Edition software is available for home users running Windows or Linux systems at free.grisoft.com. The company has a free basic edition of its spyware program, as well as commercial versions of its security software. J. D. BIERSDORFER

Questions about computer-based technology may be sent to QandA @nytimes.com. This weekly column will address questions of general interest, but e-mail and letters cannot be answered individually.

The News-Gazette, Champaign-Urbana, Ill., Computer Queries Column

By Greg Kline, The News-Gazette, Champaign-Urbana, Ill.

Feb. 12--MAC VOICE-RECOGNITION, MORE ON SPYWARE, VISTA: A caller asked about voice-recognition software for Apple Macintosh computers with the idea of being able to control and work on a Mac with voice commands instead of keyboard and mouse.

Versions of the most popular titles for Windows, notably Dragon NaturallySpeaking, don't exist for the Mac.

IBM's ViaVoice software is available in a Mac OS X version that allows a user to do such things as dictate, correct, edit and format text with voice commands, as well as navigate the Mac's Finder and control Internet applications.

One disadvantage is that the dictating and editing take place in the program's own word processor, which means cutting and pasting your edited copy from ViaVoice's SpeakPad to whatever document-creation software you use.

You can read more about ViaVoice at: www.nuance.com/viavoice/osx The OS X voice-recognition software that probably gets the best reviews from the Mac press is iListen, www.macspeech.com.

It lets you do quite a bit more than ViaVoice, including, for the most part, work within the software you prefer for document creation. It's also under more active development than ViaVoice with a new version for Apple machines running on Intel chips. iListen will transcribe digital voice recordings for you in the bargain.

Mac OS X has some built-in voice-recognition tools allowing quite a bit of control over your computer with voice commands, although not as feature extensive as something like iListen. The system will read on-screen text to you, too.

It doesn't do dictation. But hey, it does let you play OS X's included chess game by speaking your moves.

For more details, check out: www.apple.com/macosx/features/speech Also see: images.apple.com/macosx/features/voiceover

I know you have mentioned in several of your articles the link to check your home computer for spyware free of charge. What is that link again?

I suggest downloading and installing Spybot Search & Destroy: www.safer-networking.org/en. I also suggest downloading and installing Ad-aware Personal SE: www.lavasoftusa.com/products/ad-aware_se_personal.php Both are free. Unlike anti-virus programs, which don't play nice with each other, it doesn't hurt to run two anti-spyware programs (or three or four if you like) and it isn't a bad idea since one title always seems to catch a couple things another didn't.

Some Web sites claim to scan your computer on line, but they're just as likely to be ineffective, to try to sell you software or services, or to actually serve as vehicles for transmitting malicious software. Download Spybot and Ad-aware instead, run scans and check for updates periodically, and you should be good to go.

CHECK FOR VISTA COMPATIBILITY: Last time, I wrote about some factors to consider in deciding whether to upgrade to Microsoft's new Windows Vista. (Short answer, don't until Microsoft issues the first major "service pack" of bug fixes, probably six months to a year from now.) The biggest consideration is your computer's compatibility with Vista, as well as the compatibility of devices you have attached to your computer, like a printer or scanner.

You can get a decent idea of how your specific setup will fare in a Vista transition by visiting: microsoft.com/windowsvista/getready/upgradeadvisor.

The site is Microsoft's Windows Vista Upgrade Advisor, which only works if your computer is currently running Windows XP. You can't upgrade any version earlier than Windows 2000, but then if you're running a version earlier than Windows 2000 your computer probably isn't muscular enough to run Vista anyway.

Contact News-Gazette Staff Writer Greg Kline, 351-5215; e-mail klinenews-gazette.com; or mail The News-Gazette, P.O. Box 677, Champaign, 61824-0677. Include your name, community where you live, phone number and e-mail address. Also include the make and model of your computer, the system software version you're running, and details about any other software or devices the question involves. Answers will run every two weeks.

-----

To see more of The News-Gazette, or to subscribe to the newspaper, go to http://www.news-gazette.com.

Copyright (c) 2007, The News-Gazette, Champaign-Urbana, Ill.

Distributed by McClatchy-Tribune Business News.

For reprints, email tmsreprints@permissionsgroup.com, call 800-374-7985 or 847-635-6550, send a fax to 847-635-6968, or write to The Permissions Group Inc., 1247 Milwaukee Ave., Suite 303, Glenview, IL 60025, USA.

IBM, 6680, AAPL, 6689, MSFT,

Source: The News-Gazette

Hackers target the home front

Criminals are trying to gain access to banks' computer networks via the weakest link in the security chain: executives who work at home, reports Pete Warren

Thursday February 15, 2007
The Guardian

One of the UK's leading banks has been forced to admit that organised hacking gangs have been targeting its executives. For the past year, Royal Bank of Scotland has been fighting systematic attempts to break into its computer systems from hackers who have sent personalised emails containing keyloggers to its senior management. This has included executives up to board level and is now the subject of a separate investigation by the Serious and Organised Crime Agency.

The hackers are homing in on the trend for people to work from home. The hackers make the assumption that the computers being used outside the work environment are more vulnerable than those protected by a corporate IT department.

Growing threat

For companies it is a growing threat as home working increases: a recent survey from the Equal Opportunities Commission found that more than 60% of the UK's population wants the option of flexible working.

And the hackers are employing increasingly sophisticated techniques. Each email they send is meticulously built to make it attractive to its target, who the criminals have carefully researched by trawling the internet for information. Once the email is composed, the malware is just as carefully designed: it is often modified to avoid detection by security software.

The keylogger contained in the email installs itself automatically and then collects details of logins and passwords from the unsuspecting user. This means that hackers can, using the usernames and passwords stolen by the keyloggers, connect to VPNs, or Virtual Private Networks, which many companies use to create an encrypted pathway into their networks.

Once inside a bank's network, the hackers can communicate directly with computers holding account information and manipulate funds.

Has this actually happened? In some cases sources claim that the login details of VPNs have been obtained and used though there has been no confirmation that any losses have occurred as a result. The attacks are not believed to have focused on RBS but to have been across the whole of the banking industry.

Royal Bank of Scotland said that the bank had suffered no losses as a result of the attacks and added: "RBS has extremely robust processes in place in order to protect our systems from fraud. Trojan email attacks are an industry-wide issue and are not isolated to a particular area or a particular bank."

The first indication that banks had become the target of such sophisticated attacks emerged two years ago when police foiled an attempt by hackers to steal $420m (£210m) from a London branch of Sumitomo, a Japanese bank. According to reports, the attack on Sumitomo involved the use of both hardware and software keyloggers.

It is not just banks that have been targets. Last year attempts were made to steal information from the Houses of Parliament using malicious email. Messagelabs, the company responsible for monitoring much of the email traffic of the government and big business for suspect software, said at the beginning of the year that criminals have been evolving more sophisticated techniques to attack corporate networks.

According to Mark Sunner, chief technology officer of Messagelabs, the number of malicious emails targeted at individuals has been increasing. Two and half years ago they were being seen once every two months, but now they are seeing one or two a day. This has been accompanied by an increase in quality in the creation of Trojans and spyware.

"The hackers are now aiming to take over computers, particularly those of home users. Some of the malicious software that we are routinely seeing for that purpose will have its own antivirus system built into it so that they can kill off the programs of their competitors."

The criminal gangs, believed to be based in Russia and Asia, routinely use software deployed by legitimate businesses and adapt it to gather information on individuals. "The gangs are taking the lists of addresses from people's machines and they are performing their own mail merges to create databases of names and addresses," says Sunner.

According to Sunner, as well as the usual tactic of hijacking a PC for use as part of a spam network, hackers also mine computers for information on the individual and their contacts. This information can then be used help build a database of personal information that can be used to construct targeted criminal emails.

Social networking sites are also being mined, according to Sunner. These are not just the preserve of MySpace and Bebo-using teens; professional social networks such as Plaxo and LinkedIn are also being plundered. Sunner adds: "If someone contacts you from LinkedIn and you don't know them and they ask you to join their network, you essentially tell them the names of everyone you know if you are a member of either group. There are a lot of people who will answer those requests without thinking."

Aamir Butt, UK chief executive of Giritech, a Danish company that produces secure links for home-working, says: "We work with a range of customers including those in the financial industry and it was mentioned to us that the login details for VPN networks were a weakness that people were concerned about."

Increased vigilance

Tony Neate, the head of Get Safe Online, a government-funded organisation set up to raise awareness among UK businesses of computer criminals, says: "There is now an attempt to target individuals within UK businesses - including the banking sector. What is happening is that crime is doing what it always does, which is look for the weakest link. Home working is where they perceive a weakness.

"This points to a need for increased vigilance and security by those working from home and by those responsible for letting them work from home. For home working to be effective, security needs to be as effective as if working in an office."

· If you'd like to comment on any aspect of Technology Guardian, send your emails to tech@guardian.co.uk

Windows Vista: the Missing Manual

John Suda writes "It's been over five years in the making and its nearly perfect. No, Im not referring to Microsoft's vast new operating system named Windows Vista, but to the reference book Windows Vista: the Missing Manual, by author David Pogue. The book is the latest, and perhaps best, in the Missing Manual series published by Pogue Press / OReilly Media, Inc. The Missing Manual series is the benchmark of quality for computer manuals. Unless youre a system administrator, programmer, or uber-geek, this is probably the only reference source you'll need to learn Microsofts Vista." Read below for the rest of John's review.
Windows Vista: the Missing Manual
author David Pogue
pages 848
publisher O'Reilly Media
rating 9
reviewer John Suda
ISBN 0596528272
summary The only reference source you'll need to learn Microsofts Vista


Vista is the long-awaited successor to Windows XP and it is a major overhaul and upgrade of that operating system. It was designed primarily to address long-standing security issues with XP and its predecessors, but it also has a vastly new look and feel graphically and in operating features. It comes with a large number of new programs and features and its innards have been significantly beefed up, as it is a 64 bit operating system, focused on the intermediate future of computing hardware and software.

There are so many changes in Vista that it would take perhaps a dozen pages just to provide a bare-bones description of everything. You dont get any written material from Microsoft when you buy Vista. There are digital support and help resources built in and available elsewhere for Vista, but they are not convenient to use and they are relatively limited in scope and depth. Vista, the Missing Manual, provides the information Microsoft doesnt. It covers all five North American versions of Vista. Page 6 has a handy comparison chart of each version. The beginning of every content section refers to which version of Vista the discussion applies.

This Missing Manual uses every bit of 827 pages (including index) to provide similar descriptive and informational material as the built-in Vista sources, but provides much, much more:

Beyond mere description of features and functions, the book explains and evaluates all of the major (and many of the minor) changes from Windows XP to the new Vista. The introductory chapter itemizes all of the most important changes providing perspective on what Microsoft has done with the new operating system. It also highlights some of the more significant interface changes the new search tool, the revised Start Menu, and the new ribbon bar.

The author notes, at every point relevant, the options a user has in either using a new Vista feature, or in reconfiguring the operating experience to return to pre-existing features and the aesthetic elements of Windows XP and earlier versions of the operating system.

Pogue provides an expert users perspective on the value of the changes and new features in Vista. Some things are improvements and upgrades; others are rated as inferior to what was before. If you dont like the new or changed feature, Pogue guides you how to revert to previous iterations of the featuress, or otherwise provides workarounds.

Pogue is great at providing an expert users perspective on working with the operating system efficiently and pragmatically. He doesnt just describe a feature or function but includes tips and guides on how to be more efficient and practical with it and provides reference to other resources available for additional information or guidance. The Manual is written so that one almost feels that they are getting a one-on-one, hands-on lesson, in using Windows Vista. He represents the Alpha-geek relative you might have to help you out when you cant figure out how to do or fix something.

Beyond all of the information, guidance and perspectives, Pogue has a great writing style. The writing is sprinkled with wit, sarcasm, and good-natured humor, extremely rare for a computer related book. Microsoft gets more than a few slams for its many foibles, all well earned. WordPad, for example, no longer opens Word files!

The author writes for multiple levels of need and understanding. He details the basics of Windows Vista for beginners, provides richer material in breadth and depth for intermediate users, and a good amount of material useful for power users, both informationally and in advanced tips. There are many sidebars sprinkled throughout called Power Users Clinic which offer more technical tips, shortcuts, and information to PC veterans.

There is a lot new to Vista. The most important, if not the most noticeable, are the security enhancements. Microsoft now has a user account control which limits installation of new applications to a user who has administrative permissions. By default, the operating system generates accounts for simple users, without the ability to allow installation of new programs. There is a full page of FAQs just regarding the user account control.

A major security upgrade is service hardening which prevents access to the all-important system files by outsiders or unauthorized users. Other new security elements are the Windows Defender program designed to prevent spyware installs, a phishing filter in Internet Explorer, parental controls, protected mode, drive encryption, address space randomization, and much more. That list doesnt even include a new backup program to help protect users from nonfeasance in basic computer operations (although the author recommends third-party software.)

What is most noticeable is the appearance of the desktop, windows, icons, system font (Sergoe UI), and interface features. These are all redesigned to take advantage the vastly enhanced graphic capabilities of Vista referred to as Aero. The Start Menu has been redesigned to be easier to use. The conventional menu bar for the desktop and most application windows has been replaced with a content-based ribbon bar.

There is a lengthy list of new applications, most significantly Windows response to Apple Macintoshs iLife suite of media applications. In Vista, these are the Photo Gallery, Calendar, DVD Maker, Media Player 11, and DVD Maker. It adds to that group, Meeting Space, which is a collaboration program for local network users.

The Windows Sidebar is modeled after Apples Dashboard, which allows customized applets to be displayed and used. A useful cautionary note mentions that the Sidebar gadgets dont save data or configurations when closed. You must start all over again.

Mr. Pogue is an accomplished writer and computer expert having authored over 40 books, including 17 of the Missing Manual series. Hes well regarded as the weekly technology columnist for the New York Times and a correspondent for CBSs News Sunday Morning. Hes been assisted here by four other experts who contributed chapters or parts of chapters to this manual. The writing is clear, concise, and jargon free. The book provides a fair evaluation of Microsofts latest operating system and gives it good grades overall. Pogue routinely points out the areas that Microsoft has unashamedly copied from Apple Macintosh, and notes it as a good thing.

The book is organized into eight parts including a set of appendices. These include the Desktop (or user workspace), the Vista software, Online and Internet connection matters, the new Pictures, Movie, and Media applications, hardware and peripherals, PC health and maintenance, and networking with Vista. The page layout is clean. The book is filled with hundreds of screenshots and numerous step-by-step instructions on nearly all of Vistas elements. The discussion is comprehensive and deep.

Part One explains the Desktop and whats new, including the Welcome Center, Start Menu, and the greatly enhanced search tool which graces every window and the desktop itself. It now offers natural language searching for the first time. For those using older hardware which may not be up to par for Aeros graphic demands, Pogue provides a handful of suggested speed tweaks. A full 10 pages is devoted to Microsofts improved speech recognition system, including a large handful of insights from an experienced user of such software. The author is a fan of Dragon s Naturally Speaking program, but gives good reviews to Vistas capabilities.

Part Two contains most of the material on the new programs and the improved programs Internet Explorer and its new RSS capability, tabs, and search bar, Mail (the Outlook replacement), and the Control Panel, which now contains at least 50 icons for mini-applications, wizards, links, and folders. Chapter 8 provides an applet by applet description. Dealing with the Internet with Internet Explorer and Mail comprises most of Part Three. There is a comprehensive section on connecting to the Internet with the growing number of methods-cable, DSL, dial-up, WiFi, cell, etc.

The media applications are covered in detail in Part Four including comparisons of Microsofts media applications to iTunes and Zune. The discussion of Media Center includes tips on managing recorded TV and setting up media hardware. Part Five deals with the fax, print, and scan functions and hardware related matters. Especially interesting are the printer tricks and the section on laptops, tablets, palm tops and hand-recognition software.

For maintenance, troubleshooting, and problem solving, there is a trio of chapters in Part Six covering disk maintenance and repair, the new dynamic discs feature, compression and encryption, and backups. Geeks may be interested in knowing how to uncover the hidden controls for the new improved firewall. Pogue even provides material on energy conservation and how to configure Vista to work most efficiently for the user.

Part Seven covers the basics of accounts and networks. There is a lot new in Vista, especially in regard to its separate users architecture. The difference between workgroup and domain networks is explained clearly. Sharing and collaboration functions are explained and there is a comprehensive and deep section on remote control using a multitude of methods.

The appendices are great. Appendix A. discusses the installation of Vista in a comprehensive, systematic manner, from pre-purchase and installation considerations, to making decisions about upgrades or clean installs, to dual booting. He describes the new Welcome Center which aggregates many of the initial configurations for a user, or for multiple users.

Appendix B. is cheekily titled Fun with the Registry and is an introduction, with examples, to the notorious registry which is carried over from XP and predecessors. Most authors writing for this level of reader tend to avoid discussion of the registry, but Pogue provides just enough material to intrigue the intermediate user.

Appendix C. is a short itemization of whats missing in Vista from previous Windows operating systems. It makes it easy to figure out why something youve used before cant be located and used. Appendix D. is a master list of keyboard shortcuts for both the operating system and its major applications, like Internet Explorer 7, and the new Windows Mail.

There is no wasted space or text in this book. Its worth every cent of its $34.95 price. As a small bonus, copies of shareware programs mentioned in the book are conveniently available for download at www.missingmanual.com.

You can purchase Microsoft's Vista: the Missing Manual from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Hackers Two-Timing on Valentine's Day

Wednesday February 14, 4:43 pm ET
* Hacker's second strike disables antivirus and security tools; uses rootkit functions to conceal its presence.
* Nurech.B worm spreads through Valentine's Day e-card spoofs with subject lines like "Happy Valentine's Day" or "Valentines Day Dance"
* Attack automatically detected and blocked by Panda's TruPrevent(TM) Technology.

GLENDALE, Calif., Feb. 14 /PRNewswire/ -- Panda Labs has detected the new Nurech.B worm, which, like its predecessor Nurech.A, arrives disguised as a Valentine's Day message. Nurech.A -- launched last week using similar methods -- continues to spread, maintaining an "orange" alert level according to Panda Labs.

Nurech.B arrives in emails with subject lines such as: "Happy Valentine's Day," "Valentines Day Dance," "The Valentines Angel." The email sender is always a woman's name such as Sandra, Willa, Wendy, or Vicky.

The email attachment simulates an e-greeting card using file names like "Greeting Postcard.exe," "Greeting card.exe," or "Postcard.exe."

When users click on the attachment, it creates a copy of the worm on the hard drive, and then conceals its presence using rootkit-like functions. The worm also disables certain antivirus, antispyware, and security applications installed on the system.

According to Mr. Luis Corrons, Technical Director of PandaLabs, "The objective of course is to trick users into opening the attachment using enticing subject lines related to the romantic holiday. This type of trick is usually quite successful, so we strongly advise users never to open any attachment that they have not requested, regardless of what it seems to contain."

One massive attempt to infect everybody was not enough for these hackers. Mr. Corrons warns, "Last week they launched Nurech.A, which quickly reached orange alert levels. Now they are giving it a second try on Valentine's Day itself. Do not open any Valentine's Day or other e-card attachment without scanning it first using fully up-to-date antivirus software."

Both waves of attack were automatically detected and blocked by Panda's TruPrevent Technologies. All though neither of the two latest threats existed previously in malware signature files, TruPrevent was able to block them both based on real-time analysis of the behavior and intent of the malicious code contained in the attachments. All PCs with TruPrevent installed were therefore unaffected by the attack.

Additional information on Panda's TruPrevent Technologies can be found at http://www.pandasoftware.com/truprevent

Computer users wanting to know whether their computers have been attacked by Nurech.A, Nurech.B, or any other form of malicious code can use Panda's ActiveScan, a free service available at: www.pandasoftware.com/activescan. ActiveScan will perform a complete inspection, free of charge.

To protect users, Panda Software also offers informational newsletters such as "Virus Alerts," an e-bulletin in English and Spanish that gives immediate notice of newly discovered malicious code. (http://www.pandasoftware.com/about/subscriptions/).

About PandaLabs

Since 1990, its mission has been to analyze new threats as rapidly as possible to keep our clients safe. Several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. To achieve this, they also have the support of TruPrevent(TM), which acts as a global early-warning system made up of strategically distributed sensors to neutralize new threats and send them to PandaLabs for in-depth analysis. According to AV-Test.org, PandaLabs is currently the fastest laboratory in the industry in detecting malicious code and providing complete updates to users. More information at www.pandasoftware.com/pandalabs.asp/ and the PandaLabs blog (http://blogs.pandasoftware.com).

For more information: http://www.pandasoftware.com/virus_info


Source: Panda Software

Hasta la Vista, Windows

Paul Chin
2/14/2007

Dear Windows,

I'm sorry to do this with a letter but I don't think I can handle seeing you in person. We both know that things haven't been quite right between us these last couple of years. I've noticed that we've been drifting apart for a long time. I haven't spoken with anyone in your family -- Internet Explorer, Outlook, Office -- in ages and have been spending more and more time with Firefox, Thunderbird, and OpenOffice. I was hoping we could work out our differences, but we're beyond that. I hate to end things like this; I just don't think we're compatible anymore.

I thought if we took a trip to Vista we might ignite that spark in our relationship again -- you know, a new setting, a new beginning (remember how exciting it was when we first went from MS-DOS 6 to Windows 3.11?) Don't get me wrong, I really appreciate the effort you're making to win me over. Those scrolling 3-D application windows are really, really cool. You look absolutely fantastic and you're showing me a lot of glitz, but deep down, we still have the same old problems. We can't solve them with a simple makeover; this relationship needs to be more than skin deep.

I know that I'm not perfect, and I don't expect you to be perfect either; but I do expect you to be reliable. I want to be able to count on you and to trust you. It's been about five years since you promised me more security and reliability with your Microsoft Trustworthy Computing Initiative, but we're no more secure now than we were then. I also don't appreciate what you're doing when I'm not around ... Do you think I don't know that you're calling your mother with your Windows Genuine Advantage and talking about my PC behind my back? And when you were confronted by this you got defensive and kept denying that WGA is spyware. I'm sorry, if it looks like a chicken, walks like a chicken, and clucks like a chicken ... it's a chicken.

Who owns my computer anyway? You or me? I want you to stop changing things around without telling me. You're supposed to help me get my job done but you seem to be more concerned with licensing issues than security. I was hoping Vista would be a fresh start for us -- but it's ended up being the last straw. Instead of working things out, you just keep demanding more and more from me: graphics card upgrade, hi-def monitor, and all kinds of additional memory. I'm not made of money... Sorry, I just can't give you what you want.

There's no easy way to say this so I'm just going to come right out with it: I met someone else; her name is Mac OS X Tiger.

If it's any consolation this is not something I planned. A friend introduced me to her MacBook and one thing led to another. But this shouldn't come as a surprise to you. I've always been completely honest with you and never tried to hide our relationship. In fact, I even see now that you're trying to emulate her look and behavior; but you're showing me things that Tiger showed me over a year ago. Be true to yourself.

Tiger and I have so much in common and we're totally in synch. We work with, not against, each other. But you, Windows, you've never communicated with me -- and you're so temperamental. Some mornings you boot right up; others I have to try 2 or 3 times before you come on. I don't want to be mean but you're just too high maintenance for me. Every time we have a disagreement, you turn your cold blue screen at me and I'm left sitting there in silence waiting for you to cool down. I finally came to the realization that I've been keeping you around because I needed you, not because I wanted you -- that's not fair to either of us.

I don't hold any ill-will towards you, Windows. We've been together for a long time. You saw me through college, my first IT job, and now and my freelance career -- but it's time we both move on. Before I go, though, can I offer you some friendly advice? It's time you stop imposing yourself on others by sheer strength of market share and start listening -- I mean really listening. You can't win people over simply because there's no viable alternative for them. Perhaps if you spent more time with those who rely on you and less time with your lawyers (I know those Europeans are really on your case, but you brought it on yourself) we wouldn't be in this situation. If you realize this one day, maybe then we can start talking about "us" again.

Your friend always,

Paul

Paul Chin (www.paulchinonline.com) is an IT consultant and a freelance writer. Previously, Paul worked as an intranet and content management specialist in the aerospace and competitive intelligence industries.

2/13/2007

Linux vs. Vista: How Does Security Stack Up?

By Jack M. Germain
LinuxInsider
Part of the ECT News Network
02/13/07 4:00 AM PT

For consumers looking to boost their computers' security, is Vista the way to go? Or can Linux provide greater protection from hacker attacks? In the face of viruses, worms or other breaches, the answer is obvious. "We don't need a survey or study to determine the answer. The answer is universal with those that actually manage these systems," said John Cherry of the OSDL Desktop Linux Working Group.


HP's ProLiant ML150 Server. 40% of businesses whose systems fry never fully recover. HP's ProLiant ML150 Server safeguards your business' data from unforeseen disasters.

As the five versions of Microsoft (Nasdaq: MSFT) Latest News about Microsoft Windows' new Vista operating system Back up your business with HP's ProLiant ML150 Server - just $1,299. sit on store shelves, current Windows users are taking their time deciding if they will upgrade from Windows XP or buy new computers with Vista installed. The push for buying Windows Vista follows an epidemic of computer viruses, spyware Barracuda Spam Filter – Free Evaluation Unit and adware intrusions and carries the promise of a more secure computing environment.

However, some computer security experts contend that Windows Vista offers little to make computing more secure. They suggest that rather than wait for a half-baked new Windows operating system, consumer and enterprise users would have far better security with Linux.

"For the most part, the relatively slow response to Windows Vista is self inflicted. Vista has offered little to entice those using Windows XP to migrate," John Cherry, initiative manager for the OSDL (now Linux Foundation) Desktop Linux Working Group, told LinuxInsider. "It also comes with a heavy price tag in terms of training, hardware requirements, hardware compatibility and application compatibility."

Anyone debating which system's security is better need only ask a system administrator, Cherry said. In the face of viruses, worms or other breaches, the answer is obvious.

"We don't need a survey or study to determine the answer. The answer is universal with those that actually manage these systems," Cherry declared.
No Linux Stampede Yet

If Linux is the clear-cut winner in the desktop security shoot-out, why have enterprise users been so slow in migrating from Windows? The availability of niche applications Get the Facts on BlackBerry Business Solutions in corporate environments is still the major inhibitor to mainstream adoption, he noted.

However, that situation could soon change for both corporate and small-business users. Cherry sees signs that IT decision makers are considering the Linux alternative in the face of the Vista introduction. Many IT managers are incorporating plans to move their niche applications to Linux, he disclosed.

Based on a recent OSDL Desktop Linux Working Group survey and feedback from the desktop community, the main factor preventing the widespread adoption of the Linux desktop in the workplace is application availability.

"If an organization has significantly invested in a Microsoft-centric IT infrastructure, introduction of non-Microsoft products on the desktop remains problematic due to the limited support for open standards in this kind of infrastructure," Cherry explained.

The survey's conclusions noted that open source Click for Open Source Router - Firewall from Vyatta Latest News about open source developers have already created replacement programs for all the essential business needs. Those considering a switch to Linux, however, do not want to leave their favored Windows applications.
Linux Security

Linux outperforms Windows XP and Windows Vista because its architecture is different. Linux derives its security in large part from its Unix design philosophy, also used as the basis for Mac OS X.

There are two distinct differences that account for Linux's better security reputation, according to Cherry. One, users do not habitually log in as administrator, which is often required to run Windows. Two, mail clients and desktop applications do not automatically execute attached code.

In addition, technologies such as SELinux and AppArmor and stack randomization have been developed for Linux that help to limit the impact of a security breach if it were to occur, he said.

Linux is also better than Windows at recovering from buffer overflows, which are a common attack vector.

"This is best handled at the interface level as a register exploit in Windows," Ken Steinberg, CEO of computer-security firm Savant Protection, told LinuxInsider.

Linux allows software developers to go into the system and fix buffer overruns, he added. However, one can not do that with Windows.
Chink in the Armor

Not all security experts are comfortable with a description that Linux is more iron-clad than Windows. Some even mock the popular explanation that Linux is more secure because attackers are not drawn to its much smaller user base compared to Windows.

"It doesn't matter what operating system is used. They are all subjected to potential intrusion," disputed Steinberg. "Linux is not any more secure than Windows."

Hackers capitalize on the exploits they find in the Windows environment but deliberately do not dwell on the known weaknesses in Linux because they use that operating system themselves, according to Steinberg.

"The only time people fix flaws in an operating system is when those flaws cause an inconvenience," Steinberg claimed. "The lower incidence of Linux attacks has nothing to do with the user base being less than Windows."

The biggest design flaw in Linux is its over-reliance on code scripts. Linux is far more scripted than Windows, he noted. Because of this heavy reliance on scripting, nothing is checking its lines of code compared to the amount of code-checking done in Windows when it is compiled.

Using thin clients with on-demand applications delivered over the Internet Free How-To Guide for Small Business Web Strategies - from domain name selection to site promotion. are now mainstream in the corporate world, Steinberg emphasized. Thin clients are all Linux boxes.

"Corporations are deploying Linux over Windows. It is only a matter of time before Linux attacks become more prevalent and publicized," he warned.
Battle Hardened Linux

Savant Protection's malware software offers enhanced Linux desktop security to enterprise users by enabling a lockdown mode during everyday use. It has what Steinberg called a battleship mode to prevent new programs from being added.

The product, called "Savant," runs Linux in the equivalent of a white listing mode. Users can choose a blacklist analysis on demand. This white list approach keeps Linux systems clean 99 percent of the time, Steinberg said.

"There is no way to get rid of all the vulnerabilities or to make any OS perfectly safe. Accept the fact that there is no Nirvana. For hackers the the goal is maliciousness and money," he added.
Vigorous Virtualization

Some software developers argue that new technologies are making moot the question of whether Windows Vista and XP platforms can be made more secure. Similarly, it should not be an issue if Linux desktop has exploitable weaknesses.

New technology could minimize, if not fully eliminate, computer security problems, suggested Eran Heyman, CEO of Ericon Software. His company provides terminal emulation solutions for both Windows and Linux platforms.

"We can bring Linux to the next level of security by removing the desktop from the physical machine. A new trend is security of data Free Trial - Way Beyond CRM – Learn how Landslide can help you. to the server," Heyman told LinuxInsider. "The virtual Linux environment is filtered and re-imaged each time a connection is made to wipe out any existing bad code running on the operating system."

Small businesses through large enterprise configurations can use virtualization to run Xen, VMWare and Windows Server installations. Virtualization technology moves the operating system to a centrally-managed location. It mimics behavior on the local machine, but the operating system is not there, said Heyman.

This method Works on a PC, thin client, via SSL VPN, even kiosks in an airport. Users can connect securely to the virtual desktop, he said, adding that virtualization is not a traditional security approach nor is it available to individual users.