Computer Consultant

Microsoft Certification: free Second Shot offer

2010-04-28T09:56:00.002+04:00

Take a Second Shot at certification and advance your career
Whether you are currently unemployed, looking for a promotion, or trying to become indispensable in your existing role, Microsoft Certifications can help validate that you have the skills needed to work in the top IT professional and developer jobs in the industry.
Take advantage of our Second Shot offer and get a free retake if you do not pass an IT professional or developer Microsoft Certification exam the first time. You must take both the first and (if necessary) the retake exam before June 30, 2010.
Offer details:
• Dates: January 13, 2010 – June 30, 2010.
• Details: You must register, obtain a voucher code, schedule, pay, and take the first and (if necessary) the retake exam before June 30, 2010.
• Applicable exams: This offer applies to all Microsoft Learning IT professional, developer, project management, and Microsoft Dynamics exams, including academic exams.
• Eligible countries and regions: This is a worldwide offer that is available at Prometric test centers only.
Note Only one Second Shot voucher is available per purchased exam.

For vouchers Contact: saleempc@gmail.com

Are You Frustrated The Law of Attraction is Not Working For You Especially in the Area of Attracting Money?

2010-03-18T09:40:00.000+04:00

I don’t know about you, but I seem to get the feeling that people are generally frustrated the Law of Attraction is not working consistently for them, ESPECIALLY in the area of wealth.

Sure, people have used the Law of Attraction to help them in many areas of life, from love and relationships to career to health. But wealth seems to be the area of priority for most people, and ironically, it also seems to be the area most people find least success in. It almost feels like there’s a correlation…

I’m curious to see if I’ve somehow hit the nail on the head with this observed correlation, so I’ll be interested to know on a scale of 1-10, how much focus have you put into expanding your wealth by using the Law of Attraction? And, on a scale of 1-10, how successful have you been with the Law of Attraction to attract money into your life?

Just let me know in the comments. Cheers.

Information Security Management System (ISMS) – ISO 27001

2010-02-16T15:48:00.000+04:00

Information Security Management System (ISMS) is a management system based on a systematic business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security. It is an organizational approach to information security. ISO/IEC 27001 is a standard for information security that focuses on an organization's ISMS.

Objective of ISMS

Information security is the protection of information to ensure:
• Confidentiality: ensuring that the information is accessible only to those authorised to access it.
• Integrity: ensuring that the information is accurate and complete and that the information is not modified without authorization.
• Availability: ensuring that the information is accessible to authorized users when required.

Why should I implement ISO 27001 ISMS?

• Certification of a management system brings several advantages. It gives an independent assessment of your organization's conformity to an international standard that contains best practices from experts for ISMS.
• Meeting legislative and regulatory requirements
• As a measure and independent evidence that industry best practices are being followed.
• As part of a corporate governance program

Process for implementing ISO 27001
1. Define an information security policy
2. Define scope of the information security management system
3. Perform a security risk assessment
4. Manage the identified risk
5. Select controls to be implemented and applied
6. Prepare as SoA (a "statement of applicability")

The Certification Process
 Guidelines - ISO/IEC 27002:2007
 Certification - ISO/IEC 27001:2005
 Stage 1 : Documentation Review & evaluate client's readiness
 Stage 2 : Implementation audit & evaluate effectiveness of client's systems
 Lead Auditor's recommendation to certify
 Certificate issued by certification/registration body
 Surveillance
 Periodic review audits (6 months interval)
 Re-certification (after 3 years)

Penetration Testing

2010-02-16T15:47:00.000+04:00

Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.
Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings.
The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents.
Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in.
Pen test strategies include: -

Targeted testing

Targeted testing is performed by the organization's IT team and the penetration testing team working together. It's sometimes referred to as a "lights-turned-on" approach because everyone can see the test being carried out.

External testing

This type of pen test targets a company's externally visible servers or devices including domain name servers (DNS), e-mail servers, Web servers or firewalls. The objective is to find out if an outside attacker can get in and how far they can get in once they've gained access.

Internal testing

This test mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause.

Blind testing

A blind test strategy simulates the actions and procedures of a real attacker by severely limiting the information given to the person or team that's performing the test beforehand. Typically, they may only be given the name of the company. Because this type of test can require a considerable amount of time for reconnaissance, it can be expensive.

Double blind testing

Double blind testing takes the blind test and carries it a step further. In this type of pen test, only one or two people within the organization might be aware a test is being conducted. Double-blind tests can be useful for testing an organization's security monitoring and incident identification as well as its response procedures.
Penetration Testing Tools
1) Nmap - Worlds Best Port Scanner
2) Nessus - Vulnerability Scanner
3) Metasploit - Exploit framework
4) Pass-The-Hash - Who needs passwords?
5) Hydra - Brute force password guessing
6) Cain & Abel - The ultimate MITM utility
7) Wireshark - network protocol analyzer
8) Snort - traffic analysis and packet logging on IP networks
9) Netcat - reads and writes data across TCP or UDP network connections
10) Nikto - web server scanner which performs comprehensive tests against web servers

Technology Trends 2010

2010-02-16T15:46:00.000+04:00

1. Unified Communication
2. Information Security
3. Cloud Computing
4. Virtualisation
5. Mobile application
6. Data Centre Management
7. Mobility & GPS
8. Business Intelligence
9. Gaming Application & Animation
10. Bar-coding & RFID

Cyberoam Net-to-Net Connection

2009-06-10T14:49:00.003+04:00

Cyberoam UTM device allows configuring IPSec VPN tunnels over ADSL link. The configuration based on DYN DNS service. Both the head office and branch office use ADSL link. Configure a DYN DNS address for both the sites. The configuration is very simple and straight forward.

The advantage of this type of connection is:-
a) Speed
b) Less expensive
c) Easy to get ADSL link
d) Easy of deployment
e) Good for branch office / small office connections
f) Easy to manage

Storage

2007-12-19T17:31:00.000+04:00

As data keeps growing exponentially, the need for more advanced storage technologies has increased. We take a look at the upcoming technologies that will make storage simpler in future

Data growth in any organization is an irreversible process. You can control and manage data, but you can't reduce it. Hence, there will always be the need for efficient ways of storing and managing data. Since data is generated by umpteen types of applications in zillions of formats, some pretty innovative ways are required for storing it. That's why storage has always remained such a hot topic, and it will continue to remain so as long as there's growing data.

Market drivers
The ever increasing amount of data brings with it not only requirements for more storage capacity, but also issues of security, physical space for hosting more storage devices, concerns of managing them, the speed of accessing data, and much more. So much so that storage has become the driver for innovation across so many industries. It has provided an opportunity to the software development world for creating applications to store, back up, retrieve, index, and search data. It has given the security industry an opportunity to find new ways of securing the growing volumes of data. The storage industry itself is coping with the challenge of cramming higher storage capacity in smaller form factors. The growing volume of data is also creating opportunities in the storage management and virtualization space.

Even the consumer electronics industry is banking on storage, because most consumer appliances and even digital gadgets require lots of it.

MP3 players, smartphones, digital cameras and camcorders, Digital Video Recorders, are just a few examples that require storage.Plus, storage is also driving niche markets like IP Surveillance.

Glimpses 2007
1) Hard drive capacities hit the 1 Terabyte mark.
2) Tiny personal NAS boxes became ubiquitous this year. New security standards emerged for encrypting data at rest, like the IEEE 1619.3.
3) Email archival solutions became widespread
4) USB based flash drive capacities exceeded 4 GB.
5) NAS boxes, ILM, Continuous Data Protection, Document and Content Management Systems were on the purchase list.

Hot trends this year
We've had a pretty eventful year as far as storage goes. Several foundation stones have been laid this year that will set the tone for things to come in the future.

While the trend of increasing capacities and reducing costs in hard drives has been around for a long time now, this year they finally hit the 1 TB mark. In fact, the competition to bring out higher capacity drives has become very similar to the GHz wars of the past in microprocessors, which continued until they reached the limit. Thankfully, hard drive capacities have not yet reached their limits. We'll see capacities beyond 1 TB in a single hard drive in the coming years.

Solid State storage drives also hit the market this year, and many laptop vendors launched their models with them. So imagine a laptop with no magnetic hard drive-just a single solid state drive with flash memory inside and a SATA interface. The technology behind high capacity solid state drives is NAND, which stands for 'Not AND'. In the digital world, NAND is a kind of logic gate.

Jargon Buster
Storage Terms you should know for next year

1) ILM (Information Lifecycle Management): A comprehensive approach for administering Storage systems on computing devices. The information system's data and associated metadata are effectively managed right from its creation and initial storage, till the time it becomes obsolete and is deleted.
2) CDP (Continuous Data Protection): It is nothing in line with traditional back up or RAID/replication/mirroring. It refers to backup of data in such a manner that every change made to the data is automatically saved. Essentially it captures every version of the data that the user saves. You can restore data to any point in time.
3) Storage Virtualization: Commonly used in Storage Area Network, it is mainly the pooling of all physical storage from various network devices into what appears to be a single storage device which is managed from a central console.
4) VTL (Virtual Tape Library): It's mainly a virtualization technology for data storage used primarily for data backup and recovery purposes. It presents a storage component as a tape drive or library for use with existing backup software.
5) SSD (Solid State Drives): A data storage device which uses solid-state memory to store persistent data. SSDs comprise of NAND flash which is non-volatile or SDRAM which is volatile. They are already available as 32GB SSD and 64GB SSD from various vendors and 128GB will be available soon. Super Computers.

So in effect, storage has become even more ubiquitous than before. Just about every industry demands it today for different applications. In enterprises, branch office automation led to the need for anytime anywhere access to data, which made the concept of Wide Area File Services more popular. Data center consolidation and infrastructure centralization led to greater demands for more storage and backup. The need to standardize and comply led to the popularity of email archival solutions, and even new data encryption technologies.

Network Attached Storage, or NAS for short, saw terrific growth this year. In fact, the interesting thing about this market was that NAS boxes became available for everyone, right from personal users to data centers. Interestingly, 1 TB NAS for personal use or for small offices became commonplace this year.

Information Lifecycle Management solutions were also on top of the storage purchase chart for many enterprises. Likewise, several other storage terms were pretty common place this year. There was a lot of interest in Continuous Data Protection or CDP for instance. With growing amount of content, organizations started considering content and document management solutions.

Key Predictions for the future
Now we come to the exciting part. What all can you expect in the storage arena next year. So here's our list of predictions to help you be prepared for next year:

Storage Virtualization implementations will rise
This is one of the most talked about areas in storage for a long time, and has not been able to take off as well as its cousin in the server world. This year saw some traction in storage virtualization, with vendors introducing many new products and early bird implementations. So the momentum has just started, and we're likely to see a lot more action in storage virtualization next year. While considering storage virtualization, don't get blinded by its benefits. Look at the other side as well. That's because it's not as easy as adding an abstraction layer on top of your existing heterogeneous storage infrastructure and have a virtualized storage environment. Be prepared to add more storage equipment to manage your existing ones. Likewise, there are many different ways of doing storage virtualization, and choosing the right one requires a discussion in itself.
Solid State drives will become more commonplace
We all know that solid state memory is much faster than magnetic memory. It has no moving parts, runs at much higher speed, and is not affected by wear and tear. That's why RAM is faster than a hard drive. However, solid state memory is also much more expensive, which is why we don't see everyone rushing to replace all magnetic storage with it. But there are quite a few interesting developments in this area. Many notebooks vendors this year started shipping their products with solid state drives inside. A race has started amongst memory manufacturers to introduce higher capacity solid state drives, with the latest being A-Data's 128 GB SSD.

Currently, if you were to buy a laptop with a SSD inside, then you have to shell out at least 40-50K extra for it. But the growing competition amongst flash drive manufacturers and economies of scale will eventually bring down prices, and you might find lots of SSD based notebooks in the market next year. The advantages are many. SSDs are thinner, lighter, and faster, which should improve system performance, make notebooks lighter and perhaps more power friendly as well.

A peek into the future
1) Storage virtualization will become widespread.
2) Solid State drives in notebooks will become common place.
3) Hard drive capacities will reach 2 TB+ range for desktops.
4) Virtual Tape Libraries will become more common.
5) Full Disk Encryption or FDE based drives will hit the market for data centers.

Full disk encryption based drives will emerge for storage security
One of the biggest challenges most organizations are facing today is securing their ever growing volumes of data. This is becoming even a bigger concern with so many laptops being used amongst organizations. Plus of course there's all the data being backed up to tape drives. All this data in computers, which is not travelling across a network is known as data at rest. The answer to doing this is to encrypt it. There are many ways of doing this, and we've seen many attempts at it over the past few years with vendors introducing various types of solutions for doing so. There are software programs that encrypt data on the fly, and even appliances that encrypt data before backing it up. This year however, another technology has started gaining ground, which aims to build encryption capabilities within the hard drive itself, a concept known as Full-Disk Encryption or FDE. This is currently being backed up by Seagate, IBM, and LSI, and even IEEE is creating a management standard, called 1619.3, to ensure interoperability.

If everything goes well, then you should see FDE based drives shipping next year. The logic behind having FDE based drives is also quite strong. If the logic of encrypting all data lies within the hard drive controller itself, it will improve performance. Moreover, even as more drives get added, the performance won't degrade because each drive will be handling its own encryption.

VTLs will grow in popularity
This is one area that's becoming strong competitor to tape based backup. Virtual Tape Libraries will become more popular next year, as vendors gear up with more offerings.

Storage has become so ubiquitous and there have been so many developments around it that one can go on and on talking about them. But we'll end the discussion here and bring you more news on it in our forthcoming issues.

Laptop Security Basics

2007-04-30T08:06:00.000+04:00

Laptop security basics

There are some rudimentary steps that you can take to prevent your laptop from being stolen.

Use the features of your operating system

If you have chosen an operating system that has in-built security features (Windows 2000 Professional and Windows XP Professional are examples) then do not be afraid to use them. Features may include secure logon, file level security, and the ability to encrypt data.

Use the BIOS password

It would be unwise not to protect the BIOS. Find out whether the BIOS will also protect the hard disk drive to stop it from being used in another machine. Another tip is to find out what the procedure is for resetting the BIOS password. If it has to be sent back to the manufacturer, so much the better, as that will afford some protection, as a thief is unlikely to do that. Some will offer an in-the-field work around, which might make it attractive to a thief.

Your laptop's serial numbers

It is written down, right? And stored in a safe place? Good. That will help the police return it to you should it ever be recovered by them.

Use some form of permanent marking on the laptop

Engraving your company name on the case of the laptop with an address or contact number, or both, may increase the likelihood of getting the laptop returned to you if it is stolen and recovered (or, if by some accident, you forget it). Commercial asset tags are also a great aid to the police to return the laptop to you. It may also serve as a deterrent to the casual thief if the choice is between stealing a marked laptop or an unmarked laptop. Why? They cannot sell it using an online auction so easily. Also, travelling through airport security means that someone is also less likely to pick up your laptop accidentally. Information freely available on the Web suggests that 97% of stolen laptops are never recovered.

Use the manufacturer's registration scheme

Most people ignore registration because they think that it is likely to lead to spam. However, remembering that thieves are usually not smart, one might be unintelligent enough to send it in for service or to reset the BIOS, so having it registered with the manufacturer might prove valuable if you alert them to the fact that it is stolen.

Cable lock

Most laptops have a Universal Security Slot (USS), also known as a Kensington Security Slot (sometimes referred to as a K-slot or Kensington Slot). Will it stop bolt cutters? Unlikely. Will it stop a casual thief that just happened to be walking past your hotel room while room service had propped the door open, and then gone off to get more towels? Probably. And make sure to secure it around a strong, immovable, indestructible object. Also use it in the office. What percentage of laptop thefts occur in the office? (See below for answer).

Docking station

Use a docking station that is securely fastened to your desk. If it also allows you to lock the laptop in place, so much the better. This is especially important if you are leaving the laptop overnight, or longer. Better still, lock it in a strong cabinet if at all possible.

Personal firewall

Use a third-party firewall to prevent hackers from hacking into your laptop, and maybe into the company network. If you do disable it for any reason, do not forget to turn it back on.

Biometrics

If your laptop has this capability, then familiarize yourself with them and then use them. Your fingerprint can be your logon ID in place of a password.

Tracking software

There are companies that offer tracking software, allowing your laptop to regularly ping a tracking center with a signal that allows it to be traced. If the laptop is stolen the company will work with law enforcement to trace your laptop.

Laptop case

It might look chic to have the latest designer laptop case or manufacturers case, but nothing sends out a better signal to a thief than an ostentatious display, which may include your company logo, elite looking luggage tags, your business card embossed in plastic that gives a thief a clue as to the likely worth of the contents. There are nondescript backpacks that have padded sleeves to hold a laptop safely. A backpack is useful for going to the restroom without having to put your case down. For the ultra-security conscious, buy little padlocks to lock the zips so that no-one can get into the backpack quickly, steal the laptop, and then zip it back up again.

Passwords

Make them a combination of numbers and letters so that they are harder to crack. Do not leave the password on a Post-It on the laptop (it does happen).

Encryption

Always encrypt sensitive, personal, confidential data and leave the password with a trusted source if you need to. If you do not know how to encrypt files, then learn.

Back up your hard drive

At the very least, back up your hard disk drive before you travel.

Web 3.0

2007-04-12T07:48:00.000+04:00

Just in case you missed it, the web now has version numbers. Nearly three years ago, amid continued hand-wringing over the dot-com crash, a man named Dale Dougherty dreamed up something called Web 2.0, and the idea soon took on a life of its own. In the beginning, it was little more than a rallying cry, a belief that the Internet would rise again. But as Dougherty's O'Reilly Media put together the first Web 2.0 Conference in late 2005, the term seemed to trumpet a particular kind of online revolution, a World Wide Web of the people.

Web 2.0 came to describe almost any site, service, or technology that promoted sharing and collaboration right down to the Net's grass roots. That includes blogs and wikis, tags and RSS feeds, del.icio.us and Flickr, MySpace and YouTube. Because the concept blankets so many disparate ideas, some have questioned how meaningful—and how useful—it really is, but there's little doubt it owns a spot in our collective consciousness. Whether or not it makes sense, we now break the history of the Web into two distinct stages: Today we have Web 2.0, and before that there was Web 1.0.
Which raises the question: What will Web 3.0 look like?
Yes, it's too early to say for sure. In many ways, even Web 2.0 is a work in progress. But it goes without saying that new Net technologies are always under development—inside universities, think tanks, and big corporations, as much as Silicon Valley start-ups—and blogs are already abuzz with talk of the Web's next generation.

The problem is that a complete reannotation of the Web is a massive undertaking. "The Semantic Web is a good-news, bad-news thing," says R. David Lankes, an associate professor at Syracuse University's School of Information Studies. "You get the ability to do all these very complex queries, but it takes a tremendous amount of time and metadata to make that happen."
To many, Web 3.0 is something called the Semantic Web, a term coined by Tim Berners-Lee, the man who invented the (first) World Wide Web. In essence, the Semantic Web is a place where machines can read Web pages much as we humans read them, a place where search engines and software agents can better troll the Net and find what we're looking for. "It's a set of standards that turns the Web into one big database," says Nova Spivack, CEO of Radar Networks, one of the leading voices of this new-age Internet.
But some are skeptical about whether the Semantic Web—or at least, Berners-Lee's view of it—will actually take hold. They point to other technologies capable of reinventing the online world as we know it, from 3D virtual worlds to Web-connected bathroom mirrors. Web 3.0 could mean many things, and for Netheads, every single one is a breathtaking proposition.

Tim, Lucy, and The Semantic Web The Semantic Web isn't a new idea. This notion of a Web where machines can better read, understand, and process all that data floating through cyberspace—a concept many refer to as Web 3.0—first entered the public consciousness in 2001, when a story appeared in Scientific American. Coauthored by Berners-Lee, the article describes a world in which software "agents" perform Web-based tasks we often struggle to complete on our own.

The article begins with an imaginary girl named Lucy, whose mother has just been told by her doctor that she needs to see a specialist. "At the doctor's office, Lucy instructed her Semantic Web agent through her handheld Web browser," we read. "The agent promptly retrieved information about Mom's prescribed treatment from the doctor's agent, looked up several lists of providers, and checked for the ones in-plan for Mom's insurance within a 20-mile radius of her home and with a rating of excellent on trusted rating services."
That's quite a mouthful, but it only begins to describe Berners-Lee's vision of a future Web. Lucy's Semantic Web agent can also check potential appointment times against her mother's busy schedule, reschedule other appointments if need be, and more—all on its own, without help from Lucy. And Lucy is just one example. A Semantic Web agent could be programmed to do almost anything, from automatically booking your next vacation to researching a term paper.
How will this actually work? In Berners-Lee's view, it involves a reannotation of the Web, adding all sorts of machine-readable metadata to the human-readable Web pages we use today (see "Questions of Semantics," opposite). Six years after the Scientific American article, official standards describing this metadata are in place—including the Recourse Description Framework (RDF) and the Web Ontology Language (OWL)—and they're already trickling into real-world sites, services, and other tools. -Semantic Web metadata underpins Yahoo!'s new food site. Spivack's Radar Networks is building a kind of Semantic Web portal. A development platform, Jena, is in the works at HP. And you'll find Semantic Web structures in Oracle's Spatial database tool.

The Vista brute force keygen

2007-03-05T07:30:00.000+04:00

The Vista brute force keygen - Updated by ZDNet's Adrian Kingsley-Hughes -- UPDATED Over on KezNews.com a brute force method for acquiring a usable product key for Microsoft's Vista platform has been released. I can confirm that this method works (for now at any rate), but I don't think that Microsoft has much to worry about.

Firefox 2, Internet Explorer 7

2006-10-25T14:38:00.000+04:00

OK, it's official: With today's release of Firefox 2, we have final shipping versions of the two biggest browsers for Windows. My colleague Erik Larkin's extensive review of both Firefox 2 and Internet Explorer 7 has been one of the most popular stories on our site over the past week, and I'm not going to duplicate it here. But after having spent months running beta versions of both--when it comes to browsers, I've always been pretty transient--I do feel like thinking out loud briefly about where the browser war stands.
(I apologize, Opera fans, for leaving Opera 9 out of this discussion-and promise I'll come back to it before too long.)
For the first time since the bygone days when IE 4 battled with Firefox granddaddy Netscape Navigator 4, we have a real battle. (For years, IE didn't face truly serious competition--then Firefox 1.0 came along, and suddenly there was no question that it was the best browser for most people.)
In Internet Explorer 7, we have a Microsoft browser that has no glaring deficiencies--which doesn't sound like much of a compliment, but it's more than you could say about IE 6. But here's a compliment that really is complimentary: It's inched ahead of Firefox in a few respects. It's got a better printing engine. Its zoom feature lets you resize Web pages onscreen, while Firefox can only resize text, not graphics. And I like how IE now lets you see thumbnails of all the pages in all your open tabs at once. I wish Firefox 2 had all these items built in.
But the funny thing is, Firefox 1.5 already has some of these features--and dozens more that neither Microsoft nor Mozilla has gotten around to implementing--courtesy of the array of amazing extensions that let you customize the browser to a fare-thee-well. (My current fave: Google Browser Sync, which lets you turn all your copies of Firefox on all your computers into clones of each other with the same bookmarks, cookies, and other settings. It alone is a compelling argument for choosing Firefox over IE 7.)
While some extensions aren't yet compatible with Firefox 2, they're the single biggest reason to opt for Firefox over IE 7. There are IE 7 add-ins out there, too, and Microsoft is cultivating the development of more. But for now, Firefox is easily the more vibrant development platform, and it does all its good stuff not only in Windows, but in OS X and Linux, too.
As my Computerworld colleague Scot Finnie says in his Firefox 2 first look, the Mozilla upgrade is no giant step beyond Firefox 1.5. Is it a must for 1.5 users? Yeah, as long as you're not dependent on any extensions that don't work yet. Features like search suggestions that appear as you type in the search box, spell checking, better RSS support, and additional tab-related conveniences aren't life-changing, but I use most of 'em almost every day, and they all make my time online more productive and happy.
Which isn't, sad to say, true of every change in IE 7. Why did Microsoft turn off menus by default (without replicating all of their functions with toolbars), put the menu bar under the address window even when you do turn it on, and move the refresh button from its traditional location to the left of the address bar over to the right? I've asked multiple Microsoft executives about these changes, and the answers, which have ranged from, essentially, "I can't remember" to "For consistency with Windows Vista," have never been entirely satisfactory.
Change for the sake of change is par for the course with a Microsoft upgrade. And there's a fair amount of it in IE 7, while things that cry out for fixing, like the browser's convoluted configuration settings, haven't gotten the attention they deserve.
(Side note: If you use IE 6 and decide that you'd prefer for menus to live under the address bar, it's easy to drag them there. But this customization feature, along with other interface-tweaking options, is gone in IE 7; there's no way to move the menus back to where they sit in 99.9% of the planet's other applications.)
So do I have a personal answer to the question "What's the best browser?" Ultimately, I agree with Erik's take: Overall, Firefox maintains a lead, even though it's not gigantic and isn't there in every aspect of the browser. Like Erik, I think it's a good idea for anyone who's moving from IE 6 to try both IE 7 and Firefox 2.
And I'm still fascinated by one question: If Firefox had never cut sharply into IE’s market share, would Microsoft ever have gotten around to bringing its browser into the modern age?
Comments
You talk about how IE is for the user, but Nothing about if Microsoft has finally decided to follow internet standards of Cascading Style Sheets, HTML or just continue to bully the webdesigners to design for IE.
Firefox follows standards and for that reason alone I chose FF. I truly despise Internet Explorer for the vulnerabilities and for it's interpretations of webpages.
You say IE has a fighting chance? I doubt it. I'm installing Firefox on every client PC I'm selling and removing all traces of IE. When I tell my clients it's because IE causes too much problems (spyware etc) they are more then happy enough. And they also love the Tabbed browsing.
Bye bye IE.
Fable
October 24, 2006
10:42 PM PT
I can think of one huge reason not to use IE 7: It has the worst implementation of tabs of ANY of the major browsers available (for any OS).
1) They are huge in size (is MS officially endorsed by Fisher Price?). I use a browser to view web pages, not to view chrome.2) The bar is too small, not only are the tabs huge but the annoying buttons steal a quarter of the tab bar.3) You can not open multiple tabs from the tab tool bar (and I am not using the left panel and arrow).
All in all, I feel that IE 7 has the worst user interface of any software that I have seen in years. I think that a lot of users will be mad when Windows Update automatically pulls this one down. I have recommended that my office hold off to deploy this so that we are prepared for the training issues. This GUI is just bad.
jdawgnoonan
October 24, 2006
10:43 PM PT
I think one of the key differences is that you can use IE7 ONLY on the most recent releases of Windows (XP Service pack 2, and some releases of Windows 2003). Surprisingly, Windows 2000 is not supported. As usual, if you want to use the latest Microsoft software, you need to upgrade your operating system (ie: spend some $$).
pmundkur
October 25, 2006
2:11 AM PT
I have abandoned IE on my entire network in favor of Firefox for about a year now with no regrets. My clients, after minimal training, appreciate the customization that Firefox provides them. I appreciate not having to logging in to find yet another IE vulnerability needing another patch. Slowly, Microsoft is losing it’s desirability as users become more technically savvy.

IBM goes public to collect ideas

2006-10-01T17:38:00.000+04:00

Company narrows 37,000 concepts from global brainstorming session to 30 marketable plansBY JON VANPublished October 1, 2006
YORKTOWN HEIGHTS, N.Y. -- Don't tell Sam Palmisano that old saw about too many cooks spoiling the broth.Last spring, after having seen an array of IBM's cutting edge research, IBM's top executive ordered a high-tech brainstorming session stretching across 77 countries and involving 53,000 people.IBM employees are still analyzing the fruit of Palmisano's session, 37,000 ideas. But by November, they expect to launch some new products, businesses or services stemming from the exercise, which Palmisano dubbed InnovationJam.Over the next two years IBM expects to spend as much as $100 million taking InnovationJam ideas to market."Innovation today is changing radically," said Palmisano, who noted that using conventional methods IBM regularly wins more new patents than any other U.S.-based company. But even so, the company probably isn't keeping up with competitive pressures, Palmisano decided."So, I thought, let's expose these advanced projects to all of our employees around the world, and some clients and business partners, too--even our own families--and see what they come up with."IBM managers, scrambling to come up with a context for the discussion, built several Web sites to give participants information about technologies in the company's pipeline--things like supercomputing, real-time foreign language translation and advanced water filtration based on nanotechnology.Here they comeBy July, the jam's first phase was on. Ideas flowed in online from around the globe as well as from employees at 67 companies allied with IBM and some spouses and offspring of IBM employees.IBM managers then used automation to winnow the 37,000 offerings down to 300 defined ideas. Finally, more than 50 employees came to IBM's Watson Research Center to work in teams for most of a week to further combine and trim ideas to around 30."The majority of ideas contributed in any brainstorming situation aren't all that good," said Edward Bevan, IBM communications vice president and a jam leader. "They're either naive or misinformed or they failed before with good reason."Without advanced technology to help toss out bad ideas, a global-scale project such as this would be impossible, said Cathy Lasser, IBM vice president for industry solutions and emerging technologies. "Especially working in this time frame required automation," she said.In mid-September, the jam's second phase commenced. Participants scrutinized the 30 proposals, wrote business plans and suggested market strategies."It won't take long for them to declare this a success," said Marc Knez, a clinical professor of strategic management at the University of Chicago's graduate business school. "How many products do you need to get to market to call it a success?"IBM isn't alone in seeking to tap knowledge from workers throughout its sphere, said Knez. "It's a common problem for large tech companies," he said. "They want to leverage knowledge within and at the edge of the organization."Still, IBM's effort is unprecedented in its scope and scale, Knez said, and it has the support necessary to succeed since the firm's chief executive initiated it.A key part of the jam was that ideas came from people working at all levels and that the ideas stood on their own merits."There's no hierarchy to this kind of creative collaboration," said Palmisano. "Whether you're a senior executive, a scientist, a business consultant or even a 13-year-old child of an IBMer, everyone gets to be heard."A veteran of corporate brainstorming agrees."Our experience is that good ideas can come from just about anywhere within the organization," said Charles Holland, president of QualPro, a business consultancy based in Knoxville, Tenn., that regularly employs brainstorming. "We keep coming up with instances where the best ideas come from people low in an organization, the ones doing the actual work."This can offend the graduate-level engineers and technical people, but we've seen it again and again."`Great morale builder'Another upside, Holland said, is that "it's a great morale builder. People feel part of the team and support the work, even when their ideas don't get adopted, because they got to supply their ideas."There may be some downside to IBM's project, said Scott Stern an associate professor of management and strategy at Northwestern University's Kellogg School of Management."You can't get 53,000 people to sign nondisclosure agreements," Stern said. "So there's a danger that by revealing your emerging technologies and possible applications to so many people, someone else could take the ideas and develop them.

Press your lips to your cellphone, send your lover a kiss

2006-08-22T18:29:00.000+04:00

Touch screen developer Synaptics and industrial design house Pilotfish have teamed up to demonstrate a new touch-sensitive cellphone user interface able to recognise pointing, tapping, complex gestures and proximity to the user's cheek.This, they say "creates new possibilities such as assigning functions to two-finger taps, closing tasks by swiping an 'X' over them, sending messages by swiping them off the screen, or answering a phone by holding it up to your cheek."They suggest that their 'concept device', dubbed Onyx, will enable cellphone manufacturers to "visualise a fundamentally new form of user interface for mobile phones."For example, a phone using the technology could, they say, recognise rough shapes and be capable of sending "an emoticon style kiss message" in which the recipient would see an image of the sender's lips kissing the phone!The key to Onyx is Synaptics' ClearPad, an optically clear, capacitive touch screen 0.5 m thick that would be overlaid above the display screen of the phone. This would completely replace mechanical input keys and, the developers claim, be "more intelligent than conventional touch screens." According to Clark Foy, vice president of Synaptics, "The Onyx phone is a breakthrough illustration of how advances in interface technology and collaborative design will drive the future of mobile interactions and services."

Microsoft Fixes 23 Security Flaws

2006-08-10T08:16:00.000+04:00

Microsoft Corp. today released free software updates to fix nearly two dozen security holes in its Windows operating system and Microsoft Office products. At least 17 of the 23 flaws could be exploited by attackers to hijack vulnerable systems or to install malicious code, the company warned.
Dig through the details of the advisories and you will see that instructions showing would-be attackers how to exploit at least nine of the flaws have already been posted online. Microsoft also said it has seen at least three of the flaws being actively exploited in the wild. As usual, updates are available via Microsoft Update (Internet Explorer required) or through automatic updates.
Microsoft typically lists its security advisories each month in the order of most to least severe, and the first flaw detailed in today's patch bundle fixes a problem in the Windows "server service," which facilitates file-sharing among Windows systems that reside on the same network. This highly "wormable" bug is mainly a big deal for businesses, since it is most severe on Windows 2000 systems (most common in corporate environments). Also, many Internet service providers filter file-sharing requests between customers, but file-sharing is almost always turned on inside corporate networks.
The SANS Internet Storm Center, which was credited in part with the discovery of this flaw, reported evidence of it being exploited publicly as early as June 30. According to SANS, Microsoft replied that it was already aware of the flaw at that time. I understand the Department of Homeland Security's Computer Emergency Readiness Team (US-CERT) is set to release more information about this flaw later today. Of course, Security Fix will update this blog in the event that the DHS advisory adds any new wrinkles.
The next most serious advisory details two very dangerous vulnerabilities resident in Windows 2000, Windows XP and Windows Server 2003 that attackers could exploit merely by inducing a user to visit a malicious Web site. Microsoft said these flaws also could be exploited when a user opens a specially crafted e-mail or views one in the e-mail preview pane.
It wouldn't be a Patch Tuesday without a huge rollup for Microsoft's default Web browser. The IE patch fixes a total of eight vulnerabilities, five of which are especially serious -- depending on which version of the browser you're using and which version of Windows. One of the IE glitches, a problem with the way file transfers work, was originally reported to Microsoft in 2004.
Microsoft also fixed three critical vulnerabilities in versions of its Office software, including two that are actively being exploited to break into and steal information from vulnerable computers. One fixes Office 2000, Office XP and Office 2003, as well Microsoft Office and Powerpoint versions for Mac OS X (see the advisory for Mac Office download links). The second update addresses flaws in Office 2000 and XP, as well as Microsoft Project, Visio, Works and Visual Basic (see the advisory for links to those individual products).
Keep in mind that if you are using Office 2000 you will not be able to get those fixes through Microsoft Updates or through automatic updates. Office 2000 users will need to visit Microsoft's Office site and click on the "check for updates" link in the upper right corner of the screen. Office 2000 users who do not have their installation CD handy should be able to install the updates by choosing "no" at the "Do you have your Office product CD?" prompt.

Microsoft Patches Newest 'Dirty Dozen'

2006-08-10T08:10:00.000+04:00

Microsoft (Quote, Chart)released 12 patches aimed at resolving multiple security risks discovered in its operating system and popular Office suite.
Nine of the 12 security updates were deemed "critical," affecting various Windows components, as well as two Office applications previously known to be vulnerable.
The remaining three patches involved "important" security issues, such as remote code execution or elevated user privileges.
Several critical patches revisited flaws previously discovered in applications, such as PowerPoint, Outlook Express and Internet Explorer.
Another patch addressed flaws in a core Windows component already exploited in the "wild," according to a security researcher.
Steve Manzuik, research manager of eEye Digital Security, called MS06-40 important because the flaw in the Windows Services could allow attackers to take control of systems running Windows XP, Windows Server 2003 and Windows 2000.
Internet Explorer was the subject of a cumulative update answering eight critical flaws affecting IE 5.01 and IE 6 for Windows XP, Windows 2003 and Windows 2000.
The vulnerabilities include remote code execution, raised user privileges and information disclosure.
Today's patch MS06-42 replaces the MS06-021 security bulletin issued April 11.
The new patch re-enables ActiveX control handling disabled by the previous security bulletin.
A fix for a previously reported PowerPoint vulnerability was also part of the dozen patches released today.
Today's patch, MS06-048, replaces MS06-38, a security bulletin released in July.
The new patch is of critical importance for PowerPoint 2000 users, as well as for XP and 2003 PowerPoint systems.
Those using PowerPoint for the Mac should also download the patch, according to Microsoft.
A flaw in Outlook Express 6 for XP Pro and XP Service Pack 2, as well as Server 2003, could allow a remote attacker to run malicious code.
The MS06-043 critical patch resolves the problem, according to the software maker.
Rounding out Microsoft's "Patch Tuesday" event were two security updates ranked "important" for Windows users.
This month's dozen patches follows seven patches released in July to fix more than 10 security problems

Microsoft Invites Hackers to Test Vista

2006-08-04T14:57:00.000+04:00

LAS VEGAS (AP) - After suffering embarrassing security exploits over the past several years, Microsoft Corp. (MSFT) is trying a new tactic: inviting some of the world's best-known computer experts to try to poke holes in Vista, the next generation of its Windows operating system.
Microsoft made a test version of Vista available to about 3,000 security professionals Thursday as it detailed the steps it has taken to fortify the product against attacks that can compromise bank account numbers and other sensitive information.
"You need to touch it, feel it," Andrew Cushman, Microsoft's director of security outreach, said during a talk at the Black Hat computer-security conference. "We're here to show our work."
Microsoft has faced blistering criticism for security holes that have led to network outages and business disruptions for its customers. After being accused for not putting enough resources into shoring up its products, the software maker is trying to convince outsiders that it has changed.
"They're going directly to the bear in the bear's lair," says Jon Callas, the chief technology officer at PGP Corp., which makes encryption software and other security products. "They are going to people who don't like them, say nasty things and have the incentive to find the things that are wrong."
Due early next year, Vista is the first product to be designed from scratch under a Microsoft program dubbed secure development life cycle, which represents a sea change in the company's approach to bringing out new products. Instead of placing the addition of compelling new features at the top of engineers' priority list, Microsoft now requires them to first consider how code might be misused.
A security team with oversight of every Microsoft product - from its Xbox video game console to its Word program for creating documents - has broad authority to block shipments until they pass security tests. The company also hosts two internal conferences a year so some of the world's top security experts can share the latest research on computer attacks.
Cushman said the presentations have already paid off. One talk, delivered in March by a security expert named Johnny Long, detailed a new way to identify security holes using Google. Shortly after the talk, a Microsoft manager applied the technique and discovered a customer was at risk because it hadn't properly set up a computer that was running SQL, a database program that competes with business programs sold by Oracle Corp. (ORCL)
But internal conferences are one matter. Taking Vista to Black Hat, where some of the world's foremost security gurus annually make sport of ripping through programming code to find bugs, is another.
"The fact that they're releasing it here is probably a bold statement," said Mike Janosko, a security expert with Ernst & Young who has been reviewing Vista for several months

Microsoft to charge for Office beta

2006-07-29T16:58:00.000+04:00

Microsoft plans next week to charge a nominal fee for Office 2007 Beta 2 downloads, in a move that runs counter to the practice held by most software companies.
Consumers who download the 2007 Microsoft Office system Beta 2 will be charged $1.50 per download, beginning next Wednesday at 6 p.m. PDT, a Microsoft spokeswoman said.
"Since the end of May, Beta 2 has been downloaded more than 3 million times...That's 500 percent more than what was expected," the spokeswoman said. "The fee helps offset the cost of downloading from the servers."
Although Microsoft's Information Worker Product Management Group decided to initiate a fee for new users of Beta 2, the "technical refresh," or update, for current users of the software will remain free, the spokeswoman said.
Those who want to test drive Beta 2 to review how it works can access the software for free. But if they need to test it against their internal systems, a download or the CD is required.
"This is the first time Microsoft has charged for an Office beta, and it's not something that is planned for on a repeat basis," the spokeswoman said.

End in sight for Windows Vista

2006-06-01T13:56:00.000+04:00

London, (GUARDIAN NEWS SERVICE): Microsoft has been through a bad patch, but with its Windows Vista finally nearing roll-out, there is light at the end of the tunnel.
The moving train wreck that is Windows Vista finally began to approach itsdestination last week with the release of another major test version: beta2. This should mean it is ``feature complete'', with only bug fixes,performance tuning and a final polish before it reaches businesses at theend of this year, and consumers at the start of next year.
Looked at objectively, from a suitable distance, through half-closedeyes, it looks good. In particular, the graphics are often stunning whenrunning the new Aero Glass user interface.
The white unpainted areas and jaggedy lines often visible in Windows XPseem to be a thing of the past. In fact, you get something closer to thegraphics performance of a good game, and for the same reason - the graphicscard is doing most of the work, instead of leaving it to the mainprocessor. As a result, Microsoft says going back to a ``lower'' version ofWindows can mean it slows down instead of speeding up, because the load isthrown back on to the CPU.
The new transparency - the Glass that has been added to the Aerointerface - looks nice but may not last. At least it's controlled from asliding scale, so you can set how much transparency you want.
But there is still a lot to do, and beta 2 desperately needs thecomputer equivalent of the house doctor Ann Maurice - a function Steve Jobsperforms at Apple - to get the dozens of programming teams to throw out thecrap, or at least get their corners, rules and spaces reasonablyconsistent.
Still, Microsoft hauled more than one hundred journalists and analystsfrom 15 countries to a Vista reviewers' workshop in Seattle, so we couldget our copies of the new beta from the fair hands of Jim Allchin, who hasrun Windows development for more than a decade. He duly appeared on stagewith the first box of beta 2's, so we got them before the PC makers atWinHEC, the Windows Hardware Engineering Conference. Not that they were anyuse until an access code appeared in our mailboxes later.
Allchin then gave a memorable goodbye speech, using words such as``naive'', ``hugely painful'' and ``humbled'' because once Vista ships,he's being replaced by Steve Sinofsky, the current head of MicrosoftOffice.
Having taken Microsoft from zero market share to a market-leadingposition in the server operating system market, Allchin has earned hiscrust. But, as he admitted, ``I was naive about how big a deal the attacks[on Windows XP] were going to be''. Being handed a PC that was so infestedwith malware, even he could not clean it up, was ``a humbling experience'',he confessed.
A lot of the work that has gone into Vista is invisible because it hasbeen devoted to cleaning out insecurities, hardening services andsandboxing applications such as Internet Explorer 7+. Vista now seems muchbetter than XP SP2, which was dramatically better than XP. Whether it'senough, only time and the attentions of thousands of criminal, commercialmalware writers will tell.
A lot more work is equally invisible, because it caters for the needs ofVista's biggest and most important market: businesses. For example, Vistanow installs as a single image, which is simply copied across, rather thanas a sequence of separate files. Big companies like to construct and deploytheir own operating system image - typically including Windows and theirmain applications - but Microsoft's system is novel in that it can installan image on an existing hard drive without destroying applications anddata. These can be picked up later.
This also explains why all the versions of Vista, from Home Basic to theUltimate kitchen sink version, appear to take up the same 15GB of harddrive space. You get the whole thing, and can upgrade from one version toanother just by entering a code, without doing another installation or along download.
It's clever, but risky. Decisions have not been taken, but I was givento understand Microsoft was unlikely to ship the full image in countrieswith a high incidence of software piracy.
Vista also uses Windows PE (pre-installation environment) and, accordingto Windows' client group product manager Stella Chernyak, it canself-repair an otherwise unbootable system about 80% of the time. Since themain costs of an enterprise operating system are installation and support,Chernyak argued, Vista could save companies money.
And from a corporate point of view, it is extremely important Microsoftis launching new versions of Windows and Office at the same time, then anew version of Windows Server. After years without a significant upgrade infunctionality, companies will be able to make one great leap forward. Thiswill obviously be very convenient, and money could pour into Microsoft'salready overflowing coffers.
For those of us who have been following this particular development fromthe storage principles that appeared in the 1990s (Cairo) through to theLonghorn ideas that Microsoft showed even before the release of Windows XP,Vista looks a bit of a disaster. If Microsoft had delivered what itpromised in, say, 2004, it would have led the market. Instead, it'soffering much less, and delivering it much later - probably after three oreven more versions of, say, Mac OS X.
But, of course, we're an insignificant number of people with littlemoney and even less influence. Vista is probably going to ship about 500mcopies in 2007-08, with more than 10,000 PC manufacturers pre-installing iton almost every machine they make, across the four corners of the earth.And paying Microsoft about $25bn in cash.
I suspect most of these naive users will find a lot to like in Vista.They will like the clean interface and the speed of Windows Media Player11, the extra security and enhanced features of Internet Explorer 7+ (quicktabs, RSS feed detection, page zooming, print-to-fit), and the vastlyimproved Start menu. They will love the way little screen images pop upfrom the taskbar, and the way they can mouse-wheel rapidly through screensin Flip 3D mode - with videos still running. Some less jaded users willenjoy the gadgets - clock, slide show, weather information etc - that showin the Vista Sidebar, as per Konfabulator, or on accessory screens.
At least the geekier ones may discover other little features, such asthe ability to link two PCs via Wi-Fi, in Vista's MeetingSpace, the abilityto use plug-in USB thumb drives to add to their PC's memory (ReadyBoost),hard drives with built in Flash memory (ReadyDrives), and support forthings like 802.11i networking and Internet Protocol IPv6.
Vista will not get people dancing in the streets - except maybe Allchin- but it will probably keep the Windows market rolling for a few moreyears. Microsoft has certainly been through a bad patch, but the worst maybe over.

Experts Offer Advice to Prevent ID Theft

2006-05-24T19:35:00.000+04:00

SAN JOSE, Calif. (AP) - Consumer advocates have some advice for the 26.5 million veterans whose personal information was stolen from the home of a Veterans Affairs employee: Don't panic.

Identity theft may be a growing problem that affected 9.3 million Americans last year, according to Javelin Strategy and Research. But consumer advocates say a few precautions can lessen the chances of becoming a victim, even for people whose personal information has been stolen.
The first thing to do if you think your Social Security number, birth date or other sensitive data has fallen into the wrong hands is to place an initial fraud alert on your credit reports. There are three major credit reporting agencies, but a call to one - for instance, Equifax at 800-525-6285 - will ensure the other two are notified.

A fraud alert entitles you to a free copy of your credit report from each of the three companies. Order one from each and scrutinize them carefully for accounts you didn't open or debts you don't recognize. Also, make sure that information such as your Social Security number and employer are correct on each report.

(AP) RETRANSMISSION; graphic shows tips on avoiding identity theft; two versions. (AP Graphic)Full ImageIf you discover accounts or transactions you didn't authorize, call and speak with someone in the fraud department of each company involved. Keep a log of each person contacted, along with the date, time and topics discussed on each call.

An initial fraud alert also requires businesses to take additional steps to confirm your identity before issuing loans or opening accounts in your name. Be prepared for loan and credit card applications to take slightly longer to be processed.

It's important to understand that an initial fraud alert, as the name implies, is only a temporary fix. That's because it remains in effect for only 90 days. To prevent becoming a victim after the three months are up, you'll need to take additional steps.

Next, fill out an identity theft report with your local, state or federal law enforcement agency. It's unclear if the mere loss or theft of personal information constitutes identity theft, but filing a report may offer additional protections. The FTC makes an affidavit available at .http://www.consumer.gov/idtheft/pdf/affidavit.pdf

Ask each of the three credit reporting companies to place a freeze or extended alert on your account. Seventeen states have enacted laws that require the reporting companies to block access to your files in most instances. Check with the Consumers Union Web site or attorney general in your state to see if this is available where you live.

(AP) RETRANSMISSON; graphic shows tips on avoiding identity theft; two versions. (AP Graphic)Full ImageEven if your state doesn't offer this protection, ask Equifax, TransUnion and Experian to give you an extended alert anyway. This option will entitle you to two free credit reports per year, and it will also require the credit reporting companies to remove you from lists marketers use to send prescreened credit offers for five years.

To qualify for an extended alert, the reporting companies will require you to prove you've been the victim of identity theft, even though it is not always clear how the law defines a victim in this case. Be sure to include the FTC affidavit or other law enforcement report you filed. It is legal documentation that your personal identification has been stolen.

Finally, recognize that safeguarding your privacy is a never-ending task, even for people who have no reason to believe their personal information has been stolen. A little education and prevention, say consumer advocates, can go a long way.

"You need an ongoing vigilance," says Paul Stephens, a policy analyst with the Privacy Rights Clearinghouse in San Diego. "We want people to be proactive, to be vigilant, but we also don't want

Be Careful Where You Point And Click

2006-05-20T18:49:00.000+04:00

Data Proves That Certain Web Sites Contain Viruses, Spyware, Popups

(CBS) You’ve said it a thousand times: be careful where you point your browser and what you type if you’re on an untrustworthy Web site. Some sites contain nasty stuff like spyware, viruses and malicious code. In some cases, you’ll get spam if you give them your e-mail address.

Now there’s data to back that up, albeit commissioned by a company that makes its money selling products to protect you against the Internet’s dark side. Self interest aside, the data from a study co-led by Internet anti-spyware expert Ben Edelman and commissioned by McAfee confirms what experts have been saying for years: Be careful about sites that come up in searches. In addition to selling security software and services, McAfee, this April, acquired SiteAdvisor, which helps consumers analyze the safety of sites. The researchers analyzed results of searches on Google, Yahoo, MSN, AOL, Ask.com and found that "all of the major search engines returned risky sites in their search results for popular keywords" and that "dangerous sites soared to as much as 72 percent of results for certain popular keywords, such as 'free screensavers,' 'digital music,' 'popular software,' and 'singers.'

The report warns users to be especially cautious about sites that come up as sponsored (paid) results; these "contain two to four times as many dangerous sites" as the non-paid results, the report said. Sometimes you have to look carefully to figure it out, but the reputable search engines label sponsored results so users can distinguish them from the ones that come up based on the search engine’s actual criteria that establishes a site’s relevancy to a search term.

A Google search for "free iPods," for example, gives you a number of paid results which, according to SiteAdvisor, are potentially unsafe. The report found that "MSN search results had the lowest percentage (3.9%) of dangerous sites while Ask search results had the highest percentage (6.1%). Google was in between (5.3%)." The authors concluded that, "on the whole, we see little basis to conclude that any search engine is much safer than any other; safety rankings vary too much from search to search." The report’s authors estimated that each month consumers click on an estimated 285 million "hostile sites."

The researchers compiled 1,394 popular keywords using lists of common searches. "Adult search terms" were excluded. The results were analyzed using the database from McAfee’s SiteAdvisor Web safety database which is based on "automated tests that analyze Web sites for exploits, downloads containing spyware, adware, or other unwanted programs, pop-ups, links to dangerous sites, and e-mail submission forms," according to the report.

In addition to pop-ups, spam and adware, some sites use what are called "browser exploits" to install unwanted code on a user’s PC. In theory, these exploits can do serious damage to a PC or jeopardize a user’s privacy and safety by exploiting information for malicious or criminal purposes. The report was released to draw attention to a free McAfee product that helps consumers analyze a site before they click on it or before they submit any data to the site.

SiteAdvisor works with both Internet Explorer and Mozilla Firefox to show you a site’s rating from within Google, MSN or Yahoo even before you click on it. With SiteAdvisor installed, when you search for a term in one of those search engines, you’ll see a "safety button" next to the listing. A green check mark means that the site was tested and there were no significant problems found.

A yellow exclamation point means that "tests revealed some issues you should know about. (Example: a site tried to change our browser defaults, or sent a lot of "non-spammy" e-mail)" and a red X means that the site found "serious issues that you'll want to carefully consider before using this site at all. (Example: The site sent us lots of spammy e-mail or bundled adware with a download.)" Once you get to a site, regardless of how you got there, there is an icon in the lower right-hand corner that gives you a color-coded assessment of that site — which, if you click on it, reports with details as to why the site was given its rating, along with rating of some sites linked from the site you’re on.

In my tests, I found the SiteAdvisor results to be pretty helpful, but it wasn’t perfect. For example, it gave a green light to the greeting card site, 123Greetings.com. While I don’t have any evidence that the site puts any malicious code on your system, I do know that it pops up a lot of ads not only when you use it to send a card, but also when you click on a card that someone else sends you. Flaws aside, SiteAdvisor generally does give users some pretty good advice when it comes to sites that should be avoided. It’s not the end-all, but it is one more tool is users’ arsenal to help protect us from online bad guys.

VoIP Device Launch: New NETGEAR Skype WiFi Phone

2006-05-03T07:48:00.000+04:00

NETGEAR today announced pricing information and pre-order availability for the new NETGEAR Skype (News - Alert) WiFi (News - Alert) phone (model SPH101). This will be the first device said to be certified to make mobile Internet telephony a reality for Skype users worldwide. The phone can be pre-ordered now exclusively online at an MSRP of $249.99.

The SPH101 is the first Skype-Certified device to allow consumers to make unlimited free domestic and international calls to other Skype users over a wireless network without having to be tied to a PC. The WiFi phone will work anywhere in the world where a user has a secured or open access to a WiFi network.

The device comes pre-loaded with Skype software and ready out-of-the-box to use with a wireless network. The device's intuitive on-screen color menu shows saved Skype contacts and their online availability for easy communications, similar to the PC experience.

"We are pleased to announce pre-order availability of NETGEAR's Skype WiFi phone to those who have been anxiously awaiting the product launch since we unveiled a prototype at the Consumer Electronics Show," said Patrick Lo, NETGEAR's chairman and chief executive officer in a statement. "Our phone combines NETGEAR's innovative wireless networking technology with the simplicity of the Skype experience, while freeing users from the PC. With tens of thousands of customers already registered for more information on the NETGEAR Skype WiFi phone via our Web site and millions of registered Skype users, we're thrilled to bring forth this market-defining product to meet the pent-up demand of such an enthusiastic user community around the globe."

The new NETGEAR Skype WiFi phone is currently available for online pre-ordering at an MSRP of $249.99, and is backed by a one-year warranty and 24/7 technical support. All customers placing pre-orders will get 30 free SkypeOut minutes to many phones worldwide as well as 30 days of free Skype Voicemail, compliments of NETGEAR and Skype, for being the first to own the phone.

"By offering NETGEAR's unique WiFi phone to our global users, we are enabling them to enjoy the same Skype experience they love, but with the freedom of mobility," said Saul Klein, vice president of global marketing for Skype. "We are committed to working with industry leaders like NETGEAR who share our dedication to connecting the world through easy-to-use, innovative technologies."

Skype announced today that it also joined forces with Polycom (News - Alert) to introduce the Polycom Communicator, a Skype-certified, co-branded USB speakerphone that integrates Polycom's Acoustic Clarity Technology to deliver hands-free, natural, two-way voice communication for Skype voice and video conversations, without echoes or feedback.

The device complements the new Skype for Business offering, providing a portable, personal speakerphone system that delivers high-fidelity wideband voice communications for individuals or small groups. In addition to the core speakerphone capabilities, the Polycom Communicator also offers a high-quality audio output for playing music and games from a laptop or desktop PC.

NETGEAR, Inc.
http://www.netgear.com
Skype
http://www.skype.com

Computer Researchers Warn of Net Attacks

2006-03-16T18:04:00.000+04:00

WASHINGTON (AP) - A new variety of unusually powerful Internet attacks can overwhelm popular Web sites and disrupt e-mails by exploiting the computers that help manage global Internet traffic, according to security researchers.

First detected late last year, the new attacks direct such massive amounts of spurious data against victim computers that even flagship technology companies could not cope. In one of the early cases examined, the unknown assailant apparently seized control of an Internet name server in South Africa and deliberately corrupted its contents.

Name servers are specialized computers that help direct Internet traffic to its destinations.

The attacker then sent falsified requests to the compromised directory computer, which unleashed overwhelming floods of amplified data aimed wherever the attacker wanted.

Experts traced at least 1,500 attacks that briefly shut down commercial Web sites, large Internet providers and leading Internet infrastructure companies during a period of weeks. The attacks were so targeted that most Internet users did not notice widespread effects.

Ken Silva, the chief security officer for VeriSign Inc., compared the scale of attacks to the damage caused in October 2002 when nine of the 13 computer "root" servers that manage global Internet traffic were crippled by a powerful electronic attack. VeriSign operates two of the 13 root server computers, but its machines were unaffected.

"This is significantly larger than what we saw in 2002, by an order of magnitude," Silva said.
Silva said the attacks earlier this year used only about 6 percent of the more than 1 million name servers across the Internet to flood victim networks. Still, the attacks in some cases exceeded 8 gigabits per second, indicating a remarkably powerful electronic assault.

"This would be the Katrina of Internet storms," Silva said.
The U.S. Computer Emergency Readiness Team, a partnership with the Homeland Security Department, warned network engineers in December to properly configure their name servers to prevent hackers from using them in attacks. It called the attacks "troublesome" because name servers must operate to help direct Internet traffic.

New Google Desktop Grabs More Of Microsoft‘s Turf

2006-02-17T13:56:00.000+04:00

New Google Desktop Grabs More Of Microsoft‘s Turf
Staff and agencies
14 February, 2006

By Reuters
InternetWeek Thu Feb 9, 6:49 PM ET

SAN FRANCISCO - Web search leader Google Inc. is introducing an upgraded version of its software for users to organize and find information on any computer and to share it with friends, the company said on Thursday.

Google Desktop 3 poses new challenges to Microsoft Corp.‘s dominance of the way people interact with computers, but also demands users place far greater trust in Google‘s capacity to protect their privacy.

Google Desktop vacuums up data stored on a user‘s PC and makes it accessible on any other computer in regular use by the customer at home or work or even on an airplane trip, assuming users consent to storing data on Google‘s central computers.

In addition, Google said it is turning "Sidebar," a system introduced six months ago for viewing live updates of personal information, into a way to share quick notes, news, photos or other tidbits of data with friends or colleagues.

"This is starting to amount to a new operating system, though Google would never describe it as such," Gartner Inc. analyst Allen Weiner said. "It is going to be Microsoft‘s challenge to offer the same level of flexibility and power for both consumers and content creators."

Google also is opening up its mini information panels to encourage independent developers to build applications for users, borrowing a strategy first popularized by Apple Computer Inc. and Yahoo Inc. (Nasdaq:YHOO - news), and which Microsoft plans to introduce in the next version of Windows for consumers.

These mini-programs can be shared in a few clicks with any user of Google Talk, which operates as a kind of background communications system.

Google has built 100 such "applets" so far -- from games such as online chess or tick-tack-toe to monitors for checking airline flight times or eBay auctions in progress, said Sundar Pichai, Google‘s director of product management.

Outside developers will be encouraged to contribute many more starting from Thursday. Customers would download these from Google‘s site at http://desktop.google.com/.

These instant-information panels are perfect also for small-screen mobile phones and other devices -- making good on its goal of giving access to information anywhere.

Still, Rob Helm, an analyst with "Directions on Microsoft," said that the world‘s largest software company had both technical and business defenses against Google.

Microsoft has far more diverse businesses than Google including not just its Windows operating system, but Office applications, server and database software and Web services. Google basically depends on advertising alone, Helm noted.

"It is a race where Google is trying to get into Microsoft‘s business before Microsoft cuts off Google‘s advertising business," Helm said.

Many Google Desktop users report a shock of realization when they become aware how much personal information about themselves is contained on their machines.

But by giving users the ability to search for text documents across their computers, Google risks angering corporate security managers who may fear the loss of corporate secrets through the openness of such systems.

Google officials said the company already offers an "enterprise" version of Google Desktop that gives network administrators control over the level of freedom users have to share files within or outside their organizations.

Individual users also have the ability to select which documents or folders are excluded from document sharing.

Another security feature allows users to lock out anyone but themselves from using Google Desktop search on their computers in order to protect PC data from prying colleagues.

Weiner said the computer industry‘s drive to deliver a wide array of personally relevant information to consumers on PCs, phones, TVs or in their cars increasingly demand trade-offs between personal privacy and convenience and personalization.

"Google is willing to proceed...even if a significant percentage of people will not use these features, at least immediately," Weiner said. Yahoo faces some of the same issues with its push to run its services on phones and TVs, he said.

By: Eric Auchard

Microsoft Releases Office 2007 Details

2006-02-17T12:58:00.000+04:00

Office 2007 to be released late 2006
Tom Sanders in California, vnunet.com 17 Feb 2006

Microsoft's forthcoming Office suite has shed its Office 12 codename and official received its new "2007 Microsoft Office" moniker.

The productivity suite is currently in beta and is slated for release by the end of this year. A second beta has been promised before June.

The most visible enhancement to the suite is the new user interface that the company first demonstrated at the Professional Developer Conference last year in Los Angeles. Menu buttons are set to change according to the task that the user is performing, eliminating the need to dive into pull down menus when searching for the appropriate item.

The launch will also see the introduction of the first major release of the Groove Virtual Office collaboration suite since the application was acquired by Microsoft last April. Since the acquisition, the Groove's founder Ray Ozzie has been appointed Chief Technical Officer and is the architect of Microsoft's Live Software initiative.

Microsoft plans to make available seven editions of the suite. Consumer and small business will see few if any changes, but the software maker has created a new version catering to enterprises called Microsoft Office Enterprise 2007.

Microsoft Amends Blog Shutdown Policies

2006-02-01T02:38:00.000+04:00

Microsoft Amends Blog Shutdown PoliciesJan

31, 4:52 PM (ET)
By ALLISON LINN

SEATTLE (AP) - Microsoft Corp. (MSFT) says it is setting new policies on shutting down Web journals after its much-publicized squelching of a well-known Chinese blogger at the request of Chinese officials.

The Redmond software company, operator of a popular blogging technology called MSN Spaces, said Tuesday that it will endeavor to make blogs available to users elsewhere even if Microsoft decides it is legally obliged to block them in a particular country.

The company also pledged to provide users with a clear notice that it has shut down a Web site when the decision to do so stemmed from a legal mandate. Previously, it has simply said the content was unavailable.

Brad Smith, Microsoft's top lawyer, said in an interview that the circumstances of a shutdown will dictate whether a blog's archived content alone will continue to be available elsewhere, or whether the person can continue posting information to users outside the country that ordered the blockage.

"Some of this, I think, we just have to recognize is evolving technology and changing law," said Smith, speaking by phone from a Microsoft-sponsored government conference in Lisbon, Portugal.

MSN Spaces, which allows users to post journals, pictures and other content on the Internet, boasts 35 million users, including 3.3 million in China.

The company has maintained that it is important to be able to provide users across the globe with such tools even if local laws constrain what it can make viewable in specific countries.
"We think that blogging and similar tools are powerful vehicles for economic development and for creativity and free expression. They are tools that do good," Smith said. "We believe that it's better to make these tools available than not, but that isn't the end of the discussion, either."
Late last year, Microsoft shut down the site of a popular Chinese blogger at Beijing's request. The blog, written under the pen name An Ti by Zhao Jing, touch on sensitive topics such as China's relations with Taiwan and press freedoms in China.

Microsoft rivals, including Google Inc. (GOOG) and Yahoo Inc. (YHOO), also have grappled with - and received criticism surrounding - how they censor their offerings in foreign countries.
Google said last week that it would filter sensitive topics from Web searches in China. Yahoo came under fire last year after it provided the government with e-mail account information for a

Chinese journalist who was later convicted for violating state secrecy laws.
Smith said Tuesday that Microsoft hopes to build industry and government support for more formal policies on dealing with content censorship requests from foreign governments, but he wouldn't say whether he had spoken with competitors such as Google and Yahoo directly.
John Palfrey, executive director of Harvard Law School's Berkman Center for Internet and Society, lauded Microsoft's moves as an important first step.

But he expected Microsoft to face considerable government pressure if it does start disclosing government censorship and makes good on its pledge to show censored data outside the country in question.

"Where we'll see whether the policy is meaningful or not is the first time the state comes to Microsoft ... and says, "So you're publishing to the world the subversive political statements of somebody online. Who is it?'" he said. "Does Microsoft fold or stand pat?"