Industry Standard Breaking News

Google, MTN, Grameen improve local content in Uganda

IDG News Service — Thu, 09 Jul 2009 13:55:10 -0700

When Google set up its sub-Saharan Africa offices two years ago, many people wondered about their role -- some thought they were going to donate to projects, pay for content, employ a lot of people -- and many did not understand what the big deal was about the tech giant entering the region.

For the huge number of people living in rural areas, with no electricity or Internet access and unaware of the world of "Google search," the excitement seemed too much. But today, Google's weight and ability to pull other heavyweight companies to rural areas is being felt.

Uganda is the first beneficiary of a project that combines the resources of MTN, the Grameen Foundation and Google to deliver real-time information in agriculture and health, and a virtual marketplace for buying and selling goods and services powered by Google SMS search. After 18 months of development and testing, the partners have provided five applications that are expected to change the way rural areas access information and do business. The applications were developed through the Grameen Foundation AppLab.

The suite of five mobile applications includes Farmer's Friend, a searchable database with both agricultural advice and targeted weather forecasts; Health Tips, which provides timely, relevant information on sexual and reproductive health, paired with a Clinic Directory, which enables people to locate nearby clinics; and Google Trader, which matches buyers and sellers of agricultural produce and commodities as well as other products.

"MTN, Grameen Foundation and Google have been energized by the fact that Uganda is a fast-growing economy. My trust is that the people of Uganda shall emulate their example and come up with even better ideas," said Aggrey Awori, Uganda's ICT minister.

For a long time, rural farmers have been exploited by middlemen and brokers who lie about market information, while hospitals are long distances away and access to basic health information is lacking.

"Uganda is hungry for products that empower individuals, and key areas like agriculture, trade and health are reason enough for all to embrace this product," said Themba Khumalo, MTN Uganda CEO.

Uganda is one of the first countries in Africa to embrace mobile phones -- at the time that Kenya was inviting tenders for a second mobile operator, Uganda was seeking a third company. The services are based on short message service and designed to work with basic mobile phones to reach the broadest possible audience.

"AppLab is a great example of innovation from and for the base of the pyramid, bringing relevant, actionable information to communities where the Internet is unknown," said Alex Counts, president of the Grameen Foundation.

The Grameen Foundation's Technology Center is seeking to replicate its success in Bangladesh and provide more solutions to Africa. The tech center focuses on creating opportunities for poor people to share and access essential information through innovative uses of mobile phones, which are in the hands of nearly 4 billion people around the world.

The new services in Uganda can be accessed by existing village phone operators (VPOs), which extend service to people without mobile phones, as well as by people who have their own phones. VPOs and other trusted intermediaries serve as a bridge between communities lacking access to essential information and the sources that can provide it.

"These sustainable and scalable models put critical information and knowledge directly into the hands of poor people with access to mobile devices in an effort to further alleviate poverty," said Joseph Mucheru, Google's lead for sub-Saharan Africa. "This work has significance to both individuals and to the broader economy of this emerging region."

The collaborative effort is seeking to answer the call for increased local content and demand for technology services as the East Africa region embraces cheap bandwidth.

"As the East African fiber-optic cables begin to connect Uganda to the global Internet community, it is vital that the foundation for a thriving Internet economy be established. Many impressive organizations are focused on this goal, and we hope to enhance these efforts as much as possible," said Rachel Payne, Google Uganda country manager.

The information in the applications was developed in collaboration with key local partners. The Uganda Department of Meteorology provides daily updates for the weather application. The Busoga Rural Open Source Development Initiative (BRODSI) provides locally relevant and actionable agricultural information, created and tested by small-holder farmers and designed to meet their needs. For the health application, AppLab works with Marie Stopes Uganda, the local affiliate of a leading service provider for sexual and reproductive health, and Straight Talk Foundation, a Ugandan NGO that specializes in health communication.

Microsoft ties Dynamics CRM to Twitter

IDG News Service — Thu, 09 Jul 2009 13:42:42 -0700

Microsoft has integrated its Dynamics CRM (customer relationship management) software with Twitter, in just the latest move by an enterprise software company to latch onto the wildly popular micro-blogging service.

The social-networking accelerator -- part of three new add-on modules Microsoft is releasing for Dynamics CRM -- culls and catalogs relevant Twitter messages, such as a discussion about the Dynamics user's company, and provides various analytic tools.

The integration, announced Thursday, is also meant to help Dynamics users boost their sales databases. Twitter usernames can be converted into a Dynamics CRM customer record or sales lead, to which more data, such as a phone number, can be added over time.

So far the accelerator is only compatible with Twitter, but Microsoft is planning to connect with other social networks as well.

Microsoft's move to connect with Twitter follows a similar announcement made in March by rival CRM vendor Salesforce.com. And an entire software company, CoTweet was formed around the goal of tapping Twitter's potential for CRM.

Twitter itself could end up getting in the CRM game, such as through a paid service that tracks and analyzes conversations around particular brand names, Forrester Research analyst Jeremiah Owyang speculated in a recent blog post.

Meanwhile, Microsoft's ongoing accelerator strategy reflects another trend: How traditional software vendors are responding to the rise of SaaS (software as a service), which is marked by frequent small updates, instead of a major release once a year or two.

The other two CRM accelerators announced Thursday include a module that helps customers manage sales opportunities along with partners, and one for connecting Dynamics CRM systems to company portals.

The modules can be downloaded at no charge and will be available within the next few weeks, according to Microsoft.

Facebook attracting more users with gray hair, wrinkles

IDG News Service — Thu, 09 Jul 2009 13:04:50 -0700

Facebook is growing in popularity and its users are growing long in the tooth, according to a study released this week.

A report released by iStrategyLabs show that while the number of Facebook's U.S. high school and college-age users declined over the past six months, its popularity among the 55-and-older crowd is booming. In fact, the number of 55-and-older Facebook users showed staggering growth -- 513.7% -- in the last six months, the digital consulting firm said.

This isn't a new phenomenon for Facebook. In March, Hitwise Pty. reported that the social network's audience of people over the ripe old age of 35 increased by 23% in February compared with the same month last year. While Facebook was first launched to serve college students, over the past year or so the network has expanded to include many middle-aged folks.

While social networking sites were thought to be the domain of teenagers wanting to talk about school dances and their latest favorite band, it now looks like a quickly growing number of people on Facebook are closer to receiving their first copy of AARP than they are to taking their first college class.

The iStrategyLabs report also shows a 190.2% growth in the 35- to 54-year-old category.

Facebook isn't the only social network attracting older users.

A comScore, Inc. report released in April showed that people aged 45 to 54 are 36% more likely than other age group to use the Twitter microblogging site. That category is the biggest user of Twitter, followed by those aged 25 to 34, who are 30% more likely to Tweet out updates about their life and work.

And the news isn't just about older users joining social networking sites. Part of it about asking where the younger users are going?

The iStrategyLabs report notes that students are apparently fleeing Facebook. The report shows that Facebook has 16.5% fewer high school students on it and 21.7% fewer college students than six months ago.

"There have been rumors that these younger user groups are being alienated by their parents joining the service, and this data seems to prove it," said Peter Corbett, CEO of iStrategyLabs in a blog post.

Overall, Facebook showed strong growth over the last six months, with the number of U.S.-based users up 70.8%. And, ccording to iStrategyLabs, 54.6% of the social networking site's users are female.

Microsoft promises to stymie hackers next week with new patches

IDG News Service — Thu, 09 Jul 2009 13:04:48 -0700

Microsoft today said it would deliver six security updates next Tuesday, including two for holes that hackers have been using for months to attack Windows and Internet Explorer (IE).

Of the six updates previewed today in the advance notice, three will affect Windows, and one each will patch problems in Publisher, Internet Security and Acceleration Server (ISA) and Microsoft's Virtual PC and Virtual Server software. The Windows updates will be tagged "critical," Microsoft's highest threat ranking, while the others will be marked "important," the next rating down in the company's four-step scoring system.

The two aimed at a pair of zero-days -- vulnerabilities exploited before a patch is available -- are the top story, said Andrew Storms, director of security operations at nCircle Network Security. "What really trumps today are the [fixes for the] known bugs," said Storms, referring to one vulnerability in DirectX's DirectShow and another in an ActiveX control exploitable through IE6 and IE7.

"In fact, it's difficult to guess what we'll see in the other [four updates], but in the end it probably won't matter much," Storms said. "What we need are the mitigations for the DirectX and ActiveX bugs."

Microsoft made clear that two of the three critical Windows fixes next week will address vulnerabilities it has acknowledged in a pair of recent security advisories. In itself, that's very unusual; normally, the advance notifications and any accompanying commentary don't specify which bugs will be patched. "It is unusual," said Storms. "But I'm not entirely surprised, because of the way that Microsoft has been more communicative about security."

"We will be addressing the issue ... concerning a vulnerability in DirectShow," Jerry Bryant, a spokesman for the Microsoft Security Research Center (MSRC), said in a blog post today.

Bryant was referring to a late-May warning in which Microsoft acknowledged that on-going attacks were targeting a flaw in the QuickTime parser within DirectShow. Microsoft was not able to produce a patch in time to meet the regular June update schedule.

Also on Tuesday's books is a fix for the more recent ActiveX bug that hackers have been using since early June to hijack increasing numbers of Windows XP PCs. According to the researchers who discovered the bug, Microsoft has had details of the vulnerability for more than 12 months, and attacks have been conducted since at least June 9.

Earlier today, Mike Reavey, a director at MSRC, confirmed that Microsoft has known of the bug since the early spring of 2008, but denied that the company knew of in-the-wild attacks until last week. "We were made aware of the attacks only the day before we released the advisory," Reavey said.

The fix for the ActiveX vulnerability won't be a patch per se, said Reavey, but will instead be an automatic update that will set a large number of "kill bits" to disable the flawed control. The fix, then, will be the same as the manual workaround that Microsoft published Monday along with its advisory.

"This will block all known attacks," promised Reavey, who added that Microsoft will continue its work on a full-fledged patch, which will be released at some point in the future. He declined to say whether that patch would be delivered "out-of-cycle" -- outside the normal monthly update schedule -- when it is ready.

Knowing exactly what will be fixed is an added bonus for users, argued Storms, again pointing out how unusual it is for Microsoft to confirm patches in today's advance warning. "Knowing that that patch is coming out Tuesday, enterprises may halt their current efforts to deploy the workaround and just wait for the automatic update," he said.

"The rest of the updates are a smorgasbord, if you will," Storms said, when asked to describe the other four updates slated for delivery on Tuesday. "For the most part, it looks like we're back to the historical trend, where newer products have fewer risks."

But the big news is the fixes for the two zero-days, he repeated. "Everyone should be glad to see them," he said.

Microsoft will release the six updates at approximately 1 p.m. ET on July 14.

The botnet world is booming world

IDG News Service — Thu, 09 Jul 2009 12:10:51 -0700

The thriving world of botnet attacks continues to demand IT's attention.

With U.S. and South Korean government Web sites hit by distributed denial-of-service (DDoS) attacks this week by a botnet controlled by an unidentified attacker -- North Korea is suspected, however -- the shadowy world of botnets continues to grow unabated.

According to the ShadowServer Foundation, a group sharing information about botnet activity, the number of identified botnets, which started to take off about half a dozen years ago, has grown from about 1,500 two years ago to 3,500 today.

So far the botnet-directed attacks against the United States and South Korea, believed carried out through hidden manipulation of about 50,000 compromised computers using an updated version of an old virus, MyDoom, have done no lasting harm to the many Web sites struck, although the U.S. Federal Trade Commission and the Department of Transportation suffered outages and FTC.gov still is struggling, according to Keynote Systems, which measures and monitors Web site use. And the DDoS botnet episode is ongoing, with more hits expected on South Korean banks and a newspaper, says South Korean antivirus firm AhnLab, which analyzed malware samples associated with the attacks.

It's not just DDoS attacks that are associated with botnets. Botnets are usually specialized, designed for criminal tasks that range from spam distribution; stealing identity credentials such as passwords, bank account data or credit cards and keylogging; click fraud; and warez (stealing intellectual property or obtaining pirated software).

"There's usually a primary purpose to a botnet," says Jose Nazario, manager of security research at Arbor Networks. "There are turf wars out there as criminals are vying for the desktop. They try to kick each other off."

Although botnets come and go, the more successful ones have endured for years as large command-and-control systems operated by shadowy groups that have taken over hundreds of thousands of desktops and sometimes servers.

These botnets are bequeathed names -- usually quirky ones -- by researchers probing them, with the first to identify a new botnet typically getting to name it.

Gammima (gaming password stealer), Conficker (fake antivirus) and Zeus (information stealer), are among what are believed to be the largest, according to security firm Damballa.

But sizing botnets up in terms of actual numbers of compromised computers, under their control as bots (sometimes called "drones") is tough, many experts say.

That's because these numerical counts, typically based on detected numbers of infected machines, are often based on IP addresses where numbers are influenced up or down by network technologies such as network-address translation. And there's constant change.

The irony of Conficker, which has infected an estimated 1 million to 10 million machines and has made attempts to sell fake antivirus to its victims, is that it remains so quiet.

"It's one of the largest botnets out there but currently it's doing nothing," says Nazario, who believes Conficker has infected about 5 million Windows-based computers.

The easiest type of botnet to count seems to be the spam botnets. According to Symantec's MessageLabs division, the top botnet in June was one called Cutwail, which generated more than 45% of all spam worldwide through a botnet controlling about 1.4 million to 2.1 million compromised computers at any time.

But the Federal Trade Commission's shutdown last month of Web hosting firm Pricewert, accused of illegal activities involving botnets and child porn (which Pricewert denies) has disrupted the Cutwail botnet, says Matt Sergeant, chief antispam technologist at MessageLabs.

Cutwail, which exists as two distinct malware versions "is not currently No. 1 anymore," Sergeant says. He predicts that by the end of July, it's likely the No. 2 botnet, Rustock, which had only controlled 4.5% of the world's spam, will jump to about 50% of spam, with Cutwail knocked down, though struggling for a comeback.

The buyers of spam services in the underground economy appear to be switching from Cutwail to Rustock, Sergeant suspects. Both botnets have existed for several years, with their master controllers suspected to be in Ukraine or Russian-speaking countries. Several other researchers see strong ties to Ukraine and Russia in general for all manner of botnets..

Nazario and Sergeant both say prosecuting illegal botnet activity is very difficult across the jurisdictional boundaries of different countries, though they credit the Federal Bureau of Investigation with determined law-enforcement efforts on this front today.

One of the most dangerous botnets out there, by many accounts, is Torpig, which is designed to steal identity credentials, credit cards, bank account and PayPal information, and more.

"It's very sophisticated, hiding on your machine with a rootkit to survive," says Joe Stewart, director of malware research at SecureWorks. "It will silently sit there in the system and grab bank account log-in and silently send them out of your machine."Infiltrating the Torpig botnet to find out exactly what it was doing was the mission undertaken earlier this year by eight researchers at the University of California, Santa Barbara, in the Department of Computer Science's security group. They set up a server in an undisclosed location and simply waited for Torpig to find it, based on an analysis of Torpig malware.

"We knew in advance what were the sequence of addresses they would visit so we just waited," says Giovanni Vigna, the UC Santa Barbara computer science professor who teamed with staff and graduate students to bust into Torpig.

Last month they published the eye-popping account of what happened in the 10 days before they were dropped from Torpig, apparently because its operators discovered the infiltration.

The report, "Your Botnet is My Botnet: Analysis of a Botnet Takeover," details how the Torpig botnet was seen to have made more than 180,000 infections on victim's machines and recorded 70GB of data collected by the bots in just 10 days.

Torpig obtained the credentials of 8,310 accounts at 410 different institutions. The top targeted were PayPal, Poste Italiane, Capital One, E*Trade and Chase. About 38% of the credentials stolen by Torpig were obtained from the password manager of browsers, rather than by intercepting an actual log-in session, according to the report. Torpig also collected 1,660 unique credit and debit cards, prominently Visa, MasterCard and American Express, with 49% of the victims thought to be in the United States. Torpig in those 10 days was seen to grab 297,962 unique credentials from 52,540 different Torpig-infected machines, with the top Web account credentials identified for Google, Facebook, MySpace, netlog.com, libero.IT, Yahoo, nasza-klasa.pl, alice.it, live.com and hi5.com.

The UC Santa Barbara researchers also observed traffic that suggested individuals thought infections were cleaned up when they weren't.

The main means of infection with Torpig comes from drive-by downloads from legitimate Web sites that have become compromised with malware by attackers, or occasionally attack sites set up for the purpose.

The effect of the drive-by download is "it modifies your browser so it becomes different," Vigna says. When you next visit your banking Web site, the Torpig-infected desktop displays a fake Web page that tricks the victim into entering his banking password and log-in, for example. Torpig then has it and sends it off to the Torpig operators.

The UC Santa Barbara researchers suspect Torpig is a "malware service" accessible to third parties for a fee.

Vigna says the researchers never discovered who runs Torpig, but did share data with the FBI. UC Santa Barbara was assisted in the Torpig infiltration project by funding from the National Science Foundation, which is supporting a five-year effort to explore the underground economy.

The Torpig botnet suggests a pattern of cooperation between attackers compromising Web sites with malware that directly helps those operating Torpig gain more victims, and it's a trend that likely extends beyond Torpig.

"One of the biggest things we've seen is the dramatic shift to the Web browser," Nazario says about the problem of drive-by downloads. Like other researchers, Nazario says botnets mainly exploit Windows-based machines. "It has become the biggest door into the PC." Users have to stay up to date with patching and benefit from using the latest version of browsers.While it's Nazario's opinion that "Russians have perfected loaders as a service for spamming malware," he predicts the Chinese have a growing interest in botnets. "The Chinese are where the Russian perpetrators were 10 years ago."

NTIA seeks volunteers to review broadband applications

IDG News Service — Thu, 09 Jul 2009 11:36:05 -0700

The U.S. National Telecommunications and Information Administration, scheduled to distribute US$4.7 billion in broadband deployment grants over the next 15 months, will count on volunteers to review grant applications.

The NTIA, in a document released this week, asks for people to apply to become volunteer reviewers of the broadband grants. The NTIA's broadband grant program is part of $7.2 billion that the U.S. Congress approved for broadband in a huge economic stimulus package approved earlier this year.

"As a reviewer, your evaluations will be an important factor considered by NTIA in determining whether to award grant funding," the NTIA document said.

It's "a little scary" that volunteers will have the power to accept and reject broadband applications, said Craig Settles, an analyst and president of consulting firm Successful.com. Volunteers may have limited expertise, or they may have biases that aren't evident to the NTIA, he said.

"You’re about to enter a competitive bidding process with millions of dollars at stake for your community," Settles wrote on his blog. "I think you’d want the best people stimulus money can acquire influencing who the winners are. I feel it’s a reach to expect the best people are going to volunteer for this gig."

A NTIA spokesman didn't immediately respond to a phone call and an e-mail seeking details about the volunteer program.

Volunteer reviewers will likely be working from home with "moderate supervision," Settles said. Volunteers will be required to attend a webinar orientation session and teleconference panel reviews, the NTIA said.

Volunteer reviewers will be required to have some connection to the broadband industry, although the volunteers will have to comply with rules from NTIA parent agency the U.S. Department of Commerce on conflicts of interest and confidentiality, the NTIA document said. Reviewers must have "significant expertise and experience" in either designing and building broadband networks, educating or training consumers about broadband, or working in programs to increase demand for broadband, the NTIA document said.

"So you take away the money, conflict of interest means you can't reap the future rewards, why would you do this?" Settles said. "And if the qualified folks don't do it, what are we left with? When was the last time you volunteered for jury duty -- or looked forward to being judged by the people who can't figure out how to escape jury duty?"

It's ironic that volunteers will be determining who gets economic stimulus money, Settles added. "When last I checked, this is a stimulus bill for creating paying jobs," he wrote. "How the heck can you justify asking people in a crappy economy to work for nothing on a jobs-creation project that has money budgeted to pay for the work these volunteers are being asked to do?"

Officials with the U.S. Rural Utilities Service (RUS), which will distribute the remaining $2.5 billion in broadband stimulus money, told members of a congressional subcommittee Wednesday that they plan to hire additional staff and use contractors to review broadband grant and loan applications.

Prankster admits faking Google Chrome OS screenshots

IDG News Service — Thu, 09 Jul 2009 11:17:48 -0700

File this under: Don't believe everything you see.

The anonymous blogger who earlier today posted "screenshots" of an early build of Google's Chrome OS has admitted he faked the images.

Before he confessed, however, numerous blogs and Web sites -- from Engadget to Neowin.net -- took the bait and accepted the screenshots as legitimate. Computerworld blogger Seth Weintraub was also duped.

The screenshots were accompanied by a backstory in which the blogger said he worked for a company that supplied parts for Acer, and had witnessed a demo of an early version of Chrome OS, the Linux-based operating system that Google announced yesterday.

"I was the last to leave the room and the Google Rep seemed to forget his privacy," the blogger wrote. "I happened to have my Mini-Cam with me and took these medium quality shots. I am sorry I couldn't get better. They were all taken in less than 10 seconds. Adrenaline was rushing like crazy."

Almost immediately, some readers called out the images as phony. "If these shots were real, and you really were putting your job on the line, you wouldn't say 'I was the last to leave the room,'" pointed out a commenter named, appropriately enough, "fake," in a message posted about three hours later. "It wouldn't be that hard to figure out who you are, would it? What's more, which Google rep demos a new OS on a kitchen bench?"

The prankster, who has not revealed his name, came clean about eight hours after his original post. "I am sorry if you beleived [sic] it. It was a really bad attempt. You all are smart people. I never planned on it getting this big. But it did," the blogger wrote. He included a video clip that illustrated how he created the bogus screenshots.

With interest in Chrome OS off the charts, it's not surprising that bloggers, reporters and users were fooled into thinking that the images were legitimate. News of the operating system, which some have said poses a long-term threat to Microsoft but not necessarily to Apple, was featured prominently yesterday on sites that generally don't follow technology news closely.

Igloo Software warms up to the Canadian channel

IDG News Service — Thu, 09 Jul 2009 10:44:39 -0700

Igloo Software, a Canadian online community and social networking software vendor, wants to increase its channel business by 55 per cent by the end of next year, and is working towards this goal by partnering with value added distributor, Arrow Enterprise Computing Solutions (ECS).

Arrow ECS, a business segment of Englewood, Colo.-based Arrow Electronics Inc., is the first distributor to represent Igloo's Software's entire integrated communications suite of solutions.

Dan Latendre, CEO of Kitchener, Ont.-based Igloo, said the company builds online communities for organizations of all sizes. This includes workplace communities such as Intranets, and external marketplace communities where employees can establish relationships with others who are outside of it.

"We offer an integrated communication suite that includes Web content management tools and a suite of collaboration tools such as wikis, blogs, forums and social networking," Latendre said. "This is all provided through the cloud as a software-as-a-service (SaaS) offering, which is hosted by us."

The company currently does about 25 per cent of its overall business through the channel, but Latendre says he wants to increase this to 80 per cent by the end of next year.

"We do business worldwide and we have about 20 to 25 partners, which include ISVs, VARs and consultants," he said. "We'll fold (these) partners into Arrow's distribution because we'd prefer they buy through distribution so we can centralize our support and services."

Robert Boulet, vice-president of Arrow ECS in Canada, says the distributor, which focuses on higher enterprise and software and storage solutions, has a few hundred partners in Canada and growing.

"Igloo solutions let partners have more discussions and stickiness with their end-users," Boulet said. "There are limitless opportunities because the solutions are applicable to lots of verticals, as long as people have a need to work together."

Because Igloo solutions are hosted as a SaaS, Arrow ECS doesn't have any products to ship. Its role, Boulet said, is to help accelerate Igloo's growth by being a channel-enabler to reach more resellers and end-users. The company also assists in training partners on the Igloo product line.

"We're in this game to support our partner and channel community," Boulet said. "So if partners grow, we grow."

The Igloo solutions are sold on a per month charge, either on a per-user or unlimited-based model, on a 12, 24, or 36-month lease term. Latendre said there are Web, Enterprise and a Professional editions as part of Igloo's software suite.

As for working with other distributors in the future, Latendre said he's "monitoring" this right now. The company is in the midst of working with Arrow ECS to create a partner portal, which should be up by the end of Q3 this year, he added.

"Everybody in the market now is looking to implement some soft of social software in this business," Latendre said. "This is an opportunity for partners to bring complete social solutions to their customers in a branded kind of way, with less risk involvement because users are renting the software instead of buying it."

Slimming your data down with the Symantec Diet

IDG News Service — Thu, 09 Jul 2009 10:41:25 -0700

Symantec Corp. announced its data deduplication strategy on Tuesday, also known as the Symantec Diet, as well as upcoming product releases which will help the company deliver on its strategy.

Matt Kixmoeller, vice-president of product management and emerging products with Symantec's data protection group, says that the company has updated its deduplication strategy to reflect its data protection and management values.

"We think deduplication should be everywhere and that customers should reduce storage around the whole backup and archive solutions set," Kixmoeller said.

The main challenge that many customers face today is that their data's "obese," Kixmoeller explains.

"Data is still growing and budgets are being crunched," he added. "Companies and storage admins are finding it hard to keep up with data growth and a flat budget."

Symantec's solution to this problem is what Kixmoeller says the company calls the Symantec Diet. It's a deduplication strategy that partners can use with their customers to illustrate how businesses can reduce data, infrastructure and complexities. Since the channel makes most of its money on services, Kixmoeller said partners can use the Symantec Diet as a blueprint to bring more of a consultative sales approach to their customers. The Symantec Diet is made up of three key components which include reducing data, implementing deduplication closer to the source to store less and reduce overhead costs, and archiving.

By taking advantage of built-in deduplication features, such as in Symantec's Enterprise Vault Solution, Kixmoeller says redundant data can be eliminated and there will be fewer complexities. Built-in deduplication also allows businesses to reduce the number of tools that are required to manage policies, he added.

"Deduplication lets customers re-use what they already have," Kixmoeller said. "As part of the (deduplication) strategy, customers can put off buying new storage on average for six months to a year."

Symantec recently released a new version of its NetBackup solution, which helps users manage, protect and recover their data across storage tiers, locations and the operating system. The newest release, NetBackup 6.5.4, now offers parallel support for both VMware and Microsoft Hyper-V environments, Kixmoeller explains. Also new in this release is Granular Recovery Technology (GRT), which lets users back up the entire virtual machine so in the event of a disaster, the solution can recover the whole machine, or a small file within it. The solution also has integrated disk pool deduplication capabilities too.

"We're driving towards integrating deduplication in all of our products," Kixmoeller said. "This will save customers a lot of money and partners will be able to further help customers save on costs by evolving into a next-generation architecture."

The company will also be releasing later this year its PureDisk 6.6 solution, which offers users improved deduplication capabilities for virtual machine images, as well as a virtual appliance option.

Symantec's Backup Exec Windows protection and systems recovery solution will also come out with a new release, Backup Exec 2010 during the second half of this year. And NetBackup 7, which will feature client-side and media-server deduplication, will be available beginning next year, Kixmoeller said.

EC's Reding calls for shake-up of online copyright laws

IDG News Service — Thu, 09 Jul 2009 10:32:34 -0700

European laws governing the digitization of content such as books, movies and music need a major re-working in order to keep Europe relevant in the digital age, said the European Commissioner for the information society and telecoms Viviane Reding on Thursday.

Laying out her manifesto for a renewed five-year term in the job, Reding said in a speech that she shares the frustrations of Internet companies including Google, which would like to offer interesting business models in the field of online book publishing,"but cannot do so because of the fragmented regulatory system in Europe."

She dismissed the existing legal framework around the downloading of content such as music and film from the Internet, arguing that it forces users to become pirates and called for "simple, consumer-friendly" rules for accessing digital content in Europe's single market.

Around 60 percent of 16- to 24-year-olds admit to having illegally downloaded content from the Web she said, citing a European Commission survey. Piracy is increasingly being seen as "sexy" among what Reding called the young "digital natives."

"Are there really enough attractive and consumer-friendly legal offers on the market? Does our present legal system for Intellectual Property Rights really live up to the expectations of the Internet generation? Have we considered all alternative options to repression?

Have we really looked at the issue through the eyes of a 16 year old? Or only from the perspective of law professors who grew up in the Gutenberg Age?" Reding asked.

"Growing Internet piracy is a vote of no-confidence in existing business models and legal solutions. It should be a wake-up call for policy makers," she told the conference hosted by Brussels think tank, the Lisbon Council.

In addition to overhauling the online copyright rules, Reding said she wants to create a Europe-wide public registry for books that have gone out of print or whose authors are unidentifiable.

"More than 90 percent of books in Europe's national libraries are no longer commercially available, because they are either out of print or orphan works," Reding said, adding that a Europe-wide registry "could stimulate private investment in digitization, while ensuring that authors get fair remuneration also in the digital world."

Google welcomed her comments. "Book digitisation projects send a strong signal that authors, publishers, libraries and technology companies can work together to bring back to life the world's lost books," said Santiago de la Mora, Google's head of European book partnerships in a statement.

Creating a registry is "important," he said, adding: "We want to play our part."

Much of her speech focussed on how information and communication technologies can help dig Europe out of the worst economic downturn since the 1930s.

In addition to her ideas for boosting digital content she also repeated her call for the rapid adoption of the raft of laws collectively known as the telecoms package, which were blocked in spring by a disagreement between lawmakers over Internet users' rights.

The telecoms package covers everything from the distribution of radio frequencies, to the creation of a Europe-wide regulator, to protecting users' privacy on line. The broad aim of the laws is to forge one single telecoms market for the 27 nation bloc.

"Experts also estimate that the present regulatory fragmentation in telecoms costs Europe's businesses 20 billion euros per year -- a cost factor that, in view of the present crisis, we should eliminate as soon as possible by bringing the reforms into force, and by applying the new rules effectively," Reding said.

Microsoft Puts Disciplined Sinofsky In Charge of Windows 7

IDG News Service — Thu, 09 Jul 2009 09:41:54 -0700

Congratulations to Steven Sinofsky, an old Microsoft hand, who having managed to avoid the Vista disaster while still delivering Office and Windows 7 on-time today finds himself President of Windows, responsible for the OS, Windows Live, and Internet Explorer.

This is as much a confirmation of Steve Ballmer's belief that Microsoft has turned the corner on Vista as anything you'll find. Sinofsky's leadership with Windows 7 has been judged a success--and the product isn't even finished yet.

If there is a single word that defines the Sinofsky regime, it's discipline. He is not known for making the mistake of promising too much, too soon, and is recognized for getting products out the door pretty much on schedule. The feature list may change, but the ship date is firm. Shipping, it's said, may be the most important product feature of them all.

It is also worth nothing, that Win 7 itself is an act of discipline. A major complaint about Vista was its expansiveness. It was too big a change in too many ways and, essentially, ended up tripping over itself. A noble failure, perhaps, but a failure nonetheless.

Win 7 doesn't expand upon Vista, but reigns it in, delivering many of Vista's benefits in a package that is more familiar and doesn't try to do too much. Win 7 is a minimalist Vista, if you will, and has so far been accepted with much acclaim.

The Sinofsky approach, if that's what it is, has worked for Windows 7 and seems to have won him a pass to work on whatever is next. This includes the Azure cloud OS and the whole issue of Internet-based applications and whatever Microsoft does to repond to Google Chrome OS, both the browser and operating system.

Sinfosky's challenge may not be to come up with Window 8 as much as to lead Microsoft into a future where operating systems aren't as important as they once were and where cloud-based applications and services will drive innovation and revenue.

Tech industry veteran David Coursey tweets as techinciter and can be reached via his Web site at www.coursey.com.

Oracle mysteriously halts work on green data center

IDG News Service — Thu, 09 Jul 2009 09:25:58 -0700

Oracle recently halted work on a green data center project in a suburb of Salt Lake City, but it is not clear why.

The data center in West Jordan, which is supposed to support Oracle's on-demand division, was announced last year under the name "Project Sequoia."

Various reports have placed the center's size at 200,000 square feet, with a construction budget of about US$300 million. The project was to make major advancements in power savings, according to a presentation by Oracle CIO Mark Sunday at last year's LinuxWorld conference.

But for now, that vision won't be realized.

"They've said they are going to postpone construction," said Michael Sullivan, communications director for the Governor's Office of Economic Development. Utah expects that Oracle will resume the project, but the vendor hasn't stated a time frame, Sullivan added.

Oracle stands to enjoy millions in state and local incentives, but under Utah's regulations, it won't receive anything until the project is completed, according to Sullivan.

Sullivan declined to speculate on the reasons behind Oracle's decision.

One possible clue is tied to the vendor's pending acquisition of Sun Microsystems, which recently opened an advanced data center in the neighboring state of Colorado.

Oracle did not respond to requests for comment Thursday.

Crime lab saves energy costs by turning up heat in the data center

IDG News Service — Thu, 09 Jul 2009 09:09:49 -0700

There's plenty of evidence that turning up the temperature in data centers is both cost-effective and safe, but many IT shops are still reluctant to take the plunge. CIO Joseph Tait of NMS Labs in Pennsylvania admits "it was an uncomfortable decision" when his IT team raised the thermostat from 68 to 73 degrees Fahrenheit.

But cost and environmental concerns had spurred a company-wide green initiative at NMS, a "CSI"-like crime lab near Philadelphia, and reducing HVAC costs was one of the top priorities. NMS started implementing its green initiative last year, and the project will ultimately include virtualization in the data center and a solar power system to provide 30% of the company's power.

"Who doesn't want to reduce costs?" Tait says. "[We started] this before the economy even tanked."

Tait is one of many IT executives who will be sharing their stories and best practices at Network World's IT Roadmap Conference & Expo in Philadelphia next week, one of 10 such events being held in various U.S. locations throughout 2009.

NMS Labs handles clinical toxicology and forensic testing, often for criminal cases. It's not as glamorous as "CSI" but "it's interesting, certainly," Tait says. "We get everything from blood work resulting from a run-of-the-mill DUI stop all the way up to DNA evidence under a murder victim's fingernails."

NMS has about 75 scientific instruments, 50 servers and 350 computers overall. Powering down devices that don't need to be on 24 hours a day has helped save energy, as have other initiatives, including upgrades to refrigeration, UPS and generator systems; video teleconferencing; automated power management systems; and using efficient light bulbs.

NMS has cut electricity costs by roughly 15% to 20% and has more cost-saving projects on the way.

The company is planning a solar panel project that could provide 25% to 30% of its power by next year. With tax incentives, the project is a no-brainer, according to Tait.

See if a Network World IT Roadmap is coming soon to your town

Inside the data center, upgraded cooling equipment and virtualization will play key roles. Tait is building a new data center that will replace four out-of-date air conditioning units with two larger ones. He is also phasing out older servers and planning to virtualize new ones that replace them.

"We've got about 50 servers in our data center and we're thinking virtualization can cut that in half," he says.

Tait is hoping a smaller number of servers, with virtualization, will lower his power needs and simplify management.

"Simplify and standardize is a good strategic plan for any IT department," he says. "What we've got here is a very complicated and customized environment that over the years was built into a messy bird's nest full of stuff."

While NMS is a relatively small company with 225 employees and two facilities within a mile and a half of each other, IT Roadmap attendees will also hear from Terry Harris, former CTO of De Lage Landen (DLL), a global financial services firm. Harris will discuss building resilient, dynamic data centers, and a DLL project that consolidated the company's data centers from five to two, one in the United States and another in Europe.

Key technologies for the consolidation project included VMware virtualization for x86 servers, IBM Power virtualization, and EMC's Symmetrix Remote Data Facility (SRDF) disaster recovery replication software.

DLL wanted two sites separated in distance to avoid the possibility of a regional disaster shutting down both data centers. "We wanted multiple replication and failover scenarios. With SRDF we could replicate over a long distance," Harris says. "In order to accomplish that, we had to install a global high-speed wide-area network connecting the two data centers."

Harris left DLL in January and became an infrastructure architecture consultant with Synthes, a medical device company in West Chester, Penn. Synthes is not consolidating data centers but is designing a similar "twin center" concept in an effort to ensure resiliency and become more responsive to business needs, Harris says.

In the years after Sept. 11, 2001, businesses are paying much greater attention to availability and resiliency in their IT infrastructures, he says.

"You're obligated to improve the resilience of your infrastructure," Harris says. "At the same time you're improving your resilience, you can also make it more dynamic by leveraging real-time infrastructure computing concepts, the ability to provision services and tear down services very quickly in response to business needs. By making your infrastructure more resilient and dynamic, that helps your IT department become a business enabler."

Another speaker at IT Roadmap will be Tom Amrhein, the CIO of Forrester Construction in Maryland, who will discuss managed services, software-as-a-service and cloud computing.

Forrester Construction is using managed services for VoIP and application management, and contracts with Iron Mountain for off-site backup, retention and storage. Amrhein will discuss how various outsourcing models can help offload IT tasks that don't differentiate the business, and let the IT department "shift resources to tasks that make our business more competitive and better serve our customers," he said.

Instant-on Linux vendors put on a brave face against Chrome

IDG News Service — Thu, 09 Jul 2009 08:57:35 -0700

Google Inc. says its coming Linux-based Chrome operating system will "start up and get you onto the web in a few seconds."

If Chrome can fulfill that promise, that could render the cut-down, instant-on Linux platforms offered by a cadre of smaller vendors less compelling, if not obsolete.

Those vendors include DeviceVM Inc. with its Splashtop mini-Linux, BIOS maker Phoenix Technologies Ltd., with its Linux-lite HyperSpace platform, Xandros Inc.'s Presto, and Good OS LLC's Cloud offering.

Makers of instant-on environments claim their offerings can boot in a matter of seconds, compared with the several minutes usually taken by Windows. They also say their platforms start up more reliably than Windows when woken from sleep or hibernate modes.

But early versions let users do little apart from surf the Web. That has changed in recent months. Phoenix added the Office-compatible ThinkFree suite this spring, while DeviceVM says it is close to adding support for streamed enterprise apps.

That has allowed some of these vendors to gain traction. DeviceVM, for instance, says eight out of the 10 largest PC makers are installing Splashtop as a second "pre-boot" environment as an adjunct to the main Windows operating system.

But Chrome's entry "is going to make it a lot harder for them to make a go of it," said independent analyst Jack Gold.

Not so, say these vendors. Mark Lee, CEO of DeviceVM, insists that Chrome OS "validates Splashtop's value proposition" and won't interfere with its growth.

"By the end of 2010, Splashtop will be in the hands of more than 150 million desktop, net-top, notebook, and netbook users," Lee said in an e-mailed statement. "Google's entry into the market should accelerate this trend, and help to make instant-on the de facto computing standard."

Woody Hobbs, CEO of Phoenix, said HyperSpace can run on both ARM and Intel CPUs, which Chrome aims to do. Moreover, HyperSpace can run as a "dual resume" environment side-by-side with Windows or a Linux environment such as Chrome, Hobbs said in a statement, allowing users to quickly switch back and forth between environments. That feature is unique to Phoenix, he said.

With Google unlikely to target Chrome as a secondary quick-boot environment for netbooks primarily running Windows, that leaves a niche for instant-on vendors, said Jeffrey Orr, an analyst with ABI Research.

Gold, meanwhile, said instant-on vendors might be able to compete if they can show much lower battery consumption than Chrome either when on or in sleep mode.

UK debates outsourcing EHR to Google or Microsoft

Sindya Bhanoo — Thu, 09 Jul 2009 08:26:30 -0700

Two major opposition political parties in the United Kingdom are in a debate over how to maintain electronic health records, according to a report in The Guardian.

The Conservative Tories would like to encourage patients to use services such as Google Health and Microsoft HealthVault.

Another party, the Liberal Democrats, support a $19 billion dollar government plan to build a national patient record database. The plan has been in the works since 2005.

With Google or Microsoft, "people can store their health records securely online; they can show them to whichever doctor they want," David Cameron, the current Tory leader said at a recent conference. "They're in control, not the state."

However, Barry Murphy, head of technology at PricewaterhouseCoopers told ComputerWorld UK that although using Google or Microsoft could save money, it could also lead to complications.

"It would...need to be accompanied by an explicit and implicit trust that the data would not be misused, abused or lost," he said.

The UK's National Health Service has been planning an electronic database for patient records since 1998, according to a study sponsored by the Robert Wood Foundation. The database is expected to see completion in 2014, four years behind schedule.

The Wood Foundation study reported that while there is strong support for EHR throughout the UK, differing viewpoints on how to best implement a nationwide system has resulted in slow progress.

Dangerous security flaw likely just a hoax

IDG News Service — Thu, 09 Jul 2009 08:13:41 -0700

A claim of a software vulnerability in a program used to connect securely to servers across the Internet is likely a hoax, according to an analyst with the SANS Internet Storm Center.

The program, called OpenSSH (Secure Shell), is installed on tens of millions of servers made by vendors such as Red Hat, Hewlett-Packard, Apple and IBM. It is used by administrators to make encrypted connections with other computers and do tasks such as remotely updating files. OpenSSH is the open-source version, and there are commercial versions of the program.

Earlier this week, SANS received an anonymous e-mail claiming of a zero-day vulnerability in OpenSSH, which means a flaw in the software is already being exploited as it becomes public. It's the most dangerous type of software vulnerability since it means there's no fix for it yet and the bad guys know about it.

A true zero-day vulnerability in OpenSSH could be devastating for the Internet, allowing hackers to have carte blanche access to servers and PCs until a workaround or a patch is readied.

"That's why I think people are actually creating quite a bit of a panic," said Bojan Zdrnja, a SANS analyst and senior information security consultant at Infigo, a security and penetration testing company in Zagreb, Croatia. "People should not panic right now. Nothing at this time points that there is an exploit being used in the wild."

The evidence of a true zero-day vulnerability in OpenSSH is weak, Zdrnja said. So far, analysts haven't seen a working exploit, despite worries that a group called Anti-Sec may have found a zero-day that allowed them to control a Web server. Details on the hack were posted on Full Disclosure, which is an unmoderated forum for security information.

When pressed for more details, a person claiming to be part of Anti-Sec wrote an e-mail to IDG News Service saying "I'm not allowed to actually discuss the exploit (or whether or not it exists)," which was signed "Anonymous."

Zdrnja said the same group compromised another server recently, but it appeared to be a brute-force attack against OpenSSH. A brute-force attack is where a hacker tries many combinations of authentication credentials in order to get access to a server. If an administrator is using is using simple log-ins and passwords, it makes a server more vulnerable to a brute-force attack, Zdrnja said.

Both of the compromised servers were run by the same person. "I suppose what we are dealing with here are two hackers in a war between themselves," Zdrnja said.

But there are other factors that indicate a zero-day for OpenSSH doesn't exist. If the zero-day existed, hackers would probably be more likely to use it against a more high-profile server than the most recent one that was compromised, Zdrnja said.

One of OpenSSH's developers, Damien Miller, also threw cold water on the possibility of a zero-day. Miller wrote on an OpenSSH forum on Wednesday that he exchanged e-mails with an alleged victim of the zero-day, but the attacks appeared to be "simple brute-force."

"So, I'm not persuaded that a zero-day exists at all," Miller wrote. "The only evidence so far are some anonymous rumors and unverifiable intrusion transcripts."

There also seems to be some confusion between the alleged zero-day and a different vulnerability in OpenSSH, Zdrnja said. That vulnerability, which is as of yet unpatched, could allow an attacker to recover up to 32 bits of plain text from an arbitrary block of ciphertext from a connection secured using the SSH protocol in the standard configuration, according to an advisory from the U.K.'s Center for the Protection of National Infrastructure (CPNI).

The severity of the vulnerability is considered high, but the chance of successful exploitation is low, according to CPNI. Zdrnja said administrators can implement stronger authentication mechanisms in OpenSSH using public and private keys to guard against a successful attack. In an advisory, OpenSSH also stated that the possibility of a successful attack was low.

IBM security software masks confidential info

IDG News Service — Thu, 09 Jul 2009 08:05:50 -0700

IBM researchers said today they have developed software that uses optical character recognition and screen scraping to identify and cover up confidential data.

According to IBM the driving idea behind the MAGEN (Masking Gateway for Enterprises) system is to prevent data leakage and allow the sharing of data while safeguarding sensitive business data.

MAGEN works at the screen level by ‘catching’ the information before it hits the screen, analyzing the screen content, and then masking those details that need to be hidden from the person logged in. The major novelty lies in architecting a single system that handles a wide range of scenarios in a centralized and unified manner, IBM stated.

The IBM system treats the screen of information as a picture and uses optical character recognition to identify the pieces that were defined as confidential. It then places a data 'mask' over the details that need to remain hidden—without ever copying, changing, or processing the data, IBM said.

IBM said customers can set masking rules specify parts of screens to be masked and that such rules can be defined per screen structure or per application. Each role can be defined with a specific privacy level depending on the needs of the customer.

MAGEN does not change the software program or the data -- it filters the information before it ever reaches the PC screen -- and does not force companies to create modified copies of electronic records where information is masked, scrambled, or eliminated, IBM stated.

IBM cites an example of a MEGEN application a healthcare firm that outsources customer service and claims processing functions to a third-party. Although private medical information in the patient records can’t be shared with the contractors, customer service representatives need access to patient records. In these kinds of cases, MAGEN can hide private information so that it never appears on the agents’ screens, IBM stated. Or, it can partially hide data, such as for the screens of call center customer service representatives, who only need enough identifying data to access, confirm or update an account.

IBM researchers have been on a security roll of late. Big Blue last week said one of its researchers made it possible for computer systems to perform calculations on encrypted data without decrypting it. IBM said the technology would let computer services, such as Google or others storing the confidential, electronic data of others will be able to fully analyze data on their clients' behalf without expensive interaction with the client and without actually seeing any of the private data.

The idea is a user could search for information using encrypted search words, and get encrypted results they could then decrypt on their own. Other potential applications include enabling filters to identify spam, even in encrypted email, or protecting information contained in electronic medical records. The breakthrough might also one day enable computer users to retrieve information from a search engine with more confidentiality, IBM said.

And last year IBM researchers came up with a small device they called "security on a stick" for use in online banking so customers plugging into any computer can protect transactions and find out if Trojan malware is trying to steal funds.

Created in IBM's Zurich Research Lab, the "security on a stick" is still a prototype and being tested in a few trials in Europe, says Michael Baentsch, a senior researcher there. IBM, which unveiled the device today, officially calls it the "Zone Trusted Information Channel" because the little USB-based device works to set up a secure channel to an online banking site supporting it.

Do Windows and Mac Users Read Blogs Differently?

Fred Wilson — Thu, 09 Jul 2009 07:56:40 -0700

All the talk about Chrome OS got me thinking about operating systems and how different OSes are used by people. Also, a comment on my post yesterday by Scott Shapiro got me to segment this blog reader base by windows and mac users in Google Analytics this morning. I looked at all the visits to this blog year to date by mac users and windows users and then looked at where each set of users come from. The data is interesting and here it is:

The most interesting fact is that 56% of Windows users visit this blog direct or via a google search whereas only 46% of Mac users get here by those two methods.

That 10% difference is offset by a much higher percentage of visits from Mac users coming from links on Twitter, Google Reader, Hacker News, Techmeme, Facebook, FriendFeed, Disqus, and several other services.

There are a few services that weight heavier with Windows users, like delicious, stumbleupon, and Yahoo Search (which is barely used by Mac users).

This community is a leading edge geek community so it's dangerous to make too much of this data. But I think it is safe to say that Mac users are more likely to jump on new services like Twitter and FriendFeed more quickly than Windows users. And it is also true that tech news junkies who hang out at places like Hacker News and Techmeme are more likely to be Mac users than the average news junkie.

The Twitter data is particularly interesting to me. Over 10% of Mac visits to this blog come from Twitter, whereas that number is only 5% for Windows users. That's a big difference and I'm not entirely sure what to make of it. I wonder if Twitter's user base skews Mac way more than the Internet as a whole?

Thoughts?

Vizioncore ships virtual backup and recovery tool

IDG News Service — Thu, 09 Jul 2009 07:29:26 -0700

The new version of Vizioncore's flagship backup package for virtual machines has exited its beta programme and is now available on general release.

Vizioncore has also took announced a couple of data protection bundles for small-to-medium sized businesses (SMBs).

vRanger Pro 4.0 DPP (Data Protection Platform) was first revealed in May when it went into beta. Essentially the product allows enterprises to protect their data held on virtual machines (VMs). The new version has an improved user interface, and features enhanced backup and recovery options. It is also includes support for VMware's latest cloud operating system, vSphere 4.

Key features of the new version include more flexible backup and restore options, including instant file level restore, backup and restore to and from SFTP and CIFS repositories, direct to target backups, as well as PowerShell access and full integration with VMware vCenter and vMotion.

A customisable GUI management console allows system administrators to schedule and perform entire image, incremental or differential backups of their virtual infrastructure, while the virtual machines remain running.

"We are extremely pleased at the public response to this product, and literally hundreds of our customers participated in the vRanger Pro 4.0 DPP design and testing cycle," said Chris Akerberg, President and Chief Operating Officer, in a statement. "This level of community participation validates to us that the market needs the flexibility and advancements we have introduced with the Data Protection Platform."

vRanger Pro 4.0 DPP is now available to download and trial. Pricing is $499 (£311) per CPU.

Meanwhile the company also announced the Vizioncore SMB Data Protection Pack, which is essentially a new sales package aimed SMBs that have adopted, or are considering, VMware vSphere Essentials. It includes licences for six CPUs, equivalent to the vSphere Essentials licence.

Vizioncore SMB Data Protection Pack comes in two bundles. The primary bundle includes Vizioncore vRanger Pro for data protection and Vizioncore vControl for high availability, capabilities that not currently offered in the entry-level vSphere Essentials.

There is also a more comprehensive edition, Vizioncore SMB Data Protection Pack with Replication, which offers vRanger Pro and vControl, but also adds the additional protection and security of Vizioncore vReplicator for offsite disaster recovery replications.

Google Chrome OS: Five Big Obstacles in the Windows War

IDG News Service — Thu, 09 Jul 2009 07:18:09 -0700

Google announced yesterday that it has an open-source operating system for PCs in development that shares the same name as the company's browser: Chrome.

The Chrome OS announcement generated more buzz than a swarm of bees and has been called an OS market game-changer by some in the blogosphere. A Google blog post heralding Chrome OS offers a direct challenge at nemesis Microsoft and will raise some eyebrows in Redmond.

In the post, Google provides some details about Chrome OS, including: it is separate from mobile OS Android; it is targeted at netbooks; it will run on both x86 and ARM microprocessors; and it will be available for consumers in the second half of 2010.

Windows 7 Bible: Your Complete Guide to the Next Version of Windows

But should Microsoft feel truly threatened by Google's shot across the bow? Not right now, say industry watchers. Too many factors are working against Google to make real inroads at this time.

Five key obstacles face Google as it prepares to get in the PC operating system game.

It's Just a Netbook OS

Google has framed the Chrome OS as fast and lightweight. It will use the Web as its platform, which is perfect for the growing netbook market, but not enough to take on Microsoft is a serious fashion, say industry analysts.

Roger Kay, veteran analyst and president of research firm Endpoint Technologies, says Google's Chrome OS will not be much of a threat to Microsoft if the OS is not equipped to manage hardware.

"Google will need years to build up the library of device drivers to really take over the hardware world," Kay says. "Google's view is that all you need to see is a pane of glass - a browser window - to look through, but a real OS has to manage hardware as well."

Long-time software analyst and ZDNet blogger Dennis Howlett agrees that Chrome's potential to steal market share from Windows has been blown out of proportion.

He writes in a recent blog post: "The initial target seems to be the netbook, but I don't see how anyone can realistically extrapolate that to world dominance of the entire PC market, let alone the crucially important server market."

Even Netbooks Not a Sure Thing

Howlett goes on to question Chrome's ability to succeed in the netbook market itself.

He writes: "Linux has not fared so well in the netbooks market and I don't see anything here that makes me think Google Chrome OS will do any better."

Al Gillen, analyst at research firm IDC, has reservations about whether the Google name alone is enough to turn mainstream users on to Linux. "The real question is can the Linux distro powering the Google Chrome OS be hugely successful where other Linux distros have not been hugely successful?"

Another analyst, Tim Bajarin, president of consulting firm Creative Strategies, says Chrome OS will be challenged by the widespread need for Windows compatibility.

"Consumers have already told us that they expect netbooks to act just like any other notebook and support all the Windows apps and peripherals on the market," Bajarin says.

It's Shipping Too Late

Google says the Chrome OS will not be available to consumers until the second half of 2010, giving Windows 7 (scheduled to ship on Oct. 22) nearly a year to settle into the market.

In a blog post, veteran Microsoft watcher Mary Jo Foley, who stresses that the Chrome OS will be good for OS innovation and competition, writes that she is still dubious that Chrome will be a player anytime soon. One of the main reasons is that Google is waiting too long to launch.

"Google Chrome OS is shipping in the second half of 2010? And people criticize Microsoft for pre-announcing vaporware by years? Late 2010 is eons from now in the computing world," Foley writes.

The Enterprise Runs on Microsoft

ZDNet's Howlett says it has taken many years for enterprise buyers to even consider bringing Linux in house. This will be a big challenge for Google with Chrome OS, he says.

"No enterprise buyer I know will go within a country mile of committing its users to something at that level of maturity," writes Howlett. "An enterprise still wants a throat to choke. In offering Chrome OS as open source, Google has effectively washed its hands of responsibility to maintain. Who will pick up the cudgels?"

The enterprise remains Microsoft's bread and butter, its biggest franchise. And that's not likely to change soon.

Too Many Open-Source Chefs in the Kitchen

In its decision to make Chrome open source, Google is signing on to let people alter and revise the source code. At high level like this, can a vendor afford to give away that much control?

ZDNet's Mary Jo Foley thinks not. "As Apple has shown quite well, when one vendor controls both the computer hardware and software, and doesn't let anyone else touch it, a PC has more cohesiveness and less crapware," she writes.

Foley adds that Microsoft quite successfully allows OEMs to customize Windows PCs, but does not allow the OEMs to tinker with the operating system.

"How many different Chrome OSes will there be? Who will be the entity users call when they have OS problems?" writes Foley.

Are you a Tweeter? Follow me on Twitter at twitter.com/smoneill. Follow everything from CIO.com on Twitter at twitter.com/CIOonline.

H20 rolls out sewer broadband to Sheffield

IDG News Service — Thu, 09 Jul 2009 07:16:15 -0700

Sheffield will be following Bournemouth as the next location in the UK to get 100Mbps broadband via the existing sewer system.

H20 started its 'Fibrecity' project, which sees fibre-optic cables laid in the sewer system to deliver super-fast broadband to homes, in Bournemouth earlier this year. It has now extended the programme to cover Sheffield and will build on a fibre network already existing in parts of the city.

According to H2O, the cables will allow users to enjoy on-demand HDTV, download DVD-quality films in minutes and take part in HD gaming services, using a 4in box attached to the front of the house, connected with the fibre cables.

Work is expected to be completed by September. H20 says it plans to roll out the service to a number of cities across the UK, but will work in conjunction with an ISP to offer super-fast broadband to consumers.

Take part in PC Advisor's Broadband Survey 2009

Google Native Client provides hints on Chrome OS gambit

IDG News Service — Thu, 09 Jul 2009 07:00:48 -0700

Google Wednesday didn’t reveal many specifics about its Chrome operating system project, but a technology the company introduced late last year could provide a preview of what is to come.

Google Native Client was released by Google engineers in December as a research project under an open-source software license. Last month, Google began upgrading the project to a development platform.

Native Client is designed to help developers create Web programs that can take advantage of local processing power such as that offered on the netbook platform Google is targeting with Chrome OS. Web-based applications using the Native Client technology would run faster and behave more like desktop applications.

As described by Google, the Chrome OS is a lightweight, Linux-based operating system that boots up quickly and gets users on the Web in a few seconds.

Google said Wednesday, “most of the [Chrome] user experience takes place on the Web,” which could be an indication that Native Client technology would be needed when the “user experience” is not executing on the Web.

In Wednesday's Chrome OS announcement, Google dropped numerous hints that link Native Client to the goals of the Chrome OS project, including security features, platform and browser support and auto-updating features.

Google says it plans to redesign the underlying security architecture of the OS so users won’t have to deal with viruses, malware and security updates.

Last month, Google’s Brad Chen, engineering manager for Native Client, wrote on Google's Web site that the company would update Native Client to include Google Omaha, the company's automatic updating technology.

“Google's Omaha project is representative of the kind of auto-update support we think is appropriate for robust desktop infrastructure,” Chen wrote.

Security has been a prime focus because it is Native Client's Achilles Heel. The technology's security works by examining software before it runs and comparing its intended procedures against a list of prohibited actions. If the software is allowed to run, it executes in a protected sandbox. The technique is referred to as static analysis.

“We recognized the underlying technology to be ambitious and risky, and felt strongly that a generous measure of public scrutiny was appropriate before we committed to any definite plans,” Chen wrote.

As part of that effort, last week Google awarded cash prizes to two researchers as part of a bug hunt contest to help make the Native Client more secure.

Google said Wednesday that Web applications designed for the Chrome platform would run on Chrome OS and on any standards-based browser on Windows, Mac and Linux. Native Client is designed to run on all three of those platforms. The software does not yet work with Microsoft's Internet Explorer, but runs on the Google Chrome, Firefox, Safari and Opera browsers.

Google's intention is to build the Native Client into the Chrome browser rather than offering it as a plug-in, which is the current delivery mechanism. The Chrome browser is part of the Chrome OS.

“We have a strong preference for delivering Native Client pre-installed or built into the browser, and we'll be focusing on that as our main strategy,” Chen said in his post last month.

Experts say Google's Chrome OS would have to offer something unique beyond a quick boot up to the same old Web experience users can get with any OS and browser.

“If they come out with a Linux OS with a Chrome browser that is great but I don’t know if that is enough of a differentiation,” said Al Gillen, an analyst with IDC. He speculated that Google might do something that makes browser-based applications appear to run natively on the desktop. The Native Client appears to fit that bill.

Google's Native Client is not revolutionary on its face. Flash, JavaScript, and ActiveX offer Web-based applications access to limited amounts of local processing power. JavaScript is often attacked by Google over poor performance. Active X runs on Windows and Internet Explorer and has had numerous security issues.

Adobe has a similar research project to Chrome OS called Alchemy, which would allow Web application developers to reuse existing open source C and C++ client or server-side code on the Flash platform and Adobe Air.

Native Client isn’t the only technology that appears to be part of Chrome OS. Google said it is working on a new “windowing system” that would allow users to switch between “applications” rather than browser tags. And the company is said to be working on slick UI features that redefine tasks such as file storage.

Also, it plans to support HTML 5, a specification that is being co-authored by Ian Hickson, one of Google's own engineers.

Follow John Fontana on Twitter: twitter.com/johnfontana

Trojans responsible for 75% of new malware

IDG News Service — Thu, 09 Jul 2009 06:27:50 -0700

Trojans make up nearly three quarters of all new malware detected between April and June this year, says Panda Security.

According to the security firm's PandaLabs division, Q2 of 2009 also saw a six percent drop in spyware, which now accounts for just seven percent of all new malware.

Adware, however, has risen, and in Q2 made up 16 percent of all malware detected. PandaLabs says the increase is due to fake antivirus applications - a type of adware that passes itself off as a legitimate security solution.

PandaLabs also said Trojans were responsible for 34 percent of infections identified by the security firm during Q2. Downloader.MDW was the Trojan that caused the most infections between April and June this year.

In terms of specific strains of malware, the number one ranked specimen between April and June 2009 was, a Trojan designed to download other malware on to computers.

The security firm also revealed that Twitter worms, that use a cross-site scripting technique to infect other users of the micro-blogging service when they visit an infected page, were on the up.

Take part in PC Advisor's Broadband Survey 2009

PC security advice

Resellers reveal Windows 7 Family Pack price

IDG News Service — Thu, 09 Jul 2009 04:18:47 -0700

Microsoft Corp. will price a multi-license "family pack" for Windows 7 at $149.99, according to at least one online retailer that has posted pricing details prematurely.

Fadfusion.com, a Missouri-based online seller of computers, electronics and office supplies, lists something called "W7 Family Pack - Home Prem Upg" on its site for $138.99, an $11 discount from the $149.99 it claims is the package's suggested retail price.

The software, which will purportedly let users upgrade as many as three PCs in a single household to Windows 7 Home Premium, is listed as "discontinued" by Fadfusion.

At $149.99, the Family Pack would save a buyer $210 over three separate Home Premium Upgrades.

Earlier today, ZDNet blogger Ed Bott reported finding two other resellers, Expercom and University IT Computer Sales listing Windows 7 Family Pack, at prices of $136.95 and $144.95, respectively. As of mid-day Wednesday, however, both sites had pulled their Family Pack listing.

Searches by Computerworld later Wednesday turned up the Fadfusion listing, which was still available as of 6 a.m. Eastern time today.

Price was one of the last missing pieces from the puzzle. Last Thursday, Bott and another blogger, Kristan Kenney, uncovered information about the Family Pack, including the three-license limits, in the end-user licensing agreement (EULA) of a recently leaked build of Windows 7.

Microsoft has declined to confirm or deny that it would offer a Family Pack for Windows 7. "We expect to have other great offers in the future as we lead up to and beyond general availability," a spokeswoman said via instant messaging two weeks ago. "[But] we have nothing to announce at this time."

In 2007, the company sold a two-license Family Pack for Vista Home Premium for $159. The catch: Customers had to have also purchased a full or upgrade edition of Vista Ultimate, the most-expensive version in the line.

At Fadfusion's suggested list price, a Windows 7 Family Pack comes to $50 per license, a 38% decrease from the $80 per license for the Vista bundle.

Bott also dug up prices for various versions of the Windows Anytime Upgrade, the in-place upgrade Microsoft will offer that lets users bump up from, say, Home Premium to Professional by purchasing an unlocking key. Several of those product listings were viewable late Wednesday. PC Mall, for example, has the Home Premium to Professional Anytime Upgrade priced at $99.99, while PC Nation lists it for $92.55. Computerworld found a third reseller, eCost.com, that showed the same Anytime Upgrade for $94.99.

If accurate, the prices show that Microsoft will not give users much of a discount to upgrade once they have Windows 7. At suggested list prices, there's an $80 difference between Home Premium Upgrade and Professional Upgrade, and $100 between the two "Full" editions.

Microsoft also prices the three-license Office Home and Student 2007 at $149.95.

Scoreloop expands social game community for iPhone and web

Venture Beat — Thu, 09 Jul 2009 03:00:05 -0700

Scoreloop is launching a community for gamers that combines a presence on the web with social games on the iPhone.

While others see lots of business in making games, Munich, Germany-based Scoreloop is trying to make money from game developers. The last time we wrote about them, I compared their strategy to selling shovels to miners during the Gold Rush.

The company is releasing a software developer kit for game developers to make their iPhone games stickier, through a combination of a web site and a social community on the iPhone. Once the game developers integrate Scoreloop’s software into their game, they can create a community for fans of the game. That community also becomes a subset of a larger Scoreloop community where game companies can cross-sell games to fans.

Mark Pincus, the chief executive of Zynga, pointed out in a recent interview that, as hundreds of new games appear every day, iPhone gamers can be a fickle bunch. And it’s hard to make games stand out on the iPhone, which has more than 13,000 games available.

Gamers are trying out a lot of games, but social features such as multiplayer play, scoreboards, and cross-selling could make the games last longer. Game developers can use Scoreloop to add features such as push notifications, which prompt someone when they should take a turn in a multiplayer game.

The Scoreloop Community includes a web site where gamers can make friends, create their own avatars, manage their games, and extend challenges for multiplayer games. It can find friends in Facebook and invite them into the Scoreloop Community, said Marc Gumpinger, chief executive of Scoreloop, in an interview. Players can also use the Scoreloop Community to discover new games.

Scoreloop is also launching an app on the Apple App Store that lets players engage in social games on the iPhone. They can use that app to get access to all sorts of games in the broader Scoreloop community.

The company competes with Aurora Feint, which is providing its own socialization features for game developers, as well as Ngmoco, which has its own social gaming features. Viximo also launched its own social gaming tool for iPhone developers. Another rival is Geocade, which makes it easy to set up global high score leaderboards.

Gumpinger says his company doesn’t compete with its partners, who may be leary of handing over customer data to rival game publishers.

Scoreloop’s system builds loyalty through “coins.” You win coins in game matches, by adding friends to your community or by downloading games. You can spend them on multiplayer games or other features. If you buy coins, Scoreloop gets a cut, as does the game developer.

Scoreloop can provide analytics information to the game developers. If many gamers drop out of a game at the same point, Scoreloop can tell the game developers that. Then the developers can fix the problem.

Scoreloop launched its platform earlier this year. The Scoreloop Community adds the dimension of the web to the platform.

Scoreloop’s partners’ games include 8bit Games, Flying, Aeio, Apollo XI, Bug Landing, GeoRain, inTENSity, Monster Mash, Orb, Sorty, Submarine, Tornado Alley, Zombie Pub Crawl and others. Developers are working on 50 more Scoreloop-enabled titles, Gumpinger said.

Scoreloop raised an undisclosed amount of money last fall from Target Partners. It has 16 employees.