Monday, August 13, 2007
Microsoft Updates Vista in Bid to Boost Speed, Reliability
One of the updates is pegged as a performance booster for the new operating system, while the other addresses reliability issues. They include a long list of nonsecurity bug fixes, including one to improve the speed of Vista’s wake-from-hibernation function and another that’s designed to more quickly calculate the time needed to copy or move large directories.
In addition, several fixes are intended to resolve compatibility glitches between the operating system and third-party video drivers.
A Microsoft spokeswoman said the updates will become available through Windows Update, the software vendor’s automated patching service, “at a later date.”
When the previews of the updates found their way onto the Internet, there was speculation that they were related to the upcoming Vista Service Pack 1 and that they might even be harbingers of SP1’s release.
That doesn’t appear to be the case, but Microsoft confirmed that it has released early code for both Vista SP1 and the long-delayed Windows XP Service Pack 3 to small, invitation-only groups of testers.
So far, Microsoft has committed only to providing a beta release of Vista SP1 sometime this year while consistently downplaying the service pack’s importance. However, many companies appear to be waiting for SP1 before deploying the new operating system.
Samir Bhavnani, an analyst at NPD Group Inc.’s Current Analysis West unit in San Diego, said that many of Microsoft’s large corporate customers likely won’t shift to Vista for years. But SP1 is an important step in the process of spurring users to upgrade, Bhavnani added. “SP1 will get a lot more businesses to adopt Vista than the version that exists today,” he predicted.
Windows XP SP3 already has a tortured history. Last October, Microsoft delayed SP3’s release until the first half of 2008 — which would be more than a year after Vista’s launch and about three and a half years after XP SP2 became available. And last week, the software vendor described even the 2008 release date for SP3 as “preliminary.”
-- Gregg Keizer, with Elizabeth Montalbano of the IDG News Service.
DirectX SDK bug means bad news for IE users
According to Krystian Kloskowski, who posted exploit code on the milw0rm.com site, the FlashPix ActiveX control included with DirectX Media 6.0 SDK contains a buffer overflow bug that can be exploited. More importantly, according to an advisory issued by US-CERT on Sunday, "because the FlashPix ActiveX control is marked 'Safe for Scripting,' Internet Explorer can be used as an attack vector for this vulnerability."
Internet Explorer 6 (IE 6) can be leveraged to exploit the flaw, noted Kloskowski, but he did not say if the newer IE 7 is also a workable attack vector. For its part, Microsoft acknowledged it is investigating Kloskowski's claim but it did not answer a query about whether IE 7 users are at risk. A company spokeswoman, however, said Microsoft would provide a patch if necessary and added: "We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact."
The likely attack scenario, said US-CERT, would be a malicious site that includes the exploit, and spam that tries to dupe users into clicking on a link to that site. Alternately, an HTML e-mail message -- with the exploit buried in the HTML -- could also be used. In that case, infection would occur as soon as the recipient viewed the message.
Danish bug tracker Secunia rated the vulnerability as "highly critical," its second-highest threat ranking in its five-step scoring system. US-CERT, meanwhile, recommended taking the somewhat-extreme steps of either disabling all ActiveX controls or setting what's called a "kill bit" using the registry to disarm only the FlashPix control. US-CERT's warning included the string to add to the Windows registry to set the FlashPix kill bit.
Although Microsoft has added additional security features to both IE 6 and IE 7 over the years to clamp down on threats posed by buggy ActiveX controls, they remain a problem. Late last month, for example, Yahoo Widgets, a platform that runs small, Web-based gadgets on a Windows machine's desktop, was tagged with a critical vulnerability in an associated ActiveX control.
-------------------------------------------------------------------------------------
I personally Use FireFox because IMO its safer to use, and faster. This helps me keep everything organized and it even has its own spell checker!
Saturday, August 11, 2007
Inactivity
Get Free Cash
It might sound like a get rich scheme, but it really isn't (unless you're super devoted into it). I've been a member of CashCrate for a long time (since August 2006, which makes it officially one year). And now, I've realized that I have made about $223. Ok, ok, i know it doesn't sound like much, but I haven't really been "dedicated" to this. Let me explain.
I started really small, maybe only $5 dollars a month. But slowly (and surely), I started to accumulate many referrals. This ever so slightly boosted my income by a few bucks. But now it has been a year, and I have 9 Active referrals, 53 First Level referrals, and 52 Second Level referrals. This is something I've never thought of accomplishing!
Only recently, I've make a lot of money (especially for a teen who doesn't work :D), which was a one time amount of $130. I was extremely happy and was ecstatic. This was probably the point I started raking in the referrals. All you have to do is show someone that it actually works! You try to persuade people into joining, but they're always skeptical. They're always thinking "what if this is a scam, what if this doesn't work for me?" Well, what they have to lose? All you're doing is completing small surveys and joining sites with your spam email accounts. Maybe the maximum time you're going to spend per offer is around 2 minutes. The offers average around $.40. Lets say you take 1 hour a day. Simple eh? So 60 / 2 = 30. So 30 offers a hour. 30 x .4 = 12 dollars. Not bad! So every day for one month.... 30 x 12 = 360 dollars. Wow, one hour a day for a month yields 360 dollars? Nice!
Lets apply the referrals part of the equation.
Hold up, don't stop there. Now you have 360 dollars, you can tell others, "hey, this thing works, and you should try it!". Now slide in your referral link (By the way, you make 20% of what they earn). So they do the same thing, one hour a day for a month, and they get around 360 a month. Guess what, in addition to your 360 dollars a month, you get an extra $72. So your monthly total would be $432. So more referrals, is equal to more money. Now, your referral will get another referral and lets say they also make the same $360 a month. You get 10% of that Second level/degree of referral. Monthly total would come out to be $468.
In conclusion.
Wow, not bad for investing a little of your time a day. Some people report of making thousands a month since they have over hundreds of first level "active" referrals. If they can do it, why can't you?
Sign up now!
http://www.cashcrate.com/310528
Do me a favor and click my link! <(^.^)> Thanks :D
Windows XP: The OS that won't die?
The new build, dubbed SP2c, includes no fixes or feature changes, but was created simply to address the shrinking pool of product keys. XP Pro SP2c, which has been released to manufacturing, will be made available to resellers and system builders next month, said Microsoft.
"Due to the longevity of Windows XP Professional, it has become necessary to produce more product keys for system builders in order to support the continued availability of Windows XP Professional through the scheduled system builder channel end-of-life date," wrote the Microsoft system builder team on its blog yesterday.
Previously, Microsoft has set Windows XP's EOL for retailers and resellers as Jan. 31, 2008, and for small-scale systems builders a year after that.
"SP2c will be released into the System Builder channel in September to provide system builders with a new, extended range of product keys," the system builder team said. The updated build applies only to Windows XP Professional; XP Home, for instance, is not affected.
The move shouldn't come as a surprise; even Microsoft has predicted continuing strong sales of Windows XP. Last month, the company's chief financial officer said that he tweaked the fiscal year 2008 forecast to account for XP's longevity. Rather than count on an 85/15 split in sales between Vista and XP, said Chris Liddell, Microsoft now expects a 78/22 split, an increase of nearly 50% in anticipated XP sales.
Other signs of the not-dead-yet operating system's vigor have included retreats by manufacturers like Dell Inc. from earlier Vista-only policies. In April, for example, Dell again began offering Windows XP as an option to consumers. It had already done the same thing for small business customers.
'Vista Capable' suit against Microsoft allowed to proceed
A judge in Washington state has denied Microsoft Corp.'s request to dismiss all claims in a suit alleging that the "Windows Vista Capable" stickers the company put on PCs violated consumer protection laws and were an example of deceptive business practices, allowing the case to move ahead toward a jury trial.
In the U.S. District Court for the Western District of Washington in Seattle, Judge Marsha J. Pechman dismissed one of four claims by plaintiff Dianne L. Kelley in a lawsuit against Microsoft over the stickers, which Microsoft -- in conjunction with PC makers -- affixed to PCs that were sold before Windows Vista itself was available to give consumers an idea about which machines could run the operating system.
The suit also calls into question the fairness of Microsoft's "Express Upgrade" coupon program that allowed users to upgrade to Vista from XP machines for little or no cost after buying a "Windows Vista Capable" computer.
According to court papers, Pechman is allowing two of the plaintiff's claims to move into the trial phase of the case. One alleges that Microsoft violated the Consumer Protection Act by engaging in unfair or deceptive business practices by affixing the labels to PCs without telling consumers that they might have to spend more money for a machine to run a premium edition of the operating system. Another alleges that Microsoft unjustly received payment for Windows XP licenses and upgrades from Vista Basic to Vista Premium because of their practices.
Pechman dismissed one claim, which called Microsoft's placement of "Windows Vista Capable" stickers on PCs that could not run all versions of Windows Vista a "breach of contract." Another claim -- that a "Windows Vista Capable" sticker represents a written warranty under federal law -- has been taken under advisement by the judge, which means she will decide later how to proceed on that claim, Microsoft said.
The case is scheduled to go to trial on Oct. 8.
Microsoft's hardware partners began shipping PCs with the "Windows Vista Capable" logo in April 2006 as a way for people to know that if they purchased a new Windows XP PC before the new operating system was available, their machines would be ready to run Vista. However, the designation was potentially confusing, because a PC with the label was guaranteed to run only the least expensive, most basic version of Vista, Windows Home Basic.
A month later, Microsoft launched a Web site to explain the hardware requirements for different versions of Vista, as well as a new PC designation called "Windows Vista Premium Ready," which the company used to label PCs that could run other editions -- such as Vista Home Premium and Vista Ultimate -- with more features than Vista Basic. Microsoft also provided coupons for people who purchased these PCs to upgrade to the appropriate version of Vista either for free or for little cost once the operating system was available.
Kelley filed her suit against Microsoft in March as a class-action case, but whether the suit applies to an entire class of people with similar complaints has not yet been determined.
Kelley, a resident of Camano Island, Wash., purchased a PC with a "Windows Vista Capable" sticker affixed to it last November. In her complaint, she said that Microsoft was "deceptive" in its failure to indicate that the PC lacked the "Premium Ready" designation. Kelley also claimed that the upgrade she received for her PC only allowed her to upgrade to Vista Home Basic, which offered "few ... advantages over the existing XP operating system." Therefore, consumers were duped into thinking they would receive coupons for a "dramatically new" operating system when they could not, according to her complaint.
Microsoft spokesman Guy Esnouf said the company is pleased that one of the claims in Kelley's complaint has been dismissed and looks forward to proving its case in court.
Reprinted with permission from
Saturday, July 7, 2007
Authors Pick Of The Week
Here is My pick of the week:
protonic.com : fast free technical support
Yeah just what it says, Free Online Technical Support (Not always fast, but most of the time it is). They will help you with any problem you may have. Firewalls, Hardware, Software or even just building a computer.
Just for fun i sent a question asking why i can't run 2 firewalls at once, obviously i know why, but here is the message i sent and the great response i got back:
View Ticket Details: Ticket ID: 189527 (Mike Chrxxxxxx) | |
The question you asked about Security: | |
Why do my firewalls conflict with each other. I want Mcafee and Zone alarm together but it wont let me do that? Why is this? Can i get around this problem? |
------------------------------------------------------------------------------------------------
Additional Information | |
General computer experience | Intermediate Level 3 |
Specific problem experience | Intermediate |
Machine Information - (ID 4893) | Computer Name: Mikes PC |
-------------------------------------------------------------------------------------------------
Response: | |
Date Answered: | 07-07 06:33am |
Answer: | Hello Mike, |
RAM Use Rises Thanks to Vista, Falling Prices
RAM Use Rises Thanks to Vista, Falling Prices
Microsoft's memory-hungry Vista operating system, along with falling DRAM prices, boosts semiconductor sales.
Patrick Thibodeau, Computerworld
Microsoft's memory-hungry Vista operating system -- along with falling DRAM prices -- is boosting semiconductor sales.
The Semiconductor Industry Association (SIA) reported this week that worldwide sales of semiconductors hit US>0.3 billion in May -- 2.4 percent higher than the
Microsoft's memory-hungry Vista operating system -- along with falling DRAM prices -- is boosting semiconductor sales.
The Semiconductor Industry Association (SIA) reported this week that worldwide sales of semiconductors hit US$20.3 billion in May -- 2.4 percent higher than the $19.8 billion sold in the same month a year ago.
The San Jose, Calif.-based based trade association, citing figures from one of its members, Micron Technology Inc., said the average amount of DRAM installed in PCs has increase from 772MB last year to 1,180MB this year.
In an interview, Kevin Kilback, a senior marketing manager at Boise, Idaho-based Micron, said DRAM price drops have allowed PC makers to increase the amount of memory without adding cost. Last week, Micron said that for the quarter ending May 31, DRAM prices had declined approximately 35 percent.
Windows Vista is also a factor in driving up memory usage, said Kilback. "Vista, unlike past operating system revisions, really takes advantage of more memory," he said.
The amount of DRAM going into PCs is expected to increase next year to about 1.5GB. "That's basically driven by Vista," said Kilback.
Although buyers can still find systems with 512MB of system memory, many PC vendors are recommending 2GB for use with the OS.
The semiconductor market is also being helped by NAND flash memory, which is used in devices such as flash drives. The SIA cited cell phone demands, in particular, as their multimedia capacity continues to increase demand.
"Despite severe price pressures on DRAMs and NAND flash, total sales of semiconductors for the first five months of 2007 increased by 3.1 percent from the same period of 2006," said George Scalise, SIA president, in a statement.
9.8 billion sold in the same month a year ago.
The San Jose, Calif.-based based trade association, citing figures from one of its members, Micron Technology Inc., said the average amount of DRAM installed in PCs has increase from 772MB last year to 1,180MB this year.
In an interview, Kevin Kilback, a senior marketing manager at Boise, Idaho-based Micron, said DRAM price drops have allowed PC makers to increase the amount of memory without adding cost. Last week, Micron said that for the quarter ending May 31, DRAM prices had declined approximately 35 percent.
Windows Vista is also a factor in driving up memory usage, said Kilback. "Vista, unlike past operating system revisions, really takes advantage of more memory," he said.
The amount of DRAM going into PCs is expected to increase next year to about 1.5GB. "That's basically driven by Vista," said Kilback.
Although buyers can still find systems with 512MB of system memory, many PC vendors are recommending 2GB for use with the OS.
The semiconductor market is also being helped by NAND flash memory, which is used in devices such as flash drives. The SIA cited cell phone demands, in particular, as their multimedia capacity continues to increase demand.
"Despite severe price pressures on DRAMs and NAND flash, total sales of semiconductors for the first five months of 2007 increased by 3.1 percent from the same period of 2006," said George Scalise, SIA president, in a statement.
For more enterprise computing news, visit Computerworld. Story copyright © 2007 Computerworld Inc. All rights reserved.
Legal Fight Over 'Vista Capable' PCs Gets Trial Date
Legal Fight Over 'Vista Capable' PCs Gets Trial Date
A lawsuit alleging that Microsoft Windows Vista Capable users were misled about the capabilities of the operating system will go to trial Oct. 28, 2008.
Patrick Thibodeau, Computerworld
Monday, July 02, 2007 3:00 PM PDT
A lawsuit alleging that Microsoft Windows Vista Capable users were misled about the capabilities of the operating system will go to trial Oct. 28, 2008, a federal judge in Seattle decided last week. That starting date will be close to the two-year anniversary of the release of the Windows Vista operating system.
On Friday, U.S. District Court Judge Marsha Pechman in Seattle released a schedule for a lawsuit by a Washington state resident disappointed in her PC, which was designated as being a Windows Vista Capable system. The Seattle-based law firm Gordon Tilden Thomas & Cordell LLP, which filed the suit on behalf of the plaintiff, is seeking class-action status for the case.
The judge released the schedule, even though she is still considering a motion from Microsoft to dismiss this case. A decision on the dismissal could come as early as next month and -- if the case is allowed to move forward -- a ruling on the class-action status could come in September, said one attorney connected to the case.
Prior to the release of Vista, Microsoft allowed PC sellers to certify some systems as "Windows Vista Capable" with just 512MB of RAM. The designation means that the system could run Vista Home Basic. Systems deemed Vista Premium Ready PCs have at least 1GB of RAM. And some vendors have recommended that users have at least 2GB of RAM for decent performance when using Vista.
In court papers, the lawyer representing Dianne Kelley, the Washington resident who brought the complaint, argued that the Windows Vista Capable designation "bore few, if any, of the features unique to the 'real Vista,' the premium edition. Microsoft "was able to increase the sales of its soon-to-be-replaced Windows XP operating system by certifying soon-to-be-obsolete computers as 'Vista Capable' when, in truth, such computers were incapable of running the 'real Vista.' "
Microsoft, in its response to the lawsuit, argues that Kelley wasn't harmed or misled. Kelley "does not allege that Microsoft's conduct deceived her into buying a PC that she would not have otherwise have purchased, or that she received anything other than what she expected to receive -- a low-end PC with the 'Windows Vista Capable' sticker, which was in fact 'capable' of running Windows Vista Home Basic."
For more enterprise computing news, visit Computerworld. Story copyright © 2007 Computerworld Inc. All rights reserved.
Tuesday, July 3, 2007
The New York Times: Video Catching Up to Photos When It Comes to Sharing
The New York Times: Video Catching Up to Photos When It Comes to Sharing
From The New York Times on the Web © The New York Times Company.
Reprinted with Permission.
By DAVID A. KELLY
Published: June 29, 2006
For Robert Levitan, the revelation came after a summer hiking trip on Mount Washington in New Hampshire with his twin brother. During the five-day trip in 2004, he used his digital Canon Elph camera to snap 80 pictures and 6 video clips. After the trip, his brother asked him to e-mail copies of the video.
"I said no, I'll have to make a DVD," Mr. Levitan said. "The file sizes are too big to easily send via e-mail."
That got him thinking: Why couldn't someone just send video from a desktop or laptop computer to other people's computers?
It is a question that an increasing number of digital camera users may ask as they start using the increasingly sophisticated video abilities of digital cameras.
Luckily, consumers have an alternative to burning DVD's or uploading personal video to sharing sites like www.youtube.com or www.metacafe.com. A range of new services and companies are making it easier than ever to share digital video from cameras or camcorders.
Sharing by E-Mail
Many popular video-sharing Web sites do not allow you to share full-quality video, because of bandwidth limitations. Instead, they provide a compressed resolution and reduced-quality version of your video, optimized for online viewing.
Pando, which Mr. Levitan helped found, takes a different approach. It transmits video files (or any files) from one computer to another using easily downloadable peer-to-peer software that manages the file transfers and communication between the computers (the peers) in the background.
The whole process is wrapped into a simple, e-mail-friendly format so users can send links and initiate video transfers as easily as attaching and sending a digital picture.
"On a personal level, I needed this product after that camping trip," said Mr. Levitan, who was earlier a founder of iVillage, a collection of Web sites bought by NBC Universal this year for $600 million. "Normally you'd attach pictures or videos to an e-mail, but e-mail wasn't designed to handle sending very large files."
Pando's process is simple. Users register at www.pando.com, and download and install a small software program (available in a test version for both Mac and PC). After that, users simply open up Pando, hit the "send new" button, and select the files or folders they want to send, along with a short description of the package.
An e-mail message is sent to the recipients, who, once she has installed the Pando software, can click on a small attachment and start downloading the files. A strength of Pando is the ability to send large files -- the service allows users to send up to a gigabyte at a time, which is enough for hours of video.
Pando does not compress or transcode video files, so there is no change in video quality. In addition, Pando can be used with any type of attachment -- video files, digital pictures, documents, PowerPoint files. Pando seems to have answered a need, reporting more than 600,000 downloads of its software in six months.
Becoming a Broadcaster
Alternatively, you can become your own broadcaster with Pixpo. Pixpo allows consumers to maintain their videos on their own computer and broadcast them to selected friends or relatives.
"We allow users to create broadcasting channels that can be made public or kept private," said Robert Cooper, Pixpo's director of business. "Public ones are visible to anyone via your broadcast home page, while private ones can be viewed only by people you've e-mailed a link to."
Pixpo, available in beta testing, turns your PC (and in the future, your Mac) into a broadcasting center able to stream video. The service is free and has no limitations on the number of video clips or users involved in sharing. Resolution is optimized for Internet transmission, at 240 by 320 pixels, a compromise between speed and quality.
The advantage for viewing is that Pixpo streams the video over the Internet instead of sending the actual video files, which would require the receiver to have the right video software (known as a codec).
But since the files you are sharing remain on your PC, you need to have an always-on connection and leave your PC and Pixpo software running to provide round-the-clock access to your video.
Setup is easy: go to www.pixpo.com, download the software (currently a svelte 4.5 megabytes) and then create your broadcast channel by selecting the files you want to share, giving your channel a name and telling friends about it.
Of course, if 100 people show up at the same time to view your video, your computer connection probably will not support the load. Pixpo can help by storing highly requested video from your system in a cache, so multiple copies can be served simultaneously.
Outsourcing It
If you do not want people viewing video directly from your computer, you might consider a fee-based video hosting service like HomeMovie or Snapfish.
"We're positioning our services as video sharing for grown-ups, not 'ego-casting,' where people upload a two- to three-minute clip of themselves lip-synching," said Lars Krumme, a co-founder of HomeMovie.
HomeMovie's latest service, Afiniti 3.0, allows consumers to send in tapes for digitizing, upload saved files for sharing or connect their digital camera or camcorder directly to their computer and transfer new video or pictures. The service can also be used to download the video to iPods.
Users can have up to five hours of video content in their online account free. Up to 10 hours is $3.99 a month with no time limit for the clips -- you can have one-minute clips or two-hour clips.
When you share video using HomeMovie (www.homemovie.com), the clips are uploaded from your computer to HomeMovie's servers. Invited friends and family members, who are given a password, can download the clips to their iPods, order DVD's or view the video online -- all free.
You can tag movies or scenes with keywords, so that you can search for "vacation" video or "birthday" scenes. HomeMovie also offers a service that will encode a two-hour tape into digital files for $5.
An advantage of HomeMovie is that it provides basic video editing abilities, including combining clips into a longer movie, or the ability to remove unwanted scenes -- particularly helpful when working with shorter clips from digital cameras.
However, there are no special transition tools, like dissolves or fades; the scenes simply cut from one to another. For other kinds of movie magic, you will need a video editing software package.
Mixing It Together
Of course, if you are recording video with a digital camera, you are probably also taking pictures, and may want to be able to upload both to one place for printing and sharing -- at least that is the bet that Snapfish is making with its new video-sharing service.
Snapfish (www.snapfish.com) offers a 30-day free trial of its video-sharing abilities. Afterward, it's $2.99 a month or $24.99 a year for unlimited video sharing. The service was introduced in January, and Snapfish says thousands have already used it, and it is trying to integrate video and photo sharing as much as possible. Snapfish albums can have still pictures and video mixed together.
Any "family friendly" video up to 10 minutes can be uploaded to the site. A crucial part of the service is converting (known as transcoding) the video file -- which can come in 13 different formats -- into MPEG2, which can be easily uploaded and shared.
Snapfish lets visitors actually save the file they are viewing by right-clicking their mouse, but Ben Nelson, Snapfish's general manager, said viewing, not keeping, was the point of the service.
Unlike a snapshot, "printing a video isn't that easy," he said, "so the ability to share videos is a really important feature."
Monday, July 2, 2007
How to get sound working on Virtual PC 2007 with Vista guest OS
Virtual PC 2007 added a new sound system specifically for using Vista as a guest and host OS. But when you install Vista as a guest OS, there is no sound! A search on Google and Live Search didn't turn up anything about how to use it.
Eventually I found that after you install the VM Additions, the sound driver is silently copied into the guest OS's "C:\Program Files\Virtual Machine Additions" folder. All you need to do to get sound working is "update" your audio controller driver within your Vista guest OS and tell it you Have Disk... and point it at that folder and voila! Beautiful sound. (without any restarts either).
Tuesday, June 26, 2007
Forget those hard to remember passwords?
It will remember your website passwords, forum passwords or any websites that require you to login. its will automatically detect when you are logging in with the username and password, once you do so and you have successfully logged in (Most of the time), it will remember it from there on.
You can download it here for a limited time: http://www.roboform.com/pcw (Thank you PcWorld)
or you can visit their website at: http://www.roboform.com/ and download the free one (Unlimited Time). (I don't know if there is a difference between the 2 download areas, i suggest you use the PcWorld Download While it lasts, or you can get it at their homepage.)
I use this to login to my blog, my forums, to my websites and anything else that requires a login. (So far i have not noticed any way for it to remember you logging into any program on your pc, only websites)
It is Vista, and Internet Explorer 7 supported.
It will also work in Firefox.
Analysts: Vista SP1 Delay Won't Hurt Businesses
Any delay shouldn't affect adoption of Windows Vista by enterprises, analysts say.
Elizabeth Montalbano, IDG News Service
Although Microsoft Corp. may not have the first service pack for Windows Vista ready at the end of this year as some expected, financial analysts say that a delay should not have a negative effect on enterprise adoption of the OS.
Many large enterprise customers have said they will wait for the first service pack for Vista to deploy the software across their companies. Some were expecting SP1 before the end of the year after Microsoft Senior Vice President Bob Muglia said in a published report last November it would be released with Windows Server code-named Longhorn, due by the end of 2007.
However, rumors swirled last week that the release of the pack would be pushed into 2008 after Microsoft said in a court filing dated June 19 it would have only a test version of Vista SP1 out before the end of the year. According to the document, filed as part of the ongoing antitrust case with the U.S. Department of Justice, the software is to be released by then to answer a complaint by Google Inc. that claims the OS' built-in desktop search capability interferes with the use of Google's competing search technology.
The rumors caused investors to worry about enterprise adoption of Vista being pushed further out, and company stock declined 2.4 percent Friday, opening at US$30.03 and closing at $29.54.
UBS Investment Research analyst Heather Bellini tried to allay investor fears in a research note published Monday, saying that the end of the year release of a beta listed in the document "probably represents a 'drop-dead' date."
"The company most likely has accounted for the possibility of unforeseen delays in this timing," according to Bellini's note. "As such, we believe Vista SP1 could be available sometime before the end of the year barring any material delays."
Andrew Brust, chief, new technology, for consulting firm and Microsoft partner Twentysix New York, who is familiar with the company's plans, said he also believes Microsoft will have SP1 out the door before the end of 2007. He would not disclose specifics, but Brust said that what he's heard "contradicts the chatter."
"Microsoft is quite aware of the need to get an SP out there; I promise you that," he said in an e-mail interview Monday.
Through its public relations team, Microsoft said Monday that it has never committed to a release date for SP1, and confirmed the company will be releasing test builds of the software from now throughout the end of the year. Despite Muglia's comments last year, even a 2008 release for Vista SP1 should not be considered a delay because the company never announced a firm date for release, Microsoft said.
Enterprises are most likely waiting for the release of Windows Server Longhorn -- now known by its official name, Windows Server 2008 -- before deploying Vista, making SP1 less relevant to enterprise deployment than some think, according to a research note from Citigroup Global Markets.
Security Vendors Challenge Antivirus Tests
Makers of security software question the thoroughness and accuracy of evaluations.
Jeremy Kirk, IDG News Service
Antivirus software is frequently tested for performance, so picking a top product should be straightforward: Select the number-one vendor whose software kills off all of the evil things circulating on the Internet. You're good to go then, right? Not necessarily.
The increasing complexity of security software is causing vendors to gripe that current evaluations do not adequately test other technologies in the products designed to protect machines.
Relations between vendors and testing organizations are generally cordial but occasionally tense when a product fails a test. Representatives in both camps agree that the testing regimes need to be overhauled to give consumers a more accurate view of how different products compare.
"I don't think anyone believes the tests as they are run now ... are an accurate reflection of how one product relates to the other," said Mark Kennedy, an antivirus engineer with Symantec Corp.
Representatives of Symantec, F-Secure Corp. and Panda Software SA agreed last month at the International Antivirus Testing Workshop in Reykjavik, Iceland, to design a new testing plan that would better reflect the capabilities of competing products. They hope all security vendors will agree on a new test that can be applied industrywide, Kennedy said.
A preliminary plan should be drawn up by September, Kennedy said.
One of the most common tests involves running a set of malicious software samples through a product's antivirus engine. The antivirus engine contains indicators, called signatures, that enable it to identify harmful software.
But antivirus products have changed over the last couple years, and "now many products have other ways of detecting and blocking malware," said Toralv Dirron, security lead system engineer for McAfee Inc.
Signature-based detection is important, but an explosion in the number of unique malicious software programs created by hackers is threatening its effectiveness. As a result, vendors have added overlapping defenses to catch malware.
Vendors are employing behavioral detection technology, which may identify a malicious program if it undertakes a suspicious action on a machine. A user may unwittingly download a malicious software program that is not detected through signatures. But if the program starts sending spam, the activity can be identified and halted.
Also, a program can be halted if it tries to exploit a buffer overflow vulnerability, where an error in memory can allow a bad program to run. Host-based, intrusion-prevention systems, which can employ firewalls and packet inspection techniques, can also stop attacks.
The ways in which a computer can be infected also make comprehensive testing complex. For example, users may infect their computers by opening malicious e-mail attachments or visiting harmful Web sites designed to exploit known vulnerabilities in a Web browser.
The different modes of attack also involve different defenses, all of which would need to be tested to arrive at an accurate ranking, analysts said.
By contrast, signature-based tests can take as little as five minutes. "This is a very basic test," said Andreas Marx of AV-Test.org, who wrote his master's degree thesis on antivirus testing. "It's easy, and it's cheap."
Other concerns remain, over sample sets of malicious software, the age of the samples and the relative threat those samples pose on the Internet as they become older. Security vendors also think tests should check how well security applications remove bad programs, a process that can affect a computer's performance.
For vendors, a failed test can be embarrassing, since the testing companies often issue news releases highlighting the latest results.
Testing companies make money in various ways. AV-Test.org is often commissioned by technology magazines such as PC World (a magazine owned by IDG). Virus Bulletin licenses its logo to companies for use in promotional material and publishes a monthly online magazine.
Earlier this month, Virus Bulletin announced that its latest round of testing produced some "big-name failures," including products from Kaspersky Lab and Grisoft SRO.
The company's VB100 tests antivirus engines against malware samples collected by the Wildlist Organization International, a group of security researchers who collect and study malware. To pass the VB100, products must detect all samples.
Kaspersky briefly removed a signature for a worm out of its product for "optimization" purposes on the day of the test, wrote Roel Schouwenberg, senior research engineer for Kaspersky, in an e-mail. The signature has since been put back in, he said.
"Obviously, we would have rather passed than failed," Schouwenberg wrote. "Had the test been conducted a day earlier or a day later, we would have passed."
Similarly, F-Secure initially failed its test also because of a technicality, but the failed rating was later reversed. All vendors are told after testing which samples they failed to detect, thus most end up adding signatures to their products.
So what should a user do? John Hawes, a technical consultant for Virus Bulletin, cautioned that the signature-based tests are "not enormously representative of the way things are in the real world."
But Hawes also noted that signature-based tests can indicate the reliability and consistency of a vendor's software. Virus Bulletin also writes reviews of AV suites, which take into account aspects such as usability, which may be just as important as detection for consumers. The company is developing more advanced tests that will test new security technologies.
AV-Test.org is already performing more comprehensive tests, although it uses between 30 to 50 malware samples, a much smaller sample set compared to the Wildlist, which uses more than 600,000 samples, Marx said. Those tests may give a better indication of how a security software suite performs.
At a bare minimum, through, users should install some security software, as computers without it can face high risks, Marx said. Several free suites are available that may be fine for light Internet use, he said.
Ironically, Marx doesn't use any antivirus software. That's because AV-Test.org collects malware for its testing, most of which comes through e-mail from other researchers. "I'm getting about 1,000 viruses a day," he said. "It [antivirus software] would be counterproductive."
Monday, June 25, 2007
Firewall Program results
http://www.firewallleaktester.com/tests.php
(Scroll to the bottom and hit view results)
Zone alarm is the third best in firewall leak testing (Scroll down the page and look at the bars). Now as you probably noticed, these tests weren't done on vista. Although there isn't much of a difference between Vista and XP when we are talking about firewalls. So if I were you, and you are running Vista, I suggest that you keep Windows Vista's firewall on, along with what ever else you choose to use.
Vista Built in Firewall Results
(0,5 pts) : This icon means that the firewall is using a generic 'block' which is intercepting the leaktest at an earlier step, whereas there is no network access yet. While on one hand it can appear to be safer, on the other hand the technical alert given requires more knowledge from the user to do the right choice, which is less reliable than a sucessfull pass where the alert is about a network access. Moreover, these kind of protection will alert the user about many other legitimate activities which does not access the network.
(0 pts) : This icon means that the firewall is 'failing' the leaktest.
-------------------------------------------------------------------------------------------------
Impact on the leaktests
As you have read, the default 'out of the box' Vista security is very different than Windows XP, and brings some improvements. Below we will see per leaktests the impact on them, if any. The test will simply consist of running the leaktest, without any third party security software installed (no personal firewall, no HIPS), under an administrator account. All tests are done under Windows Vista Ultimate 64bits, with DEP enabled. DEP is not new to Vista, it already exists into Windows XP Service Pack 2 (SP2), Windows XP Tablet PC Edition 2005, and Windows Server 2003.
The tests requiring Internet Explorer are done with IE 32bits, as it is the version that all Vista editions have by default, even on Vista x64. The built-in firewall is left to default settings, blocking only inbound.
Leak test : Vista did not block the leaktest picture
Tooleaky : Vista did not block the leaktest picture
FireHole : Vista did block the leaktest picture
Yalta : Vista did not block the leaktest picture
Outbound : did not run (missing dll)
PCAudit : was hanging
AWFT : is crashing
Thermite : injection and outbound successful, but failed to create the file 'securityfocus.htm' picture
Copycat : injection and outbound successful, but failed to create the file 'exploited.txt'
MBtest : did not run (missing dll)
Wallbreaker : Vista did not block the leaktest picture
PCAudit2 : Vista did not block the leaktest picture
Ghost : Vista did not block the leaktest picture
DNStester : Vista did not block the leaktest picture
Surfer : Vista did block the leaktest picture
Breakout : did not run/was hanging
Jumper : Vista did block the leaktest picture
CPIL : Vista did block the leaktest picture
CPIL suite : Vista did block the leaktest
PCFlank : Vista did not block the leaktest picture
Coat : Vista did not block the leaktest picture
Runner : Vista did block the leaktest picture
OSfwbypass : Vista did block the leaktest picture
ZAbypass : Vista did not block the leaktest picture
Result : 9 leaktests are blocked on Vista, 3 weren't tested due to not being compatible or because WinpCap not being installed (WinPcap 4.0 or newer is required on Vista x64), and 12 leaktests are still working despite new Vista's security features. That means that 37,5% of the leaktests are blocked either from running properly, or from making a successfull outbound leak.
If you look differently the same numbers, we can say also that 50% of the leaktests (12) only are sucessfull on Vista, so that half are blocked (12 on 24). Pick the statistic you prefer.
-------------------------------------------------------------------------------------------------
So i (HotShot) suggest you get a second firewall, I personally use Zone Alarm Free with my Windows Vista Home Premium. Works like a charm and amazingly doesn't seem to lag me. Although make sure you go into the settings and allow all the programs you commonly use like Firefox or IE etc... Zone Alarm Comes out to be the 3rd best in Leak Testing. I will post that later on, but for now, this is what vista users need to know when they are looking for firewalls.
Sunday, June 24, 2007
Vista DRM Precludes Virtualization?
DRM restrictions may have caused Microsoft's Vista virtualization flip-flop.
Eric Lai, Computerworld
Sunday, June 24, 2007 9:00 AM PDT
Conspiracy theorists may link Microsoft Corp.'s abrupt decision late Tuesday not to remove restrictions on consumers virtualizing its Vista operating system to a Department of Justice agreement announced the same day or to a desire to jerk Intel Mac users around.
But the actual reason may be found in three little letters: DRM.
Vista's new digital rights management features enable movies or music files to be password-protected or made accessible only to authorized users for opening, viewing or changing.
Whether most users would call DRM a feature, however, is questionable. A close cousin to DRM technology, known as Windows Rights Management Services (which in turn is part of a larger category of technologies called Enterprise Digital Rights Management, or ERM), can help business users password-protect key documents and files, or assign the ability to open them only to trusted co-workers. But DRM's main purpose seems to be to help the Warner Bros. and Sony Musics of the world keep consumers from sharing movies and music. The entertainment industry claims that almost all blocked sharing is illegal; digital rights watchdogs argue that legitimate consumer uses are also blocked by such technology.
DRM is capable of blocking both overt piracy -- distributing movies via BitTorrent and other peer-to-peer networks -- as well as other common scenarios that most consumers do not consider piracy, such as moving legally acquired music files from their desktop PCs to their notebook computers.
"It's like when you batten down the hatches on a ship in a storm," said Aram Sinnreich, an analyst at Radar Research in Los Angeles. "Vista wants to batten down every software or multimedia bit so that they don't go somewhere the creator doesn't want it to go."
Versions out of control?
The problem is that virtualization, by accident, appears to break most of Vista's DRM and antipiracy schemes.
Virtualization software -- think VMware Inc.'s VMplayer, Microsoft's Virtual PC or Parallels Inc.'s Parallels Desktop -- allow computer users to boot one operating system but run a second one as a "guest" at the same time.
That can allow a user who has booted Windows Vista to load XP-only applications in a guest XP operating system, also known as a virtual machine (VM). Or it can let a user with an Intel Mac boot up the OS X operating system but also run Windows Vista or XP applications at the same time.
Microsoft's original plan was to announce on Tuesday changes to the contracts, known as End User Licensing Agreements (EULA), for its Vista Home Basic and Home Premium editions. Those changes would permit buyers who use those editions to create VMs. The change was purely to the EULA; there is no technical limitation preventing knowledgeable users from virtualizing retail versions of Home Basic or Home Premium.
Microsoft only allows full retail versions of Vista Business or Vista Ultimate (as well as Vista Enterprise for big corporations) to run as virtual guests of a host PC. Vista Business and Ultimate cost $299 and $399, respectively. The simple change in Microsoft's license for the two cheaper editions -- Home Basic Edition and Home Premium Edition cost $199 and $239, respectively -- would have saved customers at least $60 and up to $200.
In addition, Microsoft planned to permit the use of DRM, IRM (Information Rights Management) and Vista's storage encryption technology, BitLocker, in a VM for any version of Vista.
Besides boosting flagging perceptions of Microsoft's overall virtualization strategy, the move would have made Vista virtualization much more attractive to a key and growing segment -- Intel Mac owners who want to run Windows software.
But at the last moment, Microsoft did a 360. Its explanation was terse: "Microsoft has reassessed the Windows virtualization policy and decided that we will maintain the original policy announced last Fall," said a spokesman in an e-mailed statement.
A perfect picture (of cross-purposes)
When a user creates a VM, the virtualization software takes a snapshot of the PC's hardware and then creates an exact copy of how that works in memory, according to DeGroot.
This ability to perfectly simulate the way the original PC ran (albeit more slowly than the original) is why VMs are such a useful tool. But a VM, once created, can be copied hundreds or thousands of times and ported over to radically different PCs without triggering the antipiracy and DRM schemes of most software or multimedia files, including Vista's. Those schemes raise red flags only if they realize they've been moved to another computer, DeGroot said.
Analysts say what probably happened behind the scenes is that Microsoft or one of its media partners decided at the last moment that encouraging consumers to use virtualization would, at least symbolically, be at odds with its attempts to enforce DRM.
"Microsoft doesn't want the music labels, TV networks and movie studios to come back to them and say that you are enabling this ability to move content around," said Mike McGuire, an analyst at Gartner Inc.
Microsoft has more at stake than other high-tech firms, McGuire said, what with its partnerships with NBC, its Xbox gaming platform, its Media Center PCs and even its Zune music player.
"It's a very fine line that Redmond has to walk," McGuire said. "They have to answer to these companies if they want to have any hope of making the PC and their software the de facto usage model for multimedia."
The problem is that even if Microsoft -- and U.S. law -- insist it is still illegal to use virtualization to enable the sharing of software or movies or music, its antipiracy technology is powerless to stop it.
"It's absurd to expect that something demanded by a EULA is followed when technology and common practice permit otherwise," Sinnreich said. "Microsoft is banking on ongoing consumer naivete and goodwill. There will be a backlash against DRM in some not-so-distant future."
Would anyone have bothered?
Will encouraging consumer virtualization result in a major uptick in piracy? Not anytime soon, say analysts.
One of the main obstacles is the massive size of VMs. Because they include the operating system, the simulated hardware, as well as the software and/or multimedia files, VMs can easily run in the tens of gigabytes, making them hard to exchange over the Internet. But DeGroot says that problem can be partly overcome with .zip and compression tools -- some, ironically, even supplied by Microsoft itself.
"It's the kind of idea that is out there among the enthusiast community for file sharing and remixing, but it's not part of the standard arsenal for the average college student," Sinnreich said.
Gartner's McGuire agrees: "Unless virtualization is more convenient and reliable than P2P, then no one is going to go to the trouble."
Saturday, June 23, 2007
Authors Pick Of The Week
This Weeks Winning Pick is:
http://www.netvibes.com/
This is a rss/xml tracker or news page as i call it. It can keep track of your email, your local weather, your favorite news websites, this wonderful blog, PC news websites etc...
I picked it because its very simple to edit, and keeps me very organized. All you need to do is create a account, and you don't even need to activate it!
I just ask one thing, that i only suggest you do, add my blog,
http://windowscorp.blogspot.com/feeds/posts/default
Hope you like my pick of the week!
Enjoy,
- HotShot
Microsoft Sues More Hotmail Spammers
Microsoft files suit against a company and individuals accused of sending debt relief and porn spam to Hotmail accounts.
Robert McMillan, IDG News Service
Saturday, June 23, 2007 9:00 AM PDT
Microsoft Corp. has filed two lawsuits over the past weeks, looking to crack down on spam on its Windows Live Hotmail network.
The "John Doe" lawsuits were filed against unknown alleged spammers who had been sending large quantities of spam advertising debt relief and adult Web sites to Hotmail accounts.
Microsoft alleges that a company doing business under the name Consumer Solutions Network sent "misleading, deceptive, and unsolicited commercial e-mails advertising debt relief help to Windows Live Hotmail account holders."
The spam contained subject lines such as "Michelle, accounts over the limit," or "Robert, Payment not received," the suit alleges.
Consumer Solutions Network, which could not be reached for comment on this story, operates several Internet domains including myfinancialsolutions.org, consumersolution.org, and financialsolutionsonline.org, according to Microsoft.
Microsoft has also sued unnamed defendants for sending spam that promoted pornographic Web sites through Hotmail. Microsoft claims that these spammers not only flooded Hotmail accounts with unwanted messages, but also used Hotmail itself to send large volumes of spam. "Many of defendants' illegal e-mail messages were sent using... accounts obtained through false or fraudulent pretenses," Microsoft claims.
Companies like Microsoft, AOL LLC and Earthlink Inc. have launched a large number of these lawsuits in recent years, said Venkat Balasubramani, the principal of Balasubramani Law, and author of the Spam Notes blog. "They serve a deterrent purpose and they also can be a mechanism for investigation. You can issue subpoenas and dig around a little bit to find what's going on," he said.
Microsoft has filed such lawsuits on an almost-monthly basis over the past year, he added.
In April and May of this year it filed similar lawsuits against several alleged stock scammers.
These latest lawsuits were filed in King County Superior Court in Seattle. The Consumer Solutions Network lawsuit was filed on June 13. The suit relating to pornographic spam was filed on Tuesday of this week.
Friday, June 22, 2007
Microsoft Kills Longhorn Reloaded Project
Microsoft Corp. has forced developers to close down a project aimed at reviving the original Windows client code-named "Longhorn."
According to a blog posting on the site maintained by developers on the project -- called "Longhorn Reloaded" -- Microsoft sent a "cease and desist" letter to the project leaders asking them to shut it down shortly after the team posted the first release of the project online.
"It deeply saddens me that although Microsoft have known about this project for many months they only issued us with this notice a few days after we started to distribute" the first release, according to a post earlier this month on joejoe.org.Community. "I am just as sorry as you guys are about this, but we got [sic] to think about the community as a whole first."
Longhorn Reloaded Milestone 1 was released May 19 on the project's Web site, but the post informing users the project has shut down said download links and any threads about the project will no longer be active.
Through its public relations firm, Microsoft said that though the company "actively encourages and supports independent developers to take advantage of the features available in our platform to create their own applications and services," the Longhorn Reloaded project violated Windows end-user licensing.
Windows enthusiasts decided to pick up where Microsoft left off with Longhorn's development in October 2006. Microsoft had originally called the client release that became Windows Vista "Longhorn," but switched development plans and names mid project, though the company continued to use the Longhorn name for the next Windows Server release. That release has since been renamed officially to Windows Server 2008.
The Longhorn Reloaded began the project with a build called Windows 6.0.4074, which Microsoft released at its Windows Hardware Engineering Conference in 2004. Microsoft never said it actually abandoned the Longhorn client, and many predicted that when the Longhorn Reloaded project began it likely would run afoul of Microsoft's legal department.
How MySpace Is Hurting Your Network
Carolyn Duffy Marsan, Network World
Increasingly popular social-networking sites such as MySpace, YouTube and Facebook are accounting for such huge volumes of DNS queries and bandwidth consumption that carriers, universities and corporations are scrambling to keep pace.
The trend is prompting some network operators to upgrade their DNS systems, while others are blocking the sites altogether. Moreover, the "MySpace Effect" is expected to hit many more nets soon, as these network-intensive interactive features migrate from specialty sites to mainstream e-commerce operations and intranets.
"Social media is not just going to be in pure-play sites like MySpace and Facebook. It's going to become increasingly prevalent across retailers, media and entertainment," says Mike Afergan, CTO of Akamai, a content delivery network company that supports MySpace, Facebook and Friendster. "It drives a lot more requests and a lot more bit-traffic across these networks."
The demanding nature of social-networking sites was highlighted in May when the Department of Defense announced it was blocking worldwide access to 13 Web sites, including MySpace and YouTube.
"The Commander of DoD's Joint Task Force, Global Network Operations has noted a significant increase in use of DoD network resources tied up by individuals visiting certain recreational Internet sites," Army General B.B. Bell said in a memo. "This recreational traffic impacts our official DoD network and bandwidth availability, while posing a significant operational security challenge."
The Defense Department began blocking access to these sites on May 14 on its unclassified IP network, which is called NIPRNET for Non-secure Internet Protocol Routed Network.
The military isn't the only organization to notice how taxing these sites are on network resources.
"One of the things we're hearing more and more from carriers is that social-networking sites like MySpace and YouTube are contributing to an exponential increase in DNS traffic," says Tom Tovar, president and COO of Nominum, which sells high-end DNS software to carriers and enterprises.
Social-networking sites create large volumes of DNS traffic because they pull content from all over the Internet. Most of these sites use content-delivery networks to extend the geographical reach of their content so users can access it closer to home.
"A single MySpace page can have anywhere from 200 to 300 DNS lookups, while a normal news site with ads might have 10 to 15 DNS lookups," Tovar says. "It's an exponential increase."
Virgin Media, a cable service provider with 10 million subscribers (including 3.5 million broadband users) in the United Kingdom, has found that the amount of DNS traffic generated by social-networking sites has grown dramatically in the past 10 months. YouTube and Facebook traffic has doubled in that time frame but still represents a fraction of Virgin Media's overall DNS traffic. YouTube grew from 0.5 percent to 0.75 percent of the carrier's DNS traffic, while Facebook grew from 0.5 percent to 1 percent.
In contrast, MySpace now represents 10 percent of Virgin Media's DNS traffic, up from 7.2 percent last fall.
The social-networking sites "are generating much more DNS queries per user than other sites," says Keith Oborn, network systems product architect with Virgin Media. "Because of the way MySpace pages are structured, a single page can generate hundreds of DNS queries."
Oborn says the fact that many of these social-networking sites, including MySpace and YouTube, are served by content-delivery networks adds to the DNS traffic.
"They're making use of an awful lot of short TTLs [time to live values]," Oborn says. "That increases the load on the DNS servers. The same thing would happen for an enterprise customer as you see happening on a service provider network."
Oborn says it's rare for one Web site to account for 10 percent of DNS traffic.
"MySpace is the one that everybody knows about," he says. "It's the thing we need to keep a careful eye on in DNS land."
Virgin Media is addressing this phenomenon by upgrading its DNS infrastructure to the latest version of Nominum's software, which uses a technique called Anycast to provide load balancing for improved redundancy. Virgin Media will complete the upgrade this summer.
With the new configuration, Virgin Media says it "could do 2.5 million DNS queries per second, but all we need is 50,000 or 60,000," Obort says. "We have a lot of overcapacity in DNS, which is both cheap and good to have. ... It cost us a few hundred thousand pounds at most."
Virgin Media is anticipating continued growth in its DNS traffic, driven in part by social-networking sites. "Overall our DNS traffic is growing twice as fast as the number of users," Oborn says.
At the University of Kansas, social-networking sites, including MySpace, Facebook and YouTube, are among the 10 most popular destinations for a user population that averages 20,000 per day, including faculty, staff and students.
These sites "generate a lot of DNS requests since each item on the Web pages is spread over dozens and dozens of servers," says Travis Berkley, supervisor of LAN support services at the university.
The school hasn't needed to upgrade its DNS infrastructure yet to handle the extra traffic that social-networking sites generate. It runs BIND Version 9 software for its DNS servers.
"We have two servers that are the primary for campus, and they seem to keep up just fine," Berkley says, adding that "some departments have set up their own workgroup DNS servers."
One advantage for the the university is that it already limits how much Internet bandwidth students can consume from their dorm rooms. So even though the university doesn't limit access to social-networking sites, it can ensure that usage of these sites is limited to a fixed proportion of its Internet bandwidth.
"We did that independent of these sites or even peer-to-peer," Berkley added.
MySpace seems to be the biggest contributor of the social-networking sites in terms of fostering DNS queries. MySpace declined to comment for this article.
"MySpace is really a pain in the butt," says Cricket Liu, vice president of architecture at InfoBlox, which sells DNS appliances to carriers and corporations. "It generates an enormous number of DNS queries because of the way it refers to content. The domain names they are using all seem to be part of their own content-delivery network."
Liu says any organization running a recursive name server will feel the pinch from MySpace's DNS-heavy design. That includes carriers, universities and corporations.
"The recursive name server is ultimately responsible for getting the answer on behalf of the resolver on the laptop or desktop machine," Liu explains. "So it's the one that has to go out and navigate the Internet's name space, find the authoritative name server for MySpace.com and get the data back. Then it has to keep going back to the MySpace.com name servers to resolve the different domain names on a page. ... It might have to hit those MySpace.com name servers 45 times or more for a particular page."
MySpace's own DNS servers are less affected by this situation than those run by carriers or enterprises.
"The amount of horsepower it takes to handle a recursive query is more than it takes to handle an authoritative query," Liu explains. "MySpace has to run name servers that are authoritative for MySpace.com. ... The same piece of hardware can do an order of magnitude more responses when it's authoritative for MySpace.com than it can do acting as a recursive server. That's because it doesn't have to track the ongoing progress of the name resolution process; it just has to answer it."
The impact of sites like MySpace is also minor on the root servers and top-level domains. For example, VeriSign estimates that social-networking sites account for less than 1 percent of the DNS queries at the .com and .net level. VeriSign handles 32 billion DNS queries a day.
Experts agree that carriers and enterprises are the ones that will need to watch their DNS traffic trends in light of the "MySpace Effect."
"The rise of social-networking sites is just one of a number of factors that are causing the increase in DNS queries," Liu says. "Another would be antispam mechanisms and just the increasing penetration of broadband."
And it's not just DNS queries that social-networking sites like MySpace drive, but also large volumes of traffic.
"Social-media sites are driving a fantastic amount of usage," Akamai's Afergan says. "These sites are motivating their users to be interacting with their sites in a very engaging way, which is driving a large experience time."
Afergan says social-networking sites affect network utilization in two ways: the profile-based sites like MySpace generate a lot of requests per user for small files, while the video-based sites like YouTube demand a lot of bandwidth for large video files to be transmitted across the network.
"Most of our networking partners are seeing these sites drive an incredible amount of traffic, both in the number of requests and the bytes involved in those requests," says Afergan.
The heavy network demand of these Web sites is one reason that seven of the top 10 social-networking sites use Akamai's content-delivery service to offload traffic. It's also a reason that many carriers allow Akamai to put edge servers inside their networks to serve up rich content locally.
"Part of what we do for carriers is minimize the traffic on their networks," Afergan says, adding that Akamai's servers also reduce DNS traffic.
The impact of social-networking sites is primarily on carrier and university networks today, but it is likely to affect more corporations as they add social-networking features to their e-commerce and intranet sites.
IBM, for example, runs its own social network called BluePages, which allows employees to provide information about themselves to other employees.
Meanwhile, Coca-Cola this month is set to launch a mobile phone-based social-networking community for Sprite drinkers called Sprite Yard.
"Imagine when there are thousands of these sites," says Ken Silva, CSO of VeriSign. "Then they will be a more significant share of overall DNS queries."
Silva worries more about the impact on DNS from the migration of telephony and television services to the Internet than he does about social-networking sites.
"If one big telephony provider migrates to the Internet, they could bring millions of users and generate big chunks of bursty growth," he says.
VeriSign is in the midst of a three-year, US$100 million upgrade to its DNS infrastructure, which supports the .com and .net registries and two root servers. The upgrade will increase the company's DNS capacity tenfold.
"Planning for these things like social-networking sites and large infrastructure moving to IP is what this upgrade is all about," Silva adds.
For more information about enterprise networking, go to NetworkWorld. Story copyright 2007 Network World Inc. All rights reserved.
Microsoft Better at Patching XP Than Vista
A Microsoft Corp. security executive released data Thursday showing that, six months after shipping Windows Vista, his company has left more publicly disclosed Vista bugs unpatched than it did with Windows XP.
In total, Microsoft has patched 12 out of 27 disclosed Vista vulnerabilities in the six months after it first shipped last November. During XP's first six months, Microsoft's security team patched 36 out of 39 known bugs.
The data was published by Jeff Jones, a Microsoft security strategy director, who said that overall, Vista was doing better than XP. "Windows Vista continues to show a trend of fewer total and fewer high-severity vulnerabilities at the six month mark compared to its predecessor product, Windows XP," he wrote.
Jones didn't address the larger number of unpatched vulnerabilities, but he did note most of the unpatched Vista bugs were not critical. Microsoft had left only one high-severity Vista vulnerability unpatched during the period. At the end of XP's first six months, there were two high-severity bugs that were unpatched.
Microsoft patched 23 high-severity XP bugs during its first six months, compared with only one high-severity Vista flaw.
Jones argued that Vista had a lower number of vulnerabilities than competitive operating system products such as Red Hat Enterprise Linux and Mac OS X.
He published the data in an effort to show how Microsoft's software development methodology, called the Security Development Lifecycle (SDL) is yielding dividends. But his method of comparing Windows to Linux and Mac OS X is problematic, according to some.
"This is an apples-to-oranges comparison," said HD Moore, one of the hackers behind the popular Metasploit penetration testing toolkit. "If you want a more accurate view, try comparing the number of flaws between Microsoft-developed software and vendor-X-developed software. Most Linux vendors don't actually write the majority of the packages they include," he said via e-mail.
"Alternatively, force Microsoft to include all vulnerabilities in common third-party software," he added. "For example, the thousands of exploitable ActiveX controls that... vendors include with a Windows system."
According to Randy Abrams, director of technical education with antivirus vendor Eset LLC, it will be more interesting to look at vulnerability statistics once Vista becomes more popular than XP, and the target of more hackers.
But Microsoft has stepped up its security practices, he added. "I think their Security Development Lifecycle initiative has improved the quality of the code," he said.