Monday, February 4, 2008

IPv6 internet overhaul begins

The internet's master address books are being updated to include records in IP version 6 (IPv6), a new format which forms part of a major overhaul of the net's core address system.
PCs translate the words we type in internet addresses into a string of numbers from the net's master address books to help us navigate our way around the web. The majority of these numerical codes are written in IPv4 but under this version the pool of unallocated addresses looks set to run out by 2011. However, by introducing addresses written in IPv6, an effectively inexhaustible pool of addresses becomes available. The new addresses will be introduced to the root servers for the net today.

According to Paul Twomey, president of ICANN, which oversees the addressing system, the total of unallocated addresses is rapidly running out putting pressure on people to convert to IPv6.

"Just 14 percent of the unallocated addresses out of the whole pool for version 4 remain," he said.

Jay Daley, technology director at Nominet, which oversees .uk domains, said that for a long while, consumers will only see minimal effects.

"Eventually home routers may have to be upgraded or swapped so they can use the longer addresses," he added.

Overseas Democrats going to polls electronically

On Super Tuesday, voters in Beijing will cast ballots for the U.S. Democratic Party presidential candidate of their choice.
Members of Democrats Abroad in China will be eligible, along with fellow party members in other countries outside the U.S., to participate in the first-ever Democratic Global Presidential Primary, a party initiative to increase voting options for Democrats living overseas, including e-voting.

"Americans living abroad are a constituency of their own, and we should have a voice of our own. We have different issues, and different takes on issues. That at least one party has recognized that it is its own constituency is a step forward," said David Wolf, a native Californian who runs a technology consulting firm in the Chinese capital.

"The Democratic race is pretty darn exciting right now, so I guess everyone is just anxious to participate. We're also getting a lot of new members. A lot of people are signing up. And the online voting is new," said Claire Taylor, vice chair of Democrats Abroad in the Netherlands. Taylor estimated that the group's local membership increased 30 percent, thanks to the Global Presidential Primary.

In the U.S., Feb. 5 will see primaries in 17 states, six caucuses and a state convention on what's known as "Super Tuesday" due to the large number of states participating and the number of delegates at stake. The Global Presidential Primary allows overseas voters to vote from Feb. 5 to Feb. 12.

At stake are 14 delegates, who will join eight "super-delegates" chosen at Democrats Abroad regional caucuses later in the year, all of whom will then participate in the Democratic National Convention in Denver in August. That makes the overseas constituency similar in size to the number of Democratic delegates in Nevada, which has 25.

Behind the electronic voting option is Everyone Counts in San Diego. Founded in Melbourne, Australia, it is "a software company with a mission to make democracy more transparent," according to CEO Lori Steele. Its two largest elections to date were a 4 million voter mock election in the U.S., and a local authority election in the U.K. with 160,000 voters. Steele expects "tens of thousands" to participate in Tuesday's Global Presidential Primary.

In order to facilitate outside auditing and transparency, Everyone Counts' software is open source. The main components of the software are security, to guarantee encryption during the voting process; verification, to ensure that only the authorized voter is casting the ballot and then is not permitted to vote again using another method, and also to verify the total votes cast and the results; and accounting, to allow counting, auditing and certification of results by the appropriate election board. For the Global Presidential Primary, voting will be supported on about 20 different browsers, Steele said.

"When voters register with Democrats Abroad, they provide various personal details that would be used to help authenticate them. On Super Tuesday, just before polls open, Everyone Counts will issue each voter registered with Democrats Abroad with a ballot number and PIN. The voter is required to provide this ballot number and PIN, combined with select personal data that they used to register, to access their ballot in the live election. The system will only allow a ballot number to be used once, so if a voter has voted but tries to access a ballot again, the system locks them out," Steele said.

To participate, Democrats living outside the U.S. must first become members of Democrats Abroad, then register to vote in the Global Presidential Primary. Including a final verification step, the whole process took him a little more than 15 minutes, Wolf said. Along with e-voting, registered Democrats overseas can vote by fax, post or in person at voting centers in over 30 countries.

Members of Republicans Abroad are not being offered the same opportunity by their party, although overseas Republicans may still vote in state primaries by conventional means. Democrats who live abroad may also continue to vote absentee by conventional means through their home districts. Voting in the Global Presidential Primary does not change a voter's registration status for the general presidential election in November.

In previous presidential election years, overseas American voters could participate in caucuses held in foreign countries, but those were limited and usually held only in major cities, making it difficult for those based elsewhere to take part. Also, because absentee balloting procedures vary not only by state but in many cases by county, voting by mail in primaries was often seen as more trouble than it was worth. Applicants must usually declare 60 to 90 days prior to the election that they will be unable to vote at a polling place, and then must return their absentee ballot no later than the election day -- not always easy in countries where postal systems are slow or unreliable.

While she lauded recent U.S. efforts, including the Global Presidential Primary, to make e-voting more readily available, Steele said it lags behind other nations. "The U.S. has really dragged its feet on accessible i-voting for overseas voters. Other countries like Estonia run an entirely online election for their voters," she said, for a registered base of about 1 million voters. Some states are already considering using e-voting systems like Everyone Counts' for the general election in November. "Using open source and having transparency in elections is what is going to propel this forward more quickly," she said.

For Wolf, who has lived in China for over a decade, being able to vote electronically changed his perspective on the election. "It has made it much more relevant. It gave me a deadline to make a decision, and for the first time in 12 years I feel re-engaged in the process."

(Grant Gross in Washington, D.C., contributed to this report.)

Consumer group slams RealPlayer as 'badware'

A consumer advocacy group is blasting RealNetworks for installing adware and other software without properly notifying its users.
In a report published Thursday, StopBadware.org faults the latest version of RealPlayer for secretly installing its Rhapsody Player Engine during the RealPlayer installation.

"RealPlayer 11 does not disclose that it installs Rhapsody Player Engine, and does not remove the software when RealPlayer is uninstalled," Stopbadware says in the report.

Rhapsody Player Engine is required to access RealNetwork's online music service. But because users are not told that they have installed the product it could become a liability, using up the computer's hard-drive space or processing power, or even creating a security risk for consumers if bugs are discovered in Rhapsody, said Maxim Weinstein, StopBadware's manager.

Both RealPlayer 11 and the older RealPlayer 10.5 software are both considered "badware," the report states.

Real Player 10.5 suffers from a different issue, however. Users who download the software without filling out the RealNetworks product registration page end up with a piece of software called Message Center, which then proceeds to deliver ads to the user's computer. "It's installing, essentially, a piece of adware without giving users information about that up front," Weinstein said.

RealNetworks spokesman Ryan Luckin said a check-box on the registration page is used to notify users that Message Center would be installed. Users who clicked through the registration page without filling out any information would have the software installed.

Although the issue was fixed in version 11 of the player, RealPlayer 10.5 is automatically downloaded via the Firefox browser's "Missing Plug-in" feature and is still widely used, Weinstein said.

Until RealNetworks is up-front with users about what software they're actually downloading, StopBadware recommends that consumers avoid its media player.

Luckin called the Rhapsody issue an oversight. "The fact that when you uninstall RealPlayer we don't go back and uninstall Rhapsody is an oversight and is something we should address in the future," he said.

A widely used alternative to Apple's QuickTime and Microsoft's Windows Media Player, RealPlayer has a history of making invasive changes to users' computers. The Message Center software has come under fire in the past, and in 1999 computer security consultant Richard Smith discovered that the software was quietly sending information to RealNetworks servers.

StopBadware's findings apply only to the Windows versions of RealPlayer's software, Weinstein said. RealPlayer also runs on other operating systems, including Mac OS X and Linux.

Supported with funding from Google, Lenovo and Sun Microsystems, StopBadware evaluates software and warns consumers of products that engage in deceptive behavior, such as tracking user behavior or installing programs without telling consumers.

Although RealPlayer 10.5's Message Center feature may be more noticeable and annoying, Weinstein said Real Networks should fix both problems as soon as possible. "It's hard to say that one is worse," he said. "They're really two sides of the same concept of just not telling users what's going on."

Microsoft finalizes Vista SP1 code for mid-March release

Microsoft has finalized the code for the first service pack for Windows Vista, but won't release the code via its update services to customers until mid-March, the company said Monday. Moreover, some devices may not work with the initial version of the software because of driver issues that continue to plague the OS.
According to a post on the Windows Vista blog by Mike Nash, corporate vice president of Windows product management, Microsoft will release Vista Service Pack 1 in English, French, Spanish, German and Japanese to Windows Update and to the download center on Microsoft's Web site beginning in mid-March. In mid-April, the software will be available in those languages to anyone who has chosen not to download it. Microsoft will follow with the remaining language releases of Vista SP1 in April.

In the post, Nash said Microsoft is holding off on immediately releasing the code for SP1 until hardware vendors have delivered PCs with Windows Vista SP1 installed to retail stores to give those vendors time to correct problems with some device drivers that beta testers discovered during the software's evaluation process.

When installing SP1, some device drivers did not correctly follow the automatic instructions, so devices associated with them did not work correctly, according to the post. Microsoft expects hardware vendors to correct these issues before releasing PCs with the service pack installed. The company will not let customers install SP1 via automatic update if their PCs won't install the drivers correctly. However, customers can go to Microsoft's download center to obtain the software if they want to.

In his post, Nash said that most Vista users will not be affected by the device driver issue, but Microsoft is being cautious about the release of SP1 to "improve the experience for all customers."

However, some comments about Nash's blog entry show that some Windows users are eager to get their hands on the software, so are none too thrilled with the delay in SP1's release to manufacturing and release to customers.

"So it's done ... but we won't be able to actually get it for another six weeks? That [is] incredibly frustrating," wrote one user called "freibooter."

Another Windows user called "Hurricane Andrew" said the release of SP1 to manufacturing was "great news," but also expressed displeasure at the delay.

"Just wish we could get our hands on it earlier, " he said. "Patience has never been one of my strong points."

There were hints that Microsoft was nearing the final code for SP1 in the last several weeks, as the company offered two refreshes for the first release candidate, a sign that the software was nearing completion. Many believe the SP1 milestone is the one that will bring about a new wave of adoption for Vista, especially among business customers that have been awaiting the service pack's release before updating employee desktops.

The combination of SP1 and Windows Server 2008 is expected to bode well for Vista adoption in the enterprise and medium-sized business sectors. Microsoft said Monday that it also has released Windows Server 2008 to manufacturing. That product and the release of Visual Studio 2008 and SQL Server 2008 will be featured in an official launch event in Los Angeles at the end of the month; however, while the new version of Visual Studio is available, SQL Server will not ship until the third quarter.

Oracle launches data integration suite

Oracle on Monday launched Oracle Data Integration Suite, which combines traditional data integration capabilities with an array of middleware and tooling for constructing a service oriented architecture.
Data Integration Suite costs US$60,000 per CPU (central processing unit) for a package that bundles Oracle Data Integrator and Oracle/Hyperion Data Relationship Manager with the company's BPEL Process Manager, enterprise service bus, application server, business-to-business engine and business rules engine, according to a statement.

"This is really Oracle attempting to go a long way toward providing a credible alternative to IBM Information Server," said James Kobielus, an analyst with Forrester Research. IBM released Information Server in October 2006; the product sits at the center of the company's Information on Demand Strategy.

In turn, Oracle's suite aligns its data-integration offerings with its Fusion Middleware line for SOA.

Additional options in the suite include a new pair of data quality tools, Oracle Data Quality for Data Integrator and Oracle Data Profiling, which the company developed with Harte-Hanks Trillium Software.

"Finally, Oracle now has best-of-breed data quality tools," Kobielus said.

Also, Oracle is optionally offering its Coherence Data Grid, technology acquired through Oracle's purchase of Tangosol last year, and a number of adapters, including ones for applications and unstructured content, as options.

The company did not provide pricing information for the optional items.

Overall, the suite reflects the further integration of two key Oracle acquisitions, Sunopsis and Hyperion, into the company's core Fusion Middleware lineup, according to Kobielus. "There's a lot of Sunopsis and Hyperion DNA in this," he said.

Oracle bought Sunopsis, maker of an ELT (extract, load transform) tool in October 2006. The company plunked down $3.3 billion in March 2007 for Hyperion, which had a master data management product among its offerings.

IBM, Oracle and SAP are now the main industry contenders in terms of a truly broad data-integration suite, according to Kobielus. Other large enterprise stack vendors, such as Red Hat or Sun, might be wise to make some acquisitions in this space, he added.

Marketing materials announcing the Oracle's release stress the suite's applicability to heterogenous environments, noting its support for a broad array of databases, including IBM DB2, MySQL, Microsoft SQL Server, Teradata and Oracle.

This is telling, right down to Oracle's positioning of its own database at the end of that list, Kobielus said.

"IBM is also strongly heterogeneous," he noted.

Presidential candidates stake out tech positions

Technology policy hasn't played a major role in this year's U.S. presidential campaign, but the major candidates have staked out positions on issues such as net neutrality and skilled-worker visas.
As in past presidential campaigns, candidates haven't viewed technology issues as ones that drive voters to the polls.

Instead, debate over the war in Iraq, the economy, illegal immigration and other issues will inspire voters in 24 states (plus American Samoa and Democrats living overseas) on Super Tuesday to choose which candidates they want to be nominees of the Democratic or Republican parties.

Some tech groups have long complained that many politicians don't get technology. In late January, the Washington, D.C., tech PR firm 463 Communications released a poll with two-thirds of respondents saying that presidential candidates should have at least as much knowledge about the Internet as they do. However, only 45 percent said the next president will know as much about the Internet as they do.

In December, Garrett M. Graff, an editor at large at Washingtonian magazine and the first blogger admitted to a White House briefing, wrote a column in The Washington Post, complaining about the lack of tech-savvy candidates. That prompted others to comment as well.

Members of the Senate Commerce, Science and Transportation Committee, the panel that debates many tech issues, often talk about their lack of tech experience, Adam Thierer, a senior follow with the tech-centric conservative think tank, the Progress and Freedom Foundation, wrote on the PFF's blog.

"Without missing a beat, they make jokes about not ever using the Internet or computers but that they have staffers or young family members who do and keep them informed," he wrote. "And yet, despite this stunning unfamiliarity with all things high-tech, they then move right on to pass reams of regulations governing the Internet and digital economy. Again, it's not funny anymore and we should stop allowing them to pretend it is."

That said, several presidential candidates have taken positions on tech-related issues this year. In alphabetical order, these are some of their views:

Senator Hillary Clinton

New York Democrat Clinton, like other candidates, hasn't made tech issues a central part of her campaign, but she has championed an "innovation agenda" as one of her top issues. That agenda includes several policies that many large tech companies have embraced.

Clinton wants to pump up the basic research budgets at the National Science Foundation, the Department of Energy's Office of Science, and the Department of Defense by 50 percent over 10 years.

She also would require that federal research agencies set aside at least 8 percent of their research budgets for discretionary funding of high-risk research, and she would increase funding for research on Internet- and IT-based tools, including supercomputing and simulation software.

"Under the Bush administration, agencies like the Defense Advance Research Projects Agency (DARPA) have reduced support for truly revolutionary research," Clinton's Web site says. "This is a problem because DARPA has played a major role in maintaining America's economic and military leadership. DARPA backed such projects as the Internet, stealth technology, and the Global Positioning System."

Clinton also wants tax incentives to encourage broadband providers to deploy services in underserved areas. She has called for federal support of state and local broadband programs, including municipal broadband projects. Clinton has also called for a research-and-development tax credit, extended temporarily multiple times since 1981, to be made permanent.

Clinton has said she would support net neutrality regulations for U.S. broadband providers.

Former Governor Mike Huckabee

Huckabee, an Arkansas Republican and ordained Baptist minister, has largely ignored tech issues during his campaign.

He has, however, called for an increase in immigrant visas for highly skilled and highly educated workers, a position shared by many large tech companies. Otherwise, Huckabee would largely shut down U.S. borders to immigrants.

Instead of technology, Huckabee has focused on social issues such as making abortion illegal and defining marriage as only between a man and a woman.

Huckabee also wants the U.S. to achieve independence from oil-producing nations.

Senator John McCain

The Arizona Republican is a long-time member of the Senate Commerce Committee. As such, he can argue that he has the most tech policy experience of any of the remaining major-party candidates.

In recent years, McCain has pushed for a nationwide voice and data network for public safety agencies. He was one of the Senate's leading voices in the effort to get U.S. television stations to give up part of their analog spectrum for use by police and fire departments. The rest of that spectrum is being sold in the Federal Communications Commission's auctions now under way.

McCain has been noncommittal about net neutrality laws. He's said he'd be concerned if Internet users' access is blocked, but he's also suggested broadband carriers need to recoup their investments.

McCain last year also called for an increase in government research and development spending, and he's said he'd draft "the best and the brightest" of American CEOs to work in his administration if he were elected, including Cisco Systems' John Chambers and Microsoft's Steve Ballmer.

He has also supported efforts to make an Internet tax moratorium permanent, recently calling the Internet "likely the most popular invention since the light bulb." In 2004, he urged the Federal Trade Commission to focus more of its efforts on fighting spam.

In 2005, McCain split from many other Republicans by authoring legislation that would prohibit states from outlawing municipal broadband projects. McCain said then he was concerned that the U.S. has fallen behind more than a dozen other countries on broadband adoption.

Senator Barack Obama

The Illinois Democrat in November released an extensive tech policy paper, earning him praise from several tech groups.

Obama gets technology, said Julius Genachowski, co-founder of Rock Creek Ventures and a long-time friend. "He will be a true 21st century president, using technology to improve the lives of all Americans," Genachowski said at a tech forum last week.

In the tech agenda, Obama called for net neutrality regulations for broadband carriers. "Users must be free to access content, to use applications, and to attach personal devices," he said in his tech policy.

Parents need better tools and information to control what their children see on the Internet and television, he said.

He called for greater privacy protections for all U.S. residents, including Internet users, and he said government and businesses should be held accountable for privacy violations. He wants an update of government surveillance laws that allow intelligence-gathering on U.S. citizens to be done "only under the rule of law."

Obama would also increase the Federal Trade Commission's enforcement budget and focus increased international cooperation to track down cybercriminals.

Obama also wants to make government data more available online. He would revamp a number of existing programs, and create some new ones, to help roll out broadband in the U.S. He called for a review of wireless spectrum use in the U.S. and said he would "confront the entrenched Washington interests that have kept our public airwaves from being maximized for the public's interest."

He has pledged to make the research-and-development tax credit permanent. He also called for patent reform, primarily by giving the U.S. Patent and Trademark Office more resources to improve patent quality.

Former Governor Mitt Romney

Romney, a Massachusetts Republican, hasn't made many tech issues a central part of his campaign, but he has focused on U.S. competitiveness, a popular issue for many IT companies.

Romney's competitiveness initiative would seek to improve U.S. schools and at the same time cut individual and corporate tax rates. He wants to improve worker retraining programs by consolidating and streamlining numerous federal programs.

He has taken positions on a couple of other tech-related issues as well. In interviews Romney has expressed support for a permanent Internet tax ban, and he's said he supports free trade, a position echoed by many large tech vendors.

Romney has also said he would support an increase in H-1B visas for high-skilled workers.

"I like the idea of the best and brightest in the world coming here," he told the TechCrunch blog in November. "I'd rather have them come here permanently rather than come and go, but I believe our visa program is designed to help us solve gaps in our employment pool. Where there are individuals who have skills that we do not have in abundance here, I'd like to bring them here and contribute to our economy."

Torvalds: Microsoft is bluffing on patents

Microsoft's aggressive defense of its intellectual property, which includes claims that Linux violates a number of its patents, is nothing more than "a marketing thing," according to Linus Torvalds, creator of the Linux kernel.
"They have been sued for patents by other people, but I don't think they've -- not that I've gone through any huge amount of law cases -- but I don't think they've generally used patents as a weapon," Torvalds said. "But they're perfectly happy to use anything at all as fear, uncertainty and doubt in the marketplace, and patents is just one thing where they say, 'Hey, isn't this convenient? We can use this as a PR force.'"

Torvalds made the comments during the second half of an interview conducted by the Linux Foundation Executive Director Jim Zemlin on Oct. 16. The foundation is expected to make the rest of the interview publicly available on its Web site Monday. The foundation released the initial portion of the interview in January.

"Another reason why I don't think Microsoft really seriously would go after patents is when you're a convicted monopolist in the marketplace you really should not be suing your competitors over patents," Torvalds continued. "I think that most Microsoft lawyers would say, 'You know, let's not do that; that sounds insane'."

Microsoft's recent work around improving its platform's interoperability with Linux left Torvalds largely unmoved.

"I think there are people inside Microsoft who really want to improve interoperability and I also think there are people inside Microsoft who would much rather just try to stab their competition in the back," he said. "I think the latter class of people have usually been the one[s] who won out in the end, but -- so I wouldn't exactly trust them."

Microsoft spokespeople on Friday declined to comment on Torvalds' remarks. The company has said it believes that Linux infringes on its intellectual property, although it has been criticized for not being more precise with its allegations.

Torvalds is instead focused on improving Linux, he said. "I work weekdays, I work weekends, I work 52 weeks a year. I don't want there to be any question of who's the best maintainer," he said. "And at the same time, I actually also do want to encourage competition. ... So, I actually enjoy seeing all these other kernel trees happening. All the vendors have their own."

However, the Linux kernel community overall could be more welcoming to new ideas, he suggested. "One of the problems is we have people who have such high criteria for what is acceptable or not that it scares away people who want to do new code and do new experiments," he said. "We mustn't set the bar that high. New code, new drivers, there will be problems and I'd rather take them and then improve them."

Even as Linux matures as a technology, it has yet to make a major impact in the mainstream desktop market. "It's really hard to enter the desktop market because people are used to whatever they used before, mostly Windows ... There's just this huge inertia in that market," he said.

In contrast, he said, it was much easier to sell Linux in the context of a server: "There's just a few loads, they're fairly simple, they're fairly well-understood, people have much less inertia in upgrading a server than they have in upgrading their desktop."

At one point, the discussion turned to Sun's work to create an open-source community around Open Solaris. Torvalds expressed deep skepticism toward the effort.

"It's generally hard to build a community around a commercial entity that also wants to be in control because everybody else around that commercial entity will always feel like they're at the mercy of Sun," he said.

This dynamic is reflected in Open Office, "where the fact that Sun wants to have copyright assignments and exclusive control over the license ends up being something that actually drives away some developers," he argued.

Overall, Torvalds expressed ambivalence toward Sun, which recently has developed an image as a particularly open-source-friendly company. "In many ways, Sun has done a lot of things right. At the same time, they seem to often have trouble going the full last step," he said.

Ian Murdoch, vice president of Sun's Connected Developer group, defended Sun's commitment to the open-source model. "An open-source project has to have coordination, it's not anarchy," said Murdoch, who earlier in his career founded the Debian version of Linux.

"If you look at the Linux kernel itself, Linus is firmly in control of that, and the only difference is he's an individual and Sun is a company. ... Some of the most successful open-source projects are being driven by companies, like MySQL for example," he said.

Torvalds also pulled out his crystal ball, offering predictions on how technology will change in the next five years.

While hardware will be "hugely better," software's power and complexity will grow alongside it, he said. "I suspect things will be about the same speed because the software will have grown and you'll have more 'bling' to just slow the hardware down."

Virtualization is "not that big of a deal," according to Torvalds. "It's been all around for decades and it's very interesting in niche markets -- I think the people who expected to change things radically are just fooling themselves."

Real change will come from entirely new uses of computers, he predicted.

(James Niccolai in San Francisco contributed to this report.)

Antivirus companies aim to set standards for testing

Antivirus software companies and software testers created a new organization Monday with the goal of providing consistent information about the effectiveness of antivirus products.
The distribution of malware -- including viruses, worms, Trojan Horses, and Web sites exploiting weaknesses in Internet browsers -- is now being driven by organized crime for financial gain, and poses an ever more serious threat.

Anti-malware software developers have developed methods to block these threats, but traditional antivirus tests are becoming irrelevant because they don't take such methods into account, according to Stuart Taylor of anti-malware software vendor Sophos.

Last year, developers of antivirus software called into question a batch of antivirus tests conducted by independent organizations when showed their products failing to detect many security threats. At a meeting in Reykjavik, Iceland, last May, representatives of F-Secure, Panda Software and Symantec decided to design a new testing plan.

The creation of the Anti-Malware Testing Standards Organization (AMTSO) is one of the fruits of that work. It brings together around 40 developers and testers of anti-malware tools, with the aim of hosting discussions about testing, publicizing testing standards, and providing tools and resources for such testing.

Organizations present at the inaugural meeting included antivirus software testers such as AV-Comparatives and AV-Test.org, and antivirus software developers including BitDefender, F-Secure, Kaspersky Lab, McAfee, Sophos, Symantec, Trend Micro and Panda Software, which hosted the meeting. IBM and Microsoft also attended.

Storm worm dethroned by sex botnet

Romance is out and sex is in, according to security experts who said the Mega-Dik botnet has ousted the infamous Storm as the most prolific sender of spam.
The Mega-D botnet, which offers discounted sexual enhancement pills to users, delivers a whopping 30 percent more spam than Storm, famous for delivering malicious Valentines cards.

It is the largest botnet on record, according to security firm Mashall, and has exceeded Storm's highest spam output in September last year by 12 percent.

Marshal vice president of products Bradley Anstis said Storm-based spam has been cut down to 2 percent due to its high media attention.

"The Mega-D operation is responsible for huge volumes of spam. Over the past year spam from this botnet has grown significantly and it has exceeded Storm's previous spam records without attracting nearly as much media attention," Anstis said.

"Just two weeks ago we saw a renewed campaign to distribute the Storm malware under the guise of a love letter. Perhaps Storm has become a victim of its own success as Microsoft has been targeting Storm with its malicious software removal tool since September last year."

Microsoft has flushed about 200,000 computers clean of Storm since September, according to Anstis.

Mega-D has borrowed a few tricks from Storm, such as operating in Asian countries typified by high broadband penetration and poor use of anti-virus, using Trojans to dodge signature-based removal techniques and proliferating over peer-to-peer networks.

Anstis said the creators of Storm may be behind the Pushdo botnet, one of the most active based on infection, based on similarities between the two.

"There is a lot of crossover between the products promoted by all of the botnets we're tracking," Anstis said.

"These people are cunning and one lesson they may have learnt from Storm is to stay under the radar if they want to remain successful."

He said Mega-D has targeted Facebook users with a fake invites that downloads the Trojan using a phony Flash Player update.

More than 70 percent of global spam is sent from botnets Mega-D, Pushdo, HTML, One Word Sub and Storm.

Intel lifts veil on Silverthorne processor

Intel will offer a first look at technical details of its low-power Silverthorne processor during a presentation at the International Solid State Circuits Conference (ISSCC) this week, setting the stage for a concerted push into the market for ultraportable devices.
"This is the first detailed technical presentation on Silverthorne," said Justin Rattner, Intel's chief technology officer and director of the company's Corporate Technology Group.

Silverthorne is the first x86 chip designed by Intel specifically for small, portable computers. Until now, the company has taken older processors originally designed for notebooks and adapted them for use in portable devices. For example, Intel's existing A100 and A110 processors designed for these devices are based on the Celeron M chip.

Intel's ISSCC presentation on Silverthorne was anticipated. The conference program contained a presentation abstract that described an unnamed 45-nanometer, low-power Intel processor designed for mobile Internet devices. That description is the same that Intel used to describe Silverthorne, although the company earlier declined to confirm or deny if the chip was in fact Silverthorne.

Unlike other processors in Intel's current product line, Silverthorne uses an in-order processor design, akin to a factory with a single assembly line capable of processing one operation at a time. The chip is the first in-order processor released by Intel since it began shipping the Pentium Pro in 1995. Other Intel processors use an out-of-order design.

Out-of-order chips work like a factory with multiple assembly lines. They can process several operations at the same time and generally offer better performance than in-order processors. Silverthorne will make up some of this difference by using Hyperthreading, a technology that allows the processor to work on two instruction threads at the same time.

Using an in-order design for Silverthorne struck the best balance between performance and power efficiency, Intel said. But don't expect Silverthorne to match the performance available from Intel's mobile Core 2 processors, even though Silverthorne consumes less power. The performance of the new chips will be roughly equivalent to the Pentium M processors found in the first version of Centrino, released in 2003, Rattner said.

Intel declined to comment on what clock speed Silverthorne will run at or how much power it will consume when it hits the market in the coming months. But the ISSCC program abstract said the chip will have 512K bytes of cache and use a 533MHz front-side bus.

Observers had expected Intel to offer dual-core and single-core versions of Silverthorne, but Rattner said Silverthorne will have one core.

Over the life of the Silverthorne processor, Intel expects to make a 2GHz chip available and plans to offer a version that consumes 1 watt, Intel said, suggesting these will not be features of the processors set for release in the months ahead.

When Silverthorne hits the market, it could face competition from Via Technologies' Isaiah processor, a low-power chip that is set for release at around the same time and is designed for the same portable devices makers that are Silverthorne's target market. Isaiah processors use an out-of-order design, a faster front-side bus, a twice as much cache, which could give the chips an edge over Silverthorne. But an accurate comparison of the two chips won't be possible until they are released and can be benchmarked by independent observers.

Even if Isaiah outperforms Silverthorne, Via must still compete with Intel for orders and that may prove difficult.

Via is tiny by comparison to Intel and cannot offer the same level of support to its customers in terms of marketing muscle. Via will also need to keep Isaiah's price relatively low to be competitive with Silverthorne, which is the smallest chip produced by Intel over the last 15 years or so.

"The 486 was a bit smaller," Rattner said.

The small size of Silverthorne means Intel can produce 2,500 chips on a single 300-millimeter silicon wafer. That keeps unit production costs low and will allow Intel to sell Silverthorne at a relatively low price, as well. It also means Intel can produce Silverthorne without diverting too many manufacturing resources from its flagship Core 2 and Xeon products.

Ballmer rebuffs Google's anticompetitive rant

Microsoft CEO Steve Ballmer rebuffed Google's accusations that an acquisition of Yahoo would be anticompetitive.
The bid was made public Friday, prompting the response from Google over the weekend. Ballmer Monday at a news conference ceded ground to Microsoft's arch rival in order to justify his company's US$44.6 billion cash-and-stock offer for Yahoo, which if accepted would fall under the scrutiny of U.S. and European regulators.

"Google's clearly got a dominant position," Ballmer said. "They have about 75 percent of paid search worldwide. We think this enhances competition and anything else would be less good."

A Google executive struck back at Microsoft on Sunday, charging that a combined Microsoft and Yahoo would control an overwhelming share of e-mail and instant-messaging accounts as well as portal traffic.

David Drummond, senior vice president of corporate development and chief legal officer at Google, further suggested that if Microsoft buys Yahoo it might try to unfairly use its dominance in those areas, just as it did in the PC market.

Monday's news conference, in which Ballmer spoke with Chief Financial Officer Chris Liddell, appeared to put further pressure on Yahoo's board to accept the offer, which at $31 a share represents a 62 percent premium over Yahoo's closing price last Thursday.

"We think it's an extremely competitive offer," Liddell said.

In a Monday filing with the U.S. Securities and Exchange Commission, Yahoo disclosed an e-mail sent on Friday by CEO Jerry Yang and Roy Bostock, non-executive chairman of Yahoo's board. "First, we want to emphasize that absolutely no decisions have been made and, despite what some people have tried to suggest, there's certainly no integration process under way," the e-mail read.

Ballmer continued with a hard push as to how a deal with Yahoo will let Microsoft move faster in building out areas such as search, online services and online advertising.

"We are going to have to innovate like crazy," Ballmer said.

But he also stressed how long it could take for a Yahoo deal to eventually benefit shareholders. Ballmer said he looks at whether investments will pay off five to 10 years down the line, but investors often want to see results in three years.

"Sometimes those investments look smart, sometimes it takes a while for them to pay off," Ballmer said.

LiMo's Linux phone platform nears launch

The LiMo Foundation plans to release the first version of its Linux software platform for mobile phones in March, with handsets running the software due soon.
LiMo's goal is to offer handset manufacturers an open, hardware-independent software platform that offers a secure environment for downloadable applications.

Publishing the code on time is one thing, but "putting handsets into consumers' hands is the most important proof point," said Morgan Gillis, executive director of the LiMo Foundation. That will happen very soon, he said.

On Monday, the Foundation will publish a beta version of the software's APIs (application programming interfaces) so that developers can begin writing applications to run on it.

The APIs are still beta versions because the underlying software is not yet complete and minor details may change ahead of its release in March, Gillis said.

The LiMo Foundation is focusing on phones' middleware, leaving handset manufacturers and operators to choose their own user interface and content applications.

That freedom is important, Gillis said, because "the cost of developing the first phone on a platform can be as high as half a billion dollars."

Phone manufacturers may be unwilling to make that kind of commitment to a new operating system if it will also leave them tied to another company's user interface or content applications, he said.

"That's why Windows Mobile and Series 60 didn't gain broad traction; suppliers didn't feel comfortable," he said.

LiMo faces competition from another open platform, Android, supported by Google and the Open Handset Alliance.

For Gillis, the connection between Android and Google's content make that another example of a tied operating system.

Although the LiMo Foundation's code is not quite finished, most of it has already been proven in handsets sold or distributed by founder members Motorola, NEC, NTT DoCoMo, Panasonic, Samsung Electronics and Vodafone, Gillis said.

Nevertheless, there are some new elements, notably the security model, Gillis said. "Security in handsets is an area that tends to evolve quite quickly," he said.

Since development of the platform began, "there are no major new threats, but it's about evolving approaches and algorithms that address the security situation."

Although the underlying platform is open, the handsets based on it may not be. The LiMo code includes support for application signing, allowing handset designers or operators to block the execution of unsigned downloads.

"The precise rules used for application signing are usually determined by the operator," Gillis said.

However, he said, there are signs that operators are moving away from the "walled garden" they favored in the past to a more open approach.

Intel details upgrade to Itanium processor

Intel on Monday is expected to detail Tukwila, its next generation of 64-bit Itanium processors that are used in enterprise servers.
The new processor, due for release by the end of 2008, has a quad-core design that doubles the performance of systems with Intel's Itanium 9100 dual-core processors, said Justin Rattner, chief technology officer at Intel.

Tukwila will be detailed during a session at the International Solid State Circuits Conference in San Francisco this week.

The processor will run at up to 2GHz and include the QuickPath Interconnect system architecture with an integrated memory controller for improved communication links between system components, Rattner said. The architecture, different from Intel's x86 architecture, is designed to support data-intensive applications. The processor works with Unix, Linux and Windows Server OS software.

The boost in performance provided by Tukwila will be an upgrade for the set of developers writing applications for Itanium processors, which are targeted at vertical markets with data-intensive applications, like data warehousing, said Richard Doherty, director of analyst firm The Envisioneering Group.

The QuickPath Interconnect architecture will also be part of Nehalem, Intel's next-generation x86 processor due out later in 2008. In the first public demonstration of the Nehalem processor at Intel Developer Forum at San Francisco last year, Intel CEO Paul Otellini said QuickPath Interconnect helps Nehalem deliver better performance-per-watt and better system performance.

The Tukwila architecture will include 30M bytes of on-die cache, a 10 percent increase over the current Itanium. It will also include dual-integrated memory controllers, Rattner said.

Tukwila is targeted at servers running enterprise applications, so the design includes an advanced RAS (reliability, availability and serviceability) feature to reduce data corruption and ensure reliable system performance, Rattner said. Advanced RAS features correct errors that may occur when data is being crunched on a processor.

The system is built on a record number of transistors, Rattner said. "To our knowledge, that's the first 2 billion transistor [microprocessor]," he said.

The Tukwila processor will be manufactured using the 65-nanometer process technology. Intel will skip the 45-nanometer process and jump to the 32-nanometer for the Tukwila processor upgrade, code-named Poulson, said Susan Tauzer, director of Itanium marketing at Intel. No release date was provided for Poulson.

Intel is working closely with Microsoft, Novell/SUSE, Red Hat, Hewlett-Packard and other key OS, system and application vendors on the delivery of Tukwila systems, Tauzer said.

Google, Microsoft trade barbs over Yahoo bid

Google has made its first official comments on Microsoft's proposed acquisition of Yahoo saying that the deal raises "troubling questions" and that the underlying principles of the Internet stand to be tested by the proposed deal.
The statement refers several times to Microsoft's past regulatory transgressions and indicates that Google could be preparing to fight the deal -- if it is accepted by Yahoo -- by pushing regulators to disallow it.

"Could Microsoft now attempt to exert the same sort of inappropriate and illegal influence over the Internet that it did with the PC?," asked David Drummond, senior vice president of corporate development and chief legal officer at Google in a statement posted on the corporate blog on Sunday.

Drummond also asks if an acquisition could allow Microsoft to "extend unfair practices from browsers and operating systems to the Internet?" and to " take advantage of a PC software monopoly to unfairly limit the ability of consumers to freely access competitors' email, IM, and web-based services?"

A report late Sunday in the online edition of The Wall Street Journal said Google CEO Eric Schmidt called Yahoo CEO Jerry Yang on Friday to offer help to the rival in thwarting the bid. The newspaper, which quoted people familiar with the matter, didn't provide details of the telephone call.

Google has something to fear from a combined Microsoft and Yahoo. The proposed deal, which was announced on Friday and has Microsoft offering US$44.6 billion for Yahoo, would combine the number two and three search engines. The two companies are also leaders in the areas of Web mail and instant messaging so a merger would provide stronger competition for Google in those areas.

But Google has a massive lead in search and the deal wouldn't necessarily lead to an improvement in search results, so Microsoft and Yahoo would still face a challenge to surpass Google's current dominance in this part of the market.

The Google statement got a quick response from Microsoft, which said a combination of the two companies would benefit Internet users by establishing a stronger number two competitor to Google.

"The alternative scenarios only lead to less competition on the Internet," said Microsoft's top-lawyer, General Counsel Brad Smith, in a statement.

"Microsoft is committed to openness, innovation, and the protection of privacy on the Internet. We believe that the combination of Microsoft and Yahoo! will advance these goals," Smith said.

A merged company would still only account for about 30 percent of the search queries run in the U.S. and about 10 percent in Europe, he said.

Forgotten IT chores may have led to bank meltdown

The huge losses reported by French bank Société Générale, apparently caused by a rogue trader with inside knowledge of the bank's procedures, don't necessarily point to an IT systems failure but rather to poor management of those systems, analysts say.
The bank has accused 31-year-old employee Jerome Kerviel of creating a fraudulent trading position in the bank's computers that ultimately caused it to lose around €4.9 billion (US$7.3 billion).

Kerviel achieved this by, among other things, misappropriating computer passwords, the bank said. It has revealed few other technical details of what caused the losses.

Management of passwords, including rescinding the old passwords of employees who move to different positions within the bank, or modifying the level of access those passwords allow, is often a task given to the lowest-level IT worker.

"It's dull and routine 99 percent of the time, but a vital backstop," said Bob McDowall, senior analyst at the TowerGroup. Senior IT managers should conduct more frequent reviews of password policies, he said.

In some cases, it may not have been the security of the passwords themselves that posed a problem, but rather the access those passwords allowed, said Ian Walden, professor of information and communications law at Queen Mary, University of London.

Organizations tend to think of access as being binary in nature: you get access to it all, or you don't, Walden said. In reality, there are many more levels of access. "In modern, complicated systems, the granularity has to be much more sophisticated."

To make the best use of systems with advanced access controls, the IT department must have a thorough understanding of how the business works and where there is risk.

IT departments and business managers have yet to find a way to wrap security into business processes so it is not an impediment, Walden said.

"IT in a company is not given a sufficient status," Walden said. "What's shocking is you would have thought that the financial sector was more sophisticated than this, but it still tends to be the case that security is an add-on and a block, something you've got to live with but you don't have to like, rather than being viewed as an integral part of the business structure."

Workers should be able to do their job without having to share passwords when someone goes on holiday, and the IT department should not make it harder for people to perform their duties, Walden said.

In one extreme example at telecommunications company BT, one employee didn't have the right to use a computer at all, but he found it helped him do his job, Walden said.

"By the time he was found, he had 90 passwords of different employees," Walden said.

It's possible that financial institutions could use biometric systems, such as fingerprint scanners, to provider an added layer of security, McDowall said. Those systems, however, are expensive. Also, the sometimes-finicky fingerprint scanners may not be appropriate in a frantic trading environment, McDowall said.

Questions remain about how Kerviel's losses could be so high given his job as relatively low-level trader. But Kerviel's career progression in 2005 from the bank's back office to the front office -- where he would have had access to client accounts -- is also troubling since he would have gained greater knowledge on the bank's inner controls, McDowall said.

As an arbitrage trader, Kerviel made money off price differences between different financial products. Société Générale said Kerviel balanced real and fake trades in order to avoid setting off internal alarms.

Kerviel has been described in some press reports as a computer genius. However, most attackers used unsophisticated methods for exploiting systemic vulnerabilities in applications, processes and procedures, according to the 2005 "Insider Threat Study" by Carnegie Mellon Software Engineering Institute.

That report notes that sophisticated tools are also used in some attacks, which would demand that internal financial systems need to be designed on a more defensive footing.

Programmers should code under the assumption that a hacker or employee will use every means in order to break in, said Ben Rothke, senior security consultant at BT's International Network Services.

"The underlying issue is that many systems are designed to stop honest people from making mistakes, but do not take into account those with malicious intent," Rothke said.

It makes insider jobs one of the toughest to defend against. The psychological profile of an insider tends to be a disgruntled employee who feels wronged by the company, according to the Insider Threat Report.

That in turn can lead to a suspicious behavior such as staying late at work, which paradoxically might only signal a committed employee.

"It's always the insider," Rothke said. "It's often harder to steal US$10,000 from a bank than $10 million."