FierceCIO News

Is Windows on ARM the future of the Windows operating system?

Paul Mah — Fri, 10 Feb 2012 12:11:56 -0500

In a new blog entry posted yesterday, Microsoft's (NASDAQ: MSFT) Steven Sinofsky, president of the Windows division, elaborated at length about Windows on ARM (WOA). He pointed out how WOA builds on the foundation of Windows, and that it has a "very high degree of commonality" and a significant shared code base with the x86/64 version of the Windows 8 operating system.

Reading through the post, it becomes apparent that ARM is no simple port of the x86/64 version of Windows 8. For a quick rundown on some of the most important differences, jump to our article.

Sinofsky offered a hint of the investments Microsoft has poured into WOA when he wrote: "Building WOA has been an ongoing engineering effort involving Microsoft, ARM licensees, PC makers, and developers of components and peripherals. These efforts spanned a wide array of subsystems that have been newly created or substantially re-architected for WOA."

In a bid to lengthen battery life, Sinofsky explained that WOA will not support traditional aspects of the Windows architecture such as background processes, system hooks and startup programs. Moreover, changes were also made to the registry and various components such as the handling of admin rights and unsigned drivers and add-ins, plus "a host of other common techniques."

It is evident that Microsoft is aggressively tweaking WOA to play well with mobility devices such as tablets, where the battery life is a major factor in purchasing decisions. And who won't want a computing device that can last for a full day away from a wall socket?

From another angle though, it doesn't take a huge leap of intuition to conclude that the underlying architecture of x86/64 Windows 8 is simply not ideal for long battery life. And if that's the case, then it would appear that the x86/64 of Windows 8 is really about creating a platform to which Microsoft's existing Windows users can easily migrate.

As more applications get written for WOA however, it is entirely plausible that WOA PCs, with their superior battery life, will eventually leave x86/64 Windows in the dust. - Paul Mah (Twitter @paulmah)

Bug in Trendnet webcams exposes them to public viewing

Paul Mah — Fri, 10 Feb 2012 10:14:55 -0500

A serious vulnerability in home security cameras made by U.S.-based Trendnet potentially exposed thousands of users to voyeurs and hackers who could watch the live video feed from the cameras over the Internet--without a password.

The flaw was first uncovered in January by a hacker going by the handle of "someLuser," who dug into the firmware of a SecurView Wireless Internet Camera from Trendnet. While unpacking the underlying operating system, he stumbled upon a URL that can be used to log in anonymously. The hacker outlined every step of his discovery, and even customized a script that can be used to query the Shodan search engine to locate vulnerable Trendnet cameras.

The serious bug was attributed to a "coding oversight" by a Trendnet official, and the company has acknowledged that up to 22 different models were affected. "Upon awareness of the issue, Trendnet initiated immediate actions to correct and publish updated firmware which resolves the vulnerability," says the company in a statement.

Separately, Zak Wood, Trendnet's director of global marketing, told the BBC earlier this week that the company is scrambling to discover how the code was introduced. A quick check shows that the company has placed a prominent notice on its website that leads directly to a download page with links to the updated firmware.

Trendnet says it plans to notify the 5 percent of affected users who have registered their webcams with the company, though what happens to the 95 percent of affected users remains a mystery.

For more:
- check out this article at Wired
- check out this article at InformationWeek
- check out this article at The Inquirer

Microsoft: How Windows 8 on ARM will be different

Paul Mah — Fri, 10 Feb 2012 09:48:11 -0500

Microsoft (NASDAQ: MSFT) has unveiled more details about its upcoming Windows 8 on ARM (known as "WOA") in a new article on the official Building Windows 8 blog. WOA is the version of Windows 8 that is ported to the ARM architecture.

Microsoft's Steven Sinofsky confirmed that WOA will launch at the same time as Windows for the x86/64 platform running on Intel/AMD processors--which probably comes as good news for those eager to get their hands on the ARM version of Windows 8.

One key point that Sinofsky makes clear is how WOA is far from a direct port of Windows 8 on x86/64. For one, a WOA PC will come without the traditional hibernate and sleep option, but will instead operate similar to a mobile phone. This means that a WOA device will never switch off, but instead operate in connected standby power mode where it can remain for weeks before the battery drains.

In addition, WOA will not support any type of virtualization or emulation approach, and will also not allow for existing x86 applications to be ported over.

The reason for this decision has to do with customer satisfaction, says Sinofsky. He explained: "If we enabled the broad porting of existing code we would fail to deliver on our commitment to longer battery life, predictable performance, and especially a reliable experience over time." He further elaborated that conventions used by current Windows applications "do not necessarily provide this" given the way it deals with various things such as background processes, timers, system hooks, the registry and unsigned drivers, among other things.

Given these differences, a WOA PC will be clearly labeled and branded so as to avoid confusion with Windows 8 on the x86/64 platform. Moreover, WOA will not be available as a software-only package; WOA devices come with the operating system pre-installed. On this, Sinofsky observed that device makers typically work to pair a hardware device with "a specific set of software"--which he readily admits is quite different from Windows in the world of x86/64 hardware.

For now, Microsoft is scheduled to release Windows 8 Consumer Preview on Feb. 29, with the release of Windows 8 widely expected to happen by the end of this year.

For more:
- check out this article at Network World
- check out this article at CNET News

Apple's iPad 3 will be unveiled first week of March, says report

Paul Mah — Fri, 10 Feb 2012 08:29:50 -0500

Apple (NASDAQ: AAPL) will unveil its much anticipated iPad 3 tablet in the first week of March, according to a new report on respected tech site AllThingsD. Citing sources, the report says that Apple will debut the iPad 3 in the first week of March, with availability expected to follow shortly after. Speculation has been rife about the prospect of a February or March release date for a few months now, though AllThingsD is the most reputed site so far to step forward with a prediction.

According to the report, the new iPad will sport a similar form factor to the iPad 2, but with a more powerful chip and an improved graphics processing unit under the hood. It will also feature a high-resolution display, though there is no mention of a quad-core processor as suggested by tech site BGR last week.

Based on the rumored specifications so far, the iPad 3 will likely appeal to first-timer iPad buyers and original iPad owners. It may have limited appeal to existing iPad 2 owners though, unless they have need for a high-resolution display. For now, analysts are predicting that Apple will lower the price of the iPad 2 upon the release of the iPad 3.

For more:
- check out this article at Wired
- check out this article at InformationWeek

Microsoft's Patch Tuesday for February has 9 security bulletins

Paul Mah — Fri, 10 Feb 2012 07:37:29 -0500

System administrators can expect a relatively light Patch Tuesday next week with a total of nine bulletins, of which four have been flagged as critical. According to Microsoft's (NASDAQ: MSFT) advance notification released yesterday, this is lower than the 12 security bulletins in the same month last year. Affected software includes Internet Explorer, Windows Server 2003, Office, SharePoint and Silverlight.

Windows Server 2008 R2 is affected by the greatest number of bulletins, which is surprising given that server operating systems tend to have fewer bugs than desktop operating systems. Andrew Storms, director of security operations for nCircle told eWeek: "That's kind of weird because newer OS versions are generally more secure."

Given that this month's Patch Tuesday falls on Valentine's Day, some administrators may find their plans for the evening ruined. Paul Henry, security and forensic analyst at Lumension, noted in an email message that the four critical bulletins would "most likely" require a restart--making it less likely to be an update that can be applied during office hours.

On the bright side, Henry observed that that makes two fairly light patching months in a row praised Microsoft's renewed efforts.

For more:
- check out this article at Computerworld
- check out this article at eWeek

Chrome 17's new features enhance speed, security

Paul Mah — Fri, 10 Feb 2012 07:30:23 -0500

In the first major update for its web browser in 2012, Google (NASDAQ: GOOG) has released Chrome 17. The new version quashes at least 20 security vulnerabilities, according to eSecurity Planet. More interestingly, Chrome 17 takes malicious file protection to a new level by attempting to match downloads of executable files with a whitelist, then automatically checking for more information when faced with unrecognized files.

On the Google Chrome Blog, Google software engineer Noe Lutz outlined how the system works: "In addition to checking a list of known bad files, Chrome also does checks on executable files (like '.exe' and '.msi' files). If the executable doesn't match a whitelist, Chrome checks with Google for more information, such as whether the website you're accessing hosts a high number of malicious downloads."

Google says that any information sent to the company will not be used anywhere else, and associated information such as IP addresses will also be stripped after two weeks. Moreover, Safe Browsing can be turned off for those who still prefer not to send information to Google.

Another major feature is Omnibox pre-loading. The Chrome browser will pre-render the page that a user is most likely to visit even before a user has finished typing a URL. The result is that pages will appear faster or "even instantly" upon hitting Enter, says Lutz. Users who don't like that can disable it by unselecting "Predict network actions to improve page load performance" in the "Under the Hood" tab in Options.

New users who want to give Chrome a spin can download it from www.google.com/chrome; existing users should already have been updated automatically to Chrome 17.

For more:
- check out this article at Google Chrome Blog
- check out this article at ZDNet
- check out this article at eSecurity Planet

Spotlight: Intel launches 520 Series solid-state drive

Paul Mah — Fri, 10 Feb 2012 01:05:59 -0500

Intel (NASDAQ: INTC) has launched its 520 Series solid-state drive (SSD), which is a blistering fast SATA 3 SSD armed with a SandForce controller. Intel claims that the 520 Series, available in capacities of 60GB, 120GB, 180GB, 240GB and 480GB, has a sequential read and write performance of 550Mbps and 520Mbps respectively. Beyond improvements to the baseline SandForce firmware, the 520 Series has also been put through Intel's extensive validation process to ensure that it delivers both top-tier performance as well as reliability. Indeed, the company is offering five-year warranties for the 520 Series. For more information, check out a review of the Intel 520 Series SSD by PC Perspective here.

Facebook struggles to delete old photos from servers

Paul Mah — Tue, 07 Feb 2012 03:39:08 -0500

You may have heard that Facebook had a problem with physically deleting photos from its servers in a timely manner. In the wake of an investigation first conducted in 2009, as well as a follow-up more than a year later, Ars Technica this week did a second follow-up to see whether old photos have been deleted. Unfortunately, the "deleted" photos were apparently still accessible when accessed via direct link, despite being "deleted" from Facebook.

Jacqui Cheng offers an example: "One reader linked me to a photo that a friend of his had posted of his toddler crawling naked on the lawn. He asked his friend to take it down for obvious reasons, and so the friend did--in May of 2008. As of this writing in 2012, I have personally confirmed that the photo is still online, as are several others that readers linked me to that were deleted at various points in 2009 and 2010."

Responding to a query from Cheng, Facebook spokesperson Frederic Wolens admitted that the company's systems used for photo storage "a few years ago" did not always delete images from Facebook's content delivery networks "in a reasonable amount of time." However, the company is currently working on a new system that will remove photos in a month and a half, and it is expected to be completed within the "next month or two."

This seems an inordinate amount of time for the company to get started on resolving an obvious bug in the system. While some may argue that it speaks poorly for the technical skills of the company, I think there is a far simpler reason at work here--the company never cared enough to give this issue a higher priority.

For more:
- check out this article at Ars Technica

Hackers tried to extort $50K from Symantec over source code

Paul Mah — Tue, 07 Feb 2012 03:19:44 -0500

A hacker group has attempted to extort $50,000 from Symantec to keep the company's source code private. This was confirmed by Symantec in a statement, which noted that "an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession." This took place in the second half of January, and Symantec says that communications took place as part of a law enforcement investigation.

As reported on CNET News, the details of the negotiation have been posted to Pastebin, which shows a series of e-mail exchanges between a purported Symantec employee named Sam Thomas and an individual called "Yamatough." The discussions apparently took place over a number of weeks, though the deal was never completed as Yamatough lost patience over the inability to agree on a payment processor to transfer the funds.

Symantec previously warned against the use of pcAnywhere in the wake of its source code being stolen, though the warning was subsequently dropped after the company released a number of security patches for the popular remote access software. In view of Symantec's statement that it was working with law enforcement agencies, the alleged correspondences posted on Pastebin make it clear that the company was working to entrap the hackers.

The reputation of Symantec as a leading security software maker has taken a beating over the source code theft, and the entire debacle serves as a confirmation that even security companies are not immune to security breaches.

For more:
- check out this article at CNET News

Open-source Spark tablet could arrive as early as May

Paul Mah — Tue, 07 Feb 2012 02:29:51 -0500

KDE plans to release a tablet that operates on the open source Linux operating system. According to a blog post written by KDE developer Aaron J. Seigo, the Spark tablet will come with a 7-inch (800x480) capacitive multi-touch display and will be powered under the hood by a 1GHZ ARM processor.

Other hardware specifications include Wi-Fi connectivity, 512MB of RAM, 4GB of internal storage and an SD card slot. On the software end, Spark will run on KDE's Plasma Active and will be available to the general public. The relatively modest hardware will be priced at about $265.

This news has created a buzz in the Linux world over the possibility of a fully open tablet based on the Linux software stack. Some are clearly enthused about the possibility of an ARM tablet without closed binary drivers and other restrictions. Others, however, are skeptical in view of its comparatively high price when pitted against other 7-inch tablets such as the Kindle Fire and even the BlackBerry PlayBook. Moreover, Internet sleuths have quickly concluded that the Spark is really the Zenithink C71, which is currently being advertised for about $120 to $130.

However, I think Seigo sums it up well in a follow-up Q&A, where he confirmed that the Spark is really a C71. While a user can certainly install Plasma Active on a tablet that is "purchased elsewhere," Seigo wrote: "Keep in mind that by purchasing a Spark you will help drive development of Plasma Active, Mer and the push towards an open ARM ecosystem."

Will the Spark tablet ever take off in businesses? I think the answer is no, if client-side Linux adoption in businesses is any indication. Expect to see them being toted around by die-hard Linux users who value flexibility.

For now, the Spark tablet is expected to start shipping in May, and will be available worldwide. An add-on store is expected to be unveiled nearer to the release date, and will be released as open source once its design and implementation has been validated. A model with 3G and GPS is expected eventually, though only at a later stage.

For more:
- check out Seigo's blog post
- check out this article at TechNewsWorld
- check out this article at InformationWeek

Adobe: Focus on defenses, not bug hunting

Paul Mah — Tue, 07 Feb 2012 02:10:37 -0500

Speaking at Kaspersky Lab's Security Analyst Summit last week, Brad Arkin, director of product security and privacy at Adobe, suggested that security researchers should focus less on finding vulnerabilities and defects in software. As reported on eWeek, Arkin said that researchers should work instead on thinking of how to make it too expensive to target those applications.

The issue pertains to hackers who rely heavily on proof-of-concept work done by bona fide researchers to use against real-world targets. Using a recently patched zero-day vulnerability in Adobe Reader as an example, Arkin noted that attackers made use of three-year-old proof-of-concept code as a shortcut in an attack that was conducted on fewer than 20 machines.

Arkin says, "If you publish a paper about a new technique, a previously hard technique becomes easy." Alluding to the difficulty of actually writing novel exploit code, Arkin pointed out that only about two-dozen vulnerabilities identified in the company's products were actually matched with exploit code. Finally, Arkin pointed to the correlation between an exploit being added to the popular Metasploit penetration-testing suite and the skyrocketing number of attacks targeting that vulnerability.

Given the number of high profile vulnerabilities spread across highly popular software applications such as Adobe Reader and Flash, it may appear self-serving of Arkin to ask security researchers not to focus on software weaknesses. Yet what he says is certainly not illogical; there is no doubt in my mind that many hackers are really script kiddies who do not have the ability (or time) to write the advanced code necessary to pull off new zero-day attacks.

The situation is unlikely to change in the short-term however, and while Adobe has been working hard over the last couple of years to address the many security flaws in its products, the current state of affairs does mean that a proof-of-concept remains the call to action to fix a bug for most other software firms.

For more:
- check out this article at eWeek

Cookie-forwarding scheme can be used in session hijacking

Paul Mah — Tue, 07 Feb 2012 02:03:35 -0500

Researchers from Microsoft Research and RSA Laboratories have released a whitepaper (.pdf) the documents their study of the ease with which individual host machines can be tracked on the Internet. The team made use of data from the hundreds of millions of devices connected to Hotmail in the month of August 2010, tracking details such as IP addresses from which logins were made, cookies and (anonymized) user login IDs.

This resulted in an incidental discovery of a byzantine scheme where zombie machines were apparently forwarding cookies belonging to Hotmail accounts to distributed locations.

There were two possible explanations in the report. "First, some Web mail providers flag an account as suspicious if it logs in from multiple geographic locations in a short time span. This type of activity could circumvent that. Spreading the cookies around could let attackers access accounts without explicitly logging in, thereby reducing the likelihood of detection." The other possibility was that the researchers witnessed a precursor of hackers preparing to launch actual session hijacking attacks on real user accounts.

Though the researchers suggest that host-tracking can be used to improve security, the flip side is that hackers can conduct session hijacking by stealing and rerouting session cookies to remote machines under their control. This topic is certainly worth further exploration by online businesses and financial institutions.

For more:
- check out this article at Network World

Spotlight: Skype 5.8 adds HD video calling

Paul Mah — Tue, 07 Feb 2012 01:54:47 -0500

Released just last week, Skype for Windows version 5.8 comes with a number of notable new features that includes support for 1080p HD video calling. For the longest time, it didn't matter that top-of-the-line webcams were capable of supporting full HD 1080p resolutions, given that popular video calling services only supported HD 720p video calls. Skype 5.8 for Windows changes that, and also adds new features such as video calling to Facebook users. Skype recommends an Internet connection with 2Mbps upload and download speed in order to enjoy full HD quality. You can read the official blog announcement here.

What are you anticipating the most in Windows 8?

Paul Mah — Fri, 03 Feb 2012 07:03:21 -0500

John Brandon of Computerworld has put together a list of 13 less-discussed features about Windows 8 that he considers worth knowing about and wrote in detail about each feature here. I think it's a pretty impressive roundup and have put up a summarized version for those who prefer the lowdown.

Reading Brandon's list did get me thinking about what really excites me about the next version of the Windows operating system. Out of the entire list, I think I'm particularly excited about the fast boot-up time of Windows 8, as well as its support for the ARM processor.

I interact with students in an educational institution on an almost daily basis, and it never fails to amaze me how long a simple task such as booting up their laptops can take. I'm experiencing 20-second boot-up with my fast SSD-equipped laptop; I think Windows 8 will radically change things by bringing this into the mainstream.

Despite Intel's (NASDAQ: INTC) best efforts with its Atom processors, there is no question that ARM has the crown in terms of power efficiency. Having a version of Windows 8 that runs on the ARM platform may just be the magic bullet needed to make 10+ hours of computing a reality.

In a nutshell, I think that having a fast boot-up time and support for the more energy-efficient ARM processor will resolve two perennial bugbears of the Windows operating system and serve to radically improve users' experiences. What say you? What are you anticipating the most in Windows 8? - Paul Mah (Twitter @paulmah)

Spotlight: Backup in the cloud with CloudBerry Explorer

Paul Mah — Fri, 03 Feb 2012 06:30:17 -0500

If you're looking to backup your data in the cloud, then you may want to check out CloudBerry Explorer by CloudBerry Lab. Various versions of the company's software are available that work with public cloud storage services such as Amazon S3, Windows Azure and Google Storage, among others. A freeware version of the S3 Explorer is available for those wanting to give it a spin, while a professional version supports advanced features such as compression, encryption and the ability to copy files directly from an FTP server to S3. The latter version costs $39.99 and deploys as a client-side application.