Sunday, May 24, 2009

Microsoft's Kumo Just Another Search Imitator

With by some estimates a 73 percent share of search traffic, Google is driving the industry. Yahoo is still a player, but Microsoft as always been an also-ran and not a very successful one at that.
The revenue generated by search engines is too large for Microsoft to ignore, but what's been leaked about Kumo suggests Microsoft's game of catch-up will already have been leapfrogged by competitors when Kumo goes live, reportedly on June 3.
Simply put: With three large companies in the game, anything one can do is easily copied by the others. Users search habits are hard to change, allowing time for catch-up and making it difficult to convince users to switch or even to start using a second search engine to improve results.
Kumo reportedly improves search results by suggesting more targeted searches capable of bringing users closer to the information they seek. Yahoo and Google have both recently demonstrated similar functionality.

Friday, May 8, 2009

Microsoft releases

After arriving first on torrent sites and then last week showing up on Microsoft's developer program Web sites, the release candidate of Windows 7 operating system arrived on the main Microsoft.com late on Monday night. The software was slated to be made publicly available on Tuesday.

The release candidate version, officially build 7100, is expected to be the last major public test of the product before it is finalized. The company will only officially confirm it plans to release Windows 7 before Windows Vista hits its third anniversary of broad availability in January. However, the software maker is widely seen as aiming to finish it soon enough for it to be on PCs that ship during this year's holiday shopping season.

See what's new in Windows 7 RC--photos
The latest official update to what some are calling the largest shareware trial period ever introduces more than mere bug fixes as the operating system upgrades from beta to release candidate. The Windows 7 release candidate does contain several major and minor changes, but the overall experience remains largely unchanged.

What's most important to you about the release candidate will depend on your perspective. Certainly, one of the biggest new features makes Windows Media Player useful again: you can now stream media files from one Windows 7 computer to another, across the Internet and out of network. Even better, the setup procedure is dead simple.

However, Microsoft has failed to remove a long-recognized Windows Explorer security risk from Windows 7, according to security company F-Secure. The "hide extensions" feature, which was present in Windows NT, 2000, XP, and Vista, is also included in the Windows 7 release candidate, The feature could allow virus writers to trick users into opening and running malicious files, he added.

A small brouhaha is erupting over Windows 7 and Intel processors. The hubbub is centered on which Intel processors will not support "XP mode" in Windows 7 and, by extension, which PCs will not support XP mode. Retail laptops may be one of the most prominent segments affected.

The other major release from the software maker came in the form of layoffs--Microsoft on Tuesday notified more than 3,000 workers that it is eliminating their jobs. The software maker said in January that it would cut up to 5,000 jobs over the next 18 months. It made 1,400 cuts at the time. With the second wave, Microsoft has cut nearly all 5,000 jobs already.

Tuesday, May 5, 2009

McAfee blasted for having holes in its Web sites

Security vulnerabilities on McAfee sites, including one designed to scan customers' sites for flaws, expose certain customer accounts and could be used for phishing attacks in which malware disguised as McAfee software could be distributed, security experts say.
The McAfee sites are vulnerable to cross-site scripting (XSS) attacks and cross-site request forgery attacks that could lead to phishing attacks on customers who think they are visiting the security vendor's site, according to an article on ReadWriteWeb.
Ironically, one of the vulnerable sites is McAfee Secure, which scans customer sites to determine if they are vulnerable to such attacks. The problem would signal that either McAfee doesn't run McAfee Secure across all of its own sites or the product doesn't work well, the report said.
To fall victim to a cross-site request forgery attack on that site, targets would have to be logged into their McAfee accounts and browse to a malicious Web site that exploits the vulnerability, according to the Risky.biz site.
Such attacks on sites of antivirus vendors are particularly dangerous because they enable attackers to create fake versions of security products that install Trojans or other malware and customers will trust it, Lance James, co-founder of Secure Science Corporation, told ReadWriteWeb.
The hole on the McAfee Secure site would indicate that the company failed to comply with PCI requirements for Approved Scanning Vendors, didn't use a secure software development lifecycle in building the application, and neglected to do an in-depth penetration test of the site, security researcher Mike Bailey wrote on his Skeptikal.org blog on Monday.
A McAfee spokesman said on Tuesday that the company was aware of reports of the vulnerabilities and was "working to remediate the issues with the highest urgency."
"It is important to note that these vulnerabilities did not expose any of McAfee's corporate information. Additionally, we have not seen any malicious exploitation of the vulnerabilities," the spokesman wrote in an e-mail. "McAfee has strict policies in place for its own Web sites and for services provided by third parties. We are investigating how these particular vulnerabilities were not identified in our screening process and will adjust our processes if necessary."
McAfee isn't the only security company to have security problems on its site. Last month, The Register reported on a cross-site scripting vulnerability on Symantec's site. And in February, a Romanian hacker site claimed to have used cross-site scripting and SQL injection attacks to breach the sites of F-Secure, Kaspersky, and BitDefender.

Monday, May 4, 2009

Windows 7 Release Candidate debuts early

SOMEWHERE OVER COLORADO--As I wind my way back to San Francisco, the release candidate of Windows 7 has made its public debut.

After arriving first on torrent sites and then last week showing up on Microsoft's developer program Web sites, the operating system arrived on the main Microsoft.com late on Monday night. The software was slated to be made publicly available on Tuesday.
The release candidate version, officially build 7100, is expected to be the last major public test of the product before it is finalized. The company will only officially confirm it plans to release Windows 7 before Windows Vista hits its third anniversary of broad availability in January. However, the software maker is widely seen as aiming to finish it soon enough for it to be on PCs that ship during this year's holiday shopping season.
When it hit the MSDN and TechNet sites last week, Microsoft faced a crush of demand and encountered glitches. We'll try to keep track of how things go this time around. Let us know if it works for you.
A Microsoft representative was not immediately available for comment.
During her years at CNET News, Ina Fried has changed beats several times, changed genders once, and covered both of the Pirates of Silicon Valley. These days, most of her attention is focused on Microsoft.