Vista: Secure but not perfect

Last week's disclosure of a zero-day vulnerability in Windows Vista doesn't put a lie to the claim that it's the safest Microsoft operating system so far, a company security manager has said.

"The finding of vulnerabilities in any software is to be expected," said Stephen Toulouse, senior product manager with Microsoft's security technology group, in a blog posting earlier this week. "This is all part of the process of creating complex software today, and no one is immune to it. It's not, as they say, big news to us in the security industry."

Proof-of-concept code for an unpatched bug in all supported versions of Windows, including Vista, went public last week, prompting warnings from security vendors who classified the flaw as a low or medium threat. Microsoft has said it was "closely monitoring" the situation, but has not released any additional information since Dec. 22.

Toulouse countered that the exploit doesn't invalidate Microsoft's contention that Vista is more secure than its predecessor, Windows XP. "This product [is] the most secure version of Windows we've produced to date. That doesn't mean 'zero vulnerabilities.' No one can claim that crown," he added.

He also predicted that users would see more vulnerabilities early in Vista's lifespan than in previous versions of Windows. "We're probably going to see a higher initial rate of reported vulnerabilities to us than with previous versions of our products, given the early view researchers have had into Vista," Toulouse said. "This is going to help make the product stronger before many of the threats against it have a chance to emerge."

Other Microsoft executives, including Jim Allchin, the soon-to-retire head of the Windows unit, and chief executive Steve Ballmer, have repeatedly said that Vista will prove to be the most secure Windows yet. Like Toulouse, Allchin also has noted that no software can be considered 100% safe.

Said Toulouse: "No one will ever get the software right 100% out of the gate."

Nintendo offers to replace Wii straps

Nintendo today offered to replace 3.2m of the straps fixed to the controllers on its new Wii computer games console.

The Japanese games giant made the costly move following a string of reports that damage was being caused by the wand-like controllers flying out of the grasp of gamers.

The wireless controllers, which mimic the motions of a tennis racket or sword depending on the game being played, have helped the £179 console become a top seller this Christmas.

However, there has been an increasing number of reports that controllers had flown out of the hands of overzealous players. Numerous players reported suffering injuries or accidentally throwing their controller at the person they were playing with.

Videos on YouTube show players suffering mishaps with the controllers - or "wiinjuries", as they have become known by some.

Nintendo today said it would allow customers to exchange the current straps for a thicker, more robust version on request. The old straps have a diameter of 0.6mm, and the new versions will be 1mm in diameter, Yasuhiro Minagawa, a company spokesman, said.

Games players have always been advised to use the strap. Today, however, the firm also issued new guidance on using the innovative controllers, warning people not to make "excessively rapid, violent or wide swinging motions" while using them.

It also advised gamers to stay at least one metre away from their televisions and ensure their hands were not "sweaty or wet".

"People tended to get a bit excited, especially while playing Wii sports, and in some cases the control would come loose from their hands," Mr Minagawa said. "The new strap will be almost twice as thick."

The pledge to replace the straps could cost Nintendo millions of pounds - a costly hitch in its three-way battle with Sony's PlayStation 3 and Microsoft's Xbox 360 in the "next generation" console market.

However, stories about Wii controllers crashing into television monitors have not had a negative impact on sales.

More than 300,000 of the machines have been sold in Europe, and the Wii sold out in less than 24 hours after going sale in the UK last week. US customers bought 476,000 Wiis in the two weeks following its release there on November 17.

Can You Really Trust Certified Sites?

Web sites that feature the TRUSTe security Relevant Products/Services certificate are two times more likely to contain badware than Web sites without any security certification, spyware and adware researcher Ben Edelman alleges in a new report.

Among others, adware providers Direct-revenue and Webhancer are using TRUSTe certificates in an attempt to look more trustworthy than they really are, Edelman claimed. Direct-revenue is facing legal action from the New York Attorney General for its adware software. Edelman alleged that Webhancer often is installed without the user's consent.

TRUSTe is a so-called certification authority, an independent organization that issues security certificates to Web sites. These certificates indicate that service adheres to certain privacy guidelines, allowing users to verify that they are on the Web site that they intended to visit.

The independent certificate authorities perform a background check to verify the identity of the Web site's operator and ensure compliance with the privacy standards. Web sites that meet the organization's criteria are allowed to display the TRUSTe logo on their Web site.

The perceived trustworthiness of a certified Web site makes such certificates an attractive target for Web sites pushing malware Relevant Products/Services and adware.

In his study, Edelman compared TRUSTe certified Web sites with a list of known malware sites from McAfee's Siteadvisor product, a service that black-lists Web sites containing spyware, spam, viruses and online scams.

Using a base sample of a 500,000 Web sites, Edelman determined the number of sites have TRUSTe certification and cross-checked those against the McAfee list. Edelman found that 5.4 per cent of the TRUSTe sites were considered untrustworthy. Only 2.5 per cent of the sites from the base sample were blacklisted in Siteadvisor.

Edelman alleges that TRUSTe has no incentive to properly verify compliance with privacy standards.

A Home Connected to the Internet

Imagine coming home and, with the push of a single button, turning on the lights, turning up the thermostat and flipping on the TV. Another button might shut off all the lights and turn down the thermostat when you leave.

Starting next month, Best Buy will sell a "ConnectedLife.Home" package that features a computer with software coordinating a high-definition TV, light switches, a thermostat and two remote cameras — all included in the $15,000 price tag.

The components talk to one another over the home's power lines and through a wireless network.

Controlling all this is a black Hewlett-Packard computer that looks as if it belongs on the rack with the rest of the stereo gear. Using Microsoft's Windows Media Center system, the PC will record shows and send them to any TV in the house, along with photos, music or home video. Third-party software called Lifeware lets the user control the lights and thermostat.

For another $19.95 a month, users can access the system over the Internet, so they can check on the house using the two video cameras or adjust the thermostat while on vacation.

Best Buy, the nation's largest consumer electronics retailer, is working with security companies to integrate the system with home security services.

Other appliances — like the laundry machine — also can be added. When clothes are done drying a message might flash on the TV screen, or the owner could set it to fluff until the TV show is over, said David Hemler, a company vice president.

The package, initially for sale through the company's website, won't require drilling holes into existing homes. The $15,000 price includes installation anywhere in the United States.

Hemler said Best Buy has avoided using proprietary devices to make sure they communicate well with one another, but he acknowledged that earlier attempts at networking more than just computers have left homeowners frustrated.

"People are right to have a healthy skepticism based on what the industry has delivered in the past," Hemler said.

Cost-cutting software targets small business

For a company that sells flame-resistant apparel to oil companies, Vetco International was having a tough time putting out its own fires.

For years the Orlando-based manufacturer had relied on a hodgepodge of software applications, including Microsoft Office Access, Microsoft Word and Intuit QuickBooks, to track its purchasing, accounting and warehousing activities. Vital business data were distributed among all the applications, few of which communicated easily with the others.

The result was that the 30 employees of Vetco (vetco-international.com) often misplaced product shipments, overlooked clients' requests for quotes and failed to invoice more than $4,000 worth of sales on a monthly basis.

"Not only was it embarrassing," says Jose Barrios, CIO of the $6-million-a-year company, "but our cash flow was restricted."

8 tiny companies that play big

Vetco decided to replace its software potpourri with an enterprise resource planning (ERP) system. ERP is a broad term for any software application that integrates (or tries to integrate) all your processes and data into a single unified system.

Once reserved for big corporations, ERP applications are gaining traction among entrepreneurs who need real-time insight into sales patterns, merchandise availability, cash flow and the like. More than a million small businesses worldwide implemented an ERP system last year, according to the Framingham, Mass., research firm IDC.

Yesterday's ERP systems carried seven-figure pricetags and required painful two-year deployments, not to mention battalions of expensive IT consultants to keep them up and running. Today's products can be deployed in a few weeks and are far less likely to crash. And the overall cost of ERP services has dropped 40 percent over the past five years, estimates Forrester Research analyst Ray Wang.

Microsoft (Charts), SAP (Charts), and Sage Software rank among the leading small-business ERP providers today. Each has different strengths and weaknesses, according to business owners and analysts. Microsoft provides strong analytic tools but can impose hidden costs. SAP delivers comprehensive ERP out of the box but can limit user flexibility. Sage allows clients to pick from an à la carte software menu, at the risk of integration headaches.

Vetco International

Barrios considered Microsoft's Dynamics GP but balked because the basic system couldn't handle core tasks such as answering customer quote requests. "Everything we wanted to do was an extra feature from another vendor," says Barrios, 39.

Instead, he picked SAP's Business One package. For an upfront price of $120,000 and annual maintenance fees of $8,000, Business One converts his quote requests into sales orders, generates purchase orders for suppliers, keeps tabs on shipments and invoices customers with a single mouse click.

But unlike Dynamics GP and Vetco's original accounting system, Intuit (Charts) QuickBooks, Business One doesn't allow users to delete financial transactions once they have been entered into the system. This feature came as a shock to the company's accountants, who suddenly found that they couldn't delete mistakes without the help of a network administrator. But for Barrios the feature is an unalloyed benefit. "Think Enron," he says. "Now we have traceability and accountability."

By replacing stacks of paperwork with a single piece of software running over a common database, Vetco was able to avoid hiring three additional workers to accommodate the company's growth over the past two years. That savings alone - roughly $126,000 a year, including bonuses and benefits - allowed Vetco to recoup its ERP investment after little more than a year of deployment.

Carrier & Gable

Another small firm, Carrier & Gable, posted similar savings by adopting Microsoft's ERP system. Carrier & Gable (carriergable.com) sells traffic lights, street signs and other road safety products. Based in Farmington Hills, Mich., the firm has 30 employees and nearly $25 million in annual revenues.

Carrier & Gable produces customizable kits made up of parts from multiple suppliers: A streetlight kit, for example, would include poles, lights, wires to connect the lights and so forth. But because the company's old IBM (Charts) accounting software couldn't itemize the component costs of each kit, Carrier & Gable couldn't tell which components were more popular and had little idea how much gross profit (revenue minus component costs) it was earning on each kit sale.

How to play big

Over the years, Carrier & Gable hired consultants to generate detailed reports that calculated the gross profit generated by each kit. The consultants charged $25,000 a year for these reports. But their estimates were often off by $100,000 a month, mistakes that the company could catch only by comparing the reports with its monthly income statements.

In 2003, Carrier & Gable plunked down $105,000 to license a Microsoft ERP product called Dynamics NAV. CFO Ken Zavela, 53, liked the familiar Microsoft interface. And because he was used to programs that require plug-ins from outside vendors, he wasn't intimidated by the prospect of having to buy extra software.

Microsoft Dynamics NAV allows Carrier & Gable to create sales reports that calculate component costs and gross profit from each kit sale to "within a penny or two," says Zavela. That insight allowed the company to eliminate $100,000 worth of slow-moving components that were costing it $5,000 in annual warehousing fees. As a result Carrier & Gable recouped its ERP investment within two years of deployment.

Horizon Spa & Pool Parts

In Tucson, Horizon Spa & Pool Parts opted for a Web of Sage ERP applications: Sage Pro ERP for book-keeping, Sage Accpac CRM to manage merchandise returns and Sage Accpac Warehouse Management System for inventory.

Horizon (horizonspaparts.com) spent about $250,000 in licensing and implementation fees. Annual maintenance charges total $30,000, not cheap for a company with less than $15 million in annual revenues. And the applications run on separate databases.

But the system organizes nearly every aspect of Horizon's business. Six salespeople log over 600 orders a day. The system staggers order flow so that warehouse workers are no longer inundated with orders at the end of each day. Horizon now knows exactly what items are in stock and where to find each one. Warehouse errors are down 50 percent, says Horizon GM Raymond Thibault. And Horizon saved $358,000 in labor costs over the first two years - more than enough to cover its ERP investment.

New Blogger Anyone?

Google upgraded its Blogger service from the beta that had been in place. The new Blogger is still only available to a select user group, with Google planning to make the upgraded version generally available in the future.

Now, though, "New Blogger" -- as the application is called -- is only available to users that log in via a Google account. Other bloggers can still access the application through "Old Blogger."

In general, the changes implemented smooth the user experience with new tools, such as better drag-and-drop capabilities, the ability to tag posts with keywords -- as users can in Gmail -- and new support for RSS 2.0 and Atom 1.0.

There are new security Stop spam, spyware and viruses with Barracuda Networks' free evaluation unit. upgrades to the service that give users more options to restrict visitors -- catching up with many competing blogging applications. Also, Google said the new changes work better with its other services, such as AdWords.

Tying It Together

It is understandable that Google would link Blogger to other products in its platform, Charles King, principal of Pund-IT Research said. "It increases the quality of other Google applications as well as the Google brand," he told TechNewsWorld.

Linking Blogger upgrades to Google e-mail Email Marketing Software - Free Demo accounts should also increase Google's traction in the blogsphere -- not that Google is in serious need of exposure, he added. "If the only way to get the new features is to become a Gmail user -- which is free -- more people will sign up just for that reason," he explained.

The Beginning of the End?

Google is rolling out its upgraded application amidst speculation that blogging is about to peak as a pastime. Gartner recently predicted that 2007 would be the year that blogging begins to level out with about 100 million blogs remaining active. Thus far, the consulting firm noted, some 200 million bloggers have discontinued or abandoned their Web journals.

Few, though, expect to see blogging disappear completely anytime soon. "Blogging is a strange phenomena," King said. "Its popularity is undeniable, but where it sits in the marketplace and among consumers is unclear."

Indeed, blogs are as diverse as their writers, focusing on just about any subject imaginable for any motive possible. Political blogs, for instance, have been credited with playing significant roles in the past two election cycles. Corporates blogs are becoming popular, as well. Then there are the countless individual blogs that have gained a significant readership.

This diffuse model is another reason for Google to link Blogger to its larger platform, King claimed. "It is smart to link its incremental improvements to its other services rather than emphasizing it as a stand-alone value point."