Volume 10, Issue 16 Atari Online News, Etc. April 18, 2008 Published and Copyright (c) 1999 - 2008 All Rights Reserved Atari Online News, Etc. A-ONE Online Magazine Dana P. Jacobson, Publisher/Managing Editor Joseph Mirando, Managing Editor Rob Mahlert, Associate Editor Atari Online News, Etc. Staff Dana P. Jacobson -- Editor Joe Mirando -- "People Are Talking" Michael Burkley -- "Unabashed Atariophile" Albert Dayes -- "CC: Classic Chips" Rob Mahlert -- Web site Thomas J. Andrews -- "Keeper of the Flame" With Contributions by: To subscribe to A-ONE, change e-mail addresses, or unsubscribe, log on to our website at: www.atarinews.org and click on "Subscriptions". OR subscribe to A-ONE by sending a message to: dpj@atarinews.org and your address will be added to the distribution list. To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE Please make sure that you include the same address that you used to subscribe from. To download A-ONE, set your browser bookmarks to one of the following sites: http://people.delphiforums.com/dpj/a-one.htm Now available: http://www.atarinews.org Visit the Atari Advantage Forum on Delphi! http://forums.delphiforums.com/atari/ =~=~=~= A-ONE #1016 04/18/08 ~ Mac Has Been Cloned! ~ People Are Talking! ~ Drive Against Abuse! ~ Fake Subpoenas Phish! ~ Repeat Password Peril! ~ Cyberterrorism Myth? ~ EO Subpoena Scam Back! ~ Red Hat Skips Desktop! ~ Brazil Bans 'Bully'! ~ PayPal: No Old Browser ~ Users Fight To Save XP ~ "Albany" Is Tested! -* Infected USB Devices On Rise *- -* Ballmer: Vista Is A Work in Progress *- -* Do A Cloud Scan for Malware and Get Prize! *- =~=~=~= ->From the Editor's Keyboard "Saying it like it is!" """""""""""""""""""""""""" It's getting to look and feel like Spring more and more each day. It's a great time of the year, as far as I'm concerned. I've finally had some nice weather this week to get out in the yard and finish up my fall cleaning, interrupted by early snowfalls this past winter. Just a little left to clean up - very little. The lawn received its first "conditioning" treatment for the year, and now I need to add some fertilizer and throw down some seed. Some of our perennials have started to sprout - always a good sign! I even got out another day to play some golf with some friends, taking our golf on the road. A good day. And, I put in my first day back on the job at the local golf course. Now maybe I'll be able to afford a gallon or two of gasoline at these rapidly-rising prices! I know that Joe has mentioned it several times over the past few years, but it warrants repeating. The Spring season is like a rejuvenation of the area - a time for many things to come back to life after a long winter's dormancy. Sane can be said for people. Personally, this great weather is what I've been needing to get myself out of a long mental hibernation of sorts. It's great to get outdoors again, and getting things done! And then begin to see how things continue to improve over time. So, as I manage to work out some sore muscled that seem to atrophy over the winter months, I'll leave you all to enjoy the nice weather and another issue of A-ONE at the same time. Life doesn't get much better than that! Until next time... =~=~=~= PEOPLE ARE TALKING compiled by Joe Mirando joe@atarinews.org Hidi ho friends and neighbors. Another week has come and gone, and we're finally starting to see real signs of spring here in the northeast. Being a relatively new homeowner, I've got plenty to do to make sure that my yard and lawn is up to snuff in the neighborhood. My big disappointment is that my red maple tree in the back yard seems to be dying. It's probably on the order of 60 years old, and... well, I guess you'd say its a medium sized tree. It stands about 25 feet tall, and the trunk is about eight inches or so in diameter. They grow slowly, from what I've been told, and are evidently subject to some sort of disease or blight. When we bought the house, this tree was my favorite thing about the property. The leaves were a bright bright red, and the tree was full and healthy looking. Last fall, I had to prune some of the dead branches off, and I'd hoped that that would be the end of that. Well, it doesn't look like that's the way it's going to go. When I got finished cutting the dead branches, the poor tree looked like a giant bonsai. I'm not kidding. "Well," I figured, "maybe that'll be all I need to do, and it'll come back healthy and happy next year." No. Unfortunately, it seems that more branches are dying, and fully half of what's left of the tree is going to need hacking off. I'll do it, of course, and hope that my poor beautiful tree bounces back and appreciates my attention and worry. I'll keep you posted, as I know that you'll be waiting breathlessly to hear what happens next. [grin] Meanwhile, in the Atari world, there's not much going on, really. But for a platform that hasn't produced a computer in 15 years, that's to be expected. I'm actually kind of surprised that there's as much news as there is... new desktops, an updated BASIC, new work-alike machines, emulators, and add-ons like USB ports and flash drives... it's all a testament to the users, who found a platform they liked and decided to stick with it, and the developers who put their talent and time into products that there isn't a huge market for. Programming and hardware engineering are areas where I have no talent, so I stand in awe of them for their skill and dedication. For me, my Atari ST computers were... unique. They were even unique from one another. They each had their own personalities, along with their own shortcomings. But shortcomings aren't always bad things. NOT being able to something in a particular way often leads to finding other ways to get it done. Remember getting the old ST connected to the internet? Even something as simple as showing JPEG pictures was a challenge for a while there. Today, I've got a couple of spiffy computers that get daily use... a 3 GHz desktop and a 2.8 GHz laptop. The thought of clock speeds like that was once a pipe dream. Who would have ever thought that our speed demon 8 MHz STs with their whopping 1 Meg of memory and built-in operating system would one day be a relic and that an MP3 player the size of a money clip would have not only a hundred times the storage space, but a hundred times the computing power (as far as clock speeds go)? Not I. I remember being told by my friendly neighborhood Atari dealer when I bought my first hard drive that I was crazy. "No one will ever need SIXTY MEGABYTES of storage!" Yeah, well, that was before the advent of MP3s and AVIs and broadband this and true-color that. These days, you need high-powered everything in order to just tread water. Just take a look at the requirements for Windows Vista. I still fire up my STE, STacy and TT030 from time to time, and I've got to confess that the STacy (with Rainbow TOS) is my favorite.. Oh, the STE is faster and has some nice features added, and the TT is a LOT faster, and has even more added features, but the STacy is pretty much an original ST in all the ways that count. My wife (who sees no need to use computers... thankfully), laughs at me because when I sit down in front of one of my Ataris, I relax. I don't sit there and swear about it taking so long to load something or the lack of colors, resolution or whatever... I just relax and let 'the old days' wash over me. Damn, it's good to be home. Okay, let's get to the news, hints, tips and info from the UseNet. From the comp.sys.atari.st NewsGroup ==================================== Last week, 'Piotrek' asked about large partitions for TOS and MiNT: "On the TOS system I used HDDriver and I made partitions, 8 partitions (BGM), one LNX for Mint system and the last for Magic F32 partitions." 'Ggnkua' asks Piotrek: "Ok, but on what system can you not see all the partitions? Or is that for all of them? When you made the 1gb partitions, how many mb did you typed? From my personal experience, 1gb is 1023mb in hddriver, NOT 1024. 1024 will cross some limits. (although my system is partitioned with 2gb -2047mb- bgm partitions, working fine)." Piotek replies: "I can not see on MiNT system, This is a LNX partition (In HDDriver I made 8GB partition but on MiNT it see only half (4 GB)). I typed 1000 MB And I have not any problem with this partitions in TOS and other systems." 'MiKRO' tells Piotrek: "you still didn't tell us _where_ you see these numbers... teradesk? jinnee? bash + df?" Piotrek explains: "I see this capacity of partitions under MiNT + Thing" MiKRO tells Piotrek: "Try to start toswin2, bash shell and type "df"... you'll see the real capacity... I don't use thing but if I remember correctly it has problems with >2 GB files and >4 GB partitions..." With this information under his hat, Piotrek fires up TOSWin2 and uses the df command (use df -h, by the way, to get results in 'human' format) and tells us: "Yes, you had it right, toswin and another desktop like Jinnee show the correct capacity. Thanks a lot!" 'Phantomm' asks about the CPU in the STE: "Did all 1040STe Computers have the Square 68000 chip? And is there an adapter board that will allow hardware boards produced for the long 68000 chip in older STs to connect to the 1040STe 68000 square socket? If so, anyone know where I might locate one?" Dave Wade tells Phantomm: "As far as I know. Yes. The only differences I know of between STEs is that some had SIMM memory and other SIPP depending on availability at the time of manufacture... I don't think there is room under the shields [for add-ons]. I think also the leads would need to be reasonably short..." [EDITOR'S NOTE: Not all STEs were fitted with socketed CPUs. I had one that I wanted to add FaSTech's accelerator to, and it turned out that the chip was soldered directly to the motherboard. I sent it to Jim Allen to have him desolder the chip and replace it with a socketed one so that I could use his accelerator with it... he evidently still has that machine. Guillaume Tello asks about an Atari Hard Disk Controller: "I have the Atari's 'HARD DISK CONTROLLER C103561-001 REV.3'. On what machine can it be used? What are the 3 dip switches for?" Jo Even Skarstein tells Guillaume: "I'm 99% sure that this is a Stacy/MSTE SCSI adapter. It will plug straight into a Stacy or MSTE, and can be used on all machines with a ACSI connector if you fabricate a cable. [The three dip switches are] To set the card's ACSI ID. Be aware that there are several restrictions on this card: - Does not have parity, so the SCSI drive must be able to work without. - Only one SCSI unit can be connected, this must have SCSI ID 0. - Can not access more than 1Gb. - SCSI is not buffered, so you must use short cables and NOT terminate the SCSI drive. Most of these limitations can be worked around by hacking the hardware, but in my opinion it's easier to buy a better adapter." Guillaume now asks about the software for his ICD SCSI adapter: "I have the ICD Link 2, but the guy who sold it to me has only Disk2, and not the disk1! Where can I find it?" Ronald Hall asks Guillaume: "Do you have HDDriver? It works perfectly with it, and is much better software. Its what I use with mine." Guillaume tells Ronald: "I'd like to use it with a CD-Rom + ZIP. Which version of HD driver works with it?" Ronald replies: "I'm currently using v8.15, I believe. It works fine with my setup, Hard drives, CD-ROMs, EZ135 removable, etc. I think you'll still have to have CD-ROM software, and I'd highly recommend Anoydyne Software's ExtenDOS PRO. Read what Uwe said though, he's da man." As if on queue, Uwe Seimet, author of HD Driver, jumps in and posts: "Any more or less recent version works, but you need a CD-ROM driver, e.g. ExtenDOS pro, in order to access the CD-ROM." I usually don't like to use single messages in this column, because they lack the question-and-answer format that makes the journey of learning fun, but this one's just got to get put in. Joakim Högberg posts this about AtarICQ: "Hi all, I had originally planned to wait until this summers NAS (www.sak.nu/ nas/) before releasing a new version av AtarICQ. However, after a rather hard hitting bug was recently discovered and fixed I instead decided to get a new release out as soon as possible. The biggest noticeable addition to aICQ 0.172 is the ability to view GIF images as background in the contact list. This was made possible through a cooperation with PeP, who has been kind enough to supply a very, very nice OVL that decodes and processes the GIF data. Cheers for that! A somewhat thorough complete list of changes: * Implemented support for loading graphics via external load modules in form of dedicated overlays. (Look into the preferences dialog to set this feature up properly) * Caching of background images implemented. By default AtarICQ will use a subdir (/cache) in its own work directory for storing the data. To change this, you need to tweak the cache dir within preferences dialog. * After loading the GFXGIF.OVL the CPU cache will now be flushed before the client calls any functions within the OVL. Applies also to aicq.ovl! * When put in compact mode (F10) the contact list will now use the native sliders of the AES, including a SIZER widget. * Clicking the CLOSER widget on contact list while holding ALT-key, will trigger aICQ to remove the window TITLE. * More optimized redraws of the TABs, resulting in much less flickering when toggling between open TABs. * Cookie jar is now read utilizing Ssystem() under MiNT. Under TOS/ MagiC, the old method is still used. * Under large gfx resolutions the scrollback setting could easily be defaulting to a much too small value, in case the message window height was increased. A check for this is now added after reading the config file. This problem could be noticed as a very serious scrolling problem, causing aICQ to lock up pretty good. * In case COLOR_SELECT is not specified in the environment, AtarICQ looks if COLSEL.PRG is present in its workdir. (This prg is included in the zip file as of the 0.172 release) Find the new release on the official AtarICQ website: http://www.ataricq.org/ Enjoy the new AtarICQ, and please share any thoughts on the new release with me either here or on the AtarICQ webforum at: http://www.atariforums.com/list.php?25" Well folks, that's it for this week. Tune in next time around and see what's cookin' in the Atari world. Until then, keep your eyes on the horizon, your ear to the ground, your back to the wall and your shoulder to the wheel. And always, ALWAYS keep listening so you'll know what they're saying when... PEOPLE ARE TALKING =~=~=~= ->In This Week's Gaming Section - Brazil Judge Bans 'Bully'! """"""""""""""""""""""""""""" =~=~=~= ->A-ONE's Game Console Industry News - The Latest Gaming News! """""""""""""""""""""""""""""""""" Brazil Judge Bans Video Game 'Bully' "Bully" has taken a beating in Brazil, where a judge suspended sales of the video game on the grounds it is too violent for young children and teenagers, a prosecutor said Thursday. Judge Flavio Rabello prohibited the game from being imported, distributed, sold or promoted on Web sites or in stores in Latin America's largest nation, said Rio Grande do Sul state prosecutor Alcindo Bastos. Companies have 30 days to comply with the judge's order. Bastos said the judge found the game was inappropriate for children. "The aggravating factor is that everything in the game takes place inside a school," Bastos said. "That is not acceptable." Made by Rockstar Games and mainly distributed in Brazil by JPF Maggazine, the game lets players act out the life of a 15-year-old student and decide how to deal with teachers and cliques at a boarding school. A local youth support center had requested the ban. "We have not been notified of the judge's decision," JPF Maggazine's attorney Diogo Dias Teixeira said. "When we are, we will decide if we will appeal." He said the company advised retailers not to sell the game to anyone under the age of 18. A spokesman for Rockstar was unaware of the ban and could not immediately comment Thursday. Rockstar, a unit of New York-based Take-Two Interactive Software Inc., is known for "Manhunt 2," in which players fight violently to escape from a psychiatric institution, and for the popular "Grand Theft Auto" game series, in which players can hijack cars and run down pedestrians. Bully is rated "T" for teenagers age 13 and older in the U.S., not of "M" for mature players 17 and older. It launched in October 2006 in the U.S. for Sony Corp.'s PlayStation 2 gaming console. In March, it became available for Microsoft Corp.'s Xbox 360 and Nintendo Co.'s Wii, according to the Rockstar Web site for the game. =~=~=~= A-ONE's Headline News The Latest in Computer Technology News Compiled by: Dana P. Jacobson Psystar Offers a Mac Clone, OpenMac, for $399 Move over Mac. You've been cloned, or at least a company called Psystar says you have. Psystar claims to be "reinventing the wheel" with what it calls an OpenMac - for $399. "Mac enthusiasts have been experimenting with running the new Apple operating systems on commodity PC hardware ever since the Intel-based Apple computers were introduced in early 2006," the company's Web site said. "Psystar has assembled a system that is completely operational with Leopard [Mac OS X 10.5] called OpenMac." Psystar tapped into efforts known as the OSx86 Project. The project's goals of running OS X on a PC have been realized. Even the latest releases of OS X can now run on PC hardware, Psystar said, but compatibility can be an issue. OpenMac seeks to solve that issue. Psystar calls it OpenMac to "reflect the opening of what has previously been a hardware monopoly." Apple could not immediately be reached for comment, and the Psystar site went down Monday in the wake of overwhelming traffic loads. But cached pages reveal the particulars of the OpenMac, which is built from standard PC parts, according to the company. Mac OS X compatibility is reportedly achieved through an EFI emulator. The OpenMac offers a 2.2-GHz Intel Core 2 Duo processor with 2GB of DDR2 667 memory and integrated Intel GMA 950 graphics. It also boasts a 20x DVD+/-R drive, four USB ports and a 250GB, 7200-RPM drive. The closest machine Apple offers is the Mac mini, but the specs are not the same. The mini sports a 1.83-GHz or 2.0-GHz Intel Core 2 Duo processor with an integrated Intel GMA 950 graphics processor. It offers 1GB of DDR2 667, though it can support 2GB. The mini sells for $599. Of course, Apple's machine comes with iLife, Microsoft Office 2004 for Mac Test Drive, a 30-day trial of iWork and Front Row, as well as other standard applications. The clone doesn't offer those extras. Richard Shim, an analyst at IDC, was surprised to see a clone on the market. So far as he knows, Psystar did not get licensing rights from Apple and, unless something drastically has changed at Apple headquarters, he doesn't expect Apple to grant them. "A Mac at $399 would likely do very well, but I think it's a space that Apple has consciously decided not to go into," Shim said. "Apple tested the waters with the Mac mini and obviously the company hasn't dived further into that area." Apple has been bitten by cheap clones before. However, it hasn't changed the company's strategy, Shim said. It seems Apple is content with successfully deploying its strategy, he said, which is targeting products at specific markets at steady price points. "This could be a good way to test the interest in a lower-priced Mac," Shim said, "but they would would really need Apple to say this is a legit product and we're not going to sue the pants off of them." Psystar Says Apple Can't Stop Mac Clone Sales Psystar, an independent systems vendor that sells hardware solutions to the enterprise, created waves Monday with the announcement that it is selling a Mac clone capable of running Apple's Leopard operating system. Originally billed as OpenMac, the company quickly changed the name to Open Computer, presumably in response to a call from Apple's lawyers reminding Psystar that "Mac" is a trademark. Psystar says it is offering a "smart alternative to Apple." According to the Open Computer page on its Web site, "The Open Computer is a PC that works just like a Mac with Apple's latest operating system OS X 10.5 a.k.a. Leopard. With the Open Computer you can run OS X natively as if you had purchased an expensive Apple computer except that, while paying less, you receive more." Psystar's base configuration sells for $399, compared to $599 for the slowest Mac mini from Apple. The company says its PC features a faster processor than any Mac mini model, 2GB of RAM, a 250GB hard drive that can be upgraded to 400GB, and an optional high-performance nVidia GeForce 8600 card. "You can buy it in black without paying more," the site adds. But a larger issue is whether Psystar can sell hardware running Leopard in violation of Apple's end-user license agreement, which prohibits installation of Mac OS X on computers that are not "Apple-labeled." A Psystar employee told InformationWeek that Apple's prohibitive end-user license agreement (EULA) is "monopolistic" - and said the company will fight for the right to sell its clone. "We're not breaking any laws," the employee, who identified himself only as Robert, said. "What if Microsoft said you could only install Windows on Dell computers? What if Honda said that, after you buy their car, you could only drive it on the roads they said you could?" While such comments do not have the imprimatur of deep legal thinking, they do actually raise "an interesting question," intellectual-property attorney Denise Howell wrote in an e-mail. Apple's EULA "might raise restraint of trade concerns," she said. "Can a license go so far as to restrict the permissible hardware? Seems like Apple must have been down this road before, though I can't recall an example," Howell said. "A provision like this might also be vulnerable to a claim that it's unconscionable or against public policy, though making such a showing is an uphill battle." Psystar also railed against Apple's margins. "They're charging an 80 percent markup on hardware," Robert told InformationWeek. Legally, it's not clear whether EULAs are enforceable. Federal law gives software publishers an exemption from the first-sale doctrine, which limits copyright actions to the initial sale of the product. The federal law makes renting and lending software a copyright violation, except for libraries and schools. In discussing that law in the case of Step-Saver v. Wise Technologies, the Third Circuit Court of Appeals noted that "a purchaser of a copy of a copyrighted computer program may still sell his copy to another without the consent of the copyright holder." In a 2001 case, SoftMan v. Adobe Systems, a federal district court in California held that the distinction between sale and license is anachronistic: "Software is sold, not licensed," the court held. There is something of a split of authority on the question of EULAs, and the Supreme Court has never ruled on the issue. Assuming Apple sues to stop sales of the Open Computer - and Psystar has the financial wherewithal to see the case through the appeals process - the Open Computer could define how far software companies can go in limiting use and resale of their products. Microsoft Confirms Testing of 'Albany' Low-Cost Office Suite Microsoft on Friday confirmed it is planning to release a subscription-based "value box" of low-end productivity software code-named Albany, and has sent an early version of the product to thousands of beta participants for private testing. News surfaced last month that Microsoft was planning the suite - a combination of Office Home and Student 2007; Office Live Workspaces; Windows Live Mail, Messenger, and Photos client software; and Windows Live OneCare - to compete with Google Docs and other free or low-cost productivity suites available in the consumer market. Microsoft late last month sent out select invitations to test Albany, asking people to sign nondisclosure agreements just to sign up for the test, sources close to the company said at the time. However, Microsoft Product Manager Bryson Gordon said that Albany - which the company internally had called a "value box" of software - isn't simply a productivity play. "The free applications online address one portion of this," he said. Albany goes beyond that and provides what consumers have told Microsoft are the "essential" products they use on a computer, Gordon said. "It extends both into the security value proposition and extends into the category of helping people connect and share with others," he said. In addition to Word, Excel, and PowerPoint applications found in Office, a plug-in for Office Live Workspaces in Albany will give customers the ability to store and share documents online from directly within the Office interface. Albany also covers basic PC security needs with Windows Live OneCare, Microsoft's service that includes firewall and antivirus protection, as well as basic consumer e-mail, instant-messaging and photo-sharing needs with the Windows Live software. Albany suggests that Microsoft recognizes it must differentiate Office from less costly or even free software such as Google Docs or IBM's Symphony. These suites threaten to commiditize the consumer market for productivity software, where low-end versions of Office, for now, remain prevalent. While people can separately purchase or download all of the products that will be a part of Albany, a key feature of the package will be that it provides for unified installation instead of customers having to install all of the offerings separately. "We don't want them to go through a cumbersome process to set this up," Gordon said. Albany also will feature a "welcome" window that shows customers all of the features and offerings in the suite and from which customers can begin using the software, he said. Microsoft has not set pricing for Albany yet, saying only that it will be sold on a subscription basis. Whether that subscription will be monthly or yearly also has yet to be determined. Moreover, the company is still deciding through which channels Albany will be sold, although sources close to the company previously said retail outlets such as Best Buy would be among places people could purchase it. Gordon said Microsoft is not planning a public beta for Albany, which it expects to release before the end of the year. The company will use the feedback from the private beta to come up with a final version of the product. Red Hat Skips Consumer Linux Desktop Red Hat has no plans to create a traditional desktop product for the consumer market, but will continue to place its bets on a desktop for commercial markets. "We are focused on infrastructure software for the enterprise market, and to that market we are offering the Red Hat Enterprise Linux Desktop," said Michael Chen, vice-president of corporate marketing at Red Hat. "You need a different support ecosystem and applications for the consumer desktop," Chen added. Among the company's desktop goals for 2008 and 2009 is to ensure that its desktop products complement its server and middleware products, Red Hat said in a company blog post Wednesday. Red Hat's strategy is similar to that of Novell, which is currently focusing on Linux for enterprise desktops. The market for Suse Linux on the consumer desktop is taking time to develop, and the market for the desktop for the next three to five years is mainly enterprise-related, Novell President and CEO Ronald Hovsepian said Wednesday. Red Hat said that the Red Hat Global Desktop (RHGD), originally announced last year, was delayed because of business issues, although Red Hat had hoped to deliver RGHD in a few months, it said in the post. The RGHD is designed exclusively for small, reseller supplied, deployments in emerging markets, like Brazil, Russia, India, and China, and will be supplied by a number of Intel channel partners, the blog entry said. In a reference to Microsoft, Red Hat said that the desktop market suffers from having one dominant vendor, and some people still perceive that today's Linux desktops simply don't provide a practical alternative. However, a growing number of technically savvy users and companies have discovered that today's Linux desktop is indeed a practical alternative, it added. "Building a sustainable business around the Linux desktop is tough, and history is littered with example efforts that have either failed outright, are stalled or are run as charities," according to the post. But there's good news too. Technical developments that have become available over the past year or two are accelerating the spread of the Linux desktop, it added. Ballmer: Vista Is 'A Work in Progress' As PC users clamor for Microsoft to continue to support Windows XP, company CEO Steve Ballmer called the Vista OS "a work in progress" at an annual Seattle event on Thursday. "It's a very important piece of work. We did a lot of things right and have a lot of things we need to learn from. You never want to let five years go between releases," he said. While Microsoft recently extended the date when the XP software will be available for low-cost PCs, it doesn't plan to listen to some other complaints, including that Vista is too big. "Vista is bigger than XP, and it's gonna stay bigger than XP," Ballmer said. "We have to make sure it doesn't get bigger still." During the lively session, peppered with flag waving by a rowdy group of Canadians, hoots, and applause, Ballmer spoke about a few other key areas that the company will focused on in the near future. "It's virtualization time for Microsoft," he said. "We're gonna make sure we democratize virtualization." Probably less than 5 percent of servers in the world are virtualized today, he said. "It's too darn expensive and too hard to manage. We intend to take major strides around addressing both of those." He also said to expect more work from Microsoft in the search market. "There's an opportunity to knock the socks off in terms of innovation," he said. Once Microsoft introduces some blog services later this year, Ballmer intends to ask its MVPs (Most Valuable Professionals) to switch their default searches to Live Search for one week. After that week, he'll ask for their feedback about what they liked and what they didn't, as part of a broad effort to improve Microsoft's third-place standing in the search market. Another key area for the future of Microsoft is services. Overall, the use of hosted services worldwide is small, but Ballmer expects that in two to three years there will be an inflection point after which millions of people will use hosted services, he said. There are 4,000 Microsoft MVPs around the world, and nearly 1,800 of them gathered in Seattle this week for an annual summit. MVPs are technology experts who provide feedback to Microsoft about its products - Ballmer said they are his favorite group to address. The topics Ballmer tackled during his talk were sometimes similar, but much broader compared to the big issue that he, Bill Gates and Paul Allen, Microsoft's founders, discussed while beginning to develop software at Harvard University. "Our strategy and mission have expanded," Ballmer said. In the very beginning, year after year, Allen would approach Gates with the idea to start building computers. And each time Gates sagely said, 'No, Paul, we're not hardware guys,'" Ballmer said. "We're on that same strategy 30 years later ... but we do have an expansive vision." Infected USB Devices on the Rise You can plug lots of handy items into your computer's USB port, from mobile storage devices to printers. If you're not careful, you can also plug in a piece of malware, as well. That threat is growing rapidly: One USB-borne piece of malware known as INF/Autorun has been at the top of the threat charts two months in a row. USB-equipped devices are a convenience particularly to mobile workers, but they are also a growing threat because of the way computers inherently trust them, according to Randy Abrams, director of technical education at ESET, a maker of security software. "When you plug a USB device into a computer, in order to make the consumer experience better and easier, Microsoft [operating systems] will automatically run programs," he told us. "It should start the install automatically so the customer doesn't have to know anything to get the program installed." That's a danger, he said, because the autorun feature is "completely blind" to the programs it runs. "So I can put bad programs on CDs and USB devices, and as soon as you plug them in, it's going to automatically install that bad software." The autorun feature may be a convenience for customers, but for security experts it's anathema, Abrams said. "Microsoft's own security experts say that autorun is a bad thing," and he should know - he worked for the Redmond giant for a dozen years, nearly half of them spent making sure that the company didn't release any infected software. "I'm not a Microsoft hater, but this is just a completely insane feature," he said. "It's like the customers are in a hockey game, and what Microsoft has done is remove the customer's offensive line and defensive line. The customer is like the goalie, so Microsoft has taken off the goalie's safety equipment, put extra pucks on the ice, and told the opposing team to have fun." Abrams cited a litany of USB-related infections, old and new. McDonalds in Japan gave away malware-ridden MP3 players. Global companies sold infected picture frames, GPS systems, and video iPods. Just a week ago, HP shipped infected USB keys with its ProLiant servers. "Autorun is an easy way to exploit a system vulnerability because it's not going to be patched, since Microsoft calls it a feature," he said. It's easy to assume that the malware-laden devices were infected deliberately but, as Abrams joked, "Never blame on malice that which is easily explained by incompetence." He said that as manufacturing systems increasingly are connected to the Internet, formerly isolated computers now can get infected and then become digital Typhoid Marys. "If you're making video iPods and you want to take one out of every 20 off the assembly line and plug it into a PC to test it, if that PC has been on the Internet and has been infected, it can transfer that infection to the iPod," Abrams said. "Ironically, the few units you do quality control on are the only ones that are infected." Abrams said that mitigating the risks of INF/autorun and its ilk won't be easy. High-quality antivirus software that's kept up to date will help. Another measure is to not plug in a USB drive while using administrative privileges, which won't prevent infection, but will decrease the damage an infection can do. The best bet is to disable autorun, "which Microsoft makes as difficult as possible," he said, forcing users to make several Registry edits. That measure, he said, will give you "a fighting chance" against malware on the USB device. Do a Cloud Scan for Malware and Try for a Prize Is your PC infected with malware? Panda Security says it is, and they're putting their money where their mouth is. Submit to their free online scan and be found totally malware-free, and your company could bring in a cool $7,500. Or, if you're a consumer and you clear the scan, you might win an iPod nano. Sound too good to be true? I took the challenge and, unfortunately, I brought home no iPod trophy. Happily nothing serious was located, but the scan did locate more than 100 tracking cookies I thought I had already deleted. (There are two scan options: one takes a few minutes, the other a few hours.) The bigger point, though, is that "malware" can have a fairly broad definition. Ryan Sherstobitoff, who serves as Panda Security's chief corporate evangelist, told us that the free scan offering, ActiveScan 2.0, came about after the company noticed the extent to which consumers and small businesses were infected with malware major and minor. The company did what Sherstobitoff calls "alarming research" on 1.5 million PCs. "We found that 23 percent had active malware even though they had paid money to be protected against these types of threats" to well-known antivirus vendors. "According to our data, it's quite likely that someone's going to be infected with something that's currently undetected by current software." While the cookies found on my machine might be minor issues, Sherstobitoff said more troubling issues are increasingly common. "Forty percent of what we're seeing now is 'banker Trojans,'" he said, where "consumers interacting with their banks have a high chance of having their credentials stolen and becoming victims of identity theft because their antivirus solution wasn't able to see that they were at very serious risk." Sherstobitoff is confident in Panda's ability to uncover a greater range of vulnerabilities because the company works in a very different way than its competitors. "We're using a platform hosted within cloud, like delivering software as a service," he said. That enables the company to look for some 3.5 million virus signatures during the scan, he said, as compared to the roughly half-million signatures from other vendors. Being hosted in the cloud helps take away one of the big pain points that those of us with already-struggling system resources have: It doesn't require users to regularly download more and more signature files. "The main problem with traditional antivirus is that all the scanners are incorporating the detection intelligence locally on a person's PC rather than in the cloud. It takes minimal resources while referencing information in the cloud to form a scan." Sherstobitoff noted that even the company's enterprise edition is hosted in the cloud. "We're benefiting from community knowledge," he said. "If someone gets hit with a brand-new piece of malware and no one's ever seen it in the industry, we have the capability of taking information about that threat and sending it back to cloud, and later on providing that information immediately to any other consumer connected," a process that could occur "within minutes." So take the Panda challenge when you've got some time to spare. It could put some money in the bank, and at the very worst will let you know how well your antivirus software is performing. Fake Subpoenas Drive the Latest Phishing Attack The SANS Internet Storm Center on Monday issued a warning to CEOs: don't be fooled by fake federal subpoenas sent by e-mail. The fake e-mails are part of a phishing attack targeting CEOs of some companies. Such targeted attacks are widely known as spear-phishing attacks. "We've gotten a few reports that some CEOs have received what purports to be a federal subpoena via e-mail ordering their testimony in a case. It then asks them to click a link and download the case history and associated information," said John Bambenek, a security researcher at the University of Illinois at Urbana-Champaign and Internet Storm Center handler, in an online post. "One problem," he continued, "it's total bogus." Bambenek described the attack as a "click-the-link-for-malware" typical spammer stunt. His immediate advice: First and foremost, don't click on such links. An interesting component of this scam, he said, is that it properly identifies CEOs and sends e-mail directly. Federal courts do not "serve" formal processes by e-mail. While there is an Electronic Case Management System, the initial contact for a subpoena, lawsuit or other process is done the old fashioned way - hand delivery. "Presumably, if you did already get served, you would have a lawyer handling the case for you. In that instance, the lawyer, not you, would be getting electronic notices from the court after service has been handled," Bambenek said. Cyveillance President and CEO Panos Anastassiadis was one of the corporate chiefs targeted. The e-mail instructed Anastassiadis to appear in a U.S. courthouse on May 7, and provided a link to download the subpoena. The Web page says the case has been closed and no further action is required from the visitor. However, clicking on the link will not only load the page, but also download a Trojan that would not be detected by the majority of antivirus packages. "Like many other spear-phishing attacks, the phisher performed research before launching his or her attack. Specifically, the individual was able to locate our CEO's e-mail address and the Cyveillance phone number in the e-mail," the company said on its blog. "This information was used to enable and build additional credibility for the attack." Social-engineering attacks typically play on people's emotions and create a desire to open a hostile e-mail attachment, said Ken Dunham, director of global response for iSight Partners, but today the attacks are more often fear-based. In addition to the subpoena e-mail this week, Dunham points to a recent IRS spoof as proof that attacks are shifting from interest in love or pornography to fearful motivations that promise trouble if recipients don't respond. "It's interesting that the attacks are now typically more timed and more focused," Dunham said. "What we are seeing is a flexing of muscles in terms of frequency and prevalence of these fear-based attacks. I've seen a lot more of the fear factor in the past year. It's that take-away concept they are trying to play on at this point." EO Subpoena Scam Fires up Anew After tricking several thousand executives into downloading malicious software earlier this week, online scammers started up their subpoena phishing scam again Wednesday, but on a much smaller scale. First reported Monday, the phishers send a small number of e-mail messages to senior executives within companies, often CEOs, telling them that they've been subpoenaed for a federal court case. The e-mails direct the victim to a Web site that is very similar to a legitimate California federal court page, but ending in "...-uscourts.com," rather than the "....uscourts.gov" Web domain actually used by federal courts. Although they end with the same letters, the domains used in this scam are actually different from and not connected with the uscourts.com Web site, which offers access to court records in some jurisdictions. The e-mail sent to executives is specially crafted to appear legitimate, a tactic called "spear-phishing." The emails include the executive's name, company's name and even the correct phone number. Executives who click on the link in the e-mail are then told that they need to download a plug-in in order to read the subpoena. That plug-in is actually malicious software. Although the U.S. federal court system uses email to communicate information about cases, subpoenas for new cases are not served via e-mail. Verisign, which estimates that about 2,000 people were tricked by the scam on Monday, believes that Wednesday's attack was on a much smaller scale. Late Wednesday the company's iDefense group had tracked only about 100 infections, said Matt Richard, director of iDefense's Rapid Response Team. Security experts have been fighting the phishers. By Tuesday they'd managed to get the first phishing Web site taken down, only to have the second one pop up on Wednesday. Because the attack targets such a small number of victims, anti-spam companies have had a hard time filtering the e-mails and antivirus companies have been similarly pressed to block the malicious software that the attackers are using. Late Wednesday, antivirus companies were not blocking this latest version of the malware, said John Bambenek, a security researcher at the University of Illinois at Urbana-Champaign and volunteer at the SANS Internet Storm Center. EU To Punish Incitement to Terrorism on Internet EU states agreed on Friday on tight laws against incitement to terrorism in order to clamp down on militant groups' use of the Internet. EU justice and interior ministers also agreed in Luxembourg on an action plan to try to stop groups getting explosives. Police say the Internet has taken on huge importance for militants, enabling them to share know-how, plan operations and spread propaganda to a mass audience. "The Internet is used to inspire and mobilize local terrorists ... functioning as a virtual training camp," a text agreed by ministers said. "Each member state shall take the necessary measures to ensure that terrorist-linked offences include ... public provocation to commit a terrorist offence, recruitment for terrorism, training for terrorism." States may also consider attempts to train and recruit as terrorist offences, but are not obliged to do so, an EU official said. Spain's secretary of state for justice, Julio Perez Hernandez, welcomed the move. "The battle to anticipate (terrorist acts) is crucial for Spain," he told reporters. "One should not wait for smoke to know there is terrorism." In an effort to assuage civil rights campaigners, the law says that the new measure may not be used to restrict freedom of expression and freedom of the press. Before entering into force, the law still needs to be confirmed by ministers after a number of national parliaments have discussed it. A European Commission official said countries like Spain and Italy already punish public provocation to terrorism but others, like Scandinavian countries, would have to change their legislation to apply the new EU text. Under the plan to enhance the security of explosives, ministers agreed to establish an early-warning system on stolen explosives and detonators by the end of the year. They also agreed to create by the year-end a "European Bomb Data System" that would give police and governments permanent access to information on incidents involving explosive devices. PayPal Plans To Block Older, Unsafe Browsers The name PayPal is almost synonymous with phishing scams. According to anti-phishing service PhishTank statistics from last year, PayPal was the number-one target of scams - more than twice as often as PayPal's parent, eBay, the second most popular target. On Friday, PayPal announced it was taking an unusual step to combat phishing abuse: blocking old and insecure browsers from its site. It is "an alarming fact that there is a significant set of users who use very old and vulnerable browsers, such as Internet Explorer 4," the company said. PayPal now supports only the use of Extended Validation SSL Certificates. Browsers that support the technology highlight the address bar in green when users are on a legitimate site. The latest version of Microsoft Internet Explorer supports EV SSL certificates. Firefox 2 supports them with an add-on, but Apple's Safari browser doesn't. "By displaying the green glow and company name, these newer browsers make it much easier for users to determine whether or not they're on the site they thought they were visiting," said PayPal. "While refusing to do business with people who don't use one of these browsers may seem disruptive," said Andrew Storms, director of security operations at nCircle Network Security, "it is actually a rather old technique used by software vendors." Just as software vendors specify approved and required components, "providers of services not only protect their bottom line by making such demands, but also in the long run protect the consumer," Storms explained. The problem is that it's relatively easy to impersonate browsers. "Exactly how and if PayPal attempts to act on this initiative will be interesting. Apple's iTunes Store is in essentially the same situation. If someone wants to use the iTunes Store, they need to use iTunes. So far, that limitation hasn't seemed to limit Apple's revenues," Storms noted. The next major step in providing security - both for the consumer and the provider - will be single-site browsers, Storms said. "This will be a Web browser, like client software, that can do nothing but be used for a single Web site." "Think of this as a traditional client/server application. If you need to use your financial system, you launch browser X; then, if you need to use the enterprise resource-planning system, the user launches browser Y." While this might seem like a huge step backward in user productivity and IT management, in the future we might still use a single browser that "locks all network traffic into a single known and trusted site one at a time," Storms said. Under this scenario, a user would need to log off and switch between different systems. "All the while, the browser ensures no errant information gets transmitted to any other system," Storms said. Watchdog Wants Global Drive Against Online Abuse Hundreds of child abuse Web sites around the world could be shut down if countries worked together to tackle the problem, an Internet watchdog said in a report on Thursday. The Internet Watch Foundation said it had made the first attempt to find out how many sites peddle abusive images and videos of children. Its researchers found about 3,000 sites, with more than three-quarters run as commercial operations, typically by criminal gangs trying to make money out of the images. "This is the first time any organization has revealed the true scale of this issue and been clear that the problem is something that can be solved," the watchdog said in a statement. Chief Executive Peter Robbins said the new figure would help build the case for a global drive to eradicate the sites. He said: "A coordinated global attack on these Web sites could get these horrific images removed from the Web. "Speculative figures can create a distorted picture of the scale of the problem of child sexual abuse websites." The number of child abuse sites has remained static over the last few years, despite the growth of the Internet, he added. The watchdog's annual report called for a worldwide campaign by governments, police and the Internet industry to investigate and disrupt abusive sites. Computer networks in Russia and the United States host the most child abuse images, although many other countries are involved, a watchdog spokeswoman said. It can be hard to shut illegal sites because operators constantly switch countries, temporarily close them or hop between different Internet hosting companies. The victims come from many countries, although it is hard to pinpoint exact locations, the spokeswoman added. "Child identification is an extremely difficult process," she said. "We often find that new material will surface in a non-commercial area ... and those same images will appear on the commercial Web sites a year or so later." Since 2003, less than one percent of child abuse content has been hosted on UK computers, down from 18 percent in 1997, the report says. Sites hosted in Britain are closed within hours. During 2007, the majority (71 percent) of global sites were "live" for less than 50 days of the year, the report said. It also highlighted a significant problem with pedophiles sharing images between themselves online. Set up in 1996, the Internet Watch Foundation is a self-regulating charity funded by the European Union and the Internet industry. Its role is to remove child abuse, criminally obscene material and racist content from the Internet. Security Experts Split on "Cyberterrorism" Threat International experts called on Wednesday for greater cooperation to fight threats to computer networks but they differed on the definition of cyberterrorism, with a top British security official describing it as a "myth." Estonian defense ministry official Christian-Marc Liflander said sustained electronic attacks on his country last year came both from crude hackers and from sophisticated "cyberterrorists" remotely manipulating zombie computers known as botnets. "I would say we have entered an era of cyber terror and perhaps even of cyber war," Liflander told a London security conference at the Royal United Services Institute. Estonia has said it believes the Russian government was behind last year's attacks, which came amid a diplomatic row over Tallinn's decision to relocate a Soviet-era war memorial. But Liflander said the botnet attacks came from computers in 76 different countries and it was hard to prove who sponsored them. "What we have is just a gazillion IP (Internet Protocol) addresses that don't prove anything." The effect was to paralyze websites and cause severe disruption to key services such as banking, in a country with one of the highest levels of Internet usage in the world. But not everyone agrees that "cyberterrorism" is the best way to describe such electronic attacks. Stephen Cummings, director of the British government's Centre for the Protection of National Infrastructure, said he had seen no evidence to suggest terrorists were bent on using cyberattacks to generate the same devastating impact as their physical attacks. "I think discussion of cyberterrorism distracts our attention from the more pressing terrorist threats, which are still physical," he said in a presentation which included a slide saying "Cyberterrorism is a myth." Talk of cyberterrorism could distract people from addressing the real risks from malicious electronic attacks, he said. "Who knows, if we all talk about cyberterrorism enough, maybe the terrorists will twig on to its potential in a way we wouldn't want them to." Despite the differences over terminology, officials stressed the need for international collaboration. "No one country can stand alone in facing cyberattacks and threats. Cyberspace is borderless and the attack usually does not originate from within," Husin Jazri, director of CyberSecurity Malaysia, told Reuters. He said governments and their computer emergency response teams needed to set up "pre-emptive arrangements" to cope with potential attacks. Estonia, following last year's crisis, has urged the European Union to harmonize laws against cyberattacks to make it easier to prosecute those behind them. Liflander told Reuters it would also unveil a national cyberdefense security strategy in the next two weeks, aimed at better protecting key infrastructure and networks by "putting in place minimum standards that all enterprises have to adhere to." He described the defense against last year's cyberattacks as a game of cat and mouse. "The attacks were very rapid and there's a tendency to mushroom, so you have to be very agile in your response to them. And your response is only limited if you do it on a national scale - it has to be international as well." Most Computer Users Repeat Passwords, at Their Peril Using the same password for multiple Web pages is the Internet-era equivalent of having the same key for your home, car and bank safe-deposit box. Even though a universal password is like gold for cyber crooks because they can use it to steal all of a person's sensitive data at once, nearly half the Internet users queried in a new survey said they use just one password for all their online accounts. At the same time, 88 percent of the 800 people interviewed in the U.S. and the U.K. for the survey by the Accenture consultancy, which is to be released Thursday, said personal irresponsibility is the key cause of identity theft and fraud. Researchers say the findings suggest that many users underestimate the growing threat from organized cyber criminals who can reap big profits from selling stolen identities. "There's a lot of confusion out there - a lot of people don't think there's a problem," said Robert Dyson, a senior executive in Accenture's global security practice. "There's still the kind of head-in-the-sand situation: 'My identity hasn't been stolen. I don't know anybody who's had their identity stolen. So it must not be happening.'" Dyson said the problem with repeating passwords is that a hacker who successfully breaks into one account then has an easy time guessing how to get into all the user's other accounts. Many users repeat passwords so they don't forget them, which shows in another finding that 70 percent of survey respondents in the U.K. said they don't write down their passwords, versus 49 percent in the U.S. Only seven percent of the respondents said they change their passwords often, use password management software or use a fingerprint reader to access their machines and accounts. The survey looked at people who used a computer at home, have high-speed Internet access and go online at least twice a week for something other than checking e-mail. The respondents were selected at random and questioned over the telephone. The mean age was 46. The survey's margin of error was plus or minus 3.5 percent for the total sample and plus or minus 4.9 percent for U.S. and U.K. samples. Accenture noted that the results represent the behavior of a random sample of this subgroup of Internet users, not the overall general pool of U.S. and U.K. consumers. Users Fight To Save Windows XP Microsoft Corp.'s operating systems run most personal computers around the globe and are a cash cow for the world's largest software maker. But you'd never confuse a Windows user with the passionate fans of Mac OS X or even the free Linux operating system. Unless it's someone running Windows XP, a version Microsoft wants to retire. Fans of the six-year-old operating system set to be pulled off store shelves in June have papered the Internet with blog posts, cartoons and petitions recently. They trumpet its superiority to Windows Vista, Microsoft's latest PC operating system, whose consumer launch last January was greeted with lukewarm reviews. No matter how hard Microsoft works to persuade people to embrace Vista, some just can't be wowed. They complain about Vista's hefty hardware requirements, its less-than-peppy performance, occasional incompatibility with other programs and devices and frequent, irritating security pop-up windows. For them, the impending disappearance of XP computers from retailers, and the phased withdrawal of technical support in coming years, is causing a minor panic. Take, for instance, Galen Gruman. A longtime technology journalist, Gruman is more accustomed to writing about trends than starting them. But after talking to Windows users for months, he realized his distaste for Vista and strong attachment to XP were widespread. "It sort of hit us that, wait a minute, XP will be gone as of June 30. What are we going to do?" he said. "If no one does something, it's going to be gone." So Gruman started a Save XP Web petition, gathering since January more than 100,000 signatures and thousands of comments, mostly from die-hard XP users who want Microsoft to keep selling it until the next version of Windows is released, currently targeted for 2010. On the petition site's comments section, some users proclaimed they will downgrade from Vista to XP - an option available in the past to businesses, but now open for the first time to consumers who buy Vista Ultimate or Business editions - if they need to buy a new computer after XP goes off the market. Others used the comments section to rail against the very idea that Microsoft has the power to enforce the phase-out from a stable, decent product to one that many consider worse, while profiting from the move. Many threatened to leave Windows for Apple or Linux machines. Microsoft already extended the XP deadline once, but it shows no signs it will do so again. The company has declined to meet with Gruman to consider the petition. Microsoft is aware of the petition, it said in a statement to The Associated Press, and "will continue to be guided by feedback we hear from partners and customers about what makes sense based on their needs." Gruman said he'd keep pressing for a meeting. "They really believe if they just close their eyes, people will have no choice," he said. In fact, most people who get a new computer will end up with Vista. In 2008, 94 percent of new Windows machines for consumers worldwide will run Vista, forecasts industry research group IDC. For businesses, about 75 percent of new PCs will have Vista. (That figure takes into account companies that choose to downgrade to XP.) Although Microsoft may not budge on selling new copies of XP, it may have to extend support for it. Al Gillen, an IDC analyst, estimated that at the end of 2008 nearly 60 percent of consumer PCs and almost 70 percent of business PCs worldwide will still run XP. Microsoft plans to end full support - including warranty claims and free help with problems - in April 2009. The company will continue providing a more limited level of service until April 2014. Gillen said efforts like Gruman's grass-roots petition may not influence the software maker, but business customers' demands should carry more clout. "You really can't make 69 percent of your installed base unhappy with you," he said. Some companies - such as Wells Manufacturing Co. in Woodstock, Ill. - are crossing their fingers that he's right. The company, which melts scrap steel and casts iron bars, has 200 PCs that run Windows 2000 or XP. (Windows 2000 is no longer sold on PCs. Mainstream support has ended, but limited support is available through the middle of 2010.) Wells usually replaces 50 of its PCs every 18 months. In the most recent round of purchases, Chief Information Officer Lou Peterhans said, the company stuck with XP because several of its applications don't run well on Vista. "There is no strong reason to go to Vista, other than eventually losing support for XP," he said. Peterhans added that the company isn't planning to bring in Vista computers for 18 months to two years. If Microsoft keeps to its current timetable, its next operating system, code-named Windows 7, will be on the market by then. =~=~=~= Atari Online News, Etc. is a weekly publication covering the entire Atari community. Reprint permission is granted, unless otherwise noted at the beginning of any article, to Atari user groups and not for profit publications only under the following terms: articles must remain unedited and include the issue number and author at the top of each article reprinted. Other reprints granted upon approval of request. Send requests to: dpj@atarinews.org No issue of Atari Online News, Etc. may be included on any commercial media, nor uploaded or transmitted to any commercial online service or internet site, in whole or in part, by any agent or means, without the expressed consent or permission from the Publisher or Editor of Atari Online News, Etc. Opinions presented herein are those of the individual authors and do not necessarily reflect those of the staff, or of the publishers. All material herein is believed to be accurate at the time of publishing.