4th > March > 2002 Archive

VIA sales down in February

VIA Technologies' sales came in at US$65.6m (NT$ 2.3bn) for February. This is around 15 per cent lower than January - not so surprising as most of its customers take a week off in Feb to celebrate the Chinese New Year. More instructive, certainly for ironing out seasonal sales fluctuations, is the year-on-year comparison kindly supplied by the Taiwanese chipset-to-CPU designer. This shows that February 2002 sales were 29.15 per cent down on Feb 2001, when the company posted sales figures of US$92.6m. Accumulated sales for January and Feb 2002 were US$143.14m - 20.75 per cent down on the same period last year (US$180.6m). VIA ended 2001 with higher revenues than the year before, a worthy achievement considering the torpedoed state of its core markets. But looking at results so far this year, the company faces a tough challenge to ensure that it pulls off the same trick in 2002. ®
Drew Cullen, 04 Mar 2002

Samsung preps 400MHz DDR launch

Samsung is to go into volume production of DDR400 SDRAM 128Mb memory in Q2. The world's biggest DRAM maker is already sampling the fast memory chip with its major customers - and it is gunning for $300m worth of sales from the graphics-targeted device in 2002. Samsung is making a big play for supplying graphics board makers with fast memory. It estimates that 70 per cent of graphic boards built this year will use DDR DRAM, and that it has 80 per cent of this business. The new 400MHz device is 30 per cent faster when it comes to transmitting data than 300MHz versions, according to Samsung. Compared and contrast with the 325MHz clock frequency (650Mb/s/pin) of the memory used on the GeForce 4 Ti 4600 - a 23 per cent increase. Here's some more Samsung 400 spec, culled off the data sheet. It can process data at 3.2GB/sec and transmits data at 800Mbps. The chip operates on 2.8 volts and lives inside 12mm x12mm FBGA packaging. Fine-pitch ball grid array is the JEDEC standard for x32 DDR SDRAM, so, as Samsung helpfully points out, graphics board manufacturers using DDR can swap out the memory device for an easy upgrade. However, the fact that this is a 128Mb part may hamper sales to card makers - the high-end Nvidia GeForce 4 Ti 4600 uses 256Mb memory, for instance. This may be the world's first production DDR400 device, but it is unlikely to find its way into PC memory, where the clock speed is typically much slower than for graphics use. DDR266 operates, for instance at 133MHz, giving it a data transmission speed of 266Mb/s/pin. So why the frequency discrepancy? Reader Phil Martin kindly supplies us with an explanation: the answer is that the graphics chips operate in a much more tightly controlled environment, with the memory chips much closer to the controller, so that tracks are kept short. Typically you only have one load per pin, which reduces loading, and makes signal termination easier - increasing signal quality. "In a PC, tracks are longer, and have to go though DIMM sockets, and there are typically multiple DIMM slots, which make signal termination much more tricky - hence the lower clock rate." Finally, we can't let you go without the part number - K4D26323RA-GC25. ®
Drew Cullen, 04 Mar 2002

A radio on every chip in 10 years

IDFIDF Intel Corp's entire chip range could feature integrated software configurable radios within ten years, according to a startling roadmap unveiled by the vendor's chief technology officer, Joe Fay writes. In his keynote speech to the Intel Developer Forum yesterday Pat Gelsinger also claimed that Moore's law, and its cost implications, will hold true for decades to come, expanding beyond Intel's fiefdom in microprocessors to encompass wireless, optical and sensor technologies. Wireless has been a constant theme throughout the vendor's developer conference in San Francisco this week, whether Intel has been talking about its communications processors, or its traditional CPU families for desktop and servers. Wireless capabilities will soon begin to find their way into chipsets in PDAs and mobiles according to the roadmaps executives have been outlining this week. However, Gelsinger drew an even more ambitious vision, which will see radio technology become an integral part of the processor itself. He said the Santa Clara, California-based company envisioned using micro electrical mechanical systems technology for the construction of passive components, and showed a wafer featuring MEMS devices. He said the company planned to integrate all the relevant components for wireless communications into silicon, right down to the antenna, in a strategy the vendor has dubbed Radio Free Intel. The vendor is investigating software configurable radio technology, and Gelsinger said that so far, "we are very encouraged by the results we're getting." Under this model, said Gelsinger "we want to get where one corner of every die has an integrated radio." This would mean, in effect, that every processor Intel produces would be potentially radio aware, and could seamlessly roam between available network technologies, from WANs down to PANs. In a question and answer session, Gelsinger said the integrated radio project was a "ten year picture", but the company expected to be able to produce an integrated fully functional radio in silicon within five years, although elements of the technology could appear sooner. Wireless was not the only communications technology to catch Gelsinger's eye though. He outlined the company's plans to apply Moore's law to optical communications, in the area of silicon photonics. He said that with the integration of optical technology with silicon technology, massive cost reductions could be achieved, and optical communications would move beyond the WAN space down through Metro, LANs and onto the chip level. He said that applying the Intel model would result in 100 fold reductions in the cost of today's extremely priced optical components. Sensors was the third area Gelsinger highlighted. The company has been funding research at the University of California at Berkeley into ad hoc networks. The technology was demonstrated last year at the Hot Chips Conference in Palo Alto. Gelsinger speculated on how this technology could find its way into applications as diverse as an infant blanket, which could monitor breathing and heartbeat, or agriculture, with, for example, each vine in a vineyard being able to deliver data on its own micro climate. However, Gelsinger was not prepared to comment on the environmental or health impact of the sort of proliferation of silicon technology and radio transmissions he described. In the question answer session after his speech, Gelsinger said: "We're not medical researchers." The best the company could do, he said, was to ensure it worked within the guidelines set by the FCC. © ComputerWire.com. All rights reserved.
ComputerWire, 04 Mar 2002

Intel ships P4-M, runs at 1.7GHz

Intel today started shipping the P4-M, the first notebook chip to incorporate the Pentium 4 Northwood core. The P4-M has a clock speed of 1.7GHz, uses the new DDR-supporting mobile 845 chipset, and is supposed to be 43 per cent faster than its nearest PIII mobile antecedent. The P4-M incorporates a 400MHz FSB and 266MHz DDR support. It's built using the 0.13micron manufacturing process and it's housed in micro flip chip pin array packaging. Power management (which means longer battery life) is supplied by a combo of Intel SpeedStep technology and something called Deeper Sleep Alert State. Running in tandem, the duo enable the processor to run using less than two watts of average power, Intel says. Intel is making a great play for the notebook, sub-notebook and handheld sectors. Recently the chipmaker announced two Xscale chips for the PDA and mobile phone sectors, and at The Intel Developer Forum last week, it made a great play for the wireless world - technology designed to turn its "Anytime Anywhere" strategy into reality. With ever-increasing segmentation in the mobile world, Intel reckons that its basic strengths - R&D, quickness to market with new technology, volume manufacturing ability - play particularly well here. Notebook sales continues to grow - up six per cent in 2001, when desktop sales were falling. Currently, notebooks account for 22 per cent of all client PC sales, according to figures cited by Intel, and we can expect this to only grow, as penetration increases into the consumer market. Intel launches its next major notebook technology, Banias, in H1, 2003, the company announced last week. ® Related Story Intel outs Banias, mobilizes notebook designers
Drew Cullen, 04 Mar 2002

Intel chops desktop Celeron prices

Intel today refreshes its OEM price lists, last updated at the end of January. And whaddya know - all remains the same, except for the bargain basement desktop Celerons. The 1.3GHz Celeron with 256k cache now costs $84, 18 per cent down on the previous published price of $103. The 1.2GHz costs $79 ($87 -11%); The 1.10A GHz is now $69 ($79 -13%); and the 1.0A GHz now comes in at $64 ($69 -7%). All the Celerons above have 256k cache and all are built on 0.13m manufacturing technology. Remember that prices are quoted for trays of 1,000 units, so there won't be an exact correlation when they feed their way to the retail level. ®
Drew Cullen, 04 Mar 2002

Gameplay castaways make good

So what do you do when the dotcom you work for goes titsup.com? Retire to the hills to become a freelance shepherd? Hell no – well, not if you’re a couple of castaways from former online games giant Gameplay. Arran D’Aubigny and Gareth Morris have given up the combat trousers and hooded tops and swapped them for city suits. Sticking two-fingers up to those who live by the maxim 'once bitten twice shy', D’Aubigny (marketing director) and Morris (Web director) have hooked up with yet another online venture. They now help drive B2B Web site, Askhow2.com, which allows paying members to share practical business help. Said Morris: "We’re already making revenue. In essence we are doing the reverse of what happened at Gameplay. We’re trying to make money by establishing our business and culture first." Asked what he's learnt from his two-years at Gameplay Morris said: "Concentrate on your revenue streams and don’t get distracted." You ain't wrong there. ® Related Story Gameplay division sold for £1
Tim Richardson, 04 Mar 2002

Dell falls foul of pro-gun lobby

The USA's awesomely powerful pro-gun lobby is taking aim at Dell, after the patriotic Texan, PC maker, refused to take an order from a prominent American pistolsmith. Jack Weigand, president of the American Pistolsmiths Guild, was told by Dell that the company had refused to complete his order for a notebook, following the company's post September 11-screening policies. The reason? The name of Wiegand's company, Weigand Combat Handguns inc., failed the screen, apparently because of the combat bit. Weigand promptly ran up a statement on his website, calling on "the firearms community to do the following. If you intended to buy a Dell and because of this letter you do not, email Dell and let them know why." He then posted it on firearms forums (and our thanks to Leadshot.com for alerting us to this story). Weigand got really mad when he found out that Dell numbered Handgun Control as a member of its sales affiliate program, by which companies gain fees for referrals. Proof, he reckons, that Dell is in league with the US anti-gun lobby. Nonsense, says Dell. Spokeswoman Cathy Hargett told Newsbytes that Dell "has not taken a position on the issue of gun control. Not in our sponsorships, not in our giving, and not in our public policy." Handgun Control Inc, now officially known as the Brady Campaign, told Newsbyte's Brian McWilliams that it had never received any money from Dell. So why did the company refuse to serve Weigand? It was all a terrible mistake, Dell says, although it's not clear if human error or poor computer programming is to blame. Dell says it is very sorry and has offered to ship a laptop free of charge to Weigand; he has, reportedly, refused the offer. It does seem unfair that Dell should be targeted because of the beliefs of its sales affiliates - think how difficult life would be for Amazon, if this were the case. But it looks like it's got a PR battle royale on its hands. ®
Drew Cullen, 04 Mar 2002

Britney Spears virus fails to chart

An email-borne virus that tries to spread by tricking users into clicking an attachment that promises a picture of Britney Spears has found few takers. Britney-A, a Visual Basic Script (VBS) worm, normally arrives at a victim's inbox with the subject line "RE:Britney Pics", body text "Take a look at these pics..." and infected attachment "BRITNEY.CHM." The worm requires ActiveX to be enabled for the VBS to run and so it prompts the user to enable ActiveX with the message "Enable ActiveX To See Britny (sic) Pictures". If a user is daft enough to do this, Britney-A will infect a victim's hard drive and send itself to all addresses in the Outlook address book. The worm, which is not particularly destructive, also attempts to distribute itself via Internet Relay Chat. AV vendor Sophos reports receiving only one report of this worm in the wild, but in view of Britney's fame, the company is nonetheless encouraging users to be vigilant. Antivirus vendors are in the process of updating their packages to detect the worm and protection is now largely in place. The virus writer has used standard social engineering tricks in creating Britney-A. Previous stars who've had viruses written about them include Anna Kournikova and Jennifer Lopez. Graham Cluley, senior technology consultant at Sophos Anti-Virus, said the modest spread of the virus doesn't necessarily imply that the old tactic of using sex to spread infectious code is running out of steam. "It is encouraging that this virus isn't spreading but that might be because it didn't get lucky and reach the critical mass it needed to spread quickly after its release," Cluley said. The design of the code - in particular requiring ActiveX to be enabled - might also explain the failure of the Britney-A to chart, said Cluley, who added that users should remember basic safe computing rules and not be coaxed into opening any unsolicited email attachments. ® External links Write up of the Britney Spears virus by Sophos Guidelines for safer computing Related Stories Anna Kournikova virus spreading like wildfire Anna Kournikova bug drops harmlessly onto the Net Kournikova virus kiddie gets 150 hours community service Users haven't learned any lessons from the Love Bug Rise in viruses within emails outpacing growth of email Hybrid viruses set to become bigger threat
John Leyden, 04 Mar 2002

All quiet on the malware front

Incidents of email-borne viruses were markedly down last month but old favourites like SirCam and BadTrans-B are refusing to die a decent death. That's according to monthly statistics from managed services firm MessageLabs, which stopped 135,523 viruses in February, compared to 241,609 in January and almost 480,000 last December. MessageLabs reports that virus infection rates are running at less than one in 1,000 emails, compared to one in 30 infected emails at the heights of the Goner or Love Bug epidemics. In the last four weeks MessageLabs blocked 36,693 emails infected with SirCam. BadTrans-B, with 18,707 infection-bearing emails stopped, and MyParty (16,047) also feature prominently. A monthly chart of virus reports compiled by antivirus vendor Kaspersky Labs tells a slightly different story. Badtrans-B, SirCam and the Hybris worm feature prominently in its chart, but the runaway leader is the Klez worm, which accounted for almost two in three (61.5 per cent) of calls to Kaspersky Labs' support centre. ® Top ten viruses blocked by MessageLabs in February SirCam BadTrans-B Magistr-B Klez-E Hydris-B Magistr-A Goner-A Gokar-A Hybris-D Kak-A External links Latest monthly stats from MessageLabs Kaspersky Labs virus top twenty for February 2002 Related Stories BadTrans-B tops virus charts Thousands of idiots still infected by SirCam SirCam virus hogs connections with spam It's My Party and I'll infect you if I want to Hybrid viruses set to become bigger threat MS security memo a mere gesture Lies, damned lies and anti-virus statistics Users haven't learned any lessons from the Love Bug Rise in viruses within emails outpacing growth of email A plague on all our networks
John Leyden, 04 Mar 2002

Malware by numbers: online virus creation tool spotted

The world's first online virus generator has surfaced - but there's no need to get too alarmed, antivirus experts say. The Instant Macro-Virus Maker can be used to create macro viruses and dispenses with the need for virus writers to download virus creation toolkits. Wannabe click kiddies need only visit the site which has both Romanian and English versions, and follow a few simple instructions. MI_pirat, the site's author, boasts that no programming skills or download are needed to create a virus using the toolkit. "Choose from the options (few, I know, but it's the first edition) and then copy/paste the generated code into a Word (97...2000 etc.) module named after the virus. Enjoy!!!" he adds. The site is published on a public, free server (which hasn't yet being removed) and also exposes known dangerous viruses, and the author's own virus library. Sofwin, the Romanian anti-virus firm which first reported the tool, warns that the author could develop his tool beyond relatively innocuous macro viruses so that it can be used to generate more virulent malware. But other AV firms are less concerned. Eric Chien, chief researcher at Symantec's Anti-Virus Research Lab, said the toolkit is nothing to get too worried about. "Macro viruses are getting close to being a thing of the past. The last major outbreak of a macro virus was Melissa," Chien said. "This [toolkit] generates the simplest of macro viruses and isn't a worm, which can spread by email or network attachments." Chien added that any virus created by the toolkit would be automatically detected using heuristic (automatic) detection features found in the AV scanners of most major vendors. Some AV vendors, like Sophos, omit the use of heuristics (which they believe can lead to false positives) but Graham Cluley, senior technology consultant at Sophos, said it is a trivial task to update any anti-virus product to detect any virus generated with the kit. "It's very much a storm in a teacup," he told us. Virus writing toolkits have been used to create several virulent viruses of late - including the infamous Anna Kournikova worm - and we hope the ISP hosting the site pulls the plug at the earliest opportunity. ® Related Stories Virus toolkits are s'kiddie menace Anna Kournikova virus spreading like wildfire Anna Kournikova bug drops harmlessly onto the Net Kournikova virus kiddie gets 150 hours community service Justice mysteriously delayed for 'Melissa' author Users haven't learned any lessons from the Love Bug Rise in viruses within emails outpacing growth of email Hybrid viruses set to become bigger threat All quiet on the malware front
John Leyden, 04 Mar 2002

IE, Outlook run malicious commands without scripting

An attacker can run arbitrary commands on Windows machines with a simple bit of HTML, an Israeli security researcher has demonstrated. The exploit will work with IE, Outlook and OutlooK Express even if active scripting and ActiveX are disabled in the browser security settings. The problem here is data binding, an old 'feature' going back to IE4 in which a data source object (DSO) is bound to HTML. Using an XML data source, the researchers operating a Web site called GreyMagic Software came up with a simple example in which a few lines will cause Windows to launch the calculator application thus:                                        ]]>               You can copy and paste this into a text editor, though you must edit the path to calc.exe in the script if it differs from the path on your system, and name it whatever.htm. Then open the file with your browser and watch the calculator launch. MS has yet to patch the hole, but we've verified that a workaround proposed by Axel Pettinger and Garland Hopkins works on the above example, though that's no guarantee that it will work on every exploit of this sort. Using regedit.exe find the following key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] and change the value of "1004" (DWORD) from "0" to "3". Don't forget to back up your registry before making changes, even innocuous ones like this. You can then re-boot and open the example file with your browser again to verify that it fails to launch the calculator. However, the workaround will often cause IE to launch a security warning dialog box which has to be cleared before you can continue surfing. It tells you that your security settings are interfering with your rich Internet experience, and you can't tick a box ordering it to stop warning you of what you already know. Personally I believe MS does this to discourage high security settings in IE which interfere with the rich eXPeriences advertisers have in store for you on the Web, and which MS seems inexplicably eager to vouchsafe. You don't get sick of the slightly scaled-down functionality; you get sick of the endless warnings and eventually capitulate and restore your settings to Redmond-approved, and Direct Marketing Association-approved, levels. But we digress. Obviously, there's a slew of malicious activities which can be attempted with this exploit, and a slew of people busily working on them. Thus it might be prudent to apply the workaround until Redmond issues a patch -- if you can stand to be harangued about your security settings at every turn, that is. ®
Thomas C Greene, 04 Mar 2002

Mobile phone masts have low emissions

The level of emissions from mobile phone masts in the UK is well below international guidelines, according to the latest Government research. The Radiocommunications Agency tested 100 base station near schools last year and found that electromagnetic emissions were, in some cases, many thousands of times below exposure guidelines set by the International Commission on Non-Ionizing Radiation Protection (ICNIRP). However, despite this reassurance, the Government stopped short of saying masts were safe. A spokesman for the Department of Trade and Industry explained that the DTI wasn’t in the position to say whether masts were safe or not. It was merely carrying out research in response to a report published in 2000 by the Independent Expert Group on Mobile Phones. At the time the group concluded that there was no evidence to suggest that mobile phone technologies posed a health risk. However, it called for further tests to be carried out. The Government said it will continue testing a further 100 masts this year to see whether mobile phone masts pose a threat to health. ®
Tim Richardson, 04 Mar 2002

C# virus pitched against .NET

A new virus uses Microsoft's C# language to target .EXE files under the Microsoft .NET Framework. The Sharpei mass-mailer targets machines running .NET and consists of three components: a simple file dropper program, a mass mailer which uses Microsoft Outlook to spread, and a .NET component. Although considered low risk, Sharpei is noteworthy because the replication code of the virus is written in C#. This makes closer to a platform-independent .NET virus than Donut, which caused a stir as the 'first' (purportedly) .NET virus in January. Mikko Hyppönen, manager of anti-virus research at F-Secure, said Donut only contained a .NET wrapper around a traditional Windows virus, whereas Sharpei runs on .NET natively. Sharpei affects only machines running Intel architectures but .NET viruses are a concern for the future because it could become an avenue to infect PDAs and smartphones, he added. ".NET compatible implementations on PDAs are still at least a year off but when they come in it might be possible to create mobile viruses by accident," Hyppönen warned. Sharpei tries to pass itself off as a Windows security update, and the unlikely event you see it (the virus isn't spreading widely) it might drop into your In-box with the subject: "Important: Windows update" and an infected attachment, MS02-010.exe. Microsoft never sends out security updates by email, but the gullible recipients who fall for this trick will activate Sharpei. The virus is explained in more detail here. Antivirus vendors are updating their tools to detect Sharpei (which, unusually, was written by a female virus writer called Gigabyte), and protection is now largely in place. ® Related Stories .NET virus is .NOT - Microsoft Donut virus highlights holes in .NET .NET may lead to fewer viruses Hybrid viruses set to become bigger threat Rise in viruses within emails outpacing growth of email
John Leyden, 04 Mar 2002

Nvidia looks Elsawhere for Quadro back-ups

Elsa's collapse last week into receivership has seen Nvidia scrambling for new workstation graphics board partners. Currently, Elsa retains exclusive rights for Nvidia's workstation graphics CPUs (anything with Quadro in the name). A Nvidia representative told us the company remains committed to the German board maker - "so long as it's not completely dead in the water". But it will expand distribution through new channel partners. It has no names to announce - yet - but the company hopes to have the channel story ready for publication in time for CeBIT next week. Nvidia's continued support for Elsa is kinda good news for the company: this means continued access to product, despite the cash crisis. However, it now faces competition on a key product line, probably from financially tougher companies. And the news that Nvidia is seeking out other workstation graphic card makers, puts paid to once and for all the rumours that it will step in as a guardian angel for Elsa. ®
Drew Cullen, 04 Mar 2002

Thus cans In2Home ISP

Thus is canning its pay-as-you-go ISP In2Home at the end of the month. A spokeswoman for the company said the decision had been taken thanks to a change in strategy at Thus (formerly Scottish Telecom) as it focuses on providing services in return for cash. She added that it was all part of Thus' shift to providing telco and Internet services to business users instead of ordinary Joes. The service - launched in April 1999 - will no longer be available from 23:59 on the 31st of March 2002. Anyone who still uses In2Home for email is advised to find a new service provider within the next couple of weeks. Still, not wishing to end this story on a downbeat note, we've just heard that across the pond Web hosting outfit, shanje.com, has acquired free email operation MailandNews.com. MailandNews.com - which has around half a million accounts - was due to fold at the end of last week but has now been saved. Phew-weeee. The service will be offline for a day or so while all the accounts are migrated to its new hosts. The operation will be relaunched as shanjemail.com later this week. ®
Tim Richardson, 04 Mar 2002

Removing IE would kill Win2k, WinXP, MS, says Redmond

Both Windows XP and Windows 2000 will be rendered inoperable, and Microsoft will be unable to develop future new operating systems, if it is forced to separate IE from the operating system, according to court filings the company made on Friday. The US States still fighting Microsoft argue, on the contrary, that separation of this and other matters now "integrated" into the OS is both feasible and necessary. Hence the appearance of serial expert witness Lee Hollaar, whose task it will be to provide the necessary techie data to 'prove' whether or not the disentanglement can be done. We've been down this particular road before a couple of times during and prior to the trial, and we've had Microsoft threatening to ship broken versions of operating systems before. But this time the company seems to be threatening to withdraw Windows from the market entirely, and not develop or ship it ever again. Which is new, although threatening to tag its antagonists with responsibility for the total destruction of IT's biggest success story (which is effectively what Microsoft is doing here), if legally enforced separation were to go ahead, is something else we've heard before. So off we go down memory lane. A long time ago, Microsoft began bundling/integrating Internet Explorer with Windows, prompting a preliminary injunction from Judge Jackson, who was then in the chair. Microsoft had previously shipped Windows and IE separately, IE not having actually been what you'd call fully developed when Win95 first came out, but in the period up to the injunction in late 1997 it had somehow become a part of the operating system. Before the appeals court rescued Microsoft by tossing out Jackson's injunction, Microsoft was indeed saying it'd have to ship versions of Win95 that didn't work in order to comply with it. Note however that this particular scrap took place over Windows 95. Windows 98 was then in beta, and would ultimately ship with IE "integrated," but the disputed version of IE only shipped with later OEM versions of 95 on new machines, while it was (and for that matter, still is) also downloadable as an add-on. The trial documentation included an email from Bill Gates from February 1997 saying it would be important to leverage the OS to make people use IE instead of Navigator, and there was much else that suggested bolting the two together was a predatory decision, rather than a technical one. As Win98 was essentially a retread of 95, shipping a version without IE oughtn't to have been any more difficult, but the overturning of the injunction meant Microsoft was able to ship it according to plan while the full trial was starting off, and that Professor Ed Felten was called in to demonstrate an uninstall program during the trial. This was the source of much hilarity, when Microsoft was caught accidentally falsifying a video 'proving' that it didn't work, and of much wrangling. Felten didn't remove all the IE code, so Microsoft did a lot of arguing that he'd just hidden it. Removal/hiding also resulted in some functionality being broken, but the court's conclusion, supported by the appeals court, was that Microsoft had illegally "commingled" code, that is arbitrarily bolted functionality together in order to glue IE into Windows. It seems equally clear that IE could be removed from Win9x if Microsoft wanted to do it, and that the Microsoft versus Hollaar argument will initially reprise the Felten row. However, this time around we'll be talking about Windows 2000 and WinXP as well, and that widens the battlefield quite a bit. Microsoft has had a lot more time to build IE deeper into its latest versions of Windows, and if we're being charitable we might even say it's put a lot more IE-related functionality into the OS, which would break if IE were removed. If we were being uncharitable we could say that much of this functionality is IE-dependent precisely because the High Command required that it be so - it could have been done by alternative means, and any vast recoding problems caused by removal are therefore self-inflicted. What Hollaar comes up with should therefore be interesting, especially if Shane at 98lite.net doesn't come up with a remover for Win2k OSR2 and WinXP sometime soon. 98lite provides an indicator of what can and can't be done as far as IE removal goes. As far as Win9x is concerned, it's worth noting that some features get lost depending on how much you remove, and that one of the permutations offered requires that you use the Explorer version from Win95. Also, note what Shane has to say about web view and active desktop being unavailable after IE's fully removed: "HELLO!!!!! You just removed IE!!! Thats the whole point!!!!!" So when the arguments come round again, remember that one person's broken may be another one's fixed. ®
John Lettice, 04 Mar 2002

Use Windows to ‘turn your PC into a love machine’

The Register was until minutes ago entirely unaware that the Sun newspaper had even been running a ten part guide to building your own PC, far less that it completed it today. But after a tip-off from a Microsoft spinmeister who wishes to remain anonymous, but says it wasn't his idea anyway, honest, we feel the need to bring part ten to your attention. "Turn your PC into a love machine," it screams above a picture of Leilani and Nikkala, who apparently "know exactly what turns PC users on." The lasses, appropriately dressed for dealing with a few racks of P4s in a server room whose cooling system has failed, pout fetchingly over a line of software boxes. Of which more anon. As the shameless Sun techies write: "Even the luscious Leilani and naughty Nikkala, our top Page 3 models, couldn't wait to get their hands on it... And they know a thing or two about getting fellas fumbling for their zip... drive... So if you missed out on Valentine's Day because you were too busy trying to work out where to slot your hard disk, here's a chance to make up for it." But what is it, you ask? Or indeed, where is it? It is of course, a competition. For software. Microsoft software. Two "pulling packs" (the Sun's, or Microsoft UK's, words - the sun accuses MS UK) of six packages, and one of the two packs has been signed by Leilani and Nikkala. There is much more desperate stuff in the descriptions of the particular packages, but the heroic attempt to relate Visio 2002 to Valentine's Day (no, we don't know why either) particularly took our fancy: "Visio 2002 - When you finally get your date back to your flat you need to make sure everything is in place for the perfect romantic evening. So use Microsoft's diagramming and graphics tools to plot the position of your stereo to give the perfect mood music and the drinks cabinet to serve the all important nightcap." Much more similar guff, pictures of girls in swimsuits and competition entry details can be found here. Microsoft pays good money for classy PR like this, you know... ®
John Lettice, 04 Mar 2002

Morpheus fesses up to user lockout security breach

Morpheus has re-instated its file swapping service after ditching support for the P2P stack supplied by developer FastTrack and embracing the Gnutella protocol. Last week, users unexpectedly found themselves locked out of the MusicCity Morpheus network. The organisation blamed incompatibilities between Morpheus and a fresh release of software provided by FastTrack software, the KaZaA Media Desktop v1.5. This was not the entire story: In launching the Gnutella-friendly Morpheus Preview Edition, StreamCast Networks/Morpheus chief executive Steve Griffin admits its servers were hit by a massive Denial of Service attack last week. "It appears that the attacks included an encrypted message being repeatedly sent directly to your computers that changed registry settings in your computer," a statement by Griffin to users on the accelerated availability of Morpheus Preview Edition states. "Later, it appears our ad servers were attacked resulting in messages being sent to other sites without our knowledge, which threatened our most basic revenue model." Postings to the BugTraq security mailing list two weeks ago documented a denial of service exploit on PCs running older versions of the FastTrack P2P stack (prior to KaZaA 1.5), which was used by KaZaA.com and Grokster as well as MusicCity's Morpheus system. Confusingly, this had nothing to do with encrypted messages and referred instead to exhausting the memory available on a client by creating multiple pop-up windows. Neither MusicCity Morpheus nor Sharman Networks Services, the firm behind KaZaA.com, offered any comment on this pop-up Window DoS problem when we quizzed them about it last week, preferring instead to issue statements on their rift. This tiff has escalated in recent days with MusicCity describing FastTrack-Kazaa software as a security risk (or a vector for spyware). KaZaa has hit back with a Morpheus migration tool. Entertainment industry execs - who've been trying to shut both services through the courts - should be pleased with the latest developments. ® Related stories Morpheus goes to sleep - users locked out Morpheus application is 'safe' KaZaA.com 'evaluates' Dutch court ban Ala-KaZaA-m! KaZaA ordered to cease infringing copyright Napster to ask court to reaffirm Appeal Court ruling Get your filthy hands off my CDs RIAA targets post-Napster MP3 sharers Popular file-share utilities contain Trojans
John Leyden, 04 Mar 2002

Curious employees are biggest security risk

Forget about Internet crackers, employees are the biggest security problem for most businesses. That's the main conclusion of a survey of UK IT managers which suggests that most firms are prepared for the threats posed by viruses and hackers, but are still struggling to secure data on their own networks. Around half (51 per cent) of the respondents to the Oracle/Institute of Directors-sponsored survey, said that internal security breaches were a bigger threat to business than those originating outside their companies. This belief was particularly strong among smaller firms. Oracle quotes a study by the Computer Security Institute (CSI) which concluded that the average insider attack cost the target enterprise approx. $2.7 million, compared with $57,000 for the average outside attack. Oracle reckons firms need to switch their attention to securing data on their networks from "curious" employees via measures such as encryption and password protection. This is easy enough, Oracle suggests, but "90 per cent of the time businesses will not put these safeguards in place because of drains on performance or other similarly weak excuses." Ouch. One in three of the 100 IT managers polled during the survey cited the loss of customer confidence as the most damaging aspect of a security breach. Downtime and loss of commercially sensitive information (both 23 per cent) were selected as the next most important. Credibility (14 per cent) and loss of revenue (7 per cent) were selected as the least important factors. In a worrying finding for the development of e-commerce, more than a quarter (27 per cent) of respondents to Oracle study stated that concerns over security had prevented them granting external customers, suppliers or partners access to their Web site. This sentiment was expressed most strongly by firms with a turnover exceeding £250m, the study (conducted by IT research consultancy Vanson Bourne) discovered. The survey reveals a certain amount of confusion among IT managers as to where responsibility for security lay. While 32 per cent of companies stated that a non-IT executive was in charge of security, 22 per cent said they had a manager whose remit was to deal exclusively with security. ®
John Leyden, 04 Mar 2002

One.Tel cuts cost of broadband

One.Tel has introduced cut-price broadband for its existing customers almost a month before BT reduces its wholesale price for DSL. From today One.Tel's single user service costs £27.99 a month as the ISP prepares to absorb the additional cost in the hope of attracting new punters. New users who sign up now also can also start receiving DSL for the lower price, the discount telco subsidiary of Centrica says. Ian El-Mokadem, managing firector of Centrica’s telecommunications arm, said: "Even though BT's new wholesale price does not take effect until April 1, we have been overwhelmed by customers who are keen to get broadband for less." In January Centrica bought the broadband business of Scottish ISP, iomart, for £2 million. So far i,t has yet to begin throwing serious money at marketing its new operation. But with the recent announcement concerning wholesale price cuts by BT it seems the time might be right. One.Tel currently has around 3,000 broadband customers. ® Related Stories One.Tel to rebrand iomart DSL service Centrica buys iomart broadband ops
Tim Richardson, 04 Mar 2002
The Register vulture logo (black)

FT.com, Slashdot, GeoCities flag up charges

The free Internet is looking somewhat frayed at the edges with three prominent web sites in recent days announcing their intention to charge for access to content or services. FT.com, Europe's biggest business news website, today said it would charge 'under £100' a year for a soon-to-be closed area of the site. But what's up for subscription? This has yet to be determined, but archived news stories look an obvious bet. The Wall Street Journal shows that paid-for big financial news sites can attract serious subscription revenues. However, the WSJ.com charges just $59 a year (or did last time we looked), and readers of the paper get a hefty discount. The FT will have to tread carefully, to avoid scaring away too many readers and harming advertising revenues. Slashdot has an interesting pay-as-you-go for-no-ads model. Introduced at the same time as more obtrusive Interactive Advertising Bureau-standard ad sizes (most notably, those big boxes you get inside CNET articles), the ad-free version costs $5 for 1,000 page views. Eighty-two per cent of readers would end up paying less than $20 a year for this option. Bargain, we think. Heavier users - around 15 per cent - would end up paying around $5 a month - and there should be some uptake here. Here is a chance for Slashdot's huge fanbase to demonstrate, beyond buying the T-shirt, their affinity with the site. The hardest of the hardcore - the top 3 per cent who provide half the comments - could end up paying $5 a month, if they accept ads on the comments section. Slashdot is collecting subs by PayPal, realistically the only viable non credit card micro-billing payment method for a mass-market American audience to date. Yes we know it sucks, yes we know it's a pain for non-Americans etc. etc., and yes we know there are other US-based PayPal competitors - but they lack scale. Slashdot says it is investigating non PayPal options. Announcing Slashdot subscriptions Geocities, the community home page site owned by Yahoo!, last week announced its intention to charge $4.95 a month, plus set-up fee for FTP access. Users can continue to use the web-based file upload utility gratis, but this can be slow, reader Helen Cain points out. Geocities is to start charging from April 2, and it encourages users who want to continue using FTP for upload to upgrade to a premium package. Premium users are unaffected by the move. The emails are piling in from Avantgo subscribers who used to access The Register from their PDAs(heroically, in our view, as we have never built a PDA version) but can't anymore. They can't read The Register using Avantgo, because the content aggregator is "stamping out abuse" by commercial sites through the simple expedient of barring access to abusers from reader custom channels. Avantgo is being disengenuous. The Register, for example, never asked readers to include us as one of their custom channels. And we have no intention of being bounced by Avantgo into paying thousands of dollars a year just to that we can feature on their official channel list. We do have an alternative front page for PDAs, skunked up by our former colleague Tony Smith. However, the front page is a far as it goes - click on the story and you are back in Fat RegLand. If and when we do launch a proper PDA/WAP version we will almost certainly charge for this additional service. But the price will be less than if we were paying the Avantgo tax. That's the thing with publishing - someone, somewhere has to pay: it could be the advertiser, or the reader, or - more rarely these days - the investor. Or a combination of all three. As we have stated before: No Wedge = No Reg. ®
Drew Cullen, 04 Mar 2002