Microsoft: Windows 7 no 'magic bullet' for enterprises

Microsoft: Windows 7 no 'magic bullet' for enterprises
February 11, 2009 at 6:57 pm
________________________________

Microsoft warned enterprise customers this week that the migration path from XP to Windows 7 won't be any easier than it is to Vista, and offered recommendations for how companies can move from older versions of Windows to one of its newer client OSes.

"Moving from XP to Windows 7 is not a magic bullet," said Gavriella Schuster, a senior director of Windows product management, in an interview Tuesday. "You have the same level of application compatibility from XP to Windows Vista or Windows 7."

[ Randall Kennedy recently called Microsoft's Windows 7 upgrade strategy disrespectful to IT | Peter Bruzzese, meanwhile, says Microsoft's strategy is the correct one | Test Center: Windows 7 benchmakrs unmasked | Special report: Early looks at Windows 7. ]

Enterprise customers who would have had to replace applications in a move from XP to Vista will still have the same task when they move to Windows 7, she said. However, if customers have already made the leap to Vista, it will be easier to move applications to Windows 7 because it's on essentially the same code base, she said.

In a company blog post attributed to Schuster, Microsoft made recommendations to business customers to help them decide whether they should upgrade to Vista now or wait for Windows 7, which is expected later this year or, at the latest, early next year.

Many companies chose to stick with Windows XP instead of upgrading to Vista, causing Microsoft to keep new PCs with XP pre-installed in the market longer than originally planned. Once Windows 7 is released, which most expect before the end of the year, Microsoft will have two OSes built on essentially the same code base in the market at the same time, and Schuster said customers have asked the vendor how to choose between them.

To no one's surprise, Microsoft recommends that business customers still running XP or older versions of the OS upgrade as soon as possible, citing security and remote-management capabilities in both Vista and Windows 7 that weren't baked into the original XP release.

XP also was released before the majority of PCs in enterprises were laptops, and both Vista and Windows 7 have features that allow IT managers to better manage and secure laptops and mobile devices for the type of mobile workforce found in many enterprises today, Schuster said.

"When you think about Windows XP in that context -- it came out in 2001, when less than 10 percent of devices were laptops," she said. "There wasn't ubiquitous broadband. There weren't the levels of compliance and regulatory requirements. There weren't data protections."

What may be surprising in Microsoft's message, however, is that the company doesn't care which of its newer OSes customers move to -- Windows Vista or Windows 7 -- as long as they do what's best for their individual IT environments.

"What strikes me is that Microsoft is being fairly pragmatic about what the options are for customers," said Al Gillen, an analyst with IDC. "Microsoft seems to recognize the reality that customers aren't going to do what Microsoft tells them to do. They're going to do what's right for them."

Indeed, Schuster said Microsoft is "agnostic" about which OS customers upgrade to. She said Microsoft is just trying to set expectations for any upgrade that may be planned or in progress so that customers aren't surprised by problems or complexities they may encounter.

Customers should examine their application and hardware environments closely to see which would be the best fit for them. "It really depends on the environment," Schuster said.

She did have some advice for customers depending on what OS they are currently running, and whether or not they have begun migrating to Vista already.

For customers still running Windows 2000, "they clearly need to move fast and need to move to Windows Vista," she said. Extended support for Windows 2000 ends in April 2010, and it will take a company 12 to 18 months to complete the upgrade. "They can't wait for Windows 7," Schuster said.

For companies that are halfway through a migration to Windows Vista Service Pack 1, they should continue that migration as planned, she said. However, if a company has begun piloting Vista and is not yet halfway through the migration process, moving to Vista Service Pack 2 -- which should be generally available in April -- is a better option.

Some customers have already said they plan to wait for Windows 7, and Microsoft is not recommending they change that course.

When Windows 7 is available, it won't be the first time Microsoft will have two OSes on the same code base in the business market at the same time. Windows 2000 Pro and Windows XP Pro were built on the same code base as well, and many business customers on Windows 98 waited for XP instead of moving to 2000, Gillen noted.

Windows 7 is essentially the second release of Vista, an incremental update that will include some usability features but not "cause a rift for Windows Vista applications" during a migration, he said.

It will essentially be about as painful for customers to move from XP to Vista as it will be to move from XP to Windows 7, Gillen said, corroborating Schuster's warning. He agreed, too, that a migration from Vista to Windows 7 will be far easier.

However, Gillen said that Microsoft's argument that customers should pick one or the other is more in its own self-interest than an actual necessity for enterprise customers.

"[Microsoft] is trying to use every lever they have to try to encourage customers to move," he said. "But customers are going to make their own decisions based on [their own needs]." Some customers may find they can stay on XP indefinitely as long as they can continue to patch and support their applications on it. Microsoft ends extended support for XP in April 2014.

One company that has already migrated to Windows Vista, and plans to upgrade to Windows 7 as well, is computer reseller Heartland Technology Solutions in Harlan, Iowa. Heartland is a Microsoft partner that participated in the Vista beta-testing program.

Arlin Sorensen, CEO and president of Heartland, said that Vista increased worker productivity, particularly because of its the improved desktop search functionality.

Heartland serviced about 1,900 individual small-business customers last year, each with its own set of unique IT needs, he said. However, one of the most common problems customers needed help with was finding documents or files they couldn't locate.

"This is where the ability to search more quickly and efficiently for files immensely improved productivity," Sorensen said.

"The whole Vista experience has helped in simple but very productive ways," he said. "There's a significant amount of time people waste looking for documents."

Heartland is a small company with about 75 desktops, so it was far easier for the company to migrate to Vista from XP than it would be for a large enterprise, Sorensen acknowledged. "We're definitely more nimble than an enterprise company would be," he said.

________________________________
Snakebite network readied for open source projects
February 11, 2009 at 6:30 pm
________________________________

Developers soon will have a network to go to for developing principally open source projects and testing their software on multiple platforms.

The planned Snakebite network is intended to "provide developers of open source projects complete and unrestricted access to as many different platforms, operating systems, architectures, compilers, devices, databases, tools, and applications that they may need in order to optimally develop their software," according to the Snakebite Web site, which also welcomes visitors to "the future of open source development.".

[ Related: Scripting languages spark new programming era ]

The brainchild of Trent Nelson, a committer on the Python language project, Snakebite still is under development; it is expected to formally debut in a month or so.

"The key principal of Snakebite is that it's an open network, and the concept is intended [to] parallel the very notion of open source," offering projects unlimited access to hardware and platforms that developers otherwise would not have available, Nelson said.

Snakebite serves as a centralized server farm, hosted at two sites at Michigan State University in East Lansing. Two servers are also hosted at a datacenter in Chicago.

"I was basically looking for somewhere to host machines with free power and Internet [access]," and without a lot of red tape, Nelson said. The project started out with Nelson himself purchasing computers and letting people log onto them. He estimated spending $20,000 to $25,000 during the first month of the project last spring.

"It became very apparent that the effort required in getting a network of as many different OSes as I would like to was not a trivial activity," said Nelson.

While centered on open source, Snakebite also is expected to allow projects for commercially developed software, although commercial projects may need to pay a fee to use the network, Nelson said. But the goal of the project is not commercially oriented. "My aim is to do something fun," he said.

Developers, for example, could test a patch to see if it runs on multiple platforms. Interested parties, though, must meet certain criteria pertaining to requirements in such areas as development infrastructure for developing on Snakebite. Developer collaboration also will be enabled.?

Technologies including Linux, Windows, and Unix variants, such as IBM AIX and Sun Solaris, are supported on Snakebite, which has had contributions from companies like Microsoft, which has provided Microsoft Developer Network license access to Windows server OSes. HP contributed some Itanium servers.

Currently, Snakebite features 37 servers talking to each other via a single domain. "It's going to be the epitome of a heterogeneous network," said Nelson.

Snakebite's overseers are looking to open up the network to all things Python and more. Implementations of Python will be supported including CPython, Jython, PyPy, IronPython, and stack-less Python. Developers on these projects will have full access to Snakebite.

Also sought for Snakebite are support for open source projects like the Apache Web server and MySQL and Postgres databases.

________________________________
Chip vendors bring Windows 7 closer to netbooks
February 11, 2009 at 5:47 pm
________________________________

Chip vendors Qualcomm and Nvidia have thrown their support behind the Windows 7 OS for netbooks, announcing efforts to bring better graphics and continuous 3G connectivity to the devices.

Qualcomm on Wednesday announced it was sampling chips that enable Windows 7 netbook connectivity to multiple 3G networks. Separately, Nvidia announced beta drivers for its netbook platform that could bring full high-definition video to Windows 7.

[ Test Center: Windows 7 benchmarks unmasked. ]

Qualcomm said it had updated its Gobi2000 3G embedded chip, designed to let netbooks and laptops access multiple 3G networks like HSPA or EV-DO. The chip supports Windows 7 and improves data speeds and frequencies at which devices can connect to 3G networks.

The module is in sampling and should reach netbooks and laptops in the second half of this year, Qualcomm said.

"We believe Gobi notebook and netbook customers will experience the long-sought desire for ubiquitous connectivity," said Gary

Greenbaum, director of business development for Windows Networking at Microsoft, in a statement.

Separately, graphics vendor Nvidia on Wednesday said it has released beta drivers that make its Ion netbook platform compatible with Windows 7. Nvidia's release of beta drivers could bring full high-definition 1080p video capabilities to Windows 7. It could also enable better multimedia capabilities, like photo editing and gaming, than what is usually found on netbooks.

"We have released beta drivers for Windows 7 to our customers for them to begin design/development of Ion-based systems now," said Ken Brown, an Nvidia spokesman, in an e-mail.

Nvidia and Microsoft demonstrated several applications running on the Ion netbook with Windows 7 at an event in Taiwan on Wednesday. The officials showed 1080p high-definition video while simultaneously transcoding another HD video clip.

Nvidia did not comment on specifics related to the driver. Microsoft did not immediately respond to requests for comment.

Graphics vendor Nvidia is trying to get a piece of the emerging netbook market with Ion. No Ion-based netbooks are available yet, but Nvidia says it is working with PC makers to bring "mini-notebooks" to users at prices as low as $299.

By extending Windows 7 drivers early, Nvidia is trying to entice PC makers to adopt the Ion platform over rivals like Intel, said Jon Peddie, president of market research firm Jon Peddie Research. The company's early jump in extending drivers is also showing its seriousness in entering the netbook space.

The Ion platform pairs Nvidia's GeForce 9400M GPU with Intel's Atom CPU. Nvidia claims Ion gives better graphics to netbooks while drawing less power. That benefits netbook buyers who get more powerful graphics at a lower price, Peddie said.

However, Intel officials argue the battery life and small-form factor of netbooks are not designed to run high-definition movies, which are better suited for mainstream laptops. Intel recently started shipping the Atom N280 processor and GN40 chipset that can decode 720p video. Using Intel's netbook processor, the Ion platform can make a puny netbook into an "honest-to-god notebook," Peddie said.

________________________________
Mobile data roaming still costs too much
February 11, 2009 at 4:11 pm
________________________________

I am heading to Barcelona on Feb. 15 for the Mobile World Congress, where operators from all over the world will talk about how great mobile broadband is. But I bet you they won't use it to surf the Internet while visiting the show, especially if chief financial officers have any say.

The reason is simple: Surfing the Internet using broadband while abroad is really expensive. Surfing the Internet using mobile broadband in Spain would cost me 40 Swedish kronor (about $5) per megabyte, and if I wanted to do the same in the United States, it would set me back 120 Swedish kronor per megabyte, which is a ridiculous amount of money compared to the 199 Swedish kronor per month I pay for unlimited data.

[ Back in the States, the future of broadband isn't any clearer, if Test Center's real-world WiMax road test is any indication | Get the latest on mobile developments with InfoWorld's Mobile Report newsletter. ]

So, for what I pay per month for mobile broadband access in Sweden, I would get the pleasure of downloading almost 5MB in Spain, and if I go to the United States, that number would drop to below 2MB.

No one in their right mind would pay those amounts. The huge difference in pricing has resulted in "bill shock" for many subscribers, according to Viviane Reding, the European Commissioner for the Information Society and Media. "It's happened to my own children," she said last year. "One shocking bill and they don't use their mobiles abroad anymore."

Instead, those who want Internet access pick a hotel that offers Wi-Fi access or sign up with a company like Boingo Wireless, which offers a Boingo Global subscription for $59 per month, which gives access to 100,000 hotspots scattered all over the world.

Wi-Fi doesn't offer the ease of use and ubiquitous coverage that mobile broadband does, and not all phones come equipped with it.

The only thing the current pricing has resulted in is a lot of negative publicity for operators, according to Angela Stainthorpe, analyst and roaming expert at Informa Telecoms and Media. That, in turn, resulted in the E.U. bumping data roaming up on its priority list, said Stainthorpe.

The European Commission is working to put in place a €1 ($1.29) per megabyte cap on wholesale fees, which is what operators pay each other, as of this summer.

Mobile broadband is really taking off, and the phone makers are trying to integrate applications such as social networking into their phones. But the promise of the technology will not be realized unless users can be connected anytime, anywhere.

Prices have started to come down, operators have started to offer various packages and safeguards against large bills, and the E.U. has moved to regulate pricing, but more is needed. Operators still have an opportunity to take charge of this market, and in the end make more money, Stainthorpe said.

Since they will all be in the same place, perhaps CEOs including Vodafone's Vittorio Colao, Telefónica's César Alierta, and AT&T Mobility's Ralph de la Vega should be locked in a room in Barcelona and not be let out until they have solved the issue once and for all.

________________________________
New Red Hat project looks to simplify JBoss migrations
February 11, 2009 at 2:28 pm
________________________________

Red Hat has launched a new open source project the company said is aimed at making it easier for enterprises to move from proprietary Java-based middleware like Oracle WebLogic and IBM WebSphere to its JBoss Enterprise Middleware.

The JBoss MASS (Migration Assistance) project -- launched as a community effort with Red Hat partners -- will provide software to help enterprises migrate to JBoss, as well as an online community to connect new JBoss customers with other customers and partners that have more experience working with the platform.

[ Last year, Red Hat laid out plans to make JBoss an enterprise player. ]

Aaron Darcy, a JBoss product line director at Red Hat, said the goal of the project is to lower the entry barrier for customers to migrate to JBoss. Red Hat obviously also hopes to gain JBoss customers through the project, which means more revenue for the company.

While Darcy acknowledged this would be a benefit of the project, he said that Red Hat also wants to help customers who have already expressed interest in moving to open source middleware but have asked Red Hat to tell them "where to start" on a migration path.

"In most migrations, customers are seeking help -- they don't have experience with the new technology," Darcy said. "What often happens is the effort to migrate [begins with] a manual, exhaustive review. The goal [with JBoss MASS] is to create tools to replace the manual effort."

Several Red Hat partners with expertise in deploying JBoss have committed at least one person to contribute code and technical expertise to the project, Darcy said. Companies participating are Amentra, a former partner that is now a Red Hat company; CityTech; Consilium1; Exadel; Freedom OSS; RivetLogic; Unisys; and Vizuri.

Would-be JBoss customers also can use the project to connect with these partners for help if they decide to migrate to JBoss, Darcy said.

JBoss MASS community organizers are working on a road map for JBoss MASS and should be providing migration tools and best practices sometime in the next six months, he added.

Migrating from one middleware platform to another is not an easy task. Given the global recession, many enterprises are looking to maintain the technology they have rather than begin a complicated IT migration project.

However, Darcy said Red Hat believes JBoss overall has a lower total cost of ownership than proprietary competitors, so companies that are at the end of contracts with companies like IBM and Oracle might consider moving despite the economic climate. "They're still looking for ways to lower their costs," he said.

Brad Shimmin, a principal analyst for Current Analysis, said Darcy has a point. Subscription-pricing models that companies like Red Hat and Sun offer for their middleware -- which don't include fees for running software on multicore servers and virtualization technology -- can actually save enterprise customers money and help them better manage yearly software costs, he said.

"If you're straight-up comparing licensing fees and subscription-based support services, [subscriptions] are going to win nine times out of 10," Darcy said.

In fact, Shimmin said enterprise customers are even using open source pricing models to help them negotiate better middleware contracts with companies like Oracle and IBM, who will work out a better deal for enterprise customers that will give them long-term, recurring revenue.

________________________________
Update: Yahoo adds BOSS API, fees for service level
February 11, 2009 at 1:37 pm
________________________________

Yahoo is enhancing its service for building custom search engines with access to structured data, and is also introducing fees for using BOSS (Build your Own Search Service) in order to support its plan to offer developers SLAs (service-level agreements) and increased daily query limits.

Developers will use the BOSS API to access SearchMonkey, which can make search results more useful and attractive using structured data, Yahoo said Wednesday.

[ Keep up with app dev issues and trends with InfoWorld's Fatal Exception and Strategic Developer blogs. ]

"We're exposing the structured data in SearchMonkey to all BOSS developers," said Bill Michels, senior director of Yahoo's Open Search Platform.

Once Yahoo introduces BOSS fees towards mid-2009, it will also increase the number of search results an engine can obtain via a single API call to 1,000 from 50. The fees vary depending on the type and quantity of search result involved. Yahoo will also offer SLAs to promote the creation of more sophisticated BOSS search engines.

Yahoo is also changing its terms of service to make it easier for developers to monetize search services. Previously, Yahoo didn't allow developers to generate revenue from BOSS, but now it will let them do so via Yahoo and non-Yahoo platforms, such as ad networks and other programs.

BOSS and SearchMonkey are among recent initiatives Yahoo has rolled out, as it attempts to recover the ground it has lost to Google in the search engine market in recent years. By encouraging external developers to build applications and Web services using Yahoo's search infrastructure, the company hopes to make its search products more popular and more profitable.

Still, it remains to be seen how much of an effect these and other initiatives will have on search engine market share, since Google's domination is daunting. On Wednesday, Nielsen Online reported that Google handled almost 63 percent of all search queries in the United States in January, while Yahoo came in a distant second with slightly more than 16 percent. Google also had a significantly higher search query growth compared with January 2008: 40.8 percent to Yahoo's 8.7 percent growth.

"The important thing for Yahoo is that they're maturing the contours of their BOSS offering, both in terms of the content they can provide to the partners and participants in that program, and also in terms of the business model though which they're going to offer this," said Hadley Reynolds, an IDC analyst.

The bottom-line goal of BOSS is to help individual site owners and Yahoo partners provide more attractive search experiences for their site visitors, which would in turn yield increased usage of Yahoo's search services, he said.

"Presumably, if Yahoo succeeds dramatically with BOSS, it would raise Yahoo's overall traffic and share of search queries," Reynolds added.

This article was updated on Feb. 11, 2009.

________________________________
Microsoft releases critical fixes for Exchange, Internet Explorer
February 11, 2009 at 1:02 pm
________________________________

Microsoft released software security patches Tuesday, fixing some nasty browser and mail server flaws as well as a bug in SQL Server that was publicly disclosed in December.

The company released four updates, including critical fixes for Exchange and Internet Explorer. Two other updates, for SQL Server and Visio, were rated "important," meaning it would be a little harder for hackers to exploit the bugs they fix.

[ Get the analysis and insights that only Randall C. Kennedy can provide on PC tech in InfoWorld's Enterprise Desktop blog. And download our free Windows performance-monitoring tool. ]

The Exchange patch is considered the most important, according to security vendor TippingPoint. Without the patch, hackers could shut down or possibly even take control of an Exchange e-mail server by sending a specially written e-mail attachment. "A compromised e-mail server, in addition to snooping corporate secrets, can be used as a launch pad for attacks against other servers in the enterprise," TippingPoint said in a statement.

The critical update for Internet Explorer fixes two vulnerabilities in the browser that could be exploited by hackers to run unauthorized software on a victim's computer. For this attack to work, the victim would have to be tricked into visiting a maliciously crafted Web page. Although no attacks have yet been reported exploiting these bugs, Microsoft believes that now that the patches are out, it will be easy for attackers to work up a reliable attack.

The SQL Server patch had been expected. It fixes a bug in the database software that Microsoft acknowledged late last year. According to the researcher who disclosed the SQL issue, Microsoft has known about it since April and wrote its initial patch for the bug back in September.

In all, the updates released this month are "much more critical" than January's patches, TippingPoint said. Last month, Microsoft released just one update, for its Windows Server Message Block file and print service.



________________________________
PC power tweaks can save a bundle
February 11, 2009 at 11:46 am
________________________________

Saving money using power management has been a well worn mantra in the datacenter for some time, but now Gartner has put a cash figure on the likely cost savings from managing an organization's PC power consumption -- $43,300 per year.

The analyst company said that the total power consumption (per year) for a "well-managed 2,500-PC organization is 43 percent lower than an unmanaged one." This, Gartner has calculated, means that organisations actively employing power management functionality can expect to save $43,300 per year, compared with an unmanaged 2,500-PC organization.

[ Read up on how to benchmark datacenter energy costs | Keep up on green IT trends with InfoWorld's Sustainable IT blog and Green Tech newsletter. ]

Another $6,500 can be saved per annum by turning off and unplugging machines from the electrical socket (even when switched off, PCs consume some power when left plugged in). However Gartner warns this could affect staff productivity because updates will need to be carried out during working hours, and it is somewhat impractical to do this in reality.

"Much attention on power consumption has focused on the datacenter, but PC power consumption in an organization can also be significant, especially given steadily rising electricity prices," said Federica Troni, principal analyst at Gartner.

"IT organizations should recognize that the greatest savings come from employing power management features. They should investigate the power management capabilities of their PC life cycle management tools and PC power management point solutions to implement these policies and to better support management activities."

Gartner has even created a model -- actually an Excel spreadsheet -- to assess the impact of different variables on an organization's total PC power use, although this model is only available to Gartner's customer base and not the general public. The model makes use of a number of common assumptions in order to make these calculations.

These assumptions include that there are 2,500 staff in the organization; the ratio of PCs to employees is 1-to-1; staff work an eight-hour business day 230 days per year; and active use of the PC during working hours is 70 percent of the time. The power calculation assumes a cost of $0.1 for one kilowatt-hour (kWh).

Using these parameters, Gartner's model can calculate the power consumption for desktops, notebooks, and associated monitors during the workday and after hours. The model is based on three different scenarios -- the well-managed, unmanaged, and unplugged organization.

Techworld is an InfoWorld affiliate.

________________________________
Startup Talis targets desktop security
February 11, 2009 at 10:45 am
________________________________

Start-up Talis Data Systems Wednesday launched a hardware-based security device that can be inserted into a PC to control use of USB storage devices and access to networks based on defined user privileges.

The hardware, called the Datagent Security Module, was developed foremost to meet the needs of military agencies and others in government, says Tom Darton, president of Talis. As in the private sector, there's a lot of concern about uncontrolled use of USB ports, and Datagent is intended to monitor and restrict use of thumb drives and other portable storage.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Datagent also provides what Darton calls "sensible domain separation" to allow controlled access to networks.

"In the military, there are the NIPRNet and the SIPRNet, for example," Darton says. "With Datagent on the desktop, you can allow or disallow network access based on various factors, such as time of day."

Talis, founded three years ago by Matt Castelli, Terence Slyntz and Brad Saunders, has about 10 employees. It's backed with an undisclosed amount of private venture capital, including a 60 percent equity stake of $2.3 million from Pilot Power Group, a retail electric provider based in San Diego.

Slyntz and Saunders remain as outside consultants. Castelli, now the company's director, says the 3.5-inch-sized Datagent hardware, installed in a floppy drive, is managed via workstation-based software called AuditX.

Talis intends to primarily market Datagent by integrating the hardware into Dell and HP computers through authorized resellers, with an expected cost ranging from about $1,200 to $3,500 depending on the number of authorized networks.

Datagent is certified to the EAL-4 security level defined by the National Security Agency, according to Talis.

Network World is an InfoWorld affiliate

________________________________
Security expert: Microsoft should cut IE's links to Windows
February 11, 2009 at 10:24 am
________________________________

Microsoft would better protect users by severing Internet Explorer 's connections to Windows, then patching the browser invisibly in the background -- daily if necessary, a security expert argued Tuesday.

"The browser is the heaviest-used application that interacts with the Internet, and the most likely source of malicious content. IE vulnerabilities should be given the highest priority and patched first," said Wolfgang Kandek , CTO at security company Qualys.

[ Get the analysis and insights that only Randall C. Kennedy can provide on PC tech in InfoWorld's Enterprise Desktop blog. And download our free Windows performance-monitoring tool. ]

But that's not what happens in the real world, he said. "Unfortunately, the vulnerability data that we collect shows that companies treat browser patches just like all other patches. IE's patch deployment cycle correlates very closely with other critical patches."

According to data Qualys collected from scans of several hundred thousand Windows PCs owned by its customers, the patching pace for IE vulnerabilities was essentially the same as the rate at which users fixed other non-IE critical flaws.

To pick up that pace, Kandek suggested that Microsoft sever Windows' links to IE completely, then boost IE's update frequency and take some, or all, of the control out of users' hands. "There's just too much user interaction required by Microsoft for IE," he said, referring to the way Microsoft updates its software, IE included, using services such as Windows Update.

"If Microsoft removed IE from Windows and made it independently updatable, I think you'd get improved update performance," said Kandek.

Although pulling IE from Windows would mean that Microsoft would have to come up with a different mechanism for Windows Update -- currently the service relies on IE -- Kandek believes the benefit to users would be significant. "Taking IE out of the [monthly] patch cycle would give us better protection," he said.

Rather than patching IE only once a month , as it does now, Kandek would like to see Microsoft pick up the pace by rolling out fixes as soon as they're ready, in effect mimicking the update process that Mozilla Corp. uses for Firefox , or the even less intrusive approach that Google Inc. applies to its Chrome browser.

Firefox users receive a notice when security updates are available, and can click through to download and install the patches. Chrome users, meanwhile, do nothing: Google pushes patches to its browser automatically, and they're installed with no user action required. Either method would be preferable to Microsoft's current update strategy for IE, Kandek said.

That applies for all IE users, including those working for companies where IE is mandatory, and patch deployment can be delayed by testing, or for fear of disrupting workflow. "I think that you should just determine for the corporation to trust Microsoft and their quality control" on the patches, Kandek said. "Browser patches are heavily tested by Microsoft, and unlikely to break any existing functionality on the desktop."

Microsoft could conceivably split IE from Windows with its newest browser, Internet Explorer 8, which reached "release candidate" status late last month. "IE8 would be a good opportunity," said Kandek.

Ironically, he may get his wish if the European Union has its way. The Competition Commission, the EU's antitrust agency, recently hit Microsoft with a new set of charges , this time concerning IE. On Jan. 15, the Commission said that by tying IE to Windows, Microsoft "distorts competition" in browsers and gives IE "an artificial distribution advantage" over rivals like Firefox, Apple Inc.'s Safari and Opera Software ASA's Opera.

"If the [Commission's] preliminary views were confirmed, the Commission would consider ordering Microsoft to give users an objective opportunity to choose which competing Web browser(s) instead of, or in addition to, Internet Explorer they wanted to install in Windows, and which one they wanted to have as default," said EU spokesman Jonathan Todd in an e-mail. "Microsoft could also be ordered to technically allow the user to disable Internet Explorer code should the user choose to install a competing browser."

Although IE's market share has been steadily shrinking -- under assault from Firefox, first of all, Safari second -- it accounted for about 68 percent of all browsers used last month, according to Internet metrics vendor Net Applications Inc.

Computerworld is an InfoWorld affiliate.

________________________________
On-demand ERP vendor NetSuite targets retailers
February 11, 2009 at 8:35 am
________________________________

On-demand ERP (enterprise resource planning) vendor NetSuite is gunning for business among North American retailers with a new software suite for multi-channel businesses, the company announced Wednesday.

The Multi-Channel Retail Management Suite has features for creating Web stores that connect with retail locations, providing a unified view of inventory, accounting, and customer information; package tracking information for customers; and support for multiple currencies and languages. NetSuite is also integrated with eBay.

[ Keep up on the latest tech news headlines at InfoWorld News, or subscribe to the Today's Headlines newsletter. ]

Other capabilities include marketing campaign tools, such as a "shopping cart abandonment" feature that can be used to send customers coupons for items they initially placed in their online shopping cart but subsequently failed to buy.

Pricing for the suite varies based on specific customer configuration requirements, the company said.

NetSuite is also hyping the suite's tight integration with the point-of-sale system made by OnSite, a software vendor that also makes a number of other products that integrate with NetSuite. OnSite's POS features include electronic signature capture and the ability to create gift cards.

While NetSuite has aligned forces with OnSite, customers will still be able to integrate NetSuite's software with other point-of-sale systems, a spokesman said.

NetSuite customer Distribution Video & Audio, of Palm Harbor, Florida, is using the OnSite POS, said CEO Brad Kugler.

DVA is primarily a wholesale and online business, but each December it opens up its warehouse for a sale that draws thousands, he said. "We were in dire need of some type of point-of-sale add-on to NetSuite."

The company went with OnSite due to its tight integration with NetSuite, he said. "Downloading inventory [information] to a POS and then back? I didn't want to deal with that."

DVA is only using the OnSite system four or five days a year. "I was able to get it very cheaply because of that," he said.

Overall, NetSuite and the on-demand model have worked out well for DVA, according to Kugler.

Before NetSuite, DVA had been using a range of software, including spreadsheets to track inventory and Intuit's QuickBooks product. As revenue climbed toward $20 million, the company began looking for a unified system, he said.

There are "definitely fewer headaches" with the on-demand model compared with on-premise systems he has used from SAP and Microsoft, he said: "It's not possible to have a system like that without a full IT staffer [on site], and there's $80,000 [a year] right there. I'm not into cutting jobs, but I don't need it."

NetSuite has proved to be reliable, according to Kugler. So far he has had only one unscheduled service outage, which lasted about an hour.

Although he is not sure whether the on-demand model has proved to be less expensive, dollar for dollar, it offers him greater day-to-day flexibility, Kugler said: "I can travel more, my sales guys can, and I can do orders on the spot at trade shows. We were never able to do that before."

While ERP vendor Epicor has launched a SaaS product for retailers, many other vendors in the retail ERP space -- which includes giants such as SAP and Oracle, as well as a range of specialists including Island Pacific and Retalix -- have not yet followed suit, said Janet Suleski, research director, retail, at AMR Research.

Suleski praised the multi-channel focus in the new NetSuite offering. Other vendors "haven't cracked the code on multi-channel retailing yet," she said. "[But] the key word is 'yet.'"

________________________________
RIM releases patch for buggy ActiveX control
February 11, 2009 at 7:54 am
________________________________

Research iIn Motion has patched a piece of software for Windows PCs that could leave them vulnerable to attack when loading new applications onto BlackBerry devices.

The flaw lies in an ActiveX control used to load third-party applications onto BlackBerrys connected to a PC via a USB cable. An ActiveX control is a small add-on program that works in a Web browser to facilitate the downloading of programs or security updates. However, the controls have been prone to vulnerabilities.

[ President Obama recently announced plans to keep his BlackBerry | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

RIM said in an advisory that a vulnerability is introduced to a PC when someone runs the BlackBerry Application Web Loader Version 1.0 ActiveX control with any version of Microsoft's Internet Explorer browser. The advisory contains a link to the patch.

The vulnerability is an exploitable buffer overflow, which is a problem in memory that could allow an unauthorized program to run. RIM didn't give details on how it might be exploited.

However, the U.S. Computer Emergency Readiness Team (CERT) said an attacker could be able to execute arbitrary code with the privileges of a user by getting that user to view a specially-crafted HTML document. It could also cause Internet Explorer to crash, CERT wrote in an advisory.

The problem scores a 9.3 on the Common Vulnerability Scoring System (CVSS), a way to evaluate the danger of a flaw. A score of 10 is considered the most dangerous, and anything above a seven is considered highly severe.

RIM advises that customers apply the patch. In its latest security updates on Tuesday, Microsoft also released a "kill bit" for the affected ActiveX control. A kill bit blocks an ActiveX control from running in Internet Explorer.

________________________________
PC processor shipments to drop in 2009
February 11, 2009 at 7:41 am
________________________________

PC microprocessor shipments slowed in the fourth quarter and will continue to decline this year, according to an IDC survey released on Wednesday.

Microprocessor unit shipments will decline by about 15 percent in 2009 compared to last year, according to preliminary numbers from the market researcher. Worldwide microprocessor shipments during the fourth quarter dropped 17 percent sequentially and 11.4 percent year-over-year, IDC said.

[ How severe is the impact of the economy on IT? Find out in "Is tech in more trouble than we think?" And learn the "Five top spending priorities for hard times." ]

The research firm couldn't quantify the number of microprocessor shipped during the fourth quarter, but the fall was precipitous, said Shane Rau, research director at IDC.

"After hinting at a decline last September, the market fell of a cliff in October and November," Rau said.

The worldwide recession has slowed PC demand which will continue to affect microprocessor shipments. Worldwide PC shipments fell 0.4 percent year-over-year in the fourth quarter of 2008, IDC said in study released last month. Shipments of netbooks totaled 10 million in 2008, but strength in netbooks was outweighed by slow or even declining sales of traditional laptop and desktop PCs.

Intel took a big chunk of the server, mobile and desktop chip space from its rivals, Advanced Micro Devices and Via Technologies.

Intel's market share in unit shipments was 81.3 percent in the fourth quarter, up from 80.8 percent share in the third quarter and 76.7 percent in the fourth quarter a year earlier. AMD had a 17.7 percent share in the fourth quarter, down from 18.5 percent during the third quarter and 23.1 share it had a year earlier. Via Technologies held a 0.4 percent share during the fourth quarter, compared to 0.2 percent it had the previous year.

After dominating most segments, Intel is now looking for new markets to grow, Rau said. The company has its feet wet in the mobile space with chips like Atom for mobile devices, but the competition is intense from entrenched competitors like Texas Instruments and Qualcomm, Rau said. These markets are either flat or in decline because of the recession, which also poses a big challenge for Intel.

Beyond entering new markets, Intel on Tuesday announced it would try to provide faster chips by shifting to the 32-nanometer manufacturing process. The move should stimulate chip demand for Intel and help it gain market share over rivals, Rau said.

"Intel is enabling its customers to build better products rather than just cutting price," Rau said.

Intel already dominates the netbook space with its Atom processor, though Via could present some challenges. The small chip vendor can provide inexpensive chips for netbooks and enable new form factors, so customers may look at its chips as an Intel alternative.

As long as Via continues to ramp its C7 and Nano processors, it will inevitably gain some share though the numbers are hard to quantify, Rau said.

"[Via] is more a rebel with less to lose," Rau said.

Intel's primary rival, AMD, has held a steady market share in desktop processor shipments, but has been volatile in the mobile processor space. It hasn't been able to match Intel on pricing and features on mobile chips, Rau said.

The news for AMD is better in the server space, where it recovered from the earlier Opteron server chip mistakes with a new chip code-named Shanghai it shipped last year. Unfortunately the recovery came when the worldwide economic crisis began, which has slowed down adoption of its server chips. But the company is well-placed to see those chip shipments rise as economies recover.

AMD's worst competitor is itself, and its strategies tend to work best if it doesn't focus on competition with Intel, Rau said. AMD's products on the crosshairs of specific market segments dominated by Intel -- like the Athlon Neo for ultrathin laptops -- have worked in the company's favor.

But with the recession, AMD needs to focus more on surviving in the market, not market share, Rau said. The company is spinning off its fabs and lowering its cost structure through downsizing.

But AMD has a price advantage over Intel, Rau said. If the company releases chips on time and lowers the cost structure, it will have better control over pricing its products. That could bring the company back into contention against Intel.

"No one should think that AMD's going away... the market needs two viable competitors to remain competitive," Rau said.

________________________________
Microsoft update takes on spam-spewing botnet
February 11, 2009 at 7:12 am
________________________________

Microsoft has beefed up the Malicious Software Removal Tool (MSRT) that ships with its Windows operating system so that it will detect and root out the notorious Srizbi botnet code.

"This month's MSRT takes on one of the largest botnets currently active worldwide," wrote Microsoft spokesman Vincent Tiu in a blog posting Tuesday, the day the update to the software removal tool was released. "Win32/Srizbi has been accused of being responsible for a huge chunk of spam e-mail messages sent in the years after its discovery," he added. "We hope to make a positive impact with the addition of Win32/Srizbi into MSRT."

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Because Microsoft's detection software runs on hundreds of millions of computers worldwide, including many that are not running up-to-date anti-virus software, a move like this can bring a botnet to its knees. That's what happened in September 2007, when Microsoft added detection for the Storm Worm botnet. Within 24 hours it had removed about 91,000 Storm infections, and soon the botnet was a shadow of its former self, experts say.

However, the results may not be so dramatic this time around. Srizbi was effectively knocked out of action last November when operators of the McColo Internet service provider in San Jose, Calif., were kicked off the Internet.

That takedown knocked the Srizbi command-and-control servers out of operation, and only about 1 percent of the botnet is still active. There are, however, several hundred thousand Srizbi-infected PCs out there, all of which are quietly waiting for new instructions, should criminals ever discover a way to reach them now that McColo is out of commission.

Microsoft could have taken a bigger bite out of spam had it targeted another botnet called Xarvester, said Joe Stewart, a botnet researcher with security vendor SecureWorks.

Still he applauded Microsoft's move to clean up the Srizbi-infected computers. "It's good to get them cleaned up, but it's not going to have the impact that it had on Storm."

________________________________
Tech layoffs: The real numbers aren't so bad
February 11, 2009 at 6:00 am
________________________________

From the constant drip of tech industry layoff announcements, you'd think huge numbers of IT workers would be out on the street. And certainly Cisco, Dell, Hewlett-Packard, IBM, Intel, Oracle, SAP, Sun, and others have announced thousands of layoffs. But the numbers they report don't reflect actual people losing their jobs, so the real tally of tech workers who have found themselves jobless is significantly smaller than you'd think.

"I honestly do not think the tech sector is in as bad a shape as it might appear," says Frank Scavo, managing partner at Strativa, a technology management consulting firm. "IT executives have been quite conservative in their IT spending growth over the past several years. And when the economy took a downturn last year, they were pretty quick to make cuts."

[ Good IT news amid the gloom: Two firms project that 2009 will bring salary increases, InfoWorld reported last week that tech is still a safe career choice today, and despite the economy, certain IT skills remain in demand. ]

The grim initial picture
To be clear: The economy is bleak, and tech vendors are taking necessary action. "IT vendors are protecting themselves against what most now assume will be a weak market throughout much of 2009, with IT spending cutbacks spreading to other sectors like software applications and network infrastructure," explains IDC analyst Stephen Minton.

Indeed, last month saw a raft of layoff plans like no other in the portion of the tech industry that supplies business IT. Microsoft said it will reduce its workforce by 5,000, Intel will cut 6,000, Sun said an ongoing worker reduction could stretch toward 6,000, SAP revealed intentions to ratchet down its total headcount by 3,000, Oracle axed 500, and even IBM, which reported positive earnings, confirmed layoffs. Although Big Blue did not provide an exact number, a union Web site for IBM employees put that at about 4,200 and reported rumors that it could soar as high as 16,000. What's more, Dell warned in December that it would cut as many as 8,900 employees worldwide.

Late last week, Cisco Systems CEO John Chambers said the networking giant may eliminate 1,500 to 2,000 jobs, a move that Chambers said he hopes would enable Cisco to avoid larger layoffs like other tech stalwarts were forced to put into practice.

So from these announcements from just the major tech vendors, that's as many as 35,600 jobs lost, not counting the remainder of the 16,000 rumored layoffs at IBM or the 24,600 people Hewlett-Packard said last year that it would let go as part of its EDS acquisition.

Estimates elsewhere range from 125,000 to 200,000, but they include HP's layoffs from last year plus consumer-oriented tech vendors and telcos, such as AT&T, Sprint-Nextel, and Yahoo.

The real layoff numbers revealed
But InfoWorld's count of actual layoffs -- people who have lost real jobs -- from these business IT tech vendors is nowhere near 35,000. Instead, it's about 9,600. That's not good news for those who've lost their jobs, but it's not the kind of number that should cause a panic.

Why the disconnect? Because announced layoffs aren't actual layoffs. "It's smoke and mirrors," says Natalie Petouhoff, a senior analyst at Forrester Research, "to tell shareholders they're doing what they need to do." The announced numbers include vacant positions and planned positions, so eliminating them doesn't actually result in anyone fired. And the announced numbers include layoffs that may occur later on.

For example, in Microsoft's case, on the day it announced layoffs, Microsoft actually shed about 1,400 employees. The rest of the 5,000, it said, would come during the next 18 months. "Microsoft might be able to reduce headcount by that number in the next year and a half simply by not hiring in certain divisions," says Neil MacDonald, an analyst with Gartner.

Sun followed a similar tack when it said last November that it was reducing jobs. Then, in January the company started that process by cutting 1,300 people -- a far cry from the 6,000 job losses the company offered originally.?

IBM, for its part, was stingy with headcount details, but the union site Alliance@IBM put that number at 4,200. Intel said it would lay off employees as it closes four plants around the globe and said that some of the 6,000 people will be offered new jobs in other facilities rather than cut loose entirely. Thus far, Intel has not publicly revealed how many jobs have been eliminated; instead it said the cuts will come throughout the rest of this year.

Dell, meanwhile, advanced its restructuring in early January by saying it would move some manufacturing out of Limerick, Ireland, and lay off 1,900 workers there beginning this month.

Rumors have been swirling that Oracle will slash up to 8,000 people, though the Wall Street Journal reported that the apps vendor has cut 500 in North America thus far (Oracle has yet to disclose any specific numbers). And reports indicate that SAP has let go 300 to date.

All of these actual layoffs adds up to about 9,600.

Future remains murky, but hopeful
Of course, the current 9,600 statistic is sure to rise. But the reality is still far better than the 35,000 or more figures that the series of layoff announcements would indicate.

And no doubt, everyone hopes that the actual cuts now, coupled with a hoped-for turnaround in the economy later this year, will mean those potential future cost won't be needed, or at least not to the same degree. "Nobody is happy to be making these cuts in IT. The hope is that current layoffs and spending reductions will enable organizations to ride out 2009," says IDC's Minton. "Those tech providers that have costs under control now should be in good shape to profit from the recovery next year," agrees Strativa's Scavo.