Archive for the ‘Software’ Category
China to mandate Web filtering software on all new PCs
Late last month, China quietly ordered PC manufacturers to bundle Internet access control software with all computers sold in the country. The software, which appears to be Windows-only, looks to provide a mix of features, including whitelists, blacklists, and on-the-fly content-based filtering. But the key feature that appeals to the government may be the fact that it allows blacklists to be updated remotely.
The government has already worked with the developers of the software, called “Green Dam-Youth Escort,” previously. Jinhui Computer System Engineering Co, which developed it, apparently worked out the basic features of the filtering when assisting the Chinese military in securing the distribution of internal documents, according to The Wall Street Journal, which broke the story over the weekend.
Rebecca MacKinnon, who is an Open Society Fellow and worked previously at the University of Hong Kong, has translated some of Jinhui’s press materials, which indicate that the Chinese government has worked with Jinhui to make Green Dam available as a free download, and assisted in getting it installed in schools. Jinhui had apparently already arranged to have the software bundled by a number of manufacturers.
There seems to be some confusion about the exact capabilities of Green Dam, as The Journal reported that one of Jinhui’s founders indicated that the software relies on a database of blocked sites that allows it to be updated remotely. Reuters, however, talked with the same person, who indicated that it can perform semantic and image-based evaluation of incoming content—as such, the founder claimed that it’s impossible for the software to be used for general censorship purposes. Still the two capabilities aren’t mutually exclusive, and it would certainly be possible to tune Green Dam’s semantic engine in a way that enabled it to filter out politics in addition to porn.
In any case, Green Dam will have to have been fairly well integrated into the host operating system in order to function well, which presents manufacturers with a whole host of potential problems. Manufacturers tend to bundle a lot of software with their machines, which raises the possibility of conflicts between Green Dam and other software on the machine. The auto-updating of the blacklist is also mentioned as another potential security risk, and certainly raises the prospect that computer makers will have to support software with behavior that changes over time. Although the government seems to have given manufacturers little time to adjust to the mandatory policy—it’s set to take effect July 1—for now, it appears that they’re being given the option of simply shipping disks in the box, rather than installing and enabling Green Dam.
Although China clearly exerts great control over the political content that reaches its citizens, the government appears to be extremely squeamish about is citizens’ interest in porn. As such, it’s tempting to take this policy announcement at face value: an attempt at social, rather than political control. Still, if the software does have the ability to perform remote updates of a blacklist, it will mean that the Chinese government has given itself the option of having the capacity to filter political content, available at the flick of a server-side switch.
Windows 7 to have an ‘XP mode’
Microsoft is trying to make it easier to sway users of Windows XP onto the latest version of its operating system.
For some time now, the company has been quietly building a “Windows XP mode” that uses virtualization to allow Windows 7 to easily run applications designed for Windows XP. According to sources familiar with the product, the application compatibility mode is built on the Virtual PC technology that Microsoft acquired in 2003, when it scooped up the assets of Connectix.
By adding the compatibility mode, Microsoft is aiming to address one of the key shortcomings of Windows Vista: its compatibility issues with software designed for Windows XP and earlier versions of the operating system.
Details of the Windows XP mode, previously known as Virtual Windows XP, were first published earlier Friday by the Windows SuperSite blog.
The technology has not been part of the beta version of Windows 7 or previously disclosed by Microsoft, but is expected to be released alongside the upcoming release candidate version. Microsoft said on Friday that it will release it to developers next week and publicly starting May 5.
According to the SuperSite report, written by bloggers Paul Thurrott and Rafael Rivera, the XP mode won’t come in the box with Windows 7, but will be made available as a free download for those who buy the professional, enterprise, or “ultimate” versions of Windows 7. The site also has some screenshots of the mode in action.
There had been rumors of a secret user interface, but until Friday, no mention of the XP mode.
Update: Late on Friday, Microsoft confirmed XP Mode in a blog posting.
“Windows XP Mode is specifically designed to help small businesses move to Windows 7,” Microsoft’s Scott Woodgate said in the blog. “Windows XP Mode provides you with the flexibility to run many older productivity applications on a Windows 7 based PC.”
According to the post, “all you need to do is to install suitable applications directly in Windows XP Mode which is a virtual Windows XP environment running under Windows Virtual PC. The applications will be published to the Windows 7 desktop and then you can run them directly from Windows 7.”
Microsoft said it “will be soon releasing the beta of Windows XP Mode and Windows Virtual PC for Windows 7 Professional and Windows 7 Ultimate.”
Microsoft to Kill Windows 7 Beta on Feb. 10
Computer enthusiasts who want to get their hands on the trial version of Microsoft’s next operating system have just two more weeks to do so.
The company says it will end availability of Windows 7 Beta on Feb. 10.
There are a couple of loopholes, however. Users who started to download the OS before that date will have until Feb. 12 to complete the process. Also, Microsoft will continue to distribute product keys beyond Feb. 12 to users who have previously downloaded Windows 7 Beta but have yet to obtain a key.
“We are at a point where we have more than enough beta testers and feedback coming in to meet our engineering needs, so we are beginning to plan the end of general availability for Windows 7 Beta,” said Brandon LeBlanc, Microsoft’s in-house Windows blogger, in a post Friday.
Microsoft will post warnings on its Web site that the download program for Windows 7 is about to end starting Tuesday. A final version of Windows 7, Microsoft’s follow-up to Windows Vista, is expected to be available in late 2009 or early 2010.
Perhaps due to Vista’s unpopularity, computer users have been downloading Windows 7 Beta in droves. Microsoft dropped limits on the number of available copies of the software after a crush of download requests for the new operating system brought the company’s servers to a halt during the first weekend of availability earlier this month.
Windows 7 offers numerous new features, including native support for touch-screen interfaces and more than 20 hotkey combinations designed to simplify use.
Microsoft needs Windows 7 to be a hit. Vista has failed to catch on with mainstream computer users and businesses have shunned it outright. Many users have complained about Vista’s hardware requirements, intrusive security measures, and lack of compatibility with older applications.
Dissatisfaction with Vista has allowed Apple to gain share against Microsoft in the computer operating system market in recent months. Windows’ market share in November fell below 90% for the first time in years while Mac OS is now flirting with the 10% mark, according to market watcher Net Applications.
It’s all taking a toll on Microsoft’s bottom line. Last week, the company said second quarter profits tumbled 11%. It also announced a restructuring plan that will see it lay off 5,000 full-time employees and an additional 5,000 contract workers.
Microsoft warns of SQL attack
Just days after patching a critical flaw in its Internet Explorer browser, Microsoft is now warning users of a serious bug in its SQL Server database software.
Microsoft issued a security advisory late Monday, saying that the bug could be exploited to run unauthorized software on systems running versions of Microsoft SQL Server 2000 and SQL Server 2005.
Attack code that exploits the bug has been published, but Microsoft said that it has not yet seen this code used in online attacks. Database servers could be attacked using this flaw if the criminals somehow found a way to log onto the system, and Web applications that suffered from relatively common SQL injection bugs could be used as stepping stones to attack the back-end database, Microsoft said.
Desktop users running the Microsoft SQL Server 2000 Desktop Engine or SQL Server 2005 Express could be at risk in some circumstances, Microsoft said.
The bug lies in a stored procedure called “sp_replwritetovarbin,” which is used by Microsoft’s software when it replicates database transactions. It was publicly disclosed on December 9 by SEC Consult Vulnerability Lab, which said it had notified Microsoft of the issue in April.
“Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue,” Microsoft said in its advisory.
This is the third serious bug in Microsoft’s software to be disclosed in the past month, but it is unlikely to be used in widespread attacks, according to Marc Maiffret, director of professional services, with The DigiTrust Group, a security consulting firm. “It is rather low risk given other vulnerabilities that exist,” he said via instant message. “There are a lot of better ways to currently compromise windows systems.”
After seeing the Internet Explorer flaw used in a growing number of online attacks, Microsoft rushed out an emergency patch for the issue last Wednesday. The company says it has also seen “limited and targeted attacks” exploiting a serious bug in the WordPad Text Converter for Word 97 files. As with the SQL bug, this WordPad converter vulnerability has not been patched, but is a prime candidate to be fixed in Microsoft’s upcoming January 13 security updates.
Leave a Comment
Leave a Comment
Leave a Comment





