Tag: Windows XP

Categories
Uncategorized

Microsoft vs. Apple: Who patches zero-day vulnerabilities faster? The Swiss chime in with an answer

So, the controversy is nothing new, and nearly as old as the as Apple 1984 commercial.  I’ve posted previously at Mac and PC Security and noted that — no matter what connected platform you use — there’s no immunity from security vulnerabilities.  And there is certainly no shortage of news on Macintosh vs. Windows vulnerabilities.

This week it appears that the efforts to improve security over the last few years had paid a dividend: Computerworld notes the Swiss research that examines which company patches zero-day vulnerabilities faster.  And the answer isn’t likely to show up in an Apple ad any time soon…

Apple’s teasing commercials that imply its software is safer than Microsoft’s may not quite match the facts, according to new research revealed at the Black Hat conference on Thursday.

Researchers from the Swiss Federal Institute of Technology looked at how many times over the past six years the two vendors were able to have a patch available on the day a vulnerability became publicly known, which they call the 0day (zero-day) patch rate.

They analyzed 658 vulnerabilities affecting Microsoft products and 738 affecting Apple. They looked at only high- and medium-risk bugs, according to the classification used by the National Vulnerability Database, said Stefan Frei, one of the researchers involved in the study. [Click here for the paper in PDF format.]

What they found is that, contrary to popular belief that Apple makes more secure products, Apple lags behind in patching.

Frei is with the Computer Engineering and Networks Laboratory (TIK) at the Swiss Federal Institute of Technology, ETH Zurich. The paper is “0-Day Patch – Exposing Vendors (In)security Performance, 2008” in which the researchers look at the “0-day patch rate as a new metric to measure and compare the performance of the vulnerability handling and patch development processes of major software vendors.”

I hear the Swiss are traditionally neutral. 😉

More at http://www.techzoom.net/risk/ and the Computerworld article at Microsoft vs. Apple: Who patches zero-days faster?

Tags: Microsoft, security, Macintosh, Stefan Frei, 0 Day, vulnerability.

Categories
Uncategorized

It’s Time To Spring Forward An Hour in the US and Canada: Daylight Saving Time Arrives Sunday

Brace yourselves… it’s that time again.


That’s right: it’s the start of Daylight Saving Time in much of the US and Canada, as noted in more than 2,200 news articles today.



“Huh?  It’s not for a couple of more weeks,” one person said yesterday.


“Nope, it’s this weekend… we updated our products last year to account for the change,” I heard another manager say. (Nice to hear that the message got out. 😉


This year, DST in much of the US and Canada begins on March 9, several weeks earlier than in years prior to 2007. As you may recall, last year the US and Canada “sprang forward” a few weeks earlier than in past years in accordance with the US Department of Energy’s Energy Policy Act of 2005 that was passed into law. DST will end later than usual, on the first Sunday of November (in 2008, November 2); more details on the new DST start and end times can be found here). This results in a new DST period that is approximately three to four weeks longer than in previous years.

So what should you do to make sure that your computers are ready for the change?  If you use Microsoft Update on your PC at home, chances are you’re already covered.  The December Cumulative 2008 Daylight Saving Time and Time Zone Update for Windows should already be installed on your PC.  If you’re not sure, visit Microsoft Windows Update to check your PC and install important updates.  At work, if an IT Pro (aka ‘hero’) manages your network, chances are good that the needed updates have already been installed on your computers and devices automagically.


If you manage servers and a host of Microsoft software, visit http://www.microsoft.com/time for more details.  And visit the support web sites of any other software companies to see if you need to apply any updates – it’s not just Microsoft software that may require updates.  Keep in mind that it’s not just the US and Canada that made changes to DST and time zones: we have an upcoming change in Australia and others noted on the DST and Time Zone Hot Topics page.


In Australia, there are changes to Eastern & Central zones. Australia Eastern (New South Wales, Victoria, Australian Capital Territory and Tasmania) and Central (South Australia) time zones will extend daylight saving and also harmonize start and end times commencing April 2008. From April 2008, daylight saving will end on the first Sunday in April and recommence on the first Sunday in October in all states.


For a summary of the status of product updates, we recommend that customers review the information on the Australia Eastern & Central 2008 Daylight Saving Changes page.  As noted there, the official Australian Government Time web site is a resource to prepare and educate end users and businesses. 

 In most cases, customer will find that these changes have been addressed when the latest cumulative time zone update for Microsoft Windows operating systems was applied (released December, 2007, as noted at http://support.microsoft.com/kb/942763).  Some of the updates are not specific to the Australia Eastern and Central changes and can be applied immediately; other products (for example Office Groove) require manual adjustment after application of the time zone update to the host Windows operating system.

And remember: time is a precious thing. Never waste it.


Of interest, these top news articles for daylight saving time



[update 2:40PM] And thanks to Mary Jo for mentioning this post on her blog to increase awareness.


Tags: Microsoft, Daylight Saving Time, Daylight Savings Time, DST. 3,530,000 (down a million items); 6,950,000; 649,000+

Categories
Uncategorized

Is the Microsoft Wireless Entertainment Desktop 8000 too much? It depends…

Last year I posted an entry on how to choose the best computer which included an article by Mike Himowitz, columnist at the Baltimore Sun.  Himowitz wrote the article “Sticker tells shopper key parts of a laptop” which covers “the specific components of a portable PC.”

Overall, I like Mike’s advice: I’ve found it to be direct and to the point, with few sidetracks.

Microsoft Wireless Entertainment Desktop 8000Last week, I walked by the new Microsoft Wireless Entertainment Desktop 8000 at the Microsoft Company Store.  I use the Wireless Laser Desktop 4000 at work and at home with the comfort curve key layout, and I thought that it would be a nice addition to our home Media Center set up.  Heck, the 8000 would look great on the desk of our home office, too.  The web site touts that the 8000 is “designed to make it easier than ever to control PC media from your desk, your lap–or even from the comfort of your couch.”

Opening the paper this morning, I found that Himowitz has a review of the Microsoft Wireless Entertainment Desktop 8000 reprinted in today’s Seattle Times (originally from his article in the Sun, “Tinkling these keys isn’t worth $260“).

“Reality check — $260 for a keyboard and mouse? That’s almost four times as much as I spent for the wireless combo I use with the computer that’s hooked up to our HDTV set. What could you possibly get for that much money?

“As it turns out, you get the same thing you get when you buy a Mercedes instead of a Camry: more luxury and styling and gimmicks. There’s a somewhat bigger payoff for couch potatoes, but is it enough to justify almost $300?”

In short, Mike said that the answer is no.

Unlike Mike’s experience, where had trouble getting used to the Comfort Curve key layout after more than a week of use, I find that the design is my preferred layout.  After I used the keyboard for about a month, I found that the design fits my hands quite nicely. In fact, I have difficulty going back to a laptop after spending time working on my desktop system.

Mike asked the real question, and offers his answer:

“But are all these features worth close to $300?

“Bottom line: I wouldn’t pay that much. But if you (a) have the money, (b) think you can get used to this lap-friendly, wireless keyboard and (c) want it packaged with a superb laser mouse, you won’t be disappointed.”

Once again, I agree with Mike. $300 is a lot for a keyboard and mouse, even if you do have the money.  It’s certainly a nice improvement over the older (and retired) Microsoft Remote Keyboard for Windows XP Media Center

Wireless Entertainment Desktop 7000There are several other Comfort Curve design mouse and keyboard sets available, including the equally svelte Wireless Entertainment Desktop 7000 (which CNET reviewed and ranked sightly lower than the 8000).  I think that the backlit keyboard and four USB Ports make the 8000 a better choice for a home theatre, but the 7000 is a good addition to any Media Center setup for the US$129 street price I’ve seen recently.  For home office use, the Wireless Laser Desktop 4000 and Wireless Laser Desktop 6000 are both good, affordable choices.

CNET has a review of the 8000 mouse and keyboard bundle, giving it a 7.0 out of 10, highlighting that the system is rechargeable, and easy-to-use with smart backlighting.  But CNET disses it for being “expensive…” and for having a “clunky recharging station.”

I’m still thinking about that investment… so far I have not brought one home, as elegant as it is.  But with a street price of around $249, it’s nearing what I consider a reasonable premium over the 7000.  If you’ve invested a hefty sum into a Media Center PC and home theatre setup, the 8000 is probably a small portion of the overall cost of the setup.  And it could be an easy to appreciate premium: with your remote control, the keyboard and mouse are pieces that you use with your Media Center system nearly every day.

Tags: tips, Windows Vista, Media Center, hardware, keyboard, mouse, Mike Himowitz.

Categories
Uncategorized

Your questions: “when should I use Sleep and Hibernate modes on Windows?”

I get the question a lot on sleep vs. hibernate (and as noted in a recent post), and it came up today in a discussion. 

“I’m confused by the different selections I have in the Start menu… when should I use Sleep and Hibernate to turn off my computer?”

In Sleep (or standby), you’ll see that the computer is generally off, with a trickle of power keeping the computer’s memory powered.  When you use your PC throughout the day, but leave for extended periods (lunch, meetings, even overnight), Sleep is a good choice.  And (depending on your model) all it takes is a mouse movement or keyboard tap to wake the computer up. 

One of the reasons I also have a UPS on my main desktop at home is that I use Sleep most often, and if the computer loses power, the work you may have open but not yet saved will be lost.  And on our notebooks at home (and at the office) we use Sleep given that the computer’s battery acts like a mini UPS and generally has enough power to keep the memory alive. (Note that we generally keep the notebooks connected to a power supply as well.)

When I leave for the weekend, I often use Hibernate on my PCs at the office and at home.  In this state, the PC’s complete memory state (the contents of RAM) is saved by writing to the hard disc and the computer powers down.  When you turn the computer back on (recovering from hibernation) via the hibernation file, you start up where you left off.

This from TechNet:

When a PC starts up, Windows Vista performs many processing tasks in the background, returning control to the user much sooner than previous versions of Windows. Even this short wait happens less frequently than before, because instead of shutting down the computer to save power, users can use the new Sleep state, the default state for turning off computers running Windows Vista. Sleep combines the resume speed of Standby mode with the data protection and low power-consumption characteristics of Hibernate. When entering the Sleep state, Windows Vista records the contents of memory to the hard disk, just as it would with Hibernate. However, it also maintains the memory for a period of time, just as Windows XP maintains the memory in Standby mode. Windows Vista enters and recovers from Sleep state in seconds, and while the system sleeps, power consumption is extremely low.

The most significant benefit of Sleep is simplicity; users don’t have to choose between using Standby or Hibernate because Sleep offers the best of both.

As a follow up, here’s a little more information on Sleep and Hibernate modes in the OS, as the Productivity Portfolio weblog has a good post that describes the Windows XP power schemes.

More info:

Click here for more on fast sleep and resume in Windows Vista.

Click here to learn how to use your computer efficiently and to save energy by activating Sleep mode for your monitor.

Also see this Search on Live.com for more on sleep and hibernate in Microsoft Windows.

Tags: performance, tips, Windows Vista, notebook, hardware, hibernate, sleep, customer experience.

Categories
Uncategorized

Forget Y2K, DST and Time Zones: this weekend, it’s the Y2.038K bug

This weekend will mark another interesting milestone in Time and Date, oone that actually doesn’t occur for thirty more years, in 2038.  

Also known as the ‘Friday the 13th’ bug, the 2038 issue is due to the way 32-bit systems note time in seconds rather than by an actual coded date.  The full impact will be felt on January 19, 2038, when systems many not work accurately, or even crash.  The initial wave of the challenge would likely impact customers in the financial sector, particularly those with (pardon the pun) an interest in long term products (mortgages, investments, bonds) with maturity dates post Jan 19, 2038.  But those with longer maturity instruments would’ve seen an impact years ago.

As this involves dates and times, Wyn asked today about this impact, as this smacked of an issue similar to what we saw last year with the various DST and time zone changes around the world… 


“I have not found too much on this and I am not sure if anything is know or being done to avoid the problem…”


Good question.  I asked several of our product groups if any of our products will be impacted by the date.

A nod of thanks to Geoff for noting this MSDN article from way back in 1998, “All Ready for 2000 and the Euro? What About 2038?” (September 7, 1998).  If Y2K did anything for the industry, it was to spur an analysis of any date and time issues that could impact the operating system and software products…



First it was Y2K. Then the Euro conversion. And now, as if the Y2K and Euro problems weren’t bad enough, there’s the year 2038 bug. Dr. GUI got a letter from Mahmoud Saleh alerting him (reminding him, actually) of a similar problem that will face C and C++ programmers in coming years: we can call it the Y2.038K bug.

The problem stems from the common definition of the time_t as an integer containing the number of seconds since midnight, January 1, 1970. Most C/C++ runtime libraries define time_t as a long int. On most systems, long int is 32 bits, which means that we’ve got a range of 2^31-1 (2,147,483,647) seconds—until sometime on January 18, 2038. (Assuming Dr. GUI’s Windows CE Palm-size PC has it right, that’s a Monday. Figures.) When the clock rolls over, it’ll be back to the ’70s for everyone. Get your leisure suits ready ‘cuz you’ll be catching Boogie Fever and Nixon will be President again. Four more years indeed!

Anything that uses time_t is also in trouble. That includes the time_b structure (not commonly used, anyway) and, very unfortunately, the MFC CTime class. Code that uses time_t, directly or indirectly, will need to be changed sometime before you start dealing with dates after 1/18/2038. (Note that if your program deals with, say, 40-year bonds, you’re in trouble today.)


As Geoff pointed out, SYSTEMTIME has no problems and can go until the year 30,827, and FILETIME, a 64-bit integer (two DWORDs representing LOW and HIGH values) since January 1, 1601 (Julian).  It too can represent a 30,000 (or 60,000 unsigned) year interval.  From the MSDN article:


…the Win32 SYSTEMTIME structure… stores the year part of the date as a 16-bit integer, and the Win32 FILETIME structure, which stores the date as the number of 100-nanosecond intervals since 1601. The problem is that neither of these structures have many supporting functions.

Better yet is to use the automation DATE object. DATE is typedef’ed as double, so there are 53 bits of precision—enough for your program’s lifetime. The whole part of the double number represents the number of days since midnight, December 30, 1899. (Negative numbers are before 12/30/1899.) The absolute value of the fractional part represents the time in the day: midnight is zero, noon is 0.5, etc. You can convert the automation DATE objects to other formats with various variant API functions.


Overall, the advice is that if you have custom applications you might want to check to see if they are using C/C++ time_t, which will run out in 2038.  Just as I noted previously on how Windows handles historical events, you might want to check any custom or ‘home-grown’ line of business applications that use time_t.  Looking quickly at Windows, the core OS appears to run just fine with dates far into the future. 

I will have to check one of my old Apple systems at home running (quite reliably, I might add) System 9, which according to Apple, is good up until February 6, 2040; the current Mac OS up until 29,940… Windows will be accurate for an additional 887 years after the latest Mac release fails, but I’m sure Apple will have an update long before 29,940 rolls around. 😉 

(Interesting factoid that stuck in my mind: in the H. G. Wells classic novella, The Time Machine, the hero of the story travels to the year 802,701 A.D.  I’m hopeful in that future, the downfall of mankind will have nothing to do with the failure of the modern OS to cope with dates past the 301st century.)

For more information, please see these articles courtesy of a quick MSDN search

Tags: Apple, Microsoft, Vista, Windows, Time, 2038.