Microsoft, JBoss link server software

Two companies on opposite sides of the open-source philosophical divide, Microsoft and JBoss, have signed a partnership to make their server software work together better.

Microsoft and JBoss said Tuesday they'll work to make JBoss' Java application server software work well with Microsoft's Windows and higher-level software.

The companies said they will continue to compete in the market for application servers, which link Web applications to back-end databases and other systems. Products from the two companies are similar in purpose, but very different in design. The JBoss application server, based on Java, runs on Windows, Linux and Unix systems. Microsoft's Windows-based application server tools, based on the company's .Net programming model, are part of its Windows Server operating system.

But the companies will work to better integrate directory services, database software and systems management tools. That means that customers using both Java and .Net-based programs will be able to more easily manage and link their systems.

Microsoft has struggled to deal with the arrival of open-source software, which is collaboratively developed with a code-sharing process that stands in stark contrast to the secrecy that shrouds most of the products from Microsoft and other proprietary software makers.

After several attacks on the intellectual-property foundations and the methods, quality and cost of open-source software, Redmond, Wash.-based Microsoft has begun a more cooperative phase.

For instance, Chief Executive Steve Ballmer once famously called Linux and the open-source philosophy a "cancer." More recently, Ballmer has changed the tone of his rhetoric: "We compete with products. We don't compete with movements," he said in a recent interview with CNET News.com.

Microsoft and JBoss on Tuesday said the collaboration makes sense, given that many customers use products from both companies. "JBoss is experiencing tremendous growth and is a driving force of consolidation of the Java space," said Bill Hilf, Microsoft's director of platform technology strategy. And Shaun Connolly, vice president of product management at JBoss, said that more than half of its customers use the JBoss Enterprise Middleware System product on Windows.

Hilf is careful to emphasize that the partnership doesn't signal technological or philosophical changes at Microsoft. The company's negotiation with JBoss "wasn't a conversation about adopting open-source or endorsing Java," he said in an interview.

Still, Hilf added, "It wasn't a trivial exercise to have this discussion." What the decision boiled down to was Microsoft's desire to help those who use Windows as a foundation for their wares. The JBoss deal is "probably one of the strongest proof points to date that different types of business and development models can exist on Windows," he said.

The partnership began more than a year ago with Hilf--a former Linux executive at IBM--meeting with JBoss founder Marc Fleury. Discussions got more serious this August at the LinuxWorld Conference and Expo, Hilf said.

Most of JBoss' software is governed by the Lesser General Public License, or LGPL, created by the Free Software Foundation. Like its cousin, the General Public License, the LGPL permits anyone to see, modify and redistribute JBoss software and its underlying source code, as long as they share any modifications that they distribute. However, unlike the GPL, the LGPL makes it possible to tightly integrate LGPL code with software that uses proprietary code.

Specifically, the companies expect their collaboration to achieve interoperability in several domains:

• Microsoft's Active Directory--so the companies' software has integrated sign-on and federated identity management mechanisms.

• Web services standards, which govern how applications employ services available on a group of often loosely connected servers.

• Management with Microsoft Operations Manager.

• SQL Server, Microsoft's database software, with JBoss' Hibernate and Enterprise JavaBeans software.

No money is changing hands under the deal, but both companies will devote more developers to the cooperative work, Hilf said. Fruits of the cooperation are expected to begin showing within a year.

The companies announced the deal on the first day of BEA World, a conference sponsored by a mutual rival of Microsoft and JBoss, BEA Systems.

IBM is another competitor in the proprietary software domain, while open-source competitors include the Apache Software Foundation and Red Hat. Sun Microsystems offers a combination of proprietary and open-source software in the market, but eventually is moving it all toward open-source.

One company not likely to benefit from the partnership is IBM, whose WebSphere product competes with JBoss, said Redmonk analyst Stephen O'Grady. "It basically gives JBoss more momentum and credibility," he said. "That in turn has negative implications for WebSphere."

IBM agrees open-source application servers have a place in the market for smaller installations and, to that end, acquired GlueCode Software, whose product is based on Apache's Geronimo application server. "We saw demand for this open-source model for departmental applications, and made our play there with Gluecode," spokesman Scott Sykes said. Big Blue also supports Geronimo directly.

Microsoft also has buried the hatchet with Sun in a partnership that includes sign-on and identity management software.

JBoss has been working on alliances of its own to ease support issues for customers, Connolly said. Recent JBoss partners include Hewlett-Packard, Dell, Unisys and Novell.

Read more!

Cisco unveils new security products

Cisco Systems introduced on Tuesday new security products designed to shore up networks against malicious attacks.

The latest products, which expand the company's relationship with antivirus software maker Trend Micro, are part of its Adaptive Threat Defense initiative. With that initiative, the networking giant seeks to build "intelligent networks" capable of defending themselves against security attacks.

Cisco is launching two products: Incident Control System, as part of its collaboration with Trend Micro, and Distributed Threat Mitigation for Cisco Intrusion Prevention Systems (IPS).

Under the collaboration, Trend Micro TrendLabs will provide Cisco Incident Control System customers with current information on virus outbreaks and virus signatures. That information is designed to enable users to configure their systems to block the threats before they reach the core network assets.

Distributed Threat Mitigation for IPS is designed to let users identify, manage and eliminate attacks that are locally based. The feature is part of add-ons to the Cisco Security Monitoring Analysis and Response System (CS-MARS) version 4.1.

With its new product, Cisco's IPS appliance sensors detect threats, and then the Monitoring, Analysis and Response System version 4.1 distributes the information across the network to Cisco IPS-enabled routers to block the threat.

"The ICS takes information from Trend Micro's threat management services and sends a simple set of instructions to Cisco IPS software on either dedicated appliances or on switches and routers," said Jeff Platon, vice president of product and technology marketing at Cisco.

The instructions sent to the Cisco IPS systems could be to shut down a network service or network ports to block attacks, Platon said. "Customers need solutions that can be effectively managed within the first few minutes of an outbreak or detection of damage occurring."

Cisco on Tuesday also announced that it plans to release a new version of IPS this month and a new version of its Internetwork Operating System for routers and switches in November.

The ICS is set to be available in November with pricing starting at $9,200.

Read more!

Intel's dual-core Xeon makes Dell debut

A significant step has been taken in the allies' effort to catch up a huge markets with the latest technology from chipmaker Advanced Micro Devices, Dell plans to announce Monday the first server to come with Intel's dual-core Xeon processor and join with their successfull Enterprise and Large Bussines solutions groups.

Dell is bringing the new 2.8GHz chip to all of its dual-processor servers and to two workstation models. Dell's vice president of worldwide enterprise marketing--Neil Hand said, "

this products will begin shipping in October" . Until then, he said, Dell is only taking orders from customers who agree to hold details under wraps.

Still, the move gives Intel and Dell a better response than just "stay tuned" to customers who might have been swayed by rivals' sales pitches for AMD Opteron-based servers. The Intel chip involved, code-named Paxville, is a new version of a processor originally designed for four-processor servers.

"The two-way segment is the sweet spot of the x86 server market, by far," Insight 64 analyst Nathan Brookwood said. "They were missing out on the biggest segments."

In April, AMD introduced Opteron processors with dual cores, or processing engines, and the chips are used in machines from Sun Microsystems, Hewlett-Packard and IBM--three of the top four server sellers. Intel has numerous dual-core and multicore processor designs under way, but its first dual-core server chips won't be released until later this year.

Dell's announcement comes before Intel's debut of the processor and on the same day AMD is announcing an Opteron speed boost.

The dual-core 2.8GHz Xeon outperforms the single-core equivalent running at 3.6GHz in several server speed tests that can take advantage of dual-core chips' better ability to perform multiple jobs at the same time. Microsoft Exchange runs 18 percent faster; database software, 37 percent; and Java applications, 43 percent, Dell said.

Dual-core chips typically run at lower clock speeds than single-core chips, so they don't consume more power or throw off more waste heat than their single-core equivalents. That--combined with proper engineering of processor communication electronics--enables Dell and its rivals to plug the dual-core parts into the same systems that previously used single-core parts.

Dell has four server models that will use the chip: the 1.75-inch-thick PowerEdge 1850, the 1855 blade server, the 3.5-inch-thick 2850 and the free-standing 2800. Their starting prices are $2,448, $2,448, $2,548, and $2,748, respectively. The Precision 470 and 670 workstations have starting prices of $2,479 and $2,779.

Hand said Dell is leaving the price of the single-core server models unchanged. However, he added, the price increase for the dual-core models is "significantly" less than the performance increase.

The servers are available with Red Hat Enterprise Linux or Windows Server 2003.

Even though the systems aren't shipping yet, Dell's announcement will make it harder for AMD to make its case, Brookwood said.

At one time, AMD could boast it was the only x86 chipmaker with 64-bit support--a black-and-white case compared with Intel. Then Intel followed, and AMD had to shift its argument to a grayer one based on performance. With Intel's dual-core Xeon, AMD is losing another black-and-white advantage, Brookwood said.

Later this year, Dell will begin selling servers based on the four-processor version of Paxville, Hand said.

Intel said it expects its dual-core "Bensley" processors, which are next-generation dual-core Xeon chips scheduled to ship in 2006, to be more popular than the dual-processor version of Paxville. But in the meantime, IBM and Hewlett-Packard--which, together with Dell, are Intel's biggest server customers--will sell dual-processor Paxville servers.

"When Bensley comes along, this will all look very old-fashioned," Brookwood said.

Read more!

Toolbar, search site aim to guard against phishers

A Massachusetts company on Monday plans to launch a search site and toolbar that will alert Internet users when they are visiting Web sites that are fraudulent or should not be trusted.

The TrustWatch Search site and TrustWatch Toolbar, both provided free from Needham, Mass.-based GeoTrust, are designed to help protect people from unwittingly giving up their financial and other personal information to fake Web sites when shopping online or when targeted by phishing scams.

In phishing scams, victims usually receive e-mails purporting to be from legitimate companies, like eBay, that provide a link for them to update their account information. However, the link takes people to a fake Web site where any information they provide can be used to access their accounts.

The TrustWatch Toolbar provides real-time alerts, either red to signal that the Web site is unverified as being safe, yellow for caution, or green to indicate that it is verified and users should call the company first. People who want to shop online can use the TrustWatch Search Web site, powered by Ask Jeeves, and the results will show the same alerts.

The alerts also provide other information about Web sites, such as whether a site has been authenticated as trustworthy and has a Secure Sockets Layer certificate to safeguard data during transmissions. The system scans a Web site for fraud patterns and checks it against a blacklist of fraud sites. It also offers reviews and store ratings from shopping engine BizRate and information about how long the site has been online, how many other sites link to it, and a traffic ranking from the Alexa Web crawler.

Similar browser-based antiphishing toolbars have been launched or are in the works. For example, Internet services company Netcraft provides a free plug-in for Microsoft's Internet Explorer and Firefox that provides a risk rating for Web sites and blocks those it assesses as phishing sites. Microsoft itself has introduced a tool to identify scam sites for MSN and has said it will build similar antiphishing features into its IE7 update.

Read more!

Apple plugs 'critical' holes in OS X

Apple Computer released 10 security fixes to address Mac OS X flaws that security experts described as "critical."

Apple issued the patches, available through its Web site, Thursday. The flaws affect versions 10.3.9 and 10.4.2 of the Mac OS X operating system, as well as related server software.

Symantec and the French Security Incident Response Team both said the vulnerabilities are serious and that the need to patch them is urgent. However, no exploits for them have been reported, Symantec noted in an alert sent to members of its DeepSight service Friday.

The flaws expose affected machines to remote attack using arbitrary commands and e-mail interception, according to Apple's bulletin. Certain vulnerabilities could also be exploited for a denial-of-service attack, FrSirt said in an online advisory.

Apple declined to comment on the security patches Friday.

The company has previously released patches for these Mac OS X versions. In one of its bigger security updates, the company last month unloaded fixes for 44 flaws. Last May, it released an update for 20 vulnerabilities, and in March, it distributed an update for a dozen security bugs.

Read more!

Feds announce global antipiracy initiatives

The Bush administration on Wednesday announced new plans to expand its crackdown on piracy overseas.

During California visits with high-tech and movie industry representatives, Commerce Department Secretary Carlos Gutierrez described two new programs aimed at eroding intellectual property theft, which costs U.S. businesses an estimated $250 billion and 750,000 jobs per year, according to a department press release.

"The protection of intellectual property is vital to our economic growth and global competitiveness, and it has major consequences in our ongoing effort to promote security and stability around the world," he said.

One program would place intellectual property experts on the ground in regions where piracy is considered a concern. There they would work with overseas U.S. businesses and native government officials to advocate improved intellectual property rights protection, according to a department fact sheet.

Experts will be sent to Brazil, India, Russia, Thailand, China and the Middle East and serve a five-year tour of duty, the fact sheet said. One such expert is already on the job in Beijing, but it was unclear when the others would be dispatched or who they would be.

Another program, called the Global Intellectual Property Rights Academy, would train foreign judges, enforcement officials and other stakeholders in international intellectual property obligations and best practices. The academy, overseen by the U.S. Patent and Trademark Office, plans to convene in 24 sessions in 2006, paying all travel expenses for the foreign participants, who will come from many of the same areas where experts will be working.

The Commerce Department has recently taken other actions intended to combat international piracy. In July, President Bush created within the department a senior-level position--the coordinator for international intellectual property enforcement. The department also plans to continue holding small-business outreach seminars nationwide.

The Business Software Alliance was quick to applaud the announcement. In a press release, the organization cited survey results that pegged software piracy rates at 90 percent in China, 87 percent in Russia, 74 percent in India, 70 percent in Thailand, 64 percent in Brazil and 58 percent in the Middle East.

"In all those countries, there's a long history of bilateral discussions on IPR issues," said Robert Holleyman, chief executive of BSA. "So I think they will be very receptive to getting on-the-ground systems to help with this effort."

Holleyman said he hoped the programs would ultimately raise revenue for U.S. companies and resellers selling in foreign markets and for companies native to those markets.

Read more!

Name that worm--plan looks to cut through chaos

Zotob.E, Tpbot-A, Rbot.CBQ and IRCbot.worm: all names given to a single worm that wreaked havoc in Windows 2000 systems last month. Among the plethora of identifiers, perhaps the most useful--CME-540--didn't make an impact.

But that's about to change. CME-540 was the tag attached to the worm by the Common Malware Enumeration initiative, which is just emerging from its test phase. Next month, the U.S. Computer Emergency Readiness Team plans to officially take the wraps off the effort, meant to reduce the confusion caused by the different names security companies give worms, viruses and other pests.

The project assigns a unique identifier to a particular piece of malicious software. When included in security software, in alerts and in virus encyclopedia entries, this identifier should help people determine which pest is hitting their systems and whether they are protected, the initiative's backers said.

"There is a lot of confusion over the way that malware is referred to," Desiree Beck, the technical lead for the CME initiative, said in an interview. "We're trying to alleviate that by giving malware a common identifier, so everybody is talking about the same thing when some malware event happens."

The antivirus industry has tried, and failed, before to agree on common naming for worms and viruses. This time, US-CERT, the part of the U.S. Department of Homeland Security that coordinates response to cyberattacks, is running the show. With that in mind, and because the plan allows companies to keep their own naming by assigning an ID rather than a common name, security software makers are hopeful that the effort will be a success, and they're eager to participate.

"Everybody recognizes it as a pain point, and the industry has tried multiple times to come together," said Vincent Weafer, the senior director of security response at Symantec. "CME is a step in the right direction."

Jimmy Kuo, a senior fellow at software maker McAfee, agreed. However, he noted that the success of CME depends on industry participation, which is voluntary. "We have this problem because there is no authority that can force any type of coordination," he said. Kuo hopes people will push antivirus vendors to adopt the ID convention.

Symantec and McAfee both plan to support CME in their products and in their online reference libraries of threats, Weafer and Kuo said. Trend Micro and Kaspersky Lab will do the same, company representatives said. Other major antivirus providers--F-Secure, Sophos, Computer Associates, Microsoft and MessageLabs--are also involved in the effort. ICSA Labs, a research and testing outfit, also participates.

Recognizing the threat
Because of the lack of coordination in naming threats, an outbreak can be tagged with a variety of names or variant designations, depending on the security company that's referring to it. This can result in confusion, with people wondering if there are multiple virus or worm attacks, or just one, and whether the product they own offers protection.

Victor Go, vice president of technology at retailer PureBeauty, sees value in the initiative. "It might help us speed up looking for virus information," he said. Still, there has not been a lot of confusion around viruses or worms at his midsize, Encino, Calif.-based business, he said. "Every once in a while (there is), but eventually we come around in figuring it out."

The confusion could be even greater in larger organizations that use multiple security products from different vendors. "This is a real problem," Symantec's Weafer said. A desktop antivirus product may display a different name for a fast-spreading worm than the scanner at the e-mail gateway or the intrusion detection system, he said. This can send people scrambling to find out if each product has a defense against a particular pest.

CME identifiers should relieve some of the stress, said Beck, an employee of Mitre, which runs the initiative on behalf of US-CERT. Initially, only major threats will be given an ID number, but the ultimate goal is to cover all attacks affecting users, she said.

"It is a little bit subjective right now," Beck said, referring to the pests currently chosen to receive a CME ID tag. "We'd like to expand to anything that is out there that we could lend some clarity to."

The goal of CME is to offer a neutral, shared identification method that cuts through the naming clutter. It will assign one randomly chosen number to a worm or virus, regardless of what names it is known by at antivirus companies. Even if those companies disagree about the risk assessment or the background of the malicious software, CME will ignore this and focus on the characteristics of the attack to tag it. The worm assigned CME-540, for example, was seen differently by several software makers: McAfee identified it as a new worm (IRCbot.worm), Symantec labeled it an offshoot of Zotob (Zotob.E) and Trend Micro saw it as another threat (Rbot.CBQ). Some times antivirus companies will rename a worm for the sake of conformity, but that typically doesn't happen quickly.

A CME identifier should get assigned within hours of a new worm or virus starting to spread, Beck said. Security vendors then should include the number in their products and link from their advisories to the information on the CME Web site, which is set to debut in early October. The proposal is for security companies to add the CME tag to the threat names, Beck said. An alert popping up on a user's screen could look like this: "Zotob.E!CME-540 detected."

The effort is completely reliant on industry participation. A number is assigned only after an industry researcher submits a sample of a threat with a write-up to CME. A group associated with the CME initiative then further researches the threat, collates information from antivirus companies, allocates an ID and publishes a threat profile.

Industry participation has been good, Beck said. "They have been really responsive, and I think they have confidence that it is something good for the long run," she said.

Participation on the organization's editorial board, which includes Microsoft, Symantec, McAfee and the other industry majors previously mentioned, is by invitation-only, and companies have been lining up to get in, Beck said. The editorial board guides the process by which industry and researchers submit information on threats and by which the common IDs are assigned.

The first version of the CME Web site will have descriptions of a couple dozen threats, Beck said. Some have been written up in the months since the CME initiative started its trial run in the first quarter of this year. To begin with, the site will provide characteristics of threats and all the aliases used by different security companies, Beck said. By the end of the year, a more comprehensive Web site should be available, she said.

A worm or a virus is typically tagged by the first security company to discover it. Aside from some ground rules--for example, the name can't be that of a real person or be offensive--antivirus providers are essentially free to call the new pest whatever they like. "There are no grown-ups; there is nobody there to dictate standards to anyone, so you name the virus whatever you want to," said David Perry, director of global education at security provider Trend Micro.

In the case of a fast-spreading worm, a lot of security companies typically see it at the same time and all give it a moniker, Symantec's Weafer said. "Speed and response time are so critical--that overwhelms any ability to get together with others and agree on a name for it," he said.

A convention that comes up with names ahead of time, like that used for hurricanes, doesn't work with worms or viruses, Weafer said. One reason is that there are many variants of worms and viruses, and antivirus companies don't always agree on whether a newly spotted threat is an offshoot or a brand new pest.

A few antivirus companies, including McAfee and Symantec, have already included CME identifiers in some of their advisories. As more threats get assigned an ID number, more companies will probably support the effort in their products, Beck expects.

"It is a chicken-and-egg problem. If there was stuff that they could point to, I think they would be very quick to link to it," she said.

While Go at PureBeauty does see some value in the naming initiative, he'd rather have his security software made more effective. "We get hit before virus definitions are out--that has happened several times. I doubt this initiative will help against that," he said.

Read more!

Bagle attack comes in two waves

Two waves of spam were launched this week to send out new variants of the Bagle Trojan horse, antivirus company Sophos said.

All versions of the Bagle DI-U Trojan try to turn off antivirus and security software, and to block access to security Web sites, in an attempt to strip away a PC's immune system, enabling hackers to gain access, Sophos said in a statement Tuesday.

There are strong similarities between the two waves of spammed messages bearing the Trojan, according to Sophos. In both, the subject line is blank, the body message text is "new price," and the malicious file attached could be identified with names such as "09_price.zip," "price_new.zip," and "price2.zip."

Bagle has spawned at least 70 variants since the virus emerged in January 2004. Some iterations have been more sophisticated than others, blending mass-mailing and Trojan horse techniques.

Sophos advised taking the usual precautions against such attacks. "All computer users must avoid opening unsolicited e-mail attachments and ensure that their antivirus protection is up-to-date," Carole Theriault, a senior security consultant at the antivirus company, said in a statement.

Theriault said corporate Internet users should also consider blocking all executable code from entering their networks via e-mail.

Read more!

Disabling the Windows XP Firewall nag

Takeaway:
It may sound like backwards logic to disable a nag in Windows XP that notifies you that your computer might be at risk. However, if you're using a hardware firewall on your network, there's no reason why you shouldn't disable the pesky Firewall nag.

If you've disabled Windows XP Professional's built-in Firewall because you're using a hardware firewall on your network, you're probably sick of seeing a balloon pop-up display from the taskbar's notification area reminding you that your computer might be at risk. Fortunately, you can disable the Windows Firewall nag in four simple steps.

Here's how:

• When you see the balloon pop-up, click the balloon or the red shield icon in the system notification area of the taskbar.
• When the Windows Security Center opens, click the Recommendations button in the Firewall section.
• In the Recommendations dialog box, select the I Have A Firewall Solution That I'll Monitor Myself check box and click OK.
• When you return to the Windows Security Center, you'll see that the Firewall section is now marked as Not Monitored and you can close the window.

Read more!

Symantec: Mozilla browsers more vulnerable than IE

Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report.

But the report, released Monday, also found that hackers are still focusing their efforts on IE.

The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.

Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.

According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity.

"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted.

The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited."

The Mozilla Foundation did not immediately respond to requests for comment.

Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.

Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."

There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.

The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure." Instead, "client-side systems--primarily end-user systems--(are) becoming increasingly prominent targets of malicious activity."

Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated. It also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".

Read more!

Phillips: Oracle may support rival databases

SAN FRANCISCO--Oracle may make a decision as early as March on whether to support multiple databases in its "Project Fusion" release, which will combine acquired products with its own applications.

Charles Phillips, Oracle's co-president, said Monday that its Project Fusion council, a group set up to oversee the integration of products picked up from its purchases of PeopleSoft, Siebel Systems and others, is considering the question.

"It shouldn't take a year to make a decision. Maybe in six to nine months, we'll make a decision on whether to support multiple databases," Phillips said at the Oracle OpenWorld customer conference here. "We're already talking to customers and have been talking to customers, so we have some of that input already."

For companies weighing the merits of moving forward with Oracle's fully integrated Project Fusion release, when it makes its debut in 2007, the answer may prove crucial. A number of Oracle's customers use database software from other companies, such as IBM's DB2. That's especially true for those clients Oracle scooped up when it bought rival PeopleSoft and for those it will acquire through its pending merger with Siebel Systems.

Oracle formed the Project Fusion strategy council to solicit and review customer input on the question of support for multiple databases, as well as other areas of concern in the project. Project Fusion is dedicated to melding Oracle's own applications with products picked up in its acquisitions. These also include business software makers Retek, ProfitLogic and J.D. Edwards, which PeopleSoft had bought before it, in turn, was purchased by Oracle. The first Project Fusion components are set for release in 2006, but the major components aren't expected until 2007.

Customers who want to stay on IBM's DB2 will be able to do so until a final decision is reached on Project Fusion, Phillips said.

One Wall Street analyst, who asked not to be named, was skeptical that Oracle would allow multiple databases to be supported in Project Fusion. "I don't think there's any way Oracle will do this. Database accounts for about 80 percent of their revenues," the analyst said.

While it hasn't made a call on databases yet, Oracle did announce on Monday that it plans to enable its Project Fusion products to run on IBM's WebSphere middleware, which allows disparate applications to talk to each other.

Oracle is aware of the growing importance of middleware, Phillips said.

"Some people at Oracle feel middleware will surpass the database (in sales)," he said, noting the way applications are being rolled out is having an affect.

Phillips said Oracle will offer lifetime support to those customers unwilling to move off their current applications, such as PeopleSoft, and upgrade to Project Fusion. The software maker had previously told PeopleSoft and J.D. Edwards customers that it would discontinue support for those companies' applications after 2013.

"For the last 10 (percent) to 15 percent of customers who may not want to upgrade, this (lifetime support) is important to them," Phillips said. He noted that customers who want lifetime support are generally more interested in receiving bug and security fixes than in upgrades to software.

Read more!

F-Secure, SmartTrust partner on mobile security

SEPTEMBER 20, 2005 (IDG NEWS SERVICE) - F-Secure Corp. and SmartTrust AB have reached a partnership designed to deliver antivirus software to mobile devices, the companies said.

F-Secure's antivirus software will be incorporated into SmartManage Protect, a mobile security platform from SmartTrust that allows mobile operators to manage antivirus software on subscriber handsets over the air. If mobile operators detect a vulnerability, antivirus software from F-Secure can be delivered, according to the companies.

The process is similar to the way a consumer might automatically download regular antivirus updates to a laptop, said Tim De Luca-Smith, communications manager for SmartTrust. Using SmartManage Protect, regular antivirus updates can be delivered, and antivirus subscriptions can be transferred between handsets if a user changes one through device detection software, Smith said.

The cost of a mobile antivirus service has not been determined, Smith said. SmartTrust has met with "four or five" large mobile operators that are planning to start antivirus services within the next 12 months to 16 months, he said.

It's expected that mobile devices will increasingly come under attack from viruses, Smith said, especially handsets with Wi-Fi cards that connect to public networks and then back on organizational networks. Other services on mobile phones that might make them more vulnerable include the ability to open e-mail attachments and removable storage cards, Smith said.

F-Secure, which produces antivirus and intrusion prevention services and software, is based in Helsinki. SmartTrust, based in Stockholm, focuses on mobile phone service platforms.

Read more!

Verizon Wireless teams with notebook makers

Verizon Wireless is taking big steps to bring its wireless broadband technology to the masses.

On Monday, the company announced plans to embed its technology in notebook computers from three top manufacturers: Dell, Hewlett-Packard and Lenovo, which earlier this year bought IBM's ThinkPad division.

Verizon Wireless offers its BroadbandAccess service, which is based on a technology called Evolution-Data Optimized, or EV-DO, in 60 markets across the United States. The service allows customers to connect to the Internet wirelessly wherever a Verizon Wireless signal is available. Download speeds average between 400kbps and 700kbps, comparable to some DSL services.

Today, the service requires users to purchase a separate wireless card, which fits into a laptop, for about $100. Starting in the first quarter of 2006, Dell will offer customers the option of embedding Verizon's EV-DO functionality into its Latitude series of laptops. Dell already gives customers two other choices to connect to the Internet wirelessly: Wi-Fi technology and Cingular's EDGE technology, which provides download speeds between 100kbps and 135kbps.

On Monday, HP also announced it will be working with Verizon to offer an EV-DO-ready laptop. The new laptops, using chipsets from Qualcomm, will be available in early 2006. Lenovo said Verizon EV-DO technology will be embedded in its Z series notebooks available in October.

Verizon Wireless currently has the most extensive high-speed broadband footprint of any cellular provider. But it won't be long before competitors, such as Sprint Nextel and Cingular, catch up. Lenovo has already begun evaluating wireless broadband technology from other service providers, but it is not ready to announce specific plans to integrate the technology into its products, said Mike Callahan, worldwide ThinkPad product manager for Lenovo.

In the meantime, Verizon is focused on signing up as many customers to its EV-DO service as it can. As part of this push, last month it announced it was lowering prices to $60 from the previous price of $80 to attract new customers.

The deal with laptop makers is another important step for Verizon as it tries to push its EV-DO service into the mainstream. Making it easier for users to access the service is a key factor in increasing adoption.

The strategy worked for Wi-Fi, another wireless technology for connecting to the Internet. Thanks to Intel, which makes Wi-Fi chipsets, the technology is embedded in most laptops sold today.

"Once Wi-Fi technology was embedded into notebooks, wireless LANs really started to take off," said Lenovo's Callahan. "We see the same thing happening for wireless WAN. The people who really want mobility while they are away from the corporate LAN or a Wi-Fi hot spot will really find this technology useful."

Wi-Fi is potentially the biggest threat to Verizon's EV-DO service. It's already available in many airports, hotels and coffee shops throughout the country. And in many cases it's offered for free. Cities such as San Francisco and Philadelphia are even planning to blanket their cities with the technology to provide free Internet service.

But there is a downside. Wi-Fi's transmission distance is relatively short, often making it difficult for business travelers to count on a strong signal or any signal at all when they're on the road. The advantage to EV-DO is that its signals can travel greater distances, providing more widespread and uninterrupted Internet access for customers. This distinction could make it more attractive to corporate road warriors.

Despite the promise of wider coverage, Verizon customers may not see the same speeds with their EV-DO cards and embedded chips as their Wi-Fi counterparts.

While 802.11 consistently hits speeds of 11mbps, Verizon's promise of as much as 700kbps for its BroadbandAccess service is actually more comparable to AOL dial-up, Sam Bhavnani, an analyst with Current Analysis, said.

"I could see this being used more by business users than casual users," Bhavnani said. "I know when I travel through several airports, the cost to hook up to all of these separate Wi-Fi providers costs me $6, $7 a pop. By the time I get home, I could be spending close to $30, so the key for Verizon is price.

However, Bhavnani also noted that Verizon is currently servicing about 39 out of the top 50 cities in the United States.

"You could easily find faster Wi-Fi connections in any of those cities," he said.

Read more!

Sun unveils new UltraSparc 4+ servers

Sun Microsystems on Monday overhauled part of its server computer line with new UltraSparc IV+ microprocessors, seeking to regain some ground lost in the high-end server market to rivals IBM and Hewlett-Packard.

As expected, Sun said its new Sun Fire V490, V890, E2900, E4900 and E6900 servers are powered by UltraSparc IV+ processors with a clock speed of 1.5GHz and run Sun's latest version of its Unix operating system, Solaris 10. The servers will also run earlier versions of Solaris.

The servers should help the company bide time until high-end servers arrive on the market in 2006 and are the result of a collaboration between Sun and Fujitsu, analysts said. Those servers have been dubbed the APL line, short for Advanced Product Line.

"This sort of fills in a gap until the APL systems become available," said analyst Gordon Haff of market research firm Illuminata. "It's a good upgrade for people who are already in the Sparc-Solaris camp."

Sun's servers using the Sparc chip run only on Solaris. The chip that will power the APL line is based on Fujitsu's Sparc64 VI chip.

Despite calls by analysts after the implosion of the dot-com and telecommunications investment bubbles in late 2000 that hurt Sun more than its rivals, the company continued to invest aggressively in research and development. That investment is paying off, Sun's Chief Executive, Scott McNealy said in a telephone interview.

"We kind of listened to our own drummer," McNealy said. These are three- to five-year investments, and we're putting the whole story together the best we know how."

Among the markets hit worst in the downturn were telecommunications and financial servers, two key markets for Sun, whose servers were also extremely popular among Internet start-ups during the dot-com boom.

Haff said that UltraSparc IV+ machines could help Sun compete more effectively against machines from rival IBM that use Big Blue's top-of-the-line Power5 processor. But the performance of the Sun machines using the UltraSparc IV+ chip may be surpassed by IBM's faster Power5+ that is slated for release later in 2005.

"There is an IBM Power5 upgrade coming as well," Haff said.

Sun also has in development its line of chips code-named Niagara that will have eight processing cores that in total will be able to handle 32 threads, or instruction sequences, simultaneously. Servers using the Niagara processors are due out in early 2006 or perhaps earlier, Sun has said.

"That really is going to be an attempt to change the playing field, at least for a certain class of systems," Haff said of the forthcoming Niagara chips.

Sun's UltraSparc chips, in addition to competing against IBM's servers using the Power chip, also compete against Intel's Itanium processor, which is backed by Itanium's co-developer HP.

The UltraSparc IV+ servers come after the Santa Clara, Calif.-based company last week introduced new industry-standard servers it said will more than triple the amount of the computer server market it can address.

Those servers, named X2100, X4100 and X4200 use Opteron microprocessors--the brains of personal computers--from Advanced Micro Devices, Intel's chief rival in the microprocessor business.

Industry-standard servers, also known as x86 servers, are those that use either Intel, AMD or Intel-compatible chips as their data processing engines.

Those industry-standard servers from Sun can run either Solaris 10, Microsoft's Windows or commercial versions of the Linux operating system.

The new servers are available and prices start at about $31,000, Sun said.

Read more!

Galaxy remakes Sun's server strategy

by Stephen Shankland , Staff Writer, CNET News.com

Sun is launching the first members of its Galaxy server family, one of the single most important pieces of the company's effort to restore its reputation and business health.

As expected, Sun on Monday said it is selling the Sun Fire X4100 and X4200, lower-end machines using Advanced Micro Devices' Opteron processor and designed by Sun co-founder Andy Bechtolsheim. The Galaxy systems are joined by a lone Aquarius model, the X2100, a single-processor machine with a starting price of $745 and designed outside Sun. The systems will begin shipping in October

"It's probably not possible to be head and shoulders above the competition in the x86 space. There just isn't that much opportunity for being compellingly different," said Illuminata analyst Gordon Haff. "That said, they're nice boxes," with good management features, prices and performance, he said.

News.context

What's new:
The Galaxy systems kick off Sun's effort to rebuild its image in the server market and move away from its reputation as a company that was overtaken by new trends.

Bottom line:
Analysts expect Galaxy servers to boost Sun's business, but competitors are eager to point out pitfalls in Sun's x86 future.

More stories on this topic

The Galaxy systems spearhead an effort by Sun to rebuild its image in the server market and move away from its reputation as a company that was overtaken by new trends. "What I really need people to understand is that Sun is not proprietary, expensive and slow," said John Fowler, executive vice president of the Network Systems Group in charge of the Opteron servers. With the Galaxy servers, "We'll be the fastest out there, even compared to the other Opteron guys."

Future Galaxy designs are coming, including an eight-processor model and blade servers, though Sun declines to share details. In addition, Sun will show other systems to customers at the Galaxy unveiling event in New York, Fowler said.

Sun for years shunned the x86 servers in favor of machines running its own Solaris version of Unix and its own UltraSparc processors. But the server market growth has been with x86 systems running Windows and Linux, and Sun is working hard to make up lost time.

The Santa Clara, Calif.-based company has made steady progress. It rose to sixth place in the x86 server market with $109 million in revenue during the second quarter of 2005, according to Gartner, though it's still a long way from IBM at $1 billion, Dell at $1.3 billion and No. 1 Hewlett-Packard at $2 billion. Bechtolsheim said Sun's goal is to rise to fourth place by the end of 2006, which would require passing NEC and Fujitsu-Siemens.

The pressure is on for the x86 line. Sun has struggled for years to achieve revenue growth and consistent profitability, and few expect the company will be able to rely on its Sparc server business. "While Sun has held its own in Unix servers in our recent surveys, we believe that Unix market revenues are unlikely to grow materially going forward, and accordingly, that Sun will need to improve its (x86)-based share in order to generate meaningful revenue growth," Sanford C. Bernstein analyst Toni Sacconaghi said in a report on Thursday.

Merrill Lynch analyst Richard Farmer expects Galaxy to boost Sun's business.

"We expect Galaxy to trigger modest, though perhaps not lasting, share gains for Sun," Farmer said in a Friday report. He projects that Galaxy will add slightly more than $150 million in incremental revenue for Sun's fiscal 2006, which for Sun ends June 30, 2006, and more than $350 million in fiscal 2007.

Sun is touting its x86 version of Solaris--a product rescued from near death in 2002 and now, like Linux, an open-source project. But Farmer and others expect Linux will be a more popular option.

Despite a Galaxy delay, Sun is chomping at the x86 bit. "We are going to bill them as the fastest, most energy-efficient and reliable x86 servers in the industry," Fowler said. "We have aimed these three servers at the bull's eye in the industry-standard market."

Sun's competitors are just as eager to point out pitfalls in Sun's x86 future.

"I don't see how they get there, honestly, without doing more in the Linux and Microsoft space, which are the volume operating systems in the x86 market," said Mark Hudson, vice president of marketing for HP's Enterprise Storage and Server group. And even with Sun touting

Bechtolsheim's skills, it's hard to stand out: "They're going to struggle to provide the proof of why this is so different and so unique in the marketplace to get customers comfortable buying from HP, Dell or IBM to consider it."

Dave Turek, vice president of deep computing at IBM, predicted a tough business case for Sun with the low-profit margin x86 server business. "There's a short-term promise of some growth, but it's unclear it will be matched with growth in profitability," he said, and he predicted Sun's x86 work will dilute its ongoing Sparc-based server work.

And though Opteron has some advantages, Intel enjoys pointing out its own product line strengths: the company's move this year to a chip manufacturing process with 65-nanometer features, while most of the rest of the industry is still at the earlier 90 nanometers; integrated chip features for virtualization, management, security and communications; and partnerships and products to help software developers.

A rocky x86 start
Sun's first x86 servers were largely a dud--the LX50, introduced in 2002, was obsolete almost before it shipped, and successors such as the V60 and V65 didn't fare much better.

Sun failed to realize that customers demanded more than generic systems, Bechtolsheim said: "Success in this market isn't free. We can't just rebadge or relabel third-party systems and deliver value to customers."

But things changed in 2003 with Opteron, whose built-in memory controller and 64-bit memory addressing features gave it a leg up over Intel's dominant Xeon. Sun dropped its Intel designs and pared its x86 line down to the dual-processor V20z and four-processor V40z.

Those systems were designed outside Sun and lacked many high-end features the company's customers liked, such as remote management abilities and components that could be swapped without shutting the server down. But they helped Sun boost its x86 market share considerably and take advantage of AMD's switch earlier this year to dual-core chips--models that combine two processing engines onto a single slice of silicon. Intel's mainstream dual-core Xeon chips are scheduled to arrive later this year for four-processor systems and early next year for dual-processor systems.

Now, with the Galaxy overhaul, Sun sells three in-house Opteron servers, all rack-mounted models: the Sun Fire X2100, a low-end 1.75-inch thick system with a single processor; the Sun Fire X4100, a 1.75-inch thick system with dual Opterons; and the X4200, a 3.5-inch thick model with dual Opterons and more storage capacity. All the systems include Solaris.

The X4100 has a starting price of $2,195, but a midrange configuration with dual Opteron 254 processors, redundant power supplies and 2GB of memory costs about $5,095. The X4200 starts at $2,595; the price increases to $7,795 for two dual-core Opteron 275 processors, 4GB of memory, two 73GB drives and redundant power supplies.

Sun also is selling the X2100 for $40 per month if purchased with a three-year service plan.

The X4100 and X4200 use 2.5-inch Serial Attached SCSI hard drives--a new, smaller standard that eases air flow and therefore cooling. The machines can be completely managed remotely using a service processor and the built-in networked keyboard-video-mouse controls. They use hard drives, fans and power supplies that can be replaced while the server is running. And software certified to work on one 4000-series machine will run on the others.

Read more!

IBM updates Notes, Domino

by Matt Hines , Staff Writer, CNET News.com

IBM's Lotus division has introduced the latest updates to its desktop messaging and collaboration server software.

With Notes 7 and Domino 7, released Wednesday, IBM is offering new collaboration features as well as tools for building new applications--and targeting an area of the business software market that's heating up.

Big Blue said that it's added more than 100 new features to the Notes client software, many of which are aimed specifically at managing large amounts of data coming into an inbox.

IBM said much of its work was aimed at improving the underlying server software that controls the performance of Notes. The update boasts new visual indicators to help people manage and organize messages, in addition to expanded group e-mail settings and new memory features for saving and opening various types of documents directly from Notes. IBM said it also broadened access across the system to the Notes instant-messaging client.

In Domino 7, IBM is touting increased capabilities for building new collaborative applications in Notes. As part of the undertaking, the company said, it upgraded the package's software development tool set to integrate better with businesses' Web services efforts around service-oriented architecture, or SOA. For example, the company said, a new feature in Domino 7 will allow developers to use the software as a "Web services host," for tools designed to expand on Notes' existing features.

In terms of performance gains, the company said that Domino 7 will allow some of its customers to run up to 50 percent more users per server, requiring up to 25 percent less processing capacity in order to handle the same workload.

Ken Bisconti, vice president of IBM's Workplace, Portal and Collaboration business, said that more customers than ever are pushing the company to expand capabilities for creating and using new collaborative tools.

"There's a huge shift under way in today's market," Bisconti said. "Customers are recognizing that collaboration technology and people's productivity can substantially provide business value and really help the bottom line. Customers are looking for more than just e-mail from their collaboration platform."

IBM's pursuit of the end-user collaboration software market has pushed it into more heated competition with longtime rival Microsoft. Like IBM, Microsoft is bulking up its Office System product line to incorporate more workflow and collaboration tools. IBM said that the Notes/Domino business experienced double-digit growth during the first half of 2005, driven by over 500 new deals.

Bisconti said that IBM is winning deals by providing a clear product road map, and by providing simpler processes for moving customers onto its software.

"We're benefiting from giving our customers a clear, long-term road map for the Notes and Domino family that we will stick to and deliver on consistently," he said. "We've been very careful not to create a huge migration problem for our customers, and we're aiming to improve that; we believe that the investments that our customers make in applications are really sacred investments, and migration needs to be to the economic benefit of the customer, not just the vendor."

IBM executives said the release will help Lotus add customers ahead of the launch of the company's next major rerelease of Notes--which will include e-mail, instant messaging and calendar applications--that is due to arrive in roughly 12 to 18 months and is currently code-named "Hannover."

The company has said that the Hannover package will focus on improvements around what it calls "activity-based computing" or streamlining the manner in which individuals can manage and share information stored throughout the collaboration and messaging system.

Pricing for the Domino 7 server software starts at $1,145 per processor, IBM said. The Notes 7 software starts at $101 per user, and the Web-based version of the messaging client is being offered for $70 per person.

Read more!

Adware maker seeks to thwart rogue installs

by Joris Evers , Staff Writer, CNET News.com

In a continuing effort to clean up its image, advertising software maker 180solutions has updated its products to thwart rogue distribution.

180solutions has long been in the crosshairs of anti-spyware groups. The Bellevue, Wash., company makes the 180search Assistant and Zango Search Assistant applications that deliver pop-up ads to users as they perform Web searches. While the company distributes Zango on its own, 180solutions relies on about 8,000 third parties to distribute 180search. Those parties get paid for each installation of the software.

As is common with adware, many Internet users may have unwittingly installed 180solutions' products. Some adware pushers have buried download disclosures in lengthy legalese; installed software surreptitiously through Web browser security holes; disguised their brands; or made it tough for users to uninstall the pop-up programs.

180solutions blames "rogue distributors" for surreptitious installs of its software. Seeking to distance itself from such practices, the company has sued several of its former partners and cut relationships with about 500 of its 8,000 distributors since early this year.

The company on Wednesday announced that it has updated the 180search Assistant and the Zango Search Assistant to prevent hidden installs of the software. The applications include new "Safe and Secure Search" technology that prevents suppression or manipulation of the user confirmation when installing the products, it said.

"Today's announcement marks the biggest technological step we've taken to date to reduce fraudulent installations," Daniel Todd, president and co-founder of 180solutions, said in the statement.

Critics are skeptical about 180solutions' intentions.

"I consider this announcement largely a PR ploy designed to obtain favorable coverage," said Ben Edelman, a Harvard Law School student, as well as an adware and spyware researcher. "No reasonable user would want the extra pop-ups 180solutions delivers, so it has to resort to trickery, rhetoric and sleight of hand to get its software installed."

180solutions promises should be viewed with caution, said Alex Eckelberry, president of anti-spyware software maker Sunbelt Software. "Every few months, 180solutions announces a new reform that will supposedly make its installation practices kosher. This has been going on for over a year, and at the end of all previous efforts, we still have examples of unethical installs," he said.

All new 180solutions distributors have to distribute the updated application, existing partners have until the end of the year to switch, 180solutions said. After the Dec. 31 cut-off date, distributors will no longer get paid for installs of the older applications, it said. 180solutions software is installed on about 20 million PCs, the company said.

To alert users that they have the ad-serving software installed, 180solutions will display a message on PCs within 72 hours after installation and every 90 days, the company said. The message explains that the software displays pop-up ads and offers a link to uninstall the software. 180solutions started displaying such notifications earlier this year.

Read more!