Microsoft confirms free security software ships Tuesday

Microsoft today confirmed that it will launch its free security software suite, which has been in development for almost a year, Tuesday morning. "Microsoft Security Essentials, their highly anticipated no-cost consumer security offering, will be released to the public tomorrow, September 29," a company spokeswoman said in an e-mail reply to questions. Earlier in the day, Network World 's John Fontana had been told by Bob Muglia, the president of Microsoft's sever and tools division, that the company would ship the free software Tuesday. The spokeswoman added that the program will be made available Tuesday morning, Pacific time, although she did not have a specific hour for the launch. Security Essentials, which Microsoft offered to a limited number of beta testers last June, is the company's replacement for Windows Live OneCare, a for-a-fee security suite that was retired at the end of June 2009. Microsoft has pitched the software as a basic anti-virus, anti-spyware program that consumes less memory and disk space than commercial security suites, like those from vendors such as McAfee, Symantec and Trend Micro.

According to one researcher today, those security vendors have little to fear from Microsoft's giveaway. "It won't be the application that puts Symantec or McAfee out of business," said Andrew Storms, the director of security operations at nCircle Network Security. "...Microsoft still has to prove itself in this arena. Those companies, however, unanimously dismissed Security Essentials - once codenamed "Morro" - as proof that Microsoft couldn't compete in the paying market. Take, for example, Windows Defender, which has been free. If Microsoft starts dipping into the market share of these partners, will it affect that intelligence sharing? It's not necessarily the best anti-spyware product available." Storms also wondered how Microsoft's re-entry into the consumer security space would affect the relationships it's built with antivirus vendors, including those that involve the sharing of threat intelligence. "We've come to learn that Symantec and others have shared their threats and risk information with Microsoft in an effort to better protect all consumers. The free Security Essentials will be available for Windows XP, Vista and Windows 7 as a 4.7MB download from the Microsoft Web site.

13 hot products from DEMOfall '09

Network World's DEMO conference always features a wide range of flashy new consumer and enterprise technologies and this fall's show is no exception. In this article, we'll run through 13 of the new technologies generating the most buzz and highlight some of the innovations on display at the show. Products from DEMOfall '09 run the gamut, from cloud video surveillance technology to Web 2.0 patent databases to software that helps you scope out your dates for sketchy Internet activity.

Get an overview of the products Company: Third Iris Corp. The company's package includes video cameras that users can manage from a central Web site and that use "intelligent camera" software to provide analytics. Product: VIAAS With IT video surveillance becoming increasingly more complex, Third Iris Corp. has developed the Video Intelligence-as-a-Service (VIAAS) system that outsources analysis to the Third Iris cloud. Company: Armorize Technologies, Inc.  Product: Armorize HackAlert This software-as-a-service automatically scans Web Sites for injected malicious codes and links and also provides users with real-time alerts if their computers are visiting a site containing malware. Company: Intelius Product: DateCheck This is a mobile application that allows you to check up on your potential date any place where they have a presence on the Web.

According to DEMO, this product has had success in Asian markets in recent years and is coming to the U.S. for the first time this year. So for instance, if you have their e-mail address or phone number and their e-mail address or phone number is linked to their Facebook and Twitter accounts you can check up on them to see if they are who they say they are or to find out if they have any sleazy interests. The HP SkyRoom video conferencing service aims to change that by providing high-definition videoconferencing technology that HP says can support "up to four people using rich media content over standard business networks." DEMO says that while the system shouldn't be seen as a strict replacement for high-end conference room equipment, it does provide improvement for people working at individual stations who want to collaborate more easily on projects. The slogan that the company is using for the app is (we're not making this up): "Look up before you hook up." Company: Hewlett-Packard Product: HP SkyRoom If you want to participate in a video conference from your office computer, you typically have to use a puny Web camera that provides low resolution and high jitter. Company: Hashwork Product: Hashwork This is a sort of Twitter for your workplace that can integrate Google Calendar and Twitter to give workers a hub they can monitor throughout the day to see what their coworkers are up to. Company: dotSyntax, LLC Product: Digsby One annoying feature of having multiple accounts with different social networking and instant messaging protocols is the need to keep multiple windows open at once if you want to keep track of them all.

The folks at DEMO claim that Hashwork has become a staple in their daily work environment. Digsby is a program that aims to consolidate all these protocols by merging all instant messaging screen names onto one single messenger and by merging social networking sites to give real-time updates on all of them simultaneously. Company: Article One Partners, LLC  Product: AOP Patent Studies The goal of this technology is to apply Web 2.0 collaborative technology to the field of patent research. For instance, if you had accounts with MySpace, Twitter and Facebook, Digsby would serve as a one-stop hub that would tell you every time a friend wrote something on your wall or responded to your tweets. In other words, if you are a company looking to see if your patent claim will hold up in court, you can use AOP's community of patent advisors to help you out.

The application is now available for the iPhone and it will let iPhone users sync with Outlook, Google Calendar, Apple iCal and Entourage for Macs. Article One says that it charges clients for an annual subscription that will give them "real-time access to validity evidence" and communication "with AOP's scientific community… to optimize their research."~~ Company: Tungle Corp.  Product: Tungle for iPhone Tungle, which debuted last year at DEMO, is a planning application that helps friends and coworkers share their calendars and create schedules for meetings based on availability. Company: Waze, Inc.  Product: Waze Waze combines the open-source editing capabilities of Wikipedia with the real-time immediacy of Twitter to provide users with fast-breaking updates on traffic conditions. This technique can also be used to flag areas that have speeding cameras or areas that are well-known police speed traps. Essentially it works like this: If you're stuck in a traffic jam, you send an update explaining your location and the density of the current traffic.

This mobile app is available on Android phones, the iPhone, RIM devices and Windows Mobile devices. Product: Micello We all love Google maps for helping us get from one place to another on the road. Company: Micello, Inc. But what happens when we're inside a large building such as a stadium and we're looking for a particular restaurant or souvenir shop? This application supports user-generated maps of large public places that will eventually help you find a public restroom no matter where you are. That's where Micello comes in.

Company: Piryx, Inc.  Product: Piryx Think of Piryx as sort of a PayPal for politics. DEMO praises the Piryx platform for bringing "smart payment processing technology to the $300+ billion non-profit sector." Company: Answers Corp. It essentially lets users send contributions to political candidates, action committees and non-profit groups. Product: Answers.com Answers Corp, which already maintains the popular WikiAnswers, is launching this new Web site as a way to provide "one-stop answers about anything, combining the world's best licensed and user-generated content." The site will incorporate similar features to WikiAnswers, where users ask questions and rely upon a team of open-source writers and editors to answer them. Product: Symform Cooperative Storage Cloud This is new approach to cloud storage that Symform describes as a "storage potluck." When users sign up for the Cooperative Storage Cloud, they can get as much storage space as they want within the cloud as long as they contribute an equal amount of storage space on their own premises for Symform to use as storage for other customers.

DEMO says that the new site's strength is that it integrates "the depth of ReferenceAnswers with the breadth of WikiAnswers." Company: Symform, Inc. As Kevin Brown, the vice president of sales and marketing for Symform, explains it, the customer "contributes what they consume." So for example, Brown says that a customer "can contribute from an internal drive or some external drive, e.g., a $100 USB drive, and backup an unlimited amount." This cooperative approach to storage makes Symform's cloud storage cheaper than other kinds of cloud storage.

Senators want to end telecom immunity for spying program

Four Democratic U.S. senators will introduce a bill to repeal a provision protecting telecommunications carriers from lawsuits targeting their assistance to a controversial U.S. National Security Agency surveillance program. The program was illegal under the U.S. Constitution's Fourth Amendment, prohibiting unreasonable search and seizure, critics said. The new legislation, supported by Senators Chris Dodd of Connecticut, Patrick Leahy of Vermont, Russ Feingold of Wisconsin and Jeff Merkley of Oregon would repeal telecom immunity provisions in the Foreign Intelligence Surveillance Act (FISA) Amendments Act, passed by Congress in July 2008. The FISA Amendments Act provides some additional court oversight to the NSA wiretapping program, which former President George Bush's administration launched after terrorist attacks on the U.S. on Sept. 11. 2001. The FISA Amendments Act allowed the so-called Terrorist Surveillance Program, which targets electronic communication of some including phone calls and e-mail, to continue until the end of 2012. Critics of the NSA program said it illegally targeted U.S. residents' communications with people linked to terrorist groups without court-approved warrants.

Current U.S. President Barack Obama supported the FISA Amendments Act, including telecom immunity. The new legislation, called the Retroactive Immunity Repeal Act, would allow lawsuits against telecom providers such as AT&T to resume. "I believe we best defend America when we also defend its founding principles," Dodd said in a statement. "We make our nation safer when we eliminate the false choice between liberty and security. Telecom immunity provisions were needed to protect companies that helped the U.S. government fight terrorism in a time of need, supporters of the immunity provision said. But by granting retroactive immunity to the telecommunications companies who may have participated in warrantless wiretapping of American citizens, the Congress violated the protection of our citizen's privacy and due process right and we must not allow that to stand." Leahy, chairman of the Senate Judiciary Committee, said he was pleased to sponsor the bill. "Last year, I opposed legislation that stripped Americans of their right to seek accountability for the Bush administration's decision to illegally wiretap American citizens without a warrant," he said in a statement. "We can strengthen national security while protecting Americans' privacy and civil liberties. Restoring Americans' access to the courts is the first step toward bringing some measure of accountability for the Bush-Cheney administration's decision to conduct warrantless surveillance in violation of our laws." The courts, and not the president or Congress, should determine whether the telecom carriers violated the law and rights of U.S. residents, the senators said in a press release.

PayPal Introduces Open API to Put Payments Into Apps

PayPal used its inaugural PayPal X Innovate 2009 conference in San Francisco to officially announce the PayPal X program to release APIs allowing developers to integrate PayPal seamlessly into third-party applications. The new PayPal APIs allow developers to engage customers directly within their own applications rather than forcing them to port users off to the actual PayPal site. The expanded functionality will help PayPal to compete against similar online payment services from Amazon and Google.

Users who don't even use PayPal can actually sign up for PayPal within the third-party application and begin making PayPal payments seamlessly from within the third-party application. Part of the goal of opening PayPal to developers is also to expand the types of transactions PayPal is used for to include things like paying rent, or employee payroll. PayPal wants to make it easier for developers to leverage its payment system, ostensibly making PayPal a sort of de facto currency for the Web. PayPal also has its eye on smart phones and wants to incorporate PayPal payments into mobile applications. PayPal is an established name in online transactions.

Google Checkout is already working on mobile devices, and Nokia is working on its own mobile payment system, Nokia Money. It built a reputation for providing a safe and secure means of making payments for things like EBay purchases. There are fees involved and some users have taken issue with those fees (including recently adding fees without notice for services that were previously free). Rather than adopt PayPal (and the fees that come with it) for online payment, Amazon and Google have developed homegrown online payment systems. It worked so well and got so popular that EBay eventually bought PayPal in 2002. PayPal doesn't provide the service as a charity though. Google and Amazon are both online gorillas, and Amazon is a huge online retail site, so the competition is a threat to PayPal. The new PayPal X API's provide an even more integral and seamless opportunity for SMB's to leverage PayPal for both incoming and outgoing financial transactions.

A couple years ago PayPal introduced the Website Payments Pro program aimed at providing small and medium businesses (SMB) with a platform for conducting secure online transactions. Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. He tweets as @PCSecurityNews and provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com.

Personal Finance: Manage Your Money Better Online

Let's be honest. When times are good, we probably spend too much. Most of us could do a better job handling our money. When times are bad, too many of us stick our heads in the sand.

The Web has a wealth, indeed a surfeit, of tools and information to help you manage your personal finances. Both, of course, are bad ideas. To get an idea of just how much, simply take a look at Google's personal finance directory. So I've culled the list to find Web sites and tools that you'll find helpful and I find trustworthy. It's overwhelming. This is by no means "a best of the Web" list.

Swiss Army Knives of Personal FinanceKiplinger.com is a very deep site, ranging from short, newsy pieces like "A new ban on overdraft fees" to extensively reported features like this month's "Making the most of your benefits." The site tries hard to be helpful; for example a recent piece called "My Wallet was Stolen" gives bullet points about what to do right away and ends with the phone numbers of three major credit reporting agencies. It's too difficult to make that call, and I've avoided sites that have no free information. The Web site is free, but the eighty-year-old company offers a variety of newsletters and magazines at various prices. SmartMoney also has a well-deserved reputation for excellence and is notable for its wide-ranging information. One big benefit as outlined on the site: "Kiplinger answers the queries of its readers as a regular feature of their subscriptions, filling requests for additional information on any subject its publications cover, by phone, mail or email. Clicking on "personal finance," for example, brings up sections devoted to 13 different topics, including bank notes, debt, elder care, marriage and divorce.

College and Retirement Planning With the price of tuition at even public universities moving into the five-figure range, it's never been more important to develop a plan to afford a college education. SmartMoney also offers a wealth of investment tools, including real-time quotes, analysis and stock screening, but those features are behind a pay wall. Even if the heir apparent is very close to graduating high school there are steps you can take to mitigate the financial pain. Indeed, the site has an entire section devoted to financial planning for college filled with actionable tips, newsy items and generally helpful stuff. SmartMoney, for example, has an informative story about early decision students and financial aid.

Not to be outdone, Kiplinger has very meaty college-focused special report that includes pieces on comparing student loan packages and how best to use 529 (college savings) plans. By entering your personal information, you'll get back an estimate of your (teensy) monthly benefits at various retirement ages. It may be somewhat early for you to file for Social Security, but if nothing else, this government site provides a great reality check. The site has a good deal of related information, including application forms. Best Rates on CDs Finding a financial advisor is not easy and is a decision that has real consequences. There is a also a wealth of information for people approaching retirement on the Web site of the AARP. One feature I really liked that has use for a consumer of any age was called "The All Cash Challenge." As you'd expect it underlines something we all know, but probably don't put to use often enough: People who pay with cash spend less than those who pay with credit cards, because pulling those greenbacks out of your wallet hurts.

One place to start: The National Association of Personal Financial Advisors. NAPFA insists that its members be " fee only," which means the financial advisor is compensated "solely by the client with neither the advisor nor any related party receiving compensation that is contingent on the purchase or sale of a financial product." CDs don't pay much these days, but they are a secure place to park your money until better opportunities arise. Its Web site lets you search for advisors by area and by specialty. If that works for you, bankrate.com is a good place to shop. A similar tool on the site allows you to check fixed and adjustable mortgage rates for different durations and localities.

Its simple search tool includes clickable links, so if you see a deal you like, it's to take the next step. Any number of online sites help with basic financial chores, including budgets and expense tracking. After all, you'll be entrusting credit card numbers, bank account and maybe investment account information to a company you don't know much about. But I have to say that security is a real concern. That's not to cast aspersions on anyone; I'm just careful, and I hope you are as well.

Mint.com, which has garnered some good reviews, is now owned by Intuit, so the combined site is worth a look. Certainly Quicken Online, owned by Intuit, is long established, and its Web site is now free. Here's a final tip that I figured out after wasting too much money. When I had a misunderstanding with a credit card company, my account was temporarily suspended. My online life includes many services and publications that renew automatically. Suddenly a number of those automatic renewals bounced and I was prompted to update.

My credit account was quickly restored, and as a result of that little mishap I saved hundreds of dollars. (Thanks to Kathleen Pender, the long-time personal finance columnist for the San Francisco Chronicle, for her helpful suggestions.) San Francisco journalist Bill Snyder writes frequently about business and technology. I realized that I wasn't using some of those services and cancelled. He welcomes your comments and suggestions. Follow everything from CIO.com on Twitter @CIOonline. Reach him at bill.snyder@sbcglobal.net.

3 Basic Steps to Avoid Joining a Botnet

Banging the drum for security awareness never gets old. Online, the biggest battle these days is against botnets: networks of infected computers which hackers can use - unbeknownst to the machine's owner - for online crimes including sending out spam or launching a denial of service attack. As much as CSOs try to get folks to bone up on safe practices (both online and in the office), there are always going to be some who need reminding.

Unfortunately, the black-hat techniques employed to snare users into a botnet web have evolved to a level that makes them often undetectable by even the most sophisticated security products. Santorelli, director of global outreach with the non-profit security investigations firm Team Cymru, spends his days monitoring malicious online activity, particularly botnets. Combine that with a lack of user knowledge, and the threat of infection becomes very high. (See: Botnets: Why it's Getting Harder to Find and Fight Them). "The frustrating thing is they can make their chances of getting infected much, much smaller," said Steve Santorelli, who sees how users fall prey to easily avoidable traps every day. Santorelli notes that while just one strategy probably won't cover you, with several tools in the tool box, the rate of infection within an organization significantly drops. They might not realize the importance of working with IT to ensure they are up to date with patching and software upgrades.

Tip 1: Have work AND home machines regularly updated with patches and antivirus software The average user doesn't necessarily have a lot of technological knowledge, said Santorelli. This problem may be especially prevalent among workers who are exclusively remote. Sophos scanned 583 computers for 40 days and found that 81 percent of the machines failed one or more basic security checks. In fact, a study conducted by security firm Sophos last year found most computer users ignore security updates and turn off their firewalls. Most machines, 63 percent, were lacking security patches for the operating system, office application and programs like Windows Media Player and Adobe Flash. Those are exactly the folks that criminals love. "These people are going to go for the low-hanging fruit and unfortunately there is a lot of it out there," said Santorelli. "There are so many machines without updated AV on it." If your patching system isn't automated, your users need to be made aware of the risks they are taking by working with unpatched and out-dated security technologies.

More than half, 51 percent, had disabled their firewall and another 15 percent had outdated or disabled antivirus and anti-spam software. And while security updates are not the cure-all for malware infection, Santorelli said they certainly serve as a strong deterrent. "If you are walking down the street as a burglar and you see a house with a Rottweiler, and a visible sign from a security company, you probably won't attack that house," he noted. Unfortunately, that's less and less foolproof. "It used to be that if you surfed to places like CNN, or the Weather Channel, you weren't going to come across great deal of malware," said Santorelli. "That isn't the case anymore. Tip 2: Use the latest browser versions Staying away from dubious sites and sticking to known brands used to offer reasonable online safety. We've seen a number of cases recently where people have gone to a legitimate web site and there is an advertisement up there hosting some kind of malicious code." That is where the latest safe browsing technologies can help, said Santorelli. There is also a great deal of anti-phishing and anti malware that goes into them now.

The latest versions of today's browsers will often flag potentially dangerous content. "Browsers are so much more secure now that so many of the holes that existed in these browsers have been patched. So if you try and go to a link that contains malware, your AV might not pick it up. You can download the latest version of Internet Explorer or Firefox fairly easily and quickly, too (See: IE or Firefox: Which is More Secure?). "It will only take you five minutes to have the latest browser technology," said Santorelli. "It is just another string to your bow, so to speak." Tip 3: Be a little more careful when you get a link or an attachment. "Don't just blindly click on things and rely on other people to protect your computer," noted Santorelli. "You've got to take some responsibility for your own security." Team Cymru research reveals that the most common attack vectors for installing malware continue to be links in emails, or drive-by downloads. "We know from our recent investigations that there is a great deal of success to be had [for hackers] by just sending links out," he said. But your browser will say: "Are you sure?" The good news is most browsers are free. Just because you receive the email from someone you know and trust, it doesn't mean it is safe. See Five More Facebook, Twitter Scams to Avoid for examples of current attempts to exploit social media sites.

This includes friends and family, whose systems or accounts may have been compromised, and also well-known web sites you use, like social networking sites or banks. And large banks, such as Bank of America, often find their name is used in email phishing scams where thieves send out messages warning that customers their account has been compromised with a link that leads to a fake, but very legitimate-looking login screen. Of course, whether or not you should click any link or attachment also depends on if you have complied with steps 1 and 2 above. "You're going to have to take it on a case-by-case basis," said Santorelli "And my concern would be significantly raised if I didn't have my computer up to date with antivirus and browsing technologies."

Intel CTO: Machines could ultimately match human intelligence

Will machines ever be as smart as humans? The notion of a technological "singularity," a time when machines match and surpass human intellect, has been popularized by thinkers such as inventor and author Raymond Kurzweil, who commonly cites Moore's Law in his arguments about the exponential growth of technology. Intel CTO Justin Rattner thinks that someday, they might. Rattner's views on the singularity are sought after, given that he is CTO of the world's biggest chipmaker and the head of Intel Labs, the company's primary research arm.

So yeah, at some point, assuming all kinds of advances and breakthroughs, it's not inconceivable we'll reach a point that machines do match human intelligence." Already, scientists are working on placing neural sensors and chips into the brain, allowing people to control prosthetic limbs with their own thoughts. In a recent interview with Network World, Rattner said he has "tried to sidestep the question of when [the singularity] might occur," but says machine intelligence is constantly increasing due to laws of accelerating returns, "of which Moore's Law is perhaps the best example." "There will be a surprising amount of machines that do exhibit human-like capabilities," Rattner said. "Not to the extent of what humans can do today, but in an increasing number of areas these machines will show more and more human-like intelligence, particularly in the perceptual tasks. This is likely to become a "relatively routine procedure" in a few years, Rattner said. Rattner's views are also held in high regard in the world of supercomputing, of course, and he will deliver the opening address at the SC supercomputing conference in Portland, Ore. in November. Rattner said that while many commentators are preoccupied with the far-off singularity, he concerns himself more on how laws of accelerating returns "are real" and could lead to amazing advances in technology, including augmentation of the human body. "Assuming that interface technology progresses in an accelerating way, the possibilities of augmenting human intelligence with machine intelligence become increasingly real and more diverse," Rattner said. Nearly 80% of the world's 500 fastest supercomputers use Intel processors.

But Rattner says the supercomputing industry is already looking forward to the era of the exaflop - 1,000 times faster than a petaflop. The world's first petaflop machines, capable of performing one thousand trillion calculations per second, came online just last year. Rattner says the fundamental technologies behind a future exaflop machine could be demonstrated by the middle of next decade, and - depending on government investment - the first exaflop machines could become operational in the second half of the decade. You'd need a 500-megawatt nuclear power station to run the thing." The industry will have to move that number down to something practical, perhaps tens of megawatts, Rattner said. But this still depends on overcoming limitations in today's computing architectures. "Now that we've achieved petascale computing, there's all this interest in getting the next factor of 1,000," Rattner said. "But we can't get there with today's technology, largely because of power considerations.

But the work is just getting started. "We've got a lot of really big engineering challenges," Rattner said. "Today, we just don't know how to get there."