Drumbeats get louder

The recent acquisition of SecureWave by PatchLink was not so much an acquisition as a merger, with PatchLink being the senior partner. With 3400 customers it had about twice the customer base as SecureWave and it also had about twice the staff.…

(InfoWorld) - The level of hysteria associated with the arrival of Apple's iPhone is just a notch, maybe two, below that of the Second Coming. However, there is a very good chance that when the smoke clears in the next weeks and months, a whole lot of disappointment, frustration, and dissatisfaction will be left behind.

If the iPhone is like other wildly anticipated products in the past, this could well manifest in one or more of the following forms:

* The iPhone has a massive hardware defect that results in a recall of the hardware. This is not likely, but it is a risk with all first-gen hardware.

* The iPhone is initially received with warmth but, after the first year of AT&T's two-year sentence, the public begins to realize that they've been had. See: Motorola RAZR.

* The iPhone is a smashing success and marks the beginning of a run of Apple dominance that, like other successful rebellions, becomes twisted and short-sighted, leaving the general public with limited market options.

* The iPhone is an immediate disappointment in both the power and performance categories and is immediately recognized as such for some or all of the reasons explained below.

Those are the generalities. Now, read my 13 most probable reasons the iPhone will break your heart.

13. No GPS. The more you compare the iPhone to the BlackBerry, the more it pales. Imagine attempting to navigate your way through the streets of New York City -- or anywhere else for that matter. It's really, really nice to have a built-in GPS system showing you the way. And it's really, really frustrating that Apple has neglected GPS in the iPhone.

12. Text entry won't work well. There is no way -- no way! -- that the virtual keyboard on the iPhone's touch screen interface will work as well as the physical keyboards found on BlackBerries or most other devices. Most assuredly, entering text will be a frustrating, convoluted affair. Complaints about typing have already begun to surface.

11. It's ugly! There, it had to be said. The iPhone's awkward, neo-futuristic design looks like something out of an old Star Trek episode. Remember the me-too styles and hairdos that were in vogue at the tail end of the 1980s? The iPhone feels like that, and it likely marks the end of the relatively pleasing design aesthetic that marked Apple's rise to grace.

10. Slow Internet access. The iPhone will utilize AT&T's old Enhanced Data rates for GSM Evolution EDGE wireless network, which means data speeds that aren't nearly as fast as far superior 3G technology. In 12 months, when everyone you know is surfing the Web at lightning-fast 3G speeds while they're mobile, you'll be stuck in the slow lane. And you'll still have one more year of locked-in service contract to go.

9. Sensitive screen = scratches. It's extremely easy to scratch the front of the iPod. It will be really easy to scratch the front screen of the iPhone, even with its glass faceplate. This is a neurotic concern, perhaps, but it's still valid, especially considering the $500 price tag for the low-end model.

8. It's pricey. As much as $600 for the phone. As much as $100 per month for a reasonable service plan. That's almost $2000 for the first year of iPhone, which is a lot of cash. Worse yet, after the first year of service, first-gen iPhone users will still have another year remaining on their contract with AT&T but by then, Apple could well be up to its third iteration of the iPhone.

7. No MMS. The absence of MMS technology means that you can't send or receive pictures via text messaging. This takes about 70 percent of the fun and usefulness out of the phone's camera. This is something that will likely be rolled into a future version.

6. Touchscreens lose their sensitivity. The hard reality of using a touchscreen on the go is that, over time, it will lose sensitivity and begin to malfunction. Ask anyone who has toted their Treo or Palm Pilot around in a bag or pocket for a few years.

5. No IM. Initially, the inability to use instant messaging apps may seem like no big deal. But it's a huge convenience for both workplace and social connectivity. BlackBerry users and Windows Mobile devices can already IM away.

4. No enterprise e-mail connectivity. Chances are that if you are reading this, you'll want to use the iPhone as a work-oriented device. Unfortunately, if your workplace doesn't utilize POP or IMAP e-mail servers, you're out of luck on the e-mail front.

3. No third-party applications. Given Apple's insistence on closed environments, it's no surprise that iPhone will not support third-party applications unless they exist within the Safari browser environment. Congratulations, Apple -- you have just stifled innovation and development on your brand new phone for years.

2. Locked to AT&T? In the eponymous 1984-themed commercial that marked the debut of the Macintosh, Apple went out of its way to emphasize freedom of choice, freedom of life, freedom from the hegemony of the PC. Does anyone else think it strange that Apple is now releasing a phone based on a closed OS with virtually no third-party application support and limited file flexibility? The clincher is that iPhone users only have one choice of service providers: AT&T. June 29, 2007 could mark the moment that Apple becomes the sort of oppressive, inflexible bad company that it has long accused Microsoft of being.

1. The smug factor. How excited are you to be on a plane surrounded by legions of iPhone users, each of whom is smugly confident that their iPhone has transformed them into a superior being? Admittedly, this complaint ranges into grumpy old man territory, but still. Remember when Apple used to be cool because it was alternative? On June 29, those days are officially over.

George Jones has been an avid technophile since the day he got his first Commodore 64 (and almost electrocuted himself by cracking it open with the power on).

A new experiment just goes public for AdSense to use Rounded corners instead of the classic squared corners. The new feature provides two flavors of rounded corners: slightly rounded and Very rounded. Of course if you don't opt for anyone the squared will be displayed by default. What I find interesting is that usually borders are annoying to make ads stick with content and generate very low CTR, now it's interesting to experiment the new ads especially with the rounded Google logo which fit very well with the new design.

AdSense goes web 2.0 with the new look, and it's the first contextual advertising program which started providing such new look for its ads. I think blogs concerned are mainly those with very web 2.0 designs and which usually don't generate much clicks. I have opted for very rounded corner just to test it, and thing that I didn't like is especially the text which is very close at the corner with very rounded corners, probably it's more interesting to experiment slightly rounded corners instead of the very rounded ones.

Filed under: Internet, News, Web services, AOL

(InfoWorld) - Antivirus software is frequently tested for performance, so picking a top product should be straightforward: Select the No. 1 vendor whose software kills off all of the evil things circulating on the Internet. You're good to go then, right? Not necessarily.

The increasing complexity of security software is causing vendors to gripe that current evaluations do not adequately test other technologies in the products designed to protect machines.

Relations between vendors and testing organizations are generally cordial but occasionally tense when a product fails a test. Representatives in both camps agree that the testing regimes need to be overhauled to give consumers a more accurate view of how different products compare.

"I don't think anyone believes the tests as they are run now ... are an accurate reflection of how one product relates to the other," said Mark Kennedy, an antivirus engineer with Symantec.

Representatives of Symantec, F-Secure, and Panda Software agreed last month at the International Antivirus Testing Workshop in Reykjavik, Iceland, to design a new testing plan that would better reflect the capabilities of competing products. They hope all security vendors will agree on a new test that can be applied industrywide, Kennedy said.

A preliminary plan should be drawn up by September, Kennedy said.

One of the most common tests involves running a set of malicious software samples through a product's antivirus engine. The antivirus engine contains indicators, called signatures, that enable it to identify harmful software.

But antivirus products have changed over the last couple years, and "now many products have other ways of detecting and blocking malware," said Toralv Dirron, security lead system engineer for McAfee Inc.

Signature-based detection is important, but an explosion in the number of unique malicious software programs created by hackers is threatening its effectiveness. As a result, vendors have added overlapping defenses to catch malware.

Vendors are employing behavioral detection technology, which may identify a malicious program if it undertakes a suspicious action on a machine. A user may unwittingly download a malicious software program that is not detected through signatures. But if the program starts sending spam, the activity can be identified and halted.

Also, a program can be halted if it tries to exploit a buffer overflow vulnerability, where an error in memory can allow a bad program to run. Host-based, intrusion-prevention systems, which can employ firewalls and packet inspection techniques, can also stop attacks.

The ways in which a computer can be infected also make comprehensive testing complex. For example, users may infect their computers by opening malicious e-mail attachments or visiting harmful Web sites designed to exploit known vulnerabilities in a Web browser.

The different modes of attack also involve different defenses, all of which would need to be tested to arrive at an accurate ranking, analysts said.

By contrast, signature-based tests can take as little as five minutes. "This is a very basic test," said Andreas Marx of AV-Test.org, who wrote his master's degree thesis on antivirus testing. "It's easy, and it's cheap."

Other concerns remain, over sample sets of malicious software, the age of the samples and the relative threat those samples pose on the Internet as they become older. Security vendors also think tests should check how well security applications remove bad programs, a process that can affect a computer's performance.

For vendors, a failed test can be embarrassing, since the testing companies often issue news releases highlighting the latest results.

Testing companies make money in various ways. AV-Test.org is often commissioned by technology magazines such as PC World (a magazine owned by IDG). Virus Bulletin licenses its logo to companies for use in promotional material and publishes a monthly online magazine.

Earlier this month, Virus Bulletin announced that its latest round of testing produced some "big-name failures," including products from Kaspersky Lab and Grisoft SRO.

The company's VB100 tests antivirus engines against malware samples collected by the Wildlist Organization International, a group of security researchers who collect and study malware. To pass the VB100, products must detect all samples.

Kaspersky briefly removed a signature for a worm out of its product for "optimization" purposes on the day of the test, wrote Roel Schouwenberg, senior research engineer for Kaspersky, in an e-mail. The signature has since been put back in, he said.

"Obviously, we would have rather passed than failed," Schouwenberg wrote. "Had the test been conducted a day earlier or a day later, we would have passed."

Similarly, F-Secure initially failed its test also because of a technicality, but the failed rating was later reversed. All vendors are told after testing which samples they failed to detect, thus most end up adding signatures to their products.

So what should a user do? John Hawes, a technical consultant for Virus Bulletin, cautioned that the signature-based tests are "not enormously representative of the way things are in the real world."

But Hawes also noted that signature-based tests can indicate the reliability and consistency of a vendor's software. Virus Bulletin also writes reviews of AV suites, which take into account aspects such as usability, which may be just as important as detection for consumers. The company is developing more advanced tests that will test new security technologies.

AV-Test.org is already performing more comprehensive tests, although it uses between 30 to 50 malware samples, a much smaller sample set compared to the Wildlist, which uses more than 600,000 samples, Marx said. Those tests may give a better indication of how a security software suite performs.

At a bare minimum, through, users should install some security software, as computers without it can face high risks, Marx said. Several free suites are available that may be fine for light Internet use, he said.

Ironically, Marx doesn't use any antivirus software. That's because AV-Test.org collects malware for its testing, most of which comes through e-mail from other researchers. "I'm getting about 1,000 viruses a day," he said. "It [antivirus software] would be counterproductive."

(InfoWorld) - The Internet Corporation for Assigned Names and Numbers is seeking ideas and opinions on ways to modify the agreement terms it enters into with Internet registrars to protect individuals and organizations that do business with them.

The effort stems from the recent debacle involving registrar RegisterFly, which ICANN had to strip of its accreditation due to poor quality of service, which prompted massive and loud complaints from many of its tens of thousands of customers.

At its 29th International Public Meeting in San Juan, Puerto Rico, ICANN on Monday hosted a workshop to discuss possible changes to its Registrar Accreditation Agreement (RAA) and steps it is taking to make sure registrars provide good service to their customers.

Participants in the workshop, titled "Protection of Registrants," generally agreed that the RAA is due for a makeover to prevent another RegisterFly-like situation and because much has changed since the RAA was last amended about seven years ago.

"We need to deal with registrar accreditation and the procedures by which we accommodate registrants," said Susan Crawford, an ICANN board member who moderated the discussion.

Among the issues panelists and audience members debated was the need for Internet registrars -- companies ICANN accredits to sell Internet domain names to individuals and organizations -- to escrow their customers' data with ICANN or another third party.

That way, in the event of a registrar meltdown, ICANN, which manages and oversees the Internet's domain name system, could access the customer data and help customers switch to another registrar.

"This is important to registrants. We want to be able to reconstitute a registrar if it fails so that registrants can continue to have access to their domains and be able to work with them," Crawford said.

Ironically, in its current form, the RAA has a data escrow provision but it hasn't been implemented for several reasons. "It put a burden on ICANN to receive data, so the cost was all on ICANN. And until recently, there wasn't a budget item for the registered data escrow program," Crawford said.

Details on how this escrow will work need to be established, such as what will constitute a valid trigger for the data release and what data will be stored.

Jon Nevett, policy and ethics vice president of Internet registrar Network Solutions, said that ICANN's Registrar Constituency, which he chairs, has worked in recent months on the data escrow program with ICANN, which recently requested proposals to provide escrow services.

A key point for registrars is how ICANN will protect their customers' data if it needs to be transferred, Nevett said. "There is a lot of private information in this data," he said.

One of the issues ICANN is trying to work through is what data would be put in escrow. Under the current RAA provisions that data includes: registrant, administrative contact, technical contact, billing contact, name servers and expiration dates.

"When the provision was drafted, these were the elements that were believed to be critically necessary to restore the functionality of a registrar," said Mike Zupke, ICANN's Registrar Liaison Manager. Changing the data requirements would require amending the RAA, he said.

This issue is an interesting one, considering individuals' privacy concerns when registering a domain name, concerns that have prompted the appearance of "proxy" services that let registrants "hide" from the public some of the information they submit to a registrar, Crawford said.

Nevett argued that providing data to an escrow party that the registrant wants to keep from public view doesn't compromise privacy, because the escrow data wouldn't be publicly available.

Meanwhile, Beau Brendler, director of Consumer Reports Webwatch, suggested that ICANN provide more information about registrars, including ratings, so that consumers can make better informed decisions when choosing one.

There are about 900 registrars currently, according to ICANN.

"Measures that increase compliance are good," Brendler said, adding that ICANN might consider setting up a system to rate registrars and hold registrars to best practices guidelines.

Stacy Burnette, ICANN's director of contractual compliance, said that starting next month her team will publish a report twice a year with results from their registrar audits.

Citing preliminary results, Burnette said that in March her team found that of 881 audited registrars, 19 had non-working Web sites, and that in April, 192 registrars had invoices that were overdue by 30 days or more. Based on these findings, her group is seeking compliance from the offending registrars.

Her group is also currently doing a "code of conduct audit" to ensure that registrars are not engaging in conduct that would give "the appearance of impropriety," she said. Meanwhile, a future audit will focus on registrars' back-end systems performance, checking on issues like availability, downtime and outages, to see if they are meeting standards set in their agreements with ICANN.

Moreover, an ongoing audit is focusing on registrar data retention requirements, while a future audit will verify whether registrars are maintaining the required commercial liability insurance levels, she said.

"We want to encourage compliance to enhance ICANN's ability to preserve and enhance the operational stability, reliability, security and global interoperability of the Internet," Burnette said.