China warns about return of destructive Panda virus

A computer worm that China warned Internet users against is an updated version of the Panda Burning Incense virus, which infected millions of PCs in the country three years ago, according to McAfee. The first Panda worm gained fame in China for switching the icons of infected files with an image of a panda holding three incense sticks. The original Panda worm, also known as Fujacks, caused widespread damage at a time when public knowledge about online security was low, and led to the country's first arrests for virus-writing in 2007. The new worm variant, one of many that have appeared since late 2006, adds a malicious component meant to make infection harder to detect, said Vu Nguyen, a McAfee Labs researcher. "It has gotten more complex with the addition of a rootkit," said Nguyen. "It definitely makes it more challenging for users to clean up and even to know that their systems have been compromised." A rootkit burrows into a system to try to hide the existence of malware. The same image would also flash across a victim's screen, but the worm's final goal was to install password-stealing Trojan horses.

Its author was ordered to write a removal tool for the worm and later sentenced to four years in prison. The worm infected millions of PCs, according to Chinese state media. China's national virus response center warned about the updated worm earlier this week, but it dubbed the virus Worm_Piloyd. The center said it had found a worm spreading online that infected executables and html files. B and did not link it to Panda. The worm blocked a victim's PC from restoring infected files, turned off active antivirus software and directed the machine to Web sites to download Trojan horses and other malware, the center said.

The new worm is unlikely to hit as many PCs as the first one. The center urged Internet users to step up defense on their PCs against unknown viruses. Chinese companies and Internet users are much more aware of malware than they were a few years ago, partly because of the wake-up call brought by the first Panda worm, said Nguyen. Chinese police are rushing to keep pace and cybercrime arrests have become more common in the country. As in other countries, cybercrime looks increasingly professional in China and labor is often divided along the production chain from virus design to the sale of stolen information.

Police in central Hubei province recently took six suspects into custody for building and selling viruses and attacking victims with a botnet, Chinese state broadcaster CCTV said this week. Separately, a Shanghai court this week sentenced a man to six months in prison after his Internet company spent the equivalent of $17,500 to launch a denial-of-service attack on a rival's servers, according to local media. The group made over 2 million yuan (US$290,000) in about six months from their activities, the report said. The man's company, iSpeak, paid for the use of a botnet to attack rival Duowan.com, reports said. China officially had 338 million Internet users at the end of June, more than the population of the U.S.

A botnet is a network of malware-infected PCs that an attacker can order to repeatedly contact a target server all at once, overwhelming the machine with requests for information and essentially shutting it down.

Online libel case stirs up free speech debate

An Illinois politician's attempt to unmask the identity of an e-mail poster who allegedly made disparaging remarks about her teenage son in an online forum is stirring a debate about free speech rights on the Internet. The paper had run a story describing a bitterly contested local election that Stone was running in. The case involves Lisa Stone, Trustee of the Village of Buffalo Grove, Il. According to a story in the Chicago Tribune , someone anonymously posted "deeply disturbing" comments about Stone's 15-year old son earlier this year in a local newspaper. In response to that story an individual using the name Hipcheck15 posted comments that were critical of Stone.

Those comments, in turn, evoked allegedly defamatory statements directed against Stone's son by Hipcheck15, the Tribune story said. The comments apparently prompted Stone's son to go online and post comments in defense of his mother. The paper did not say what exactly Hipcheck15 wrote, but it quoted Stone as describing the comments as being "vile" and "shocking." Stone did not immediately respond to an e-mailed request from Computerworld seeking comment for this story. In response to an order from the court, the paper turned in the IP address for Hipcheck15. Stone then obtained a similar order from the circuit court judge that asked Hipcheck15's Internet service provider, or ISP, to reveal the true identity of the person to whom the IP address was assigned to. As part of an effort to file a defamation lawsuit against Hipcheck15, Stone approached the Cook County Circuit Court and asked it to order the newspaper to turn in the true identity of the poster, the Tribune said. According to the Tribune, the ISP late turned in the identity of Hipcheck15 to the court last month.

Stone apparently has insisted that all she is trying to do is protect her son and other children from being similarly attacked online. A hearing is now scheduled for November 7 to decide whether the judge should provide Stone with Hipcheck15's true identity. She is hoping the case will serve as a deterrent against similar attacks. Individuals who libel or defame others online, anonymously or otherwise, are just as exposed to lawsuits as they are in the physical world and cannot expect First Amendment rights to automatically protect them. "Saying you're a lousy professor is one thing. Eugene Volokh, professor of law at the University of California at Los Angeles' School of Law, said the case serves as another reminder that online anonymity does not automatically provide immunity against libel charges.

But saying you molest 13-year olds is completely different," he said. Judges in other cases have shown a willingness to do just that if, in their opinion, the complaints had merit. Though one might use a pseudonym to conceal their true identity a court can force an ISP to unmask them in such cases, Volokh said. In a similar case earlier this year, a Texas circuit court judge ordered an online news aggregation site to turn over identifying information on 178 people who had anonymously posted allegedly defamatory comments about two individuals involved in a sexual assault case. William Pieratt Demond, a partner at Connor & Demond PLLC, a law firm in Austin that is representing the couple, today said that the online site has since turned over information that has so far led to three people being identified as tied to the comments.

The two individuals, who were acquitted of all charges, had claimed they had been subjected to intense and inarguably defamatory comments in the online forum. Libel lawsuits have been filed against all three, Demond told Computerworld today. Judges have to make the decision whether an online comment reflects just a personal opinion which is protected, or if it crosses the line and becomes defamatory. "Courts have said that because revealing a speaker's identity could end up deterring people from speaking up, we are going to require some showing whether there is a cause," he said. In the Stone case, it is hard to know how much merit her complaint has, Volokh said. Ed Yohnka, spokesman for the American Civil Liberties Union of Illinois, said the case was troubling. "We think anonymous speech on the Internet is really critical and needs to be protected," Yohnka said. Yohnka warned against a growing tendency by corporations and individuals to use defamation claims as a way to get the courts to force ISPs to unmask anonymous online commentators. "Saying something is defamatory shouldn't be the trigger" for deciding when someone should be unmasked he said.

It has traditionally been one way in which people have chosen to express themselves on political and social issues, he said. Corporations and public figures in particular need to show they have a prima facie case before they are allowed to seek the identity of an anonymous poster, Yohnka said.

Storage software market sees signs of life, but no major recovery

The storage software market showed signs of rebounding in the second quarter, but is still falling short of the pace set last year. Within the storage software market, revenue for replication products grew 5% compared with the first quarter of this year, and data protection and recovery revenue was 3% higher than in the first quarter. Worldwide, storage software vendors raked in $2.8 billion in revenue in the quarter, down nearly 10% vs. the second quarter of 2008, according to an IDC report issued last week.\ However, some positive signs emerged. Revenue for device management and archiving software has also grown slightly since the beginning of 2009. "The storage software market is slowly starting to recover with positive growth over the first quarter of 2009," IDC analyst Michael Margossian said in a press release.

Globally, revenue for external disk storage systems was $4.1 billion in the second quarter, an 18% decline year-over-year. However, IDC cautioned that growth between the first and second quarters is typical, so the year-over-year comparisons are more significant. 9 data storage companies to watch   While last week's report covers storage software, IDC this month also reported that storage hardware sales continue to struggle. The network disk storage market declined 15% year-over-year. EMC led the storage software market with 22.4% of revenue in the second quarter, ahead of Symantec (18.5%), IBM (11.5%) and NetApp (8.5%). EMC also leads the external disk storage systems market with 21.5% of worldwide revenue. This was the third straight year enterprise storage systems revenue declined in the second quarter.

Microsoft pushes switchover deal for CRM Online

Microsoft is trying to steal away Salesforce.com and Oracle CRM on Demand customers with a new offer that will provide them with six months' access to its own CRM Online application at no charge if they sign a 12-month contract. That compares to $65 per month per user for Salesforce.com Professional. Microsoft charges US$44 per month per user for CRM Online Professional edition. Oracle CRM on Demand pricing starts at $70 per month per user.

Microsoft will consider expanding access to customers of other CRM products once it sees how well the program is received, Wilson said. Meanwhile, Microsoft's application is comparable from a feature standpoint and "already about 35 percent cheaper" than the competition, said Brad Wilson, general manager of Dynamics CRM. The six-month offer is valid through the end of this year. Six months is about how long it takes a customer to know for sure whether an application is right for their business, said Ray Wang, partner with the analyst firm Altimeter Group. For one thing, a customer and Oracle or Salesforce.com may have a year-to-year deal, which might still be in effect when the six-month trial period expires, Wang said. But potential hurdles lie in the way of a smooth transition over to CRM Online, he added. While contract terms may allow the customer to cancel, they may not get a refund on the year's remaining fees, according to Wang. "Hopefully you'd be [signed up] month-to-month.

Microsoft on Monday also announced price cuts for its Business Productivity Online Suite. It's good to check and see where you are in that process." Overall, however, "users win" in price wars like this, Wang said. Other SaaS (software as a service) vendors, such as NetSuite, have made a steady stream of financial enticements in recent months too, as sales slowed during the global recession. It is also planning to roll out the software worldwide in the second half of 2010, he said. Salesforce.com has also quietly lowered monthly per-user fees for its two lowest-end editions, Contact Manager and Group Edition, to $5 and $25 respectively, down from $9 and $35. Meanwhile, Microsoft is announcing the CRM switch-over deal in conjunction with an update to CRM Online, Wilson said.

The service is now available in North America. No credit card information is required to sign up, although users need to provide an e-mail address. In the new release, Microsoft made signing up for CRM Online "super-simple," he said. They can then start a free trial with either Microsoft's Outlook client or a browser-based interface, Wilson said. A series of help tools provide information on setup and maintenance. Thirty-day trials include sample data so users can begin experimenting with the system.

Microsoft has also developed an improved data import wizard. In addition, mobile access is available at no additional charge for any phone with a HTML 4.0-compliant Web browser. "We specifically tried to engineer [the application] to make it really easy for people who don't have CRM systems," Wilson said.

China rules Microsoft violated intellectual property rights

A Beijing court has ruled that Microsoft violated a Chinese company's intellectual property rights in a case over fonts used in past Windows operating systems, state media said Tuesday. Microsoft plans to appeal the case, a company representative said in a statement. The Beijing Number One Intermediate People's Court this week ordered Microsoft to stop selling versions of Windows that use the Chinese fonts, state broadcaster CCTV said. The ruling comes as Barack Obama visits China for his first time as U.S. president.

A U.S. business association this week appealed to Obama for further efforts to protect intellectual property rights in China, where pirated copies of DVDs and computer software including Windows are widely sold on streets and in bazaars. The visit has brought renewed focus on tensions over piracy and the trade of high-tech products between the countries. Microsoft originally licensed Zhongyi's intellectual property more than a decade ago for use in the Chinese version of Windows 95, according to Zhongyi. Microsoft agrees with the court that the key in the two cases is a dispute over the scope of licensing agreements, the Microsoft representative said. Zhongyi argues that agreement applied only to Windows 95, but that Microsoft continued to use the intellectual property from Windows 98 to Windows XP. The court reportedly also ruled that Microsoft's use of a Chinese input system from Zhongyi did not violate any licensing agreements. But it disagrees with the ruling on the coverage of the agreements, which it believes also include its use of the fonts, the representative said.

Pirated versions of Windows 7 were on sale in one Beijing bazaar weeks before the software officially went on sale last month. Windows XP is the most widely used OS in Chinese offices and homes, but countless users run pirated copies. Microsoft offers Windows 7 in China for a lower price than in developed markets, and often labels its software "legal" to differentiate it from the pirated versions common in the country. Windows 7 Home Premium costs 699 yuan (US$103) in China, compared to $199.99 in the U.S.

PerfectForms: Nearly Perfect

One of the most common functions of a Web site is to gather data. Making the results look good is even harder. Building forms absorbs a huge amount of time and energy if you try to do it "old school" by which I mean getting out your Web content editor and wrangling HTML in an attempt to produce an effective form.

There are some editing tools, both online and desktop applications, that will help build HTML forms but to build a really good-looking, easy-to-use and "intelligent" forms you need to turn to a Flash-based solution. Launched as a beta in September '08 and fully released in December of that year, PerfectForms (PF) provides a graphical editor with which to build and modify your forms all delivered through either a hosted or in-house Web service. Today's focus, PerfectForms, does just that. Something that impresses me is that PF sees forms not just as forms but as workflows and integrates them with databases, Web services, text files, directory services, as well as other forms. PerfectForms offers a huge number of form components that range from the normal form elements such as labels and text fields to advanced features such as timers and CAPTCHA controls. This allows for complex, data-driven systems of forms to implement complex business processes.

PF also allows you to attach "behaviors" to form components so that, for example, mousing over an image can reveal a set of hidden fields. PF forms can be embedded in Web pages hosted on other servers and there's an optional lookup agent component to control access on an IP restriction basis so you can create a secure integration with in-house systems. When a form is completed or individual components or groups of components are used you can have a notification generated in the dashboard log and or by e-mail. PerfectForms also offers API access so that you can create new form instances (analogous to creating a database entry), populate form fields of an instance with data, update existing form fields in already submitted instances, delete a form instance, and read data from an existing form instance (i.e. read a database record). Another thing that impresses me about PerfectForms is that they "get" something that so many online utility services fail to get: That look and feel really matter. That's not to say the product is perfect yet – there are a few user interface issues that need to be resolved but even so, the current version of PerfectForms is still perhaps the most advanced product of its kind in the market. These are issues that profoundly affect how your product is perceived by users and both the forms that PerfectForms generates as well as the editor interface are great looking.

PerfectForms currently has more than 2,500 users including NASA, the Forestry Service, and most major banks. If you'd prefer to run PerfectForms on your own server (requires Microsoft Windows Server 2003 or 2008, .Net 2.0 framework, IIS with ASP.net v2.0, MSSQL Server 2005 SP3 or MSSQL 2008, and an SMTP/IMAP service) the price is $600 per designer seat. Pricing for the hosted service is by "designer", that is, each person who manages and edits forms, at a very reasonable $30 per month per seat.

Microsoft denies blame for 'black screens of death'

Microsoft today denied that its November Windows updates are causing a widespread "black screen" lock-out of users' PCs. "Microsoft has investigated reports that its November security updates made changes to permissions in the registry that are resulting in system issues for some customers," Christopher Budd, Microsoft's security spokesman, said in an e-mail. "The company has found those reports to be inaccurate and our comprehensive investigation has shown that none of the recently released updates are related to the behavior described in the reports." The report Budd referred to stemmed from a blog post by U.K.-based security vendor Prevx last week that claimed recent Windows updates changed Access Control List (ACL) entries in the registry, preventing some installed software from running properly. Since that initial report, Prevx has called out a pair of updates, one in late November and the other from last July, as the cause of the black screen lock-out. "The conditions under which the actual black screen is triggered are spasmodic," admitted Dave Kennerley of Prevx's support team in an update to the original blog post of last week. "Some test systems always trigger the condition, others are less consistent. The result, said Prevx, is a black screen, sometimes dubbed "black screen of death" in an allusion to the "blue screen of death" that Windows puts up after a major system crash. The windows patches which seem common to the issue arising are & KB915597 and KB976098 ." Kennerley's use of the word "spasmodic" is a turn-about from his initial post of last Friday, which was headlined "Black Screen woes could affect millions on Windows 7, Vista and XP." Searches of Microsoft's support forums by Computerworld have found only one "black screen" thread with posts from last month.

Some outsiders were skeptical today of Prevx's contention that the black screen problem was due to the two updates Kennerley cited. Since yesterday, several additional users have reported that their PCs have been afflicted with a black screen. "Received a patch on Nov 24 or 25. Upon reboot the computer has a totally black screen," said a user identified only as "General Zod" in a message added to the thread around 2:30 p.m. ET today. "Not even the BIOS startup stuff appears." Kennerley also said that the flaw was in the WinLogon Shell registry entry for Explorer.exe, the name of Windows' file manager. "The entry exists perfectly in the registry but is unusable/inaccessible and is therefore ignored by the OS resulting in the desktop and task bar not being loaded," Kennerley added. Rafael Rivera, who writes the Within Windows blog - and most recently took Microsoft to task for lifting code from an open-source project for the company's Windows 7 USB/DVD Download Tool (WUDT) - said his investigation pointed toward November's Malicious Software Removal Tool (MSRT) update. But Microsoft was adamant that it was not at fault for any black screens. "We've conducted a comprehensive review of the November security updates, the Windows Malicious Software Removal Tool, and the non-security updates we released through Windows Update in November," Budd added. "That investigation has shown that none of these updates make any changes to the permissions in the registry. MSFT, which is upgraded and delivered to users automatically via Windows Update, detects and deletes malware that Microsoft has identified as pervasive and dangerous. "Those particular updates don't, gleaned from limited testing, touch the Shell registry entries," said Rivera in an interview conducted via instant messaging today. "I believe the only update that touched this part of the registry recently is the Malicious Software Removal Tool for November." Rivera pointed to one of MSRT's two malware detection updates last month as the most likely culprit. Thus, we don't believe the updates are related to the 'black screen' behavior described in these reports." Budd also said that Microsoft's technical support teams are "not seeing 'black screen' behavior as a broad customer issue."