Newsletters   Subscriptions  Forums  Store  Media Kit  About Us  Contact  Search   Home 
two
Volume 1, Number 26 -- August 25, 2004

But Wait, There's More


Security Holes Found in Windows XP SP2

It's been about two weeks since Windows XP Service Pack 2 (SP2) was released to the world, and the first security holes are now being uncovered. German security researchers Heise Security found a couple of "moderate" vulnerabilities in SP2 that could lead to users being tricked into executing a worm masquerading as a legitimate file. Despite the flaws, the researchers still recommend installing XP SP2 for its security features. The other SP2-related flaw, reported earlier this week by Danish security firm Secunia, is more serious. Secunia says the "highly critical" vulnerability, caused by insufficient validation of drag-and-drop events issued from the Internet zone to local resources, effects Internet Explorer 5.01, 5.5, and 6 on Windows XP SP1 and SP2. Microsoft did not issue a statement for the vulnerabilities issued by either of the security researchers.

Yankee Group Says Large Companies to Outsource 90% of Security by 2010

IT analyst firm Yankee Group said last week that enterprises will outsource 90 percent of their security solutions by 2010. In much the same way that large companies are outsourcing their accounting, human resources, and supply chain activities, the growing complexity of security will lead many enterprises to seek outside expertise for their security needs, the group concludes in its new study, "Managed Security Services Market Will Reach $3.7 Billion." This need is being driven by new regulations mandating tighter security, such as the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act, the Sarbanes-Oxley Act, and Basel II.

Sarbanes-Oxley Compliance a 'Serious Issue' for SMBs, Says ITSPA

Small and midsized businesses are scrambling to set up the required financial controls to comply with the Sarbanes-Oxley Act, according to the Information Technology Solution Providers Alliance (ITSPA), a nonprofit that advocates for SMBs. Sarbanes-Oxley kicks in on November 15 for companies with a market capitalization of $75 million or more, and for smaller companies on July 15, 2005. The ITSPA is warning companies that Sarbanes-Oxley solutions can cost anywhere from $50,000 to $500,000, and that companies should get rid of aging operating systems on PCs and servers that do not have the highest levels of security. The organization is also advising companies to consider buying a contract management solution, which often has Sarbanes-Oxley compliance features, and to make compliance a job for a specific person, who in turn reports to the CEO, CFO, and CIO.

EDS Signs $50 Million Extension for Opsware's Data Center Automation Software

IT services firm EDS has signed a $50 million contract extension with Opsware, a California company that develops software for automating data center tasks, such as server provisioning, patching, and disaster recovery. EDS began using Opsware software in its North American and European data centers in 2002, when it signed a three-year contract. With one year left on that contract, the two companies came to an agreement on a new five-year contract that will be worth at least $50 million to Opsware, and has the potential to be worth $145 million through March 2008. After that, EDS will have the option of renewing its terms every year for five years. Opsware automation software works with servers running Windows Server 2003, AIX, HP-UX, Linux, and Solaris operating systems. EDS said that customer satisfaction with Opsware's offerings, which is key to its "Agile Enterprise" network-based utility architecture, was an important factor in its decision to extend its relationship with Opsware. "Opsware software has proven to be a 'best in class' solution," said Larry Lozon, vice president of EDS' hosting services.

Workers Glued to PC Screens, Says Microsoft Study

Microsoft has a pretty sizeable business selling mice, keyboards, and other hardware devices for PC shops, as well as the monopoly on the desktop platform used throughout the business world. So it has a vested interest in understanding how business people use their computers. So the company's hardware division commissioned a study from British market researcher Synovate and discovered that about one third of office workers said that they spend between four and six hours a day sitting at their PCs, while half say that they spend eight or more hours behind their PCs. Not surprisingly, two-thirds of the workers polled by Synovate and Microsoft said that they associate the fatigue they feel at the end of the day to working at their PCs for extended periods of time. As one might expect, there was a subtext to this study: the two companies found that users who work from an ergonomically designed PC can increase their performance (whether processing transactions or doing so-called knowledge work like writing or surfing) by as much as 25 percent, and half of the employees polled said that having a modern PC with the latest gadgetry made them feel better and work better.

OSRM Says Linux Might Violate Hundreds of Patents

Many people in the Linux community have been waiting for the other shoe to drop in the intellectual property and copyright lawsuit that has been raging between The SCO Group and IBM for the past year and a half. At the LinuxWorld trade show in San Francisco recently, Open Source Risk Management announced the first independent patent review of the Linux kernel, and that review indicates that it could start raining shoes.

The key word there is "could." Here's the deal. OSRM hired Dan Ravicher, a patent attorney who is the founder and director of the Public Patent Foundation and senior counsel to the Free Software Foundation, to review the code in the Linux 2.4 and 2.6 kernels. The good news is that the Linux kernels do not, according to Ravicher, violate any court-validated software patents (meaning those software patents that have been tested and upheld in a courtroom). Attorneys from the pillars of the commercial IT sector might have a different opinion, since patent law is one of those slippery areas of life. But suffice it to say that a software patent expert says that Linux is clean. But not squeaky clean. According to Ravicher, the Linux kernels could potentially violate 283 software patents that have been issued but not validated in the courts.

OSRM probably had wished that there were some patent violations in Linux, since it would certainly help its cause in selling risk-assessment and insurance-like indemnifications to protect users of open source software (including Linux) from possible litigation. Companies like OSRM benefit from uncertainty surrounding the intellectual property in open source software, but they would benefit even more so from some concrete violations and pending litigation.

AT&T Study Says Businesses Still Vulnerable

Businesses in cities that have the highest risks for terrorist attacks, blackouts, and other disasters are least prepared to cope with such emergencies, according to a new study commissioned by telecommunications vendor AT&T and the Partnership for Public Warning, a nonprofit organization established in 2002 to promote the idea that there needs to be an organized means of communicating information to businesses and citizens in the event of disasters. The two organizations surveyed 1,000 executives in 10 major metro areas--New York, Los Angeles, Chicago, Philadelphia, Washington, D.C., San Francisco, Miami, Detroit, Minneapolis, and Dallas--to assess what lessons have been learned from Sept. 11 and the blackout last summer, which affected most of the states in the Northeast as well as some in the Midwest. According to the study, New York and Washington are the least prepared for a grand-scaled emergency; only 25 percent of businesses polled in these metro areas have a disaster recovery plan. Perhaps because of the annual slamming by hurricanes, the Miami metro area does slightly better; only 15 percent do not have a plan.

While the report, "Disaster Planning in the Private Sector," was critical of the fact that the number was not 100 percent of businesses, 75 percent of businesses that do have a disaster recovery plan (or 56 percent of the total number of New York metro companies surveyed) said that they have not only developed a plan, but tested it as well. On a national level, the study finds that 25 percent of the companies polled have not updated their plans in the past year, and 40 percent have not tested the plans they have. About 20 percent of the companies surveyed said that their businesses had been hit by an outage that caused them to lose money. Companies are doing something, however. Some 60 percent of the companies polled said that they have redundant servers or a backup site, and 25 percent have added backup power sources for their systems, and 15 percent have upgraded their telecommunications systems to make them more resilient. Of the companies that do have plans, 35 percent outsource their plan coverage from a specialist, and in the financial and government centers, where systems are critical, nearly half of the companies outsource plan coverage to service providers.

Sponsored By
WINTERNALS SOFTWARE

Now you can have a defragger designed by Windows experts

When it comes to defragging, there's no reason to settle for expensive, time-consuming manual installations and operation. And there's no reason to use a defragger that takes up disk space on every single system it defrags.

Now there's Defrag Manager. The Winternals design team - makers of the world's most powerful Windows utilities - designed it to be so efficient and trouble-free it delivers an ROI in just weeks. Install Defrag Manager on one system to optimize systems throughout your enterprise.

Don't rely on risky, out-of-date technology. Go with the defragger designed by the people who know Windows.

Try it free with an eval CD.
Editor: Alex Woodie
Managing Editor: Shannon Pastore
Contributing Editors: Dan Burger, Joe Hertvik, Kevin Vandever,
Shannon O'Donnell, Timothy Prickett Morgan, Victor Rozek, Hesh Wiener,
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

THIS ISSUE
SPONSORED BY:

Guild Companies
Unisys/Microsoft
Geekcorps
Stalker Software
Winternals Software


BACK ISSUES

TABLE OF
CONTENTS
HIS 2004 Can Bundle Green Screen Apps As XML Web Services

Dell First with Benchmark of Clustered Exchange Server System

California Software, Unisys Chase OS/400 Base

As I See It: Where Has All the Training Gone?

But Wait, There's More


The Four Hundred
Midrange i5s Versus the iSeries, Revisited

August eServer i5 Announcement Roundup

IBM Offers Deals to Push iSeries and i5 Products

The Linux Beacon
Heads Will Roll At HP Over Declining Server and Storage Sales

Motorola Picks Linux-on-Itanium for Cellular Switches

Support for SIP Expands Messaging Options for Stalker

The Unix Guardian
HP Backcasts HP-UX 11i v2 from Itanium to PA-RISC

HP to Bring Virtualization on Par with IBM with HP-UX 11i v2

Sun Sells 2 Teraflops Cluster to Department of Energy


Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, 50 Park Terrace East, Suite 8F, New York, NY 10034
Privacy Statement