related link: EU to Require Microsoft to Offer Competitors’ Browsers With Windows

The European Commission and Microsoft appear to finally be on the verge of resolving an antitrust dispute over Windows 7’s browser

Microsoft has long packaged its Internet Explorer browser with Windows.  The bundling has given Microsoft’s browser a dominant position in the marketplace, despite promising alternatives including Mozilla Firefox, Opera, and Google Chrome.  That cozy position could soon change, though, thanks to action by Europe’s antitrust watchdog and business regulatory body, the European Commission.

The EC demanded Microsoft offer a ballot selection screen to allow users to pick their browser of choice with Windows 7.  Microsoft at first refused, saying it would not include IE 8 in European copies of Windows 7.  In the end, though, Microsoft came around andagreed to a ballot screen.

The EC had some minor complaints about Microsoft’s first proposal — mainly its lack of information to users about what the browsers were to help them make their selection.  Under the new proposal, which the EC calls much “improved” users could find out information on what a browser is from the ballot screen.  They would also have access to additional information about each browser they could install, to help them make their decision.

Under the new proposal, the balloting system would work for five years after purchase on any new install.  Windows 7 and all future versions of Windows would implement this scheme.

EC showed Microsoft some love, with a regulator stating, “The commission’s concern has been that PC users should have an effective and unbiased choice between Internet Explorer and competing Web browsers to ensure competition on the merits and to allow consumers to benefit from technical development and innovation both on the Web-browser market and on related markets, such as Web-based applications.”

Brad Smith, general counsel of Microsoft stated that his company was “pleased by today’s decisions.”

Microsoft and Europe have had a rocky relationship, with Microsoft fined 899 million euros ($1.35 billion) in 2008 for antitrust violations.  Brad Smith says that situation has greatly turned around, though.  He gave Europe some love back, stating, “It’s heartening to see the much better relationship that exists today.”

Source: DailyTech

For those of you who don’t know what Earth Hour event is, visit this site http://www.earthhour.org/about/

The dreaded WORM, the worst nightmare of those who haven’t patched thier Windows OS is now attacking legitimate sites this month. If you have been following my BLOG, I have published about this nasty worm back then. I haven’t known the name yet, until it was a full blown catastrophe by  the assesment of security experts. The name of the worm varies, but it was popularly known as W32.Downadup or the Conficker worm.

This threat is so major that major industries in IT joined hands to combat this threat. Microsoft, the developer of Windows OS is the one that is heavily affected by this worm, offered cash rewards to the one who can provide information leading to the arrest and conviction of the author(s) of this worm. And now the Worm has started to evolved into different variants, and make it’s move to perform DDoS (Distributed Denial of Service) attack to legitimate sites online.

read the full article below:

Among the key innovations of the Conficker worm (W32.Downadup) was the pseudo-random domain generation algorithm used for the generation of dynamic command and control locations in order to make it nearly impossible for researchers and the industry to take them down.  However, once the domain registration algorithm was successfully reverse engineering, it became possible to measure the estimated number of affected hosts by registering several of the upcoming phone back locations.

What if the Conficker worm suddenly decided that the phone-back locations for March were those of legitimate sites?

According to Sophos, during March, the millions of Conficker infected hosts will attempt to phone back to several legitimate domains, among which is a Southwest Airlines owned wnsux.com, potentially causing a distributed denial of service attack on all of them. Here’s a list of the legitimate domains and dates on which Conficker will attempt to contact/potentially DDoS them:

Music Search Engine - jogli.com on 8th of March
Southwest Airlines - wnsux.com on 13th of March
Women’s Net in Qinghai Province - qhflh.com on 18th of March
Phonetics by Computer - praat.org on 31th of March

In an attempt to mitigate this attack, Southwest Airlines owned wnsux.comdomains was modified yesterday and is no longer resolving to a particular IP. However, praat.org is a redirect to the University of Amsterdam’s Institute of Phonetic Sciences and just like qhflh.com and jogli.com is still active.

The reverse engineering of the domain registration algorithm not only made it possible to anticipate the upcoming command and control locations, but also, allowed security companies to pre-register them and lock them under the Conficker Cabal alliance with members such as Microsoft and the ICANN.  Moreover, perhaps the most pragmatic mitigation solution implemented on a large scale so far, has been OpenDNS updated Stats System which automatically stops resolving Conficker’s latest domains, a feature which they introduced last month.

For the time being, the Conficker botnet remains in a “stay tuned” mode with the real malicious payload to be delivered at any particular moment. A patch has been available since October, 2008.

Conficker graph courtesy of Microsoft’s Malware Protection Center.

Source: ZDnet Blog