by John E. Dunn, Techworld.com

The era of operating system vulnerability is slowly drawing to a close, with more than nine out of 10 published software vulnerabilities now appearing in applications, Microsoft’s latest half-yearly report has suggested.

According to the company’s Security Intelligence Report for the first half of 2008, OS vulnerabilities are now stable at between 6 and 8 percent of those reported, a level they have been at since the first half of 2006. Vulnerabilities in Windows XP and Vista have shown a modest decrease in 2008, continuing a similar trend over the same period.

But the report paints a more complex picture in terms of which platforms are the ones most likely to run vulnerable applications. Vista scores well, with Microsoft-based software accounting for only 6 percent of vulnerabilities on that platform, with none of the top ten browser-based holes hitting the OS.

Over the period, the biggest Vista-based software vulnerabilities appeared to be in two ActiveX controls installed only in China, which would seem to confirm the relative obscurity of serious issues on the platform.

XP, by contrast, is still Microsoft’s biggest headache, with 42 percent of all app holes on that platform coming from Microsoft’s own software.

Using the number of PC’s cleaned per 1,000 executions of Microsoft’s own Malicious Software Removal Tools (MSRT), Visa SP1 scored 4.5, while the different updates of XP scored between 9.2 and 33.8. All of this confirms what has been well established in the past – XP and its applications are still relatively vulnerable, while the newer Vista and its applications do considerably better.

Across the industry as a whole, software vulnerabilities classified by the industry standard Common Vulnerability Scoring System v2 (CVSSv2) as ’severe’ now account for 7.3 percent of those made public, with a startling 41 percent classified as ‘high’. More encouragingly, Microsoft reports, only 10.4 percent of holes had publically-available exploit code.

In truth, it is extremely hard to gauge from the report how Windows is stacking up against rival platforms such as Apple or Linux in terms of OS and app holes, but the overall message to take away appears to be that the OS is not the main worry. The big concern now is browsers on all platforms, including Windows.

Analyzing these by locale showed that China was the most likely place for browser-based exploits to hit, with 46.6 percent of them happening in that country across all platforms. The US came second on 23 percent, Russia third with 7 percent and the UK some way back with 2.4 percent.

By Ma Yujia, Pang Li & Keen Zhang

An angry Chinese lawyer accused Microsoft of perpetrating the biggest ever hacker attack in response to the software giant’s controversial move to trigger hourly screen blackouts on computers using pirated copies of Windows XP.  [Cast your vote]

On October 20, Dong Zhengwei, a lawyer of Beijing Zhongyin Law Office, sent a complaint to China’s Ministry of Public Security, accusing Microsoft of invading personal computers without user permission or judicial authorization, the Beijing Times reported.

Dong said the judiciary should assign criminal responsibility for the Windows Genuine Advantage Program so called “Black Screen” scheme and halt this “illegal move”.

To fight software piracy Microsoft announced on October 15 that, starting October 21, Microsoft anti-piracy software would be automatically installed on users’ computers through the routine Internet-based update mechanism. If a computer fails a validation test, the desktop will change to a plain black background when the computer is restarted.

Users will be able to reset the black background to any wallpaper or another background color, but every 60 minutes the desktop will revert to black until a genuine copy of Windows is installed.

Microsoft’s plan has aroused huge controversy in China. According to a poll on Chinese portal QQ.com, out of 574,923 participants, 73.33 percent said they were using pirate versions of XP, 51.58 percent said they intend to continue using pirate versions, and 32.87 percent said they will ignore Microsoft’s “black screen” campaign. Only 15.55 percent said they intend to buy an authorized version. 77.23 percent said they oppose Microsoft’s action.

Microsoft’s anti-piracy campaign is also targeted at pirated versions of Office software, which includes the popular Word, Excel and Powerpoint applications.

Microsoft said their action was not particularly targeted at Chinese users and that it planned to extend the verification system to all Windows XP and Office users within two months. Microsoft also said that the “black screen” is just a “notification of piracy” and will not actually affect the normal operation of the computer. “And even if your XP or Office is pirated, we will not collect any information from you, so let’s hear less of the charge of ‘ infringing privacy ‘.”

But in his complaint, Dong Zhengwei said frequent compulsory validations will cause certain functions of PC to slow down and he maintains that computer users face potential information leakage. He characterized Microsoft’s behavior as a kind of “hacker attack”, because it infringes users’ privacy and has not been legally authorized.

Chinese laws stipulate that a party will be considered guilty of illegal intrusion if it disrupts the normal functioning of computers by altering their operating systems.

Dong Zhengwei further noted that although Microsoft’s action is understandable, its own failure to act for a long period had brought about a situation in which nearly 10 percent Chinese people use pirate software. Microsoft’s failure to act could be construed as abandonment of its copyright. Furthermore, he said, “the creators of pirate software are to blame for piracy.” Dong said, “Ordinary computers users should not be victimized.”

Jiang Qiping, of the Informatization Research Center of the China Academy of Social Sciences, also said that Microsoft is conducting a hacker-styled attack. First, he said Microsoft’s move to verify XP was an abuse of power and might infringe China’s anti-monopoly law; second, since users of pirated versions will suffer hourly screen blackouts, it resembles a classic hacker attack.

There was a similar case in 1997. To fight piracy, Jiangmin, one of China’s leading anti-virus software providers, released a logic bomb, a piece of code that would destroy all the data on a computer’s hard disk if it detected pirate software. At that time, the public security department ruled that Jiangmin had no right to punish ordinary computer users, and that its action violated Regulations of the People’s Republic of China for the Protection of Computer Information Systems. The company was fined 3,000 yuan (US$439).

According to article 23 of this regulation, whoever intentionally inputs computer viruses and other harmful data to endanger the safety of computer information systems shall be given a warning or fined an amount of not more than 5,000 yuan for an individual offender, or not more than 15,000 yuan for an organizational offender. If income is illegally obtained, further fines of up to three times the amount of income illegally obtained can be imposed.

The Chinese public is becoming increasingly concerned about privacy. Ms. Wu, an inexperienced computer user is terribly worried. “Is the information on my computer safe when software producers can do what they like over the Internet?” Ms Wu. does not know whether the operation system in her computer is genuine or not. She is afraid that she may be sued by Microsoft. Her worry is a reflection of the near-panic among a section of computer users in China.

A blogger wrote that Microsoft should not take the law into its own hands but should leave the fight against piracy to the proper authorities.

Microsoft has recently beefed up its anti-piracy efforts in China. In August, Chinese police cracked down on a famous domestic Website offering a pirate version of the Windows XP system, after being tipped off by Microsoft. Microsoft emphasizes that it hopes computer users will voluntarily renounce the use of pirate products.

Ironically, Microsoft’s crackdown may boost the sale of a new pirate version of its XP system. According to the Kunming City-based Chuncheng Evening Post, local software vendors told the paper that a new pirate version of XP software which cracks Microsoft’s code will arrive on the market, “within two days.” One of the underground peddlers said “The new version will sell well.”

Most Chinese computer users use pirated versions of Microsoft products because of the low price. Some said they would turn to Non-Microsoft replacements, such as the LINUX system or Kingsoft’s WPS Office if Microsoft’s new policy takes effect.

Many Chinese Internet users are relaxed about the whole affair. They point out that the WGA will be cracked, just like all the most complicated Windows operating systems have been in the past. Besides, there is an easy way to evade the WGA by turning off the “Automatic Updates” option in the operating system.

Internet users have even begun to mock Microsoft’s approach. Online forums advertise black computer wallpapers for download, tagged “support piracy, turn your screen black “. Some people say pure black wallpapers have suddenly become very fashionable.

(China.org.cn – October 21, 2008)

Android is the first free, open source, and fully customizable mobile platform. Android offers a full stack: an operating system, middleware, and key mobile applications. It also contains a rich set of APIs that allows third-party developers to develop great applications.

Source: http://source.android.com/

I am wondering what will happen with other mobile application stuff being used widely, now there’s Android which has been released by Google.  Will there be an end to those, like OpenMoko? Time will tell.

This will be good and fun way to start out! I hope I still have time to try this one though.