IT-Code-News: IT News HeadLines (InfoWorld) 08/02/2009

BlackBerry still targeting businesses

While competitors like the Apple iPhone and the budding Google Android platform have garnered a lot of attention lately, Research in Motion (RIM), maker of the ubiquitous BlackBerry smartphone, sees itself as the right choice for businesses, a company official stressed Friday.

RIM officials held a press session in San Francisco Monday to tout the tenth anniversary of the BlackBerry as well as promote the company's wireless communications solutions for enterprises of varying sizes. Asked how BlackBerry stacks up against iPhone, Alan Panezic, vice president of the RIM platform product management group, emphasized business benefits for a corporate audience, where security, usability and connecting to corporate assets are paramount.

[ While RIM is promoting its signature smartphone, the company is also a party in a patent dispute. ]

"From our perspective, we really see [BlackBerry] as head and shoulders above anything that's out there in the marketplace," said Panezic, who later noted BlackBerry also can be used as a consumer-oriented device. The BlackBerry Storm model could be regarded as the functional equivalent of the iPhone, although it was not designed with that intention, said David Heit, director of software product management at RIM.

?As far as Android, Panezic said, "To be quite to be quite honest, it's a wait-and-see attitude. It's an open device-centric platform." He also emphasized BlackBerry as offering a platform with behind-the-firewall capabilities and push technology.

The BlackBerry has expanded beyond its roots as a wireless tool to read e-mail, now offering such capabilities as business collaboration like social networking and the sharing of data and documents, Panezic said. "That's an example of things that 10 years ago were quite frankly a dream," he said.

While smartphones like the BlackBerry are only a relatively small portion of the overall cell phone population, the volume is growing, Heit stressed. The smartphone has been a disruptive technology to devices like the laptop computer and desktop phone as it adds more capabilities, such as reading and editing of documents, he said.

"I'm starting to eliminate the use cases why I carry a laptop," Heit said. Eventually, the BlackBerry could be expanded to such diverse uses as remotely controlling the temperature in a home swimming pool or as a TV remote, he said.

The company plans to open in March an application store for third-party and RIM applications for BlackBerry. Applications for the BlackBerry were noted, such as the Pyxis Mobile application for mortgage-banking and the Salesforce.com CRM system.

RIM officials also detailed company technologies including BlackBerry Enterprise Server 5.0, for pushing e-mail and data to the BlackBerry. Previously referred to as "Argon," version 5.0 is due in the second quarter of this year, featuring enhancements in scalability and application deployment as well as high availability.

BlackBerry Professional Software provides smaller scale version of Enterprise Server, for small and mid-sized businesses. BlackBerry Mobile Voice System, meanwhile, allows calls to an office desktop phone to be channeled to a BlackBerry.

Bad economy could slow enterprise adoption of Windows 7

The turbulent economy could hinder enterprise adoption of Windows 7, even though many companies opted to skip Windows Vista and are still running the outdated Windows XP OS, analysts said.

Although the beta of Windows 7 released in January is getting good reviews, that may not be enough to inspire businesses to upgrade, given their tight IT budgets and the fact that many are cutting costs in any way they can.

[ Special report: Early looks at Windows 7. ]

"I think the down economy will hinder just about everything," said David Smith, a vice president and fellow at research company Gartner.

Windows 7 is expected to be available before the end of the year, or at the very latest, early next year. Unless there is a dramatic economic rebound, all signs point to the economy still squeezing IT budgets at that time.

Tens of thousands of jobs have been cut in the last several months as cost-cutting measures at companies across all business sectors. Not only do those job cuts show that overall budgets are tight, they also mean that companies will probably have a surplus of client PCs that they can reassign to other workers, said Michael Cherry, an analyst with research firm Directions on Microsoft, in Kirkland, Washington.

"If they're laying off employees, they have more than they need, so they may reallocate those to other employees," he said.

Those machines are probably running XP, because only 9 percent of nearly 1,000 North American and European businesses surveyed in a recent Gartner report said they upgraded to Vista.

Despite the economy, however, Windows 7 probably won't be as disastrous an OS as Vista was in the business market, analysts and IT professionals said. There are some good reasons to upgrade to Windows 7, even if companies have to scrape the bottom of their budgets to do so.

XP is now eight years old and beginning to show wear and tear, said Andrew Brust, chief of new technology at the IT consulting firm twentysix New York. "It stood the test of time very well, but it is now definitely showing its age," he said.

Even with budgets as tight as they are, companies that can upgrade to Windows 7 should and probably will, because they have waited so long to upgrade, Brust said.

"Many customers probably held off on Vista upgrades, choosing to wait for its successor, so there's real upgrade backlog to tend to," he said.

Moreover, companies will begin to see compatibility issues with XP and third-party applications as the OS gets older, Brust added.

"The economy doesn’t just challenge customers; it also challenges software companies, who can only afford to support so many versions of an OS," he said.

Brust added that improved security features in Windows 7 and its superiority on 64-bit PCs are also reasons for companies to upgrade.

However, on the latter point, Cherry said that with the economic crisis, companies may not be purchasing expensive computers when they do loosen budgets to buy new machines, so the 64-bit argument for the OS -- one that Microsoft tried to make with Vista -- may not fly.

That's why Microsoft plans to make Windows 7 work well on older PCs and new low-cost PCs and netbooks. This, Brust said, will make Windows 7 "more attractive as an upgrade for the entire installed base of PCs inside an organization" than was Vista, with its complex hardware requirements.

Still, Cherry is reserving judgment about whether Windows 7 will run well on older or low-cost machines until he sees its final release.

"It's certainly a goal for the OS [to run well on low-cost hardware], but I don't think anyone's goal for a new OS is to make it thicker, dumber, and slower," he said. "I'm sure it was the same goal with Vista. But we won't know until we see the final code."

For Cherry, a more compelling reason for companies to upgrade is a set of features in Windows 7 that take advantage of new capabilities in its companion server OS, Windows Server 2008 R2, which Microsoft is expected to release shortly after Windows 7, he said.

Microsoft traditionally updates both the client and server versions of Windows at around the same time, and pitches them to customers as "better together." This ploy did not work with Vista and Windows Server 2008, but the tie-ins between the two weren't so obvious, Cherry said.

There are networking and other features in Windows Server 2008 R2 that take advantage of new features in Windows 7, so Microsoft might have better luck promoting the two together this time around, despite the flagging economy, he said.

MySQL chief leaving Sun

Former MySQL CEO Marten Mickos is leaving Sun Microsystems, a Sun spokeswoman confirmed Friday.

Mickos, who became senior vice president of Sun's database group when Sun bought MySQL last year, is just the latest high-profile MySQL figure to depart from Sun.

[ Mickos' departure comes a day after MySQL co-founder Monty Widenius announced his departure from Sun to start his own open source venture | Sun's Jonathan Schwartz called the MySQL acquisition "the most important acquisition in modern software history." ]

The database's creator, Michael "Monty" Widenius, said in a blog post Thursday he had resigned due to dissatisfaction with how Sun was handling MySQL development, and several months ago MySQL co-founder David Axmark also left the company, citing the confining nature of corporate life.

Mickos' duties have been taken over by Sun executive Karen Tegan Padir, who is now vice president of the newly formed MySQL and Software Infrastructure group. Padir's responsibilities also include the Glassfish application server, identity management, SOA (service oriented architecture), and the Java Enterprise System.

The apparent exodus of MySQL-ites from Sun comes as no great surprise, according to one industry observer.

"For the most part, if a tech person gets a good-to-excellent payout after vesting from the acquisition, they move on to their own thing," said Redmonk analyst Michael Coté. "That's what just about what every techie out there dreams of: getting rich enough to finally be their own boss for the rest of their lives. Any other hassle or big-company friction they encounter just accelerates that."

Given the strong revenue numbers Sun has been reporting for MySQL, the project's health seems sound, Cote added.

The shakeup "puts MySQL into the mainstream of software at Sun" and will help the company form "even tighter linkages between all software properties," Sun said in a statement.

Mickos' bio now states that he will serve as an "open source strategist" until the end of Sun's current quarter.

Mickos could not be reached for additional comment Friday. It probably won't be long before he resurfaces in another venture, several observers predicted Friday.

Top 10: Good IT salary news, career changes, and online scams

We're taking a break from (most) bad economic news this week. Oh, it's not that the week was without that sort of news, we just need a break and we figure our faithful readers do too. The only nod in that direction is toward China, where Lenovo had an executive shake up amid its falling fortunes. Keep reading, though, because a couple of new salary surveys struck encouraging notes. Rumors, scams, psychedelic drugs, and the transition to DTV -- we don't like when the government messes with our TV -- are in the mix, too.

1. Google offers tool to let you track your friends' movements and Privacy group calls Latitude a 'danger' to security: A Google location-based "feature" called Latitude has privacy-focused groups stirred up, with quick objections voiced to the search monolith making location data readily available. While it may be good for tracking where your children, or employees, are and using it requires opting in, privacy advocates raised all kinds of concerns, including the possibility that stalkers will find that Latitude is a handy tool and that hackers will have a field day with it. Google says that Latitude has sufficient safety features built in.

[ Get the analysis and insights that only Randall C. Kennedy can provide on PC tech in InfoWorld's Enterprise Desktop blog. And download our free Windows performance-monitoring tool. ]

2. Lenovo's Amelio resigns, Yang returns as CEO and Stung by losses, Lenovo turns focus back to China: Lenovo reported a $97 million quarterly loss and the resignation of President and CEO William Amelio, who will be replaced by company Chairman Yang Yuanqing. The executive shake up was something a surprise, but seemed to signal plans the company stated outright in a teleconference with reporters, that it will shift its focus back to China, as well as toward emerging markets. The Americas are not such a great place for doing business these days.

3. Ballmer: Enterprise XP holdouts will get hell from consumers: Microsoft chief Steve Ballmer says that if companies stick with Windows Vista or, gasp!, XP for too long after Windows 7 comes out employees who have the newer operating systems at home will wonder why their companies are not updating OSes. "If you deploy a 4- or 5-year-old operating system today, most people will ask their boss why the heck they don't have the stuff they have at home," Ballmer said. This leaves us wondering about those of us whose home computers run Linux, not to mention the Mac users out there, and what we should ask our bosses.

4. Psychedelic drugs just a click away online: Ever wondered about the Web sites that sell psychedelic drugs (or claim that is what they are selling) and if their goods are for real? Well, they have wondered over at PC World and decided to find out, buying 19 "supposedly" psychoactive substances online and then asking researchers to test the goods. Most of the substances, it turns out, really could give you a buzz, but some of them could make you sick or even kill you.

5. New IT salary survey strikes hopeful notes during recession and Surprise! Tech is a safe career choice today: Here's a little high for IT professionals that will not do any harm -- researcher Computer Economics predicts that IT salaries will go up this year! (We are not generally fond of exclamation points, but given the weeks of horrid financial news we could not resist.) The increase will not be huge, but at this point we will take what good money news we can get. A couple of other reports due out Monday say that IT security staffs and their salaries are holding steady.

6. Top 10 spam-friendly registrars named and shamed: Spam-figher KnujOn identified the 10 domain-name registrars it has most linked to spam and other bad behavior, and, surprisingly, Network Solutions and GoDaddy's sibling company Wild West made the list.

7. Congress approves U.S. digital TV transition delay to June and DTV delay receives mixed reactions: Congress approved a delay in the transition of U.S. TV stations, and households, to digital television, which prompted an assortment of reactions.

8. FBI warns of money mule scams: If you get an e-mail solicitation that you can work at home and not do too much and earn a lot of money, odds are it is a scam, the Federal Bureau of Investigation warned. Although at this juncture in Internet time some of us must wonder why such a warning would be necessary, the FBI has been receiving complaints from people who fell for the scams and became victims.

9. Microsoft smartphone rumors gain steam: Rumors are swirling again that Microsoft is going to announce a smartphone, possibly at the GSMA Mobile World Congress in a couple of weeks. Undoubtedly, there are not yet enough smartphones to choose from.

10. Human error caused Google search bug and Is Google too powerful for our own good?: This technically happened last week, but on Saturday after we had put last week's Top 10 to bed (to pull an old journalism phrase out of the dustbin). For about an hour Saturday morning Eastern Time, Google search users found every single search result labeled "this site may harm your computer." Google initially said "human error" by someone at StopBadware.org caused the glitch, but it turned out it was a googler's human error. In fact, the error caused a denial of service attack on StopBadware's site when untold thousands (millions?) of would-be searchers clicked on the warning links and got redirected to the organization's site. Ouch.

WSO2 offers open source, componentized SOA

Open source SOA vendor WSO2 on Monday will debut a componentized framework for SOA based on OSGi, with the intent of letting user sites assemble just what they need for their own deployments without having to carry excess software.

Called Carbon, the framework will first be featured in upgrades to the company's enterprise service bus, application server, and registry as well as in a new business process management product. Developers can deploy needed components and eliminate complexities of middleware integration, according to WSO2. OSGi is featured for modularization, with Carbon based on the Eclipse Equinox OSGi engine.

[ Related: A prominent analyst recently declared SOA dead | For more about SOA, check out David Linthicum's Real World SOA blog. ]

"What we?ve done is basically broken down the implementation of the server platform that we had into a collection of components based on OSGi," said Sanjiva Weerawarana, CEO of WSO2. Without this type of componentization capabilities, users can end up with too much overhead, security issues, and complications in upgrading, Weerawarana said.

As part of the rollout, the company is introducing WSO2 Business Process Server 1.0, a business process management product based on Apache ODE (Orchestration Director Engine), which executes business processes based on the WS-BPEL specification.

Other products based on the Carbon framework include the following:

-- WSO2 Web Services Application Server 3.0, featuring XML, REST and WS-Policy editor support.

-- WSO2 Enterprise Service Bus 2.0, with an enhanced sequence designer for developing flow logic.

-- WSO Registry 2.0, with enhancements to the SOA governance model including improvements to publication and management of WSDL services.

?Componentized versions of WSO2 Mashup Server and WSO2 Data Server are due in the middle of the year. A core Carbon framework, which will enable users to add what they want, also is due in mid-2009.

Carbon offers a plug-and-play architecture that will, for example, save users from having to download both the application server and ESB as separate products. Developers instead could start with the ESB and add application server components such as Java service hosting and data services. Also, users could download relevant business process management components rather than the entire product, WSO2 said.

Initially, users will need to download entire products and then they can use only needed components. Individual components will be available within one month of the initial product release, allowing developers to add new capabilities to any of the core products.

The common Carbon framework provides enterprise capabilities for management, security, clustering, logging, statistics, and tracing along with a "Try-It" testing function. A graphical, unified management console is featured for deploying and managing services, processes, and statistics across SOA components.

Service types added into the Carbon platform inherit tracing, security, and other capabilities. Also, developers can deploy other OSGi bundles based on existing open source projects or their own custom OSGi components on top of Carbon.

WSO2 is offering a "fairly intelligent use of OSGi," said Michael Meehan, senior analyst at Current Analysis. "They're really embracing the modularity of it," Meehan said.

In addition to ODE, Carbon components are based on Apache projects such as the Axis2 Web services engine, the Tomcat servlet container, and the Synapse ESB.

Developers need to download one of the four products to get the core Carbon framework and unified management console.

Products will be offered as open source offerings under the Apache 2.0 license. WSO2 sells service and support options via subscriptions. A one-year subscription to the business process server will cost $12,000 per CPU while the other three products will cost $8,000 per CPU per year.

Microsoft leaks Skybox mobile storage site

Microsoft appears to have leaked and then pulled a Web site describing a service that would let Windows Mobile users back up and access information stored in the cloud.

The site, getskybox.com, is no longer loading. But an item on Engadget and many subsequent reports online said that the service would let people back up and restore phone information on a password-protected site. It would also let users access their contact lists and calendars and share photos through a Web account.

[ In other mobile news, Microsoft is rumored to be working on its own smartphone. ]

Even though the Web address uses the Skybox name, the page called the service My Phone.

Rumors have surfaced recently that Microsoft might unveil such a service at the upcoming Mobile World Congress in Barcelona.

Microsoft already has a service that sounds similar to Skybox. Live Mesh lets people upload photos and other information to a Web page and access the data from a mobile phone.

Skybox may be different because it appears that it will automatically sync appointments, photos, videos, text messages, calendar and contact information, and more.

In addition, while anyone with a phone and a browser can use Live Mesh, Skybox appears limited to people using phones with Windows Mobile 6.

A spokesman with Microsoft's public relations firm said he didn't yet have comment about the appearance of the Get Skybox Web site.

New IT salary survey strikes hopeful notes during recession

IT professionals have good reason to feel anxious about their careers: Job losses among IT workers are mounting as CIOs cut their IT budgets and as IT departments shed staff and institute hiring freezes.

But new research may give IT professionals some much needed good news: IT research firm Computer Economics is projecting that IT salaries will increase in 2009. Computer Economics isn't predicting a substantial increase in IT pay, but an increase nonetheless, at a time when many companies are resorting to salary freezes to keep personnel costs in line with revenue shortfalls.

The research firm, which specializes in IT management metrics, predicts that IT salaries will grow by about 2 percent this year.

IT executives, directors, managers, and application developers will see slightly larger increases than that 2 percent. Computer Economics predicts that base salaries for IT management and for people in application development functions will creep up between 2 and 3 percent his year, as certain programming and IT architecture skills remain in high demand and as employers offset reductions in bonuses for managers with higher base salaries. Meanwhile, wages for other IT workers will inch up between 1.5 percent and 2.5 percent.

[ Read InfoWorld's feature "Surprise! Tech is a safe career choice today" | Learn more about how the financial crisis is affecting IT and the high-tech industry, plus what IT can do to help, in InfoWorld's special report | Get sage advice on IT careers and management from Bob Lewis in InfoWorld's Advice Line blog and newsletter. ]

Computer Economics' IT salary projections are slightly lower than those released by Robert Half International in October 2008. At that time, the IT staffing firm predicted salary increases of 3.7 percent for IT professionals in 2009.

John Longwell, Computer Economics' research director, acknowledges that his firm's forecast is conservative. He notes that a salary survey Computer Economics conducted during the fourth quarter of 2008 showed that the median pay raises IT organizations planned for their staffs was 3 percent. Computer Economics adjusted that figure to 2 percent to reflect the continued deterioration of the economy and rising unemployment.

Longwell says that if inflation remains flat or negative, smaller pay increases this year could do more to boost IT professionals' real income than larger pay increases did in previous years, when inflation and energy prices were high.

"If there's no inflation and if your salary increases 2 percent, your personal income in real terms increases," he says. "Compare that against, if you get a 6 percent raise but there's 8 percent inflation, your real personal income declines."

IT better positioned to survive recession than other functions
Longwell believes IT spending has been "fairly restrained" since the 2001 recession, which hammered the IT industry. Since then, IT organizations have been cautious about adding staff and have found ways to run lean, for example, by outsourcing more and automating more datacenter work, he says. Consequently, Longwell adds, IT leaders can make a strong case that their departments are already running efficiently and can't afford more cuts.

"Companies laying off workers may also be looking to IT to increase the productivity of remaining workers," he says. "So all those things make us believe that IT isn't going to face the severe cuts that other areas might face."

Computer Economics' research is based in part on a salary survey it conducted in the fourth quarter of 2008. The company uses its own historical survey data, as well as data from the Bureau of Labor Statistics, to create a statistical model based on the relationships among IT job titles and metropolitan areas. Computer Economics uses the statistical model and survey data to project 2009 salaries for 70 specific IT functions by metropolitan area.

CSO Online is an InfoWorld affiliate.

Next Mac OS: Learning from iPhone?

Some of the clever and unique functions of the iPhone -- such as being location-aware and supporting multitouch -- may make their way to Snow Leopard, the next version of Apple's OS X. The new OS will reportedly take a page out of the iPhone SDK and support the Core Location service on Macs. Also, multitouch capabilities will be accessible to third-party developers, according to Apple Insider.

Since Macs are not 3G capable -- not yet, anyway -- Core Location on Apple's computer line would use latitude and longitude coordinates instead of GPS to display a device's location. But does Core Location for Mac mean a Core Location Blacklist like the one on the iPhone is coming to the desktop? The "clbl" was discovered shortly after the launch of the iPhone 3G; its discovery prompted some to wonder if this was in fact the rumored "kill switch" that could remotely disable iPhone applications. I'm not an engineer, but it seems to me that while a MacBook kill switch would be harder to pull off than on the iPhone, it wouldn't be impossible.

[ Explore the programming possibilities offered by the current batch of mobile devices in InfoWorld Test Center's survey: "A developer's-eye view of smartphone platforms." | Discover the key Mac and Apple tech trends for business users. Read InfoWorld's Enterprise Mac blog and newsletter. ]

In addition to Core Location, Snow Leopard developers will reportedly be able to take advantage of the MacBook's multitouch capabilities. Apple has been big on multitouch ever since it released the iPhone, and is currently trying to trademark the term. All of the latest models of Apple's laptop line support multitouch functionality, as do the MacBook Pros of the previous generation. If you're like me, however, and have an older 13-inch MacBook with a casing that can never stay clean and a top cover that has popped off and chipped so many times that you spend more time at the Genius Bar than you do at your desk ... well, you're out of luck when it comes to multitouch.

Snow Leopard was officially announced during Apple's 2008 Worldwide Developers Conference in San Francisco. Apple CEO Steve Jobs has said the new OS will focus primarily on performance and security.

PC World is an InfoWorld affiliate.

Hoax parking tickets lead to Trojan

Hackers are using hoax parking tickets planted on vehicles in the U.S. as a way of spreading malicious viruses.

According to the security experts, the traffic violation tickets that were placed on cars directed the recipients to a Web site that claims to have photographic evidence of the alleged violation. Web users are encouraged to download a toolbar to find the images of their vehicle.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

However, the toolbar installs the Vundo Trojan, which in turn in stalls a fake virus scanner onto a PC.

Vehicles in Grand Forks, North Dakota, were the targets for this new type of fraud.

"The initial program installed itself as a browser helper object (BHO) for Internet Explorer that downloaded a component from childhe.com and attempted to trick the victim into installing a fake anti-virus scanner from bestantispyware securityscan.com and protectionsoft warecheck.com," said SANS anti-virus analyst Lenny Zeltser on a blog.

Zlester said he thought it was the first-time hackers had resulted to scams that covered both the Web and the real world.

"Attackers continue to come up with creative ways of tricking potential victims into installing malicious software. Merging physical and virtual worlds via objects that point to websites is one way to do this. I imagine we'll be seeing such approaches more often," he said.

Open source integration tools are 'enterprise ready'

Enterprises are increasingly looking at open source for critical enterprise date integration projects, according to a global survey of more than 1,000 respondents.

The survey, conducted by open source data integration provider Talend, said organisations trying to lower total cost of ownership (TCO) for data integration software, were considering OSS.

[ Track the latest trends in open source with InfoWorld's Open Sources blog. ]

This was not just for one-time projects, but also "for on-going mission-critical processes, to replace or complement their expensive CPU-dependent solutions," Talend claimed.

The survey found 31.2 percent of respondents use open source tools in combination with commercial applications for data integration. Talend said: "In fact, open source solutions are often complementary to an existing proprietary solution that, for functional or cost reasons, is unable to address a specific need."

The key drivers for using open source tools were ease of use (59 percent), performance (53.9 percent), and no vendor lock-in (42.5 percent), followed by licensing costs with only 42.1 percent respondents.

Yves de Montcheuil, vice president of marketing at Talend, said OSS's cost argument is compelling for IT managers: "Open source solutions are continually evolving to meet market requirements. The TCO is significantly better than proprietary solutions and users confirm the ease of use and performance of these products."

Montcheuil added that IT departments do not have to justify "significant up-front fees, a key consideration in today's economic climate."

Computerworld UK is an InfoWorld affiliate.

Microsoft plans critical patches for IE, Exchange

Microsoft Thursday said it will deliver four security updates on Tuesday, two of them pegged "critical," and will finally issue a patch for SQL Server that it's been working on since last April.

The four updates detailed in the advance notice published Thursday will quash bugs in Internet Explorer 7 (IE7); its Exchange mail server software; the Visio application that's part of the Office lineup; and SQL Server. The IE and Exchange vulnerabilities will be labeled "critical," the company's highest threat ranking, while the SQL Server and Visio bugs will be marked as "important," one step lower.

[ Roger Grimes examines security risks for Chrome, IE, Firefox, Opera, and Safari in InfoWorld Test Center's guide to browser security | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Microsoft will release the updates on Feb. 10.

The SQL Server update will fix the vulnerability Microsoft acknowledged in late December 2008, said Andrew Storms, director of security operations at nCircle Network Security Inc. "I did a lineup between the advisory with the affected versions of SQL Server," he said Thursday morning. "It's almost a one-for-one match."

That bug is notable for several reasons. When Microsoft confirmed the vulnerability in a Dec. 22 advisory, it noted that exploit code had been published. Several days later, the company admitted that it first received a report on the bug from Bernhard Mueller of SEC Consult Security, a Vienna-based security consulting company, in April 2008.

Mueller disclosed the bug in early December after he grew tired of Microsoft's silence; he claimed that the company failed to return numerous messages in the two months prior when he asking for an update on the patch's progress.

Some security analysts had expected Microsoft to act faster. In late December, for example, Wolfgang Kandek, chief technology officer at security company Qualys, predicted that Microsoft would deliver a fix "out of band," a term used when patches are issued outside Microsoft's normal once-a-month schedule.

"Three of these are all equally important, at least with the information we have today," Storms said about the IE, Exchange and SQL Server patches. "It all depends on an enterprise's infrastructure."

Companies are always sensitive to Exchange fixes, Storms continued, so the critical fix set for Exchange Server 2000, 2003 and 2007 will be parsed carefully. "Messaging is so important to the enterprise," Storms said, "that they'll want to spend a little extra time making sure the patch works." One plus, he said, is a "Does not require restart" note by Microsoft in Thursday's bulletin.

"That could mean it's not necessarily a giant hole, or that we're just going to get lucky," said Storms. Because they won't have to restart their Exchange servers, IT administrators should be able to deploy the patch more quickly, he said.

"The IE vulnerability has to be something unique to IE7," wagered Storms. According to Microsoft, the critical vulnerability affects only that version of the browser, not IE6 or IE5.01, the latter edition specific to Windows 2000, and the oldest browser that the company still supports with security updates. Storms hesitated to guess what IE7-only issue might be patched. "It could be any number of things," he said. "Could be scripting or the antiphishIng filter."

Microsoft's advance notice reported that the IE7 bug will be rated critical for both Windows XP and Windows Vista, but only "moderate" on Server 2003 and Server 2008.

Microsoft will release February's four updates at approximately 1 p.m. EST Tuesday.

Computerworld is an InfoWorld affiliate.

Bill would bar H-1B hiring at firms receiving bailout money

Financial services firms that receive federal bailout money will be prohibited from hiring H-1B workers if legislation introduced last night in the U.S. Senate wins adoption.

The bill would bar any recipient of the Troubled Assets Relief Program (TARP), the program being used by the government to purchase some $700 billion of bad mortgage assets, from hiring anyone on an H-1B visa. U.S. Sens. Bernie Sanders (I-Vt.) and Chuck Grassley (R-Iowa) introduced the proposal as an amendment to the massive, $800 billion-plus federal stimulus bill, which is separate from the previously approved bank rescue funds.

[ Related: Microsoft layoffs add more fuel to H-1B fire | Keep up on the latest tech news headlines at InfoWorld News, or subscribe to the Today's Headlines newsletter. ]

"I firmly believe that companies going through layoffs that employ H-1B visas (holding workers) have a moral obligation to protect American workers by putting them first during these difficult times," said Sanders, according to an unofficial transcript of his remarks on the Senate floor.

The argument that Sanders raised for including the restriction in the TARP funding is similar to one that Grassley made to Microsoft in his recent letter to CEO Steve Ballmer. After the company announced plans to cut 5,000 jobs, Grassley told Microsoft that it had a "moral obligation" to give job priority to U.S. workers over foreigners with H-1B visas.

It's unclear what impact this legislation will have if adopted. Financial services firms hire H-1B workers directly, but most of their use of visa-holding workers may be through outsourcing contracts with overseas vendors, an issue not addressed in this legislation.

The Associated Press released the results of an investigation this week which found that a dozen banks receiving bailout funds totaling $150 billion requested 21,800 H-1B visas over the last six years. Those H-1B visas were applied for by the banks, and not the visas used by the service providers.

Indian offshore outsourcing firms attribute as much as 40 percent of their revenues from the financial services sector. Offshore companies use workers on H-1B visas to deliver services in the United States, which may also include transferring some of the work overseas.

Moreover, many financial services have built their own centers in India and elsewhere for IT work and business process services, such as call centers.

Computerworld is an InfoWorld affiliate.

Intel now shipping Atom N280 processor

Intel confirmed on Thursday that it's shipping the Atom N280 processor to PC makers, which should bring more performance and improved graphics capabilities to netbooks.

The new single-core Atom processor is paired with a chipset that allows users to watch high-definition content on netbooks while drawing less power. The new GN40 chipset includes a hardware-based high-definition video decoder that allows users to watch 720p HD video content.

[ Stay ahead of advances in hardware technology with InfoWorld's Ahead of the Curve blog and newsletter. ]

Intel originally perceived Atom chips for netbooks to run basic applications like Web surfing and productivity applications. The capability to decode HD video should allow netbooks to better handle streaming video content, said Bill Calder, an Intel spokesman.

Previous Atom chips -- like the Atom N270 with the 945GSE chipset -- do not include hardware-based HD video decoders. Seeing a void, companies like Nvidia released products to improve netbook graphics capabilities. Nvidia's Ion platform allows netbooks to display 1080p content, for example.

The Atom N280 runs at 1.66GHz, a marginal speed increase over the N270, which runs at 1.6GHz. The new processor also has a faster front-side bus that runs at 667MHz. The front-side bus helps connect the CPU to system components. The Intel Atom N280 processor draws about 2.5 watts of power, similar to the N270.

Intel did not disclose pricing of the chip.

The N280 will power Asus' $399 Eee PC 1000HE netbook, which the PC maker claims offers up to 9.5 hours of battery life. No shipping date for the netbook has been announced, though Amazon is taking preorders for the laptop.

Microsoft caves in, will change Windows 7 UAC

Reacting to intense criticism of an important security feature in Windows 7, Microsoft Thursday said it will change the behavior of User Account Control (UAC) in Windows 7's release candidate.

"We are going to deliver two changes to the Release Candidate that well all see," said John DeVaan and Steven Sinofsky, two Microsoft executives responsible for Windows' development, in the second of two posts to the Engineering Windows 7 blog today.

[ Read what InfoWorld's Randall C. Kennedy has to say about the dumbing down of UAC in Windows 7 as well as his other analyses and insights on PC tech in the Enterprise Desktop blog. And download our free Windows performance-monitoring tool. ]

"First, the UAC control panel will run in a high integrity process, which requires elevation," said DeVaan and Sinofsky. "Second, changing the level of the UAC will also prompt for confirmation."

The changes, they said, were prompted by feedback from users, including comments appended to an earlier post Thursday by DeVaan in which he defended the modifications Microsoft made to UAC in Windows 7.

"Our dialog is at that point where many do not feel listened to and also many feel various viewpoints are not well-informed," DeVaan and Sinofsky said in the later blog post. "That's not the dialog we set out to have and we're going to do our best to improve."

The UAC feature, which debuted in 2007 as part of Windows Vista, but was altered to reduce the number of prompts in Windows 7, has been under fire since last week, when two Windows bloggers, Rafael Rivera and Long Zheng, first reported that it could easily be disabled by attackers.

Wednesday, they followed up with more information about how hackers could piggyback on UAC-approved applications to fool Windows 7 into giving a malicious payload full administrative rights.

"This is definitely the result we've been looking for," Long said in a e-mail late Thursday. "[But] I'm a little bit shocked at just how quickly Microsoft has turned around, considering they made a post not 12 hours earlier stating that they would not change their position."

Rivera, Long, and others urged Microsoft to reconsider the default setting of UAC in Windows 7. That default, which DeVaan said Microsoft had selected because people running Windows balked at dealing with more than two security prompts per day, was "Notify me only when programs try to make changes to my computer."

Microsoft, however, won't be taking that tack. Instead, the next public version of Windows 7 -- dubbed "RC" for release candidate -- will prompt the user before allowing any changes to UAC settings. "The way we're going to think about this [is] that the UAC setting is something like a password, and to change your password you need to enter your old password," DeVaan and Sinofsky said Thursday.

Microsoft has not spelled out a Windows 7 RC timetable, but Sinofsky reiterated last week that the development process was moving straight from the public beta, which was launched Jan. 10, to the release candidate. In the past, the company has delivered multiple betas before moving to the RC milestone.

The other change to be implemented in Windows 7 RC will effectively render moot the proof-of-concept attack that Rivera and Long published last week, which silently disables UAC. "That was already in the works before this discussion and doing this prevents all the mechanics around SendKeys and the like from working," DeVaan and Sinofsky said.

They didn't issue an apology for the dust-up, but said Microsoft had erred when deciding how to implement UAC in Windows 7. "We said we thought we were bound to make a mistake in the process of designing and blogging about Windows 7."

"We want to continue the dialog and hopefully everyone recognizes that engineering, perhaps especially engineering Windows 7, is sometimes going to be a lively discussion with a broad spectrum of viewpoints," they said.

One security professional praised Microsoft's move. "This goes back to what beta programs are supposed to provide, feedback from a real audience," said Andrew Storms, director of security operations at nCircle Network Security Inc.

"This was an obvious design flaw, and for them to say they simply weren't going to fix it, that was the real problem," Storms said. "I think they realized that they needed to do something, more over the concern about their reaction than to the vulnerability itself."

Computerworld is an InfoWorld affiliate.

Extreme adds 10Gig switch for data centres

Extreme Networks has joined the push for 10 Gigabit data centre networks. The company has started shipping the Summit X650, a 32-port stackable switch designed to fit in server racks and interconnect either fast servers or Gigabit switches.

The X650 runs the same ExtremeXOS operating system and uses the same stacking technology as its other switches, allowing any combination of 10/100, Gigabit and 10Gig switches to be seamlessly managed together, said Paul Phillips, Extreme's director for UK and Ireland.

[ Keep up on the latest networking news with our Networking Report newsletter. And discover the top-rated IT products as rated by the InfoWorld Test Center. ]

The new switch has SFP+ slots, so as well as short and long-range fibre optic modules it can also support SFP+ Direct Attach modules for relatively low-cost 10Gig copper networking. Intended for short-range applications within the server rack and the data centre, Direct Attach uses twin-axial cables up to 10m long.

Phillips said that up to eight X650 switches can be stacked together as a virtual chassis, for a total of 256 ports. He added though that the main aim is to make it cheaper and simpler to upgrade to a 10Gig core while protecting existing network investments - the new switch runs the same OS as all Extreme's others, so the management is the same.

Early users agreed that they found this interoperability particularly useful. "After testing the Summit X650, we have found that it would be a perfect fit for a number of drop points in our metro area network," said Glen Rutherford, the chief network architect for the US state of North Dakota.

"The Summit X650's ability to seamlessly integrate into our existing Summit X450 and Summit X250 stacks will make our upcoming metro fibre enhancements a much easier task."

Mobile tech 2010: Trends to change our lives

The past two years have been exciting ones for mobility, with the dawn of netbooks, 4G communications and the first smartphones without keypads. The next two should be just as attention-grabbing, if not more so, as a slew of new technologies make workers more productive on the road.

Last year, for the first time, notebooks outsold desktop computers , according to iSuppli Corp., a tech analyst firm, showing that the move to a mobile lifestyle is under way. "It's just the start," observes Steve Kleynhans, a research vice president at Gartner Inc. "2009 and 2010 will be big years for mobility, with major advances coming that will affect what we carry and how we work and play."

[Read InfoWorld's Notes from the netbook revolution. And get the latest on mobile developments with InfoWorld's Mobile Report newsletter.]

I went in search of what the face of mobility might look like in 2010 and came away optimistic that the world will be a better and easier place for mobile workers to get their jobs done. After talking to a dozen analysts, engineers and marketing types - sorry, no fortune tellers - and sifting through a mountain of technical material, it became clear that these advances are just the beginning of what could be the start of a golden age of mobility, where work gets done wherever you might be.

On top of more powerful small notebooks with better batteries and faster data access, there will be high-powered smartphones, as well as two high-speed wireless networks to choose from that will deliver broadband speeds on demand. Here are five areas that may quickly change the face of mobility.

High-class netbooks

The big story in 2008 was the rise of the netbook from a marketing idea to sales of 14 million units, according to Austin-based DisplaySearch's estimate of year-end sales . But while these tiny notebooks work well as a second or third computer, they lack the performance needed for a primary work system.

That will change quickly later this year, when netbooks start shipping with Intel 's dual-core Atom processor. The Model 330 Atom processor has a pair of computational cores -- like the Core 2 Duo chips -- for churning through heavy-duty work. Right now, computer makers are sampling the chip and integrating it into a new generation of netbooks and other products.

"2009 will be the year of the netbook," explains Kleynhans. "They will be small and light enough to take everywhere and just powerful enough for most workers." Adding a second computational core, says Kleynhans, won't double the system's abilities, but the new Atom chip will likely boost overall performance of these small wonders by about 50% and bring them to about the level of mainstream systems. Look for them sometime this summer or fall.

Netbook graphics will be improved as well. Intel is teaming with Nvidia to package its capable GeForce 9400M graphics accelerator (the same being used on Apple's new MacBook Pro notebooks) with the Atom CPUs. The chip combo will take netbooks beyond Web browsing, e-mail and simple applications to handle complex graphics and high-definition video.

Intel will not be alone in boosting netbook performance. Later this year, AMD plans to focus on ultraportable computing with its Athlon Neo family of single- and double-core processors. According to the company, Neo will be packaged with ATI Radeon Avivo video to make quick work of decoding and displaying HD video.

Further out on the technological horizon, Via, the maker of the C7 processor that Hewlett-Packard uses in its Mini-Note 2133 netbook , is redesigning the C7 as a dual-core processor. Called the Via Nano , the processor will likely be available late this year or in early 2010. Its design will likely have something that Intel and AMD aren't offering in this class of processors: full hardware encryption of data for the security-conscious among us.

There's a dark side to this generation of more powerful small notebooks: The new processors will use between 6 and 8 watts of power, about double the level of today's systems. "That cuts into battery life," says Gartner's Kleynhans. "The juice has to come from somewhere."

More aggressive power management could compensate for some of this power shortfall, but it could also require bigger (and heavier) batteries or shorter battery life, potentially defeating the whole idea of a netbook.

Rather than producing cookie-cutter designs that look and act alike, each manufacturer will be forced to make its own decisions and compromises on power, producing a wide variety of netbooks over the next two years. Look for the first high-powered netbooks this summer.

Solid-state storage

The mechanical hard drive that stores data on tiny magnetic dots on a spinning disk is increasingly looking like a relic of the past. Flash memory solid-state drives use less power than conventional hard drives, can read and write data faster, and are nearly indestructible.

"Flash is the future of computing," says Brian Beard, flash product marketing manager at Samsung , which is, according to Beard, the world's largest maker of these memory chips. By 2012, he says, solid-state drives (SSD) could account for as much as 30% of the mobile storage market, with sales of about 10 million flash drives.

The problem is that the first generation of SSD software for reading and writing data merely mimicked hard drives, speeding up notebooks only a little. Hard drives work best when data is kept close together; if data gets fragmented, it requires precious milliseconds to be located. SSDs, on other hand, are so fast that proximity of data doesn't matter. In fact, you want to spread the data out so that all memory cells get roughly equal use and don't wear out.

"The new flash drives will double the performance of older SSDs," explains Samsung's Beard. "It'll be like having the equivalent of a 15,000 rpm hard drive in your notebook."

But don't count out the venerable hard drive just yet -- drive makers are augmenting traditional drives with several gigabytes of flash memory. "Hybrid drives make the most of flash memory," says Joni Clark, product manager at Seagate Technology. "They're nearly as fast as pure flash but are much cheaper." While an SSD can cost five to 10 times as much as a traditional hard drive, a hybrid adds only about $10.

Rather than storing everything in expensive flash memory, these hybrid drives will keep the most-used data close at hand in flash and everything else on a traditional magnetic disk. Hybrids with up to 256MB of cache onboard are available today and can boost performance by about 30%, according to Clark. This will seem like small change in a year or two. Seagate plans to bring out a 4GB hybrid later this year, and 15GB hybrids are on the horizon.

Beyond that, a new technology could transform the way data is stored on hard drives, bringing on the terabyte era. It might be optimistic for the time frame of this story, but heat-assisted magnetic recording (HAMR) could breathe new life into hard drives. The idea is to use a powerful laser along with the drive's traditional magnetic read-write heads to raise a drive's data density and performance.

Either way, it looks like in 2010 we'll have terabyte notebook drives, but we'll have to decide between rotating media hybrids and pure solid-state flash drives.

Better batteries

The next two years hold a lot in store for lithium batteries, which power everything from music players and cell phones to notebooks and cameras. The first big step forward will happen later this year, with the advent of power cells that don't wear out after a couple years of use.

Every lithium battery is basically a small chemical factory that works by trading the chemical energy stored in lithium compounds for electrical energy that powers the system. When it runs out of power, you charge the battery to replenish its supply of chemical energy. This repeated charge-discharge cycle creates layers of oxyhydroxide on the all-important carbon anode where the battery's electricity is collected, choking the cells to death.

Cleaning up a battery's act with an anode of pure carbon helps prevent the creation of these power-sapping layers and prolongs battery life. According to Christina Lampe-Onnerud, CEO of battery maker Boston Power, its Sonata battery design lasts for more than 1,400 charge cycles -- three to four times what conventional batteries are capable of. This translates into four years of daily recharges.

Plus, according to the company, the Sonata can be charged to 40% of its capacity in 10 minutes and 80% in 30 minutes. "The battery can get a quick charge at the airport or waiting for an appointment," says Lampe-Onnerud. "In other words, charge the way you work."

HP plans to offer Boston Power's batteries later this year under the Enviro brand. The batteries are the same size and weight as traditional notebook batteries but will carry a three-year warranty at a time when most batteries are guaranteed for either 90 days or a year.

How long batteries can hold a charge will take a big step forward over the next two years as well. Yi Cui, assistant professor of materials science at Stanford University, has been making battery anodes out of silicon nanowires instead of carbon. Thinner than a human hair, the nanowires last longer and are more efficient than carbon.

"Batteries never run long enough and go dead when you least expect it. My goal is a full-day battery," says Cui. He says he's almost there with test cells that run in the lab for nearly twice as long as conventional batteries. If all goes well, his revolutionary battery could become available in late 2010.

By 2010, mobile power may not even require a battery. As odd as that sounds, notebooks and other devices could be powered by a fuel cells that convert methanol into electricity. A totally different technology than batteries, fuel cells convert a hydrogen-containing fuel into electricity and leave behind only water and carbon dioxide.

Several notebook makers have been hard at work for years refining fuel-cell prototype notebooks, and Panasonic appears to be close to a breakthrough. The company's fuel cell has a projected life span of 10 years and is roughly the size and weight of a traditional battery pack, but it can run for 20 hours on about 5 oz. of methanol.

The best part is that there's no bulky AC adapter to lug around. Plus, when the notebook is out of power, forget about looking around for the AC outlet -- just insert a new fuel tank, and the machine is ready for another 20 hours.

Online everywhere

Imagine having access to about 3MB/sec. of wireless data no matter where you are, and you get an idea of the potential of 4G. It'll not only allow you to download huge presentations, play videos without a hiccup and even do mobile videoconferences, but do several of them at once.

"WiMax is a big win for business," explains Daryl Schoolar , a senior analyst at Scottsdale, Ariz.-based In-Stat. "You'll be able to connect and work on the road as if you were in the office. This technology works, but the challenge is in coverage."

Actually, 4G wireless communications technology has already arrived -- but only if you live or work in Baltimore or Portland, Ore. That's because these cities are the first two places in the U.S. to have service from Clearwire's Clear WiMax wireless network . At the end of 2008, Clearwire took over Xohm's WiMax operation, and it has received investments of $3 billion from tech giants such as Sprint, Intel, Google and others to build the network. It may sound like an enormous pile of cash, but according to Schoolar, it will take at least $5 billion to create a national WiMax network.

"We're close to operations in dozens of other markets," claims Benjamin Wolff, Clearwire's CEO. "It won't happen overnight, but WiMax will happen." This year should bring service to Atlanta, Boston, Chicago, Dallas, Philadelphia and Las Vegas. Wolff says Clearwire's goal is to be able to reach where 80 million people live or work by the start of 2010. By the end of 2010, the network could reach 140 million people.

WiMax may be in the lead in 4G communications, but there's a global competitor on the horizon: Long Term Evolution, or LTE , which offers slightly higher theoretical performance. In the U.S., Verizon, T-Mobile and AT&T are behind LTE, and the technology is being championed by most of the world's GSM and GPRS networks.

"LTE is the network of choice for global carriers," explains Schoolar, "because it is an upgrade of their present technology. This makes it easier to deploy." Look for LTE to become mainstream in most metropolitan areas of Europe and Asia next year. While each network has its own plans and rollout schedule, LTE trials and tests are expected to begin in 2009, with commercial operations possibly starting in 2010. TeliaSonera, Scandinavia's largest mobile phone operator, should be the first with LTE operation in Oslo, late this year or early next.

T-Mobile, which is owned by Deutsche Telekom, has already held LTE trials in Germany but hasn't talked about when it intends to introduce the technology to the U.S. Verizon will be setting up trials and test markets later this year and plans a rollout by the end of the year or in early 2010. Meanwhile, AT&T plans to stick with its present HSDPA infrastructure until the end of 2010, when it will start building a 4G network.

The eventual choice for consumers will not be an easy one: Either get WiMax when it comes to your area but sacrifice using it when you travel internationally, or wait a year or two -- or more -- for LTE.

Smarter smartphones

They may not get much smaller, but smartphones will get smarter over the next two years.

For example, anyone who's been frustrated by the iPhone's lack of a "real" keyboard will love the phone screens coming over the next couple of years. While the current thumb keyboard won't be an endangered species, look for new phone designs that put the emphasis on touch.

The key to making this work is providing positive feedback so that the finger feels something to confirm its action. The BlackBerry Storm and Samsung's Anycall use sound and vibrations to fake the feedback, but they'll pale on comparison to the haptic screens that are on the way.

This idea is not as far out as it might first seem. For example, Nokia recently applied for a patent for its Haptikos Tactile Touch Screen that details a system with a thin, flexible film that goes over a phone's display. Underneath is an array of millions of tiny rods that lift slightly above the screen's surface when a voltage is applied to create anything from a switch to a slider volume control.

Because the rods are electrically connected, they can be tuned to give way quickly for a keypad or slowly for a volume switch. They also can sense pressure, making them very efficient switches that can be arranged anywhere on the screen.

Independent South Korean industrial designer Lukas Koh is joining the party with his futuristic Haptic Phone design. This design has a flexible screen that changes in relation to what you're doing. The interface can go beyond showing just images to actually creating physical buttons on the screen's surface. In other words, buttons rise out of the screen's surface slightly for numbers when dialing, a keyboard when typing or icons when choosing what to do. When you touch them, they depress just like real switches or keys.

Other new technologies will include better phone cameras. This spring, Sony Ericsson will start production on a camera module that will be able to snap 12.3-megapixel images. On a par with point-and-shoot cameras, the Exmor IMX060PQ cell phone camera module can capture ultrasharp 4,040-by-3,032 pixel images, as well as full 1080p HD video. No bigger than a thumbnail, the camera is also the smallest around. Meanwhile, rumor has it that Samsung will announce a 12-megapixel camera phone at the World Mobile Congress later this month.

Sony is also working on a 20-megapixel module for the next generation of photo-ready handsets that should, according to the company, be available to manufacturers sometime in 2010. In fact, Ericsson has stated publicly that by 2012, it wants to have a 20-megapixel camera phone on the market that would snap stills as well as do full HD video and connect to a 100Mbit/sec. wireless network.

Conclusions

Regardless of whether these scenarios come to pass, one thing is for certain: Life on the road will get easier and more fulfilling. It starts with longer-lasting notebooks and netbooks that are powerful enough to get the job done, and a new generation of hard drives that dole out data much quicker. When it's time to download that key file or presentation, 4G networks will be there along with incredibly powerful mobile phones. It seems the hardest thing to do in 2010 might be hiding from work on the road.

Removing admin rights stymies 92% of Microsoft's bugs

Nine of out 10 critical bugs reported by Microsoft last year could have been made moot, or at least made less dangerous, if people ran Windows without administrative rights, a developer of enterprise rights management software claimed Tuesday.

BeyondTrust Corp., which touts its Privilege Manager as a way for companies to lock down PCs, tallied the individual vulnerabilities that Microsoft disclosed in 2008, then examined each accompanying security bulletin. If the bulletin's "Mitigating Factors" section, the part that spells out how to lessen the risk of attack or eliminate it entirely, said that users with fewer rights "could be less impacted than users who operate with administrative rights," BeyondTrust counted the bug.

[Learn about Microsoft's forthcoming OS in InfoWorld's Special Report: Early look at WIndows 7. ]

The vast majority of critical Microsoft vulnerabilities -- 92% of them -- could have been mitigated by stripping users of administrative rights, said John Moyer, the CEO of BeyondTrust. "This speaks to what enterprises should be doing," Moyer said. "Clearly, eliminating administrative rights can close the window of opportunity of attack."

Of the 154 bugs published and patched by Microsoft in 2008, critical or not, 69% would have been blocked or their impact reduced by configuring users to run without administrative rights, said the company.

When BeyondTrust looked at the vulnerabilities patched for Microsoft's browser, Internet Explorer (IE), and its application suite, Office, it found that 89% of the former and 94% of the latter could have been stymied by denying users administrative privileges.

"We were surprised to see how large the number was," said Scott McCarley , the company's director of marketing. "It really drives home how critical a role [rights] play."

Microsoft's approach to user rights has been a matter of debate of late. Last week, a pair of bloggers posted proof-of-concept code that demonstrated how attackers could disable Windows 7's revamped User Account Control (UAC) . UAC, a security feature that debuted in 2007 with Windows Vista, prompts users for their consent before Windows allows tasks such as program installations to continue.

"That proof-of-concept illustrates how important it is that users log in as a standard user, not as administrative users," said McCarley. Only users running Windows with administrative rights are vulnerable to the attack.

Microsoft has refused to call the Windows 7 UAC issue a security bug, and instead has insisted that the behavior exploited by the malicious script is by design.

SAP launches Business Suite 7

SAP launched Business Suite 7 on Wednesday, pitching the software as a more flexible and cost-effective option amid lean economic times.

The new suite includes more than 150 new functional innovations" that span the gamut from areas like CRM (customer relationship management) and SCM (supply chain management) to industry-specific applications. It also continues SAP's emerging "enhancement package" strategy, which allows users to add functionality they want without the pain of a full upgrade.

[SAP applications rival Oracle took aim at Salesforce.com with an on-demand CRM update last week.]

Business Suite 7 is a major watershed for SAP, as it aligns the vendor's various modules for the first time on a single underlying platform, according Forrester Research analyst Ray Wang.

SAP "had to" do this, Wang said.

"People have had this perception that it's this one integrated system, but the reality is the [system integrators] have been tying all these [modules] together, making them work," he said.

SAP move is also meant to lure customers on older SAP systems, such as R/3, to adopt its NetWeaver platform, which is required for Business Suite 7, Wang added.

SAP will reveal more about the release, which also features improved user interfaces and blends in BI (business intelligence) functionality acquired through the company's acquisition of Business Objects, during an event Wednesday in New York City.

Citrix bolsters XenDesktop user experience

Citrix is adding features to cut the cost of desktop virtualization and improve the user experience in the new version of its XenDesktop platform, it said on Wednesday.

In XenDesktop 3, Citrix is introducing a new way to deliver desktops. Using the Desktop Streaming feature companies will be able to stream the bits needed to execute the operating system from a server to the endpoint over their LAN.

[Also in desktop virtualization news this week, VMware details the open source Open View Client. | Read InfoWorld's story "10 virtualization vendors to watch in 2009." Then tune into David Marshall's Virtualization Report podcast. ]

So, for example, power users can take advantage of the processing power on the desktop, but the IT department can still manage everything centrally in the data center, according to Calvin Hsu, director of product marketing at Citrix.

"This works best if you either have a fairly high-powered thin client or a number of standardized PCs at the endpoint," he said.

When using Desktop Streaming, companies should aim for as little hardware differentiation as possible, because when you stream the desktop image it actually has driver information and hardware configuration information in it, according to Hsu.

"Fewer variables means more users can leverage a single image of that desktop," said Hsu.

The setup also means that you need fewer servers in the datacenter, because the desktop is executed on the endpoint and not on the server.

Desktop Streaming will be part of the Advanced, Enterprise and Platinum Editions of XenDesktop 3, which will start shipping by the end of February. The three versions cost US$195, $295 and $395 per concurrent user, repectively. There will be two versions without Desktop Streaming: Standard, at $75 per concurrent user, and Express, which is free.

In XenDesktop 3 Citrix has also improved the single-server scalability for companies that still want to execute desktops on the server. Citrix can now run twice as many virtual desktops on each server. "You can run 50 to 55 desktops per single server, using a dual quad-core type of configuration," said Hsu.

On the administration side Citrix has integrated profile management, using technology it acquired from Sepago last year. Portable Profile Manager can be used to build desktops that feel personal to the user, but are based on standardized components.

"It makes the personalization more reliable and streamlines the profile itself," said Hsu.

In a bid to further widen the number of users that can use desktop virtualization Citrix is also adding multimedia capabilities to XenDesktop. Rather than rendering the multimedia, the server pushes the compressed data stream to the endpoint and then the endpoint renders it, according to Hsu.

"Most thin clients today will have media players built in to it, but effectively you just need the proper codec on the endpoint," he said.

Improving the user experience is key if desktop virtualization is to take off. "There is very little chance of virtual desktops going mainstream, and being adopted in a broad way, unless you have that user experience right," said Hsu.

Last week, Citrix invested in Virtual Computer, a startup that makes OS provisioning, publishing and patching software known as NxTop.

Google tool lets you track your friends

Not content with indexing the world's information, Google is now tracking where users of its maps service are, and making that location data searchable by others.

The tracking feature, called Latitude, will appear on compatible mobile devices in a new version of Google Maps, version 3.0.0. It can also be added as a gadget on iGoogle, the company's personalizable home page service.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Tracking people's movements is sure to raise concerns about privacy, but "everything about Latitude is opt-in," according to Vic Gundotra, vice-president of engineering with Google's mobile team, writing on the company's official blog.

The service will indicate users' locations with a small photo icon superimposed on a map. It is initially available for the BlackBerry and devices running Nokia's S60 or Microsoft's Windows Mobile software. An Android version will follow in a few days, said Gundotra, and he expects an iPhone version will follow "very soon."

To begin sharing your location, you must either sign up for the Latitude service or accept an invitation to view the location of someone already using it.

Latitude's help pages describe the fine-grained control the service allows over who sees what, and when. For each friend with whom you choose to share information, you can give your precise location, the name of the city only, or no information at all.

Latitude can automatically detect your location if you're using it on a compatible smartphone -- but it's also possible to lie about where you are, by manually setting your location on a map.

Green Grid plans "Data Center 2.0" design guide

The Green Grid consortium will announce plans Wednesday to create a "top-to-bottom" design guide for building energy-efficient data centers, as well as new metrics for estimating data center productivity.

The plans will be discussed at Green Grid's second annual conference in San Jose, California, where the consortium will also provide some advice about how to use its PUE (Power Usage Effectiveness) metric introduced last year, which provides a way to measure data center efficiency.

[ Keep up on green IT trends with InfoWorld's Sustainable IT blog and Green Tech newsletter. ]

The consortium's members are mostly IT vendors but also include some end-user companies, such as The Walt Disney Co. and eBay. It was set up two years ago to produce tools, metrics and educational resources to help solve the problem of escalating power consumption in data centers.

The "Data Center 2.0" design guide will offer ways to minimize energy use for both new facilities and those being retrofitted, said Mark Monroe, a Green Grid board member and the director of sustainable computing for Sun Microsystems. The first release will be out in about a year, he said.

"It's meant as an end-to-end guide, from the IT equipment all the way through to the facility infrastructure that supports it, and as a top-to-bottom guide, from measurement and management through to operations and how you run the data center," Monroe said.

There is already a plethora of documentation devoted to reducing energy use in data centers. The Green Grid says there remains a need for a "single authoritative source" that looks at data centers holistically.

It was the Green Grid that came up last year with the PUE ratio, which provides a way to measure overall data center efficiency and has been used by Microsoft and Google to show off the efficiency of their most state of the art data centers.

It can be hard for everyday companies to know what sort of PUE ratio they should aim for or how to measure it, so the consortium will also release a paper in the coming months that tells them just that, said John Tuccillo, another Green Grid board member and the vice president for global industry and government alliances with American Power Conversion.

The consortium will also propose methods for measuring the "useful work" performed by data centers. All these metrics are important, proponents say, because businesses can't set accurate targets for energy efficiency if they don't know how efficient their data centers are to start with. "You can't manage what you can't measure," is a refrain commonly heard at these conferences.

The U.S. Environmental Protection Agency has estimated that data centers accounted for 1.5 percent of the nation's electricity consumption in 2006, and it said that figure could double by 2011. Many companies are facing energy problems in their data centers, as powerful modern servers and the shift to doing business online stretches their power and cooling capacities.

FBI warns of money mule scams

The job looks pretty good at first blush: "Become our partner and earn $2,000 or more!"

All you have to do is send a résumé with some personal information to a company in Russia. They, in turn, ask you to set up a checking account that soon starts filling with cash. You take the money to Western Union and wire it to your new employer, keeping 5 percent and 10 percent for yourself. Easy money, right?

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Except that it's illegal money laundering, called "money muleing" by the security industry. The incoming checks are fakes, or else the cash is stolen from hacked online bank accounts.

The U.S. Federal Bureau of Investigation (FBI) warned Wednesday that its Internet Crime Complaint Center (IC3) has been receiving "numerous complaints" from people who have become unwitting victims to these work-from-home scams.

"Work-at-home schemes attract otherwise innocent individuals, causing them to become part of criminal schemes without realizing they are engaging in illegal behavior," the FBI said. The IC3 is run jointly by the FBI, the National White Collar Crime Center and the Bureau of Justice Assistance.

In other, similar scams, victims may be asked to reship products that have been purchased with stolen credit cards, or to act as "mystery shoppers," cashing bogus checks and wiring the funds offshore.

Once they've handed over their information to scammers, however, the mules often become victims of identity theft themselves, authorities warn.

With a worsening economic situation, scammers may be looking for new ways to take advantage of the growing ranks of the unemployed. McAfee has been tracking these scams for years, and has long seen the scammers reach victims with spam or with ads on job sites. Recently, however, there's been an uptick in money muleing pitches, which are sent out via spam or phoney job postings, said Dave Marcus, director of security research and communications with McAfee’s Avert Labs.

"I think a lot of people are unwittingly coming across them though job searches through Google," he said. "We've seen a huge growth in this."

The prevalence of these fake job ads is up 345 percent over the past three years, according to the most recent data from the U.K.'s Association for Payment Clearing Services, which tracks this activity.

The Web sites recruiting the mules have also become slicker and more believable, Marcus said. "I think they've upped their professionalism," he said. "It's kind of analogous to the way spammers have upped their game professionally."

Although the Internet Crime Complaint Center, which acts as a clearinghouse for data on cybercrime, hasn't spotted a statistical uptick in Internet crime linked to the global recession, it's seen anecdotal evidence of this happening, said IC3 spokesman Craig Butterworth. "Whenever there is a downturn in the economy, it exposes certain vulnerabilities in our society."

New Firefox release fixes critical security bugs

Mozilla developers released the latest version of their Firefox browser Tuesday, version 3.0.6, which fixes several security bugs in the software.

The most critical issues are bugs in the browser's JavaScript and layout engines that could be exploited by attackers to run unauthorized software on a victim's PC, Mozilla said. The flaws also affect Mozilla's Thunderbird e-mail client and SeaMonkey Internet software suite.

[Read InfoWorld's Test Center guide to browser security to learn which of the popular browsers is safest. Or see How secure is Firefox?]

The update, Firefox's first of the year, also fixes five other security bugs in the browser, all of which are considered less critical.

The update includes some other performance and stability improvements, including new code that will help scripted commands, such as those used by Adblock Plus, to work better with plug-ins, and addresses a few display issues reported by users.

Intel delays Itanium upgrade to add new capabilities

Intel on Tuesday said it has delayed the release of the quad-core Tukwila chip, its next-generation 64-bit Itanium processor designed for use in enterprise servers.

The chip maker will now release Tukwila around the middle of this year, Intel officials said. The chip was due for release early this year, but Intel delayed it to add new capabilities to keep the chip in line with future technology advancements.

[ Stay ahead of advances in hardware technology with InfoWorld's Ahead of the Curve blog and newsletter. ]"

"[Tukwila] is very healthy, [the delay is] not due to the product not being healthy," said Susan Tauzer, server marketing director at Intel. "We updated the schedule based on adding a couple of end-user benefits and engineering capabilities," Tauzer said.

Intel plans to add a new memory technology that can speed up server performance and provide backward-socket compatibility for future Itanium chips as it readies the Tukwila platform.

Intel is making the Tukwila socket backward-compatible for a future generation of Itanium CPUs, Tauzer said. Intel plans to follow up Tukwila with the Poulson and Kittson platforms, and chips from those platforms will plug into sockets designed for the Tukwila chip.

The company is also adding a new memory capability that takes advantage of the emerging DDR3 (double data rate, third generation) memory standard. Compared to current DDR2 memory, DDR3 allows information from the memory to be communicated to a CPU faster, which could translate to better server performance.

The new memory capability, called scalable buffer memory, can overcome traditional server memory limitations and pack additional memory capacity without adding new hardware. Sitting as an on-board component between the CPU and DDR3 memory, the technology manipulates communication channels to expand memory capacity and overcome limitations to the amount of memory that can fit in servers.

"As you look into the mission critical space, where higher capacities and bandwidths come into play, now you're implementing this solid component on board that's allowing you higher bandwidth and more capacities than what you would have had," said Rajesh Agny, marketing manager of the mission critical platform at Intel.

The new capabilities represent an implementation of future technologies that could be in multiple Itanium architectures going into the next decade, Tauzer said.

The Tukwila processor, announced in 2007, doubles the performance of Intel's current Itanium 9100 dual-core processors. The chip has about 2 billion transistors and includes 30MB of on-cache memory. Intel last year revealed the chip to run at 2GHz and said it would include dual-integrated memory controllers.

It also includes QuickPath Interconnect (QPI) technology, which integrates a memory controller and provides a faster pipe for the CPU to communicate with other system components.

The chip will be manufactured using the 65-nanometer process technology. Intel will skip the 45-nanometer process and jump to the 32-nanometer process for the Tukwila processor upgrade, code-named Poulson. Intel officials could not provide a timeframe for the release of Poulson. Poulson will be followed by Kittson.

Tukwila is targeted at servers running enterprise applications, so Intel is including RAS (reliability, availability, and serviceability) features to reduce data corruption and ensure reliable system performance. Advanced RAS features correct errors that may occur when data is being crunched on a processor.

Verizon helps businesses launch conferencing

Verizon Business is giving enterprise employees more ways to get into virtual meetings quickly and easily.

Starting Wednesday, the service provider will let customers instantly set up or join audioconferences and collaboration sessions through IBM Lotus Sametime and Notes, and Cisco Jabber XCP. Similar capabilities for Microsoft Office Communicator 2007 will come later, probably within two months, according to Verizon Business.

[ Keep up on the latest tech news headlines at InfoWorld News, or subscribe to the Today's Headlines newsletter. ]

Verizon Business supports audioconferences, as well as Web conferences using Microsoft Live Meeting and Cisco WebEx, for its enterprise customers. The new features are designed to make meetings more spontaneous, to keep up with office workers' demands for more remote collaboration, said Bill Versen, director of global unified communications and collaboration at Verizon Business.

Verizon Business customers with Microsoft Outlook e-mail can already set up links for immediate entry to conferences. For example, after users get a confirmation e-mail for a scheduled conference call in Outlook, they can each click on a button in the e-mail to enter the call, Versen said. The button makes the user's desk phone ring, so they can pick it up and get into the conference call without a call-in number or access code, he said.

The same thing is possible in Outlook to get into Microsoft Live Meeting and Cisco WebEx sessions, Versen said. An Outlook confirmation e-mail can contain a Web link to the session, which users can click on to enter. Live Meeting and WebEx conferences include sharing of applications and desktops.

Now, Verizon Business is announcing the expansion of that capability to instant messaging platforms, as well as to the Notes e-mail and calendaring software. In Sametime, Jabber and Microsoft Office Communicator 2007, colleagues will be able to instantly escalate chat sessions to voice calls and to set up Web conferences. Verizon has already offered this feature in Microsoft Office Live Communications Server 2005 but is now bringing it to Microsoft's latest unified communications software.

When one user escalates a chat session, the other participants will each get a link to click on. If an employee works in different locations, such as at home and the office, both numbers can appear in a pull-down menu from which the employee can pick the number to get called on, Versen said.

Jabber support became available late last year. For the Lotus products, the new capabilities are available in the U.S. immediately, and elsewhere probably within two months, after export approval. The updated Microsoft support will become available after export approval, Versen said. The new features will be free for Verizon Business customers with the relevant software and services.

T-Mobile issues firmware update for G1

T-Mobile began pushing out an update that adds a couple of new features and fixes some glitches in the G1, its phone that runs Google's Android software.

The most notable new capability is voice search. Once G1 users get the firmware update, they'll notice an icon for a microphone in the Google search bar on the home screen. When users hit the button they'll hear a "speak now" prompt, after which they can say their query, said Jeff Hamilton, a software engineer for Android, in a blog post.

[ Read InfoWorld's take on Web apps for smartphones: the cross-platofrm option, or this story on how to turn smartphones into desktops on the go. ]

If voice search doesn't properly interpret the query, users will be able to hit a "down" arrow next to the search box to find other suggestions, one of which might be correct, he said. G1 users will also be able to dial phone numbers and search in their contacts lists using voice commands.

The voice command capability follows the introduction of Google's voice search application for the iPhone in November.

Another minor addition with the Android update is the ability to save attachments sent via MMS. Users will also start seeing notifications when new software updates are available, including for applications in the Android Market. Phone users will also be able to report offensive comments in the Market as spam.

The update fixes a few glitches as well, such as one that automatically ended an instant messaging session when users turned their Wi-Fi connection on or off. Another glitch caused reminders for calendar items not to be delivered.

T-Mobile started pushing the update out Monday and expects all customers to receive it in two weeks.

On a T-Mobile Forum hosted by the operator, an administrator said the update is not related to "cupcake," the name of another update that will include a wider range of new capabilities and bug fixes.

Computer deals made for a downturn

Times may be tough, but there are good deals on computers out there if you know where to look.

Take Apple's MacBook Air, for example. These nice-looking, thin laptops start at US$1,799 with a 1.6GHz Intel Core 2 Duo processor, 13.3-inch screen, 120GB hard disk, and 2GB of RAM. That would be expensive in a good economy, but there's a cheaper option that's available.

[ Discover the key Mac and Apple tech trends for business users. Read InfoWorld's Enterprise Mac blog and newsletter. ]

Apple also sells refurbished models of the MacBook Air for $999 with a 1.6GHz Core 2 Duo processor, an 80GB hard disk, and 2GB of RAM.

The refurbished laptops are units that have been returned to Apple, which then replaces any problem parts, cleans them up, and tests them before offering them for resale. Unlike other PC makers that offer limited warranties on refurbished computers, the refurbished MacBook Air comes with Apple's standard one-year laptop warranty that can be extended for up to three years with the $249 AppleCare Protection Plan.

Another good option for thrifty shoppers are the crop of small laptops based on Intel's Atom processor.

The Atom chips aren't as good with heavy multimedia tasks, but they have more than enough power for Web surfing and e-mail. Prices on these machines, called netbooks, can range from a few hundred dollars to nearly $1,000, depending on how they're equipped. Resist the urge to go for the more expensive models, and look for models with more basic specifications.

Some of the best netbook deals can be found on Amazon.com, where you can buy a basic version of Acer's Aspire One, arguably the nicest of the netbook crop, for $259.

At that price, you get a 1.6GHz Atom N270 processor, 1GB of RAM, an 8GB solid-state drive, 9-inch screen, a 3-cell battery, and Windows XP Home Edition. The laptop also comes with an 8GB removable SD (secure digital) memory card to boost the laptop's total storage capacity to 16GB.

If you're looking for a laptop for the kids, Amazon.com also sells CTL's 2goPC for $257. These laptops are the consumer version of Intel's second-generation Classmate PC, produced under contract for the chip maker and shipped to smaller computer sellers, like CTL, to be sold under their brand names.

Like all Classmate PCs, the 2goPC was designed for kids and has a chunky design that can withstand being dropped or drinks spilled on the keyboard. They have a 9-inch screen and a keyboard that most adults will find too small, but the smaller keys suit kids just fine. The laptops have a 900MHz Celeron-M processor, a 40GB hard disk, 512MB of RAM, a 4-cell battery, and run Windows XP -- more than enough power for basic computer tasks.

New Garmin-Asus smartphones to take many OSs

GPS (global positioning system) device maker Garmin plans to combine its talents with Asustek Computer's mobile phone division to create a new smartphone brand, Garmin-Asus.

The new venture is considering offering smartphones with operating systems (OSs) from many providers, including Microsoft Windows Mobile, Linux and Google's Android, said Jonney Shih, chairman of Asustek, at a news conference in Taipei.

[ Read InfoWorld's take on Web apps for smartphones: the cross-platform option. Or learn about how to turn smartphones into desktops on the go. ]

Garmin-Asus will compete against popular devices such as the iPhone and T-Mobile's G1 Android-based handset by specializing in location-based services (LBS), executives from both companies said.

They plan to deliver their first co-branded product in the first half of 2009, the Garmin-Asus Nuvifone G60, which will be a refresh of the original Nuvifone G60 that Garmin commissioned Asustek to build last year.

A new Garmin-Asus mobile handset will be announced at the Mobile World Congress in Barcelona later this month. It will likely launch globally in 2010, said Shih.

"We worked with Asustek on an ODM (original design manufacturing) basis for the Garmin Nuvifone G60 and that made us comfortable enough to look into a venture such as [Garmin-Asus]," said Min Kao, chairman of Garmin, at the news conference.

Asustek has been making mobile phones since 2001 and has launched several smartphones, mainly with Linux or Microsoft Windows OSs.

The company's entire mobile phone efforts, including research and design teams, will now exclusively create products and work under the Garmin-Asus name, said Shih. Asustek will phase out its own-brand mobile phones.

The two companies did not define the extent of their Garmin-Asus alliance, but it's clear they will move forward together in smartphones in the future.

When asked how the companies plan to compete against an impressive array of smartphone rivals, they said a focus on location-based services will be different than music phones, search, e-mail, and other specialties of their rivals.

"This is an LBS-focused smartphone venture, that's different than anything out now," said Kao.

Location-based services from Garmin-Asus will include maps that display a variety of information including friends' houses along with destinations. Information delivered to users will include details relevant to their location and destination, such as traffic conditions, movie times and more.

Garmin has worked on location-based devices for years, including for boats, airplanes, cars and outdoors products. The company's auto-based devices are among the most popular in the U.S.

The companies also eschewed suggestions that launching a new brand amid an economic downturn may be a bad idea.

"During tough times we need even more differentiated products, even more exciting products," said Shih.

Surprise! Tech is a safe career choice today

The once rock-steady tech job has been battered by ferocious waves lately: a dot-com bust, offshoring, outsourcing, H-1B replacements, cost-cutting, and now layoffs resulting from the global economic crisis. Weary tech veterans also lament tough working conditions, citing everything from ridiculously excessive hours to ignorant managers to zero opportunities for advancement. So it's no surprise that very few college-bound teenagers dream of toiling their lives away in a cubicle staring at a computer screen.

Yet, in the current tough U.S. job market, a tech career is actually one of the safest ones to have. Tech is still a good profession with decent pay and relatively solid job security. "The reality is there's still a very healthy job sector in information technology," says Mehran Sahami, an associate professor of computer sciences at Stanford University.

[ Learn more about how the financial crisis is affecting IT and the high-tech industry, plus what IT can do to help, in InfoWorld's special report. ]

Tech's poor image, though, continues to blind young people from seeing the bright side. Tapping America's Potential, a coalition of businesses working toward doubling the number of students earning bachelor's degrees in science, technology, engineering, and math, also known as STEM areas, reported last summer that it's already falling behind in that goal after only three years.

"If more people were aware of how strong the demand is in computing, I think there would be a healthier pipeline of students," Sahami says. But "there's been a little too much hype around offshoring and outsourcing, which has scared some people away."

The situation is becoming so dire that the National Science Foundation began shifting its focus from research to swaying high school students toward STEM. "That's an absolute fact," says Roger Norton, dean of the School of Computer Science and Mathematics at Marist College in Poughkeepsie, N.Y. "There truly will be a major shortage, in terms of graduating students in areas of computers and technology, to meet the needs of the companies out there."

Before the dot-com bust in the early 2000s, colleges enjoyed record enrollment in their computer science and other IT-related programs. But in the years following the bust, colleges across the nation reported that enrollments had fallen by 50 percent. Enthusiasm about a future tech career hit an all-time low about five years ago during the peak of the offshore outsourcing uproar.

Worse, this downward spiral is a self-perpetuating phenomenon. The skills shortage lies at the heart of the H-1B controversy, which in turn discourages more young people from joining the tech ranks. For example, Microsoft chairman Bill Gates has argued that the United States is not graduating enough science and engineering majors to fill the future tech workforce needs, which is why he has lobbied Congress to increase the number of H-1B visas issued to fill in the gap with foreign workers.

College kids march slowly toward tech careers
There's hope that today's teenagers are rethinking the tech-job stereotype. Lately, enrollment in college STEM programs has seen an uptick. Stanford computer science grads are recruited heavily by Silicon Valley tech companies willing to pay top dollar, so it's not surprising that Stanford is seeing an increase in student interest in computing-related studies. But STEM grads from other colleges are doing just fine, too. For instance, Marist College has seen enrollment rise at both of its tech-focused programs, computer science and information technology and systems (ITS).

Whereas computer science grads often become software developers, ITS grads choose from a range of IT topics such as networking, e-commerce, systems analysis, project management, security, and database systems. "Our ITS students are probably more highly sought after than the straight computer science students," says Marist College's Norton. "ITS students, especially those with enterprise computing in their résumés, will get a half-dozen job offers."

Colleges are doing their part to attract more students. Marist College, for instance, is bringing down interesting technology courses, such as artificial intelligence and social networking, from the upper levels to the freshmen class. These courses will market technology at a time when students are deciding what to do with their lives.

Meanwhile, Stanford rolled out a new computer sciences curriculum last fall that's chock-full of courses linking technology with other fields of study. In computational biology, for instance, technologists work with biologists to figure out how computers can better analyze data from experiments. "There's a real social aspect," says Sahami. "There's an image problem in computer science right now that all you do is sit in a cube and program all day."

San Jose State University in California offers three majors for students in tech: computer science in the College of Science, management information systems in the College of Business, and industrial technology in the College of Engineering. "Enrollment has been very stable," says Susan Rockwell, assistant director at San Jose State University's career center. "We're seeing in the career center and with employers coming to our job fairs that there's still lots of interest in our graduates."

Despite layoffs, tech jobs are still pretty stable
The truth is that tech jobs continually beat the national unemployment average, offering a sign of stability in a tumultuous job market. According to the U.S. Bureau of Labor Statistics, it was a very tough overall job market late last year: The average national unemployment rate for the fourth quarter rose to 6.1 percent (with a December high of 7.2 percent). Still, tech workers posted some of the lowest unemployment rates in the country:
* Computer software engineers: 1.9 percent
* Computer support specialists: 2.2 percent
* Computer and information systems managers: 2.7 percent
* Computer scientists and systems analysts: 3 percent
* Network and computer systems administrators: 3.5 percent
* Network systems and data communications analysts: 3.6 percent
* Database administrators: 5.4 percent
* Computer programmers: 6.1 percent

The tech sector actually added more jobs during one of these months, compared to the vast majority of employment sectors that lost jobs.

Salaries among tech workers remain surprisingly strong. A survey of 19,000 tech workers conducted by Dice, a career site for technology and engineering professionals, showed a spike in salaries late last year with the recession in full throttle: a 4.6 percent increase in average pay from the previous year to $78,035. (However, a recent survey of 22,550 IT professionals by Foote Partners found salaries slipped for the first time since 2004.)

The salary news is good for college grads, too. The National Association of Colleges and Employers found that the average salary offer made to computer and information sciences graduates was up from $51,992 for the class of 2007 to $58,677 for the class of 2008, a 12.9 percent increase. The average salary for computer engineering graduates increased 7.8 percent to $60,280.

Nevertheless, young people remain skeptical of pursuing a tech career when they hear about slashed IT budgets and layoffs. Will money really be available with shrinking IT budgets? The reality is that IT resources aren't going away. Gartner surveyed more than 1,500 CIOs through December 2008 to find out how they're rising to the financial challenges of 2009. The key finding is that IT budgets largely will remain flat, although resources may be shifted around.

An IT career is better than most, but still has risks
Talk of job stability and decent salary does little to comfort the laid-off tech worker. And there are many of them out there. No doubt they're telling young people to stay away from miserable tech careers -- unfortunately, there's some truth to their words.

Layoffs are common even in the tech sector. Earlier this month, Microsoft said it will slash up to 5,000 jobs over the next 18 months. Intel said it will cut up to 6,000 manufacturing jobs. Wall Street tech workers were laid off during the financial crisis. Such public harbingers rightfully add to young peoples' fears.

Many tech workers continue to be laid off when big projects they're working on get cut. The Gartner survey showed that when long-term projects are on the chopping block, their resources reallocated to short-term projects. While the Gartner survey didn't ask about staff reductions, IT staff represents about a third of the budget -- "and, in some regards, it's the easiest part to change," says analyst Mark McDonald.

Even though the tech job market is better than most, competition for jobs today is also heating up. "Up until the second half of last year, our business did pretty well," says Dave Willmer, executive director at staffing firm Robert Half Technology. Although he remains bullish on the tech career, especially given a looming talent shortage, Willmer admits, "we've got more people applying for fewer jobs today."

For people in those jobs already, many speak of desperation. One tech consultant in finance said top-tier tech workers on Wall Street were forced to take lesser jobs elsewhere, which amounted to a 40 percent pay cut. Grumblings among the tech ranks is getting louder. They complain about ignorant manager wielding the threat of layoffs like a whip, and veteran peers being forced out and replaced by less-capable and cheaper foreign workers.

Wanna future in tech? Play it smart
All of these issues and more await some future tech workers. But there are ways to hedge your bets and avoid some of these woeful situations. Not all tech jobs are created equal, so you'll want to position yourself in favor of the trends -- that is, seek out hot IT jobs, as well as recession-proof ones.

Some IT projects are being cut in favor of other ones, and so it's good to know what's hot and what's not. Foote Partners survey found "urgent demand for talent" in three technical areas: management/methodology/process, database, and messaging/communication. The areas to avoid: application development, SAP and other enterprise applications, operating systems, Web and e-commerce, and systems networking.

Gartner's McDonald agrees that companies are focusing on tuning internal processes with quick returns on investment while shunning big projects. Many CIOs are concentrating on only a couple of projects per quarter that deliver results quickly, such as retiring old systems, consolidating duplicate CRM or reporting systems, and changing the cost structure within IT processes.

Offshoring and outsourcing have led to many tech workers losing their jobs, but there are ways to plan an IT career around them -- that is, you'll want to outsource-proof your career. Marist College's Norton regularly fields questions from parents of students concerned about the threat of offshoring. Norton admits offshoring poses a real risk to rank-and-file computer programmers, but not so much to high-level ones.

"I always tell my computer scientists, 'Don't become simply a low-level programmer, you need to become a software engineer,'" Norton says. The thinking goes that vanilla programming can be done anywhere in the world, but the world comes to the smartest software engineers. Indeed, the federal Bureau of Labor Statistics reported computer programmers had one of the highest unemployment rates (6.1 percent) among tech workers, yet computer software engineers had one of the lowest rates (1.9 percent).

It used to be true that tech workers could stave off offshoring and outsourcing because their jobs centered on managing and supporting a physical IT infrastructure. In other words, they had to be onsite. But times are changing. "The difficulty with these [onsite] positions is that there's a lot of visa-based resources that are also qualified or overqualified for these positions, and many of them can be done remotely," says Jeff Gaines, lecturer of management information systems in the college of business at San Jose State University.

Gaines advises his students to aim higher than the typical technical fare and target jobs such as project management, process design, system definition and design, and quality assurance. "Business analysis and systems analysis jobs are really the target," Gaines says. "Because our students have a business degree, which includes a background in IT concepts, they are suited to work in the IT or business side."

Sunday, February 8, 2009

IT News HeadLines (InfoWorld) 08/02/2009

No comments: