Windows 7 beta ready to go

Windows 7 is going into public beta, Microsoft head Steve Ballmer announced at the Consumer Electronics Show in Las Vegas late on Wednesday.

The first beta version of the successor to Windows Vista is immediately available as a downloadable disk image to MSDN, TechBeta, and TechNet subscribers, while the general public will get to test-drive the new operating system starting Friday.

Windows 7 is expected to hit shelves toward the end of this year or the start of 2010, according to Microsoft's broad roadmap for operating system releases, which specifies a three-year gap between releases. The new OS first made an appearance in October, when a "pre-beta" version was given to attendees of Microsoft's Professional Developer Conference (PDC) 2008.



Windows 7 looks like Vista but is more suited to multitouch interaction with the PC.

(Credit: ZDNet UK)
Prior to Ballmer's Wednesday announcement, ZDNet UK talked to Microsoft's UK Windows chief, John Curran, in London. Curran, who called the beta release "feature-complete," said Windows 7 would appeal to business users and IT professionals because of its enhanced security and because the new OS does not require new hardware investments above those required by Vista.

"(The encryption feature) BitLocker was a key enhancement in Vista, but Windows 7 takes that a step further," Curran said. "BitLocker To Go is the new feature. If you take a traditional USB drive and then turn on BitLocker, you can either put in a password or lock (the USB drive) using a smart card."

A USB drive encrypted using BitLocker To Go will be usable on a PC running Windows 7, Vista, or XP--although an XP machine will only be able to read the drive after downloading software to allow this.

"Any hardware that runs Vista, you can have confidence it will run Windows 7 the same or better without a hardware upgrade," Curran said. He also claimed that, as the new OS is "fundamentally built on Vista," most Vista-compatible applications will also be compatible with Windows 7. The exceptions would be applications that are highly operating-system-specific, such as antivirus or file-management software.

Curran described Windows 7 as "designed and optimized for the mobile PC, whether it is a Netbook or a laptop", and claimed the new OS would work even on current Netbooks such as those using a 1.6GHz Intel Atom CPU.

A key feature for business users, Curran said, would be DirectAccess. This feature, also included in Windows Server 2008 R2, lets mobile workers access their corporate networks without the need for a VPN. It also lets IT professionals remotely manage laptops, even if the machines are too small to allow for the incorporation of a smart card reader.

Curran also said power-management enhancements in Windows 7 made the operating system suited to mobile computing. "Windows 7 does some clever things in terms of power management," he said. "The screen automatically dims after 30 seconds (of disuse) but, if you flick the touch pad with your finger to keep (the PC) awake, it will wait longer until the next time it auto-dims. It will adjust its behavior according to your needs."

It is not yet clear how many sleep modes will be included in Windows 7--many saw the number in Vista as too great and too confusing--but one certain addition is that of "wake to wireless," adding to the current "wake to LAN" mode.

Another enhancement for business users, Curran said, would be found in Windows 7's search functionality. Whereas Vista's integrated search covers the client PC in question, the new "syndicated search" allows search across a corporate network or even across Sharepoint.



Curran also said that Windows 7 was smaller than Vista, in terms of the amount of space it takes up on the hard drive, and that performance had been "tweaked across the board."

In its appearance, Windows 7 closely resembles Vista. Two significant exceptions are the size of the buttons in the taskbar at the bottom of the screen--these are now larger so as to be more usable in the OS's built-in multitouch mode--and the lack of the sidebar. The sidebar in Vista contained the widgets, but in Windows 7 these mini applications can be spread across the desktop in a similar way to widgets in the Android mobile operating system. As Android seems set to make its way into Netbooks, it is likely that Google's operating system will become a direct competitor to Windows 7 in that market segment.

The taskbar in Windows 7 also includes another visual enhancement over Vista, in that it will automatically display multiple tabs for a browser or multiple documents for applications such as Word.

Asked whether businesses should ignore Vista in favor of the upcoming Windows 7, Curran claimed that "the road to Windows 7 is through Vista."

"If you are running XP today, my best advice is to move to Vista today," Curran said. "Most businesses will wait for the first service pack for Windows 7 (before deploying it), but some will test Vista and (realize) they can get benefits (over XP) here today." Curran's words echoed those of Ballmer in October, when the Microsoft chief said he accepted that some companies would skip Vista, but recommended that they try Vista anyway due to the compatibility between Vista and Windows 7.

Curran refused to say whether Windows 7 would launch with the same level of marketing campaign that went into the release of Vista. He also said Microsoft had not yet decided on the minimum hardware specification for Windows 7, nor the number of versions in which it would be made available. He did, however, insist that Microsoft was "committed to an enterprise edition" of the operating system.

David Meyer reported from London.

Top 10 security predictions for 2009

What will next year hold in the ever-changing world of IT security?
By Asavin Wattanajantra

New tech means new ways for criminals to attack systems. Next year will see hackers get smart about cloud computing, social networking and more. Here's our top ten threats to keep an eye on...

Malware 2.0

Malware will increasingly target Web 2.0 as well as cloud services. New cloud-based services - such as Amazon Web Services and Microsoft Azure - are vulnerable new targets for cybercriminals or spammers.
The cloud could be used simply to send spam, but it also could launch sophisticated attacks such as hosting malicious code for downloads.
Web 2.0 has also created an environment where malware can change depending on an event or a situation. Separate harmless bits of malware can be constructed to combine and maliciously attack.
A good example of this is with mash-ups, where data from many websites can be reconstructed to create something malicious.
Malware-as-a-service becomes more common, which will allow automated malware to be bought and sold to order. This will be a big problem, as it lowers the technical level needed for criminals to become online fraudsters.

An explosion in new malware variants and web threats

Anti-virus vendor Symantec claims that new strains of malware consisting of millions of distinct threats can propagate as a single, core piece of malware. This will create a number of unique malware instances.
Indeed, research has shown we have now reached an inflection point where we are now more malicious programs than legitimate ones. Businesses and vendors need to move away from signatures and concentrate on detection methods, such as the reputation-based approach.
As web services keep increasing, and as browsers start to move towards a uniform standard for scripting language, expect new web-based threats.

Social networking spam

As the year went on, criminals were gradually moving from email-based spam to different techniques. One of these was social networking spam, where websites such as Facebook and MySpace were targeted.
Personal information is gold to the bad guys, and they will learn better tricks to persuade users to give away their details and find ways to access private accounts.
The rise in popularity of social networking sites that allow user-generated content will be a problem. Web spam will increase as will malicious posting into user-forums and blogs.
Security firm Websense claims that new web attack toolkits have emerged that allows attackers to discover posts and/or have vulnerabilities. Bots may also add more HTTP post functionality among their many capabilities.

More legitimate website hacking

It arose as a big problem in 2008 and is sure to continue next year, as criminals realise that hacking a legitimate website is a great way to persuade users to click and downloads malicious files.
Many users are still unfamiliar with web-based malware and 2009 could a boom year as cybercriminals look to capitalise on this ignorance. It is a very recent evolution to exploit flaws in browsers and web servers, and new toolkits are now constantly being made to take advantage.
The fact that these toolkits often don’t need users to have a great technical knowledge lowers the barrier for entry for cybercriminals and pushes the threat level even higher than before.

Unemployment creates more cybercriminals

The credit crunch will affect the security landscape in a number of ways. One of the scariest prospects is that the economic downturn will make it tempting for unemployed IT workers to use their technical knowledge to commit internet crime.
It’s a very lucrative business - and as mentioned before - the growth of malware-as-a-service will make it very easy for people to make money on the web, even if they lack the right technical knowledge.
It could also be a problem in developing countries, as the lack of IT jobs could force qualified and skilled technical workers into the arms of criminal gangs, who will exploit their skills in aid of making money over the web.

Security budgets unlikely to grow

Although the threats keep multiplying, most would agree that in the current economic climate, budgets are unlikely to grow significantly.
This means that there will be more consolidation in the security field and means that instead of multiple boxes carrying out single functions, it will be consolidated into single boxes.
In 2008 this has already been happening, but with budgetary pressures there is no doubt this will accelerate.
It will also be interesting to see how the new focus on data security will affect the way businesses work, and whether there will be a change of focus in security to securing the data, rather than protecting the network.

Mobile computing hacks

The growth in popularity of smartphones will make them a bigger target to criminals as they will not have the security protection that PCs have had for years.
Applications and associated data will be accessed from anywhere and make them a big target for hackers. IT administrators need to be on their guard as these threats will have multiple points of entry, targeting different devices and applications.
This is made even more important by the fact that the use of mobile internet will have increased significantly by the end of 2009.
The value of the data that new sophisticated phones will carry will mean that subscribers will expect mobile operators to take greater security measures to protect personal data, especially when mobile commerce takes off.

The new generation of botnets

At the end of 2008 many of the biggest botnets were taken down with the closing of the McColo server. MessageLabs predicted that these will find new hosting services in countries such as Russia or China, improving botnet technology.
A particular sophisticated type of botnet that was described takes the form of hypervisor technology, with malware existing as a virtualisation layer running directly on the hardware and incorporating key operating system calls.
The “real” operating system remains unaware of the existence of underlying malware controlling the computer. Particularly technical attacks like SQL injection and cross-site scripting will also continue, and become more commonplace in 2009.

Cyber hacking on virtual worlds

Like social networking, hackers are likely to move away from the traditional forms of email spamming and move towards the potential goldmine of virtual worlds.
This could be gaming universes like World of Warcraft, or more social reality-based worlds like Second Life, where stolen virtual goods could be sold for real hard cash.
Users are often more relaxed about their personal details in online worlds, and this means that there could be a good opportunity for criminals to create technology which steal this data.
The increasing use of virtual worlds by businesses will also be a factor, as the value of data that these worlds will carry may grow significantly. This will make it more profitable, and therefore attract more criminals.

Reputation hijacking flourishes

The vulnerability in the design of the Domain Name System (DNS) found by Dan Kaminsky could in theory poison a server’s cache causing people sending emails or requesting a website to be given the wrong IP address.
This could mean victims are sent to a fake website which is looking for personal details, but looks perfectly real. If organised gangs manage to exploit this DNS vulnerability it could mean a whole different set of problems in 2009.
There was a multi-vendor patch deployed in August to protect servers from attack, but it has been made clear that the vulnerability had only been slowed down – not eliminated.