Windows 7 drives RAM capacity explosion; Vista SP2 usage rising

Windows 7 will drive the average PC RAM capacity to 4GB in the next 18 months. There you'll find a collection of dynamic chart objects that provide a real-time view into data gathered from xpnet.com's nearly 20,000 contributing members. That's the conclusion of researchers at the exo.performance.network who are monitoring the ramp-up to Windows 7's launch on October 22. After evaluating data collected from early adopters of the Windows 7 RTM code spread across several hundred IT sites, the xpnet.com team observed that nearly 50 percent sported memory capacities of 4GB or higher, with some reaching as high as 12GB. The average of all Windows 7 PCs was 3.7GB, which is in stark contrast to Windows XP PCs, where the average RAM capacity (for all versions) hovers at just under 1.7GB. Windows 7 RAM installations also best Vista's average of 2.7GB. In fact, the move from a Vista-centric world to one defined by Windows 7 will likely drive a jump in RAM capacity (by 33 percent) comparable to the one experienced during the transition from Windows XP to Vista (a jump of 37 percent in installed RAM). [ Is your PC ready to run Windows 7? Find out by using InfoWorld's Windows Sentinel tool, which also lets you track performance and other aspects of your Windows PCs and servers. ] Note: You can check out the latest data from the exo.repository by visiting InfoWorld's Windows Pulse page. The bottom line: While much has been made about Windows 7's supposedly reduced memory footprint, the reality is that a combination of Moore's Law (as it applies to RAM density) and the harsh lessons of the Vista debacle are prompting customers to err on the side of caution and equip Windows 7 PCs with ample RAM out of the gate. [ If the charts in this story are not visible, you can see them in the original story at InfoWorld.com. ] Vista SP2 adoption risingThe adoption rate for Windows Vista Service Pack 2 ticked up a bit over the past few weeks.

Meanwhile, the number of systems reporting SP1 installed dropped 2 percentage points (now 72 percent), as did the few laggards still running the Vista RTM release (now at just under 8 percent). Given the breadth of bug fixes and performance enhancements provide by Vista SP2, including improvements to Bluetooth support and an improved wireless networking stack, xpnet.com researchers expect the adoption rate to climb steadily as IT shops finish internal testing and deploy it more widely. After lagging behind Service Pack 1 by a wide margin, SP2 is now gaining momentum, with nearly 20 percent of PCs reporting the newer service pack level. However, they also note that this trend may be tempered somewhat by the conversion of many long-term Vista deployment projects to Windows 7 when it becomes available. This should signal the tipping point for application developers who have been waiting for the technology to reach critical mass before investing in additional multithreading development/multicore tuning for the core product lines. Multicore pushes single-core into the minorityOne development the xpnet.com team has been watching closely is the transition from single- to multicore CPUs. Data from the exo.respository indicates that multicore is now the dominant CPU architecture, with fully 57 percent of the installed base sporting CPUs with two or more cores.

As InfoWorld's tests show, Windows 7 is strongly poised to take advantage of multicore PCs, more so than XP and Vista.

App Store success could change software-buying habits

More than 2 billion applications have been downloaded from Apple Inc.'s App Store, with more than 85,000 apps available to 50 million-plus iPhone and iPod Touch owners worldwide. After the App Store launched on July 11, 2008, it took nine months to hit 1 billion, and only six more months to hit 2 billion, noted Carl Howe, an analyst at Yankee Group Inc. "The more devices that are out there, the more people want to download software, and they see it's an easy and fun experience," Howe said in an interview. The numbers announced by Apple today are staggering to even normally reserved analysts, who noted that after a somewhat slower summer buying rate, App Store downloads globally have exceeded more than 10 million a day in much of September. It also helps that Apple has attracted 125,000 developers to its iPhone Developer Program, he noted.

With the success of the App Store and the growth in other application storefronts backed by BlackBerry, Android and others, "any digital media is fair game," Howe said. After the one-year mark was reached in July, analysts were heralding application stores, including several imitators of the App Store, as the new way to buy software. "You don't have to go to a store to a buy a disc and get the ultimate in instant gratification," Howe said. In fact, while games are a big hit on the App Store, both the free and the paid versions, Apple is calling attention to its "staff picks," which include a free app for the complete works of Shakespeare, with a text-sizing tool. Howe said one of the secrets of the App Store's success is the large number of devices downloading them, but another is the ease with which the apps are downloaded. "If you provide a friction-free way of buying things like App Store, which shortens the time it takes from an impulse to buy to actually buying something, you'll sell a lot," Howe said. "There's not a lot of time for buyer's remorse, and it's a lot like going past a magazine stand in a store and paying $3 for a magazine. In a 28.8 MB app, users get all 40 plays, 154 sonnets and six poems, as well as some works attributed to the Bard, although whether he wrote them remains in doubt. There's not a lot of remorse in buying that item." A Yankee survey of 1,200 U.S. smartphone owners showed that 18% of applications are paid for.

Even the recession has not held back this kind of impulse buying. "The recession doesn't seem to be having an impact. However with growth in the average cost of the paid apps, and the growth in the number of devices, the U.S. revenues from applications will grow by 10 times between 2009 and 2013, reaching $4.2 billion in 2013 . In that survey, more than 70% of all the apps downloaded in the U.S. were games. "It's interesting that you see how the App Store is doing when it was not that long ago - about 2001 when the dotcom bubble burst- that people were saying people would want information to be free on the Internet," Howe noted. These small impulse purchases are kind of recession-proof," Howe said. Enderle said the application store concept might have come along earlier had bricks-and-mortar retailers not objected. "The fact is, that with enough bandwidth, there's very little that can't be delivered over the Web," Enderle said. "We're witnessing what will probably be the end of the traditional software delivery model. Rob Enderle, an analyst at the Enderle Group, said the two billion mark is "outstanding" given the number of phones available for downloads.

App Store is an indicator that the times they are a changin'."

Microsoft defends its anti-malware software after Symantec piles on

Microsoft is defending the merits of its free Security Essentials anti-malware software after a top Symantec engineer badmouthed the new release. "Microsoft Security Essentials provides real-time protection that uses behavior monitoring and reputation services to help identify the malicious software as soon as it emerges in the ecosystem and then uses the Dynamic Signature Service to make the newest definitions available virtually real-time, without having to wait for the next signature download," Microsoft said in a statement. 11 security companies to watch Earlier in the week, Jens Meggers, vice president of engineering for Norton products, claimed the newly released Security Essentials is just an unimpressive recycling of Microsoft's discontinued Live OneCare technology for Windows desktops. "It's just stripped down OneCare," Meggers said, citing a report from Dennis Technology Lab that compared Norton AntiVirus 2009 to Microsoft Security Essentials and deemed Norton stronger in malware defense by about a 2-to-1 margin (the test was sponsored by Symantec). Microsoft expressed disappointment in Symantec's claims but did not rebut each of Meggers' remarks. In its statement Microsoft said it "continues to advocate for a defense in depth strategy that includes the use of anti-malware software, but also includes protections such as firewall and user account controls like those found in Windows, browser security like that in IE8 and continuous updates like those provided through Microsoft Update." Microsoft indicated it is offering Microsoft Security essentials for free because "we still see far too many consumers worldwide that do not have up-to-date protection either because they cannot afford it, are concerned about the impact the suites will have on the performance of their PCs, or because they simply do not realize their AV software is not up to date." Offering its software for free, said Microsoft, "will remove some of the barriers in the way of consumers having quality anti-malware protection today."

Microsoft aims to spark new business for Web developers

Microsoft has launched a program that gives Web development professionals the chance to get free software and technical support to help them get new businesses off the ground. The program is similar to Microsoft's BizSpark program launched last year, which provides software and other resources to startups, and the DreamSpark program, which does the same for students. Web development companies with less than 10 employees can apply for the new WebsiteSpark program, which was unveiled at the PICNIC conference in Amsterdam Thursday.

Eddie Amos, general manager for Microsoft's developer platform and tools group, said the company added WebsiteSpark because it realized there was a "hole" in the enablement programs where Web professionals are concerned. In the Web development and Web design space many companies already use products from Adobe and other Microsoft competitors. The programs also provide a way for Microsoft to get young companies and developers using its software in their businesses. Through WebsiteSpark - which companies can apply for online - Microsoft will provide three licenses for Visual Studio 2008 Professional Edition, two licenses for Expression Web 3 and one license for Expression Studio 3. Qualifying companies also receive four processor licenses for production use of both Windows Web Server 2008 and Microsoft SQL Server 2008 Web Edition. Cyrus Massoumi, whose company ZocDoc has been a part of Microsoft's BizSpark program, said getting free software and support has been a great benefit. The program also includes two technical-support incidents per company, access to community support through connections with other Microsoft partners and unlimited access to technical managed newsgroups on the Microsoft Developer Network.

ZocDoc provides a Web site through which people can book doctors' appointments. "The program enables us to work with Microsoft's latest technologies without worrying about cost, and the savings for our data center are significant," said Massoumi, ZocDoc's CEO and founder. The 2.0 version is available online for download. In addition to unveiling WebsiteSpark, Microsoft Thursday also updated its Web Platform Installer software, which simplifies the installation of Microsoft Web development software to make it easier to build Web applications.

You've got questions, Aardvark Mobile has answers

Aardvark has taken a different tack with search. And now the people behind Aardvark are bringing that same approach to the iPhone and iPod touch. The online service figures it's sometimes more productive to ask a question of an actual person-usually someone from within your social network-rather than brave the vagaries of a search engine and its sometimes irrelevant answers.

Aardvark Mobile actually arrived in the App Store nearly a week ago. Aardvark Mobile tackles the same problem as the Aardvark Web site-dealing with subjective searches where two people might type in the same keywords but be searching for two completely different things. "Search engines by design struggle with these types of queries," Aardvark CEO Max Ventilla said. But developer Vark.com waited until Tuesday to take the wraps off the mobile version of its social question-and-answer service. What Aardvark does is tap into your social networks and contacts on Facebook, Twitter, Gmail, and elsewhere to track down answers to questions that might otherwise flummox a search engine-things like "Where's a good place to eat in this neighborhood?" or "Where should I stay when I visit London?" With Aadvark's Web service, you'd send a message through your IM client to Aardvark; the service then figures out who in your network (and in their extended network) might be able to answer the question and asks them on your behalf. The majority of questions are answered in less than five minutes. Ventilla says that 90 percent of the questions asked via Aardvark get answered.

The iPhone version of Aardvark works much the same way. The service pings people for an answer, and sends you a push notification when there's a reply. Instead of an IM, you type a message directly into the app, tag it with the appropriate categories, and send it off to Aardvark. In previewing the app, I asked a question about affordable hotels in Central London-two responses came back within about three minutes from other Aardvark users. If you shake your mobile device when you're on the Answer tab, Aardvark Mobile looks up any unanswered questions that you may be able to provide a response for (while also producing a very alarming aardvark-like noise). "We think Aardvark is particularly well-suited to mobile, and especially the iPhone given how rich that platform is to develop for," Ventilla said.

In addition to push notifications, Aardvark Mobile also taps into the iPhone's built-in location features to automatically detect your location-a feature that can help when you're asking about local hotspots. You don't have to already be using Aardvark's online service to take advantage of the mobile app. Aardvark Mobile requires the iPhone OS 3.0. The free Aardvark Mobile app lets you set up a profile on your iPhone or iPod touch; Facebook Connect integration helps you instantly build up a network of friends who are also using the service.

Companies patch OS holes, but biggest priority should be apps

Corporations appear to be much slower in patching their applications than their operating systems - even though attackers are mainly targeting vulnerabilities in applications, according to a new report. "Now we know which vulnerabilities are being patched and which are not," says Alan Paller, director of research at the SANS Institute.   The report, "The Top Cyber Security Risks," is based on data collected between March and August and was a collaborative effort by SANS, TippingPoint and Qualys. The report shows that 80% of Microsoft operating system vulnerabilities are being patched within 60 days, but only 40% of applications, including Office and Adobe. The group analyzed six months of data related to online attacks, collected from 6,000 organizations using the TippingPoint intrusion-prevention system, along with data related to more than 100 million vulnerability scans performed on behalf of 9,000 customers of the Qualys vulnerability assessment service. Meanwhile, the majority of online attacks are aimed at applications, particularly client-side applications, making this the No. 1 priority named in the report.

The main attack methods used against Web sites were SQL injection and cross-site scripting. During the six-month timeframe, more than 60% of all attack attempts monitored by TippingPoint were against Web applications in order to convert trusted Web sites into malicious sites serving up malware and attack code to vulnerable client-side applications. In terms of vulnerability and exploitation trends, popular methods include attempting to brute-force passwords by guessing, with Microsoft SQL, FTP and SSH Servers among the most popular targets. Zero-day vulnerabilities - which occur when a flaw in software code is discovered and exploit code appears before a fix or patch for the flaw is available - were popular in targeted attacks, according to the report. Some of the main vulnerabilities being exploited include the malicious Apple QuickTime Image File download (CVE-20009-0007); Microsoft's WordPad and Office Text Converter Remote Code Execution Vulnerability (MS09-010); and multiple Sun Java vulnerabilities.

Six notable zero-day flaws in the past six months include: * The Adobe Acrobat & Flash Player Remote Code Execution Vulnerability (CVE-2009-1862)  * Microsoft Office Web Components, Active X Control Code Execution Vulnerability (CVE-2009-1136)  * Microsoft Active Template Library Header data Remote Code Execution Vulnerability (CVE-2008-0015)  * Microsoft Direct X DirectShow QuickTime Video Remote Code Execution Vulnerability (CVE-2008-0015)  * Adobe Reader Remote Code Execution Vulnerability (CVE-2009-1493)  * Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2009-0556) The report concludes by pointing out that finding zero-day vulnerabilities seems to be getting easier as "a direct result of an overall increase in the number of people having skills to discover vulnerabilities worldwide."

Oracle breaks silence on Sun plans in ad

Oracle Corp. ended it silence Thursday on its post-merger plans for Sun Microsystems Inc.'s Unix systems in an advertisement aimed at Sun customers to keep them from leaving the Sparc and Solaris platforms. Ever since Oracle announced in April its plans to acquire Sun, its competitors - notably IBM and Hewlett-Packard Co. - have been relentlessly pursuing Sun's core customer base, its Sparc and Solaris users. Oracle's ad to "Sun customers," makes a number of promises that includes spending more "than Sun does now," on developing Sparc and Solaris, as well as boosting service and support by having "more than twice as many hardware specialists than Sun does now." Analysts see Oracle's ad as a defensive move that doesn't answer some of the big questions ahead of the $7.4 billion merger with Sun . In fact, there may be a lot of room for skepticism and parsing of Oracle's claims, despite their apparent black and white assertions. Among the top hardware makers, Sun registered the biggest decline in server revenue in the second quarter, offering evidence that this protracted merger may be eroding Sun's value.

Europe is allowing until mid-January to sort this out, which keeps the merger in limbo for another quarter. Oracle wanted the acquisition completed by now but the European Commission this month said it would delay its antitrust review because of "serious concerns" about its impact on the database market. Analysts point out that Oracle's plans to spend more "than Sun does now," may be a little hallow because Sun's spending on developing Sparc and Solaris is probably at a low. "The ad sounds convincing - but perhaps being a word nitpicker, the Sun does now' might not mean much if Sun has drastically cut back due to plummeting sales," Rich Partridge, an analyst at Ideas International Ltd., said in an e-mail. "I think someone at Oracle suddenly realized that Sun was bleeding so badly that what would be left when Oracle finally got control would be worth a small fraction of what they paid and no one would buy the hardware unit," Rob Enderle, an independent analyst, said in an e-mail. But Enderle said the ad's claims do not preclude Oracle from selling its hardware division, and says the company "will have to support the unit for a short time after taking control; during that short time they can easily outspend Sun's nearly non-existent budgets." Gordon Haff, an analyst at Illuminata Inc., said if it was Oracle's plan to start on day one of the merger to shop the Sparc processor around, "would they have put this ad out? Taken at face value, the ad seems to indicate that Oracle will keep Sun's hardware and microprocessor capability and not spin it off, as some analysts believe possible. Probably not," he said. "Does it preclude Oracle from changing their mind?

Indeed, Oracle's major competitive concern was indicated in the ad in a quote by Oracle CEO Larry Ellison: "IBM, we're looking forward to competing with you in the hardware business." No. Companies change their mind all the time." An erosion of Sun's customer also hurts Oracle, because a lot of Sun customers are also Oracle customers, and Oracle doesn't want its existing customer to go to IBM and move away from Oracle's platform, Haff said.