GENERAL COMPUTER STUFF

If Apple's Mac Mini becomes a hit, HP, Gateway and others are likely to follow with their own miniature PCs. The Mac Mini measures 6.5 inches by 6.5 inches and stands 2 inches tall. This shot shows the top of the machine

PC enthusiasts have embraced small desktops such as the LPC-401X from Little PC. It's 10 inches long, 5.8 inches wide and 2.8 inches high.

[CNET News.com, January 27, 2005]

Apple Computer isn't the only company with big hopes for small computers.

Rival PC makers are hoping Apple's newly minted Mac Mini, which went on sale last Saturday, helps shift consumer tastes to smaller desktops at a time when most people associate "little" with laptops.

"I love the product. I think it's beautiful," said Tom Anderson, vice president of marketing for the Consumer PC Global Business Unit at Hewlett-Packard. "If it started a trend of small (desktops)...I'd be very happy about that. It would be a reason for someone to consider a desktop."

Big-name PC makers such as HP have so far had little success with small desktops, but the tiny Apple could well create enough buzz to spark new interest among consumers, some executives said.

Most buyers tend to purchase PCs based more on price and quality of technical support than on design, analysts said. Yet executives such as HP's Anderson see a market for unobtrusive desktops that consumers would purchase as second or third computers and use in settings such as kitchens, where large desktops are impractical. Such PCs would have to be small and able to blend in, considerations that would likely prove more important than the number of CD drives the desktops could incorporate.

Anderson and others said they believe miniature desktops will eventually take off in the United States and Europe, as they have in Asia.

Though mini PCs have primarily caught on at business call centers and among enthusiasts who build their own machines, buyers have opened their wallets for small desktops from companies such as Shuttle and Little PC. Touchdown Industries even appeals to sports fans with a tiny machine that fits inside a football helmet. Meanwhile, some consumers have reported interest in using the Mac Mini for home entertainment, while others envision it providing Internet access in living rooms and kitchens.

CNET News.com reader Doran Else said he wants to purchase a Mac Mini to eliminate the need for regular Windows updates. If the first Mini serves him well, he said, he'd like to add a second one so he can access the Internet in his kitchen.

But minis will face a formidable challenge in the thriving portable market. Although the trend isn't expected to last forever, growth in unit sales of notebook PCs at retail has outpaced that of desktops for some time. During the 2004 holiday season alone, retail sales of notebooks in the United States leaped 26 percent, preliminary data from The NPD Group shows. Moreover, unit sales growth in the $1,000 notebook category corresponded with slower sales in the $600 to $1,000 desktop PC category, said Steve Baker, an analyst with NPD.
"People who are adding to their home inventory (of PCs) are going to want something different," Baker said. "Most people don't have two great big TVs. They've usually got one big one and the kids might have one and maybe there's a 13-inch in the kitchen. People try to fit the value to the task that product is going to perform. I think more and more you'll see PCs have that effect."

The diminutive Mac arrives at a time when most Windows-based desktop machines offer the same basic elements, including at least two 5.25-inch bays for CD or DVD drives, a floppy drive, a series of front-mounted ports for headphones and other peripherals, as well as a memory card reader. Currently, designing a desktop has more to do with choosing parts to hit a specific price than creating a thing of beauty.

But a movement to miniature desktops would elevate the importance of design as a factor in a model's success or failure, compelling PC makers to rely on elements other than price to make their machines stand out amid rival miniature PCs and inexpensive notebooks.

Large manufacturers have already been studying the role of the small desktop. HP, for example, has been considering taking another shot at offering a small desktop, Anderson said. The PC maker launched the small ePC, a product aimed mainly at businesses, in 2000. It was retired after HP acquired Compaq Computer in May 2002. "We've made no commitments to do it again, but we're looking at it," Anderson said.

Dell already offers a small desktop for consumers. The company's Dimension 4700C, which came out last fall, is significantly smaller than Dell's standard Dimension 4700 mini tower. The 4700C offers the same basic components, including a Pentium 4 processor and a CD burner or DVD burner. It costs about $85 to $100 more than the full-size Dimension 4700, which starts at about $749 before rebates and special offers, without a monitor.

Although Dell will continue to offer different PCs in different sizes, the company said small machines come with a catch. Most customers are still looking for something big.

"We've been making small PCs and offering them for quite some time," said Joe Curley, director of product marketing for Dell's Dimension PC line. But "the vast majority of customers--consumers and small and medium businesses--are choosing to buy PCs the way they perceive a PC to be." That, he said, is "a desktop or mini tower that has a couple of industry-standard 5.25-inch bays."

"What we found was, at least at that time (before HP bought Compaq), that people were still concerned about expandability," Anderson said. "It's been an important feature of the PC for the last 20 years, but as the PC has gone mainstream, it's been something that people liked but that they haven't used."

Indeed, people seem to expect their new desktop to offer them the features they want for the lowest possible price. They also expect it to be upgradeable, even if they never actually upgrade. With price and upgradeability at issue, PC makers will have their work cut out for them when launching miniature PCs.

Though the three PC makers would likely take slightly different approaches to future small PCs, they would probably agree on using standard parts. A tinier machine that uses a widely available motherboard, a 3.5-inch hard drive and a full-size 5.25-inch optical drive can be offered for a lower price compared with a standard desktop, they said.

HP found that pricing its small PCs even as little as $50 more than standard machines turned buyers off, Anderson said.

Miniature PCs must also leave out certain things, such as a second optical drive, a floppy drive or the absolute fastest processor. Instead, they might come with a combination CD-burner/DVD drive, memory card readers and midrange processors, making them capable of easily performing tasks such as Internet access or showing video.

Still, PC makers should also be careful to strike the right balance between performance and size, Anderson said. Building in 120GB, 160GB or higher capacity drives, for example, will mean miniature PCs able to match larger machines in storing large numbers of MP3 files or even digital photos.

"We're continuously looking at small form factor (desktops) as a possibility," said Gary Elsasser, vice president of product development at Gateway. But, as a PC maker, "you've got to look at the marketplace and decide what's going to drive the highest amount of volume...and what's going to meet customers' needs. It takes time for customers' perceptions to change, and I don't think (they're) going to change anytime in the immediate future."

Changing consumer taste will amount to a monumental task for the tiny Mini. To date, the vast majority of consumers purchasing Windows desktops have shown little desire for anything other than a standard mini tower. Even stylish, all-in-one machines such as the iMac and the Gateway Profile have sold in small numbers compared with the tens of millions of standard desktops purchased by consumers annually.

But Apple has paved the way before. Take the company's iPod music player, which has changed the way many people listen to music. Although it has yet to be determined whether the Mini will be the product that turns around the entire desktop computer market, the machine has arrived at what could be an opportune time.

Microsoft Corp. has offered patches for two serious vulnerabilities in its products. One of the security breaches— taking advantage of the action from a tweaked image file —compromises a wide range of Microsoft products, including server and client operating systems as well as applications such as e-mail.

However, this "Patch Tuesday," following the August release of Windows XP SP2 (Service Pack 2), appeared to sidestep concerns over whether Microsoft will provide different patches for XP SP1 and XP SP2 installations. The patches released on Tuesday addressed issues with SP1 and other Microsoft applications.

The more serious of the two vulnerabilities allows a specially malformed JPEG graphic file —when viewed in any of a large number of Microsoft products— to compromise the system, allowing execution of any attack code.

The second also allows remote code execution through a bug in the Word Perfect file converter. Microsoft said both bugs were reported privately to the company and had not been revealed until the release of the patch.

The JPEG bug, an error in the GDI+ Type Library, has the potential for widespread damage, as it can be delivered through an HTML e-mail. Once an exploit of the problem runs on a system, it can run any code allowed under the user's permissions.

The advisory for the JPEG bug lists Windows XP; Windows Server 2003; Office XP and 2003; numerous versions of Microsoft Project; Visio and Visual Studio.NET; and many other consumer and professional products affected by the issue, including:

* The Microsoft .NET Framework version 1.0
* Microsoft Picture It 2002 (all versions)
* Microsoft Greetings 2002
* Microsoft Picture It! version 7.0 (all versions)
* Microsoft Digital Image Pro version 7.0
* Microsoft Picture It! version 9 (all versions, including Picture It! library)
* Microsoft Digital Image Pro version 9
* Microsoft Digital Image Suite version 9
* Microsoft Producer for Microsoft Office PowerPoint (all versions)
* Microsoft Platform SDK Redistributable

Windows XP SP2 (Service Pack 2) is not affected, but many SP2 users will need to acquire patches for vulnerable applications they use. By default, Windows 98, ME, NT and 2000 are not vulnerable, but any of the vulnerable applications would be vulnerable when running on them.

Security experts considered the new graphics vulnerability a real threat.

Russ Cooper, senior scientist at TruSecure Corp., of Herndon, Virginia, and editor of the NTBugtraq security mailing list, said he was distressed at the potential for this vulnerability to spread through HTML e-mail. He compared it with the so-called Good Times Virus, a hoax perpetrated a decade ago about a virus users could get simply by reading an e-mail. However, in the case of the JPEG bug, the vulnerability is all too real.

Cooper also wondered "why XP SP2 contained a revised GDIPLUS.dll [the vulnerable graphics component], which wasn't vulnerable, yet earlier versions waited a month to get theirs." Microsoft was unavailable for comment.

Craig Schmugar, virus research manager at McAfee Avert, called the problem "potentially very serious" due to its ability to run arbitrary code. He noted that McAfee Inc. has seen no proof-of-concept code for either vulnerability announced Tuesday. But he added, "Often, the release of the patch itself leads to exploits, as attackers reverse-engineer the patch code in order to learn what it's fixing. Hopefully, it won't come to that."

Due to performance considerations, anti-virus products typically don't scan nonexecutable files such as JPEGs, so Schmugar said an IDS (intrusion-detection system) or IPS (intrusion-prevention system) such as McAfee Intercept—which look for behavior such as buffer overflows in a generic manner—offer a better solution.

This Windows JPEG flaw is the latest in a string of vulnerabilities relating to graphics formats and image-handling libraries in multiple operating systems and browser platforms. In August, a security researcher uncovered multiple vulnerabilities in libpng, the PNG (Portable Networks Graphic) library. The flaw required an update to a number of open-source projects, including browsers and image-rendering engines such as Ghostscript.

Microsoft in late July also released an out-of-order security bulletin to cover two vulnerabilities relating to Internet Explorer's handling of BMP and GIF image files. The flaw could be used for a denial-of-service attack as well as to execute arbitrary code, the Redmond, Wash. Software maker said at the time.

According to Microsoft's advisory on Tuesday, the bug in the Word Perfect converter version 5.x, also a buffer overflow, requires the attacker to construct a special file and persuade the user to run the Word Perfect converter on the file. Once the user does this, attack code within the file could perform any action permitted to the user. If the user were logged on as an administrator, for example, the attack would have full system privileges. Because the user would need to be persuaded to read the file into the program, Microsoft called the problem "important" rather than critical.

The Word Perfect converter is a component of Microsoft Office 2000; Office XP (2002); Office 2003; and Works Suites 2001, 2002, 2003 and 2004. Links to the appropriate patches for this bug may be found on the advisory page.

Dell's Dimension 4700C, which came out last fall, measures 12.7 inches high, 3.8 inches wide and 14 inches deep.

Touchdown Industries is attempting to appeal to sports fans with a small desktop that fits into a football helmet. This PC for pigskin lovers measures 9 inches high and 7 inches wide.

By STEVEN J. VAUGHN-NICHOLS, June 28, 2004

Although Linux & Open Source Editor Steven J. Vaughan-Nichols once used IE on his Windows machines, he now finds Microsoft's browser seriously insecure and endorses open-source ones instead.

OK, I confess it: I've used Internet Explorer a lot. After being a die-hard Netscape user, I finally got fed up with the sheer bulk of that browser and started using Internet Explorer on my Windows machines. As time went on and open-source Mozilla matured, I started using Mozilla as my main Linux Web browser and as my secondary Windows browser. This past Friday, though, I started installing Firefox, the browser-only side of Mozilla, on every one of my production Windows machines.

Why? Because Internet Explorer, like Outlook, has finally become, to my mind, a permanent security hole that masquerades as a useful application.

Strong words? Have you really thought about this latest exploit? It could hit every Internet Explorer (IE) browser that merely visited any page served by an infected Microsoft IIS (Internet Information Server). No anti-virus program would stop it, no firewall would slow it down and no shipping IE security patch would even notice it. Visit the page, get the infection. It was that simple.

Oh, but the few thousand people running Release Candidate 2 of Windows XP Service Pack 2 were not vulnerable to the client-side attack. And if you were one of the very few people who had all of the current critical patches installed and were running IE with its security settings at "high," you'd be OK. That leaves, oh, say, 95 percent of all IE users wide open to this attack. I feel so much better now.

And just how bad was this attack? Boys and girls, let me tell you, this was the worst security violation I have ever seen. But don't take my word for it.

Johannes Ullrich, a handler at the Internet Storm Center at The SANS Institute in Bethesda, Md., wrote, "A large number of Web sites, some of them quite popular, were compromised earlier this week to distribute malicious code. The attacker uploaded a small file with JavaScript to infected Web sites and altered the Web server configuration to append the script to all files served by the Web server (IIS). The Storm Center and others are still investigating the method used to compromise the servers. Several server administrators reported that they were fully patched."

What sites were spreading the infections? We still don't know. Neither the security companies nor the businesses running the infected sites are talking. Since they're not being any help, I can only suggest that you update your anti-viral software and run it—now.

The only other thing I can say is that sites running IIS 5, which hadn't been patched up to April's MS04-011, were the ones targeted by this exploit. But, I'm sorry to say, it's still not clear that even sites that had been patched with MS04-011 were safe. There are reports that even patched IIS servers were infected.

What happened next was that after simply visiting what looked like a perfectly ordinary page, the JavaScript hidden with the page would direct your browser to quietly download and install one of several different programs from a Russian Web site. "These Trojan horse programs include keystroke loggers, proxy servers and other back doors providing full access to the infected system," Ullrich said.

Many of the people talking about the exploit have discussed how your computers might be used by these back-door programs to launch a DDoS (distributed denial of service) attack. Yeah, that's bad news, but that's not the real problem. In the few days that the sites provided the Trojan horses, hundreds of thousands or millions of users could have had their credit-card, stock-brokerage and bank-account numbers and passwords stolen.

Maybe this was just another massive Internet security prank. Maybe all that will happen is a DDoS attack. Well, you can hope that's all there is to it and continue to use IE. But as for me, I'm done with it. Yes, by Friday, most of the major anti-viral programs could stop this particular attack. But what about the next one?

According to the U.S. CERT (Computer Emergency Response Team), "Microsoft Internet Explorer does not adequately validate the security context of a frame that has been redirected by a Web server. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary code with the privileges of the user running IE."

There is, at this time, no shipping patch to stop this. Wonderful.

If you must run IE, and unfortunately, I do for at least one remote application I use every day, you can disable all active scripting and ActiveX on all IE zones. Between CERT's frequently asked questions about malicious Web scripts redirected by Web sites and Microsoft's Knowledge Base article on how to strengthen the security settings for the Local Machine zone in Internet Explorer, you should be safe from most variations of this kind of attack.

Frankly, though, I think CERT's other suggestion is an even better one: Use a different Web browser. Open-source browsers, such as Mozilla Firefox,are simply more secure than IE. Yes, I know all of the tired, old arguments about how if open-source programs were as popular as Microsoft's products; they'd be just as vulnerable. You know what? I don't have time today to deal with the fundamentally inane idea that security by obscurity is somehow the best way to secure software.

The bottom line is that for all practical purposes for today, open-source browsers are inherently more secure than Internet Explorer, and I still have half a dozen more workstations to switch over to Firefox. Go ahead, stick with Internet Explorer for everyday use. It's your funeral.

[eChannel Line, December 15, 2004]

By the end of the decade, the number of personal computers in use worldwide will reach almost 1.3 billion, up from 575 million today, according to a new report by Forrester Research Inc. The IT consultancy said PC adoption rates are rising across 16 emerging markets such as China, Russia, and India.

The report, "Sizing the Emerging-Nation PC Market", stated mature markets in the U.S., Europe, and Asia-Pacific will add 150 million new PCs to the world market by 2010. More significant growth will come from emerging markets, for which Forrester forecasts that 566 million new PCs will be in use by 2010, up from 75 million in 2003, a 31 per cent CAGR (compound annual growth rate).

Competition for market share will pit industry leaders like Dell and HP against local emerging market manufacturers and fundamentally change the rules of the game. Price will be the key driver of the pace of adoption.

"Today's products from western PC vendors won't dominate in those markets in the long term," said Forrester senior analyst Simon Yates. "Instead, local PC makers like Lenovo Group in China and Aquarius in Russia that can better tailor the PC form factor, price point, and applications to their local markets will ultimately win the market share battle.

"Both Dell and HP are building very successful businesses in China, whereas IBM failed to break through in any serious way. The scale of that China opportunity is so big (and even bigger if IBM can make server and services in-roads into the Chinese IT market) that IBM had to do something to establish itself and Lenovo had to do something to build a competitive brand outside of cheap PCs."

By Forrester's estimations, China will see 178 million new PC users, India will get 80 million new PC users (at a 37 per cent annual growth rate), 40 million new PC users in Indonesia (40 per cent growth per year from 2.6 million in 2003 to 40 million), and 46 per cent of Mexicans will own a PC (the deepest penetration of PCs as a percentage of population of all 16 emerging markets analyzed).

Yates said in the U.S., IBM and Lenovo are counting on the reseller channel to deliver the results and it's up to the resellers to push the new company to invest in new product development and marketing and provide top notch support. He warned resellers need to grasp that their current business model is under attack.

"IBM-Lenovo has a much bigger opportunity in China and they can't afford to spread themselves too thin. If they don't put the U.S. at the top of the priority list, over time research and marketing commitment will drift towards the Chinese market," he said. "Outside the U.S., resellers need to see that their business is under attack from huge global brands. They need to align with those brands even at the expense of their own profit margins or get left out in the cold in the long term."

Western PC manufacturers will win the first round, but local manufacturers will dominate in the long term, Yates said.

Wealthy urbanites, educated, brand-conscious, sophisticated PC users, started with entry-level PCs but now demand more power from their PCs and are motivated to purchase technology from western firms like Dell, HP, and IBM.

Middle-class literates represented the sweet spot for PC unit volume sales, the report stated. They are educated consumers, first-time PC buyers, and are targets for local PC makers that tailor the PC form, price points, and application to local market conditions. They are also price-conscious and brand-irrelevant.

Lastly, Forrester said the rural mass market will be a long-term challenge for the PC industry to attract this segment to the PC platform; they are likely to choose PC alternatives, such as smart-phones. This group is rural, low-income, and very price-sensitive. They lack community infrastructure, funding, communications, and reliable power sources to support PC platforms.

Forrester believes the PC industry must innovate to thrive. To grow emerging markets beyond the early adopters, firms must develop a new generation of PC products that are affordable, simple, localized, useful, durable, and serviceable.

"Most of these countries like a strong local PC manufacturer to compete with one of the U.S. names," he said. "The exception is HCL in India. Someone will do a joint venture deal with HCL eventually, especially if India keeps the tariffs in place that favour locals over imports."

Looking ahead, Forrester said between western and local PC builders, the advantage goes to the locals, as evidenced in the announced sale of IBM's PC unit to China's Lenovo Group, demonstrating Big Blue's understanding that a majority of the growth in the PC sector will come from emerging markets and be led by local manufacturers.

Moreover, Windows versus Linux: The advantage goes to Linux, Yates said. Establishing the Windows platform in these new markets will be an uphill battle. No Windows legacy in these markets means that local manufacturers can drive down prices by installing Linux instead.

Wireless providers will top wired providers for online access, Forrester said. Investments in landline networks outside major city centers won't pay off, so rural populations must wait for new wireless technologies like Wi-MAX (metropolitan area networks) and 3G GSM networks for connectivity, officials said.

"A lot is made of this market, but it will be years before it becomes a market worth putting a lot of time and money into," Yates said. "They (rural users) are unlikely to adopt the PC platform as we know it today anyway. But PC manufacturers need to help define that new device or cede the market to cellphone manufacturers like Motorola and Nokia."

The 16 emerging markets analyzed in this report include, in order of population size: China, India, Indonesia, Brazil, Pakistan, Russia, Nigeria, Bangladesh, Mexico, Philippines, Vietnam, Egypt, Ethiopia, Turkey, Iran, and Thailand.