More than five years after the release of Windows XP, Windows Vista has arrived. The party line out of Redmond is that "Windows Vista is Microsoft's most secure platform to date," and you won't find anyone at Microsoft saying otherwise. But saying it's Microsoft's most secure operating system isn't saying that Windows Vista is the most secure operating system on the market today. No one can say that, I suspect, but Microsoft is really sensitive about security, saying that security is one of the main pillars that support a user's decision to upgrade to Windows Vista. Unfortunately for most home users, the actual security features in Windows Vista Home Basic and Home Premium will amount to little more than a pillar of salt. That's not to say home users won't get enhanced security with Windows Vista; they will. It's just that most of the security enhancements touted in Windows Vista don't appear in the Home Premium and Basic editions, and what's there, what's not already available within windows XP, could have fit into a free Windows XP service pack instead of requiring a $200 upgrade.

The spin
I have several marketing documents from Microsoft, but I'll refer to one entitled "Windows Vista Quick Reference Guide." These are talking points for software reviewers regarding security, mobility, networking, deployment, and application compatibility. Under security, the document states that Windows Vista's development followed the Microsoft's Security Development Lifecycle. Programmers were required to take security training, strict coding standards were enforced, and throughout the cycle, rigorous testing and review of the operating system code was done. That's the marketing spin.

Most of the security enhancements touted in Windows Vista don't appear in the Home Premium and Basic editions, and what's there, what's not already available within windows XP, could have fit into a free Windows XP service pack instead of requiring a $200 upgrade.

The reality is a little different. At least one major antivirus vendor, Kaspersky, has said there will be vulnerabilities reported soon within Windows Vista. "We're not asking whether vulnerabilities will be found, but when," said Alexander Gostev, principal antivirus researcher for Kaspersky. Indeed, there's already been one Vista-related vulnerability reported, one that affected earlier versions of Windows, as well. You'd think Microsoft's Security Development Lifecycle would have caught that.

A shell game
The marketing document goes on to list a dozen bulleted security enhancements within Windows Vista, such as Enhanced Authentication Model, User Account Control (UAC), BitLocker Drive Encryption, Encrypting File System (EFS), Protected Mode for IE 7, Windows Defender, Windows Firewall, Enhanced Firewall Management, Group Policy for Device Lockdown, Address Space Layout Randomization (ASLR), Kernel Patch Protection, and Network Access Protection. That's 12 enhancements that sound really thorough, if you get them.

However, because there are six different editions of Windows Vista, with varying features in each, only the people who purchase the $400 Ultimate edition or have access to the Enterprise edition (for volume-license customers only) will see all 12 features; for $200, home users will see fewer than half. I spoke with Pete McKiernan, a senior product manager for Windows at Microsoft, who said that BitLocker hard drive encryption wasn't included in the Home editions because Microsoft feared home users would lock themselves out of their systems. He agreed that another feature, Device Lockdown, required a group policy, and therefore wouldn't be in the Home edition, nor would Network Access Protection, Enhanced Authentication Model, or Encrypting File System (EFS). That's 5 out of 12 security enhancements that you won't find in the Home editions of Windows Vista.

I wouldn't have minded a Windows XP service pack offering just ASLR. But Microsoft wants me to pay $200 for security features I don't use or need just to get the one feature I truly do need.

Pete did say that all 64-bit editions of Windows Vista include Kernel Patch Protection, but I told him that most home users are running the 32-bit editions. It remains to be seen whether the 64-bit PatchGuard, also known as Kernel Patch Protection, works as advertised. At last summer's Black Hat Briefings in Las Vegas, researcher Joanna Rutkowska hacked Windows Vista's PatchGuard before a live audience that included several Microsoft employees who had also presented at the conference. If we include PatchGuard, that makes half of the security enhancements in Windows Vista that won't be on your home system.

What you get
So what do you get with Home Premium and Home Basic? You get Address Space Layout Randomization (ASLR), which protects against return-to-libc attacks, where an attacker uses exploit code to call a system function. ASLR randomizes the function entry points for common system calls, so on a typical 32-bit Windows Vista machine, an attacker stands a 1-in-256 chance of getting the address right, which should slow down an attacker. And home users will get not one but two firewall consoles within Windows Vista (why Microsoft couldn't reconcile them, I don't know), but you still won't get full outbound protection within the Microsoft Firewall without some serious configuration. The new Windows Firewall with Advanced Security on Local Computer console provides different profiles for Domain Policy (corporate networks), Private Profile (home networks), and Public Profile (Wi-Fi hot spots), but the language offered is all legalese at best: "Inbound connections that do not match a rule are not blocked" (the double negative is Microsoft's, not mine) and "Outbound connections that do not match a rule are allowed." Basically, all inbound data from the Internet is allowed (as it should be) except where a rule exists; outbound data from your computer is also allowed (as it should not be) "except where excepted"--one of my all-time favorite Microsoft-issued statements. The difference here is that unless you create specific rules to block outbound data--say, from spyware or rogue apps--you won't have true two-way firewall protection with the Microsoft Firewall. The reality is that most people will never tweak these settings and therefore won't be as well protected as they would be with the free edition of ZoneAlarm, a true two-way firewall.

User Account Control (UAC)
Perhaps the most visible security change within Windows Vista is User Account Control (UAC), a dialog box that appears whenever system settings might be changed. I agree with McKiernan that UAC is a step forward in security, but I disagree with its final implementation. If you are a standard user, using a second account on someone else's computer, you will need at administrator's password in order to perform certain system functions. An annoyance, but that's real security.

If you are the only one using your Home edition of Windows Vista, logically, you should be running the administrator account. But as a solo account user (administrator) within Windows Vista, you are actually running as a standard user until UAC flags you, only then do you escalate to administrator privileges. Unfortunately, Microsoft made it so that administrators need only hit Enter to access escalated privileges, no password required. McKiernan says Microsoft did that because it assumes administrators know how to respond to UAC messages, but I pointed out that other operating systems require even solo account users to enter a password before making system changes. And how long will it be until some malware prompts a UAC message, knowing the Windows Vista account user will just bat it away with a click of the Enter key?

The IE 7 features
Perhaps the biggest improvement over Windows XP is that Windows Vista places Internet Explorer 7 ActiveX processes into a sandbox. The sandbox allows the ActiveX component to run while you are using IE 7 and terminates it when you close IE. But you get even better security if you don't use Internet Explorer and use Firefox 2 or Opera 9 instead. Microsoft could have provided this sandboxing feature for free within Internet Explorer 7 for Windows XP, but the company withheld it, wanting to give Windows Vista users some value for their $200.

And I've seen it spun that Windows Vista includes built-in antiphishing protection. But Internet Explorer 7 for Windows XP--and for that matter Firefox 2--also blocks phishing sites. Unfortunately, neither browser performs as well as the stand-alone antiphishing toolbar from Netcraft or the antiphishing technologies from Symantec and McAfee. And Windows Vista ships with Windows Defender, but Windows XP SP2 already has Windows Defender, and I don't use it. In testing done last spring by CNET Download.com, Windows Defender missed some of the test spyware, finishing well behind other antispyware programs on the market today.

Nothing to see here, move along
Other security enhancements I see on my Windows Vista Home Premium machine are truly minor. One blocks double extensions in e-mail attachments, a common trick used by criminal hackers. But a Sophos study found that this e-mail security exists only if you use the new Windows Mail e-mail client--think Outlook Express with a prettier name. Most people won't use Windows Mail; they'll use their Web-based client before adopting Windows Mail.

Out of the 12 security enhancements within Windows Vista, only ASLR is notable; my decision on the value of UAC is mixed; and even within Windows XP SP2, I don't use IE 7, Windows Defender, or the Windows Firewall, so these are unnecessary. Given that Windows XP SP2 was a beast of a service pack to install, I wouldn't have minded a Windows XP service pack offering just ASLR. But Microsoft wants me to pay $200 for security features I don't use or need just to get the one that I truly need. I'm going to wait until Windows Vista Service Pack 1, code-named Fiji, is released, sometime before the end of the year. Maybe then the security enhancements within the Home editions of Windows Vista SP1 will be worth the $200.

original article

Man discovered weapons, invented hunting.
Woman discovered hunting, invented furs.

Man discovered colors, invented painting.
Woman discovered painting, invented make-up.

Man discovered speech, invented conversation.
Woman discovered conversation, invented gossip.

Man discovered agriculture, invented food.
Woman discovered food, invented diet.

Man discovered friendship, invented love.
Woman discovered love, invented marriage.

Man discovered woman, invented sex.
Woman discovered sex, invented headache.

Man discovered trade, invented money.
Woman discovered money, man has never recovered.

Do you like rating thing? Do you like movies? Do you like chatting? Do you get the rush when answering quiz questions?

If any of those apply to you. you should join the Flixster Community.

Flixster is basically about users rating movies so you can see what others think of a movie before going to see it. Especially your friends.

It was very helpful to me. I found that my friends like movies I hate. So I stopped asking them for advise before going to see a movie. Now I use Flixster to watch movies' trailers, read user reviews of a movie And check out the final rating of that movie. That sounds like a lot to do but it's very simple, you can do it in 5 minutes. And I'd rather waste 5 minutes than 2 hours on a bad movie.

However, if you don't trust people very much (Especially strangers) you can look up the movie to see it's information (Actors, Director, Synopsis).

After you rate a couple of movies the smart Flixster will provide you with "My Recommendations" which is somewhat any movie close to the ones you really liked or starred by your favorite actors or directed by your favorite director or movies your friends liked. And I guess its worth it to mention that Flixster allows you to add (actors/directors/movies) to favorites lists. And it makes them viewable to others.

For some countries (I think only the US & Canada) Flixster provide the people with a "Movie Night Planner" which tells you where and when the movie starts in the closest theater to you.

Flixster is not only about movies, it's about "fun". So the managers added the "Never-Ending Quiz". It's really fun, give it a try. And if you like it enough you can add your own quiz questions.

You can go to the "MCT" section at any time to find out if you and your friends are movie buddies. It's really fun and it tells you who you shouldn't take to the next movie.

There are also the "Video Galleries" and the "Photo Galleries" for the fans. And like most communities there are forums for slow typers.

Flixster is also visually appealing. Since there are lots of "Skins". If you are looking for a special skin for some actor/actress you can look them up and you will find links on their page for all their available skins.

Will since the title and I've been calling Flixster a community. And for it to be a real community (Not necessarily a good one) there must be a way for you to look people up, and it's called the "Meet People". You can look for people according to their "Online status", the "similarities" between you and them and also for people who are "close to you"

I loved it, I've been visiting it every other day and I hope you like it too

I just love Microsoft. I tried to download and install Microsoft Visual Studio 2005 SP1. It only took few moments before giving me the "The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded may be missing, or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exsists on your computer and that you have the correct upgrade patch." error.

It seems that I don't have enough of Microsoft bull****. So I decided to visit the download website and check the "installation instructions". But nothing, and I repeat, nothing about uninstalling the BETA is there.

So I took a little trip to Microsoft Connect to find someone having the same problem. So I looked up the only workaround posted. And I don't know who is AlexAtQx or whether he is a Microsoft employee or just a regular user. But it seems that he was the first to find a solution to our little problem. The solution was simple, and pretty expected from Microsoft. You have to uninstall the BETA before installing the release. According to "Heath Stewart's Blog".

I'm on it, the roll-back of the BETA is in progress. Wish me luck "I'm working with a trio of Microsoft products"

I was wondering around the web aimlessly - they call that surfing - and I ran into an article talking about how was the past year bad for Google. I didn't it all, because I saw a weird term "Year-End Zeitgeist". So I looked it up and the result was somewhat interesting.

The Year-End Zeitgeist is an analysis of the past year according to what people were looking for on the web.

A couple of stuff got my interest while I was going through the lists Google made, for example the number 1 in the "What is list" was "What is hezbollah". It means that people are interested in what's going on.

The number 8 on "How to" list was "How to blog", this also means that blogs are finally becoming widely known. To be honest, I never expected that - But what do I know - because according to Spleak's community, blogs are for geeks.

On the "Current Events" tab, you can see that Iraq is still the number one topic for people around the world. And I was so happy when I saw "Where is Palestine" on the list.

I had no interest in the Milestones so I went over to the "Entertainment" section. And it was impressive on how interested were people in the "American Idol".

In the Sports section, and as expected the "World cup" was the number one hit on the list, and that actually made the "super bowl", "Olympics" and the "world series" look really bad.