Hacker school teaches the good guys

06 Aug 2002 09:33

Ethical hacking means different things to different people, but most companies still don’t understand that hackers are not necessarily malicious in nature or intent

At a typical Wells Fargo branch in Seattle, employees and customers do business each day oblivious to a beehive of activity in the basement. There, five blue-walled rooms serve as makeshift classrooms for other tenants in the building who are light years from the world of banking: an organisation of some of the most talented computer hackers in the country.

As menacing as this juxtaposition might seem, the group insists that its work is harmless and, in fact, is dedicated to doing good. The founders of GhettoHackers, as the group is called, say its 30-odd members teach others how to crack security only to find flaws so that defenses can be hardened.

“The Ghetto are good guys. So I guess the way to look at us is (as) the boot camp for the people growing up to protect the world,” said “Caezar,” a 28-year-old security consultant and founding member, whose appearance — which includes two spikes angling from his lip, as well as several body piercings — might otherwise evoke unease in the buttoned-down culture one floor up.

GhettoHackers is one of several groups trying to change the way society views hackers, as stereotypical malcontents interested only in crashing systems, stealing credit cards and releasing computer viruses. While cybercrime arrests make headlines regularly, groups like GhettoHackers are aiming to help those curious about information security get hands-on experience without doing harm to others.

As unconventional as it may be, the underground school is serious about its curriculum. Homework assignments frequently mark up the white boards that face clusters of bean-bag chairs, making it look sort of like a clubhouse for adults.

“We’ve put a password file on the server,” challenged a recent lesson on the boards. “Grab the file and run a password breaker against it.”

To the several men and two women of GhettoHackers, this is “home.” The hands-on approach appears to work.

“I’m learning more doing what I’m doing right now than I would in school,” said one student, who goes by “Zsnark” because a more common moniker might undercut his credibility in this anarchical world. At 18, he’s put college on hold to study security here.

The group’s work was even more frenetic than usual this week as it prepared for Defcon, a controversial annual hacker convention that begins Friday in Las Vegas and that, in past years, has hosted people on the FBI’s wanted list. Having won Defcon’s “Capture the Flag” hacking tournament for three years running, GhettoHackers has been put in charge of the event this year and must act as its system administrator, keeping the network running despite rampant hacking activity.

The contest will stress the group’s philosophy that hacking can be a positive act, especially for those still at an impressionable age.

Typically, two types of people are drawn to hacking: those who want to learn and those who want to express power over their environment.

Growing up, Caezar found himself flirting with the dark side. But after playing around with a telephone card scheme that let him make unlimited calls, a visit from two anonymous officials telling him to stop abusing the phone network scared him enough that he stopped. Now, he pegs himself as knowledge-driven and hopes to save like-minded hackers from his experience, or worse.

“It’s hard to tell the difference between a police academy and a terrorist training camp if you don’t know the social structure they are in,” Caezar said, using the analogy to explain why many people fail to distinguish a “good” hacker from a “bad” one. “They both learn target practice and ‘how do we defeat things that are coming at us?’ These are things that are common between the good guys and the bad guys.”

That philosophy can be seen in the development of young people like Zsnark, the newest member of the group. He is able to ask for help from experts on hand without getting the common “RTFM” dismissal (Read the F***ing Manual). “If I have a question, there is someone here that can answer it.”

For the older members, it’s a matter of legitimacy. Aside from some security consulting firms that employ them for their knowledge and ability to attract media attention, most reputable companies won’t hire people who label themselves “hackers.”

“Some people can make money off their name as a hacker. But most of the time, calling yourself one is a liability,” said “md5,” a 27-year-old member of the group and the chief executive officer of his own consulting firm. “Most companies don’t care if you are into stamp collecting or rock climbing, but tell a client that you like to hack and they don’t call you anymore.”

Md5′s company employs several of the young hackers he teaches, but he doesn’t bring up their hobbies with clients who depend on them to secure their networks. Both activities are important to security, he said, “both knowing how to find weakness and how to secure information.”

And both pursuits will be represented Friday at Defcon, which has become over the past 10 years a popular mainstream event attracting news media from around the world. For all its publicity, however, companies still don’t understand that hackers are not necessarily malicious in nature or intent.

That’s unlikely to change anytime soon, said Chris Wysopal, director of research and development for digital security firm @Stake.

“Ethical hacking means different things to different people,” he said. “To some, it means hacking for security’s sake. For others, it is more hacktivism. Then there is hacking for the pure pursuit of research.”

Still, he respects GhettoHackers for trying to change the culture from within, as well as educate the public at large.

“The traditional way that a lot of hacking skills have been handed down is the apprentice-master way of teaching,” said Wysopal, a one-time member of the Cambridge, Massachusetts, ethical hacking group known as The L0pht. “In that case, it’s important for the people who are teaching to be teaching ethics as well.”

Which is precisely what GhettoHackers is preaching.

“It’s all about teaching the younger people by giving them access to the hardware that 10 years ago they would have been stealing,” Caezar said. “We just help bring people up in what’s a really freaky landscape right now.”

Researchers warn software updates can be hijacked

03 Aug 2009 17:46

Attackers could put malware on machines by intercepting software updates on Wi-Fi networks, according to two researchers from Israeli security firm Radware

Two researchers from Israeli security firm Radware have worked out a way to trick computers into downloading malware or take over a computer by hijacking the communications during the update process for Skype and other applications.

About 100 applications can be targeted, said Itzik Kotler, team leader of Radware’s security operations centre, before his presentation at the Defcon conference in Las Vegas.

Kotler and colleague Tomer Bitton are releasing a tool called Ippon (which means ‘game over’ in Judo) that enables the attack and offers a 3D view of potential victims on a network.

With the tool, an attacker can scan a Wi-Fi network for computers checking for new updates via HTTP (Hyper Text Transport Protocol). If the system detects a computer sending a software-update request, the tool replies before the app update server can respond, Kotler said.

Ippon customises messages for the particular application and sends a message indicating there is an update available even when the system already has the most recent legitimate update, he said. A malicious file is then downloaded from the attacker’s server onto the victim’s computer.

The researchers said they had not tested whether Firefox or other major browsers are vulnerable. Microsoft software is not vulnerable because it uses digital signatures in its update process, which all software updates should, Kotler said. People should be careful when using public Wi-Fi networks and avoid doing software updates on them, he said.

“You have to assume when on a public infrastructure that the infrastructure can be attacked,” he added.

There is also the possibility that someone could spread an “airborne virus” via software updates that uses victim machines to attack and infect other machines on a network, according to Kotler.

Windows 7 XP Mode enters Release Candidate status

05 Aug 2009 08:17

Microsoft has announces that XP Mode, the add-on that will allow users with the proper hardware to run a virtual version of Windows XP within Windows 7, has entered RC

Microsoft has announced that XP Mode, the Windows 7 add-on that will allow users with the proper hardware to run a virtual version of Windows XP within Windows 7, has entered Release Candidate status.

There are several new features in XP Mode RC. XP Mode programs will now offer users a jump-list of most recently opened files with that program. This brings one of Windows 7′s more useful productivity features into play with older programs that would not otherwise have it.

Not only will users be able to directly start their most recently used XP Mode programs from the Windows 7 taskbar, but they will be able to launch specific files from the Windows 7 taskbar too.

XP Mode RC also means it is possible to use USB devices in XP Mode without having to make it full-screen, directly from the Windows 7 taskbar.

Drive sharing between XP Mode and Windows 7 can be disabled, and a new tutorial has been created on how to use XP Mode that users will first get access to from the XP Mode installation screen.

In the XP Mode beta, users could not customise where to store differencing disk files. These relate to the virtualisation aspects of running XP in Windows 7.

Microsoft‘s Brandon LeBlanc recommends in the blog post announcing the XP Mode RC that users install antivirus and anti-malware protections in XP Mode, in addition to whatever protective steps users have taken in the native Windows 7 environment.

LeBlanc also cautions that XP Mode is designed for running productivity applications that will not be upgraded to Windows 7, implying that Microsoft does not expect the average consumer to get much mileage out of the feature.

Users who are still interested in testing out the Windows 7 RC can still do so through August.

Skype aims to avoid shutdown with new tech

31 Jul 2009 15:44

The eBay-owned VoIP firm is trying to develop new P2P technology to replace that which might be taken away in a legal dispute with Skype’s founders

Skype is trying develop new peer-to-peer technology to replace the code it currently uses, due to an ongoing legal battle with the founders of the popular internet telephony service.

Skype‘s owner, eBay, revealed the software-development initiative in a filing on Tuesday with the US Securities and Exchange Commission (SEC), but warned that it may not be successful.

eBay bought Skype for $2.6bn (around £1.4bn at the time) in 2005, but that purchase did not include the peer-to-peer technology that is at the heart of Skype’s functionality. Instead, Skype founders Niklas Zennström and Janus Friis hung onto the technology via their new company, Joltid, which then licensed it to Skype.

A legal dispute over licensing terms arose earlier this year between Skype and Joltid, and Skype filed a claim against Joltid in the English high court in March, according to SEC filings by eBay. In response, Joltid filed a countersuit, saying Skype had no right to use or modify certain code and that it had breached the licence agreement, and said it was terminating the agreement as a result. The high court is scheduled to hear arguments in the trial in June 2010.

eBay admitted in an April filing with the SEC that “although Skype is confident of its legal position, as with any litigation, there is the possibility of an adverse result if the matter is not resolved through negotiation.

“In such event, Skype would be adversely affected and the continued operation of Skype’s business as currently conducted would likely not be possible.”

On 28 July, a new SEC filing from eBay stated that “Skype has begun to develop alternative software to that licensed through Joltid”.

The filing contained warnings, however, that the new software development would be expensive, possibly unsuccessful, and “may result in loss of functionality or customers, even if successful”.

The dispute threatens eBay’s intention to launch Skype as a separate, publicly listed company next year. Skype has never emerged as a serious money-spinner for eBay, despite the vast amount paid for it by the e-commerce giant, and eBay had to take a $900m (£440m) write-down on Skype in late 2007.

Skype said in a statement on Friday that the spin-off plans “have not changed”, but the company will not comment on the ongoing litigation beyond the information included in this week’s SEC filing.

Story URL: http://news.zdnet.co.uk/communications/0,1000000085,39701741,00.htm

Bing grabs a bigger slice of search market

04 Aug 2009 08:52

Microsoft’s Bing gained a little more search-market share in July, now at nearly 10 percent, according to research by a web analytics company

Web analytics firm StatCounter released analysis on Monday stating that Microsoft’s new search engine, Bing, slightly increased the software maker’s share of the US search market in July. It now claims 9.41 percent, up from 8.23 percent in June.

The combined market share of both Microsoft and Yahoo in July was 20.36 percent, up slightly from 19.27 percent in June. The commanding lead Google currently has on the market shrank slightly to 77.54 percent in July from 78.48 percent in June.

Microsoft and Yahoo reached a deal last week, with Microsoft powering Yahoo search while Yahoo becomes the exclusive worldwide relationship sales force for both companies’ premium search advertisers.

According to StatCounter analysis, worldwide is where the two companies face an even bigger challenge in the search market. In July, Microsoft and Yahoo combined had just 8.77 percent of the global search market, down from 8.45 percent in June. On the other hand, Google still dominates the search market globally with 89.23 percent in July (slightly down from 89.8 percent in June).

StatCounter’s data was based on an analysis of one billion search engine referring clicks (of which 258 million were from the US) that were collected in June and July from the company’s network of more than three million websites.

Story URL: http://news.zdnet.co.uk/internet/0,1000000097,39705018,00.htm

PayPal hit by global outage

04 Aug 2009 08:31

eBay’s online payment system suffered a major outage on Monday, but the company says it is now working fine for most users

PayPal suffered a global outage and slow performance on Monday, but eBay says its online payment system is mostly back in working order.

“About an hour ago, PayPal started experiencing site issues that affected the ability to send and receive money. We have all hands on deck to get this fixed,” said PayPal spokesman Anuj Nayar in a blog post at about noon PDT. “We’re really sorry for the inconvenience.”

An update at 12:40pm said the site was working again for most users.

Nayar said in an interview that the outage was global and the worst of the outage lasted about an hour total.

The outage could be costly for those who rely on PayPal to handle e-commerce transactions. PayPal says about $2,000 (£1,800) in payments per second flows through the system, meaning that a one-hour outage would cut out about $7.2m in commerce.

Nayar declined to comment immediately about whether sellers would be compensated in any way or how eBay handled such decisions in the past.

As a key driver of growth for eBay, PayPal is becoming more important at the online commerce and auction site.

“PayPal is a business that will be bigger than eBay,” eBay chief executive John Donahoe said in July. And through a developer release in July of a new PayPal payment system, eBay wants to refashion the service to enable a new generation of online commerce.

PayPal’s developer site said the outage hit not just its web page, but also PayPal’s application programming interface (API), which lets applications use the service without having to go through the website. It first noted the problem at 10:41am PDT.

Story URL: http://news.zdnet.co.uk/internet/0,1000000097,39705017,00.htm

Firefox update tackles authentication security holes

04 Aug 2009 08:16

Two critical problems with how Mozilla’s browser handles authentication processes could let an attacker see encrypted data or take over a machine

Mozilla on Monday released two new versions of Firefox, 3.5.2 and 3.0.13, to patch two critical security holes.

“We strongly recommend that all Firefox users upgrade to this latest release,” Mozilla said in a blog posting about the security issue.

The first vulnerability could let an attacker run arbitrary code on a person’s computer by sending specially crafted authentication information called certificate.

The second vulnerability, disclosed last week, involves a flaw in certificate authentication technology that could potentially let an attacker gain access to encrypted information or issue a bogus update to Firefox.

Story URL: http://news.zdnet.co.uk/security/0,1000000189,39705016,00.htm

Top 10 pratfalls for novice Linux admins

23 Jul 2009 13:08

As a new Linux administrator, it is easy to trip up over commonly made mistakes, says Jack Wallen

If you are new to Linux, a few common mistakes could land you in hot water, says Jack Wallen.

For many, migrating to Linux is a rite of passage that equates to a thing of joy. For others, it is a nightmare waiting to happen. But if you know the most common mistakes new Linux administrators make, you can avoid disaster. Here are 10 of the most frequent Linux errors.

1. Installing applications from various types
This practice might not seem like such a bad idea at first. You are running Ubuntu, so you know the package-management system uses .deb packages. But there are a number of applications that you find only in source form. No big deal?

They install, they work — so why not use them? Simple: your package-management system cannot keep track of what you have installed if it is installed from source. So what happens when package A, installed from source, depends on package B, installed from a .deb binary, and package B is upgraded from the update manager?

Package A might still work, or it might not. But if both package A and B are installed from .debs, the chances of them both working are far higher. Also, updating packages is much easier when all packages are from the same binary type.

2. Neglecting updates
This failing is not confined to Linux and has more to do with poor administration skills. However, many admins get Linux up and running, then think they need do nothing more. It is solid, secure and it works.

New updates can patch new exploits. Keeping up with your updates can make the difference between a compromised system and a secure one. And just because you can rest on the security of Linux does not mean you should.

For security, for new features, for stability — the same reasons we have all grown accustomed to updating with Windows — you should always keep up with your Linux updates.

3. Poor root password choice
Repeat after me: “The root password is the key to the kingdom.” So why would you make the key to the kingdom simple to crack?

By all means, make your standard user password something you can easily remember and type. But the root password — you know, the one that is protecting your enterprise database server — merits a much higher difficulty level.

Make that password one you might have to store, encrypted, on a USB key, requiring you to slide the key into the machine, mount it, decrypt the password and use it.

4. Avoiding the command line
No-one wants to memorise a set of commands and, for the most part, the user interface takes care of the majority of them.

But there are times when the command line is easier, faster, more secure and more reliable. Avoiding the command line should be considered a cardinal sin of Linux administration.

You should at least have a solid understanding of how the command line works, and a small arsenal of commands you can use without having to read the manual. With a small selection of command-line tools on top of the user-interface ones, you should be ready for just about anything.

5. Not keeping a working kernel installed
You do not need 12 kernels installed on one machine. But you need to update your kernel, and the update process does not delete previous ones. So what do you do?

You keep at least the most recently working kernel at all times. Say you have 2.6.22 as your current working kernel…

…and 2.6.20 as your backup. If you update to 2.6.26 and all is working well, you can remove 2.6.20.

If you use an rpm-based system, you can use this method to remove the old kernels:
rpm -qa | grep -i kernel
followed by
rpm-e kernel-{VERSION}.

6. Not backing up critical configuration files
How many times have you upgraded X11 only to find the new version wrecked your xorg.conf file to the point where you can no longer use X? It used to happen to me a lot when I was new to Linux. So now, whenever X is going to be updated, I always back up:
/etc/X11/xorg.conf
in case the upgrade goes wrong.

Sure, an X update tries to back up xorg.conf, but it does so within the /etc/X11 directory. And even though this often works seamlessly, you are better off keeping that backup under your own control.

I always back up xorg.conf to the /root directory, so I know only the root user can access it. Better safe than sorry. That procedure should also apply to other critical backups, such as Samba, Apache and MySQL.

7. Booting a server to X
When a machine is a dedicated server, you might want X installed to make some administration tasks easier. But this does not mean you should have that server boot to X. This practice will waste precious memory and CPU cycles.

Instead, stop the boot process at runlevel 3 so you are left at the command line. Not only will this leave your resources to the servers, it will also keep prying eyes off your machine — unless they know the command line and passwords to log in.

To log into X, simply log in and run the command startx to bring up your desktop.

8. Not understanding permissions
Permissions can make life easy but, if done poorly, they make life really easy for hackers. The simplest way to handle permissions is using the rwx method. Here’s what they mean: r=read, w=write, x=execute.

Say you want a user to read a file but not write to a file. To do this, you would issue chmod u+r,u-wx filename. What often happens is that a new user sees an error saying they do not have permission to use a file, so they hit the file with something like chmod 777 filename to avoid the problem.

But this can cause more problems, because it gives the file executable privileges. Remember this: 777 gives a file rwx permissions to all users — root, group and other; 666 gives the file rw privileges to all users; 555 gives the file rx permissions to all users; 444 gives r privileges to all users; 333 gives wx privileges to all users; 222 gives w privileges to all users; 111 gives x privileges to all users; and 000 gives no privileges to all users.

9. Logging in as root user
I cannot stress this enough: do not log in as root. If you need root privileges to execute or configure an application, su to root in a standard user account.

Why is logging in as root bad? When you log on as a standard user, all running X applications still have access only to the system limited to that user. If you log in as root, X has all root permissions. This situation can cause two problems. First, if you make a big mistake via a user interface, it can be catastrophic to the system. Second, with X running as root, this makes your system more vulnerable.

10. Ignoring log files
There is a reason /var/log exists. It is a single location for all log files. This arrangement makes it simple to remember where you first need to look when there is a problem. Possible security issue? Check /var/log/secure.

One of the first places to look is /var/log/messages. This log file is the common log file where all generic errors and such are logged to. In this file, you will find messages about networking, media changes and so on. When administering a machine, you can always use a third-party application such as logwatch that can create various reports for you based on your /var/log files.

Sidestep the problems
These 10 mistakes are fairly common among new Linux administrators. Avoiding the pitfalls will take you through the Linux migration rite of passage faster, and you will emerge on the other side a much better administrator.

Story URL: http://resources.zdnet.co.uk/articles/comment/0,1000002985,39692517,00.htm

Benchmarks: Windows 7 RTM versus Vista, XP

29 Jul 2009 08:42

Microsoft is hoping Windows 7 will succeed where Vista failed. Our tests with the RTM build suggest that, at least in terms of performance, Windows 7 may deliver the goods.

Windows Vista’s less than stellar reputation and poor uptake are due in large part to the heavy demands it makes on system hardware. When Vista appeared in the autumn of 2006, PCs and notebooks were less powerful than today’s machines. But even with modern hardware, anyone using a Vista-based system soon senses that this is an operating system suffering from the software equivalent of having the handbrake left on.

Microsoft cannot afford a repetition with Windows 7, and so has optimised all of the OS’s major system components. From startup to login, everything in Windows 7 is faster.

Microsoft has now finalised Windows 7 and announced its Release To Manufacturing (RTM). Build 7600.1685 has been chosen for the RTM, and ZDNet used this version test the performance of Windows 7 against Vista and XP on various platforms.

Startup & shutdown

Startup and shutdown

The time it takes an operating system to start up is not crucially important for performance — after all, you usually only start up once a day. However, it provides a first indication of the OS’s speed. The same is true for the shutdown process.

Before testing got under way, all available updates were freshly installed on the operating systems. To maximise disk performance, AHCI mode was enabled in the BIOS.

On our high-end test system using a PM800-series Samsung solid-state drive (SSD), Windows 7 takes just 12 seconds to bring up the desktop. XP takes 14.1 seconds and Vista 14.5 seconds.

However, experienced Windows users know that the time it takes for the desktop to appear and the full launch of the operating system are not the same thing. So we took a second measurement, stopping the clock at the launch of Internet Explorer 8 and the Bing search homepage. This gives an idea of how long it takes before you can use an internet-based application.

To judge by this measurement, Windows 7 gets to work quickly. After the appearance of the desktop it takes only a further 2.5 seconds to display the Bing homepage. The whole startup process for Windows 7 up to the appearance of Bing takes 14.5 seconds. Vista takes 18.5 seconds and XP 23.7 seconds.

Windows 7 also shuts down quicker than its two predecessors, taking just 4.5 seconds compared with seven seconds for Vista and 6.5 seconds for XP.

Startup on the low-end system naturally takes longer. The launch of Windows 7 on a system with a 1.6GHz Intel Atom N330 processor and a conventional hard disk took 44 seconds. Windows 7 connected to the internet after a further 3 seconds, compared with 57 seconds for Vista and 55 seconds for XP. On the low-end system, shutdown is fastest under XP at 8.1 seconds, against Windows 7′s 9.1 seconds and Vista’s 10.3 seconds.

Overall, the startup and shutdown timings show that Windows 7 performs best, regardless of the specification of the system it’s running on. However, updates and application installations may alter those timings.

Timings in seconds: shorter bars are better.

Memory management

Memory management and cache usage

With Vista, Microsoft introduced a new technology called SuperFetch for caching applications and speeding up boot times. This feature preloads frequently-used applications into memory, so they can be accessed quicker when they’re needed.

For conventional magnetic hard drives, this technology makes sense. But if an SSD is used for mass storage, it’s better to turn SuperFetch off. The superior access times of SSDs mean they launch applications much faster than magnetic drives, so SuperFetch makes little difference.

Microsoft indicated in a blog entry in May that Windows 7 would disable SuperFetch on systems using SSDs. The company also said that other features such as Defrag and ReadyBoost would not be used under Windows 7. However, in the RTM version (7600.16385), only Defrag is in fact inactive for SSDs — SuperFetch and ReadyBoost start just as they would with a magnetic disk.

The SuperFetch feature in Windows 7 differs significantly in approach and cache usage from its counterpart in Vista. Under Vista, the caching of applications starts immediately at launch. As the graph below shows, after three minutes just over 1GB of memory has been allocated. In Windows 7, SuperFetch starts after five minutes and after 10 minutes a little more than 600MB has been allocated. By that point, Vista’s SuperFetch has allocated more than 1.5GB.

Even without SuperFetch turned on, Windows 7 makes fewer demands on cache. For operating system-related functions, it uses 333MB, while Vista without SuperFetch uses 519MB of cache.

The new implementation of SuperFetch under Windows 7 has a positive impact on performance. Windows 7 clearly makes do with fewer resources, so its cache usage is significantly lower than Vista’s. SuperFetch also starts much later, so the hard drive is not tied up immediately after the launch of the operating system. That means you don’t have to wait while the operating system monopolises system resources for its caching tasks.

Application performance

Application performance: PCMark Vantage

PCMark Vantage tests system performance by benchmarking the applications that are integrated into Vista and Windows 7. The benchmark is divided into several usage scenarios, with the default PCMark Suite simulating everyday PC usage. Here’s a list of the individual tests:

• Memories: Four tests check the speed of Windows Photo Gallery and Windows Movie Maker when handling photos and video.
• TV and Movies: Plays and converts high-definition video in four separate tests.
• Gaming: Measures the performance of the graphics card and estimates the loading speed of compressed game data.
• Music: Converts WAV music files to MP3 and WMA Lossless formats and adds music files in Media Player.
• Communication: Tests include web-page rendering, CNG AES CBC encryption, Windows Mail Search and audio transcoding.
• Productivity: Tests include text editing, search in Windows Contacts, analysis of the boot process and web-page rendering.
• HDD: Disk performance is measured using Windows Defender, Windows Photo Gallery, Windows Movie Maker, Windows Media Center and Windows Media Player. The disk’s speed when launching the operating system and applications is also measured.

More information about PCMark Vantage is available in this white paper. We used the 64-bit version with default settings, running the tests three times and presenting the average values.

The graphs below show that the integrated applications in Windows 7 perform better than their Vista counterparts. This result is even more pronounced on the mobile platform (single-core Acer Timeline 3810T notebook) than the high-end system (Core i7-based desktop). The mobile platform shows an average performance increase of 35 percent under Windows 7, while the high-end desktop is 20 percent faster.

The music applications benefit most from the new operating system, showing a 64 percent performance improvement. The individual tests reveal that the conversion of WAV files to WMA Lossless is now three times faster.

It would be unwise to conclude that every application will work 20 percent faster under Windows 7 on average. Remember that PCMark Vantage is only testing the integrated Windows applications — Windows 7′s performance advantage over Vista, if any, will depend on the mix of applications you use.

Other tests such as Everest, 7-zip, 3DMark Vantage, Cinebench and Paint.Net suggest that Windows 7 is not faster than Vista. Even so, an increase in the performance of the integrated applications in Windows is not a trivial advantage.

PCMark score: longer bars are better.

Conclusion

Conclusion

Windows 7 performs better than Vista and is also faster than XP, although XP remains more capable for devices with limited memory and outdated graphics.

Subjectively, the change from Vista to Windows 7 is like releasing a car’s handbrake. This significant increase in performance has several causes: faster system startup and shutdown compared to XP and Vista; improved parallel processing; and faster loading of drivers and operating system components. Enterprise users will also appreciate the faster login to a domain.

Microsoft has also thoroughly revised the SuperFetch feature, which results in quicker operational readiness after startup. Anyone migrating from Vista will notice a reduction in disk activity after startup, because SuperFetch spends less time loading applications into memory in Windows 7, which means less waiting for the system to be ready to use after launch.

Windows 7 is more cache-frugal thanks to improved display drivers. No matter how many windows are open, the memory usage of the Desktop Window Manager (DWM) remains constant, the video card’s memory taking on the load of opening of additional windows. However, under Windows 7 this load is half what it was with Vista. Windows 7 also introduces Direct2D, which further speeds up 2D graphics rendering. However, the standard WDDM 1.1 driver is required to enjoy the improved 2D graphics performance. For graphics cards containing ATI and Nvidia chips, this is not an issue, since a driver has existed for a long time. However, these drivers are not yet available for older Intel graphics chipsets.

Users can employ the built-in Windows 7 DirectX 11 interface to access the graphics power of the GPU (Compute Shader) using appropriate graphics hardware. This feature could prove particularly useful to those who provide video-encoding tools. However, there are still no third-party products that support this new standard.

In Windows 7, Microsoft has succeeded in providing an OS that’s likely to meet the performance requirements of consumers and business users alike. The early signs are that Windows 7 will enjoy a much better take-up than Vista. Of our three test platforms, only the low-end Intel Atom-based system is not really suitable for Windows 7. But even a single-core processor such as a 1.4GHz Core 2 Solo is sufficient to deliver smooth performance under Windows 7. High-end systems with quad-core processors also benefit from Windows 7, because many of the operating system functions exploit the computing power of multi-core chips.

Story URL: http://reviews.zdnet.co.uk/software/os/0,1000001098,39698941,00.htm

Microsoft’s relaunched search engine attracted eight percent more unique users in June, according to the company’s data

Microsoft’s internal data credits the launch of its new Bing search engine with an eight percent rise in unique visitors during June.

It has been clear for a while that Bing’s launch produced gains for Microsoft during its initial month, but the degree to which that gain was produced by those just checking out the browser through curiosity, or by those using the service daily, was unclear.

Microsoft released data on Monday claiming an eight percent gain in unique users during the month, and said “based on our own polling, we have also seen the number of people ‘likely to recommend’ Bing double in our debut month”.

Microsoft relaunched its search-engine business in early June with the introduction of Bing. The company confirmed that the data outlined above refers to June 2009 as compared to May 2009, prior to the launch of the new service.

Three times as much traffic landed on Bing Shopping during the month, and Bing Travel has increased its traffic by 90 percent. Advertisers also saw some gains, according to Microsoft; a “large wireless communications company” enjoyed a 28 percent increase in clicks in the Bing era.

According to website Search Engine Land, data from companies such as Compete and Hitwise point to only very small gains for Microsoft. Search Engine Land believes the real evidence of Bing’s staying power will come once the summer ends and overall search queries rise.

Story URL: http://news.zdnet.co.uk/internet/0,1000000097,39681042,00.htm