"Windows XP disaster inevitable" - says Microsoft.

Makes obvious prediction -- since it's calling the shots -- that ending support for XP will mean 'more systems will get compromised'.

Computerworld - Microsoft today used the hoary practice of predicting next year to drive another nail into Windows XP's coffin.

In an eight-item prognostication from several security professionals on its anti-malware and Trustworthy Computing teams, Microsoft forecast an increase in cybercrime that exploits unsupported software.

Microsoft's No. 6 prediction put the spotlight, and the onus, on Windows XP.

"This venerable platform, built last century, will not be able to keep pace with attackers, and more Windows XP-based systems will get compromised," prophesied Tim Rains, director of Trustworthy Computing, in a long post to Microsoft's security blog on Thursday.

Windows XP isn't quite "last century," at least to users; it may be old, very old in OS terms, but it wasn't released until September 2001.

Still, it is creaky, as any 12-year-old operating system would be. (By comparison, the same-aged Mac operating system would be OS X 10.1, aka Puma, a long-dead OS that required just 128MB of system memory; ran on the long-deserted PowerPC processors co-designed by Apple, IBM and Motorola; and was handed out as a free upgrade from OS X 10.0, or Cheetah.)

Microsoft has set Windows XP's end-of-support party for April 8, 2014, less than four months from now, and has given absolutely no hint that it will backtrack from that schedule.

Even if the end of support kills -- or allows infections for -- millions of still-used PCs.

According to analytics vendor Net Applications, Windows XP powered 34% of all Windows PCs last month. And with a two-month stall in decline, it now appears inevitable that the antique OS will be running more than one in every four PCs come April.

"The most effective way to protect systems in the current environment, where drive-by download attacks are so popular with attackers, is to keep all software installed on them up-to-date with security updates," said Rains.

True. But easier said than done.

Nor was Microsoft's 2014 prediction a trip to the ledge's edge: Rains has rained on Windows XP's parade before. In October, he extrapolated data on PC infection rates to conclude that XP users will face a dramatic uptick, perhaps a hike by two-thirds, in attacks after April 8 because patches won't be provided to the public.

And like some predictions, Rains' was self-fulfilling. Microsoft is, after all, the one pulling the plug on users. Users aren't abandoning XP, at least not in numbers large enough to suit Microsoft.

But most outsiders don't see Microsoft letting this prediction fall flat: Even analysts who once believed the company might be forced by events to continue patching have retracted those statements as Microsoft has failed to breathe a word of any last-minute lifeline.

If a bookie will take Rains' bet, put down some money. It's as certain as the sun coming up tomorrow.

This article, Microsoft bets on Windows XP disaster with a different title here, was originally published at Computerworld.com.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at  @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is gkeizer@computerworld.com.

Google's dreaded 'blacklist'

If Google detects persistent malware on a site, it will block the website, potentially freezing traffic until the problem is fixed.

NEW YORK (CNNMoney)  Small businesses are reeling from an increase in cybercrime, but a hacked website can have even greater consequences if Google lists you as "infected."

The search giant is constantly scanning the web's 60 trillion URLs for malware and phishing scams. If it deems a site suspicious, businesses can say goodbye to their customers until the problem is resolved.

"If Google blacklists an infected website, you're basically off the Internet until the website is fixed," said Peter Jensen, CEO of StopTheHacker.com.

Google (GOOG, Fortune 500) estimates that it flags and quarantines 10,000 websites daily (it doesn't use the term "blacklist"). It not only scans Google's search results and ads, but also flags suspicious URLs typed into browsers. The search engine Bing, run by Microsoft(MSFT, Fortune 500), treats infected sites in a similar fashion.

Related: Small businesses are easiest prey for cybercriminals

Being blacklisted can quickly decimate a small firm's reputation and sales.

"Businesses say they're not at fault and shouldn't be penalized. Google [says] it wants to keep the Internet safe for its users," said Jensen, whose firm is contacted 20 or 30 times a day by businesses that have been blacklisted.

Google spokesman Jason Freidenfelds emphasized that point. "About 1 billion people receive protection against phishing and malware every day because of the warnings we show users about unsafe websites," he said.

Margo Schlossberg owns an online handbag business in Washington D.C. that was hacked in September. A Google search for her website still says, "This site may be hacked."

The impact: Traffic to her site dropped 50% in the past month and her sales have been minimal.

"It's the worst time to go through this," said Schlossberg. "The holiday season is very important for my sales, but now I've been blacklisted by Google."

Schlossberg hired an expert to fix her site, which cost $1,000 (although it can cost as much as $10,000 depending on the extent of the damage).

Related: Cyber attacks devastated my business

Hackers had attacked several pages, and it's taken a few weeks to clean up her website. She's finally ready to resubmit her site to Google.

StopTheHacker says the process to clean up infected sites typically involves several steps: Identify the malware and how to remove it, determine where the attack originated, change passwords and relaunch the website once it's clean.

Google says it takes about a day to restore websites once it confirms they're clean. But sometimes a company can think its site is clean, but Google's review will find otherwise. This can draw out the process.

Eric Erickson's company sells eco-friendly pest control products online. When his site was attacked in 2009, it effectively paralyzed his business. He said it took 60 days to get back on track and cost several thousand dollars in lost sales.

His site was attacked again in March, but this time he was prepared. "We caught it early because we had enhanced our security," he said. The website stayed off the blacklist.

Web hosting provider DreamHost regularly checks the sites of its 350,000 customers -- 40% of whom are small businesses -- for malware and other security threats. In September, DreamHost identified almost 100,000 infected websites in its network of 1.3 million sites. If customers aren't able to fix the problems themselves, co-founder Dallas Kashuba recommends StopTheHacker to help clean up the site.

Related: New startups are prime targets for cyberattacks

Lynda Zugec's HR consultancy site was flagged and quarantined by Google earlier this year. Hackers had obtained her hosting password and inserted malware into her website.

It took her nearly two weeks to get back online. Even more than an economic impact, Zugec worries the experience could have hurt her reputation with clients.

But even with the financial and logistical hardships, most say Google's hardline is necessary.

"Google has its neck on the line, too," Erickson said. "When people click on your website, Google doesn't want to worry that something malicious will happen to its users."

His advice: "Don't go cheap with your security. You have to invest in it."

The above article was originally published on the CNN website by By Parija Kavilanz for CNNMoney

These are dark times for online privacy.

Online privacy is dead.

NEW YORK (CNNMoney) -- The U.S. government is spying on its own citizens' online activities. The FBI was able to suss out and shut down the anonymous black market Silk Road. Even the Internet-within-the-Internet called the Tor network -- the most secretive way to browse the Web -- is being monitored by the National Security Agency.

Silk Road serves as a prime example. It operated as a hidden service on Tor, an anonymizing tool that helps users and sites keep their identities secret. Everyone buying and selling drugs, weapons and other illicit items on the site thought they couldn't be tracked.Strong passwords and encrypted email services were never truly enough to protect users' online privacy. But recent revelations about government surveillance even throw into doubt the effectiveness of far-out measures of data encryption used by the most careful people surfing the Web.

But federal agents managed to track down a computer server Silk Road used, and the FBI monitored more than 1.2 million private communications on the site.

Related story: Facebook kills search privacy setting

If online privacy can't stand up to good, old-fashioned police work, it doesn't stand a chance against some of the more potent tools the government uses:

• The NSA figured out how to track down who's who on Tor by exploiting weaknesses in Web browsers, according to documents former NSA contractor Edward Snowden leaked to The Guardian -- a bug that was only recently fixed.
• PRISM, the government's hush-hush mass data collection program, lets even low-level NSA analysts access email, chats and Internet phone calls.
• The U.S. government issues frequent, secret demands for customer data from telecommunications companies.

It's no wonder, then, that many have declared the death of online privacy.

"Unfortunately, online anonymity is already dead," said Ladar Levison, founder of e-mail service LavaBit that closed its doors in the wake of the NSA's PRISM controversy. "It takes a lot more effort and skill than most have in order to keep your anonymity today."

Remaining unrecognizable and keeping conversations private online is immensely important. It's not just an issue for civil libertarians -- online privacy is crucial for crime victims, whistleblowers, dissidents and corporations trying to keep secret the latest high-tech research.

The result has been tantamount to a cryptographic arms race. On one side are independent programmers usually writing free software. On the other are a dozen U.S. intelligence agencies supported by a $52.6 billion black budget.

And while some claim unbreakable encryption is coming, large-scale availability is still years away.

"It's an open question how much protection Tor or any other existing anonymous communications tool provides against the NSA's large-scale Internet surveillance," said Roger Dingledine, Tor's lead developer.

Still, Aleecia McDonald, a privacy expert at Stanford University's Center for Internet & Society, said there's still a benefit to guarding yourself with a network like Tor. At least you make it harder to get spied on.

"The NSA has to attack Tor users one by one, not en masse as they do with non-Tor users," she said. 

The article above was originally published on the CNN website by Jose Pagliery  @Jose_Pagliery of CNN Money.

Uncertain future for BlackBerry's dwindling users.

CNN -- Since the dawn of the iPhone age in 2007, loyal BlackBerry users have watched their favorite device maker stumble into an ever-steepening decline.

Some of the collapse is due to the consumer changeover to Apple and Google Android products, but the company -- once known as Research In Motion -- hasn't helped itself with poor planning and delayed product introductions.

On Monday, the company that once blazed the trail in the smartphone market announced it's being taken private by its largest shareholder, Fairfax Financial, a Canadian insurance company.

The move comes on the heels of an announced $1 billion quarterly loss and layoffs of 4,500 employees. Its future as a maker of smartphones may be in doubt.

Now the dwindling numbers of loyal BlackBerry users must decide: Is this the last straw?

"You can tear my Blackberry's real keyboard out of my cold dead fingers," user Charles Wright of Toronto wrote on Twitter.It's no idle question. For all the attention paid to BlackBerry's fall and the rise of iPhone and Android, there's still a sizable BlackBerry market out there. Forbes magazine estimates that there are in excess of 50 million BlackBerry users, and they remain fiercely devoted to their phones, with their secure e-mail software and physical keyboards.

BlackBerry: Why breaking up is hard to do

Ronen Halevy, an IT security professional who runs the site BerryReview.com, still prefers his BlackBerry because it "focuses on communications first" -- even though he's familiar with both Android and iPhone platforms.

"They're very good devices to consume information, but the main point of the phone is that it's more like a computer," he says of the Apple and Google phones. BlackBerrys, he says, are better at "flow" from e-mail to calendar to other applications.

He hopes that the company returns to its roots.

"I think that Fairfax should double down on BlackBerry 10 and the combination of corporate and consumer market that appreciated the rock solid communication platform it offered," he wrote on BerryReview.com. "This means an end to the 'me too' additions of features to BlackBerry 10 and instead appealing to the market that made BlackBerry take off."

One commenter observed, however, that the company will be hard pressed to win new converts.

"Not good news for consumers, people hate the BB name and what it stands for. Self-inflicted suicide," kingbernie wrote. He suspected that becoming a corporate-focused software business might be the company's best way out of the wilderness -- even if it means leaving the consumer market behind.

From CrackBerry to 'depressing': The BlackBerry's 5-year fall

Chris Umiastowski, a tech analyst and regular contributor to the BlackBerry boards on CrackBerry.com, says BlackBerry fans should remain wary.

"Going private doesn't necessarily change the outcome for the company. All it is guaranteed to change is the ownership structure," he said via e-mail. "It's not a nail in the coffin, nor is it some massive opportunity to fix themselves. No matter who owns the shares they still have to compete with solid competitors. Going private just lets them operate outside of so much public scrutiny."

For those who want to put their BlackBerrys in a drawer next to their PalmPilots but want to keep a physical keyboard on their devices, your options are limited. The Motorola Photon Q and the Motorola Droid 4 are Android-compatible and have relatively large slide-out keyboards, but reviewers have taken issue with their camera capabilities.

In addition, BerryReview.com's Halevy observes, those keyboards -- which are landscape-oriented instead of the portrait-style versions on BlackBerrys -- seem like "afterthoughts."

"Even if you're in an e-mail and you want to hit the 'delete' button to delete an e-mail -- you think that's logical -- it doesn't work," he says.

The NEC Terrain, another Android phone with a physical keyboard, is marketed for its "rugged innovation" but, says Halevy, he doesn't think it's really aimed at the general consumer.

That leads to the host of smartphones with virtual keyboards, including the new iPhone 5S and 5C, the Android-compatibleSamsung Galaxy S4 and the Android HTC One, among many others. All have their pros and cons, whether it's your comfort with their operating systems or your desire for certain accessories.

But for those, like Umiastowski, who want to stick with BlackBerry, it will hard to get them to change.

His household includes a number of Apple items -- including his wife's iPhone -- but he prefers the BlackBerry. He's frustrated by the lack of apps for the device but still prefers the overall experience.

"BlackBerry has always been (and still is) the best experience for communicating. At first it was push email and physical keyboards. Now I'm on a Z10 and I find the multitasking + software keyboard + email experience is second to none," he wrote. "An iPhone would feel like a step backwards on those things which matter to me."

Besides, says Halevy, he likes how the BlackBerry creates community.

"The one thing you notice immediately when people change from BlackBerry to other devices is you never hear from them anymore," he says.

 The article above was originally published on the CNN website by Todd Leopold.

Microsoft is Ending Support for Windows XP in 2014: What You Need to Know

MICROSOFT GETS READY TO PULL THE LIFE SUPPORT ON WINDOWS XP...

YesCon Tech - Today marks the first day of the last year of Windows XP’s long and storied life.

On April 8, 2014, Microsoft will officially stop supporting Windows XP, meaning there will be no more security updates or other patches. When April 2014 rolls around Microsoft will have supported Windows XP for nearly 12 years.

Should you chose not to upgrade before next year, you will be, in Microsoft’s words “at your own risk” in dealing with security vulnerability and any potential malware designed to exploit them.

According to NetMarketShare, just over 38 percent of PCs connected to the web are still running Windows XP. Given that current XP users have already ignored three OS upgrades, it seems reasonable to assume a significant number of XP diehards still won’t upgrade even now that Microsoft is no longer issuing security updates — all of which adds up to a potentially huge number of vulnerable PCs connected to the web.

Starting around this time next year expect black hat hackers to have a botnet fire sale.

With so many suddenly vulnerable PCs on the web, it’s really only a matter of time before unpatched vulnerabilities are identified and exploited, which could mean a serious uptick in the amount of botnet spam or worse — imagine even a small percentage of those 38 percent of PCs being harnessed for distributed denial of service attacks.

For individual users upgrading Windows XP shouldn’t be too difficult, barring a dependency on software that’s never been updated. If Windows 7 or 8 aren’t to your liking there’s always Linux (I suggest starting with Mint Linux if you’re new to Linux).

Upgrading enterprise and government installations is somewhat more difficult. Microsoft puts the matter quite bluntly on the Windows blog: “If your organization has not started the migration to a modern desktop, you are late.”

The Windows blog post contains quite a few links designed to help anyone looking to upgrade, but at the enterprise/government level it may well be too late anyway. “Based on historical customer deployment data,” says Microsoft, “the average enterprise deployment can take 18 to 32 months from business case through full deployment.”

Windows XP isn’t the only Microsoft product that will be getting the heave-ho this time next year. Internet Explorer 6 on XP, Office 2003, Exchange Server 2003 and Exchange Server 2010 Service Pack 2 (newer service packs of Exchange Server 2010 are still supported) will all be cast adrift. It’s also worth noting that this affects virtual machines as well, so if you’ve got a Windows XP virtual machine for testing websites, well, be careful out there.

If You Still Need XP

You shouldn’t keep using XP. It will become more and more unsecure over time as more security vulnerabilities are found and not patched. Finding new hardware that supports XP will be difficult if your current hardware breaks down or needs to be upgraded. New software may stop supporting XP and you may be stuck with older, outdated, and also unsecure versions of software. Current versions of Mozilla Firefox no longer support Windows 98 – Firefox users on Windows 98 are using an unsecure version of Firefox.

If you have old software that only works on XP, you should consider upgrading to a modern version of Windows and running Windows XP in a virtual machine. Professional, Enterprise, and Ultimate editions of Windows 7 include a “Windows XP Mode” feature for easily running a Windows XP virtual machine. This will help increase your security by allowing you to use a modern, supported, secure operating system on your computer while confining the unsecure, unsupported XP to a virtual machine.

You should already be using antivirus software on your Windows XP systems, but this will become even more important when Windows XP starts to become the security equivalent of swiss cheese. Some security companies may jump in with solutions to secure increasingly vulnerable legacy XP systems, but you’re much better off upgrading.

If your organization has a Windows XP deployment, you should already be working on migrating to a new version of Windows. If you’re a home user, you should be looking at upgrading, too. Most longtime Windows XP users generally agree that Windows 7 is a worthy upgrade (Windows 8 is more controversial), and Microsoft will be supporting Windows 7 until 2020.

Let’s be honest: You won’t find an operating system vendor that supports their desktop operating system for as long as Microsoft supported XP. But, if you’re really upset, you can always switch to Linux instead. Just leave XP behind!

The article above was originally published on, Microsoft is Ending Support for Windows XP in 2014: What You Need to Know  by How-To Geek and Scott Gilbertson of webmonkey.com

Image Credits: How-To Geek, Microsoft and webmonkey

Microsoft mandates Windows 8.1 upgrade

Applies existing support policy to Windows 8: Customers must upgrade within 24 months to continue receiving patches and fixes.

Computerworld - Microsoft today said that Windows 8.1, slated for release this fall, will use the same lifecycle support timeline as 2012's Windows 8, meaning that it will be supported until early 2023.

Windows 8 users will also be required to upgrade to 8.1, and presumably in the future to newer versions of the OS, to continue to receive security patches and other bug fixes, just as they have been obligated to keep up with past editions of Windows.

"The lifecycle of Windows 8.1 will remain under the same lifecycle policy as Windows 8 with support ending 1/10/2023," said Erwin Visser, who heads Windows marketing to businesses, in a Tuesday blog.

Microsoft's current support life-cycle for Windows 8 pegs the end of "Mainstream" support on Jan. 9, 2018, and "Extended" support's end on Jan. 10, 2023. Under mainstream support, Microsoft patches security vulnerabilities and provides non-security bug fixes. Extended support is limited to security-only updates.

For the first time, the company also confirmed that it will manage Windows 8 support the same way it has previous editions of the operating system.

"Windows 8 customers will have two years to move to Windows 8.1 after the General Availability of the Windows 8.1 update to continue to remain supported under Windows 8 life-cycle," Visser said.

"That's key," said Rob Helm, an analyst with Directions on Microsoft, ranking the importance of the clarification to enterprises.

With previous editions, Microsoft cut off support for the initial build of Windows, known as RTM for "release to manufacturing," two years after the release of the first service pack. If it shipped a second service pack, it stopped supporting the first 24 months after the follow-up's debut. Service packs have historically been free, just as Windows 8.1 will be.

But Microsoft has done away with service packs for Windows 8, instead adopting a faster-paced development and release schedule that will ship a new version about once a year.

Helm had expected that Microsoft would make Windows 8.1 mandatory, just as the firm demanded customers upgrade from Windows 7 RTM to SP1.

"Windows 8 has a relatively small base at the moment [and] Windows 8.1 is free, so it's not insanely onerous to require users [to upgrade]," said Helm.

If Microsoft had changed its life-cycle policy for Windows 8.1, it would have been forced to maintain an increasing number of versions. "This makes sense because under its faster-release schedule, if it didn't pull up the carpet, there would be too many different versions to support," Helm said.

Visser also announced the availability of a preview of Windows 8.1 Enterprise -- the version designed for Microsoft's volume license customers -- in the same blog today.

"In general, Windows 8.1 is a much better target for migration than Windows 8," said Helm, echoing other analysts who have said the same. "We've been recommending Windows 8.1 as the alternative to Windows 7 to clients getting off Windows XP."

Helm cited Windows 8.1's new enterprise-oriented features for that recommendation, including "workplace join," which will allow trusted devices to access secured data on a company's network, and mobile management additions such as limiting access to a single "Modern," née "Metro," app.

"The renewed focus on mobile management will make it much easier for enterprises to handle BYOD," Helm added, referring to the "bring your own device" trend where businesses support workers' choice of hardware. 

Also a big plus in Helm's book was Microsoft's renouncing its stubborn insistence that it knew what customers wanted. "Just the overall fact that Microsoft took the time to understand what enterprises needed, and delivered on those features, which we really could have liked to see in the initial release," has been encouraging, said Helm.

The enforced upgrade to Windows 8.1 is the strongest signal yet that Microsoft will offer future versions in the Windows 8 line -- Windows 8.2, for instance, or even 8.3 -- free of charge, just as it has service packs in the past. Deviating from free without also eliminating the upgrade requirement for continued support would likely trigger a revolt by customers, or at least a hue-and-cry that Microsoft would find hard to silence.

When Microsoft first announced it would speed up Windows releases, many experts assumed that the company would dispense free Windows 8 upgrades for several years running before launching an entirely new edition, perhaps titled Windows 9, that would come with a price tag.

Microsoft has not yet set a ship date for Windows 8.1, or as Visser put it, the version's General Availability. When it does, the 24-month clock will start ticking: An October launch of Windows 8.1, for example, means customers will have until October 2015 to finish their upgrades.

Windows 8.1 Enterprise Preview can be downloaded from Microsoft's website. The sneak peak will expire Jan. 14, 2014.

This article, Microsoft mandates Windows 8.1 upgrade, was originally published at Computerworld.com.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at  @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.