What a whole lot of FAIL, Vista 2.0 here we come. This is great for tablets, but tablets are a fad. This has no place on a desktop operating system. Smart phones are the evolution of computing. Mark my words – in 5 years, tablets will not exist. You will have a phone that will be your primary mobile computer. At home, you will connect your phone to a wireless mouse, keyboard and display.

“Windows 8 just dumps you into the Start screen. No tutorial, no help icon on the main screen, nothing. This will be fixed by launch or Windows 8 will fail.”

Bibik is on target. Most people who use Windows 8 on traditional computers rather than tablets will spend their time in the Desktop because that’s where the apps they most use are, notably Microsoft Office, which won’t run as a Metro app. Yet the Windows 8 Desktop is less useful than in previous versions because the Start menu and Start button have been taken away.

Metro and the Desktop are essentially two different operating systems incompletely bolted together. Sure, techies can figure out how to navigate between the two interfaces, but other people will have a hard time.

see MS-12-20

Need we say more about the foolishness of leaving your IT as a monoculture of Microsoft’s stuff after decades of them demonstrating little or no concern for security?

Microsoft yesterday released updates to sew up at least seven vulnerabilities in Windows and other software. The sole “critical” update in the bunch patches a particularly dangerous flaw in all supported versions of Windows that allows attackers to seize control over vulnerable systems remotely without authentication.

In the company’s words, one of the vulnerabilities “could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system.” Only systems that have remote desktop actually enabled are vulnerable, but Microsoft recommends that everyone install the update, just in case. Affected operating systems include Windows XP, Vista, and 7, not to mention Windows Server 2003, 2008, and 2008 R2.

“Microsoft is urging organizations to apply the sole critical update in this month’s Patch Tuesday release as soon as possible. The critical bulletin – one of six security bulletins issued as part of Tuesday’s release – addresses two vulnerabilities in the Remote Desktop Protocol (RDP). Those IT admins who use RDP to manage their machines over the internet, which is essentially the default in cloud-based installations such as Amazon’s AWS, need to patch as quickly as possible, said Qualys CTO Wolfgang Kandek. Besides the RDP bugs, this month’s Patch Tuesday addressed five other vulnerabilities: two denial-of-service bugs and an escalation of privileges issue in Microsoft Windows; a remote code execution vulnerability in Microsoft Expression Design; and an escalation of privileges issue in Microsoft Visual Studio.”

The critical update plugs two security holes in Microsoft’s Remote Desktop Protocol (RDP), a service that is designed to let administrators access Windows systems remotely over a network. The saving grace for these vulnerabilities — which are present in Windows XP, Vista and 7, and Windows Server 2003, and 2008— is that RDP not enabled by default on standard Windows installations. That means it is far more likely to be a threat to businesses than to consumer systems.

“It needs to be configured and started by the system’s owner, which then makes the vulnerability accessible; consequently we expect that only a relatively small percentage of machines will have RDP up and running,” said Wolfgang Kandek, chief technology officer for vulnerability management firm Qualys.

Dave Marcus, director of advanced research and threat intelligence at McAfee Labs, said this bulletin should be considered a top priority, noting that Microsoft has rated its “exploitability index” as 1, meaning that Microsoft expects working exploits to be available in fewer than 30 days.

“An unauthenticated remote code execution is pretty much as bad as it gets,” Marcus said.

For users and organizations that need time to evaluate the RDP patch before installing it, Microsoft has developed and released a FixIt tool to enable “Network-Level Authentication,” which according to the company is an effective mitigation for this issue.

The remainder of today’s updates address three other Windows vulnerabilities, and problems in Microsoft Expression Design and Microsoft Visual Studio.For a breakdown of the patches, see Microsoft’s Security Bulletin Summary for March 2012. The fixes are available through Windows Update.

“A little about MS12-020…this bulletin addresses one Critical-class issue and one Moderate-class issue in Remote Desktop Protocol (RDP),” Angela Gunn, security response communications manager for Microsoft’s Trustworthy Computing Group, explained in a blog post. “Both issues were cooperatively disclosed to Microsoft and we know of no active exploitation in the wild. The Critical-class issue applies to a fairly specific subset of systems – those running RDP – and is less problematic for those systems with Network Level Authentication (NLA) enabled.”

“That said, we strongly recommend that customers examine and prepare to apply this bulletin as soon as possible,” she added. “The Critical-class issue could allow a would-be attacker to achieve remote code execution on a machine running RDP (a non-default configuration); if the machine does not have NLA enabled, the attacker would not require authentication for RCE access.”

Ben Greenbaum, senior principle software engineer for Symantec’s Security Intelligence Group, agreed users should pay close attention to the RDP vulnerability.

“RDP’s purpose is to enable remote access from the Internet, but preferably to an authenticated user,” he said. “In this case, a malicious attacker can potentially take complete control of the computer. Failed exploit attempts of this issue will likely result in the user being confronted with the blue screen of death. If an attacker can bypass standard memory protection measures, however, they will have access at the kernel level.”

Those IT admins who use RDP to manage their machines over the internet, which is essentially the default in cloud-based installations such as Amazon’s AWS, need to patch as quickly as possible, Qualys CTO Wolfgang Kandek opined.

“If the patch cannot be applied that quickly or the necessary reboot cannot be scheduled, IT Admins should look into the available work-arounds that function immediately: protect the machine with restrictive firewalling, access RDP through a VPN service or switch to Microsoft’s NLA protocol that is supported in newer versions of Windows (Vista+) and is not vulnerable to the attack,” he said.

The final bulletin for the month was only rated moderate. A vulnerability in DirectWrite could result in a denial of service condition on receipt of a maliciously crafted sequence of Unicode characters.

This issue could be exploited via instant messenger clients. Windows 7, Vista and Server 2008 are affected.

Paul Henry, security and forensic analyst at Lumension, pointed out that the Internet Explorer 9 zero-day exploit used at the Pwn2own event was not addressed by Microsoft, but noted “To be fair, they received the details only yesterday.” more on that later.

He also observed that while the number of bulletins released this month represented a light load of patches, they “will be disruptive in terms of required reboots.”

Summary: A feature common in phones will let Microsoft remotely disable malware 

This doesn’t surprise me at all, people tend to forget that Microsoft is well in it’s rights to put something like that in, after all they own it not you, you paid a license to use, NOT own.  In reality, kill switches are nothing new, all recent versions of Windows OS’s have one built in, that’s why you have to activate your version of Windows.

Janne Kytömäki, a Finnish software developer, was cruising Google’s Android Market for smartphone apps last year when he noticed something strange. Dozens of best-selling applications suddenly listed the same wrong publisher. It was as if Stephen King’s name had vanished from the covers of his books, replaced by an unknown author. Kytömäki realized the culprit was a piece of malware that was spreading quickly, and he posted his findings online.

Google responded swiftly. It flipped a little-known kill switch, reaching into more than 250,000 infected Android smartphones and forcibly removing the malicious code. “It was sort of unreal, watching something like that unfold,” says Kytömäki, who makes dice simulator apps. Kill switches are a standard part of most smartphones, tablets, and e-readers. Google, Apple, and Amazon all have the ability to reach into devices to delete illicit content or edit code without users’ permission. It’s a powerful way to stop threats that spread quickly, but it’s also a privacy and security land mine.

With the rollout of the Windows 8 operating system expected later this year, millions of desktop and laptop PCs will get kill switches for the first time. Microsoft hasn’t spoken publicly about its reasons for including this capability in Windows 8 beyond a cryptic warning that it might be compelled to use it for legal or security reasons. The feature was publicized in a widely cited Computerworld article in December when Microsoft posted the terms of use for its new application store, a feature in Windows 8 that will allow users to download software from a Microsoft-controlled portal. Windows smartphones, like those of its competitors, have included kill switches for several years, though software deletion “is a last resort, and it’s uncommon,” says Todd Biggs, director of product management for Windows Phone Marketplace.

Microsoft declined to answer questions about the kill switch in Windows 8 other than to say it will only be able to remove or change applications downloaded through the new app store. Any software loaded from a flash drive, DVD, or directly from the Web will remain outside Microsoft’s control. Still, the kill switch is a tool that could help Microsoft prevent mass malware infections. “For most users, the ability to remotely remove apps is a good thing,” says Charlie Miller, a researcher with the security company Accuvant.

The history of kill switches on smartphones and e-readers suggests they’re double-edged swords for the companies that wield them. In 2009, Amazon reached into users’ Kindles to delete e-book copies of George Orwell’s 1984 and Animal Farm that had been sold by a publisher without the necessary rights. The ensuing backlash caused Amazon Chief Executive Officer Jeff Bezos to call the move “stupid, thoughtless, and painfully out of line with our principles.”

The reluctance of tech companies to set explicit policies for when they will and will not use kill switches contributes to the fear they’ll be abused. Civil rights and free speech advocates worry that tech companies could be pressured by governments to delete software or data for political reasons. “You have someone who has absolute control over my hard drive in ways I may have never anticipated or consented to,” says Eric Goldman, director of the High Tech Law Institute at Santa Clara University’s law school in California. “If they use that power wisely, they actually make my life better. We don’t know if they use the power wisely. In fact, we may never know when they use their power at all.”

Hiroshi Lockheimer, Google’s vice president of Android engineering, says the search company reserves the use of the kill switch for “really egregious, really obvious cases” of harmful content. Microsoft’s Biggs says the company has used the functionality in its smartphones only for “technical issues and content issues.” Apple declined to comment. Amazon did not respond to several messages.

Like many in his profession, Kevin Mahaffey, co-founder of the San Francisco startup Lookout, which makes security software for smartphones, expresses mixed emotions about the emergence of kill switches. “The remote removal tools are very much a response to the mistakes of the PC era,” he says. “Whether or not it’s an overcorrection, I think history will tell us. It can be done right, but we as an industry need to tread carefully. It’s easy to imagine several dystopian futures that can arise from this.”

One supporter is Janne Kytömäki, the Finn who discovered the Android malware outbreak. He says Google did the right thing by deleting the malware without users’ permission. “What was the alternative?” he says. “Leave those apps installed on 200,000 people’s mobiles? This is something that had to be done.”

Well, this feature for Windows 8 has to connect via a listening port, and once we know what port our systems are listening on for that system call, we can block access to it, besides Windows is just for games these days. Linux is where the future is, thank you Linus Torvalds.

One may ask, by what right do they have to monitor or do anything to your smart device without your consent.  This ability leaves the door open to them disabling a rival’s app or even hacking your phone for information as Microsoft used to do with online registrations before they were caught.  In that instance they scanned your computer, documents, programs, licences etc and sent a copy to their offices with your online registration.  Once you buy a smart device or computer no-one without a court order is legally entitled to access the contents of that device and especially from a remote country.

Truth be told, one never purchases Windows software to “own”, you pay for the right to use and you become a licensee by way of a access code/key.  Next time you click “accept”, take the time to read the 70-page document, otherwise know as the “End User License Aggreement”, you give up all rights to pretty much anything on the system. Hows that make you feel?

The bottom line: Kill switches can improve computer security, but they worry privacy and free speech advocates.

LINUX VENDOR

With Microsoft readying Windows 8 for release later this year, companies are expected to evaluate whether it is worth renewing existing Microsoft licenses or splashing out on the latest Microsoft revision of its desktop PC operating system. However, according to Canonical CEO Jane Silber, it isn’t undercutting Windows 8 that holds the key for take-up of Ubuntu Linux but Microsoft’s termination of Windows XP support that will drive Ubuntu growth.

Talking with The INQUIRER, Silber said, “We certainly track it and keep an eye on competition. [...] The larger impact in terms of Microsoft in our customer base isn’t the emergence of Windows 8 but the upcoming, long awaited end-of-life of [Windows] XP.”

Silber’s point rests on the well known fact that many users, especially large businesses, are still running Windows XP. Microsoft has supported the operating system for over a decade, but the Redmond, Washington software house has said that it will end support for Windows XP on 8 April 2014.

Silber said, “What we are seeing there, particularly with enterprise customers with large desktop deployments in the tens of thousands, [is that they are] taking the opportunity to move to Ubuntu at that point, and they are, in some cases, not even evaluating future Windows desktop operating systems.

“It’s not that they are turning down Windows 8, [it's that] with the end of life of [Windows] XP there’s a disruption and a good point for them to re-evaluate their options.”

While Microsoft’s Windows XP April 2014 end of life date is still two years away, organisations that run thousands of Windows XP machines will have already started planning. Working out whether to upgrade to Windows 7 or Windows 8 or move to Linux could take the best part of a year to evaluate and test, and deployment might take another year, so the battle for those customers is well underway.

Silber believes punters are not necessarily looking for bells and whistles when evaluating an operating system. She said, “It’s more likely people are evaluating their desktop experience in terms of what they really need, this is one of the reasons why we’ve seen a lot of interest from enterprises for Ubuntu for Android. People are looking at what does it mean to have a desktop in five years from now. There’s more interest in client solutions, converged device scenarios, so it’s really an opportunity for us.”

Although some will question Silber’s belief that Windows XP, not the cost of upgrading to Windows 8, holds the key to Canonical’s push into the enterprise, the fact is that Canonical and other Linux vendors have two strong opportunities to go up against Microsoft as it tries to push customers into its next churn of its PC operating system cash machine.

]]> http://jet-computing.com/ubuntu-adopts-windows-xp-users/feed/ 0 http://jet-computing.com/7-overtakes-xp-finally/ http://jet-computing.com/7-overtakes-xp-finally/#comments Sat, 25 Feb 2012 23:18:24 +0000 dsmith http://jet-computing.com/?p=5966 Microsoft has finally seen use of its Windows 7 operating system (OS) overtake that of its ten year old brother, Windows XP. Windows 7 was released on July 22, 2009 and with Windows XP so intrenched, it has taken little over two-years to catch up.

Web analytics firm Statcounter revealed the change in usage and explained that globally Windows 7 has a 40.5 per cent market share, Windows XP has 38.5 per cent, and Windows Vista has 11.2 per cent.

“Vista was like the ugly duck that few wanted to dance with,” said Aodhan Cullen, CEO, Statcounter, as he announced the changes.

So they just renamed it and fooled the masses and resold it as Windows 7.

“Despite Microsoft trying to keep it back in the kitchen, Windows XP has retained tremendous loyalty over the last decade. However, it looks like the younger Windows 7 is now emerging in its defined role finally”

The usage charts are not the same across the planet and while Windows 7 has overtaken Windows XP in the US and Europe, the latter is still dominant in Asia, where it has a 55 per cent market share. Windows 7, by comparison, has 36 per cent.

It is has been a little over ten years since Microsoft released the Windows XP operating system, and in those years Microsoft has tried to tempt users away with not just one, but two major OS releases, neither of which seemed to be able to pull entrenched, and mostly business, users away from its veteran OS.

Microsoft has committed to support the Windows XP OS until 2014, but perhaps only begrudgingly. This is why I have a countdown clock on the right-hand side of this website to remind people of this fact.

Honestly, what does Windows 7 offer that Windows XP does not? Obviously, it cannot be security as both are malware prone. Fortunately, Linux does not have those rootkit problems like any version of MS Windows does. Instead of constant reimages/reinstalls, I simply get more work done, and this company makes money by assisting those that refuse to adapt.

]]> http://jet-computing.com/7-overtakes-xp-finally/feed/ 0 http://jet-computing.com/intel-joins-libreoffice/ http://jet-computing.com/intel-joins-libreoffice/#comments Fri, 24 Feb 2012 00:58:15 +0000 dsmith http://jet-computing.com/?p=5952 Summary:  Intel distributes LibreOffice, can Microsoft be pleased?

The month of February is a month to remember for the LibreOffice project. LibreOffice, the OpenOffice fork, is a very popular open-source office suite. But, while it has great support from Linux distributors, like openSUSE and Ubuntu, LibreOffice has never had a major corporate backer on the Windows side… until now. Intel is now offering LibreOffice to Windows users via its AppUp application store. I wonder how Microsoft feels about this.

“I have been using LibreOffice from day one for presentations at conferences and for data analysis,” said Dawn Foster, open source community lead, Intel. “Our engineers have worked with the LibreOffice codebase to optimise it for Intel hardware. Adding it to the AppUp(TM) Center is an obvious extension, and will provide an exciting feature for all Ultrabook users.”

“We are thrilled to add Intel to our existing roster of supporters”, said Florian Effenberger, volunteer and TDF board member, “TDF is first and foremost a vendor neutral project committed to excellence in the office suite space, but we greatly value the support and advice we gain from organisations such as SUSE, Red Hat, Google, the Free Software Foundation (FSF) and Software in the Public Interest (SPI).”

Of course, LibreOffice has long been available on Windows, as well as Linux and Mac OS X. What’s different about this is that Intel, Microsoft’s long time ally, is now actively supporting Microsoft Office’s most active rival. Certainly, on the cloud, Google Docs is Office’s biggest enemy but on the good old PC desktop, LibreOffice is Microsoft’s Office main competition.

Nor, is Intel just enabling LibreOffice to be downloaded from its site. No, Intel is actively working on improving the LibreOffice code base. Intel has also joined The Document Foundation. That means Intel is also financially supporting this rival to Microsoft Office and LibreOffice has put open source office suite in direct competition with Microsoft’s own offering.

The only thing missing is a 64-bit version. There is port for Android in the works as well which is due out later this year.

LibreOffice is a hybrid word, meaning “Free Office”. Libre means free (as in freedom) in French and Spanish. Between January 2011 (its first stable launch) and October 2011, LibreOffice was downloaded approximately 7.5 million times. It is the default office suite in many Linux distributions, such as Fedora, Linux Mint, openSUSE, and Ubuntu.

LibreOffice can be run on Microsoft Windows, Mac OS X 10.4 Tiger or newer, and Linux-based systems running Linux kernel version 2.6.18 or newer.

The Document Foundation announces LibreOffice 3.5, the third major release of “the best free office suite ever”, which shows to end users the improvements derived from the development strategy adopted since September 2010. LibreOffice 3.5 derives from the combined effort of full time hackers – the largest group of experienced OOo code developers – and volunteer hackers, coordinated by the Engineering Steering Committee.

Writer

- a new built-in Grammar checker for English and several other languages
- improved typographical features, for professional looking documents
- an interactive word count window, which updates in real time
- a new header, footer and page break user interface

Impress / Draw

- an improved importer of custom shapes and Smart Art from PPT/PPTX
- a feature for embedding multimedia/colour palettes into ODF documents
- a new display switch for the presenter’s console
- new line ends for improved diagrams
- Microsoft Visio import filter

Calc

- support for up to 10,000 sheets
- a new multi-line input area
- new Calc functions conforming to the ODF OpenFormula specifications
- better performances when importing files from other office suites
- multiple selections in autofilter
- unlimited number of rules for conditional formatting

Base

- a new integrated PostgreSQL native driver

In addition, for the first time in the history of LibreOffice, we will be enabling the online update checker, which informs users when a new version of the suite is available.

“We inherited a 15 years old code base, where features were not implemented and bugs were not solved in order to avoid creating problems, and this – with time – was the origin of a large technical debt,” says Caolán McNamara, a senior RedHat developer who is one of the founders and directors of TDF. “We had two options: a conservative strategy, which would immediately please all users, leaving the code basically unchanged, and our more aggressive feature development and code renovation path, which has created some stability problems in the short term but is rapidly leading to a completely new and substantially improved free office suite: LibreOffice 3.5, the best free office suite ever.”

“In sixteen months, we have achieved incredible results – comments Michael Meeks, a SUSE Distinguished Engineer, who is also a founder and director at TDF – with nearly three hundred entirely new developers to the project, attracted by the copyleft license, the lack of copyright assignment and a welcoming environment. In addition to the visible features, they’ve translated tens of thousands of German comments, removed thousands of unused or obsolete methods – sometimes whole libraries – and grown a suite of automated tests. Although we still have a long way to go, users – who have sometimes complained for the stability of the software, as they were not aware of the technical debt we were fighting with – can now benefit from a substantially cleaner, leaner and more feature rich LibreOffice 3.5.”

LibreOffice 3.5 is the first release where the contribution of local communities and associations, such as ALTA in Brazil, has been acknowledged. In addition, TDF tried to recognize those volunteers – where we could easily identify them – who put so much into the 3.5 release, with a “hacking” or “bug hunting” hero badge presented the same day of the announcement. TDF is encouraging the development of a global, open and diverse ecosystem where companies, associations, local communities and volunteers share the common objective of developing the best free office suite ever.

The Document Foundation invites power users to install LibreOffice 3.5, and more conservative users to stick with LibreOffice 3.4 branch. Corporate users are strongly advised to deploy LibreOffice with the backing of professional support, from a company able to assist with migration, end user training, support and maintenance. The Document Foundation will soon provide a list of certified organizations providing these professional services.

LibreOffice 3.5 is available from: http://www.libreoffice.org/download.

…the feds replaced the criminals’ servers with clean ones that would push along traffic to its intended destination. Without the surrogate servers in place, infected PCs would have continued trying to send requests to aim at the now-unplugged rogue servers, resulting in DNS errors.

The malware, called DNSChanger Trojan, is said to illegally redirect traffic and prevent users from accessing the updates necessary to remove it. Without access to these critical patches, these large companies, government agencies, and home users are said to be more susceptible to hackers.

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. DNS translates queries for domain names (which are meaningful to humans) into IP addresses for the purpose of locating computer services and devices worldwide. An often-used analogy to explain the Domain Name System is that it serves as the phone book for the Internet by translating human-friendly computer hostnames into IP addresses. For example, the domain name www.example.com translates to the addresses 192.0.43.10 (IPv4) and 2620:0:2d0:200::10 (IPv6).

This change could potentially leave a great number of Internet users without access to the Web. When I run across someone that is having internet issues, the very first thing I do is have them change their DNS. http://jet-computing.com/resource-links/opendns/

The feds received a court order in November, 2011 to replace the “rogue” servers with surrogate servers to operate “just long enough for companies and home users to remove DNSChanger malware from their machines.”

Rod Rasmussen, president of Internet security company Internet ID, has stated that there are still millions of PCs infected with DNSChanger. “At this rate, a lot of users are going to see their Internet break on March 8.”

A working group advising the FBI is said to be considering requesting an extension of the court order to give more time to users of infected machines to remove the malware.

Although this may indeed be a very real problem that Internet users must be vigilant to protect themselves from, depending on the government to provide servers when their own agencies are infected doesn’t seem like a trustworthy solution.  Additionally, a previous private-government working group put together in 2009 to combat the Conficker Worm has accomplished very little as 3 million computers are still said to be infected.

These viruses are called Trojans because they are disguised as something friendly, enter computers, and then install malicious software.  Someone with a healthy distrust of the government may see the FBI’s warning that millions will be cut off from the Internet as a Trojan Horse itself so that they may retain control over the new servers. After all, if the FBI is controlling the “legitimate” servers, wouldn’t they have access to all the traffic information of individual users and large corporations?

This situation reminds me of the Windows Update shipped out on Patch Tuesday in February of 2010. Computers that were infected with the TDSS rootkit would get a blue screen of death (BSoD) after applying the security updates.

Was it disruptive to those with infections? Sure.

Yet these folks were infected with a rather nasty rootkit and were forced to take action to fix their PCs and improve their security and the security of others they may infect.

If DNS Changer was simply a DNS problem you could argue that providing them with DNS service is a kind gesture, but more often then not this malware came with additional payloads that could pose far greater risks to the user.

DNS Changer also prevents machines from getting security updates, which is a huge problem for those infected who are now at risk from lots of other malicious garbage.

I say turn them off. It will be a rude wake-up call, but an unfortunately necessary one.

We all have responsibility for our own security and safety

What is the DNS Changer Malware?

On November 8, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in “Operation Ghost Click”. The criminals operated under the company name “Rove Digital”, and distributed DNS changing viruses, variously known as TDSS, Alureon, TidServ and TDL4 viruses. You can read more about the arrest of the Rove Digital principals here, and in the FBI Press Release.

What does the DNS Changer Malware do?

The botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS in data centers in Estonia, New York, and Chicago. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products. Because every web search starts with DNS, the malware showed users an altered version of the Internet.

Under a court order, expiring March 8, the Internet Systems Corporation is operating replacement DNS servers for the Rove Digital network. This will allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines.

How Can I Protect Myself?

This page describes how you can determine if you are infected, and how you can clean infected machines. To check if you’re infected, Click Here. If you believe you are infected, here are instructions on how to clean your computer.

The software giant said that four of the bulletins are listed as “critical,” and three of those, all of which affect Windows, will require a restart. The critical bulletins address errors in Windows, Internet Explorer and server-side software. They all are said to address vulnerabilities that would allow remote code execution.

Flaws of this type are best addressed sooner rather than later because they might easily be exploited by malware slingers.

Patching IE ought to be be the highest priority, according to vulnerability scanning and web services firm Qualys.

“[W]e saw last month how quickly attackers are incorporating browser-based attacks into their toolkits; an exploit for MS12-004 was detected a mere 15 days after Patch Tuesday,”notes Wolfgang Kandek, CTO of Qualys, in a blog post on the upcoming patch batch.

The remaining five bulletins are listed as “important” and deal with both remote code execution and elevation of privileges. They apply to Microsoft Widows, Office and Server Software.

The February Advanced Notification also stated that the Microsoft Windows Malicious Software Removal Tool would be updated on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. Microsoft’s Trustworthy Computing Security Response Communications Manager, Angela Gunn, said details about risk, impact analysis, deployment guidance and a video overview of the release would be available on their blog Tuesday.

Andrew Storms, director of security operations at net security firm nCircle, said all supported versions of Windows will need patching. Oddly the most recent versions of Windows – which normally need the least patching – are the most affected by the February 2012 patch batch, he added.

“It’s surprising that this month’s patch affects almost every Windows operating system – each OS is affected by five of the eight applicable bulletins. That’s kind of weird because newer OS versions are generally more secure.”

“It’s even more surprising that Windows Server 2008 R2 is affected by the greatest number of bulletins. Generally, we see fewer bugs on server side operating systems, and this is doubly true for Server 2008 since so many of its newer mitigations and default settings protect the OS even when bugs are found,” he added.

Tweaking a rooted smartphone is mostly a simple process so long as you follow the instructions to the letter. But if something goes wrong it can leave you unable to boot your phon, can you say “brick”?

Thankfully it can be recovered with the helpful ROM Manager app.

Rooting your Android phone is a term that you are bound to across at some point or another while searching on how to optimize your Android device. If you you would like to know more, Wikipedia has a decent entry on the subject: http://en.wikipedia.org/wiki/Rooting_(Android_OS)

1. ClockworkMod Recovery

Before you start playing with custom ROMs on your phone or tablet, be sure to flash ClockworkMod Recovery from within the ROM Manager app. This will enable you to restore a ROM should an installation give you serious problems.

2. Backing up your current ROM

You must also backup you current ROM before installing a new one. Do this via ROM Manager, and keep the backup on your memory card in case you ever need it. If you can’t boot your phone you will be able to restore this.

3. Recover and restore

To restore a ROM, hold the volume-down and power keys. From the menu, select RECOVERY, then ‘backup and restore’. A list of ROMs on your card will be displayed, including your backup. Choose that to restore.