Deloitte Touche Tohmatsu has just released its sixth annual Global Security Survey (PDF link). Some of the highlights (or lowlights, depending upon your point of view) include:

As in previous surveys, respondents recognize that people are both an organization’s greatest asset as well as its weakest link. But security vigilance is even more important in hard economic times, when the increased stress levels can lead people to behave in atypical ways.

Maybe DTT has cases like these in mind:

• a fired Fannie Mae programmer accused of planting a computer virus that could wipe out 4,000 servers
• a San Francisco computer engineer who held the city's computer network hostage last summer

However, not all the news is bad. For some good news in the threat arena, and your chance to share your biggest security challenges, join us after the jump.

The London Telegraph reports that the Conficker (aka Downadup and Kido) worm virtually shut down both the French naval air force and Great Britain's RAF and Royal Navy for some time last month.

Ironically, the French had been warned as far back as October to harden their systems, but as we reported last month, millions of PCs hadn't yet been protected by installing KB958644. How bad was the infection, and how was it spread? Hit your afterburners and join us after the jump for details.

Whether you're using Windows and IE, managing Microsoft Exchange or SQL Server at work, or using Microsoft Office, this month's Patch Tuesday has a security update for you. All four security bulletins address Remote Code Execution vulnerabilities in recent and current service packs for each product listed:

• IE 7: Windows XP, Windows Vista, Windows Server 2003
• Microsoft Office: Visio 2002, 2003, 2007
• SQL: SQL Server 2000 Desktop Engine on Windows 2000 and Windows Server 2003; Windows Internal Database (WYukon) on Windows Server 2003 and Windows Server 2008; SQL Server 2000 and SQL Server 2005
• Exchange Server: Exchange 2000 Server, Exchange Server 2003, Exchange Server 2007

But Wait, There's More!

Other updates to be released tomorrow include:

• Cumulative Update for Windows Vista Media Center (KB960544)
• Cumulative Update for Windows Vista Media Center TVPack (KB958653)
• Upgrade Rollup for ActiveX Killbits for Windows (KB960715)
• February 2009 updates for Windows Mail Junk Email Filter (KB905866) and Windows Malicious Software Removal Tool (KB890830)

For details, look up the KB article numbers starting Tuesday.

When Microsoft launched its Engineering Windows 7 blog last summer as part of its drive to be more transparent and more responsive to user concerns, a lot of people were skeptical about whether it would become anything more than a PR ploy. But, with the announcement yesterday that Microsoft will be fixing problems with Windows 7's UAC, even Redmond skeptics should be impressed.

In case you missed the earlier stories, MaximumPC readers and many others have been concerned about how easy it was for malware to change UAC levels and subvert the new and allegedly improved User Account Control in Windows 7.

To find out what's changing - and who deserves the credit - join us after the jump.

The Register reports that there's good news and bad news for the many Windows XP users who took a pass on Windows Vista and decided to wait for Windows 7. 

• The good news? Windows XP users will be eligible for Windows 7 upgrade pricing.
• The bad news? Windows XP users will need to do a clean install of Windows 7.  

El Reg quotes a Microsoft rep thus:

I can confirm that customers will be able to purchase upgrade media and an upgrade license to move from Windows XP to Windows 7 - however, they will need to do a clean installation of Windows 7.

This requires the user to back up their data, install Windows 7, re-install the programs and restore their data. For PCs running Windows Vista customers have the option of an in-place upgrade of Windows 7 keeping their data and programs intact or to perform a clean install of Windows 7.

For those of you in the XP to Windows 7 camp, does the need to do a clean install bother you, or were you planning a clean install anyway? Join us after the jump for your chance to be heard.

Earlier this week, our own Josh Kamperschmidt told us how scripts could be used to disable Windows 7's UAC. Well, that's just the prelude to a potentially even bigger security issue: according to Long Zhen of the I Started Something blog, Windows 7's "improved" UAC can be disabled by malicious software that is coded for auto-elevation. Auto-elevation is a feature that enables software being run by Administrators to skip the annoying "do you want to run this program" prompt that has made Windows Vista's version of UAC one of its most controversial features, not to mention one of the "I'm a Mac" commercials' favorite targets. Unlike the proof-of-concept exploit reported earlier, this one doesn't prompt you to reboot the system: it works silently.

So, what is it about Windows 7's UAC that makes it vulnerable? As Zhen puts it:

Windows is a platform that welcomes third-party code with open arms. A handful of these Microsoft-signed applications can also execute third-party code for various legitimate purposes. Since there is an inherent trust on everything Microsoft-signed, by design, the chain of trust inadvertently flows onto other third-party code as well. A phenomenon I’ve started calling “piggybacking”.

To demonstrate, one of the many Microsoft-signed applications that can be taken advantage of is “RUNDLL32.exe”. With a simple “proxy” executable that does nothing more than launch an elevated instance of "RUNDLL32 pointing to a malicious payload DLL, the code inside that DLL now inherits the administrative privileges from its parent process "RUNDLL32" without ever prompting for UAC or turning it off.

It sounds serious, but before you jump to conclusions, join us after the jump for Microsoft's response and a workaround.

For the many MaximumPC.com readers who wrote that two or three Windows 7 SKUs  was all that Microsoft needs to offer, the news that Windows 7 will be available in six flavors (Starter, Home Basic, Enterprise, Home Premium, Professional, and Ultimate)  may seem like throwing gasoline on an already-raging fire. However, before you start reformatting your Windows 7 partitions, take a look at Windows GM Mike Ybarra's reasoning. Here's a bit of it:

The first change in Windows 7 was to make sure that editions of Windows 7 are a superset of one another. That is to say, as customers upgrade from one version to the next, they keep all features and functionality from the previous edition...The second change is that we have designed Windows 7 so different editions of Windows 7 can run on a very broad set of hardware, from small-notebook PCs (sometimes referred to as netbooks) to full gaming desktops...

Although Windows 7 will be available in six SKUs, most of the emphasis will be on just two. To find out which SKUs are expected to do the heavy sales lifting and how the editions differ, join us after the break.

Gizmodo's Wilson Rothman installed Windows 7 Beta on an HP TouchSmart PC over the weekend, and offers a detailed look at how multitouch works, complete with several videos. Some highlights:

• If you install Windows 7 Beta on a system that's already running the manufacturer's touch software, a clean install (instead of upgrading from Windows Vista) provides a truer multitouch experience with fewer connfiguration headaches
• You can use multitouch as a mouse replacement; running Windows Media Center; zooming, rotating, and drawing; and for gaming
• You can download a cool AirHockey demo (no quarters needed!)

Have you tried Windows 7's multitouch interface yet? Join us after the jump and tell us what you liked about it - and what needs more tweaking.

Been admiring those sleek new netbooks, but you already sank your ready cash into a smartphone? If Microsoft's patent application is approved, you might already have half a netbook. As reported by The Register, Redmond has applied for a patent on a so-called "Smart Interface System for Mobile Communication Devices," which would transform your humble smartphone into the practical equivalent of a netbook. According to El Reg:

Although similar features have already been seen in existing cradles, Microsoft’s model would be equipped with a dedicated processor and memory. This would be used for storing and executing the on-board OS and an application for handling communication between the phone, peripherals and other connections, such as Wi-Fi.

Microsoft's patent application says that the device will use USB and "other suitable connector interfaces," and is designed to connect to TVs, monitors, mice, keyboards, printers, drives, and networks.  There's a long way between a patent application and real hardware, but what would make you more (or less) likely to give a real-world version of this a careful look? Join us after the jump and sound off. 

USNews's David LaGesse reports that Charter Communications is about to 10-up its high-speed rivals Verizon and Comcast by rolling out a 60Mbps broadband service (Verizon and Comcast currently offer 50Mbps in some markets).

There are two ways to get this level of speed:

• Fiber to the premises (FiOS), used by Verizon
• DOCSIS 3.0, used by Comcast and now Charter.

In addition to supporting much faster speeds than its predecessors, DOCSIS 3.0 also supports IPv6, channel bonding, and support for IPTV.

How are current Charter users reacting to the news? What are your experiences with 50Mbps cable services? Join us after the jump for more - and, as always, for your chance to sound off.

The Inquirer reports that Apple has settled a class-action lawsuit over the uncoated (and scratch-prone) first-generation iPod Nanos, which were sold starting in September 2005.

Because Apple began putting a protective coating on iPod Nanos starting in December 2005, you must submit a claim form  specifying your Nano's serial number to determine if your unit is covered by the settlement. You  have until June 10th 2009 to postmark your claim, but earlier dates apply if you want to exclude yourself or file an objection.

If the settlement is approved, the owner of each eligible iPod Nano sold without a protective slipcase would receive $25. Owners of iPod Nanos sold with a protective slipcase would receive $15 per unit. Learn more at the settlement website's FAQ page.

Did you buy an early iPod Nano? Join us after the jump for your chance to tell us your scratch horror stories.

With the announcement of Craig Barrett's retirement in May, one of Intel's last links with the pre-PC era will vanish. Barrett's career at Intel started in 1974, when Intel was just seven years old and was introducing the first general-purpose microprocessor, the 8080. The 8080's descendents included the first 16-bit processor, the 8086, and the IBM PC's processor, the 8088. The IBM PC and its many descendants enabled Intel's rise to processor dominance.

Barrett became Intel's CEO in 1998, taking over for the legendary Andy Grove. Barrett's tenure as CEO saw the development of Intel's first Celeron economy CPU and high-end Pentium III processors, the introduction of the Pentium 4, diversification into communications chips, development of new Xeon and Itanium server processors, and the introduction of the Centrino portable chipset/processor technology.

During this period, Intel received formidable challenges from AMD's Athlon and Athlon XP, and frequently saw its processors beaten by AMD's processors in real-world performance tests. Barrett became chairman of Intel in 2005, and during his tenure as chairman, saw Intel retake the performance crown from AMD with the introduction of the Core 2 Duo, Core 2 Quad, and Core i7 processor lines.

Barrett, 70, is retiring at a time in which Intel, like other technology companies, is facing tough times, and announced last week that it's closing two fab plants in the US as well as three assembly test facilities in Malaysia and the Philippines, affecting over 5,000 employees.

What was the first Intel product you used? Was it a processor, motherboard, chipset, network adapter, or something else? Looking back at Barrett's long career, what do you think were Intel's biggest hits - and misses? Join us after the jump for your chance to tell all.

"5" may be good for bargain lunch hunters or fans of loaded chili mac, but most Windows users would agree that "5" is way too many editions of Windows. Unfortunately, a leaked screenshot of Windows 7 Build 7025 suggests that Redmond is again going to offer five versions of Windows 7 when it ships: Starter (developing computer markets only), Home Basic, Home Premium, Business, and Ultimate editions, just as with Windows Vista.

Depending on who you ask, that's probably two or three versions too many. Unfortunately, unless Redmond changes its mind between now and Windows 7 release, it looks likely that the same "too many versions" problem that haunted Windows Vista will be back for Windows 7. There's one bit of good news, though. It looks as if an easy-to-use version of Windows Anytime Upgrade will be included in non-Ultimate releases so you can move up.

Which Windows editions should live on in Windows 7, and which ones deserve to be nailed to their perches? Join us after the jump and sound off.

As noted by Gizmodo, Windows 7 has made quite a few tweaks to the Windows Experience Index (WEI) first introduced by Windows Vista. For those of you tuning in late, the WEI tests hardware performance of five subsystems (processor, memory, desktop graphics, 3D gaming graphics, and hard disk), calculates a score for each one, and uses the lowest subsystem score as your WEI base score.

Since just after Windows Vista shipped, users of high-performance components, especially graphics cards, have been complaining loudly about Vista's WEI top score being capped at 5.9. While the Minpaso database of Vista WEI scores calculates a "presumption score" to try to make allowances for today's faster hardware, there hasn't been an official move from Microsoft until now. The code jockeys in Redmond heard you, and the top WEI subsystem and base score in Windows 7 is 7.9.

Wondering why the top score changed, and what else is different? Join us after the jump for details.

Remember Microsoft's rare out-of-band security update from last October, MS08-067? Microsoft warned us then that Windows XP, Windows Server 2003, and Windows 2000 SP4 were especially vulnerable to being attacked. Windows Update probably took care of patching your home computer. However, companies and individuals that were slow to patch their fleets of PCs with KB958644 could find their computers now infected by a nasty worm called Conficker, Downadup or Kido.

How big a deal is Conficker/Downadup? According to F-Secure, the number of infected machines went from 2.4 million to 8.9 million in just four days as of last Friday.  Panda Security now estimates that as many as one in every 16 PCs may be infected. F-Secure wraps up its analysis by saying "The situation with Downadup is not getting better. It's getting worse." Panda compares the outbreak with the legendary Kournikova (2001) and Blaster (2003) outbreaks.

How does Conficker/Downandup spread, and what can you do about it? Join us after the jump to learn more.

As our own Paul Lilly's been telling us recently, many Seagate hard disks have been afflicted by firmware woes. Unfortunately, Seagate's first attempt to fix the problem wound up turning working drives into high-tech bricks.

As it turns out, both Seagate and Maxtor-brand SATA drives can be affected by firmware problems. So, how can you find out exactly which models may be on the naughty list and when Seagate has a firmware fix that's ready for prime time? Join us after the jump for details.

What will the next version of Microsoft Office look like? Leaked screenshots of an alpha version recently released to testers suggest that, in short, ribbon menus rule. However, the Office 14 ribbon menus seem to have been influenced by the ribbon menu used in some of Windows 7's accessories, rather than being simply a rehash of Office 2007's version.

How long before we'll have a release version? According to alpha testers cited at Neowin.net, Microsoft is looking at a 2009 release and - you guessed it - the suite might be called Office System 2009. However, with the Microsoft roadmap unearthed earlier this month showing "2009" and "12-31-2009" for release dates, maybe it's too early to worry about the name.

So, you've decided to log into your bank's website to figure out if you can afford the newest techno-bling shown at CES. Your bank gives you the nod, and you open up another browser tab (or window) to cruise over to your favorite tech reseller. After doing a few price and stock checks, a pop-up window appears: your bank session has timed out - and if you want to double-check your available credit or account balance, you need to log in again. Should you click and go?

If you shrug and say "sure," you'd probably be infected by the latest phishing method. As reported by ArsTechnica, "in-session" phishing doesn't use traditional methods such as fake emails or fake websites to do its dirty work. Instead, in-session phishing is the next step in exploiting legitimate sites that are infected by malware. This time, infected websites exploit a JavaScript flaw found in all popular browsers.

To learn how it works, and to learn how to protect yourself, join us after the jump.

Tom's Hardware reports that Western Digital will be first to market with a 2TB drive. The WD20EADS is a part of WD's GreenPower series, and uses four 500GB platters.  Other specs include 32MB of cache and a seek time of 8.9ms.

Although Tom's Hardware reports that the drive will run at 5400RPM or 7200RPM, you should take the claim of 7200RPM with a grain of salt until we get our hands on actual hardware for testing. As this analysis from SilentPC on the first GreenPower drive indicates, GreenPower drives normally run at the slower speed.

How much will the first 2TB drive set you back? Around $210-240, rumors say, but we'll all know for sure when the drive hits retail shelves later this week. Will you be lining up for the first 2TB drive, or would you rather have a couple of 1TB drives? Join us after the break and sound off.

Microsoft Research, the code jockeys behind video and imaging innovations like Unwrap Mosaic, AutoCollage 2008,  and the Microsoft Image Composite Editor, has expanded into audio creativity with its new Songsmith program.

Songsmith enables you to convert your solo music (vocal or instrumental) into an editable recording (Garritan developed the MIDI musical tracks Songsmith uses). Just sing or play into a microphone (Songsmith runs on Windows XP or Vista with 1GB of RAM and a 1GHz processor, and requires .NET Framework 3.0), and Songsmith adds the backing you select. Try samples here.

Once you create your first song, what else can you do with Songsmith? Join us after the jump for details.