This month's Patch Tuesday, unlike October's, is a quiet one, with just two security bulletins:
MS08-069 solves a remote code execution vulnerability in Microsoft's XML Core Service that is rated as Critical for version 3.0 and Important for later versions. All 32-bit and 64-bit desktop versions of Windows from Windows 2000 SP4 through Windows Vista SP1 are affected, as well as Microsoft Office 2003 and 2007. The Exploitability Index is 1 (Consistent Exploit Code Likely - the most serious ranking) or 2 (Inconsistent Exploit Code Likely), depending upon the version of XML Core Services installed. Windows Server 2003 and some installations of Windows Server 2008 are also affected.
MS08-068 patches a remote code execution vulnerability in the SMB protocol. MS08-068 is rated as Important for Windows 2000 SP4 and Windows XP, and Moderate for Windows Vista. Windows Server 2003 and all Windows Server 2008 installations are also affected. Despite Microsoft's rating this vulnerability as only Important rather than Critical, MS08-068's Exploitability Index is 1 because exploit code targeting Windows XP is already public.
That's it for Patch Tuesday security bulletins, both of which will be arriving soon via Windows Update (or can be downloaded manually if you prefer). What else has Microsoft served up?
The only non-security content this time is the usual monthly update for the Malicious Software Removal Tool (KB890830; not yet updated as this article was posted now updated) and the usual monthly update for the Windows Mail junk mail filter (KB905866), available in 32-bit and 64-bit versions.
The argument against used games is that by buying them, you're cheating the developer out of potential profits he or she may otherwise have obtained had you purchased the game as new. The obvious flaw is that not everyone who purchases used games at a discount would have bought the title for a premium price as a new release, so the question of how much the used game market actually affects developers remains an open-ended one.
Nevertheless, developers and publishers are brainstorming on ways in which they can either deter gamers from buying used games or cash in on the sales, and some of those ideas are sure to irk the gaming community. Take for example Epic president Mike Capps, who claims some developers would like to see additional fees tacked on to used titles in order to complete the game.
"I've talked to some developers who are saying 'If you want to fight the final boss you go online and pay $20, but if you bought the retail version you got it for free," explained Capps to GamesIndustry.
Developers and publishers have already started to push one-time download codes for new games, such as the 20-song bonus tracks available to Rock Band 2 owners, as well as DLC codes in games like Gears of War 2 and NBA Live 09. But if DLC codes fail to lure more buyers from the outset, you can bet that developers will continue to cast an eye towards the used games market and come up with increasingly obtrusive strategies for cashing in.
DivX has begun offering its upcoming DivX Player 7.0 in Beta 1 form, and with it support for MKV files containing high definition H.264 video and surround sound AAC audio.
DivX has been playing around with H.264 support for some time now as part of its "Rémoulade" project, but this marks the first player release to incorporate this capability. DivX says the player's H.264 video decoding will come with support for Baseline, Main, High, High 10, and High 4:2:2 profiles, full interlace support, multithreading decoding on up to 8 CPU cores, and optimizations for MMX, SSE, and SSE2 instruction sets.
The release will also contain several general improvements over the currently shipping DivX Player 6.8.2, including wider Direct3D videocard compatibility, the return of the GDI renderer allowing the player to display video when no hardware acceleration is available, and better handling of AVI files that have a broken index, and improved support for media created with the company's DivX Author application.
Microsoft has released its DirectX November 2008 update as part of the company's loosely followed bi-annual update schedule. The last DirectX update was served up in August.
A number of enhancements mostly of interest to developers come packaged in the November DirectX SDK, as well as a Direct3D 11 technical preview with associated components and tools. As far as gamers are concerned, we found little information as to what possible bugs and performance enhancements the new update addresses.
If you're experiencing unexplained wonkiness while gaming and have been unable to troubleshoot the problem, you may want to give the November update a spin. Otherwise, you'll likely receive the update as a pre-packaged install on a new game at some point.
And you thought only one person on the entire planet was well and truly pissed at EA for its repeated usage of DRM. However, that was only the beginning. Now, two more criminally dissatisfied customers have rallied their lawyers, hoping to pulverize the mega-publisher's pocketbook into penniless mush.
The first suit, filed by Pennsylvania resident Richard Eldridge, points the all-important blame finger at the Spore Creature Creator trial -- not the full game. According to the suit, the game "secretly" popped his machine's DRM cherry, a feature completely unmentioned in EA's End User License Agreement.
The other DRM-detractor, Dianna Cortez of Missouri, encountered SecuROM DRM in The Sims 2: Bon Voyage. Her computer was never the same after that day.
"After installing Bon Voyage, Ms. Cortez began having problems with her computer," reads the suit. "She had previously made backup Sims 2 game content on CDs, but her computer's disc drive would no longer recognize that content, reporting the CDs as empty. She could not access files that were saved on her USB flash drive or iPod, either."
She also calls EA's practices "immoral, unethical, oppressive [and] unscrupulous" -- a sentiment with which we're sure her fellow lawsuit-slingers would agree.
Now if the entire 0.2% hopped aboard the lawsuit express, we might be onto something. As is, however, EA's gold-encrusted big toe will be more than enough to squash these three valiant musketeers. If nothing else, we can only hope that EA will actually learn something from all this, but we're not counting on it.
Some might argue that the mouse is currently a great tool for playing games of just about any genre, but Mgestyk Technologiespolitely disagrees. With the first (planned) public sale of a gesture control system, they seek to bring the Minority Report-like action straight to you.
Using only what’s been described as an “affordable 3D camera” and some proprietary software that will capture small hand gestures, they plan on challenging everyone’s favorite – the mouse. Understandably, some gamers might be reluctant to give up their Logitech or Razer in favor of holding their hands in front of a camera, there are undoubtedly some pretty notable foundations here.
In a video provided by Mgestyk there’s some pretty interesting footage demonstrating the technology that they've come up with. While yes, the reaction time between gesture and response may be a big higher than desired, there are plenty of people that have expressed interest. Mgestyk claims that they’ve got a waiting list for people looking to get their hands on the tech, and they aren’t willing to commit a release date or a price.
Long Zheng's I Started Something blog reports a welcome improvement in Windows 7's Complete PC Backup: in addition to backing up to local hard disks and DVDs, you can now back up to a network share. Complete PC Backup is the image (aka "bare metal restore") backup feature originally found in Vista's Business, Enterprise, and Ultimate editions (see our 2007 article to learn how it compares to other popular image backup/restore programs). This new feature brings Complete PC Backup's backup target options basically in line with those in the file/folder backup portion of the Backup and Restore Center, and makes it possible to use an NAS appliance as well as a folder share on another PC as a backup target.
It's important to realize that Complete PC Backup is a complementary technology to file and folder backup. Use it to back up your entire PC, and then use file and folder backup to backup data files that change after you create an image backup. Note that the NTBackup program (included in Windows XP and earlier versions) is not an image backup program, but a file and folder backup program only; it does not have a true 'bare metal' restore option.
I've used Complete PC Backup on a number of occasions to backup and restore Windows Vista systems, and I'm looking forward to this additional improvement in Windows 7's version (and I hope it will be available in all Windows 7 SKUs, by the way). What do you think? Join us after the jump and tell us.
With just five applications--five, free applications--you can do anything you ever wanted to do across a network connection. We're serious. Using these applications, you can bridge your computers together from anywhere in the world across a secure, hacker-proof connection. From there, you can dial into your desktop as if you were sitting right in front of it, looking at the exact screen you'd be seeing were your butt in the groove of your favorite office chair. If you're a hardcore network enthusiast, we'll even show you how to tab-browse through multiple, connected desktops as if you were pulling them up in Firefox or something.
And if you think that's crazy, these examples only reflect three of the five programs we're featuring in this week's roundup. So what are you waiting for? Click the link and let's get networked! Which, in itself, should be some kind of 80s super-dance mix: "Let's Get Networked." Eh? Ehhhh?
Microsoft last week released the fifth volume of its Security Intelligence Report (SIR) covering the period between January through June of 2008. The report, which purports to offer an "in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software," uses data derived from what Microsoft claims are hundreds of millions of Windows users, all of which is analyzed and laid out in a tidy 13MB PDF download.
According to the 150-page report, hackers are increasingly honing in on third party applications rather than attempting to attack Microsoft directly. Vulnerabilities in programs like RealPlayer, QuickTime, WinZip, and other non-operating system software provide hackers with a greater number of exploits requiring a low degree of complexity, the report claims.
"It is alarming to see that more than 90 percent of vulnerabilities disclosed in 1H08 affected applications, and nearly half of all industry vulnerabilities are rated as High Severity," Microsoft says in its report. "Additionally, 1H08 showed how threats are increasingly affecting a variety of vendors beyond Microsoft."
The report also notes several geographical trends in security threats. Among them, password stealers such are Win32/Bancos are most prominent in Brazil where the overall infection rate has risen an alarming 81.8 percent from 2H07 to 1H08. In the U.S., trojan downloaders, like Win32/Zlob, account for the largest single category of threat.
Ever heard the expression,” if you can’t beat them, join them”? It turns out this is an attitude shared by the executives over at Sensis, the advertising and directories arm of Australia’s largest telecommunications company Telstra. Starting in Q1 2009, all of the Sensis business listings will be incorporated into Google’s mapping service. Google will then be implemented to power the native search and mapping functionality on the site. Sensis’s decision has been widely criticized as an admission that could not compete with Google, but I would argue it’s nothing to be ashamed of. Many larger and deeper pocketed rivals have attempted to duplicate Google’s success over the years with arguably little to no lasting success. Yahoo and Live search aside anyone else remember Cuil?
The announcement was made at Google’s headquarters and Sensis CEO Bruce Akhurst said the deal would allow them to focus on their yellow pages business listings. Both parties have openly denied that any talks are taking place with regards to a merger, and according to Sensis the deal is only intended as a means to share revenue. Neither party is revealing any specifics as to the terms or financial agreements, but presumably Sensis determined it was the best way to save market share. According to Nielsen NetRatings, Google Maps serves just over 2.5 million Australian visitors, with a mere 1.2 million using the Sensis Wherels service. Even more dramatic are the search numbers with 9.3 million Australians using Google, and only 184,000 users choosing Sensis.
Another search engine bites the dust, can anyone take on Google? Hit the jump and let us know what you think.