It should come as no surprise really.  True, Microsoft may be the king of the office, but eventually something was going to replace those poisoned Word docs, Excel spreadsheets, and PowerPoint presentations.  And if something was going to do it, it was going to be something easily as cross-platform and heavily used.

That something, was Adobe Reader PDF files.

At least, so says F-Secure.

And the reasoning, besides the obvious of being a cross-platform big target?  Well all of the vulnerabilities, of course!  I mean who in the security world doesn’t know that Adobe = holes.  It’s enough to rival Microsoft.  Apparently.  Which is why 2009 saw 49% of attacks targeting Adobe Reader through its vulns.

Clearly it should go without saying, if you don’t know why someone would send you a file, don’t open it.  And if you’re not sure, ask.  All of the poisoned documents in the world do no harm if you’re smart enough to not open them in the first place.

Microsoft has announced its intent to end its support for those versions of Windows which users have not upgraded to their latest service packs.  Specifically, Windows Vista without any service packs will no longer have support after April 13th, 2010.  Windows XP with only Service Pack 2 (WinXP SP2) will likewise have its service terminated on the 13th of July, 2010.  As will any version of Windows 2000 (Win2K).  Also on the 13th of July, Microsoft is moving Windows Server 2003 from mainstream support to extended support, meaning that only the security updates will remain free and everything else will cost money to get help from Microsoft.

“Microsoft believes it is important that all customers take action prior to the end of support date, not only so that they know their options and can prepare, but also to ensure their environments are as secure as possible.”

Obviously, in most cases anyway, simply installing the latest service pack will allow you to continue to enjoy support from Microsoft.  It’s easy.  It’s free.  You really should do it.  For more information from Microsoft on how to upgrade to your latest service pack, look here.

Okay, so yes, it’s easy to pick on Microsoft.  They’re a big target.  And by that I actually don’t mean that they’re a big company, even though they are.  Or that they have a large user base, which obviously, they do.  I mean that they screw up a lot.  There’s pretty much always a Microsoft bug or “feature” threatening computer security.  They’re a big target.  And perhaps it is because they’re a big company with a lot of users, meaning they have all sorts of resources that most companies don’t, and yet still put out such faulty software, that makes them so fun to poke a stick at.

But to be fair, other companies have problems too.

Take Mozilla for example.  They just released update version 3.5.8 for their popular web browser, Firefox.  It fixes a memory corruption hole, a heap corruption vuln, and a bug in their HTML parser.  As well as some minor performance tweaks and stability updates.  Which is good.  But they were also just hit with the exploit of a critical vulnerability that triggers a heap corruption in Firefox version 3.6.  It is known to work on Windows XP and Windows Vista.  It is not the same heap corruption flaw that was just fixed by version 3.5.8.  And it is indeed being used in the wild by hackers.  Let’s see how long it takes Mozilla to close this hole.

And then we come around to Adobe.  The Adobe Download Manager ActiveX control to be specific, which is used to install Adobe software such as Flash and their ever popular Reader for viewing PDF files.  (We’ll overlook that this ActiveX control is only used when you download Adobe products using Internet Explorer.)  This Adobe Download Manager suffers from a nasty security hole in which it theoretically allows a hacker to download and install any bit of software that they like onto your PC.  Umm … with one little caveat.  You, the user, have to click on a malicious link on the Adobe.com webpage to make it happen.  And considering how likely Adobe.com is going to be hacked to create these malicious links to lure you in…  Oh, and don’t forget, the Adobe Download Manager also removes itself from your computer once your official Adobe install has completed and you reboot your PC.  But still, it’s potentially dangerous.  If you overlook those mitigating factors anyway.

So, um, yeah.  Other software companies also occasionally have bugs in their code.  Or features that aren’t as secure as they should be.  Microsoft isn’t the only security offender in the world.

But even with that said, and fairness shown, it’s still pretty hard to compete with Microsoft, no?

If you think that the new SuperSpeed USB 3.0 kit coming out is ever so fast, you’ve got another thing coming!  At least NEC thinks so.  They laugh at the slowness of USB3’s measly 4.8Gb/s.

Why?

Because they have something better.

NEC isn’t tackling any specific serial communication protocol itself.  No, it’s attacking the flaws in the adaptive equalizers used to clear up the signals transmitted over the serial bus.  Because signals, especially over long cables, tend to degrade.  They need cleaning up.  And NEC reckons that it has found a better way to do just that, by adding a delay in the feedback waveform to clear up the signal.  As they say:

“This procedure greatly reduces the nearest-neighbor inter-bit interference in the signal waveform and thus successfully alleviates the issue of feedback-time constraint inherent in conventional equalizers.”

The result?  A serial bus that can hit 16Gb/s, more than three times faster than USB3, says NEC.  And this concept, they say, can be applied to any serial communication by using their technique to improve the interface chips, continuing to use the same bus.

Perhaps EvenMoreSuperSpeed USB 4.0 with 16Gb/s transfers is just around the corner then.  Or even PCI Express 4.0 with 3B/s at 1x and 48GB/s at 16x.  According to NEC, it’s possible.

Microsoft researchers claim to have found one possible cause of the Patch Tuesday BSOD nightmare assaulting a hefty number of Windows XP users who applied the MS10-015 patch.  The culprit?  A rootkit.  The Tdss rootkit to be exact.  Though Microsoft isn’t so quick to nail all of the problems upon that single piece of malware.

“In our continuing investigation into the restart issues related to MS10-015 that a limited number of customers are experiencing, we have determined that malware on the system can cause the behavior. We are not yet ruling out other potential causes at this time and are still investigating.”

Still, it’s nice that we even have this much of an answer.

Fortunately only this one update from the baker’s dozen of this last Patch Tuesday is causing problems.  The rest of them can safely be installed.

And if you happen to have the infinite reboot loop caused by MS10-015, Microsoft would love to have a memory dump from you.  At least, assuming, you can find some way to actually grab that memory dump between the constant rebooting…