Jobs Bails on Macworld

• By Doug Barney
• 12/18/2008

But if you're Steve Jobs, you'd ask, "How can I bail?"

That's what Apple and Jobs are doing with Macworld. Job cancelled his keynote and next month's Macworld will be the last Apple will support. Instead, Apple will push its own events. Can you say proprietary?

My beef is that Apple isn't reaching out to new markets. It's not reaching out to the enterprise (we've offered Apple opportunities to talk to you Redmond readers, but it had little interest). It's not reaching out to middle- and low-income consumers (or the Third World) with aggressively priced products. And now it's not even reaching out to its own customers!

What would you do to expand the Mac market? Suggestions welcome at [email protected].

Cisco Says Hackers Getting Smarter: Who Would've Thought?
Cisco -- or, for the purpose of this story, Captain Obvious -- released a study showing that hacker attacks are getting more sophisticated. Doesn't this happen each and every year?

Diving into the details, Cisco says spam makes up about 90 percent of all e-mail traffic. (Since my e-mail is published everywhere, including in this newsletter, spam is about 99 percent of all my mail.) There's also a new form of personalized spam; this way, phishers trick you into thinking the mail is truly legit. Botnets are also getting trickier, the network giant says.

SQL Server in the News
SQL Server is in the news this week nearly as much as Gov. Blagojevich. No, SQL Server didn't try to sell a Senate seat, refuse to leave office and go for a jog. Instead, SQL Server gained a new beta of what will probably be SQL Server 2010 and got a bunch of new security tools for the current version and a new service pack.

Starting with what's shipping today (or near-abouts), we have beta versions of two SQL Server security tools. Both the Anti-Cross Site Scripting Library and the Code Analysis Tool are built to deflect SQL Injection attacks.

Closer still is SQL Server 2005 SP3, which came out Monday. This service pack is largely a roll-up of bug fixes (if you want new features, Microsoft would be happy to point you to SQL Server 2008), but also includes database engine and replication tweaks.

Furthest out is Kilimanjaro, which isn't due for a couple of years. For those that just have to have what will become SQL Server 2010 now, a preview is scheduled next month.

Mailbag: Mac Protection, More
Despite Apple's reputation, Macs need protection, too -- as these readers will attest:

I get weekly reports from US-CERT about cyber threats. One of the recent ones was about OS X. Actually, most of the weekly ones are about open source software and, increasingly, OS X. I guess in the downturn of the economy, folks figure they are getting a bargain buying their software at the "dollar store" (OK, Macs from Neiman Marcus). I guess you get what you pay for -- disposable software or a gated community with holes in the fence.
-Dan

Many years ago, a friend gave me a disk of files for my Mac SE. At least one of the files was infected with a virus. My Mac became infected also. I immediately bought an anti-virus program and removed the virus. That lesson taught me the importance of running an anti-virus program, and I have done so ever since. I've never had a problem since then.
-Anonymous

And one reader pokes some holes in Utest's recent contention that the IE 8 beta is currently the safest browser:

Um, the report says 356 uTesters evaluated Internet Explorer 8 and identified 168 bugs, including 9 percent that were classified as showstoppers. Also, 514 uTesters evaluated Firefox 3.1 beta and identified 207 bugs, including 24 percent that were classified as showstoppers. That's from the Utest Bug Battle page. So Firefox testers averaged 0.4 bugs each with access to source code, and IE testers averaged 0.47 bugs each despite using a proprietary browser.

Also: "During this first Bug Battle, the uTest community discovered one bug every 15 minutes in the three leading browsers; the good news, however, is the fact that no showstopper security flaws were found." The bugs that were found were mostly not security bugs, and no major security flaws were found in the course of this testing.

As far as I can tell, the bug lists aren't posted, so there's no indication what was actually found. Concluding that IE is "the safest, most bug-free browser" is not just a bit of a stretch, it's like stretching one piece of taffy from Florida to California. If you want numbers that actually relate to security, try Secunia: 30 percent (10 of 33 Secunia advisories) of the IE security flaws it's aware of are unpatched, and "The most severe unpatched Secunia advisory affecting Microsoft Internet Explorer 7.x, with all vendor patches applied, is rated Extremely critical." As for Firefox, 14 percent (1 of 7 Secunia advisories) are unpatched, and "The most severe unpatched Secunia advisory affecting Mozilla Firefox 3.x, with all vendor patches applied, is rated not critical."
-Anonymous

Meanwhile, Stephen has some more general grievances with the IE 8 beta:

Much as I like the auto-fill of the URL, the number of sites that already do not function with this version has become so numerous that I'm using Firefox far more these days. The RAD editor we use all the time in IE 7 simply doesn't work in IE 8. If you have a number of IE 8 windows (not tabs) open and click on an e-mail link from some support sites, the page opens in EVERY window! I've resorted to "Always run in compatibility mode" but Fidelity.com gets a permanent "NO! Site under maintenance" page for any log-in attempt. "Back" used to simply be a matter of going "back" -- but no, the geniuses at MS now make it an expired-page-retry 90 percent of the time. Logging in to a Web-commerce site used to be autonomous per IE 7 window, but not now! Testing our site is now a multi-machine affair, thanks to IE 8 -- and that's WITH "compatibility" on. Finally, it's ridiculously simple to drop down the URL history and hit the red X when you actually want to use the URL, not delete it! What -- no "Confirm delete from URL history" option?

Perhaps IE 8 has very few security bugs, but for usability I'd give it no more than 6, and the "fear factor" of uninstalling the beta (which was Microsoft's solution for a reporting services rendering issue) is more massive than I can say. Do I really want a hosed machine? Prior IE and MS uninstalls have left me with chills!
-Stephen

And finally, Rob closes out the year with a few good words about a Microsoft product that's taken plenty of shots in 2008:

I have installed over a hundred copies of Vista on newer PCs (no older than one year). Honestly, I have not had an easier time with an OS install before, ever. I waited over three months after RTM for Microsoft to patch the immediate bugs and get their ducks squared away (like XP and 2000, history shows every new OS has glitches to hurdle over before it's stable).

My first reaction was that it's a fast OS. It has a few quirks here and there with device drivers and legacy apps, but overall, it's slick. Then came SP1...WOW. I remember the first install on an HP Pavilion. Twenty-seven minutes to install, found the Wi-Fi, all peripherals and external HDDs, and just worked. No third-party driver installs. Simple. Easy. Fast. Slick. Love it. And I still do. I love Vista. I believe in it. I sell it daily and although I get the daily grinding calls about XP and its sad demise...well, some people don't like the new Honda Civic, either!
-Rob

Redmond Report is adjourning until next year, but keep sending us your letters! Leave a comment below or send an e-mail to [email protected] -- we'll resume posting them in January.