Security software suites are doing a poor job of detecting when a PC's software is under attack, according to Danish vendor Secunia.

Secunia tested how well a dozen Internet security suites could identify when a software vulnerability was being exploited, said Thomas Kristensen, Secunia's CTO.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

That's a different approach from how the programs are architected today. Security software tends to focus on the detection of malicious software that ends up on a PC after a vulnerability has been exploited. The software is updated with signatures, or data files, that recognize certain malicious payloads that are delivered to the PC post exploit.

There's a distinct advantage in focusing on detecting an exploit rather than defending against innumerable payloads, Kristensen said. The exploit itself doesn't change and must be utilized in the same way for the PC to be hacked.

An innumerable number of payloads -- ranging from keystroke loggers to botnet software -- could be deployed during an attack against a vulnerability.

Identifying the exploit isn't easy work, however, Kristensen said. Versions of the program affected by the vulnerability must be analyzed before and after a patch is applied in order to figure out how the exploit works.

For its test, Secunia developed its own working exploits for known software vulnerabilities. Of those exploits, 144 were malicious files, such as multimedia files and office documents. The remaining 156 were exploits incorporated into malicious Web pages that look for browser and ActiveX vulnerabilities, among others.

Symantec came out on top, but even then, its results were not stellar: The company's Internet Security Suite 2009 detected 64 out of 300 exploits, or 21.33 percent of the sample set.

The results then became much worse. BitDefender's Internet Security Suite 2009 build 12.0.10 came in second, detecting 2.33 percent of the sample set. Trend Micro's Internet Security 2008 had the same detection rate as BitDefender, followed by McAfee's Internet Security Suite 2009 in third at 2 percent.

Kristensen cautioned that Secunia was aware most vendors are not focused on detecting exploits. But it would benefit vendors to start creating signatures for exploits rather than merely payloads, since it could save them more time. There are far fewer exploits than payloads, he said.

Vendors such as Symantec appear to be moving in that direction, as it has created signatures for Microsoft-related exploits, Kristensen said.

"We are not seeing any of the other vendors having anything similar to that," Kristensen said.

In the meantime, users should apply software patches as soon as those patches are released. If there's a delay between when an exploit is public and a patch released, users also can simply avoid using the particular program.

"Too many people think they have nothing to be worried about if they only have [antivirus software]," Kristensen said. "Unfortunately, that is definitely not the case."

The U.S. Department of Justice (DOJ) won't file criminal charges over the pricing and marketing strategies of graphics chipmaker ATI Technologies, now owned by Advanced Micro Devices, the company said Monday.

The DOJ told AMD on Friday the entire investigation is closed, said Michael Silverman, AMD spokesman.

[ Keep up on the latest tech news headlines at InfoWorld News, or subscribe to the Today's Headlines newsletter. ]

The DOJ subpoenaed vendors AMD and Nvidia in late 2006 as part of an antitrust investigation into the market for graphics processors and graphics cards. The investigation came a month after AMD finished its acquisition of ATI for $5.4 billion.

The news is good for AMD, which has struggled financially in part due to its acquisition of ATI.

In July, AMD said it would take a charge in its second quarter of 2008 for $880 million related to ATI's former business units. The charges were related to impaired assets in ATI's former handheld and digital TV business units, which were merged into AMD's consumer electronics group after the acquisition.

AMD is due to report results for its third quarter of 2008 on Thursday after markets close.

Hitachi Data Systems has added three new models to its Adaptable Modular Storage (AMS) range, introducing support for SAS (serial attached SCSI) disks and a new dynamic load-balancing system with two active controllers.

The inclusion of symmetrical active-active controllers in the new models means enterprises can save on a whole range of software costs, said Michel Alliel, products and solutions manager at Hitachi Data Systems.

[ Get the latest on storage developments with InfoWorld's Storage Adviser blog and Storage Report newsletter. ]

There's now no need to buy software to manage paths between controllers and disks, or to perform load-balancing to even out traffic demands between two controllers, he said, as the AMS2000 series handles that automatically.

A task such as reconfiguring a system after adding a new disk tray can now be done in seconds, rather than hours, he said.

That dynamic balancing and automatic creation of paths holds good even when it comes to putting one controller out of action for a firmware update.

"There's finer granularity of the elements that you can shut down to update them," Alliel said.

The support for SAS disks offers a number of advantages over older Fibre Channel systems, according to Alliel.

For one thing, it makes life simpler, as it's now possible to mix SATA and SAS disks in the same tray. Enterprises might want a mix of disk types in the same system, as SAS is better suited to high-performance, nonstop storage, whereas SATA might be more appropriate for high volumes of data that must be kept online but are needed less often.

It's also possible to address SAS disks individually over a point-to-point communications channel, whereas Fibre Channel disks would be linked together, with up to 60 of them on the same loop.

Hitachi Data Systems also touted the lower energy consumption of the new models, thanks to their ability to spin down little-used SATA disks, and to turn them off altogether if they remained unused for extended periods. Slowing a SATA disk from 7,200 rpm (revolutions per minute) to between 3,800 and 4,200 rpm can cut its power consumption from 7 watts to around 4.2W, Alliel said.

The AMS2100 holds up to 120 SATA or SAS disks and has a maximum cache size of 8GB, with prices starting at $31,500. The AMS2300 holds up to 240 disks and 16GB of cache, and starts at $47,500. Both are available now.

The top-of-the-range AMS2500 has a maximum cache size of 32GB, can handle up to 480 SATA or SAS disks, and has a starting price of $81,500. It won't appear until around the end of the year, said Emilie Lieblich, marketing manager for Hitachi Data Systems France.

Fans of the existing AMS models can still buy them until October 2009, and after that Hitachi Data Systems will offer support for five more years, through 2014.

Meanwhile, the company plans to offer a part exchange scheme for owners of the existing models wanting to upgrade. Staff were not immediately able to say what allowances would be made for old equipment, however.

The Internet attack took Yahoo engineers by surprise. It came so fast and with such intensity that Yahoo, then the Web's second most-popular destination, was knocked offline for about three hours.

That was on the morning of Feb. 7, 2000. A few months later, 15-year-old Michael Calce was watching "Goodfellas" at a friend's house in the suburbs of Montreal when he got a 3 a.m. call on his cell phone.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

His father was on the line. "They're here," he said.

Calce knew right away what that meant. He had already talked to a lawyer after warning his father, weeks earlier, that he'd knocked offline a string of high-profile Web sites -- Amazon, Dell, CNN -- and his attacks had been widely covered in the press.

Although the late-night visit by the Royal Canadian Mounted Police was not a surprise, Calce said his mind was racing as he walked out to a street corner to wait for a police cruiser to swing by and arrest him. What was going to happen? Would he go to jail?

Calce, who was known at the time only by his online moniker, Mafiaboy, eventually pled guilty to criminal hacking charges. He served time in a group home where he was allowed to attend school and a part-time job, but was otherwise essentially locked in his room. He couldn't use computers and, isolated from friends and family, he "almost hit a state of depression," he said in an interview this week -- one of his first since his arrest eight years ago.

"It changed me completely," he said of his time in detention. "I started to think about how I could help society rather than be a detriment."

To hear Calce tell it, it's easy to see what got him into the world of criminal hacking: the power.

At nine and a half years old he was knocked offline by someone he'd annoyed while hanging out in an AOL chatroom looking for pirated software. "I was amazed that somebody was able to do that," he said.

Intrigued, he soon learned how to do the same to others, a practice called "punting."

Three years later, when his best friend was killed in a winter car accident, Calce said he became a darker, more isolated kid.

"It definitely fuelled me to not really care about what was going on in the real world," he said.

At 15, he had moved from AOL's chat rooms to the EFnet IRC network where he learned some very nasty tricks indeed.

On the day he knocked Yahoo offline, Calce estimates that he had hacked into perhaps 40 percent of the major universities in the United States, using attack code that he picked up online.

His bag of tricks included attacks for Solaris, HP-UX, and the Linux operating systems. The BIND (Berkeley Internet Name Domain) software used to manage the Internet's DNS was also a favorite target.

To hit Yahoo, he used a DoS attack, sending the online portal's Web servers a stream of useless information and forcing them to constantly respond, using up precious network bandwidth.

He took DoS attack code written by a hacker named Sinkhole and developed a way to remotely train all of his approximately 200 university networks on the same target simultaneously, he said.

Soon Yahoo was offline.

"I really couldn't believe it at first," Calce remembered. "Did I get lucky with that attack, or was my network really that powerful?"

"This is why I continued with my attacks. I thought Yahoo might have been a fluke," he added.

Over at Yahoo, nobody seemed to think that luck was involved.

"It was horrible," said Jeremiah Grossman, who worked in Yahoo's security department at the time. "It worked quite well; it knocked down one of the most stable sites on the Web."

Grossman, now CTO at White Hat Security, said he still uses Calce's Yahoo attack as a point of reference when he needs to talk about what kind of bandwidth it takes to knock a site offline.

DoS attacks may soon be in the news again, security experts say.

Last week researchers Robert Lee and Jack Louis of security vendor Outpost24 said they discovered a major flaw in the Internet's TCP/IP protocol that could allow an attacker to take out a major Web site without first building up the massive network of attacking machines that Calce needed for his crimes.

Calce said one thing is certain: Mafiaboy won't be involved in any new computer attacks. Today he works as a legitimate security consultant and he's on a book tour this week, having published a tell-all story documenting his criminal career and offering advice on how people can protect themselves from, well, people like him on the Internet.

He wants to help protect regular computer users, he said, because they've now replaced universities and corporations as the major targets of attack. And, clearly, he wants to dispel the notion that he was a know-nothing "script kiddie" who used other people's software to wreak havoc on the Internet.

"I want to let everybody know that I acknowledge what I did was wrong," he said. "I just want to share my knowledge with people."

Solaris has been Sun Microsystems's bread-and-butter Unix system since 1992. While Unix platforms such as Solaris now are up against the open source Linux juggernaut, Sun maintains it has the technological advantages and accommodations for open source to keep Solaris in the game. The company also cites important customer wins as evidence of the platform's continued strength. To hash out the state of Solaris in today's marketplace, InfoWorld editor at large Paul Krill recently met with Jim McHugh, vice president of Solaris marketing at Sun, at the company's Menlo Park, Calif., campus.

InfoWorld: Solaris has major users such as Joyent and General Electric. But it does seem like Linux has the momentum, not just when compared with Solaris, but compared with Unix overall. Recent shipment figures I received from IDC show Linux growing and Solaris slipping, with the Solaris volumes being reduced between 2006 and 2007. Does Sun have any new efforts planned to promote Solaris as an alternative to Linux or as a complement to Linux?

[ ManyLinux advocates that Solaris is on its deathbed. Find out why in InfoWorld's analysis. ]

Jim McHugh: I actually think that what we're hearing is Linux has made some momentum and there was some movement toward Linux, but actually we're seeing now a lot of movement back from Linux to Solaris. So basically, you could find an example anywhere that would lay out -- OK, if I moved off this old machine, running this older version of that operating system to a new machine running a newer version of [an] operating system, I will find cost savings. Right? For every example, [people were] saying, "I moved from Solaris to Linux and I saved X amount of dollars," I can give you a couple of examples right back of people who moved from Linux, an older version, to Solaris have saved a lot of money, as well.

InfoWorld: Do you have a couple of examples?

McHugh: Glasses Direct in the U.K. switched to Solaris because they found that they were relying upon Apache and that ran 450 percent faster on Solaris than on Linux. So if you're looking at a Web economy, the ability to run your application faster and faster is driving people to say, "OK, I'm going to look at Solaris for two reasons. One, if Apache runs a lot faster on Solaris, that's a big advantage to my company, but I can also take advantage of key features like DTrace where I actually can optimize the application itself that's running on the Web server, so that plays a good component of it." Others are Sapotek, when they found they had a sixfold performance increase on Solaris 10, and ZhengTu Network, which is in online gaming.

And if you're looking at the trend here of the examples I'm giving you, [for] people that are Web-facing, buying into the Web economy, scale is very important. They probably chose to start out with basic hardware and the OS that they could find. The key thing that you'll see with all these companies, it wasn't the OS that actually they were really thinking about when they were building their application. They wanted to use MySQL, they wanted to use Apache, basically they were looking at the LAMP stack and the most important parts of that were the A, M, and P, right, so they were looking at the Apache, MySQL, PHP, Perl, components.

InfoWorld: What do you see as advantages of Solaris over Windows and over other Unix platforms?

McHugh: Predictive Self-Healing [takes] the standard user messages that would pop up. You know, there's a potential error with the hardware or with a particular application, and what Predictive Self-Healing does is it kicks that back to the software and takes action on it so that it can actually shut down the hardware or restart the application in a way that prevents having failures. So it keeps availability levels up. We've looked at different components that were 30 percent higher availability just because you can actually control the memory cells and know what's going on there and know how to take action before it becomes a problem. So that's one of the key ones.

Solaris security has always been our strength, so if you're looking at what we've been doing as we were working with the government for years and years and having the highest-level security in any OS, that has been a hallmark of Solaris forever, and we keep bringing that forward. You're probably hearing more and more about Solaris ZFS. It's actually a data management system, so we've actually brought it down as the core data management in the file system from that standpoint, and that offers a lot of not only scalability, but also the ability to go backward [to a previous snapshot].

InfoWorld: As you know, I spoke with the executive director of the Linux Foundation [Jim Zemlin]. He basically sees the battle narrowing down as between Linux and Windows. How would you respond to that?

McHugh: I would respond that it seems to me what's going on and what most users see when they look at Linux isn't the Linux kernel. The first thing they see is the Gnome interface and how they back it up. They're looking at some of the other components. And so I would think the user experience that he's really talking about isn't inside the kernel dot-org. I think he's talking about the open source approach [to] doing operating systems. If he's saying it's open source operating systems and open source applications against Windows, sure.

InfoWorld: I don't think he's narrowed it down to one distribution. He's just basically talking about Linux in general.

McHugh: Yes. It's interesting. When he talks about Linux in general, he's talking about this component right down here on the bottom, [the] Linux kernel or Solaris kernel or BSD, for that matter. The BSD guys, if you tell them that all these system libraries etc. are Linux system libraries, I think they would disagree pretty openly. The same thing with the Gnu utilities. Those things are blending and merging, and I think if you look at the Gnome guys, they're a completely separate community that welcomes involvement from the Linux community, but they also welcome involvement from the OpenSolaris community, the BSD communities.

InfoWorld: Do you have any Solaris shipment figures you can offer for the last five years?

McHugh: If you look at the number of licenses of Solaris 10, the latest figure I think we put out was about 13 million, and one thing that is really important to remember, Solaris actually has more deployments than any other Unix or Linux distribution. And we also have more applications running on Solaris than there are on any Linux distribution.

InfoWorld: When you say 13 million licenses, is that cumulative over many years?

McHugh: It's cumulative since the launch of Solaris 10 [three years ago], and that is people who actually have downloaded it. Then we also have ones that we don't necessarily count, because obviously we have very big enterprise customers that have wall-to-wall contracts with.

InfoWorld: The figures I got from IDC talked about 376,000 Solaris shipments in 2006 and 371,000 last year, so that would be sharply different from your figures.

McHugh: Are they counting the number of individual downloads and things that get burned onto a master and then get put onto multiple machines?

InfoWorld: I think they're talking about the shipment totals.

McHugh: They might be counting just our hardware shipment totals. I don't know how they would count OS downloads. If 70 percent of Solaris downloads are going onto other machines -- onto IBM machines, onto Dell machines, onto HP machines -- I don't know how IDC would capture those numbers, and that might account for the delta in itself.

InfoWorld: What's been the progress of the OpenSolaris open source effort?

McHugh: We've had a lot of opportunity to expand the market for OpenSolaris. The number of downloads that are taking place just continues to climb through the roof, the number of active users continues to grow. We're about two months away from the second version of it. We recently put out a CD to students and professors, and we've been receiving a lot of really strong and good feedback on OpenSolaris. It really boils down to the fact that we have the Gnome interface, so it's much easier to use [with] the live CD component. OpenSolaris has been a really big factor in that.

InfoWorld: So basically you have OpenSolaris, which is the open source version, and you still have the commercial version that you license and for which you sell support?

McHugh: Yes. The key thing to remember is we have one Solaris but we have two different use cases. Solaris 10 is what you see inside the enterprise, [for] people who need long-term support. Its release cycle is about three years, and we do updates in between. OpenSolaris we're releasing every six months, constantly adding the latest features, constantly having the latest components from the other open source communities such as Gnome, keeping up to date with the latest features from that standpoint. That gives Web 2.0 companies and people that are building applications the ability to experiment, try out, run the complete latest in operating systems that will give them an advantage as they roll out their Web 2.0 applications. So there are people who are going to be rolling OpenSolaris out in commercial deployments. They just won't be the same people who are running ERP systems with big Oracle databases and SAP.

InfoWorld: Are there any plans to release Solaris or any Solaris technologies like ZFS under the GPL?

McHugh: We chose the licensing for Solaris for a reason, and when you start looking at it, we chose CDDL [Common Development and Distribution License], which is an OSI-approved license. It is very much similar to the Mozilla license, so it has a lot of benefits that people look at. One key one is when you're looking at adding innovation on top of it, doing works on top of it, it works really well. If you're looking at the OEM business and you're looking at other companies that will be adding value on top of OpenSolaris, they really appreciate the CDDL way of doing it because it gives them that flexibility to build on top.

InfoWorld: I've heard that you can't have ZFS or some of the other technologies mixed in with Linux because the license is incompatible because they use the GPL and you don't.

McHugh: Right, so the interesting thing is, if you look at ZFS and DTrace, which are the two key features that I think a lot of people in the Linux community look to and say, "Wow, those are really exciting." Frankly, they're coming and trying OpenSolaris because of it. In one way that's a compliment, and we like when they continue to remind people that [these are] innovations. But the fact is it's not that the OpenSolaris license and the CDDL are not compatible, because you can find DTrace and ZFS in Mac OS and BSD. What we're seeing is, as we're talking about open source communities evolving, open source licenses need to evolve as well. GPL was one of the first ones that were out there. We have products under GPL at Sun, as you know.

InfoWorld: Java.

McHugh: Java, we also do OpenOffice that way. It makes sense for certain communities. We're not so sure just because the decision was made early on that it makes sense right now for us to do that. Also, GPL is evolving, so we have to wait and see how those discussions are going.

InfoWorld: Under what circumstance might you move Solaris to GPL?

McHugh: We are constantly in discussions [and] looking at it. We are a member of the Linux Foundation as well, right at the same level as Red Hat, Adobe, and the other guys. We watch, we learn, we follow it, but things are really driven by two standpoints. First, what are your customers' needs? And again, we have end-user customers in corporations, but we also have OEM customers and partnerships we're building. And we're also looking at what the right way is to get the technology out there and go from there. Clearly, clearly when anyone does that little exercise where they say, "If I could take these key features and build the perfect OS," they reach into Solaris and OpenSolaris and name a few of our features. Predictive self-healing, DTrace, ZFS, and the security components always come to mind.

InfoWorld: You mentioned an upcoming version of OpenSolaris. What are the plans for improvements to Solaris?

McHugh: We are coming out with our update 6 [for Solaris 10] in the end of October, and you'll see OpenSolaris come out in November. OpenSolaris [is] on a faster cadence. We're going to be coming out with six-month revs to OpenSolaris that are really driven at the developer, the Web 2.0 [angle], and going from there. What goes into Solaris 10 has already been in OpenSolaris, if you want to think of it that way. A lot of [the additional features involves] support for some on the Dunnington chip sets from Intel.

InfoWorld: It looks like Sun with Solaris has a strong following and devoted users, perhaps similar to the way Apple devotees stand by their Mac. Would you say that Solaris users tend to be less vocal about their support of their platform than Mac users are about theirs?

McHugh: I think you're comparing an end-user consumer desktop versus administrators or Web guys, so there'll be a different level. There will be a different approach to how they deliver their messaging. If you follow when there are comments online, there is a devoted following of Solaris users who get up there and post things and clarify statements that are made. I don't think they'll be dancing in the streets like you would say [about] Mac OS products.

InfoWorld: Or protesting in the streets.

McHugh: Or protesting in the streets. But I will say when you look at who's the real community that we're looking at, it's the open source operating system community. It's broader than the traditional Solaris users. OpenSolaris has actually taken us into a space where people are saying, and we have people defending and supporting and coming to the aid of Solaris in discussions because they're experiencing OpenSolaris and what it can do and the newness in what's taking place. So I always find it really interesting conversations to watch when you have someone from a certain Linux community who comes after OpenSolaris or Solaris, and they tend to [get] met with someone else who's saying, "Why are you so passionate and strongly feeling against Solaris? What is the issue?" And that's really what comes up. This happens at conferences all the time.

It really boils down to there's a group of people that weren't traditional Solaris admins or Solaris users who are looking at OpenSolaris and saying, "Hey, this is good stuff, take it seriously." Maybe that's why we're seeing more activity where people feel a need to come out really strongly and make strong statements against Solaris, because there's a growing base of supporters of Solaris who are defending it.

InfoWorld: I did have one user at a Solaris-to-Linux site mention there are more people available who can administer Linux than Solaris. Do you see that as a problem? Do you have any plans to remedy that?

McHugh: We definitely have a very strong system admin community. I don't know if you've ever visited our big admin site, but it's a site that exists just for the Solaris administrator and some of the other components at Sun. But you have to keep in mind what we're doing. By adopting the Gnome look and feel and the standard open source user interface, it's just as easy to administer OpenSolaris as it is any Linux distro because you're using the same components. You're using the same user interface. You're using the same packaging system approach for getting software and updating software.

InfoWorld: With Solaris being a 16-year-old platform, has Sun looked at possibilities for a successor platform or are you just going to keep doing Solaris 11, 12, 13, whatever? Any plans for a follow-up?

McHugh: If you look at the innovation that's coming in Solaris, I would say it continues to go really strong. Because of its commitment and its maturity as an operating system, we're able to guarantee things like binary compatibility. It's why you'll find more applications available on Solaris 10 than any other component -- because of the binary compatibility. It's always easy to bring things forward.

That is a challenge in some of the Linux spaces, and I do know that's one of the things that the Linux Foundation is trying to push to is more standardization and helping people through it so that you don't have to worry about -- between Red Hat, Suse, Ubuntu -- being able to run applications. And that is probably the value-add they offer to the broader Linux community. Whereas because of our strength of the maturity, we are able to not put that burden on our customers.

InfoWorld: What's happening with Intel Solaris and desktop Solaris?

McHugh: Solaris x86 continues. So Solaris running on x86 chip set is really what you're asking for. OpenSolaris actually is really strong on the x86. The involvement from Intel is really great; they're one of the big contributors in our OpenSolaris community. Our relationship with AMD continues to be really strong in this space. If you're looking for an OS where a chip manufacturer can get their innovations included really quickly, OpenSolaris is probably the leading OS from that standpoint.

InfoWorld: What about Solaris on the desktop?

McHugh: You can take OpenSolaris and run it on the desktop. As we continue to add these user interfaces, it becomes what people would expect to use in a desktop component from that standpoint. Traditional Solaris on the desktop was really, really strong in the workstation space, but now OpenSolaris is certified on over 3,000 machines. So if you think of it from that standpoint, the availability to be on a desktop is growing faster and faster. We're constantly working with not just only the chip manufacturers, but we're talking to certain computer manufacturers and laptop manufacturers that will be putting out in public soon [systems] that have OpenSolaris.