Steve Strout, CEO of the Americas SAP Users Group (ASUG), is no longer with the organization, a spokeswoman said Wednesday.

The spokeswoman declined to provide further comment, including whether Strout left voluntarily or was fired. She referred IDG News Service to another ASUG spokeswoman, who did not immediately respond to a request for comment.

[ For the most recent developments on SAP's Enterprise Support, see "Update: SAP tweaks support offerings" | Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

Strout, who could not immediately be reached Wednesday, was ASUG's first full-time CEO. The group claims to have more than 50,000 members.

He was also on the front lines of a debate this year over SAP's controversial decision to move all customers to the fuller-featured but more expensive Enterprise Support service. User groups in Europe were vocally critical of SAP's move, while Strout and ASUG sought in public comments to maintain a moderate tone.

SAP has maintained that the move was necessary due to increased complexity in customers' environments and that it will result in a lower total cost of ownership.

But so far, customers aren't wholly convinced. The SAP User Group Executive Network (SUGEN), a group made up of representatives from SAP user groups around the world, is now working with SAP to develop key performance indicators for Enterprise Support.

The two parties will "jointly evaluate the progress of these KPIs against customer expectations on a regular basis and adjust the continued rollout of SAP Enterprise Support until the quality measures are achieved," SAP said this month.

In an interview earlier this month, Strout took a measured view of SAP's position on support pricing. "I don't know that we're accepting that as much as we're recognizing that we're not here to tell SAP how to structure its business. Customers will vote with their money," he said.

Strout also said the KPIs should help settle the debate: "Let the actual data talk for itself. To date, the predominant conversation has been emotional."

The CEO of Parallels on Tuesday defended the recent upgrade of his company's Mac virtualization software as a "quality product" and said that negative comments from users had been overblown because the firm doesn't edit its support forums.

"We do not moderate our support forums," Serguei Beloussov, Parallels' chief executive, said on Tuesday, referring to the practice of monitoring, and sometimes purging, user comments. "We became a victim of our own open policy."

[ Stay up to date on the latest virtualization developments with InfoWorld's Virtualization Report blog and newsletter. ]

Beloussov maintained that it was a very small group -- "a couple of dozen," he said during the interview -- who are posting negative comments about the upgrade on the company's support forums. "It's actually quite a small number who are getting upset," he argued. "I have engineers coming to me who are asking 'Why do we get this reaction? There are only a few people making noise, and there are no real problems, only problems of perception.'

"Happy customers don't go to forums," Beloussov maintained. "And lots of [problems reported in the forum] have been resolved in Desktop 4."

Parallels Desktop for Mac 4.0, which the company released Nov. 11, has been blasted by some users on the company's forums for troubles ranging from locked-up virtual machine migrations and jumpy cursors to flaky Internet connections and slow performance once the upgrade's completed. Messages began to accumulate on the support forums soon after the upgrade hit the street.

"Currently, PD4 is absolutely useless," said a user labeled "solus" on Nov. 14, just a few days after the upgrade was released. "PD3 was lightning fast compared to this new version, and it's very disappointing."

Another user timed the boot process of his new Parallels Desktop for Mac 4.0 and compared to it to times for the upgrade's predecessor, then claimed that in his case, the newer version was nearly three times slower. "What happened to make Parallels so slow?" asked "phesopeon" in a message on Tuesday.

"I have an XP Professional disk image which PD4 cannot seem to convert from PD3 format," said a user identified as "nickhillard" on Nov. 21. "This is causing me serious problems. PD4 does not work for me. At all."

Parallels issued a hotfix update to Desktop for Mac 4.0 on Nov. 20 that fixed 20 bugs, nearly half of them addressing upgrade issues. That, however, didn't stop the complaints.

After applying the hotfix, some users ran into the dreaded Windows "Blue Screen of Death"; if those users had not created a backup of the virtual machine, they discovered that they couldn't roll back to an earlier edition of Parallels. "This update has now broken the new VM I had to create after the last version 4 release broke my VMs," reported a user named "ichi" on the same thread that announced the availability of the hotfix. "Thanks for getting us paying customers to test your software for you Parallels. If I had wanted to be a beta tester I would have asked you."

On Tuesday, Parallels issued a utility designed to recover blue-screened virtual machines, and posted a link to the download on its Web site.

Some users were so frustrated with the upgrade that they demanded their money back. "I have repeatedly requested a refund from Parallels as a result of this DEFECTIVE upgrade experience that has cost me more money than I'd like to reveal due to time loss, productivity loss," ranted "ScottMA" in a message last Sunday.

Beloussov stood behind Desktop for Mac 4.0, and dismissed the comments as indicative of a very small minority of dissatisfied customers. "The quality of the product is quite good," he said, noting that by its nature, virtualization software is complex.

Desktop for Mac 4.0 introduced thousands of changes from the previous version, he noted. "We try to fix issues as soon as they come along."

While Beloussov acknowledged the problems reported on the company's support forums and via both e-mail and telephone to the company's support desk, he rejected the idea that any issues with Desktop for Mac 4.0 are widespread.

"We have a million happy customers," said Beloussov. "Tens of thousands have updated to 4.0 and 99% of them have been happy with the new release's performance and speed." Twice, Beloussov said that the complaints came from only "a couple of dozen" people, although a look Tuesday at the company's support forum threads revealed many more than that.

He also downplayed the idea that large numbers of customers had sought refunds. "We don't have a lot of people asking for refunds," he said.

Parallels' policy is to accept refund requests within 30 days of downloading a digital copy of the virtualization software. A Computerworld editor who purchased Desktop for Mac 4.0, then asked for a refund, was promptly issued a credit to his credit card.

A message on Parallels' support site told users to expect "extended delays" in getting help due to the launch of Desktop for Mac 4.0. The company will also provide free-of-charge phone support to users having trouble upgrading, Beloussov said, although there was no mention of the free support offer on Parallels' site, where phone support remained priced at $29.99 per incident.

Parallels Desktop for Mac 4.0, which includes nearly 60 new features by the company's count and boasts significant performance improvements, competes with VMware Inc.'s $79.99 Fusion 2.0 and Sun Microsystems Inc.'s open source VirtualBox 2.0.4 in the Mac virtualization market.

Parallels' product is also priced at $79.99; an upgrade for current users costs $39.99.

Computerworld is an InfoWorld affiliate.

The zombie computers used to send spam are coming back to life.

Security vendors say spammers are reconnecting with hacked PCs used for sending spam as evidenced by a rising number of spam messages circulating on the Internet the last few days. Spam levels suddenly dropped two weeks ago after the shutdown of McColo, a rogue ISP based in San Jose, Calif., whose connectivity was used to control networks of hundreds of thousands of computers to send spam, known as botnets.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Computers that are part of the Srizbi botnet -- which by some estimates sent nearly half of the world's spam -- are apparently becoming active again, according to researchers from FireEye.

"Srizbi has returned from the dead and has begun updating all its bots with a fresh, new binary," according to a blog post on Tuesday by Atif Mushtaq and Alex Lanstein of FireEye. "The worldwide update began just a few hours ago."

Srizbi's computers were controlled by spammers through McColo's network. When McColo was shut down, those computers tried to call back and get new instructions to send spam. But the botnet operators are clever and created a way to get those machines back if they were stranded.

FireEye researchers essentially did an autopsy on Srizbi's code. They found that the hackers put in an algorithm that dynamically generates a domain name from which a compromised computer could fetch new instructions.

The hackers could then register that domain name and put instructions there to tell the compromised PC to go to a different command-and-control server -- not McColo's -- for new instructions.

Since FireEye figured out how the algorithm worked, the company registered the gibberish domain names, such as "auaopagr.com," that algorithm generated. When those machines reported for duty, there were no instructions. But FireEye couldn't keep preempting the spammers forever by buying domain names.

Now the compromised computers are connecting to domain names registered by the spammers and getting updated code, including templates for new spam campaigns. The new command-and-control servers are in Estonia and the domain names are being bought from a registrar in Russia, FireEye said.

Srizbi at one time amounted to more than 450,000 PCs, and it remains to be seen how many of those machines have updated code. But three other botnets that were controlled via McColo -- Rustock, Cutwail, and Asprox -- all appear to also be coming back online.

Dmitry Samosseiko of computer security vendor Sophos wrote on Wednesday that spam levels suddenly surged earlier this week, due in part to the resurgence of the Rustock botnet.

McColo's connectivity was briefly restored by mistake by TeliaSonora, and the precious few hours online allowed spammers to tell computers infected with Rustock where to go for new instructions.

Antispam vendor MessagLabs, which was recently acquired by Symantec, hasn't noted a rise in spam associated with Srizbi, said Paul Wood, senior analyst based in their U.K. offices.

Wood said MessageLabs analyzes spam that ends up in the inboxes of its 8 million users, and it may be that Srizbi is either not up to speed yet or changed how it targets people.

But MessageLabs has noticed an uptick in spam coming from Rustock, Cutwail, and Asprox, which would indicate those botnets are picking up Srizbi's slack.

"Like any sort of business if your courier goes down or goes on strike, you find an alternative provider," Wood said.

Still, spam levels are around 40 percent of what they were before McColo went down, Wood said.

More used computers could be reused; only 44 percent of computers entering the secondary market end up in the hands of a new owner, despite the fact that worldwide demand for such computers is greater than supply, according to a Gartner report.

Export tariffs and high transportation costs are restricting exports from mature markets to emerging markets. Environmental legislation is also making it harder for low-volume players to compete, according to Gartner.

[ Some old PCs are coming back into vogue. Read about those and other old technologies that are once again chic in InfoWorld's "Vintage geek gift guide." ]

Demand is growing fastest in the Middle East, Africa, and emerging markets in the Asia and Pacific region, in particular China. The largest exporters of secondary PCs are North America, Western Europe, Japan, and Australia.

As pressure increases on developing countries to accept used PCs as a viable technology solution for more basic computing tasks such as Internet surfing and Web e-mail, demand is likely to grow, said Meike Escherich, principal analyst at Gartner.

But competition for second-hand PCs is increasing as the average selling price of new PCs falls, and as buyers increasingly prefer notebooks with the most-recent specifications, or ultra-low-cost mini-notebooks.

Nevertheless, "We expect that most buyers of used PCs will prefer a higher-specification A-branded PC over a basic mini-notebook," said Escherich.

In the end, business is generally good for the commercial resale of secondary PCs, and it is not uncommon for refurbished PCs to offer equal or even better margin opportunities than new PCs, according to Escherich.

Resellers' success depends on their ability to get their hands on multiple PCs of the same configuration, mainly provided by large and midsize businesses and government agencies, rather than dealing with individual systems.

If Verizon Wireless employees could snoop into then-U.S. Senator Barack Obama's cell phone records, as the carrier acknowledged last week, then mobile subscribers may worry how well protected they are. They should, according to some industry analysts and privacy lawyers.

Verizon Wireless found that some employees viewed information from an Obama cell phone account that has been discontinued for several months, the company disclosed last week. Verizon was investigating employees who saw the information, with and without authorization, and put them on paid leave. Later reports said some had been fired.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Verizon declined to comment for this story.

Information that is saved by mobile operators -- and that might be available to unauthorized or unscrupulous employees -- includes whom you talked to, when you called them or they called you, and for how long you talked, as well as text messages and voicemail, according to Ari Schwartz, vice president and chief operating officer of the Center for Democracy and Technology (CDT).

The information can also include your locations when you started and ended the call, as determined by cell towers or other techniques, CDT Senior Counsel John Morris said. The risk is greater with current accounts than with closed ones like the Obama record that was snooped, Schwartz said, because some types of data are kept longer than others.

There have been few cases of internal snooping on mobile records, at least ones that have seen the light of day, according to attorneys and analysts in this area. But neither are there clear protections, they charge.

"It is very easy to obtain wireless phone records of another person," said Chris Hoofnagle, director of the information privacy program at UC Berkeley's Center for Law & Technology. "How can you tell when your (authorized) employee is looking at records in an inappropriate context? That's the challenge that the phone companies have to deal with."

Phone-company employees snooping for fun would be one thing, but the danger seems to go beyond that to include information being passed to outsiders, such as private investigators, he said.

"There is at least some evidence ... there is a little bit of a market in which employees are improperly selling access to private information," said Kurt Opsahl, a staff attorney at the Electronic Frontier Foundation.

According to the Electronic Privacy Information Center (EPIC), online data brokers openly advertise on the Internet that for about $100, they can provide information on all the calls made on a particular cell phone. Such information isn't interesting solely to celebrity-chasers, observers said. It could put average people in danger from stalkers or ex-spouses, for example.

Under standard procedures, no one at a mobile operator looks at an individual's call data record -- the combination of personal identity, dialled numbers, call times, and financial details -- without the customer's permission, according to Tad Neeley, chairman of mobile operator Telscape. If a customer service representative needs to see the record to solve a problem over the phone, they ask the subscriber before opening it up. But the information typically is accessible to many people along the line, including those in administrative positions, Neeley said.

Information on incoming and outgoing calls is collected in a database as the month goes on, but the call data record doesn't exist until someone initiates a query to bring that data together with the customer's name, address, and account information, Neeley said. Then the bill goes out, on paper or as an e-mail message, for the customer's eyes only.

Carriers also need to be able to generate a call data record in response to a subpoena or a police search with a warrant, Neeley said.

But that doesn't mean that no one inside a mobile operator can, technically, create a call data record for their own curiosity, Neeley said. Even if the data is encrypted, some administrators and other employees will have passwords to view it.

Comverse, which provides billing software to mobile operators around the world, offers many tools for carriers to both secure their subscriber records from unauthorized users and keep records on what authorized users do with them, said Senior Vice President Kurt Silverman.

"In our systems, we'll know what you've done, if you did anything interesting," Silverman said. Verizon does not use Comverse's software, he said.

The legality of viewing cell phone records isn't always as cut and dried as relying on a subpoena, warrant, or customer permission, privacy experts said.

Improperly viewing phone records, whether for landline or mobile phones, should fall under federal wiretapping laws, Berkeley's Hoofnagle said. But the statutes specifically addressing phone-record privacy are complicated and aren't always as strong for cell phones as for landlines, he said. A recent bill in the California legislature aimed to protect cellular information as tightly as landline phone bills.

"California tried to strengthen its phone records protections, and there was a very strong lobbying effort from the phone companies to prevent expansion," Hoofnagle said.

The federal government has cracked down on improper access to cell records with the Telephone Records and Privacy Protection Act. It was enacted last year in part to prevent "pretexting," where unauthorized people call a carrier and pretend to make a legitimate request for information. Following the Obama records incident, Sen. Patrick Leahy, chairman of the Senate Judiciary Committee, earlier this week asked the Department of Justice whether that law had been effective in protecting consumers' privacy. But whether the pretexting law covers this kind of internal breach will be a matter of interpretation, CDT's Schwartz said.

There isn't much a consumer can do to prevent phone-company employees delving into bill records, but Schwartz recommends that anyone concerned about it ask carriers about their privacy policies before signing up.

If a mobile operator promised its subscribers certain privacy protections and didn't deliver them, that could be grounds for a breach-of-contract suit or even an action by the U.S. Federal Trade Commission against deceptive practices, Schwartz said.

The fact that Verizon found out about these breaches and acted on them is actually a good sign that the industry may be moving in the right direction, Schwartz said.

Opsahl of EFF, which has clashed with the Bush administration over alleged illegal federal wiretapping in the case of Hepting versus AT&T, sees another possible silver lining.

The question of call-record privacy is key to Hepting vs. AT&T, where the government is alleged to have monitored who called whom on some carriers' wired networks. Voting as a U.S. Senator earlier this year, Obama approved a law that in part granted some immunity to carriers in such cases. Opsahl said this case may contain a lesson.

"It might help Obama understand the invasiveness of the warrantless surveillance program," Opsahl said.