Binarycse Blog

AN anti-child abuse watchdog has reversed its decision to blacklist a Wikipedia page showing a controversial 1976 album cover after protests over censorship.
Most British internet service providers had blocked users from accessing the image of a prepubescent naked girl on the cover of the Virgin Killer album by the Scorpions, a German band, after the Internet Watch Foundation ruled it was a “potentially illegal indecent image”.

But the picture was accessible on many other sites and some argued that, while provocative, it was an artistic historical artefact and should not be banned.

Last night the IWF accepted that its ban had been counter-productive after the controversy had prompted millions to view the image.

It said in a statement: “The IWF Board has considered these findings and the contextual issues involved in this specific case and, in light of the length of time the image has existed and its wide availability, the decision has been taken to remove this webpage from our list.

“IWF’s overriding objective is to minimise the availability of indecent images of children on the internet, however, on this occasion our efforts have had the opposite effect. We regret the unintended consequences for Wikipedia and its users. Wikipedia have been informed of the outcome of this procedure and IWF Board’s subsequent decision.”

The IWF said that any further reported instances of the image which are hosted by ISPs outside Britain would not be blacklisted. But it reserved the right to reconsider other instances of the image hosted in Britain.

Wikipedia had sharply criticised the IWF decision which had the side-effect of leaving many British internet users unable to edit Wikipedia entries and affected the website’s performance.

The IWF is funded by the European Union and the British online industry to gather reports of instances of child abuse pictures on the internet and issue ‘take down alerts’ to ISPs. Its blacklist is used on a voluntary basis by 95 per cent of British-based residential ISPs.

In its statement the IWF said that it still considered that the image was “potentially in breach of the Protection of Children Act 1978″ in Britain. The image shows a naked girl, aged about 10, with a cracked glass effect covering her genitals.

The album cover, which was replaced in many countries after an outcry when it was released in 1976, has been under discussion on Wikipedia for many months and has been deleted and reinstated. The page was reported through the IWF’s online reporting mechanism on 4 December and assessed to be potentially illegal and indecent.

The IWF said: “As such, in accordance with IWF procedures, the specific webpage was added to the IWF list. This list is provided to ISPs and other companies in the online sector to help protect their customers from inadvertent exposure to potentially illegal indecent images of children. Following representations from Wikipedia, IWF invoked its Appeals Procedure and has given careful consideration to the issues involved in this case. The procedure is now complete and has confirmed that the image in question is potentially in breach of the Protection of Children Act 1978.”

The Wikimedia Foundation behind Wikipedia had protested that the IWF had gone too far. “The IWF didn’t just block the image; it blocked access to the article itself, which discusses the image in a neutral, encyclopedic fashion,” said Wikimedia Foundation head Sue Gardner from San Francisco.

“The IWF says its goal is to protect UK citizens, but I can’t see how this action helps to achieve that – and meanwhile, it deprives UK internet users of the ability to access information which should be freely available to everyone. I urge the IWF to remove Wikipedia from its blacklist,” she added.

Says Net Applications’ spectacularly named Vince Vizzaccaro: the operating system that some 6,000 Google employees are currently testing has had its user agent string data surgically removed.

By so carefully binning the user agent string from its OS, Google has ensured that other, less sensitive data is retained. Or to put it another way, it’s the perfect security setup for an operating system based in the cloud.
Google employees are testing a secret operating system. Thrillingly, it’s an OS that leaves no trace behind.
Rumours about a Google operating system have been in the blogosphere since Adam was a lad (asking Santa for a T-Mobile G1). And the launch of Google Chrome and Google Android brought it to within touching distance.

Android is, of course, a bone fide OS already, and Google never intended it to be restricted to phone handsets. Perhaps more significantly, as we said at launch, Chrome itself may be more operating system than browser.

After all, in this post-Windows Vista, Linux-infested, netbook-enabled world there’s little that Windows natively does that Google hasn’t at least attempted to punt in the cloud. And there are plenty of Microsoft Office features Microsoft charges hundreds of quid for that Google offers for free. In principle, all your hardware need do is run Chrome and access the web.

No-one could claim that Google is close to offering even a mature productivity suite, never mind an operating system. But its putting the pieces in place.

And as far as the great unwashed is concerned, Google has one great advantage that Microsoft is unlikely ever to enjoy: its commercial model. Users tend to be a great deal more forgiving of software that’s free, than that they’re forced to shell out a mint for.

Microsoft Research India has developed technology that will allow users to search maps even in countries like India where the addresses are often not in a structured format.
The research project is called Robust Location Search, and a prototype of the technology is already ready, said B. Ashok, director of advanced development and prototyping at Microsoft Research India. Although developed in India, the technology is generic and has been designed to be deployed in any country that has unstructured addresses, he added.

Rather than look for rules in the address, the algorithm uses underlying geospatial data to figure out what location the terms in the address string match with, Ashok said.

In countries like India, a location is often described in an address by its spatial relationship such as near or opposite a landmark, rather than by a formal, hierarchical address structure consisting of a street number, street name, city, state and postal code.

Very often the same location may have a different address or a reference to a different landmark, Ashok said. The local postman knows how to deliver letters based on these unstructured addresses, but such unstructured data poses a challenge for software used for map searches, he added.

Commercial mapping services, including those of Google, Yahoo and Microsoft were initially designed for countries like the US, which has structured addresses, but they may not be as good when working on unstructured addresses, Ashok said.

The research lab in Bangalore is in discussions to incorporate the new algorithm in Microsoft’s Windows Live Local.

Microsoft Research India uses a technology, called spatial intersection, to analyze various terms in the address string to figure out the location for an unstructured address such as ’2nd Cross, 10th Main, Sadashivnagar, Bangalore’.

The software starts with terms like ’2nd Cross’ and ’10th Main’, then uses the street intersection information that 2nd Cross intersects with 10th Main to identify all the instances on the map where the 2nd Cross intersects with 10th Main, Ashok said. The next term, Sadashivnagar, intersects with the information collected on intersections of 2nd Cross and 10th Main to arrive at the location that the address refers to, he added.

The software will arrive at the location regardless of the order in which the terms are presented in the address, and also when the same location has a number of alias addresses, Ashok said. It can also be used by users in multiple languages. A query in Hindi, an Indian language, would for example be transliterated to the language of the map, and the search done based on these terms, according to Ashok.

Protecting Windows from malware has always been a sensitive subject for Microsoft, given that many people blame the software giant for causing all the problems in the first place.
The operating system is notoriously susceptible to attack and Microsoft has known for several years that it must do more to protect users. Malware is so pervasive that one could argue Windows isn’t fit for purpose out of the box – any PC connecting to the web without security software is living on borrowed time.

Therefore, Microsoft has been treading a fine line since launching its OneCare security product two years ago. Critics claimed the firm was charging Windows users for a second product just to make sure the first operates safely. It’s a bit like buying a car, only to find out the brakes are an added extra.

This is slightly unfair on Microsoft, whose software is a target for hackers and malware writers largely because it’s so widely used. And over the past 10 years we’ve come to terms with having to fork out for third-party security software.

However, if you believe some of the headlines over the past few weeks, that may be about to change. Microsoft announced that it will kill off OneCare next summer, and replace it with a free antivirus product codenamed ‘Morro’.

At the heart of this strategy is a drive to increase the number of computers with antivirus protection installed. Microsoft cites some pretty worrying statistics to explain the problem: as many as 50 percent of computers aren’t properly protected. This seems an incredible figure to those of us who have been studiously installing and updating antivirus for years.

Microsoft contends that many consumers are confused by the bloatware that’s preinstalled on brand-new PCs – they think a trial version of Norton ensures they’ve got security sorted, blissfully unaware that it can become a hindrance once the 90-day trial is up. So, despite running on OneCare’s less-than-convincing antimalware engine, Morro will be better than nothing.

But Morro won’t include the bells and whistles provided by specialists in the field, such as Symantec, McAfee and Kaspersky; the latest suites offer a combination of malware protection, PC optimisation, antispam and backup features. Microsoft is unlikely to provide these for free because of antitrust concerns.

However, if Morro convinces those who take a slack attitude to security to finally get some antivirus protection, their systems will present less of a threat to the internet at large. Unprotected PCs are an easy target and many of them are recruited into the botnets responsible for distributing malicious code in the first place.

So while the prospect of a Microsoft product that’s secure out of the box remains a distant one, Morro is a step in the right direction that could benefit us all.

Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec, no friend of Microsoft, said in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors.
The information was a part of Symantec’s 11th Internet Security Threat Report. The report, released this week, covered a huge range of security and vulnerability issues over the last six months of 2006, including operating systems.
The report found that Microsoft Windows had the fewest number of patches and the shortest average patch development time of the five operating systems it monitored in the last six months of 2006.
During this period, 39 vulnerabilities, 12 of which were ranked high priority or severe, were found in Microsoft Windows and the company took an average of 21 days to fix them. It’s an increase of the 22 vulnerabilities and 13-day turnaround time for the first half of 2006 but still bested the competition handily.
Red Hat Linux was the next-best performer, requiring an average of 58 days to address a total of 208 vulnerabilities. However, this was a significant increase in both problems and fix time over the first half of 2006, when there were 42 vulnerabilities in Red Hat and the average turnaround was 13 days.

The one bright spot in all of this is that of the 208 Red Hat vulnerabilities, the most of the top five operating systems, only two were considered high severity, 130 were medium severity, and 76 were considered low.

Then there’s Mac OS X. Despite the latest TV ads ridiculing the security in Vista with a Matrix-like Agent playing the UAC in Vista, Apple has nothing to brag about. Symantec found 43 vulnerabilities in Mac OS X and a 66 day turnaround on fixes. Fortunately, only one was high priority.

Like the others, this is also an increase over the first half of the year. For the first half of 2006, 21 vulnerabilities were found in Mac OS X and Apple took on average 37 days to fix them.

Bringing up the rear were HP-UX from Hewlett Packard and Solaris from Sun. HP-UX had 98 vulnerabilities in the second half of 06 and took 101 days to fix them. Sun, though, really dragged its feet, taking on average 122 days to fix 63 vulnerabilities. It wasn’t doing much better in the first half of 06, either. It took 89 days to fix 16 vulnerabilities.

Alfred Huger, vice president of engineering for Symantec Security Center, said the real problem is with Web applications, where two-thirds of all vulnerabilities are found. Operating systems are fairly minor, and despite the long time periods, the vendors are doing “an ok job, just not stellar.”

The response from vendor’s mentioned in the report was mixed. A Microsoft spokesperson issued a statement to internetnews.com that said in part “As a part of this industry, Microsoft continues to adapt to address these threats and continues to work with others in the industry to protect customers as a whole.”

Anuj Nayar, manager of Apple’s Mac OS X and developer relations, would only say “Apple takes security very seriously and has a great track record of addressing vulnerabilities before they affect you.”

Sun specifically disputed Symantec’s data and conclusions in a statement emailed to internetnews.com:

“Symantec’s data on security vulnerabilities simply does not match Sun’s. We can’t verify Symantec’s sources and consider their report on Sun inaccurate. From 7/1/06-12/31/06 we published 54 Security Sun Alerts, of which 36 were for Solaris – substantially less the 63 Solaris vulnerabilities claimed in the Symantec report. Past analysis of our vulnerability response shows we responded within five days for the vast majority of vulnerabilities, but averages are skewed by a small minority of 3rd party applications (or code) that are included/bundled with Solaris. Sun responds to all reports of security vulnerabilities, and we stand by our reputation and established track record of responding to security vulnerabilities with Sun Alerts and a quick turnaround time for patches.