Week in review: Cursing Windows' cursor flaw

The software giant broke with its monthly patch cycle to fix a bug that cybercrooks had been using since last week to attack Windows PCs, including those running Vista.

The cursor flaw lies in the operating system code. This means that any application that relies on the operating system to handle animated cursor files could be an attack vector, including alternative browsers such as Firefox.

Microsoft officially launched Vista for consumers in January, promoting the operating system as the most secure version of Windows yet. It is the first client version of Windows built with security in mind, meaning that it should have fewer coding errors that could be exploited, Microsoft has said.

"Windows has security holes big enough to drive a truck through. But in Vista, there are fewer holes, and you have to drive a smaller truck."
-- CNET News.com reader

Yet the "critical" hole that affected much older Windows versions also hit Vista. It is a flaw that should have been caught by Microsoft's code-vetting processes for Vista, called the Security Development Lifecycle, some experts said. The flaw is also evidence that faulty code from previous Windows versions has been copied into Vista, they said.

The announcement had CNET News.com readers debating the merits of Vista versus OS X.

"Windows has security holes big enough to drive a truck through. But in Vista, there are fewer holes, and you have to drive a smaller truck," wrote one reader to News.com's TalkBack forum.

However, installing Microsoft's patch is causing trouble for some users because it is not compatible with software that runs audio and networking components from Realtek Semiconductor.

Microsoft is aware of problems the patch might cause with Realtek's audio software. In fact, it knew about them before releasing the fix and published a support article with the security bulletin. An additional update is available from Microsoft to remedy the problem, according to the company's Web site. Microsoft is not aware of networking issues, a representative said.

Mozilla is looking at delivering its own remedy for the cursor flaw. The Firefox work-around could come as a welcome option to those users who, for whatever reason, don't install Microsoft's fix.

Meanwhile, Microsoft has come under attack for the way it advertises Vista. A lawsuit, filed in Seattle, alleges that the company advertised systems as "Vista capable," when in fact the systems were not able to run Vista properly. The suit alleges that the marketing around Vista was designed to deliberately mislead potential customers. The outcome hangs on the precise definition of the circumstances under which a machine is "Vista capable."

Stampede for visas
The 2007 rush for H-1B guest worker visas began and ended on the same day. Sunday marked the start date for technology companies to seek permission from the U.S. government to hire temporary foreign employees under the visa program, which permits up to 65,000 H-1Bs to be issued this year. Exceptions, however, allow that number to be exceeded.

The H-1B program allows foreigners with at least a bachelor's degree in their area of specialty to be employed in the United States for up to six years. They're currently capped at 65,000 visas per year, with an additional 20,000 visas set aside for foreigners with advanced degrees, after peaking at 195,000 per year between 2001 and 2003.

On Tuesday, the U.S. government announced that this year's limit on H-1B visas had already been reached after only one day, the first time in history the annual cap had been reached so quickly.

High-tech companies and others clamoring for additional H-1B visas to hire foreigners would be forced to give priority to American job seekers under a new U.S. Senate proposal. Just before Congress departed for its spring recess at the end of last week, a bill was introduced that appears to be the first of its kind in the Senate--designed to curb abuse of the controversial worker visa system.

The 32-page Senate bill would impose a host of additional obligations on employers. They would be required to pledge that they made a "good faith" effort to hire an American before taking on an H-1B worker and that the foreigner was not displacing a prospective U.S. worker.

Microsoft Chairman Bill Gates and other luminaries in the hardware and software business for years have pressed Congress to raise the visa limit, but politicians went home last December without enacting legislation to address the matter.

Congress is expected to hold hearings on raising the limit later this year, and will surely question why the quota was reached so quickly. Technology companies argue the surge is further proof the quota must be increased, while opponents say there already are enough Americans to fill jobs available after the visa limit is reached.

High-tech companies say the visas are critical to filling voids in their work forces and have been lobbying Congress to raise the cap, which currently stands at 65,000 (but climbs just above 100,000 when a number of exemptions are taken into account). Critics say the program has depressed U.S. wages and put qualified Americans out of jobs.

In and out of tune
Is it the beginning of the end for copy-protected songs? EMI Group will soon sell digital music with better sound quality and no digital rights management restrictions through Apple's iTunes Store.

EMI's entire digital music catalog will be available in premium DRM-free form via iTunes in May. However, Beatles tunes under EMI's control are not part of the plan.

Higher-quality music files, which will play on any computer and any digital-audio player, will not replace the copy-protected EMI music currently sold through iTunes. Rather, they will complement the standard 99-cent iTunes downloads and will be sold at a premium: $1.29 per song.

Consumers who have already purchased EMI tracks containing Apple's FairPlay copy protection will be able to upgrade them to the premium version for 30 cents, EMI said. Full albums in DRM-free form can be bought at the same price as standard iTunes albums.

Microsoft plans to follow Apple in selling unprotected songs from EMI, though the company won't say just when such tracks will appear on the Zune Marketplace store. When Apple CEO Steve Jobs issued his open letter calling for an end to DRM, Microsoft said the total abolition of such protections would be irresponsible, since they are needed for subscription music and other new business models. However, the software maker says it does indeed plan to offer the DRM-free music from EMI and others.

Meanwhile, the European Commission has sent formal charges to major record companies and Apple, alleging they are restricting music sales in Europe. Agreements between Apple and the record companies violate the European Union's rules prohibiting restrictive business practices. Apple said it wanted to offer a pan-European store but was hemmed in by the music companies' demands.

Also of note
The President's Office of Management and Budget recently sent out a directive to federal chief information officers to secure their Windows PCs...Josh Wolf agreed to release his subpoenaed video footage, but the longest-incarcerated journalist in U.S. history said his release was a victory for the media...The x86 architecture continues to thrive and has no serious competitors on the horizon because it provides "good enough" performance and because it supports the vast amount of software written over nearly three decades.