www.eweek.com T H E E N T E R P R I S E NE W S W E E K L Y Monoculture myopia digital EXCLUSIVE BONUS CONTENT! NEWS LABS SPENCER F. Peter Coffee Jason Brooks KATT BBYY RRYYAANN NNAARRAAIINNEE interviews walks readers A laptop even Intel’s James through the the most TThhee sseeccuurriittyy rriisskkss ooff ssttaannddaarrddiizziinngg Reinders about latest build of discriminating oonn MMiiccrroossoofftt’’ss WWiinnddoowwss rreemmaaiinn multithreaded Windows Vista Wal-Mart shop- development pers would love tthhrreeee yyeeaarrss aafftteerr aa rreeppoorrtt EW3 EW1 EW4 ffllaaggggeedd tthheemm 2222 SSEEPPTTEEMMBBEERR 1111,, 22000066 VVOOLL.. 2233,, NNOO.. 3366 •• $$66 f THIS WEEK What was once the reason why released three years ago this month. The happened as yet, per se. But if you believe Windows was so successful in the report probably cost one of its authors, Geer’s estimates that 15 percent of all enterprise and why corporations former @Stake researcher Dan Geer, computers are compromised, then we are got behind it en masse also has been his job, reports eWeek Senior Writer already risking death by a thousand cuts. its undoing and the bane of IT manag- Ryan Naraine this week on Page 22. Nonetheless, many corporations resist ers around the world. The Windows It has become rather common now to a move toward software diversification monoculture thrived because it say that Windows makes such because they believe the cost of risk is allowed interoperability among an easy target because Windows still less than the cost of buying, install- users and across corporations. is everywhere. Even Microsoft ing and retraining on new software. It That same culture also has put has acknowledged as much in doesn’t help when the government still those very users and businesses some of its new security initia- maintains its status as a Windows shop. at risk, and not just because of tives, such as memory-address The interoperability argument in favor the many security flaws already randomization to combat buffer of monoculture no longer holds. With inherent in Windows and Win- overflow attacks, and new secu- so much computing work being done dows applications like Internet rity features in the forthcoming online, and with standards becoming Explorer and Office. Vista version of Windows. But more widespread ... well, as the saying SCOT PETERSEN Substitute the word it’s Windows’ very monolithic goes, on the Web no one knows you are “monopoly” for “monoculture” and structure that makes securing the plat- using a Mac or Linux or a $100 laptop, you will get to the root of the problem. form that much harder, so we are stuck in for that matter. ´ “BecauseMicrosoft’s near-monopoly a vicious cycle of patch management that status itself magnifies security risk, it is looks like it will never end. Contact eWEEK Editor Scot Petersen at essential that society become less depen- The “massive, cascading failures” pre- [email protected]. dent on a single operating system from dicted by the monoculture paper has not a single vendor if our critical infrastruc- PODCASTS ture is not to be disrupted in a single blow,” went a now-infamous report go.eweek.com/podcasts F WEEK.COM TestRun consumer slant and going half eWEEK Labs Technical Analyst Michael rBRRRRR! The data center enterprise this Caton talks to eWEEK Technology Edi- peeps at AFCOM are hosting time, so look tor Peter Coffee about the long-awaited DATA CENTER WORLD Sept. for Rash’s cover- pretty pictures, to boot. release of iAnywhere’s SQL Anywhere 10. 10-13. Senior Editor Jeffrey age of wireless toys you won’t TOLL OF THE DELL It’s ana- Coffee says this version of the database “Frosty” Burt says there will get in trouble for looking at lysts day Sept. 12 for the PC/ platform is a complete overhaul that be much mulling over power during work hours. We’ll also server outfit, and Senior Writer greatly boosts its capabilities. and cooling. Look for Burt to have a slide show of gadgets. John G. Spooner’s filing. eWEEK InfraSpectrum file copy on that stuff, includ- SAP-PY SOA The ERP biggie FUTURAMA Senior Writer Disaster-readiness tools and practices ing from AMD Vice President is doing TECHED Sept. 12-14. Chris Preimesberger is hit- get a 9/11 fifth-anniversary scan in Peter Kevin Knox’s keynote. Expect to hear about SAP’s ting the FUTURE OF WEB APPS Coffee’s conversation with Paul Dimitruk, UNWIRED We’re sending NetWeaver fueling SOA. Senior show Sept. 13-14. The show CEO of decision support and process Wireless Wonder Wayne Rash WriterRenee Boucher Fergu- promises wisdom on how the management toolmaker PortBlue. toCTIA Sept. 9-12. The show’s son’s going, and she’s prom- Web’s most successful sites supposed to be mixing up the ising us all the news—and and applications were built. Our View PALM IT Our Labs folks In this new podcast, eWEEK Executive Edi- TRY IT NOW! digital torStan Gibson gives listeners the latest offer a review of Palm’s go.eweek.com/zinio CDMA TREO 700WX. Staff position from the eWEEK Editorial Board on Exclusive bonus coverage for digital edition subscribers: WriterAnne Chen gives a the critical IT issues of the day. News Labs Spencer F. Katt thumb’s up to the new smart Microsoft Watch phone’s RAM hike, but the Peter Coffee Jason Brooks A laptop even Mary Jo Foley reports on the latest Vista display has disappointing interviews Intel’s walks readers the most build and what beta testers are saying James Reinders through the latest discriminating resolution. about it. about multithreaded build of Windows Wal-Mart shoppers development. Vista. would love. 4 eWEEK n SEPTEMBER 11, 2006 www.eweek.com Think you could use server optimization? (Or are you okay with the way things are now?) HP ProLiant DL585 Rack-mount Server • Dual AMD OpteronTM 852 Processors $12,35699 • Operates at 2.60GHz • Memory: 2GB CDW 780860 • 4 hot-pluggable drive bays • Works with Oracle Database 10g Hard drives sold separately Oracle® Database 10g Standard Edition • Easy to install, manage and complete with built-in automated management • 24 x 7 availability and scalability on demand with Oracle Real Application Clusters • Tools to quickly build applications with a Web browser Named User license2 $250 CDW 440283 Two-day DBA online tutorial1 HP AMD Opteron 852 Processor (2.60GHz) Upgrade Kit • Designed to run existing 32-bit applications with outstanding performance and offers customers a simplified migration path to 64-bit computing • Works with HP ProLiant DL585 Rack-mount Dual Core Series Servers $3819.99CDW 788258 The Server Solutions You Need When You Need Them. Is managing your growing number of servers and your growing storage needs getting to be too much? Then server optimization may be just the answer. From server consolidation to storage management, networking to virtualization, CDW can answer your questions and get you the solutions you need. So call CDW today. It’s time you ran your network, not the other way around. 1Two-day DBA tutorial online; visit CDW.com/oracletutorial for information. 2Minimum purchase of five Named User licenses required; call your CDW ac- count manager for details. Offer subject to CDW’s standard terms and conditions of sale, available at CDW.com. © 2006 CDW Corporation. Announcing APC Data Center Test Drive Days, September 18-22 BMW Sauber F1 Teams with APC Everything about the BMW Sauber F1 Team is high-performance. That’s why the team utilizes APC’s revolutionary InfraStruXure® architecture for its data center. InfraStruXure is our power, cooling, and environmental management solution for data centers. Winning companies agree: New InfraStruXure® architecture drives high-performance data centers Get up to speed on the fastest-grow eal Time InfraStruXure® Events data center technology. Find out ho ee InfraStruXure in a real world InfraStruXure® architecture can he onment and learn first-hand you consolidate your servers, imple PC’s revolutionary approach is ment high density blade environme ng the way the world designs, improve availability and agility, and nd manages data centers. lower your total cost of ownership e Shows — Join your peers an open, building-block approach a APC solutions in action at one dardized, modular components, Inf de shows where we will fully integrates power, cooling, and g. mental management within a rack- nts — The perfect venue for design. Allows you to install only w lleagues, hearing the latest news today, yet scales easily to meet fut enjoying a night at the movies. — Enjoy a fine dinner and APC Education Events Na ompliments of APC. Get up to speed on the latest data center technology and For dates and locations in your area, call methodology at FREE education events offered during 888-289-APCCat extension 3673 APC Data Center Test Drive Days, September 18-22. orvisitwww.apc.com/promo and enter key code n267x A recent vendor scorecard by readers of CIO Magazine put APC at the top! Find out how our engineers can put your data Get FREE gear, plus a chance to win great prizes!* center in the pole position and attend our test drive events! When you attend an APC Test Drive Days event (Sept. 18-22), you’ll get FREE APC gear** and also be entered to win one of the following great prizes 1 2 3 All-expenses-paid trip to a Formula1 race BMW 2-Day Driving School APC AV Engineered Power Solutions For dates and locations of events during APC Test Drive Days (September 18-22) in your area, and contest rules, call888-289-APCCat extension 3673 or visit www.apc.com/promo and enter key code n267x. **Actual shirt and hat style may vary. Quantities limited. ©2006 American Power Conversion Corporation. All trademarks are property of their owners. 132 Fairgrounds Road, West Kingston, RI 02892 USA *Go to www.apc.com/promo and enter keycode for terms and conditions, complete contest rules, dates and locations. APC3A6EF-US SEPTEMBER 11, 2006 Editorial Director Eric Lundquist Editor Scot Petersen CONTENTS Executive Editor/News Larry Dignan Director/eWEEK Labs Jim Rapoza Executive Editor/eWEEK Labs Deb Donston Technology Editor Peter Coffee Executive Editor Stan Gibson NEWS News Editors John Pallatto, Lisa Vaas, Steve Bryant, Don Sears Senior Editors J effrey Burt, Peter Galli, Paula Musich, Darryl K. Taft Senior Writers R enee Boucher Ferguson, John Hazard, Matt Hines, Ryan Naraine, Chris Preimesberger, Staff Writers JSochont tG F.e Srgpuosoonne, rD, Webaoyrnaeh Rash NEWS& 30 Oracle institutes a zero- OPINION Rothberg defect policy on Fusion gWEEK LABS ANALYSIS applications. West Coast Technical Director C ameron Sturdevant 4 This eWEEK: Beware the Advanced TecThencohlnoigcaiel sA Annalaylsytsst JM aiscohna eBl rCooaktosn, Andrew Garcia 33 Tech Data offers a new Windows monoculture. Senior Writer Anne Chen 11 NYBOT VP Patrick leasing program backed 8 Eric Lundquist: How Gambaro says the by IBM Global Financing. FEATURES safe is your data five Associate Editor, SoSluetnioionrs ESdeirtioers KDeavviidn WFoegldaortny board’s response to 9/11 39 The Buzz years after 9/11? is electronic trading. EDITORIAL PRODUCTION 14 Sun is ready to Managing Editor Rick Dagley Deputy Managing Editor Debra Perry announce a variety of Copy Chief Jim Williams Senior Copy Editor Emily Zurich SPARC upgrades. f Copy Editors Kelsey Adams, Vikki Lipset, WEEKLABS Shane O’Neill Newsletter Editors Jenni Miller, Alethea Yip 16 HP releases three new desktops that may be ART DEPARTMENT Senior Art Director Stephen Anderson easier to manage than 43 Tech Analysis: HP SenioAr sPsroocdiuacttei oAnr tD Deisriegcntoerr PTaarual- ACnonn nFoalslyulo previous models. server shows dual-core Senior Designer Chip Buchanan Itanium 2’s promise. gWEEK 44 Case Study: The Itanium Publisher 56 Karl Elken platform is paying off for Business Manager Eric Berk Pechanga. Marketing Eric Lubeck, Senior Research Director 48 REVIEW: Scalix has Peter Chiacchiaro, Associate Research Manager Production Manager made strides in improving 40 Our View: The feds lag Michael DiCarlis Ad Traffic Coordinator its functionality. on cyber-security. Tim Bennett 50 REVIEW: Vista tests of 40 Reader mail pre-RC1 show that the 51 Jim Rapoza: IT knowl- 11 OS is on track. ZIFF DAVIS MEDIA edge can be gained only RCohbaeirrmt Fa. nC &a llCaEhaOn 52 Tech Analysis: A through experience. Chief Financial Officer Win XP-to-Vista RC1 Mark Moyer 56 Peter Coffee: Online Executive Vice President &Chief Content Officer upgrade proves rocky. Michael J. Miller 18 CA’s latest Unicenter selling must bec ome Executive Vice President,Licensing & Legal Affairs, NSM release delivers 54 REVIEW: Spy Sweeper much more intelligent. General Counsel Gregory Barton more integration. Enterprise 3.0 has new 59 Spencer F. Katt wonders PRESIDENTS ability to detect rootkits. Scott McCarthy (Game Group) 18 Network Physics’ if Jeff Bezos’ rocket could Sloan Seymour (Enterprise Group) NetSensory 6.0 pin- help him beat the traffic. Jason Young (Consumer Tech/Small Business Group) points network applica- SENIOR VICE PRESIDENTS Kenneth Beach (Corporate Sales) tion performace woes. SINGLE- Ira Becker (Game Group) Jim Louderback (Editorial Director, Consumer/Small Business Group) 20 Labs: Office risks Angelo Mandarano (Internet) Martha Schwartz (Custom Solutions Group) make alternatives MINDED Michael Vizard (Editorial Director, Enterprise Group) more tempting. VICE PRESIDENTS John Davison (Game Group) 20 Work in Progress: Elaine Ebner (Corporate Sales) 22 Not much has Karl Elken (Publisher, eWEEK) VOIP documentation Aaron Goldberg (Market Experts) changed since Barry Harrigan (Web Buyers Guide) quality varies widely. Kristin Holmes (International Licensing) a 2003 report Michael Krieger (Market Experts) Ray Ledda (Game Group) 29 Django is prepared to cited the risks Eric LunRdqicuki sLt e(hErdbitaourmia l (DInitreercnteotr), eWEEK) release its latest open- of relying on JimC MhrcisC Mabaeg i(nPnC ( IMnteargnaezti)ne) source framework by the Microsoft PauSl Oco’Rtt eMillcy D(Eavneienl t (MGaamrkee tGingro Gupro)up) the end of the summer. monoculture. Beth Repeta (Human Resources) Dave Rock (Circulation) 26 Peter Coffee: Chris Stetson (Research/Market Intelligence) Stephen Sutton (Audience Development, Consumer/Small Business) Forced complex- Stephen Veith (Enterprise Group Publishing Director) Monica Vila (Event Marketing Group) ity compounds Randy Zane (Corporate Communications) risks. eWEEK editorial staff members can be reached at (781) 938-2600 or (800) 451-1032, or via e-mail using the following formula: firstname_ [email protected]. For example: [email protected]. (Don’t use middle initials in address.) www.eweek.com SEPTEMBER 11, 2006 n eWEEK 7 & NEWS ANALYSIS WEBLOG ERIC LUNDQUIST: UP FRONT The security payoff ERIC’S PICKS FROM GWEEK BLOGS go.eweek.com/weblog INVESTMENT DOLLARS SHOULD BE SPENT ON DATA, NOT SYSTEMS @ Is your digital infor- was necessary to pave the way for the growth DAN BRIODY mation safer and more of the Googles,eBays and Amazon.coms, Microsoft is not secure than it was security spending was probably also required scared five years ago? With this for a second wave of digital security invest- week’s fifth anniversary of ment. I believe that second wave is happen- theSept. 11, 2001, terror- ing now. These are exciting times ist attacks, it is certainly The hallmarks of the second wave are built for Microsoft haters. an appropriate time to around protecting the information rather Google is growing in reflect and to inspect the than the hardware systems over which the strength, serving up online digital security of your information. I’d guess information travels. The lesson from lost lap- ads by the bucket, even that your inspection will reveal progress but tops and stolen customer data is that digital making headway in the still a wide gap between the current state of information is a fluid product that needs to corporate software market. your digital security and what you would like be secured and, most likely, encrypted as it And Apple Computer is to achieve. shuttles about networks. Firewalls, virus scan- back from near oblivion, In the immediate aftermath of the 9/11 ners and network sniffers all have their place dominating the online attacks, digital security received nearly as in IT security, but it is the loss of data that music business and dotting much attention as developing a plan for phys- brings down companies. the planet with lily-white ical security. A national cyber-security director Protecting data requires a much more iPods. Microsoft’s two position was created within the Department comprehensive approach toward IT security fiercest rivals are stronger of Homeland Security, an entire new group than merely patching holes or warding off than ever. ofCSOs (chief security officers) blossomed viruses. Unfortunately, today’s IT administra- When Google CEO Eric within the private sector and IT security tors continue to be overwhelmed with getting Schmidt was appointed moved from being way down on the list of the latest bug fix or operating system patch to the board of directors budget expenditures to a top budget con- out to their users rather than finding time to of Apple, the press went tender. build wide-ranging data protection plans. It is bananas. And why not? I But that cyber- somewhat analogous to mean, Schmidt and Steve security director’s posi- THE IT COMMUNITY NEEDS airport security manag- Jobs working together tion remains unfilled ers trying to confiscate to bring down the Evil TO BUILD SECURITY FROM (although, as of this pocket knives, scissors Empire? writing, eWeek Senior THE GROUND UP. and, now, bottled water While it’s fun to specu- Writer Wayne Rash instead of developing late about what an Apple- reports that the position is about to be a comprehensive way to identify and detain Google alliance could filled). CSOs still seem a bit lost in trying to potential terrorists. produce (GoogleMacs? decide where they fit within the corporate This fifth anniversary of the 9/11 terrorist MacGoogle? GoogleTunes?), hierarchy. And all those dollars spent on attacks is a good opportunity to assess the this move is far from an security are more than counterbalanced by state of your company’s cyber-security. Have alliance. And even if it nearly daily bad news about information you been able to spend your budget dollars were, it wouldn’t be the theft, smarter computer viruses and digital against a planned security program, or have first time that two upstart bad guys worming their way around even you found yourself throwing dollars to defend powerhouses have joined the staunchest computer security. It all yourself quickly against the latest virus mak- forces in an attempt to adds up to a cyber-security environment in ing headlines? unseat Microsoft. which the IT community has been patching In the past five years, great strides have Remember AOL- holes rather than building security from the been made in the hardware required for Netscape? Boy, they just ground up. data security. Data storage is cheaper, vir- steamrolled the team from In those first few years after 9/11, spend- tualization allows a more widely dispersed Redmond, didn’t they? ing outpaced planning. It was somewhat and efficient use of servers, and network You don’t see beads of equivalent to the money that went into chas- speeds continue to increase. Now it is time sweat running down Steve ing the dot-com bubble in the late 1990s. to look at the data that travels over those Ballmer’s brow. Well, at No one was really sure how to get a return networks as your first priority in cyber- least no more than usual. on spending, but no one wanted to be left security. ´ Because Microsoft has been behind competitors that were also in a spend- here before. And so has ing frenzy. Editorial Director Eric Lundquist can be reached Jobs. 8/31/06 However, just as the dot-com spending at [email protected]. 8 eWEEK n SEPTEMBER 11, 2006 www.eweek.com Don’t let a trading partner’s failure disappoint your customer. Assure flawless information hand-offs and make your systems collaborate the way 75% of the FORTUNE® 100 do. If your company depends on partners outside your control, you should depend on Sterling Commerce. Only Sterling Commerce Multi-Enterprise Collaboration (MEC) solutions allow you to optimize communities, pro- cesses and technology. So you can leverage your current assets with configurable software and services built on a services-oriented architecture, ready for implementation right now. You get visibility into your entire value chain and increased control moving forward. With over 30,000 customers worldwide, we’re sure to have a solution that pleases you…and your customers. Visit us at www.sterlingcommerce.com COMMUNITY ENABLEMENT / SUPPLY CHAIN APPLICATIONS / PAYMENT APPLICATIONS / ON-DEMAND SOLUTIONS / B2B COLLABORATION ©2006 Sterling Commerce, Inc. ALL RIGHTS RESERVED. Sterling Commerce and the Sterling Commerce logo are trademarks of Sterling Commerce, Inc. Sterling Commerce is an AT&T company. FORTUNE is a registered mark of Time Inc. many and several other countries. Ger G in marks of SAP A marks and registered trade G. SAP and the SAP logo are trade BE AT THE DOOR © 2006 SAP A WAY BEFORE OPPORTUNITY KNOCKS. SAP NETWEAVER® HELPS YOU IMPLEMENT THE INNOVATIVE IDEAS THAT PUT YOU AHEAD OF THE CURVE. In business, if you’re not quick enough, opportunities can be lost. The solution: SAP NetWeaver, a fl exible, fully integrated IT platform that enables you to execute innovative new strategies as fast as business demands them. SAP’s industry-specifi c applications are built with SAP NetWeaver according to a common enterprise service-oriented architecture, allowing for easier and faster business process change. That means you can transform your existing IT infrastructure without having to rip and replace. To learn more, visit sap.com/netweaver