The good and bad news about Dell and Ubuntu

Image via CrunchBaseBy Steven J. Vaughan-Nichols
Editorial by The Computer Doctor

A friend of mine recently got a surprise. She was setting up her brand new Dell Inspiron m101z with its dual-core AMD Athlon processor, 4GB RAM and Windows 7 Home Premium. She wasn't happy because it was already slower than her ancient XP Pentium M machine. Out of the blue, she got an Ubuntu Light v1.0 Setup window. What the heck?

She was puzzled, but since she's technically savvy, she quickly figured it out. Besides, she was pretty sure that Dell technical support was wrong when they first told her that "Ubuntu Light is the software for setting up themes on the system." Ah, no, it's not. Dell is now shipping Ubuntu Light as an instant-on operating system on some of its Dell laptops.

Ubuntu Light is a simplified version of Ubuntu that's for original equipment manufacturers (OEMs) only and uses the Unity interface. It's designed to boot up in as little as eight seconds on PCs with a solid state disk drive (SSD) or 15 seconds on a device with a hard disk drive. It can also access the data on the Windows part of the drive and can be enabled or disabled from the Windows 7 Control Panel.

In short, from a Windows user's viewpoint, Ubuntu Light is a feature. Worse than Dell not advertising Ubuntu Light, they're not even telling their internal staff about it. My friend knew on seeing the Ubuntu Light setup windows appear knew what Ubuntu was, and she had some idea what it would be good for. Most users would find it puzzling at best.

I asked Dell about it, and they never did get back to me. Come on, Dell — if you're going to ship Ubuntu on a Windows 7 notebook, tell people about it already. It might get you a few new customers who, even if they don't know Linux from a llama, like the idea of a fast-on operating system for Web browsing.

That's not my only problem with Dell. A friend asked me about buying a laptop with at least a 15" screen and Ubuntu pre-installed on it. Before I told him where to shop, I checked out the usual suspects: Dell, system76, and ZaReason. They all offer excellent PCs and laptops with pre-installed Ubuntu.

Then I looked a little closer at Dell's offering, the Inspiron 15N. It's a fine laptop for $624 — but what's this? The Inspiron 15 with Windows 7 Home Premium for $399? A closer look showed me that it had only 2GB of RAM instead of the 15N's 4, but when I added in two more GB of RAM, my bill still only came to $489.

What's the idea, Dell? The Windows machine is a much better deal. Or it was, anyway; even as I am writing this blog, I see that the Windows Inspiron 15 is no longer available for order online. I suspect it's sold out.

It's great that Dell sells PCs and laptops with Ubuntu already on them, but how about giving Ubuntu a fair shake? Let people know that it comes ready to use as an alternative operating system on at least one of your Windows 7 laptops, and make the Ubuntu-only systems' pricing to those that come with Windows. Both moves will help Dell's sales, and in the latter's case, it will also help their bottom line, since they don't pay Canonical as much as they do Microsoft for the operating system.

**** EDITORIAL ****
Steven, I loved your article and could not agree with your overtones of frustration with Dell more, but you are not comparing apples to apples (no reference to Macintosh intended).

No mainstream OEM PC retailer makes any money off of it's hardware. In fact to keep the cost of PC's down they actually loose money on the hardware and offer the bare minimum customer service to the point of near non-existence. How do they make money then? The Operating System vendors offer rebates and kickbacks (known in a more honest time as bribes) to the OEM manufacturers.

Use the following formula M+(OS-B)=P.

If the cost of making your PC is $800 and a OEM wholesale version of Windows 7 cost $200 and they give a rebate of $400 then you get a final price of $600.

On the other hand If the cost of making your PC is $800 and the cost of Ubuntu is $0 and the the Ubuntu rebate is $0 then your final price is $800 but to make the price any lower then your Manufacturer will have to take a hit or dip into the profit margin of their mainstream machines.

Is this fair? Of course not (they call that a rhetorical question). But to the savy consumer, why not buy your lower priced Windows machine, Dual boot Ubuntu and run the risk of possibly voiding the warranty that you probably won't need and if you do will have a major pain in the rear using and thank Microsoft for having enough market share to donate some money towards getting you that lower priced machine?

Related articles

• Ubuntu Light .iso available to download from Dell support site (omgubuntu.co.uk)
• Dell likely first to deliver Ubuntu Light netbooks (electronista.com)

Ubuntu splits from GNOME GUI

By Larry Dignan
Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic.

Canonical’s Mark Shuttleworth on Monday detailed how Ubuntu will split from the GNOME user interface for Unity, which is its netbook approach. Simply put, Ubuntu will have a custom user interface.

The reaction to various press reports from Computerworld, Ars Technica and others has gone to extremes:

• First, Canonical could be portrayed as evil because it’s flipping its middle finger to the open source community.
• Others say that GNOME was hard to work with.
• And then you get your Unity sniping.

Don’t expect much unity in the open source community over Ubuntu’s very significant change.

The reality: If Ubuntu really wants to be a player on the desktop it will have to have more control over its user interface. Meanwhile, it makes no sense to have a UI for netbooks and PCs. In fact, the UI is everything. And as Apple has shown you can’t really do interface by committee.

Now Shuttleworth acknowledged Ubuntu has a lot of work to do. Ubuntu OS needs to rethink everything from windows management to what the interface should look like. Ubuntu’s decision to go to a UI over GNOME (GNU Network Object Modeling Environment) is risky. However, if you can take a shot at broader adoption you do it. The Ubuntu interface (right) isn’t going to get the masses excited.

In other words, this split from GNOME looks like a solid decision to me. Dell is selling Ubuntu laptops and if Ubuntu wants other PC makers to follow it needs a hot interface. Let’s face it: If the best thing Ubuntu can do is mimic the interface of Windows it will never get beyond the enthusiasts. Show us something innovative via the Unity pragmatism and maybe you’ll sway others to Ubuntu.

Related articles

• Ubuntu's Netbook Edition: Now With More "Unity"! (makeuseof.com)
• Ubuntu 10.10 Maverick Meerkat Review | 10 Types Of People (10people.co.uk)
• Ubuntu Switches To Unity (lockergnome.com)
• Ubuntu 11.04 Natty Narwhal - Unity replaces Gnome as default shell (downloadsquad.com)

Is Stuxnet the 'best' malware ever?

'Groundbreaking' worm points to a state-backed effort, say experts

By Gregg Keizer

Computerworld - The Stuxnet worm is a "groundbreaking" piece of malware so devious in its use of unpatched vulnerabilities, so sophisticated in its multipronged approach, that the security researchers who tore it apart believe it may be the work of state-backed professionals.

"It's amazing, really, the resources that went into this worm," said Liam O Murchu, manager of operations with Symantec's security response team.

"I'd call it groundbreaking," said Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab. In comparison, other notable attacks, like the one dubbed Aurora that hacked Google's network and those of dozens of other major companies, were child's play.

O Murchu and Schouwenberg should know: They work for the two security companies that discovered that Stuxnet exploited not just one zero-day Windows bug but four -- an unprecedented number for a single piece of malware.

Stuxnet, which was first reported in mid-June by VirusBlokAda, a little-known security firm based in Belarus, gained notoriety a month later when Microsoft confirmed that the worm was actively targeting Windows PCs that managed large-scale industrial-control systems in manufacturing and utility firms.

Those control systems are often referred to using the acronym SCADA, for "supervisory control and data acquisition." They run everything from power plants and factory machinery to oil pipelines and military installations.

At the time it was first publicly identified in June, researchers believed that Stuxnet -- whose roots were later traced as far back as June 2009 -- exploited just one unpatched, or "zero-day," vulnerability in Windows and spread through infected USB flash drives.

Iran was hardest hit by Stuxnet, according to Symantec researchers, who said in July that nearly 60% of all infected PCs were located in that country.

On Aug. 2, Microsoft issued an emergency update to patch the bug that Stuxnet was then known to exploit in Windows shortcuts.

But unbeknownst to Microsoft, Stuxnet could actually use four zero-day vulnerabilities to gain access to corporate networks. Once it had access to a network, it would seek out and infect the specific machines that managed SCADA systems controlled by software from German electronics giant Siemens.

With a sample of Stuxnet in hand, researchers at both Kaspersky and Symantec went to work, digging deep into its code to learn how it ticked.

The two companies independently found attack code that targeted three more unpatched Windows bugs.

"Within a week or week and a half [of news of Stuxnet], we discovered the print spooler bug," said Schouwenberg. "Then we found one of the EoP [elevation of privilege] bugs." Microsoft researchers discovered a second EoP flaw, Schouwenberg said.

Working independently, Symantec researchers found the print spooler bug and two EoP vulnerabilities in August.

Both firms reported their findings to Microsoft, which patched the print spooler vulnerability on Tuesday and said it would address the less-dangerous EoP bugs in a future security update.

"Using four zero-days, that's really, really crazy," said Symantec's O Murchu. "We've never seen that before."

Neither has Kaspersky, said Schouwenberg.

But the Stuxnet wonders didn't stop there. The worm also exploited a Windows bug patched in 2008 with Microsoft's MS08-067 update. That bug was the same vulnerability used to devastating effect by the notorious Conficker worm in late 2008 and early 2009 to infect millions of machines.

Once within a network -- initially delivered via an infected USB device -- Stuxnet used the EoP vulnerabilities to gain administrative access to other PCs, sought out systems running the WinCC and PCS 7 SCADA management programs, hijacked them by exploiting either the print spooler or MS08-067 bugs, then tried the default Siemens passwords to commandeer the SCADA software.

They could then reprogram the so-called PLC (programmable logic control) software to give machinery new instructions.

On top of all that, the attack code seemed legitimate because the people behind Stuxnet had stolen at least two signed digital certificates.

"The organization and sophistication to execute the entire package is extremely impressive," said Schouwenberg. "Whoever is behind this was on a mission to get into whatever company or companies they were targeting."

O Murchu seconded that. "There are so many different types of execution needs that it's clear this is a team of people with varied backgrounds, from the rootkit side to the database side to writing exploits," he said.

The malware, which weighed in a nearly half a megabyte -- an astounding size, said Schouwenberg -- was written in multiple languages, including C, C++ and other object-oriented languages, O Murchu added.

"And from the SCADA side of things, which is a very specialized area, they would have needed the actual physical hardware for testing, and [they would have had to] know how the specific factory floor works," said O Murchu.

"Someone had to sit down and say, 'I want to be able to control something on the factory floor, I want it to spread quietly, I need to have several zero-days,'" O Murchu continued. "And then pull together all these resources. It was a big, big project."

One way that the attackers minimized the risk of discovery was to put a counter in the infected USB that allowed it to spread to no more than three PCs. "They wanted to try to limit the spread of this threat so that it would stay within the targeted facility." O Murchu said.

And they were clever, said Schouwenberg.

Once inside a company, Stuxnet used the MS08-067 exploit only if it knew that the target was part of a SCADA network. "There's no logging in most SCADA networks, and they have limited security and very, very slow patch cycles," Schouwenberg explained, making the long-patched MS08-067 exploit perfect for the job.

Put all that together, and the picture is "scary," said O Murchu.

So scary, so thorough was the reconnaissance, so complex the job, so sneaky the attack, that both O Murchu or Schouwenberg believe it couldn't be the work of even an advanced cybercrime gang.

"I don't think it was a private group," said O Murchu. "They weren't just after information, so a competitor is out. They wanted to reprogram the PLCs and operate the machinery in a way unintended by the real operators. That points to something more than industrial espionage."

The necessary resources, and the money to finance the attack, puts it out the realm of a private hacking team, O Murchu said.

"This threat was specifically targeting Iran," he continued. "It's unique in that it was able to control machinery in the real world."

"All the different circumstances, from the multiple zero-days to stolen certificates to its distribution, the most plausible scenario is a nation-state-backed group," said Schouwenberg, who acknowledged that some people might think he was wearing a tin foil hat when he says such things. But the fact that Iran was the No. 1 target is telling.

"This sounds like something out of a movie," Schouwenberg said. "But I would argue it's plausible, suddenly plausible, that it was nation-state-backed."

"This was a very important project to whoever was behind it," said O Murchu. "But when an oil pipeline or a power plant is involved, the stakes are very high."

And although Siemens maintains that the 14 plants it found with infected SCADA systems were not affected or damaged by Stuxnet, O Murchu and Schouwenberg weren't so sure.

Experts have disagreed about when the Stuxnet attacks began -- Kaspersky believes it was as early as July 2009, while Symantec traced attacks back to January 2010 -- but they agree that the worm went undetected for months.

"We don't know if they succeeded or not, but I imagine that they got to the targets that they wanted," said O Murchu, citing the stealthy nature and sophistication of the worm.

"The command-and-control infrastructure of Stuxnet is very, very primitive, very basic," said Schouwenberg. "I think they were convinced that they would be able to do what they wanted before they were detected."

O Murchu will present a paper on Symantec's Stuxnet work at the Virus Bulletin security conference, which is slated to kick off Sept. 29 in Vancouver, British Columbia. Researchers from Microsoft and Kaspersky will present a separate paper at the same conference.

Easy Remote Support

Image via Wikipedia

By The Computer Doctor:

How many times have you gotten stuck trying to support a friend of family member over the phone and no matter what you tell them they can not follow your directions. Or perhaps they are having difficulty with a program and you really need to see what they are trying to describe in woeful futility.

The program that I have been using for over a year now and thoroughly enjoy is teamviewer. With teamviewer you can use the program for free for non-commercial use or purchase one of their business packages and get advanced features.

Image by pshadow via Flickr

To use Teamviewer you will have already installed the program on your own computer and direct the person that needs support to go to teamviewer.com and click on the "Start Full Version" button on the main page. Direct them to run the program and when it asks if they want to install it direct them to just run it instead. Next they will need to provide the ID and Password that the program gives them. Just enter their ID and click on the connect button, then enter their password and click log on. Next you will see their screen and will have access to their computer.

In addition to remote control of the target computer you will also have a built in file transfer feature and presentation feature.

This program was originally designed for PC's, but now has versions for Macintosh and Linux (Fedora, Debian, Ubuntu, and the tar.gz for compileing) as well as an IPod version.

Related articles by Zemanta

• TeamViewer For Cross Platform Tech Support (lockergnome.com)
• 3 Best LogMeIn Alternatives For Ubuntu [Linux] (makeuseof.com)
• Use TeamViewer for remote Linux support (ghacks.net)
• TeamViewer Remote Desktop Tool Available for Linux [Updates] (lifehacker.com)

I don't have a CD Rom

In the era of netbooks being used for regular PC's I have come across a support problem of how to install a CD when there is no CD ROM present.

Last year I was working on a computer lab that had multiple PC's that had failed CD ROM's and the solution was exactly the same...

Step1. Share the CD ROM from the host PC.


Step 2. Find the host PC's full computer name.
Step 3. On the target PC, navigate to the host PC in explorer and double click on the shared CD ROM drive.
Step 4. Now treat this directory just like you would a CD drive that is mounted to the target PC.