Play Games On Chrome OS Through Parallels Desktop 5:

Or Read Google Books:

   

Along with this new supported OS, build 9344 has these new and improved features:

 - Improved performance of virtual machines with Mac OS X Server v10.6.3 and v10.6.2 guest operating systems installed.

- Improved support for Windows Live Mail.

- Star Trek Online is now supported.

- Enhanced compatibility with Cisco VPN.

There are many improved features than the ones listed.  Read more about build 9344 here.

Meatloaf is one of those home cooked dishes that is packed with spices and other ingredients and yet it tastes delicious. We are here to unpack the tasty Parallels Desktop 5 build 9344 as it was just released steaming fresh from our developers oven today. The following are the new enhanced features: 

Guest Operating Systems

- Google Chrome OS support.

Performance

- Improved performance of WDDM driver.

- Improved performance of virtual machines with Mac OS X Server v10.6.3 and v10.6.2

guest operating systems installed.

- Compatibility issues with Parallels Internet Security installed in virtual machines

running on Nehalem-based iMac and Mac Pro were fixed.

- In a clean installation of Windows XP, My Computer opens without delay.

- Waking Mac OS from sleep doesn't affect the Coherence performance.

- Improved virtual hard disk caching mode.

- Spotlight indexing enabled in Mac OS can no longer influence Boot Camp virtual

machines booting speed.

- Other performance improvements.

Integration

- MacLook fixes and improvements.

- Enhanced appearance of the menu in Crystal mode.

- Correct handling of text copied from Mac OS and pasted to a non-Unicode

application in the virtual machine.

- Mac OS Desktop Aliases for Windows applications work properly.

- USB Flash devices and CD/DVD network drives can be opened in virtual machines by

double-clicking their icons.

- Shared Windows applications are opened correctly when the virtual machine is

suspended or paused.

- Improved support for Windows Live Mail.

- Improved handling of shared folders used by OneNote 2007, ProShow, and Marvin

Sketch.

Graphics

- Improved support for OpenGL in Linux virtual machines.

- Star Trek Online is now supported.

- Improved graphical performance of RealFlow in Ubuntu virtual machines.

- Artifacts like transparent 3D games windows in Ubuntu virtual machines were fixed.

- Improved graphics performance in Perforce client.

- Switching view modes while working in Autodesk Inventor does not cause graphical

artifacts like black screen.

- White areas of the screen no longer appear in the Tin Soldiers Julius Caesar game.

- Graphical artifacts in the Cube view of Autodesk Inventor 2011 were fixed.

- Problems with video in Internet Explorer 8 when Aero is enabled in Windows 7 were

resolved.

- Other graphics improvements.

Network

- Enhanced compatibility with Cisco VPN.

- FTP upload speed increased.

From the Microsoft statement :

“Our investigation so far has shown that Internet Explorer 8 and Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 are vulnerable.”

Additional details from Microsoft can be found here: http://www.microsoft.com/technet/security/advisory/981374.mspx.

Overview of Microsoft bulletin:
Today’s Patch Tuesday release from Microsoft is particularly light this month, and includes two bulletins that are rated important with an aggregate Exploitability Index rating of “1” which should be addressed as soon as possible.

From an impact perspective, today’s bulletins may require a restart, and may have an impact on operations: one in Microsoft Office and one in Microsoft Windows.

Details:
MS10-016-Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)
This security update addresses a privately reported vulnerability in Windows Movie Maker, and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker, or Microsoft Producer project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS10-017-Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

In reviewing the details of the vulnerabilities, each involves a user downloading a specially crafted file which is yet another reminder of the importance of endpoint security, and our need to shift our focus from the gateway to the endpoint.

Earlier this week, customers were also alerted to a VBScript that was exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Although this issue won’t be addressed by today’s monthly patches, a workaround has been provided by Microsoft. Of note, Microsoft has said that they don’t think it’s a big issue, and will continue to monitor the situation.

End-of life reminder
Interestingly, Microsoft also announced some end-of-life dates of Windows XP, so customers will soon have to start updating these operating systems, which include Windows XP Service Pack 2, as they will no longer be supported after July 13, 2010. Customers are being encouraged to upgrade to Service Pack 3 or to Windows 7 as soon as possible.

Other Patch Tuesday related news this period:

Changes with Apache 2.2.15
Latest version of the web server software includes five security fixes:

• CVE-2009-3555 mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection attack when compiled against OpenSSL version 0.9.8m or later. Introduces the ‘SSLInsecureRenegotiation’ directive to re-open this vulnerability, and offer unsafe legacy renegotiation with clients which do not yet support the new secure renegotiation protocol, RFC 5746. Source: [Joe Orton, and with thanks to the OpenSSL Team]
• CVE-2009-3555 mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated re-negotiations which forcibly disable keep-alive for the connection if there is any buffered data readable. Any configuration which requires renegotiation for per-directory/location access control is still vulnerable, unless using OpenSSL >= 0.9.8l. Source: [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
• CVE-2010-0408 mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent when request headers indicate a request body is incoming; not a case of HTTP_INTERNAL_SERVER_ERROR.  Source: [Niku Toivola <niku.toivola sulake.com>]
• CVE-2010-0425 mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. Source: [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
• CVE-2010-0434: Ensures each sub-request has a shallow copy of headers_in so that the parent request headers are not corrupted.  Also eliminates a problematic optimization in the case of no request body (PR 48359).  Source: [Jake Scott, William Rowe, Ruediger Pluem]

HP performance insight
Operating on HP are UX, Linux, Solaris and Windows. HP could take a lesson from Microsoft in providing useful details for security patches. For those users that cannot deploy the patch immediately, sufficient information should be provided in order to use alternate controls to reduce the risk. The information provided on these HP issues is very limited:

This issue is caused by an unspecified error with unknown attack vectors. No further details have been disclosed. http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02033170

IBM AIX buffer overflow issues
Problems with in GOS-Mod and Goslist allow the execution of arbitrary code via a local system. Patches are available at http://aix.software.ibm.com/aix/efixes/security/.

IT pros are also hunting Wabbits this week
Malware reportedly to have been in the wild since 2007 – “The installer for the Energizer Duo software places the file UsbCharger.dll in the application’s directory and Arucer.dll in the Windows system32 directory,” the U.S. Computer Emergency Readiness Team said in an advisory on Friday.

“Arucer.dll is a backdoor that allows unauthorized remote system access via accepting connections on 7777/tcp. Its capabilities include the ability to list directories, send and receive files, and execute programs.”

Opera is also currently working on a patch to address a critical vulnerability.

Q. How has your role evolved over the past six years?
I’m focusing less and less on operational issues such as patching PCs and more on strategic, visionary initiatives, specifically ones focused on making sure we’re achieving compliance without overburdening our department. Increasingly, I’m focusing on compliance assessments and methodologies. Because we produce cosmetics, the most important compliance regulations are those defined by the FDA, as well as the Japanese version of The Sarbanes-Oxley Act – J-SOX. And because we are an OEM for some pharmaceutical companies, we have to make sure our FDA compliance is posted and is acceptable to pharmaceuticals. So we have to be a lot more visionary when it comes to applying our methodologies.

Q. A Deloitte article entitled “What’s keeping CIOs Awake at night?” states that the role of a CIO has changed from protecting networks to drive business value. Do you agree? What’s driving this change?
In the past, data exchange with our partners – such as Macy’s – occurred in a more closed environment, relying upon value-added networks, or VANs. During the past two years, we’re migrated to Internet-based EDI. While we use encryption, EDI still introduces more security concerns than when we were using VANs.
That said, our partners’ focus has shifted away from network protection. One of the main reasons is that our partners’ business challenges have become more complex and dynamic in nature. For example, some of our partners are looking to cut costs and streamline efficiencies in the face of the economic downturn. From an IT perspective, they look to us to help them mitigate issues that might negatively impact their business, such as changes in their business and in the economy. Oftentimes, they can’t pinpoint the problem, so they need us to both identify the problem and provide a dynamic solution that adapts to their particular situation.

Q.    How should senior-level executives and CIOs adapt to the changing threat landscape?
First of all, you have to recognize that your idea of an adequate security methodology might not be the same as someone else’s. That means you have to be more of an auditor, and adapt to the situation at hand. It’s critical that you not only understand your business and technology, but your partners’ and clients’ business and technology. Then you need to come to an agreement with these other parties on the best methodology and minimum requirements. A weak methodology can lead to security breaches, so you need to assess those risks and determine where to set up firewalls and other security measures. In this economy, all businesses have to worry about what their partners and clients are doing.

Q.    Do you have a seat at the executive table? Why is this important in building strategy?
I report to the VP of IT, who has a seat at the executive table. For certain projects, I sit there too. The first reason this is important is because you get champions who sponsor your ideas and initiatives and can sell the vision. Without a sponsor, you’ll fall flat. Having a vision is just half the game. You need a partnership between business and IT to turn that vision into reality.

The second reason is that this seat at the table gives you an opportunity to make the business aware of risks and how you plan to mitigate them. It’s hard for the business to achieve these goals unless IT is at the table.

Q.    What keeps you awake at night? With all the new technologies, has your job gotten better?
For the past two years, I’ve been more involved with IT strategy. We’re trying to streamline the business and cut inefficient systems, which turns into dollar savings. So I’m concerned with trying to achieve the same goals with a smaller budget. New technology makes it easier to address a specific issue. In other words, I can turn to best-of-breed tools instead of an overarching solution to keep the environment secure at a lower price.

Q. What recommendations do you have for other IT executives?

1.    Pinpoint your top security issues, assess each problem individually, and look for solutions that best address each problem instead of investing in an overall framework that you won’t fully utilize.

2.    It takes longer to find the right fit when you’re choosing a best-of-breed solution so it’s key to work with seasoned professionals who can tap into their experience and networks.

3.    Wherever possible, demonstrate IT’s value as a revenue generator or profit center. That might mean you actually show that IT is revenue neutral. The key is to avoid being categorized as an expense and instead show value from a financial perspective.

4.    Dig deep to identify your contributions and fly your own flag.

Healthy interest in next-generation security technologies
The AGC event is interesting because it focuses on private-company presentations. Because private company presentations don’t have to disclose numbers such as company size, bookings, and customer counts, you need to get a sense of the technologies and then use your gut regarding their viability. That said, there are a lot of small, private venture-backed companies in the information security space and it’s clear that there’s plenty of interest in funding next-generation information security and IT operations technologies. While a lot of venture and private equity firms were quiet in the first half of 2009, they started aggressively spending in the second half of the year, and that is continuing. The number of new companies at the event indicates that the appetite for next-generation technology seems to be strong from both a product purchaser and investor perspective.

Suite-based security solutions are the answer to the converged endpoint
At both events there was tremendous focus on how to define the endpoint and how to address endpoint security going forward. I spoke on the AGC panel about the converging endpoint. The focus on layer 2 and 3 gateways and complete neglect of our endpoints for the past decade or more has left us  at great risk – clearly cybercriminals are taking full advantage of it.

What we’re seeing is that endpoint security technology is quickly commoditized or rendered irrelevant unless it’s delivered as part of a security suite. In other words, unless an individual point solution is groundbreaking in some way, people aren’t interested in using it. This shift has been aided by the ailing economy. People need more for less. Plus, people are fed up with all the conflict on these endpoints because agents from different vendors are stepping on each other or running duplicate services.

Lumension has remained ahead of the curve to define innovative ways and approaches to effectively manage endpoint risk and provide lower TCO by moving away from just being a point technology provider to an endpoint management platform and suite provider. We have launched our first applications on our new platforms that deliver an agile single console, single server, single agent architecture through our Lumension Endpoint Management and Security Suite and Lumension Endpoint Management Platform. In moving to this new platform we have also unified various workflows together supported by multiple parts of our underlying technology – Vulnerability Management, Antivirus, Data Protection and Compliance and IT Risk Management.

Cloud-based computing is a reality
Cloud computing also got plenty of attention at both events. While the cloud has been around for a long time, it keeps manifesting itself in different ways. Essentially, it has followed the centralized -> decentralized -> centralized -> decentralized path for technology. Now the cloud seems to be an emerging, preferred delivery mechanism in the security and IT operations arena.

Of the three versions of the cloud – public, private, and hybrid – hybrid seems to be the popular model for larger enterprises. They don’t want to trust everything to a straight-up cloud solution. Small businesses worldwide are more inclined toward a pure cloud offering over a hybrid solution because they that want to leverage the cost-structure benefits.

At RSA, I saw that most security vendors are trying to find a methodology for delivering their technology in the cloud. Some of these offerings are 100 percent SaaS-based, allowing customers to employ agents and run scans in the cloud without any local footprint except perhaps agents on local machines. Others are trying to figure out how to deliver content via the cloud. Any company that wasn’t involved in a cloud discussion was missing one of the key themes of the show, which was “how do you provide SMB enterprises with lower cost, higher-speed delivery that’s easier to implement?”

So, cloud-based migration is a reality. The only question is what type of cloud environment companies will see. Will it be nice and fluffy or dark and stormy? Companies will have a hybrid of cloud and on-premise systems to optimize security and efficiency. We tap into the opportunity several ways. We are already a SaaS-based company and are looking at offering more service-based content and support. Note our recent announcement with Microsoft of our Endpoint Integrity service, which is cloud-based application that provides trust information. Companies that store information via third-party cloud infrastructure and providers will need a way to monitor and audit policy, and our compliance and risk management solution can help them do that.

How antivirus technologies need to evolve
On the AGC panel discussion, one traditional antivirus vendor insisted that the reason for recent outbreaks is companies using out-of-date technologies. But the majority of vendors agreed that it’s about more than that. Essentially, everyone – except that antivirus vendor – agreed that you can’t protect environments solely with older, reactive technologies. Traditional endpoint security suites need to morph to include next-generation technologies, namely whitelisting. Plus, companies need to exercise due care patching known holes. Everyone also agreed that the more integrated whitelisting is, the better. The only disagreement was about how whitelisting should be implemented in the enterprise, and that seems to be dependent on size. While smaller enterprises will need something that is plug-and- play, larger enterprises will want the flexibility to address different areas based on the network, risk, and geography. It’s clear that whitelisting will be an important part of protection in the future.

Compliance and risk management are gaining in importance
It’s obvious that there’s a real focus on the cost of ownership associated with understanding real-time compliance and risk management. Some of the more prominent booths at the RSA Conference were staffed by companies focused on governance, risk, and compliance (GRC). Many of these same companies were in small booths two years ago, indicating the level of importance that these technologies have taken on.

Most business leaders today only want to talk about compliance and how they need to be compliant with whatever industry requirements they have, be it PCI or others. The challenge with this is that companies are lulled into this believe that compliance means they’re secure. However, it does not equal security in that you can be complaint but that doesn’t mean you’re secure.

Given today’s highly regulated business environment combined with the rising cost of compliance, organizations need a comprehensive solution that provides high visibility and continuous monitoring of their compliance and IT risk posture, while supporting greater levels of automation across audit workflows.

Making operational whitelisting a reality
Someone asked me “What stood out as unique and extraordinary the RSA Conference?” I believe the next most interesting thing is the introduction of operational whitelisting in the everyday business environment. We have to move towards a more proactive security model with application whitelisting. This technology can now no longer be related to static environments like POS as new levels of integration and change management have come about making this technology much more scalable and operational. Big antivirus vendors say they’re doing that today, but only Lumension has delivered an operational version.

At the show, we announced our Intelligent Whitelisting capabilities. In this unified workflow we integrate our antivirus, application control and patch management capabilities to deliver a new whitelisting capability that overcomes the traditional barriers to whitelisting. We also interface to our compliance and risk management solution so that operational network information is automatically fed into our risk management framework. This delivers much more automation in managing risk and compliance thereby improving visibility while reducing the cost of compliance.