Microsoft posts $5 million ‘bounty’ fund

Plus: Net Appliance buys Spinnaker; Linux developers block Trojan; Google rolls out new Deskbar software; and more

• Microsoft is dipping into its sizeable cash reserves to offer rewards of $250,000 each to anyone who can help track down the authors of the SoBig and Blaster worms that wreaked havoc with Microsoft software and crippled many corporate networks. Two people have been arrested for unleashing variants of Blaster, but the original author remains at large. The bounties are part of a $5 million fund Microsoft has established to help law enforcement snare computer bad guys. The company got a show of support during a news conference last week from the FBI, the Secret Service and Interpol. Microsoft has spent millions of dollars over the past two years on its Trustworthy Computing initiative, which is designed to produce secure code, but security vulnerabilities have persisted in its software, including 47 this year. Now the company is committing millions of dollars to attack the problem from the other end of the spectrum – those who exploit those vulnerabilities.

• Network Appliance is buying privately held Spinnaker Networks for about $300 million in an all-stock deal aimed at boosting Network Appliance’s high-end storage products and get its “storage grid” architecture to market more quickly, executives from the companies said last week. Spinnaker develops enterprise-class network-attached storage products, with a family of NAS servers and a global distributed file system, Spin FS, on the market. Network Appliance provides storage network infrastructure wares. Network Appliance executives did not offer a time frame for when the storage grid architecture will be released, but pledged an update in the coming weeks.

• The Federal Trade Commission has filed suit against a company that allegedly exploited a vulnerability in Microsoft’s Windows system to barrage users with pop-up ads using a feature intended for administrative alerts. The tactic involved the Windows Messenger Service, a software feature distinct from Microsoft’s similarly named MSN Messenger and Windows Messenger instant-messaging applications. The Messenger Service is part of the Windows XP and Windows 2000 operating systems that let network administrators send messages to users, such as notifications about the status of print jobs. The feature proved problematic as external parties figured out how to hijack the Messenger Service and use it to send unsolicited information such as ads to Internet-connected computers. The company targeted by the FTC, D Squared Solutions, used Messenger Service to flash ads touting its pop-up blocking software, which it sold for $25 to $30, according to the FTC’s complaint. D Squared officials could not be reached for comment.

• Google is looking to make inroads into the desktop with last week’s rollout of its free Google Deskbar software, which lets Windows users search the Web and applications without opening a browser. The Deskbar appears as a small inset window on the Windows toolbar and lets users search the Web without leaving desktop tasks as long as the computer is connected to the Internet. Keyboard shortcuts let users run queries, typing “Ctrl+Alt+G” to perform Google searches from applications, for example. There are also keyboard shortcuts for Google News, Images and the company’s Froogle shopping comparison searches. The Deskbar requires the Windows 98, ME, 2000 or XP operating systems, and Internet Explorer 5.5 or higher to run.

• IT executives shouldn’t worry about bringing IPv6, 3G or 64-bit computing to the desktop until as late as 2007 or 2008, Gartner analysts advised last week at the the company’s Symposium/ITxpo conference in Cannes, France. On the other hand, IP VPNs, Wi-Fi and replacement desktop machines all should be the subject of careful reflection today. Assigning technologies to three categories, “Act now,” “Next year” and “Not yet,” the analysts gave their views of how attendees should prioritize new technology introduction to the enterprise. IPv6 is strictly of interest to service operators and now is not the time for corporations to worry about this new technology, they said. But the analysts recommended that companies should act now to replace frame relay, ATM and leased-line connections with IP VPN links.

• An attempt by an unknown attacker to plant a Trojan virus in the Linux kernel has been blocked. Kernel developers last week discovered that a server hosting a copy of the Linux source code had been compromised and that a Linux kernel file had been changed to allow the attacker unauthorized access to operating systems built with the affected source code. The machine in question, Kernel.bkbits.net, hosted a version of the Linux source code that was used by only a handful of Linux developers. The compromise was detected and corrected within 12 hours.