Research in Motion is recommending that IT departments and users disable JavaScript on their BlackBerry devices, citing a vulnerability unearthed at this year's Pwn2Own hacker challenge.
RIM may rip a page from Google for PlayBook
According to RIM, the vulnerability could allow a hacker to access a device's user data through the BlackBerry Browser if the user visits a "maliciously designed" Web site. The vulnerability only affects devices that have BlackBerry OS 6 installed, since it can only be exploited in devices that utilize the WebKit browser engine. RIM first started remaking its browser for BlackBerry OS 6 in 2009, when it purchased open source Web browser developer Torch Mobile, whose flagship Iris Browser is based on the open source Webkit browser engine. Any BlackBerry devices that contain older versions of the BlackBerry operating system will not be impacted.
RIM says the vulnerability will only allow hackers to gain access to data stored on devices' media cards and built-in media storage and that it will not give hackers access to data on the application storage portion of the phone, such as user data stored by e-mail, calendar and contact applications. So far, RIM says it has seen no actual cases of anyone exploiting this vulnerability outside of a test environment.
RIM is providing IT departments with guidelines to disable JavaScript on several BlackBerry devices, including the Torch 9800, the Bold 9700 and the Curve 9300. If this fails, RIM recommends disabling the BlackBerry Browser on devices altogether until the vulnerability can be patched.
While RIM has traditionally made its name by providing airtight security to enterprise users, it has been forced in recent years by the success of Apple's iPhone and Google's open-source Android operating system to allow more open-source and third-party applications onto its devices. In addition to its use of the open-source WebKit browser engine, RIM is also reportedly weighing whether to let its upcoming PlayBook tablet run applications designed for the Android platform.
Mobile applications have become an increasingly popular feature of smartphones over the past couple of years, especially with the high-profile launches of application shopping centers such as Apple's App Store and Google's Android Market. The most recent survey data from research firm ChangeWave shows that 14% of smartphone users said that applications were what they liked best about new smartphones, followed by ease of use (12%) and Internet access (12%). Corporate e-mail access, which has long been RIM's bread-and-butter application, was considered the most important feature by 10% of users, the survey showed
Wednesday, March 16, 2011
Thursday, January 20, 2011
Enterprises: We'll run Windows XP even after retirement
Nearly half of the companies still using the nine-year-old Windows XP plan to keep running the aged OS even after Microsoft withdraws its support in 2014, a research analyst said today.
"IT just really, really likes the XP operating system," said Diane Hagglund, a senior analyst at Dimensional Research, which recently surveyed more than 950 IT professionals about their Windows and Microsoft Office adoption plans. "They say it's just that good, and don't want to mess with it."
According to Dimensional's poll, IT pros split on how they would handle the April 2014 retirement of Windows XP: 47% said that they would ditch XP for a newer Windows before then, while 48% claimed that they would continue using XP sans support.
Microsoft will stop supporting Windows XP after April 8, 2014 when it issues the operating system's final set of security patches.
The large number of companies that plan to keep XP on the front lines, even without support from Microsoft, stunned Hagglund. "It wasn't just very small companies saying this," she said, adding that the stick-with-XP movement was across the board.
"We're seeing a number of major financial services and manufacturing companies opting to continue running XP without support," said Hagglund. "And it's not a price issue. From the comments we did get, IT simply thinks it's a great OS, one that's still working for them."
For all their talk, enterprises don't plan on running XP forever, only for some time after the 2014 support cutoff. "I think six months or so after Microsoft ends support, they'll really quickly upgrade [to a newer Windows] as they realize the systems are vulnerable because they've not been patched," Hagglund said.
Microsoft has been pushing XP customers of all stripes, including enterprises, to upgrade to Windows 7. While Dimensional didn't query IT professionals about what operating system they were leaving behind as they migrated to Windows 7, they're doing the latter in increasing numbers.
More than a third, or 38%, of those polled said their companies have implemented a partial roll-out of Windows 7, up from 15% in January 2010 , the last time Dimensional surveyed IT administrators and staffers.
Six percent of the companies have fully deployed to Windows 7 , a six-fold increase over the 1% who said the same back in January.
"What's really interesting here is that if you look at the numbers, they've almost exactly adopted according to plan," said Hagglund, citing figures from the migration schedules expressed in January of 2010.
"That's a real indicator that Windows 7 migration is going well," she added, noting that making plan is the best that enterprises do. "No one exceeds plans," she said.
On Thursday, Microsoft cited Windows 7's adoption pace as a big reason for its better-than-expected quarterly earnings numbers. "Companies [are] adopting Windows 7 ... at historically high rates," said Peter Klein, Microsoft's chief financial officer, during a call with Wall Street analysts. Microsoft's Windows division posted revenues in the third quarter that were up 10% over same period of the year before.
"IT just really, really likes the XP operating system," said Diane Hagglund, a senior analyst at Dimensional Research, which recently surveyed more than 950 IT professionals about their Windows and Microsoft Office adoption plans. "They say it's just that good, and don't want to mess with it."
According to Dimensional's poll, IT pros split on how they would handle the April 2014 retirement of Windows XP: 47% said that they would ditch XP for a newer Windows before then, while 48% claimed that they would continue using XP sans support.
Microsoft will stop supporting Windows XP after April 8, 2014 when it issues the operating system's final set of security patches.
The large number of companies that plan to keep XP on the front lines, even without support from Microsoft, stunned Hagglund. "It wasn't just very small companies saying this," she said, adding that the stick-with-XP movement was across the board.
"We're seeing a number of major financial services and manufacturing companies opting to continue running XP without support," said Hagglund. "And it's not a price issue. From the comments we did get, IT simply thinks it's a great OS, one that's still working for them."
For all their talk, enterprises don't plan on running XP forever, only for some time after the 2014 support cutoff. "I think six months or so after Microsoft ends support, they'll really quickly upgrade [to a newer Windows] as they realize the systems are vulnerable because they've not been patched," Hagglund said.
Microsoft has been pushing XP customers of all stripes, including enterprises, to upgrade to Windows 7. While Dimensional didn't query IT professionals about what operating system they were leaving behind as they migrated to Windows 7, they're doing the latter in increasing numbers.
More than a third, or 38%, of those polled said their companies have implemented a partial roll-out of Windows 7, up from 15% in January 2010 , the last time Dimensional surveyed IT administrators and staffers.
Six percent of the companies have fully deployed to Windows 7 , a six-fold increase over the 1% who said the same back in January.
"What's really interesting here is that if you look at the numbers, they've almost exactly adopted according to plan," said Hagglund, citing figures from the migration schedules expressed in January of 2010.
"That's a real indicator that Windows 7 migration is going well," she added, noting that making plan is the best that enterprises do. "No one exceeds plans," she said.
On Thursday, Microsoft cited Windows 7's adoption pace as a big reason for its better-than-expected quarterly earnings numbers. "Companies [are] adopting Windows 7 ... at historically high rates," said Peter Klein, Microsoft's chief financial officer, during a call with Wall Street analysts. Microsoft's Windows division posted revenues in the third quarter that were up 10% over same period of the year before.
The "kill switch" for Windows Phone 7 apps
Microsoft has acknowledged that it has tools in place to "take action" against Windows Phone 7 malware or offending apps.
This capability, which is also present in Google Android and Apple iOS, essentially lets Microsoft, via it's Zune-based Windows Phone 7 Marketplace, unpublish an app or in some cases remove it from a phone if the software was deemed a dangerous-enough security threat. It was dubbed a "kill switch" by UK-based PCPro.com, which broke the story this week, based on an interview with Todd Biggs, director of product management for Windows Phone Marketplace.
Microsoft has created a highly automated app testing and certification process for Windows Phone 7 apps, and Briggs made clear the company expects that system to flag most instances of problematic code. But, he says, “Market Place is a complex operation and we need to have the capability for dealing with different situations.”
As quoted in PCPro, Briggs clearly suggested the most common method of deactivating malware on the phone would be to simply yank the app from the online catalog. "[B]ut if it was very rogue then we could remove applications from handsets - we don't want things to go that far, but we could,” Biggs says.
That would most likely be done when the phone automatically and periodically checks into the catalog for downloads and updates.
The first Windows Phone 7 handsets for the U.S. become available Monday, November 8, on AT&T and T-Mobile.
This capability, which is also present in Google Android and Apple iOS, essentially lets Microsoft, via it's Zune-based Windows Phone 7 Marketplace, unpublish an app or in some cases remove it from a phone if the software was deemed a dangerous-enough security threat. It was dubbed a "kill switch" by UK-based PCPro.com, which broke the story this week, based on an interview with Todd Biggs, director of product management for Windows Phone Marketplace.
Microsoft has created a highly automated app testing and certification process for Windows Phone 7 apps, and Briggs made clear the company expects that system to flag most instances of problematic code. But, he says, “Market Place is a complex operation and we need to have the capability for dealing with different situations.”
As quoted in PCPro, Briggs clearly suggested the most common method of deactivating malware on the phone would be to simply yank the app from the online catalog. "[B]ut if it was very rogue then we could remove applications from handsets - we don't want things to go that far, but we could,” Biggs says.
That would most likely be done when the phone automatically and periodically checks into the catalog for downloads and updates.
The first Windows Phone 7 handsets for the U.S. become available Monday, November 8, on AT&T and T-Mobile.
The "kill switch" for Windows Phone 7 apps
John Cox
Back to Microsoft Subnet
John Cox on Wireless
Microsoft has acknowledged that it has tools in place to "take action" against Windows Phone 7 malware or offending apps.
This capability, which is also present in Google Android and Apple iOS, essentially lets Microsoft, via it's Zune-based Windows Phone 7 Marketplace, unpublish an app or in some cases remove it from a phone if the software was deemed a dangerous-enough security threat. It was dubbed a "kill switch" by UK-based PCPro.com, which broke the story this week, based on an interview with Todd Biggs, director of product management for Windows Phone Marketplace.
Microsoft has created a highly automated app testing and certification process for Windows Phone 7 apps, and Briggs made clear the company expects that system to flag most instances of problematic code. But, he says, “Market Place is a complex operation and we need to have the capability for dealing with different situations.”
As quoted in PCPro, Briggs clearly suggested the most common method of deactivating malware on the phone would be to simply yank the app from the online catalog. "[B]ut if it was very rogue then we could remove applications from handsets - we don't want things to go that far, but we could,” Biggs says.
That would most likely be done when the phone automatically and periodically checks into the catalog for downloads and updates.
The first Windows Phone 7 handsets for the U.S. become available Monday, November 8, on AT&T and T-Mobile.
Back to Microsoft Subnet
John Cox on Wireless
Microsoft has acknowledged that it has tools in place to "take action" against Windows Phone 7 malware or offending apps.
This capability, which is also present in Google Android and Apple iOS, essentially lets Microsoft, via it's Zune-based Windows Phone 7 Marketplace, unpublish an app or in some cases remove it from a phone if the software was deemed a dangerous-enough security threat. It was dubbed a "kill switch" by UK-based PCPro.com, which broke the story this week, based on an interview with Todd Biggs, director of product management for Windows Phone Marketplace.
Microsoft has created a highly automated app testing and certification process for Windows Phone 7 apps, and Briggs made clear the company expects that system to flag most instances of problematic code. But, he says, “Market Place is a complex operation and we need to have the capability for dealing with different situations.”
As quoted in PCPro, Briggs clearly suggested the most common method of deactivating malware on the phone would be to simply yank the app from the online catalog. "[B]ut if it was very rogue then we could remove applications from handsets - we don't want things to go that far, but we could,” Biggs says.
That would most likely be done when the phone automatically and periodically checks into the catalog for downloads and updates.
The first Windows Phone 7 handsets for the U.S. become available Monday, November 8, on AT&T and T-Mobile.
Microsoft warns of new Zero-day attack affecting Internet Explorer 6, 7, 8
Today Microsoft released Security Advisory 2458511 to warn Internet Explorer users of a new zero-day attack that Microsoft has seen in the wild. It affects versions 6, 7, and 8, although Microsoft says that the default installations of IE8 make that version of the browser harder to exploit.
UPDATED: Security researchers at Symantec reported the attack to Microsoft and earlier today posted details. I'll summarize. Attackers figured out specific exploits for older versions of IE, 6 and 7 specifically. They hacked otherwise innocent Web servers and added a page with malware. They sent e-mails to specific individuals within various organizations. When those individuals visited the page, the malware told them which version of IE they were using. If it was not IE 6 or 7, the victim saw a blank Web page. If it was, the nasty page downloaded a Trojan that allowed the hacker to install commands disguised as .gif files. The victim need do nothing but visit the Web page. The owners of identified Web sites hosting the malware pages have been contacted and the files removed, but there's no telling how many more are still out there.
It is unlikely that a patch will be available by next week's Patch Tuesday, says Jason Miller, data and security team leader, Shavlik Technologies, Minneapolis, MN. However Miller says if Microsoft sees an uptick in this attack, he would expect Microsoft to release an out-of-band patch.
Microsoft explains:
"The vulnerability exists due to an invalid flag reference within Internet Explorer. It is possible under certain conditions for the invalid flag reference to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution. At this time, we are aware of targeted attacks attempting to use this vulnerability."
IE 8 is less vulnerable due to "defense in depth protections" from its Data Execution Prevention (DEP) feature, which Microsoft says is enabled by default in Internet Explorer 8 on all supported Windows platforms. While Microsoft PR says that " the impact of this vulnerability is extremely limited and we are not aware of any affected customers," the security advisory also notes that black hats are trying to take advantage of the hole in the wild. Its says, "At this time, we are aware of targeted attacks attempting to use this vulnerability."
Microsoft says that IE 9 isn't affected, but remember IE 9 isn't available for XP users, not even those who are using XP SP3, which Microsoft is still supporting.
While no patch is available yet, Microsoft has offered several workarounds including:
* Override the Web site CSS style with a user-defined CSS (that's not going to make a lot of Web developer's happy).
* Deploy Microsoft's Enhanced Mitigation Experience Toolkit, is a utility that Microsoft says helps prevent vulnerabilities in software from successfully being exploited. For more information
* IE7 users are urged to enable the Data Execution Prevention (DEP) feature, although this may cause conflicts with some browser extensions.
* Read e-mails in plan text
* Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
UPDATED: Security researchers at Symantec reported the attack to Microsoft and earlier today posted details. I'll summarize. Attackers figured out specific exploits for older versions of IE, 6 and 7 specifically. They hacked otherwise innocent Web servers and added a page with malware. They sent e-mails to specific individuals within various organizations. When those individuals visited the page, the malware told them which version of IE they were using. If it was not IE 6 or 7, the victim saw a blank Web page. If it was, the nasty page downloaded a Trojan that allowed the hacker to install commands disguised as .gif files. The victim need do nothing but visit the Web page. The owners of identified Web sites hosting the malware pages have been contacted and the files removed, but there's no telling how many more are still out there.
It is unlikely that a patch will be available by next week's Patch Tuesday, says Jason Miller, data and security team leader, Shavlik Technologies, Minneapolis, MN. However Miller says if Microsoft sees an uptick in this attack, he would expect Microsoft to release an out-of-band patch.
Microsoft explains:
"The vulnerability exists due to an invalid flag reference within Internet Explorer. It is possible under certain conditions for the invalid flag reference to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution. At this time, we are aware of targeted attacks attempting to use this vulnerability."
IE 8 is less vulnerable due to "defense in depth protections" from its Data Execution Prevention (DEP) feature, which Microsoft says is enabled by default in Internet Explorer 8 on all supported Windows platforms. While Microsoft PR says that " the impact of this vulnerability is extremely limited and we are not aware of any affected customers," the security advisory also notes that black hats are trying to take advantage of the hole in the wild. Its says, "At this time, we are aware of targeted attacks attempting to use this vulnerability."
Microsoft says that IE 9 isn't affected, but remember IE 9 isn't available for XP users, not even those who are using XP SP3, which Microsoft is still supporting.
While no patch is available yet, Microsoft has offered several workarounds including:
* Override the Web site CSS style with a user-defined CSS (that's not going to make a lot of Web developer's happy).
* Deploy Microsoft's Enhanced Mitigation Experience Toolkit, is a utility that Microsoft says helps prevent vulnerabilities in software from successfully being exploited. For more information
* IE7 users are urged to enable the Data Execution Prevention (DEP) feature, although this may cause conflicts with some browser extensions.
* Read e-mails in plan text
* Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
Wednesday, January 19, 2011
Microsoft yanks Outlook 2007 update
Microsoft last week pulled an update for Outlook 2007 issued just two days earlier, citing connection and performance problems for the unusual move.
The update was issued mid-day on Dec. 14 as part of the monthly Patch Tuesday. Within hours, users reported trouble with retrieving e-mail and major delays when switching folders.
"This latest update results in Outlook 2007 being very slow in changing folders and the archiving functionality appears to have been removed," said someone identified as "alspar" on a Microsoft support forum early Wednesday morning. "Is this an error or by design?"
Others said they couldn't send or receive e-mail, including Gmail messages, through Outlook after installing the update.
Ironically, Microsoft had billed the update, which didn't patch any security vulnerabilities, as one that contained "stability and performance improvements."
By Thursday, support forum moderators were telling users to uninstall the update.
Microsoft made that official late Friday in a post on the Outlook team's blog . "We have discovered several issues with the update and ... as of December 16, this Outlook 2007 update has been removed from Microsoft Update,"
According to Microsoft, the Tuesday update contained three flaws related to Secure Password Authentication (SPA), a Microsoft protocol used to authenticate mail clients like Outlook to a mail server; sluggish folder switching when Outlook wasn't configured to grab mail from an Exchange server; and a broken AutoArchive feature.
The update was issued mid-day on Dec. 14 as part of the monthly Patch Tuesday. Within hours, users reported trouble with retrieving e-mail and major delays when switching folders.
"This latest update results in Outlook 2007 being very slow in changing folders and the archiving functionality appears to have been removed," said someone identified as "alspar" on a Microsoft support forum early Wednesday morning. "Is this an error or by design?"
Others said they couldn't send or receive e-mail, including Gmail messages, through Outlook after installing the update.
Ironically, Microsoft had billed the update, which didn't patch any security vulnerabilities, as one that contained "stability and performance improvements."
By Thursday, support forum moderators were telling users to uninstall the update.
Microsoft made that official late Friday in a post on the Outlook team's blog . "We have discovered several issues with the update and ... as of December 16, this Outlook 2007 update has been removed from Microsoft Update,"
According to Microsoft, the Tuesday update contained three flaws related to Secure Password Authentication (SPA), a Microsoft protocol used to authenticate mail clients like Outlook to a mail server; sluggish folder switching when Outlook wasn't configured to grab mail from an Exchange server; and a broken AutoArchive feature.
The problem with Windows 7 tablets: they still run Windows
Microsoft CEO Steve Ballmer and cohorts drew some major applause at CES by showing off new tablets running Windows 7, and for good reason. New devices from Acer, ASUS and Samsung are sleek and have innovative form factors, for example dual screens and slide-out keyboards. But the advances can largely be attributed to the good work of Microsoft's hardware partners. The problem with Windows tablets is that they still run Windows.
That's not to say Windows can't be adapted to the tablet age. Microsoft would argue that the devices shown off at CES this week prove Windows 7 is tablet-ready, but analysts aren't necessarily ready to agree.
The issue, says Aberdeen Group research analyst Andrew Borg, is that Microsoft is still using pre-iPad thinking.
Microsoft bashes Apple at CES while previewing next-gen Windows
Microsoft's comfort zone is with what we might call Tablets 1.0, which were based on stylus and 'digital-ink' interaction, and used a unipoint (not multi-touch) touchscreen interface," Borg wrote during the course of a few e-mails we've exchanged since Ballmer's keynote last night. "Apple's iOS replaced that metaphor once and forever (call it Tablets 2.0) with gesture-based interaction on a multi-touch touchscreen interface. It's fundamentally a different use case: the first assumes the presence of a keyboard along with the stylus which simply replaces the mouse or pointer; the second doesn't replicate the traditional computer desktop or laptop metaphor, it replaces it."
Let's give credit to Microsoft where credit is due. There was a real "wow factor" when they demonstarted prototypes of tablets coming out within the next few months, and it shows that Microsoft is working closely with hardware partners to get some cool devices into the hands of consumers. Samsung, for example, is coming out with Windows 7-based tablets that have a slide-out keyboard, and ASUS has a standalone tablet with a Bluetooth keyboard. The ASUS device will use a combination of stylus and finger-based touch, and will be able to tell the difference between the stylus and your hand.
Most visually striking, in my opinion, is the Acer ICONIA, which has two 14-inch touch screens that can both be used for Web surfing and all the other stuff you'd do with a Windows tablet. But one of its coolest features is also a reminder that Windows 7 is still much more a desktop than a tablet operating system.
That's not to say Windows can't be adapted to the tablet age. Microsoft would argue that the devices shown off at CES this week prove Windows 7 is tablet-ready, but analysts aren't necessarily ready to agree.
The issue, says Aberdeen Group research analyst Andrew Borg, is that Microsoft is still using pre-iPad thinking.
Microsoft bashes Apple at CES while previewing next-gen Windows
Microsoft's comfort zone is with what we might call Tablets 1.0, which were based on stylus and 'digital-ink' interaction, and used a unipoint (not multi-touch) touchscreen interface," Borg wrote during the course of a few e-mails we've exchanged since Ballmer's keynote last night. "Apple's iOS replaced that metaphor once and forever (call it Tablets 2.0) with gesture-based interaction on a multi-touch touchscreen interface. It's fundamentally a different use case: the first assumes the presence of a keyboard along with the stylus which simply replaces the mouse or pointer; the second doesn't replicate the traditional computer desktop or laptop metaphor, it replaces it."
Let's give credit to Microsoft where credit is due. There was a real "wow factor" when they demonstarted prototypes of tablets coming out within the next few months, and it shows that Microsoft is working closely with hardware partners to get some cool devices into the hands of consumers. Samsung, for example, is coming out with Windows 7-based tablets that have a slide-out keyboard, and ASUS has a standalone tablet with a Bluetooth keyboard. The ASUS device will use a combination of stylus and finger-based touch, and will be able to tell the difference between the stylus and your hand.
Most visually striking, in my opinion, is the Acer ICONIA, which has two 14-inch touch screens that can both be used for Web surfing and all the other stuff you'd do with a Windows tablet. But one of its coolest features is also a reminder that Windows 7 is still much more a desktop than a tablet operating system.
Yahoo IPv6 upgrade could shut out 1 million Internet users
ahoo is forging ahead with a move to IPv6 on its main Web site by year-end despite worries that up to 1 million Internet users may be unable to access it initially.
Yahoo's massive engineering effort to support IPv6 -- the long-anticipated upgrade to the Internet's main communications protocol -- could at first shut out potential www.yahoo.com users due to what the company and others call "IPv6 brokenness.
Yahoo has been one of the most vocal Internet companies to express concern about industry estimates that 0.05% of Internet users will be unable to access Web sites that support both IPv6 and the current standard, IPv4.
IPv6 experts say some Internet users will experience slowdowns or have trouble connecting to IPv6-enabled Web sites because they have misconfigured or misbehaving network equipment, primarily in their home networks. Corporate users also could experience IPv6 brokenness because of faulty firewall settings.
The Internet Society's estimate that 0.05% of users will be unable to reach IPv6-enabled content may seem miniscule, but it actually represents around 1 million Internet users based on estimates that 2 billion people access the Internet.
"The numbers are going to vary from site to site, but it's definitely very critical that everybody understands that when they do make themselves available through both IPv4 and IPv6 at the same time what impact there will be on a small percentage of users," says Jason Fesler, an IPv6 architect with Yahoo.
Fesler explained that for end users with IPv6 brokenness, Web sites that support IPv6 and IPv4 simultaneously in what's called dual-stack mode will appear to be suffering from an outage.
"A certain number of users do have IPv6 on their systems, but they have it configured in such a way that their system believes they have a working IPv6 Internet connection when in reality they don't. Or their Web site browser will prefer IPv6," Fesler explains. "This will result in timeouts that can be anywhere from 5 seconds to several minutes. From an end user's point of view, the first major Web site that goes dual-stack is going to appear broken while other Web sites will appear to be up."
Yahoo's massive engineering effort to support IPv6 -- the long-anticipated upgrade to the Internet's main communications protocol -- could at first shut out potential www.yahoo.com users due to what the company and others call "IPv6 brokenness.
Yahoo has been one of the most vocal Internet companies to express concern about industry estimates that 0.05% of Internet users will be unable to access Web sites that support both IPv6 and the current standard, IPv4.
IPv6 experts say some Internet users will experience slowdowns or have trouble connecting to IPv6-enabled Web sites because they have misconfigured or misbehaving network equipment, primarily in their home networks. Corporate users also could experience IPv6 brokenness because of faulty firewall settings.
The Internet Society's estimate that 0.05% of users will be unable to reach IPv6-enabled content may seem miniscule, but it actually represents around 1 million Internet users based on estimates that 2 billion people access the Internet.
"The numbers are going to vary from site to site, but it's definitely very critical that everybody understands that when they do make themselves available through both IPv4 and IPv6 at the same time what impact there will be on a small percentage of users," says Jason Fesler, an IPv6 architect with Yahoo.
Fesler explained that for end users with IPv6 brokenness, Web sites that support IPv6 and IPv4 simultaneously in what's called dual-stack mode will appear to be suffering from an outage.
"A certain number of users do have IPv6 on their systems, but they have it configured in such a way that their system believes they have a working IPv6 Internet connection when in reality they don't. Or their Web site browser will prefer IPv6," Fesler explains. "This will result in timeouts that can be anywhere from 5 seconds to several minutes. From an end user's point of view, the first major Web site that goes dual-stack is going to appear broken while other Web sites will appear to be up."
Subscribe to:
Posts (Atom)