"The security industry and trade press have directed a lot of attention toward the 'Zero-day attack', promoting it as THE threat to guard against. According to the marketing hype, the Zero-Day attack is the one that you should most fear, so you must put in place measures to defend your organization from it. The Zero-Day threat is born the moment a vulnerability is publicly announced or acknowledged. But what about the period of time that the threat existed before being announced. At StillSecure we call this class 'Less-Than-Zero' threat. In this two-part series I'll examine this Less-Than-Zero threat, compare it to the Zero-Day threat, and discuss ways to protect yourself from Less-Than-Zero attacks and vulnerabilities for which patches, signatures, etc., do not yet exist."

Among the few things I'm proud of in my life, not having had contact with Windows when I first "met" a computer is somewhere around the top. Indeed, the first computer I used ran Unix, and I have been using Unices myself for some time.

This is a review of Slackware 11.0 where the author explains what is in store for the Linux users who choose to use this Linux distribution. The article writes: "When you hear the name Slackware, you are at once transported to a world where Linux users feel more at home in setting the configurations by editing ordinary text files. In fact the credo of Slackware is to keep it as simple as possible. In popular speak, it is known by the acronym KISS (Keep It Simple Stupid)."

"The talk lately has centred about Vista's security APIs, but Linux certainly needs improvements in this area, because AV vendors still rely on an external kernel module to implement 'real time' file scanning." The Inq also reviews AVG antivirus for Linux, and concludes it is a must-have

"Apple's recent quarterly earnings report blew past all expectations. More importantly, dramatic unit sales growth shows the company is executing a working strategy for building the Mac platform. That raises the obvious question: why has Apple's market share historically been so low, and why did Apple fail to make any progress in the 1990's? Here's a look at why Apple's platform fell into crisis, and why the solutions prescribed by analysts didn't work."

An application might pass all your exhaustive feature and security suites, making sure it'll work well for the end-user. But IT admins are likely to test software all over again, using standard Windows administrator tools in the user's actual environment. This article explains how and why to test applications with ACT.

There are plenty of programming languages around. David Chisnall points out the various factors that determine what makes a "good" language. But note his caveat: These principles don't always apply in any given set of circumstances!

Steve McIntyre visited the LiMux team in Munich and has posted a small report about the visit on his blog. LiMux is the specially tailored Debian distribution City of Munich deploys. "I'd like to talk some more about LiMux, the project being run within the City of Munich to replace all of their desktop Windows systems with Linux. They gave us a demonstration and answered lots of our questions."

UNIX provides robust tools and infrastructure so that you can both protect and share information. This article looks at user privileges and, in particular, examines how to manipulate file permissions to restrict or share your directories and files with others. Understanding permissions is crucial if you want to speak UNIX fluently. Learn how to manipulate file permissions to protect your files, or share them with others.

NVPerfKit is a comprehensive suite of performance tools to help debug and profile OpenGL and Direct3D applications. It gives you access to low-level performance counters inside the driver and hardware counters inside the GPU itself. The counters can be used to determine exactly how your application is using the GPU, identify performance issues, and confirm that performance problems have been resolved.

"We've gotten some questions here today about public reports claiming there's a new vulnerability in Internet Explorer 7. These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express." Meanwhile, Adam has published an article on IE7 on his blog: "IE7 is a major plus for anyone who understands the internet and networks, and especially for those who do web development. Read on for a lengthy review."

The Unofficial Apple Weblog has some screenshots of the latest Leopard build, and since MacRumors says they're real, they're of course real. Anyway, they show off Safari's anti-phishing features, as well as the improved previews in the Finder. There are also some shots of iCal's new look.

Microsoft has blocked the attack vector used to slip unsigned drivers past new security policies being implemented in Windows Vista, according to Joanna Rutkowska, the stealth malware researcher who created the exploit. Rutkowska, who demonstrated the exploit at the Black Hat conference in August, said she tested the attack against Windows Vista RC2 x64 and found that the exploit doesn't work anymore. "The reason: Vista RC2 now blocks write-access to raw disk sectors for user mode applications, even if they are executed with elevated administrative rights," Rutkowska wrote on her Invisible Things blog.

Who wants to be a programmer? Microsoft is hoping everyday folks will take the challenge by using its non-professional programming tools, and other vendors are following suit. Microsoft is poised to tap the nascent market for development tools to enable non-professionals to create applications, having established a team specifically built for this push and planning several initiatives, including a new Web site strictly for beginners.