Making the most of Really Simple Syndication

Making the most of Really Simple Syndication

By Woody Leonhard

Almost all sufficiently advanced websites these days use RSS — Really Simple Syndication — to keep you notified of the latest information posted on the site.

If you’ve never used an RSS feed — or if you use RSS but don’t know how it works — you’re in for a pleasant surprise.

RSS feeds bring information to you. Instead of making you scour the Web, checking on the latest and greatest news, most established websites feed you short synopses of what they posted.

It’s hard to draw an accurate analogy for RSS feeds, but I like to compare them to a magazine display rack: the front covers of most magazines feature a handful (maybe two handfuls) of short descriptions referring to the content inside. Most of the time, you can glance at the cover of a magazine and tell, more or less, whether it contains anything that interests you.

When you look at a rack of magazines, you’re looking at the distilled contents of dozens or even hundreds of publications. In the course of a few minutes, you can tell from a lot of covers what’s worth a second look.

Now imagine your own personal magazine rack, where you get to choose from the magazines on display. More than that, imagine a rack with rapidly updated content — with the magazine covers announcing the changes.

That, to me, is the essence of RSS feeds. Each website publishes a list of its headlines. Your news reader retrieves those headlines every minute or two and then displays them to you. If you see something you like, click on it, and your browser goes to the article that you clicked.

How websites expose information using RSS

Every news website, most blogs, lots of commercial sites, and even some just-plain-fun sites have RSS feeds. If you have a blog and use any of the major blogging packages — such as WordPress — the RSS feed is built into the site. You don’t have to do anything to create an RSS feed because the blogging software takes care of it automatically.

Here’s how the RSS process works:

1. Website designers who want to keep folks updated via RSS create a specially formatted file — called an RSS feed file — and place it in a preordained location on the website.
2. When the website has something new to broadcast, it adds a short, new item to the beginning of the RSS feed file and drops the last item off the end.
3. A program on your computer, called an RSS reader, collects the names of all the sites you want to follow. Telling your RSS reader that you want to follow a site is called subscribing — just as if you were subscribing to a magazine.
4. Periodically, your RSS reader goes out to see whether anything new is in the RSS feed files and then displays the updated information.

Really simple, eh?

Using iGoogle to bring in the feeds

You can take your pick of dozens of RSS readers. If you like, you can use the RSS readers built into Internet Explorer, Firefox, or Chrome. Personally, I find all of them intrusive and hard to work with. My personal choice for an RSS reader is a customized page from Google called iGoogle.

Google also has a website, called (confusingly) Google Reader, which can retrieve all your designated RSS feeds. They show up on a webpage in your browser. You might prefer this method, but I’ll stick with iGoogle.

Here’s how to get started with iGoogle:

1. If you don’t already have a Google ID, go to Gmail.com and create a new e-mail account.
2. Fire up your favorite browser and navigate to iGoogle.com. You see a sign-up page that says Create your own homepage in under 30 seconds. Click your stopwatch.
3. Check the boxes for any interests that pertain to you (or don’t check any at all, if you don’t want Google to suggest RSS-enabled sites for you), choose a theme (the plain Google theme, the first one, works fine), enter your city and country, then click See your page. Your iGoogle home page appears — it took less than 30 seconds, yes?
4. You may be a bit underwhelmed by Google’s default choices — Weather, Date & Time, a link to Gmail, another one to YouTube’s recommended video, and CNN.com for news. But be of good cheer; you can get rid of all of them immediately and easily.
5. In the upper-right corner, click the Sign In link and sign into iGoogle using your Gmail account. That procedure saves your iGoogle page. Any changes made to the page will appear in the future when you sign in to iGoogle again.
6. Play around with the iGoogle page. See how you can click and drag the individual site feeds (Google calls them gadgets) and locate them anywhere on the page you like. Click the down arrow on the right in the CNN.com gadget. One of the options says Delete This Gadget. Click it. That’s how easy it is to delete an existing feed.
7. Now look on the right side of the page, near the top, for the Add Stuff link; click it. Google will show you a couple of dozen suggested RSS feeds, er, Gadgets. In the upper-right corner, under Search for Gadgets, you’ll see a white box. Type the name of a site you’re interested in (your favorite news organization, for example) and click Search.

   There are other ways to add RSS feeds, which I mention below. So if you can’t find your favorite organization or topic just yet, don’t worry.

8. When you find a site that you want to add to your iGoogle page, click the box that says Add it now. When you’re finished adding to your list, click the link in the upper-right corner that says Back to Gallery. That’s it! You don’t need to save anything; it’s saved for you, automatically.

Adding RSS feeds to your iGoogle page

After you have your iGoogle page laid out, it’s easy to add more feeds. Here’s how:

1. Navigate to the site that you want to add to your iGoogle page. If the site has an RSS feed available, you see an orange radio-wave icon or an orange RSS box, sometimes next to the word Subscribe.
2. Select and copy the address (URL) of the page you want to add to iGoogle.
3. Now go back to iGoogle.com. On the left, click the link to Add Feed or Gadget — a box appears that says Type or paste the URL below.
4. Paste the copied URL and click Add. If you did everything correctly, iGoogle will come back with a check mark and the word Accepted (or something similar).
5. To return to the iGoogle home page, click the Go back to iGoogle home link in the upper-left corner of the Add Feed page. You should now find the new gadget on your home page, where you can click and drag it anywhere you like — or change settings by clicking the drop-down arrow in the upper-right corner.

Every few minutes, iGoogle reaches out to all the sites on your iGoogle home page and retrieves the latest news from the sites’ RSS feeds.

If you aren’t using RSS feeds to save time hunting information on the Web, this is your golden opportunity to get started. By letting sites push data to you, you can save yourself an enormous amount of time and hassle.

When you think your trouble is a software virus

By Kathleen Atkins

You might be heavy-hearted this week if you, like Lounge member Dougie, were listing the interesting but discouraging symptoms exhibited by a crippled PC.

Dougie hopes that fellow Loungers in the Security & Backups forum can help him avoid a clean install of the machine to return it to a healthy state. He might be in luck — suggestions posted so far sound promising.

But along with the direct help offered to Dougie, a debate sprang up concerning malware expertise and where to find it. See what the Lounge members think about that: More»

The following links are this week’s most interesting Lounge threads, including several new questions to which you might be able to provide responses:

☼ starred posts — particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right into today’s discussions in the Lounge.

The Lounge Life column is a digest of the best of the WS Lounge discussion board. Kathleen Atkins is associate editor of Windows Secrets.

A few simple experiments — just for fun

By Kathleen Atkins All experiments are meant to be reproduced. Usually this happens in a sophisticated lab with highly qualified technicians and scientists. Experiments are typically not considered a source of fun at parties with friends and family — unless, of course, they involve seeing how fast a human being can chug a six-pack of beer. But for those odd few who just have to show off their scientific acumen, here’s a video we think will help: Play the video

More information on Windows 7's XP Mode

By Fred Langa Responding to my story about setting up Win7’s XP Mode, many readers asked how to get XP Mode–like functionality on systems running Vista and Win7 Home Premium. Related virtualization questions were also on their minds.

Alternatives to Microsoft’s XP Mode application

Reader Rich Kaplan runs Windows 7 Home Premium, and he’s seeking XP virtualization software that will work on his OS. The answer for his system also applies to Vista — and Windows XP itself.

• “Hi. Per the Sept. 22 Top Story, ‘Using Windows 7’s XP Mode — step by step,’ what do you do if you have Win7 Home Premium or some other Windows version that doesn’t support XP Mode?”

Easy answer, Rich. There are excellent, free, third-party, virtual-machine applications available for all versions of Windows. At the end of that story, I listed the two most prominent offerings:

• Oracle’s VirtualBox (free)
• VMware’s VPC products (free, trialware, and commercial)

Either will give you the same results as using Win7’s standard XP Mode. The basic installation and usage concepts are also similar.

There are a few important differences, however. Recall that running XP Mode is a two-part system: XP Mode, a preconfigured copy of the XP operating system, fully ready to run inside a virtual PC; and Windows Virtual PC (VPC), the software that creates the virtual-PC environment. That’s why there are two separate downloads needed to get XP Mode going.

VirtualBox and VMware are equivalent to the Windows VPC part of the XP Mode system. Neither includes an operating system — you have to add your own.

To use these products, download and install either one, then use your own Windows XP setup disc or .iso file to install the OS on your new virtual machine. You’re not limited to XP — you can install almost any other OS.

VirtualBox can be installed on a variety of platforms — including all current Windows (XP and later), Linux, Macintosh, and Solaris systems. Once it’s set up on whatever host system you’re using, you can then install the guest operating system of your choice — such as almost any version of Windows from 3.x up (98, NT 4.0, 2000, XP, Server 2003, Vista, Win7), Linux (2.4 and 2.6), Solaris and OpenSolaris, OS/2, and OpenBSD.

I use VirtualBox to run Linux and various older versions of Windows on my main Win7 machine. Figure 1 shows a full-on, completely normal XP setup running in a VirtualBox. Just as with XP Mode, you can run the XP window full-screen if you wish and toggle back and forth between your real Win7 setup and XP running on the virtual PC.

Figure 1. As with Windows XP Mode, a VirtualBox VPC session appears as a typical window on the Win7 desktop.

Because VirtualBox generates general-purpose virtual machines, its integration with the host system isn’t quite as seamless as Windows XP Mode’s integration with Win7. For example, any applications you install in an XP VirtualBox will not appear as directly runnable, separate items in the Win7 startup menu.

But you still get plenty of basic integration. For example, you can easily drag and drop or cut and paste files between your primary OS and the one running inside VirtualBox.

This broad flexibility — and zero cost! — makes VirtualBox my number-one recommendation in cases where Windows XP Mode won’t work or where you want to run virtualized OSes other than just XP.

The other strong contender in the VPC space is VMware — its software can also support many guest OSes. There are free trials available for many VMware products, but they’re really aimed at large, commercial installations in professionally managed (corporate) IT environments. See the VMware site (using the link above) for their full spiel.

So if XP Mode won’t work for you, but you do have a normal OS setup disc on hand, you can use VirtualBox or VMware to run XP — or almost any other operating system — inside your current Win7 setup.

Is Outlook Express available in XP Mode?

Bob Sutter’s question is straight to the point:

• “Does Win7’s XP Mode have Outlook Express in it?”

In a word: yes. It’s shown here in Figure 2.

Figure 2. Outlook Express 6 is bundled as part of Win7’s XP Mode.

Any standard version of XP running any virtual PC (including VirtualBox [site] and VMware [site] — see item above) will also include Outlook Express.

Network setup for the XP Mode virtual PC

Neil Michaels wonders how networking works inside XP Mode.

• “In your article, ‘Using Windows 7’s XP Mode — step by step,’ I noticed you did not mention networking in XP Mode (using the network adapter in XP mode). Do I have to click Ctrl+Alt+Del, go to Settings, and change the network adapter to the same one Win7 is using — or leave it as the default?

  “Please clear this up.”

You usually don’t have to do anything, Neil. Win7 makes the physical network hardware available to the VPC software. The software in turn emulates mainstream, known-to-work hardware for the guest operating system and its software. (See Figure 3.) Any connections set up by this virtual adapter are automatically handed off to your Win7 system’s physical network adapter — whatever model it is.

Figure 3. XP Mode automatically emulates a generic, widely supported network adapter.

With all the major variables thus tightly controlled, XP Mode usually sets itself up without a hitch.

In other words, if your Win7 network is working properly on its own, then XP Mode’s networking should also work properly — no user intervention required.

More on restoring backups on different hardware

In my Sept. 8 item, “Restoring backups on different hardware,” I recommended against it — except in an emergency.

But reader Susan Brown tells us of an interesting product that lets her do just that: take a system image from one PC and restore it to another with a different hardware configuration.

Interestingly, it’s based on virtualization technology. Here’s Susan’s find:

• “It’s indeed possible and easy — though not inexpensive — to restore a Windows backup to different hardware.

  “I’ve used StorageCraft ShadowProtect [U.S. $90 and up; site] for several years to take my OS image from Intel to AMD and from Abit to ASUS to Gigabyte motherboards without a single hiccup. I am running the same install going on about five years now. I have also used ShadowProtect to restore from a nasty virus when I once foolishly clicked on a popup ad.”

The ShadowProtect tech documentation is a little thin on details, but I surmise it lets Windows move across different hardware through proprietary virtualization software. When you run Windows inside the StorageCraft environment, Windows never sees the real, physical hardware. You can move Windows around because it’s never aware of the underlying configuration.

I can see where the simplicity of being able to move Windows could be a huge plus for some users. But virtualization always involves a performance hit. Windows running inside any virtualized environment cannot be as fast as Windows running directly on real hardware. It’s inevitable, because the host OS not only has all its own work to do but must also do all the actual work of the virtualized, guest OS as well. That’s why, in the XP Mode Top Story, I suggested readers not use a virtualized XP Mode as their full-time computing environment.

And obviously, the virtualization layer adds complexity to the overall setup.

Sacrificing performance for more portability might be an acceptable trade-off in some instances, but they’re deal-killers for me. I rarely need system-image portability, but I always want stability and speed.

That said, for users who need cross-hardware OS portability, this software could be worth a look. Thanks, Susan!

Windows Phone 7.5: Evolution, Part 2

By Chris Murray In Part 1 of this two-part series, I reviewed a number of Windows Phone 7.5’s important new improvements — including Live Tiles, application switching, the Hub, and searches. In Part 2, I delve into e-mail, browsing, voice recognition, Windows Phone 7’s application Marketplace, and more.

Showing the entire conversation in one place

With Windows Phone 7.5 (or Mango), the Messaging app has a new twist: threaded messages. Mango users can now seamlessly switch between texting and either Windows Live Messenger or Facebook Chat from within a single message thread. Switching between texting and chat services is a seamless, two-tap process. A new messaging pivot — Online — shows who’s available to chat. (Each screen within an application is called a pivot.)

Like messaging, Mango’s e-mail app now has an optional, threaded conversation view. No more sifting through your Sent folder to see what you said — you get the whole conversation in one place. Simply tap grouped e-mails to reveal all related messages and then select the specific one you want to see.

As a school teacher with thousands of parent e-mails, I was initially thrilled with my Outlook account. Unfortunately, Mango tangled my e-mail conversations into a jumbled mess of randomly selected messages. If you’re using a high-traffic e-mail account, I highly recommend turning off this option.

Fortunately, Conversation View does work well with my Gmail account, so I’ve kept Conversation View enabled. Another option is to link inboxes together, making messages from all your e-mail accounts appear in one location — one inbox to rule them all.

Faster browsing, but with an annoying layout

Mango’s browser app has undergone a big transformation. Instead of WP7’s IE 6/IE 7 mishmash of a browser, Mango comes with an IE 9 derivative. This brings full HTML5 support to Windows Phone. Along with this, the browser’s layout has been treated to a few tweaks. The URL bar is now at the bottom of the screen, and it’s always there — even in landscape mode.

Overall, the layout is very sparse, giving the user as much screen real estate as possible; only the Cancel/Reload button, URL bar, and the somewhat obscure … icon are visible.

To view the open tabs, you must first tap the … symbol. For me, this is the only real annoyance with Mango’s browser; it seems to do everything else very well. It does not suffer from the speed hiccups of its WP7 predecessor, and (thanks to its HTML5-based innards and use of hardware acceleration) it loads everything you throw at it — except Flash, which is not supported in WP7.

Working with a new, simplified Marketplace

Mango’s applications Marketplace pages have been reworked with a new layout that’s more elegant and easier to navigate. With the original Windows Phone 7, each application’s page was one long list showing its details, screenshots, reviews, and related applications. This resulted in each application’s page being too long, too cluttered, and too slow. With Mango, this information is more organized, with dedicated pivots for Details, Reviews, Screenshots, and Related applications The new layout just makes more sense.

After a new application is installed, Mango takes you immediately to its location in the application list. The same happens with any installed games — Mango dives right into the Games Hub. This can be slightly jarring, but it’s an easier way to start using new apps and games instantly.

In tandem with the phone’s Marketplace, Microsoft has released Web Marketplace, an online version that lets you find and install apps for the phone using a PC. By going to My Phone and then Account, you can view a complete list of all the applications ever installed on your device.

It’s great when you want to reinstall an app directly from your computer. For example, if you need to give your phone the good ol’ hard reset, now there’s now a way to reinstall all your applications without making you pull your hair out — or at least not all of it. As there’s no multiselect function in the Web Marketplace, Ctrl+left click will be your new best friend.

Maps — navigating to Disappointment Land

With Mango, Maps gets needed adjustments — some good, some unfinished. When you use Directions, the screen is now split 50/50 between the My Map and the Directions List views. The layout is simple and attractive with big, bold directions. Unfortunately, this is where the magic ends; Maps does not provide voice-guided, turn-by-turn directions. It does tell you what the next turn will be, but only when you tap the screen. As I said: unfinished — and disappointing.

Some search results produce a related Indoor Map, supported by the Maps application. At this time, the list of places with indoor maps seems limited — of the three shopping malls in my area, only one had an indoor map.

If a location is lucky enough to have an indoor map, its information screen gets a new type of pivot: Directory. It shows a miniaturized map of the location with a list of stores underneath. These stores are sorted by category and then alphabetically. If I tap a category, such as Apparel, I am presented with a jump list of all the categories. This is similar to the jump lists in People Hub and in Applications List. If I tap an individual shop, I am instantly taken to that shop’s information screen — with About, Reviews, and Apps pivots.

I can tap on Address to see a traditional map of its location, or I can click Indoor Map to see where it is in relation to the mall. The indoor map shows a directory-style layout of the mall, with a flag pointing to the specific store. Zooming in and out in this view can be hazardous because the application sometimes erroneously reads each tap as a new place of interest on the map. The upper-left corner of the map lists the mall’s level you’re currently viewing. Tapping this list pops up yet another jump list with all the available levels plus a link back to the original mall directory.

Voice recognition: What? I didn’t say that!

As mentioned in Part 1 of this review, Mango has gained a few more voice-recognition functions. Holding down the hard Windows button, I can say things such as “Text Jerry,” “Find pizza,” “Open settings,” or “Call Dante.” These worked, but Mango sometimes struggled with other simple tasks.

During my daily commute, I like to pair my Windows Phone and my car stereo via Bluetooth. The first time I received a text message while connected, my stereo chirped “Text message from Chelsie.” I was shocked! I was suddenly living in the future!

Mango: “Reply or ignore?”

Me: “Reply!”

Mango: “Say your message.”

Me: “Hey Chelsie, I’m answering your message by using my phone’s voice-recognition software!”

Mango: “Hey Chelsie, I’m answering your message by using my phone’s voice-recognition software.”

Mango: “Send or try again?”

Me: “Send!”

This newfound infatuation was short-lived, however, because 90 percent of my replies were “Try again.” It can take some serious practicing to get it right. We can hope practice makes perfect, because Apple’s Siri is laughing all the way to the bank on this one.

Work with Microsoft Office in the Cloud

Mango’s Office Hub now allows access to SkyDrive, Office 365, and SharePoint. The applications work just as they did before, but users have the option of saving to and opening from SkyDrive. This works well, and the synching feature is quick. The Excel and Word documents offer SkyDrive as a save location, but OneNote does not — at least not by default. To remedy this, create and save a note with the OneNote Web application — using your PC. Save it to SkyDrive, sync it to your phone, then tap and hold the selected OneNote notebook to make it the default save location for all phone-created notes. From now on, any notes created on your phone will be saved to this one notebook, which is then synched to SkyDrive. Tah-dah!

Subtle tweaks — little things matter

Mango’s remaining changes are small — a tweak here, a new setting there — but they all go into making the big picture a lot more grand.

For example, in Settings: custom ringtones are finally supported, a new Mango theme is available, and passwords can be set with time restrictions. There’s a Battery Saver mode that helps stave off untimely phone death, and Find My Phone lets you keep tabs on your phone’s whereabouts. You can toggle which programs are allowed to run in the background with Background Tasks. A Feedback option lets Microsoft collect useful data about your experience. Phew!

The other tweaks are all aesthetic ones that bring an even greater feeling of integration. In the Applications List, a soft Search button has been added. And for those with a ton of applications, Microsoft has added alphabetized categories. Now, jumping to Settings is as easy as tapping a, s, and Settings. Jump-list categories are now ever-present — no more scrolling for the next letter to tap. The current letter is now always on top.

Putting open integration on the wish list

Mango’s arrival has cleaned up a great deal of WP7’s unfinished business. That said, I’m human — I want more. I love the greater degree of tie-in between Mango and SkyDrive, but I’d love to be able to create Word and Excel documents and have the option of saving them to Dropbox or Google Docs. I’d also love to be able to integrate more chat services into Mango’s Messaging feature.

Microsoft has cracked open the door for Facebook, so perhaps a native, switchable chat client wouldn’t be too far-fetched. Mango brought support for multiple calendars, but only for those belonging to Microsoft’s Hotmail, Live, and Outlook. How about some Google or Yahoo love?

To summarize: Build all these services into one device. WP’s shining qualities all revolve around its user interface and service integration. Keep going with it. Don’t preach just your own services, but allow the integration of all services into your platform.

Final thoughts: good and going to get better

As the title suggests, Mango is no revolution — it’s evolution. Windows Phone 7 was a start, but it was lacking in many basic areas. Mango is the next link in the chain, and it adds function to Windows Phone 7’s beauty.

Does it hold its own against the competition? I think so. Does it deserve to be considered the new third mobile platform? Absolutely! Is it perfect? Absolutely not!

Overall, I find Windows Phone 7.5 wonderful to use. It’s a fast, intuitive, and well-designed operating system. Unfortunately, this doesn’t guarantee success (consider WebOS). Microsoft has to do more than just develop a great platform. Windows Phone needs a committed marketing campaign, and it needs to remain the fastest-growing application market. Microsoft needs to keep reeling in exciting hardware deals with OEMS, and it needs to continually bolster its developer and homebrew communities.

As it stands, Windows Phone 7.5 is a great mobile operating system, and if Microsoft can support it in these ways, then its future as a major player in the mobile space may finally be recognized.

The myths and facts of zero-day threats

By Robert Vamosi A new Microsoft study finds malware more often targets patched vulnerabilities than those still awaiting a patch (zero-day infections). Additionally, over the first half of 2011, user downloads and compromised removable drives were more likely to lead to malware infections than any other method.

Microsoft’s latest report on PC Internet security

In its 11th survey of malware, Microsoft’s Security Intelligence Report identified an important shift in the PC-threat landscape. The threats were detected by the Malicious Software Removal Tool (MSRT) during the first half of 2011. Additional data was collected by Microsoft’s Malware Protection Center, Security Response Center, and Digital Crimes Unit as well as other Microsoft sources.

The typical PC security vulnerability is based on one or more software flaws. Cyber criminals exploit these flaws to do bad things. But not all vulnerabilities lead to exploits, and not all exploits lead to malware.

It may surprise you to learn that zero-day (unpatched) threats are not the ones we should fear the most. Ironically, the cyber criminal’s favorite targets are well-known, already-patched vulnerabilities because — human nature being what it is — we don’t always get around to patching our systems. Our own actions often put us at risk, typically via malware that tricks us into downloading malicious code. We then often compound the problem, spreading the infection through our indiscriminate use of those handy removable-media devices such as USB flash drives.

Bye-bye, drive-by personal-computer infections

In its report, Microsoft catalogued the various ways that malware threats are currently propagated. Many of the report’s findings run counter to what we’ve been told by the antivirus community. For example, the report states that a plurality of the malware threats, 45 percent, require some sort of user interaction — meaning the end user had to download and/or click something to become infected. (The techniques used to trick users into clicking on a malicious link, image, or file are often referred to as social engineering.)

The next-highest malware propagation method — accounting for 26 percent of detected threats — is through the use of Windows’ Autorun, an automatic application-launching system triggered when users insert removable media. Using Autorun over network connections made up another 17 percent of the threats. Combined, that’s 43 percent of all malware threats recorded by Microsoft.

As noted in my Feb. 3 story, USB drives provided an all-too-easy path for the Stuxnet worm. That nice little flash drive handed out by the hundreds for free at your recent business conference carried an infection back to the office. Air gaps, physical and logical separation between networks and systems, are easily defeated when someone can plug in a removable drive.

This past February, Microsoft released an update for the Windows XP and Windows Vista platforms that made Autorun work more like it does in Windows 7 — Autorun is enabled for CDs and DVDs, but not for thumb drives. Clearly, many users have not patched their systems.

Updates work — make sure you use ’em!

Roughly six percent of all threats resulted from compromised files, exploits with existing updates, zero-day attacks, and macroviruses. That’s good news for home and small-business PC users: keep your desktops and laptops updated, don’t fall for social-engineering traps, use removable devices judiciously, and you should be able to avoid most malware out there today.

On the other hand, it might seem like bad news for antivirus vendors. Why pay for antivirus protection when a few good security habits are enough? In the traditional antivirus model, you pay an annual subscription fee to keep AV definitions up-to-date. The Microsoft report suggests that file infectors and macroviruses (which make up a sizable number of installed antivirus definitions) are no longer a significant threat.

The report also states that brute-force password attacks are only a small threat, coming in at a mere 1.7 percent. That doesn’t, however, mean you can go back to using password for all your passwords. It does mean that your strong password is less likely to be attacked than in previous years.

Almost zero zero-day infections recorded

Zero-day attacks accounted for fewer than one percent of infections. (Zero-days are recently discovered vulnerabilities that are too new to have been patched.) We hear a lot about zero-days in the media because they’re exotic and sound scary; a group of bad actors discovering a flaw, using it to attack millions of PCs, and making a pile of money is always a good story. But according to Microsoft’s report, 90 percent of today’s threats exploited a vulnerability that’s had a patch available for more than a year.

That’s more bad news for the antivirus industry. Antivirus vendors have been heavily hyping their built-in heuristics engines — scanners that look at the behavior of the malware, not its signature definition. If malicious code (or any other code) starts calling OS resources it should not have access to, it’s flagged as a suspect file by the heuristics engine. This is supposed to protect PCs from a new form of infection until the antivirus vendor can release a signature file.

Microsoft’s report suggests that zero-day attacks are less a threat than we once thought. But that may not be the case. The zero-day phenomenon might be overblown but is still a valid threat. Threats arising from known vulnerabilities are so much greater in number that they dwarf the instances of zero-day threats. Still, in security, the bad guys have to be right only once. We’ve seen some spectacular zero-days, such as the Windows .dll vulnerability that let the Stuxnet worm take hold of laptops around the world.

Some apps continue to be highly vulnerable

Operating-system and browser vulnerabilities have been stable for several years, according to the report. They account for 12.7 percent and 15.7 percent, respectively, of all disclosed vulnerabilities. That said, a single exploit (CVE-2010-2568) accounted for a significant increase in reported OS exploits.

Overall, vulnerabilities in Microsoft products accounted for just 6.9 percent of all vulnerabilities disclosed in the first six months of 2011, down from 8.2 percent in the last half of 2010.

However, the report states that in Q2, the detected malware targeting Adobe Flash vulnerabilities (although relatively rare) increased more than 40 times what was detected in Q1 — the result of two vulnerabilities.

Report take-away: Keep your apps up-to-date

Don’t ditch your antivirus product just because of this report. Microsoft itself sees the value of antivirus protection and will be including it with Windows 8. Even Apple ships antivirus signature definition files with its iOS updates. Like it or not, antivirus protection remains a justified insurance expense against future attacks.

But do patch your applications as soon as possible. Check the Patch Watch column to make sure the latest patches from Microsoft are agreeable with your current system. Additionally, don’t forget about patches from Adobe and other software vendors.

There is one other message in the Microsoft report: upgrade to Windows 7. That might sound extremely self-serving, but the report found fewer reported vulnerabilities in Win7 than in Windows XP. As individuals and corporations move to Windows 7, Microsoft is anticipating a continued decrease in infection rates from software flaws.

Now if we could just do something about user gullibility. Social-engineering threats will undoubtedly remain a problem for the foreseeable future.