George Ayotte

There's no question that software piracy is a global problem with a heavy financial impact. A May 2009 report by the Business Software Alliance and IDC estimated that 20% of software programs installed in the U.S. last year were unauthorized copies. But just how heavy it is is a matter of debate. Worldwide, the figure is 41%, with an estimated financial impact of $53 billion - a figure based on the retail value of the pirated PC software.

If it were, the BSA's global loss figure of $53 billion would drop sharply, they maintain. "Obviously, not every piece of pirated software will be replaced immediately with legitimate software if underlicensing is addressed or sources of pirated stuff dry up," acknowledges Dale Curtis, the BSA's vice president of communications. But critics of the study say it fails to account for the possibility that pirated software could be replaced with Linux or other open-source options. But he says that over the years, IDC has found "a very strong correlation between piracy rates and software sales. One country that wasn't included is Canada - and that doesn't sit right with Michael Geist, a professor at the University of Ottawa. "What the BSA did not disclose is that the 2009 report on Canada (whose piracy rate declined from 33% to 32% in the study) were guesses since Canadian firms and users were not surveyed. In country after country, as the piracy rate falls, legitimate sales go up." A second criticism of the report is that its country-by-country figures are partly based on the results of an annual survey that in 2009 covered 24 countries. While the study makes seemingly authoritative claims about the state of Canadian piracy, the reality is that IDC . . . did not bother to survey in Canada," Geist wrote in a May 27 blog post.

Further, he says Canadian users were surveyed the previous year, and "there is no reason to assume large changes in results from one year to the next." Ivan Png, a professor of information systems and economics at the University of Singapore, says the BSA and IDC should explain how they applied the results from the 24 countries surveyed to all of the other countries not surveyed. "IDC should make the methodology transparent," Png says. Curtis responds that the study "is not a guess, nor is it a scientific measurement, nor is it based primarily on a survey of software users, as Geist suggests." A survey of 6,200 users is only a piece of the model, Curtis says.

Facebook launched a new applications feature late Tuesday that will let you test the latest tools the social network is working on. Here's a breakdown of the five features you can try out: Desktop Notifications (Mac OS X only): A Mac OS X growl notification app that sits on your menu bar and alerts you when someone writes on your Facebook Wall or sends you a message. Called Facebook Prototypes, it's similar to Google Labs as it allows you to try out new features that, as Facebook says, are "not quite ready for prime time, are a bit esoteric, or don't quite fit." There are five new features currently available, most of which were created during a recent Facebook Hackathon event-an all-night coding session where Facebook techies work on projects they don't have time to develop during regular business hours.

You can also update your Facebook status within the application or navigate directly to your profile, News Feed, or Compose Message window. With one click, your friends can add the event to their personal calendar program like Google Calendar, Microsoft Outlook, or iCal. Enhanced Event E-mails: Adds an iCal file to event notifications sent to your Facebook friends via regular e-mail. For this feature to work, your friends must have event e-mail notifications enabled in their Facebook account settings. Click on the tag and Facebook will try to find other News Feed posts with similar attributes.

Similar Posts: Adds a "Similar Posts" tag under posts in your News Feed, such as status updates, shared links, and videos. Photo Tag Search: Integrated into the Facebook photo dashboard, Photo Tag Search lets you search photos posted by you and your friends for up to fifteen people at once. Plug your name and your friends' names into the search bar, and Facebook will show you all the photos where all of you are tagged. Say you want to find a photo of you and three friends. This feature will only find photo tags for people you're connected to on Facebook. Click on it, and your News Feed will show the most recent Facebook posts your friends have been commenting on.

Recent Comments Filter: Places a "comments" button on the column to the left of your News Feed. The Prototype applications include several great features, and while some of them are a little rough, they do add great functionality to your Facebook experience. Sometimes it inexplicably asks you for your login credentials, but it's a great little program if you want to stay on top of Facebook without logging on to the service. If you're on Mac OS X, I highly recommend trying out the Desktop Notifications app. To activate the prototypes, click on the Facebook Applications page and then click on 'Prototype' in the left hand column.

Connect with Ian Paul on Twitter (@ianpaul).

Four months after it modified Windows 7 to stop the Conficker worm from spreading through infected flash drives, Microsoft has ported the changes to older operating systems, including Windows XP and Vista, the company announced on Friday. Conficker copied a malicious "autorun.inf" file to any USB storage device that was connected to an already-infected machines, then spread to any other PC if the user connected the device to that second computer and picked the "Open folder to view files" option under "Install or run program" in the AutoPlay dialog. In April, Microsoft altered AutoRun and AutoPlay, a pair of technologies originally designed for CD-ROM content, to keep malware from silently installing on a victim's PC. The Conficker worm , which exploded onto the PC scene in January, snatching control of millions of machines, used several methods to jump from PC to PC, including USB flash drives.

Microsoft responded by changing Windows 7 so that the AutoPlay dialog no longer let users run programs, except when the device was a nonremovable optical drive, like a CD or DVD drive. Four months ago, Microsoft promised to make similar changes in other operating systems - Windows XP, Vista, Server 2003 and Server 2008 - but declined to set a timeline. After the change, a flash drive connected to a Windows 7 system only let users open a folder to browser a list of files. On Friday, Microsoft used its Security Research & Defense blog to announce the availability of the updates for XP, Vista and the two Server editions. Links to the download are included in a document posted on the company's support site.

Microsoft issued the updates almost three weeks ago, on Aug. 25, but did not push them to users automatically via Windows Update, or the corporate patch service Windows Server Update Services (WSUS). Instead, users must steer to Microsoft's download site, then download and install the appropriate update manually. The Windows XP update weighs in at 3MB, while the one for Vista is about 7MB. The AutoRun and AutoPlay changes debuted in the Windows 7 Release Candidate (RC), which was available for public downloading from May 4 to Aug. 20 . Windows 7 is set to go on sale Oct. 22.

Symantec this week is taking the wraps off the 2010 editions of its flagship antimalware consumer software, Norton AntiVirus and Norton Internet Security, adding a new type of malware detection and analysis it calls Quorum.

Quorum is the underlying technology used for reputation analysis to determine if a file a user encounters on the Web is harmful or harmless, according to Dan Nadir, director of Symantec's product management group, consumer division.

If a file is known to include malware, it will be blocked or eradicated. If a file is suspicious, a pop-up may recommend a user avoid that file, Nadir says. "But the majority of the time, this won't come into play because we will block or allow - this middle ground is when we're not 100% sure," he says.

Quorum's reputation analysis draws from a knowledge base that includes traditional antivirus signatures (these don't go away in Norton AntiVirus 2010 and Norton Internet Security 2010); Symantec's existing Sonar technology for behavioral analysis; a real-time database of malware information gleaned from millions of Symantec software users; and cloud-based analysis.

"We have access to a very high volume of data, about 30 million users," Nadir says. "We're monitoring network traffic using intrusion-prevention systems and URL reputations for untrustworthy sites."

This array of information is combined to make a rapid determination of good or bad files at the user's desktop through Quorum, Nadir says. "Think of the system as a judge. Quorum is adding other information, based on a collaborative vote, so to speak, so it can make a decision."

Norton AntiVirus 2010 is the more basic antimalware package for the desktop. Norton Internet Security adds capabilities that include firewall and antiphishing defense, plus Identity Safe for protection and management of personal profile information and passwords. Both packages include some new tools, such as System Insight, which can inform users about CPU and memory utilization over time.

While Quorum is not yet a technical feature in Symantec's corporate antimalware line, the security firm has a long history of introducing innovations into its consumer products, which are then added into upcoming corporate products.

Available for Windows 7, XP and Vista, Norton AntiVirus 2010 costs $39 and Norton Internet Security costs $69. Both will be available Sept. 9.