A Web application developer has uncovered a two-step process for exploiting Windows Vista’s User Account Control, essentially by having a Trojan piggyback on what could be a legitimate download.

Robert Paveza, a senior Web application developer with Terralever, a Web-based marketing company based in Tempe, Ariz., published details of the vulnerability in a paper titled "User-Prompted Elevation of Unintended Code in Windows Vista."

Paveza said in the paper that the vulnerability uses a two-part attack vector against a default Vista installation. The first step requires that malware called a proxy infection tool be downloaded and run without elevation. That software can behave as the victim expects it to while it sets up a second malicious payload in the background.

People will click on anything. That was evidenced by the 409 people who clicked on an ad that offers infection for those with virus-free PCs. The ad, run by a person who identifies himself as security professional Didier Stevens, reads like this:

Drive-By Download

Is your PC virus-free?

Get it infected here!

drive-by-download.info

Stevens, who says he works for Contraste Europe, a branch of the IT consultancy The Contraste Group, has been running his Google Adwords campaign for six months now and has received 409 hits. Stevens has done similar research in the past, such as finding out how easy it is to land on a drive-by download site when doing a Google search.

The Hewlett-Packard Garage, a 12-foot by 8-foot shed at 367 Addison Ave. in Palo Alto, Calif., now stands beside such hallowed sites as the Alamo, Carnegie Hall and the White House.

The National Park Service on May 17 declared the site where Bill Hewlett and Dave Packard began their partnership in 1938 a National Historic Landmark, among those sites and some 2,400 others considered historically significant by the agency.

The garage, which first appeared in Palo Alto city records in 1924, housed the Hewlett and Packard workshop as the former Stanford University classmates tooled around with a used Sears Craftsman drill press to create an audio oscillator in 1938. They formalized their partnership as Hewlett-Packard the following year and moved on to larger quarters in 1940, but 367 Addison is regularly considered the birthplace of Silicon Valley.

Microsoft said Wednesday that the follow-on to its Windows Server 2008 operating system will be an interim release due to arrive in 2009.

The software maker offered few details on Windows Server 2008 R2, other than to say the interim update will be offered only in a 64-bit version.

Microsoft’s accusation that the open-source software industry has infringed 235 Microsoft patents has spotlighted a difficult issue: how aggressively should a company police itself for patent violations?

Microsoft said it released the tally–though not the 235 specific patents–in an effort to bring open-source companies to the table to hammer out intellectual property licensing deals similar to the one struck by Linux seller Novell in 2006. But industry experts said the declaration’s implicit demand–that companies with open-source software should figure out what Microsoft patents they’re infringing and come to the negotiating table–is unrealistic at best.

You may have noticed the news has not been as regular over the last week as it normally is. We’re having some trouble with the news rendering engine, but investigations and repairs are under way. Be assured, we are doing all we can to ensure the timely delivery of our industry news.–Ed

Dell is being accused of making false promises to customers to drive sales, according to a lawsuit filed by New York Attorney General Andrew Cuomo.

The court filing accuses Dell and Dell Financial Services of 10 counts of fraud, false advertising and deceptive business practices, including offering misleading financing, and failing to honor rebates and warranties.

The state of New York is asking for an injunction of Dell’s allegedly bad business practices and an order that the world’s second-largest PC maker pay an unspecified amount of damages to customers found to be affected, in addition to a $500 civil penalty payable to the state of New York for each violation.

Microsoft has sold nearly 40 million copies of Windows Vista so far, Bill Gates told a crowd of hardware developers Tuesday.

That’s more than the total install base of Windows’ largest competitors, Gates quipped as he began his keynote at the Windows Hardware and Engineering Conference.

"As of last week, we’ve (sold) nearly 40 million copies," Gates said. "That’s twice as fast as the adoption of Windows XP, the last major release we had."

Confirming news that had already leaked on its Web site, Microsoft also announced Windows Server 2008 as the official name of Windows Server "Longhorn," which is due to be finalized later this year.

ChemTable software announced the release of Reg Organizer 4.10. Reg Organizer is designed to search inside entire Windows Registry for errors and invalid entries and repair them before they cause trouble. Reg Organizer 4.10 runs under Windows 98/Me/2000/XP/2003 and Vista.

Microsoft claims that free and open-source software violates 235 of its patents, according to a magazine report published Sunday.

In an interview with Fortune, Microsoft top lawyer Brad Smith alleges that the Linux kernel violates 42 Microsoft patents, while its user interface and other design elements infringe on a further 65. OpenOffice.org is accused of infringing 45, along with 83 more in other free and open-source programs, according to Fortune.

It is not entirely clear how Microsoft might proceed in enforcing these patents, but the company has been encouraging large tech companies that depend on Linux to ink patent deals.