Daniel Osburn

Verizon Wireless will open many of its 2,000 retail stores early on Friday for first day sales of the Droid smartphone, adding to the marketing hype already begun for the Android 2.0 device from Motorola Inc. The QWERTY keyboard slider device sells for $200 after a rebate and a new two-year contract. Some stores will open at 7 a.m. and others at 8 a.m. A list of stores is available on Verizon's Web site although the site doesn't say which will open earlier and advises calling the store in advance to be sure.

Also, with Droid sales, Verizon is coordinating an unusual Times Square event in New York City this month to allow nearby voice callers to control two large digital billboards there, with some of their voice search results for nearby restaurants and attractions displayed on Google Maps on those billboards. It's fair, then, to wonder whether first-day-of-sale hoopla and other creative (and expensive) advertising are becoming what's required to do well in the competitive smartphone world. Google Inc., Motorola and the Verizon, the nation's largest wireless carrier, started the Droid campaign with an unusual TV ad that belittled missing features, such as a physical keyboard and multitasking, in its chief rival, the iPhone. Or maybe this kind of campaign is what's required by carriers and manufacturers who dare to attempt to catch up with the iconic Apple iPhone, which has been on the market for more than two years and is in its third version. "No, you don't have to conduct this kind of Droid campaign to sell a new smartphone," said Ramon Llamas, an analyst at market research firm IDC today. "Look at BlackBerry, which has had some success for its devices without all the hype. It's uncertain whether the early TV ads and other hype will generate interest and crowds on Friday, or whether the Android operating system, with its open source allure might have drawn some crowds anyway. But I'd say if you want to plant a stake in the ground, you do this kind of [Droid] campaign." In a sense, Motorola has the most at stake with the Droid launch, since it has pinned so much of its smartphone future on the Android platform and a variety of new devices in coming months. "For Motorola, this is one of the ways they get back in the game," Llamas said.

Llamas said he expects some crowds for sales of the Droid on Friday. "The reaction has been very positive already," he said. "It's interesting to see how much hype they are generating. It might help that Apple has fewer stores than Verizon, but the iPhone is also on sale at AT&T stores, which are also plentiful. When they open the doors, I would bet you'll see lines from buyers and also people who are curious and close to the end of a contract and want a demonstration." While early hours and other gimmicks might steal a little from the slick methods of Apple Inc.'s marketers, Llamas said there's nothing wrong with "taking a page out of the playbook of somebody who's been successful." Apple has attracted hundreds, and even thousands of customers to its stores for launches of its three iPhones, although successive versions have resulted in fewer numbers. Still, even AT&T hasn't attracted the first-day crowds of Apple stores, where customers have said they feel they get more personal attention. One man stood overnight at the Toledo, Ohio, store to get the original Storm, with its touchscreen display. "We're prepared for crowds for Droid," Pica said in a telephone interview. "The buzz with Droid has been bigger than the first Storm." Pica said the "Droid Does Times Square" digital billboard event in Times Square will allow a passerby to call from any phone to a toll-free number, asking through voice commands for a nearby location, such as the nearest pizza shops. Verizon spokeman Tom Pica said he couldn't predict how big Verizon's crowds will be on Friday, but noted that when the BlackBerry Storm went on sale Nov. 21, 2008, there were lines in advance of the opening.

The results of that search will be displayed on Google Maps on the large Nasdaq and Reuters signs in Times Square several times a day for most of November with advertising for the Droid included. It's kind of fun in a recession to have that kind of hype. Llamas said the marketing for smartphones, including Droid, might almost seem "strange" but could be just the kind of fun that consumers respond to in a recessionary time. "Smartphone releases aren't just releases anymore," Llamas said. "They have become full-fledged events and I'd say a pretty good thing to have. It's like getting ready for a new Star Wars movie."

Wipro, India's third largest outsourcer, is expanding its development center in Atlanta from 350 to 1,000 staff, reflecting a growing trend for Indian outsourcers to expand and hire locally in the U.S. market. India's largest outsourcer Tata Consultancy Services (TCS) said earlier this month that it was expanding its business alliance with The Dow Chemical Company, including setting up a services facility near the site of Dow's global headquarters in Midland, Michigan. The company said that 80 percent of its current 350 employees were hired locally, and includes recent graduates from reputable academic institutions in Atlanta, experienced professionals and retired army personnel. TCS also announced that it was expanding a software services delivery center in the Cincinnati suburb of Milford, Ohio.

Indian outsourcing companies are expanding both in India, and in the U.S., their key market, in anticipation of a pick up in business. Infosys BPO, the business process outsourcing subsidiary of outsourcer Infosys Technologies also said this month that it would acquire McCamish Systems, a BPO company in Atlanta focused on the insurance and financial services market. Employing staff in the U.S. is expected to go over well with the local community and politicians because of resentment in the U.S. about companies moving jobs to India and other countries, analysts said. Political considerations are evidently a factor for Indian outsourcers to expand in the U.S., said Siddharth Pai, a partner at outsourcing consultancy firm Technology Partners International (TPI) in Houston. U.S. Senators Bernie Sanders, an Independent from Vermont, and Chuck Grassley, an Iowa Republican, last week introduced legislation, called the Employ America Act that would prohibit firms that lay off 50 or more workers from hiring guest workers.

U.S. companies do not also want to be seen sending jobs abroad, he added. Certain types of work even in BPO, such as development of technology platforms for services delivery, and analytical work, require proximity to customers, he added. But there are also strong business considerations that require Indian companies to set up operations in the U.S., according to Pai. Indian outsourcers have to start looking like global players, Pai said. Japanese car makers, for example, manufacture all over the world, because some customers would like to buy locally produced goods, he added.

Microsoft today patched 12 vulnerabilities in Windows, Office and Internet Explorer (IE), including three critical bugs in the company's newest browser, IE8. Of the 12 flaws fixed in Tuesday's six security updates, seven were rated "critical," the highest severity ranking in Microsoft 's four-step scoring system. It trumps the bunch." Richie Lai, the director of vulnerability research at security company Qualys, echoed Storms. "MS09-072 affects IE, which is a big attack surface," said Lai, "and the vulnerabilities are primed to be exploited by classic drive-by attacks." "Definitely take a look at that one," chimed in Jason Miller, the security and data team manager for patch management vendor Shavlik Technologies. "Browser attacks are the most prevalent of all attacks." One of the five fixes included in the IE update addressed the zero-day vulnerability that Microsoft confirmed last month after sample attack code that exploited a flaw in IE's layout parser went public. Four of the remaining flaws were pegged as "important," one step lower on the scale, while the final vulnerability was labeled "moderate." Security researchers unanimously voted MS09-072 , the five-patch update for IE, as the one that demands immediate attention. "That's certainly the one to watch," said Andrew Storms, the director of security operations at nCircle Network Security. "You can't focus enough attention on the IE update.

Storms applauded Microsoft's speed in quashing the bug. "That was record time for Microsoft, to patch in just two weeks," he said, adding that it usually takes the company a month or more to ready a fix. "The holiday online shopping season had to increase the pressure to patch, but then again, it looks like Microsoft already knew about the bug," said Storms, referring to the credit that Microsoft gave to VeriSign iDefense for reporting the flaw. But the fact that two are IE8-only makes us wonder if Microsoft's Security Development Lifecycle is working." Security Development Lifecycle, or SDL, is the term Microsoft's given to a development process that stresses security testing as a piece of software is being written. "[The flaws] could be in new code or old code, but we don't know where they were brought into the process," Storms said. But the big news today, said Storms, Lai and Miller, was the fact that of the five IE vulnerabilities in MS09-072, three affect the newest edition of the browser, IE8. Two of those three affect IE8 only; Microsoft's other browsers were immune. "You can bet that engineers at Microsoft are as depressed about these bugs as much as we are," Storms said of the IE8 vulnerabilities. "The question is why they're there," Storms continued. "It would be easier to explain if both IE8 and IE7 were vulnerable, as is the case with one of the vulnerabilities. Even so, Storms, Lai and Miller all bet that the fault lay in new code Microsoft crafted for IE8. "I'd say it was in new features," said Lai. "Microsoft made a lot of HTML updates to IE8 to reach standards compliance, so I'm pretty sure the bugs are in the new code base." "New features means more code to be reviewed, and more likelihood of something slipping through," Storms noted. "Old code, you would expect has been reviewed more than once already." "Sometimes code is dropped [from a program] and new code is used instead," said Miller. "They're in the brand-new code and the new technologies in IE8." Attackers will likely come up with working exploits for the IE vulnerabilities patched today, Microsoft said, giving four of the five bugs an exploitability index rating of "1." That means reliable attack code will probably appear in the next 30 days. Lai's colleagues at Qualys didn't agree with Storms. " MS09-070 needs attention," said Amol Sarwate, the manager of Qualys' vulnerability research lab, pointing to the bulletin that patched two vulnerabilities in Microsoft's Active Directory, a critical component within enterprises. The remaining five security updates, which patched an additional seven vulnerabilities - just two of them considered critical - are also-rans in Storms' mind. "All the rest of them have some kind of mitigation," he said, ranging from a requirement to have authenticated access to a wireless-only attack vector.

Wolfgang Kandek, Qualys' chief technology officer, added MS09-073 to the list of apply-now updates. Although an exploit won't exactly be easy, [attackers] won't have trouble finding out how to do it." The bright spot on this Patch Tuesday was the immunity of Microsoft's newest operating system, Windows 7 , to any of today's updates, said the researchers. "Except for the IE8 bugs, there were none for Windows 7," said Miller. "So that's a good sign." But it's too early to call Windows 7 a resounding security success, Miller cautioned. "Remember, Vista was much the same when it came out," he said. The bulletin patches WordPad, the minimalist text editor included with all versions of Windows, and the text converters used by Microsoft's Office suite to parse Word 97 documents. "File format vulnerabilities tend to be downplayed," acknowledged Kandek, "but everyone has WordPad. Microsoft also released a pair of security advisories today that spelled out additional tactics for users and company administrators to further protect Windows against attacks already disclosed, or that have actually been used in the past. This month's security updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

Oracle's first-quarter net income rose by 4 percent year-over-year to US$1.1 billion, but revenue fell by 5 percent to $5.1 billion, the company said Wednesday. New software license sales fell 17 percent year-over-year to $1 billion, indicating that customers are still reluctant to make new software investments amid the ongoing recession. Earnings per share were $0.22. Excluding one-time charges, Oracle reported earnings per share of $0.30, partly meeting the expectations of analysts polled by Thomson Reuters, who had on average predicted earnings of $0.30 per share and $5.25 billion in revenue.

Oracle managed to increase profits even as revenue fell by "substantially improving" its operating margins, company President Safra Catz said in a statement. Associated expenses were just $226 million, meaning the profit margin for this part of Oracle's business was greater than 90 percent. Oracle's results were also bolstered by growth in revenue for software license updates and support, which jumped 6 percent to $3.1 billion. Oracle blamed the dip in new license sales partly on weak business at other software vendors. "They sold less of their applications, and so they drive less database with them," Catz said in a conference call. Oracle announced plans to acquire Sun earlier this year, but the acquisition is being held up by an antitrust review by European authorities.

The earnings report comes a day after Oracle announced a new Exadata data warehousing and OLTP (online transaction processing) appliance jointly developed with Sun Microsystems. Oracle executives offered no new details about the deal Wednesday, but said integration planning work is proceeding. The company is well-positioned to compete against IBM with its recently updated database and middleware products, he said. During the call, CEO Larry Ellison repeatedly targeted IBM, who Oracle will soon be battling in both software and hardware markets. Oracle shares were down $0.78 in after-hours trading to $21.35.