Microsoft has signed another deal with a Linux outfit promising to make its software work better and not to sue them.

Ironically this deal is with the outfit that Vole unsuccessfully tried to sue into oblivion called Linspire.

Linspire was called Lindows and aimed to make its Linux operating system as Windows like as possible. In the end Lindows took $20 million from Vole to change its name.

Kevin Carmony, Linspire's chief executive officer, told Associated Press Linspire will license Microsoft code related to Voice over Internet Protocol, Windows Media files and TrueType fonts.

With the addition of the Microsoft code to Linspire's operating system, users will be able to voice-chat with Windows Live Messenger buddies, watch Windows Media video and audio files on open-source media players, and view and create documents using familiar typefaces.

Linspire will use Microsoft's Web search engine as the default on PCs that run its operating system.

The deal protects Linspire users against legal action by Microsoft, which claims open-source software violates more than 200 of its patents. It will be interesting to see where this puts Linspire now that GPL 3 is out. The new Open Sauce licence expressly prohibits this sort of deal.

Microsoft Corp. released four critical patches Tuesday to plug security holes in several versions of its Windows operating system, Internet Explorer Web browser and other programs.

The patches that carried Microsoft's highest security warning all are to prevent malicious hackers from remotely taking control of computers without permission.

Three of the patches aim to protect Windows users who unwittingly expose their computers to attack by visiting Web pages infected with malicious code, or look at similarly tainted e-mails with Outlook Express or Windows Mail. A fourth patch prevents hackers from gaining remote access to PCs by installing a specially crafted program.

Two of these critical updates fix holes in the company's newest operating system, Windows Vista, which Microsoft has touted as the most secure ever.

Vista went on sale to consumers at the end of January; in April, Microsoft broke its once-monthly update schedule with an emergency fix after Microsoft and security experts found that hackers were exploiting a hole in the way Vista and other versions of Windows handle animated cursor files.

Besides the critical fixes, Microsoft released a patch for its Visio program for making diagrams and a vulnerability in Windows that could allow unauthorized users to break into computers to steal passwords and other user information.

Microsoft also released seven non-security, high-priority updates Tuesday, including a monthly update to a tool that removes harmful software from PCs.

Apple Inc. launched a version of its Safari Web browser for Windows-based PCs on Monday, pitting it against Microsoft Corp.'s Internet Explorer and Mozilla's Firefox.

"What we've got here is the most innovative browser in the world and the most powerful browser in the world," said Apple CEO Steve Jobs said during his keynote speech at the company's Worldwide Developers Conference.

Safari, which was released a few years ago for Apple's Macintosh computers, has captured about 5 percent of the world's market share for Internet browsers with more than 18 million users, Jobs said.

Internet Explorer is the predominant browser with a 78 percent share, while Firefox has rapidly climbed to gain about 15 percent of the market, he said. Like the other Web browsers, Safari is available at no charge.

Jobs claimed Safari performs twice as fast as its competitors.

Never one to disappoint his audience, the iconic chief executive _ in his final highlight of his 1 1/2 hour speech _ also pulled out an iPhone and told the thousands of developers before him that the highly anticipated hybrid smart phone and iPod will run Safari.

That means, Jobs said, that any application meant to run on the Safari browser for Macs would also be fully accessible and compatible with the iPhone.

Virtualization continued its push into the enterprise with pioneer VMware today announcing a raft of products and services, including a desktop Virtualization system for Mac users called VMware Fusion and the VMware Service Provider Program (VSPP).

VSPP will allow third parties such as web hosting firms and managed service providers to offer virtualized infrastructure as a pay-as-you-go service. VMware said the service aims to address long-term capacity over-commitment, where firms pay for unused disk, CPU and network capacity.

VMware’s director of strategic partners, Steve Jackson, said VSPP gives hosting providers the ability to add or subtract capacity in much finer increments than before, allowing them to offer more efficient services at lower cost to firms.

Jackson said VMware is looking to offer a basic product to service providers for about £7 per virtual machine (VM) per month, and an advanced version for £20 per VM per month. “The advanced solution would enable hosting providers to offer extra features like high availability, dynamic resource profiling and automatic provisioning,” Jackson added.

On the desktop side, VMware Fusion will give users of Intel-based Mac systems the ability to run Mac, Windows, Linux, NetWare and Solaris applications simultaneously, without rebooting.

Butler Group analyst Roy Illsley said this method of virtualization has its merits: “If you’re a software vendor then all you have to do is to wrap up the application in a self-contained kernel, which gets round the problem of operating system installs and their associated errors.”

VMware Fusion should be generally available in August, priced at £40.

Also aimed at the desktop market, VMware Player 2 allows users to run software virtual appliances under Windows or Linux operating systems. New in version 2 is Windows Vista and USB 2.0 device support, as well as two-way virtual symmetric multiprocessing.

VMware also announced that it has acquired Propero, an existing VMware partner that specializes in technology for securing connections between users and virtual desktops.

In related news, Parallels has released Parallels Desktop for Mac 3.0, which enables Windows virtual machines to run on Intel-based Mac systems. The release adds support for hardware-accelerated 3D graphics and a tool that lets users access files inside a VM, even when it is not running.

At least two attacks against an “extremely critical” vulnerability in Yahoo Messenger have been published.

Shortly after eEye Digital Security notified Yahoo that its Messenger IM client was vulnerable to attack this week, another researcher found two flawed ActiveX controls and publicised exploit code that can be used to hijack Windows machines.

Although eEye's advisory was vague about details - it said Messenger's Webcam ActiveX control was at fault - the researcher laid all bare on the Full-Disclosure mailing list.

The researcher, who went by the name "Danny," cited "45 minutes of fuzzing!" in a post about the flaw. In a follow-up post, Danny published a second exploit. "This affects the viewer ywcvwr.dll with yahoo messenger," he said.

eEye called the Yahoo Messenger bugs serious. "ActiveX remote code execution vulnerabilities have very high impacts since the source of the malicious payload can be any site," the security vendor said. "An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with administrator credentials."

Most Windows XP users run in administrator mode.

Danish vulnerability tracker Secunia rated the Messenger bugs as "extremely critical" - its highest-possible threat ranking.

Until Yahoo provides a patch, eEye said the only work-around defence is to set the kill-bit for the two Yahoo ActiveX controls. However, because that involves manually editing the Windows registry, it's not a tactic most users will feel comfortable doing. Microsoft, which in the past has recommended kill-bitting to temporarily protect users against vulnerabilities in Internet Explorer and its other software, has offered a set of technical instructions on setting kill bits.

Yahoo has not yet posted a fix for the flaws to its security update page. The last Messenger bug, also because of a vulnerable ActiveX control, was fixed in April.