One in five applications installed on Windows PCs are missing security patches, a Copenhagen-based vulnerability tracker has reported.

According to Secunia APS, more than 20 percent of the applications scanned by its Personal Software Inspector (PSI) utility were open to attack because available fixes for security flaws had not been applied.

"More than 20 percent of all applications installed on users' PCs have known security flaws, but the users have yet to install the patch provided by the vendor of [the] product," said Jakob Balle, Secunia's development manager, in a post to the company's blog last week.

The 20 percent figure was based on scans of more than 14.5 million applications installed on the Windows PCs operated by users who downloaded and installed Secunia's PSI. The utility scans for some 4,200 different applications and reports on their patch status.

The 1-in-5 ratio, however, is an improvement over earlier PSI scans. Last May, Secunia said that 28 percent of the applications PSI scanned were missing available security updates.

Secunia released the free patch-detection utility a year ago but shifted it to Release Candidate 1 (RC1) stage earlier this month. The company claimed that nearly 191,000 users have downloaded and run the program.

PSI, which runs on Windows 2000, XP, Vista and Server 2003, can be downloaded from Secunia's Web site.

Computerworldis an InfoWorld affiliate.

A report from market research firm comScore pegs the amount of online spending this holiday season at nearly $28 billion, a 19 percent gain over the same period last year.

ComScore measured the holiday season spending from November 1 to December 27 -- a 57-day period. But it wasn't just the days leading up to Christmas that drew shoppers to the online marketplace, the company said.

"Even as the holiday shopping season winds down after Christmas, we continue to see some relatively strong online spending days," said comScore Chairman Gian Fulgoni.

ComScore said they saw sales of $545 million the day after Christmas. That represents more than double the sales for the same day last year."This would appear to indicate that consumers were willing, and able, to take advantage of the attractive late-season promotions and price discounts offered by retailers this year," said Fulgoni.

ComScore expects the spending spree to continue. In its forecast the company expects spending for the November to December shopping season to reach $29. 5 billion, a 20 percent increase over the same period last year.

Macworld.comis an InfoWorld affiliate.

Motorola has settled a long-running patent dispute with Metrologic Instruments, a maker of bar-code scanners.

Motorola inherited the lawsuit as part of its 2006 acquisition of wireless handhold device maker Symbol Technologies. Symbol and Metrologic had been engaged in the spat since early 2002, when Symbol sued Metrologic, claiming that the company had failed to make adequate royalty payments.

Symbol was a maker of wireless barcode scanners that are used by delivery and warehouse workers to keep track of inventory.

In 1996, Metrologic licensed Symbol's barcode scanning technology for use with its handheld scanners, paying Symbol royalties of $10 per scanner. However, in 2001 Metrologic stopped making these payments, claiming that"product changes had pushed the scanners beyond the scope of definitions laid out in the agreement," according toSymbol.

The actual amount in dispute had been less than $500,000 Metrologichas said.

In June 2003 Metrologic counter-sued, claiming patent infringement.

Monday's agreement settles all pending litigation and enters Motorola and Metrologic into a patent cross-license deal that covers barcode scanning and mobile computing technology, they said in a statement. Terms of the settlement were not released.

Vonage Holdings and Nortel Networks have preliminarily agreed to cross-license several patents, ending a dispute between the companies without any monetary payments, Vonage said Monday.

All claims relating to past damages as well as remaining payments will be dismissed, the company said. Documents sealing the agreement have not yet been finalized.

The agreement is a minor victory for Vonage. The company has settled or reached tentative agreements in three other patent disputes related to VoIP (voice over Internet Protocol) and other telecommunications technology for what could ultimately reach $239 million in payments.

Vonage tentatively agreed last month to settle a patent infringement lawsuit filed by rival AT&T for $39 million. Prior to that deal, Vonage had reached settlements with Sprint Nextel for $80 million and with Verizon Communications for $80 million to $120 million, depending on the results of an appeal.

Microsoft product managers Friday claimed that a data corruption bug in Windows Home Server crops up only when the system is under an"extreme load," but also defended their decision to sound a general alarm before they had completed their investigation.

The news that Windows Home Server (WHS) could corrupt files raised a storm of criticism from customers and observers alike.

"The problem isn't one hundred percent reproducible, and depends on quite a few different factors," explained Todd Headrick, the product planning manager on the Windows Home Server (WHS) team."Home Server has to be under an extreme load while doing a large file copy," he said, adding that the flaw comes into play only in instances when the file server's cache is full and the user is editing a file previously saved to a shared folder.

"But we thought it was important enough to generalize [the bug] so people would take it seriously, even though we took a PR [public relations] hit," Headrick added.

Wednesday, Microsoft warned users in a tightly worded support document not to edit files stored on their servers with certain programs."Files may become corrupted when you save them to the home server," Microsoft said in KB946676, which it published last week to its support site.

Saying that the bug was in the shared folders feature of WHS, the document urged users to stop using seven Microsoft applications, including Windows Vista Photo Gallery, Windows Live Photo Gallery, OneNote 2003, OneNote 2007, Outlook 2007, Microsoft Money 2007 and SyncToy 2.0 Beta under some conditions."We recommend that do not use the programs to save or to edit program-specific files that are stored on a Windows Home Server-based system," the document read.

That wide-ranging recommendation caught the eye of WHS users and Microsoft critics alike. Some sounded white-hot.

"I've had a fair share of files corrupted," a user identified as Shane K claimed on the WHS support forum."I have 800+ gigs of data on my home server and I've had just about every file type you can imagine refuse to open or at sometime go to 0KB file size for no reason. This issue has been around for MONTHS so I don't know why suddenly the WHS team decides to'work through the holidays' to resolve it when there has been plenty of action on the boards since beta about this issue."

Others misunderstood Microsoft's warning, and assumed that client backups to WHS would end up corrupted, which wasn't true."This could potentially be the'my dog ate my homework' for the 21st century," said a user named BVis on a Slashdot.org thread that tracked Computerworld's original story."'I did my homework, but the power went out before I could save it, and my backups were all corrupt!'"

"People read things into [the KB]," said Headrick."I heard people say'Don't use the computer backup,' but there were no problems whatsoever with Windows Home Server backup."

Headrick and Joel Sider, a WHS senior product manager, both defended the decision to issue the warning."This is a very serious issue," said Headrick."We take any [data] corruption issue very seriously."

"We went with the amount of information we had at the time," said Sider."We had seen a reproducible problem, but we hadn't created a reproducible environment yet."

"We didn't have any more information, other than we were working on the problem, which we'd already said," echoed Headrick in explaining why the team left the original support document untouched until late Friday. Then, Microsoft updated KB946676 to include some of the same information that Headrick and Sider discussed in their interview with Computerworld.

"You can still use the WHS home computer backup to back up and restore files from and to your home computers," the revised document read.

Headrick promised that the WHS team would work around the clock to come up with a permanent patch for the corruption bug, and would release it first as a hotfix that users would have to download manually from the Microsoft site. He refused to set a schedule for its release, however, saying only that the developers would have something to test"in fairly short order."

At some later date, the fix will be pushed to all WHS customers via Windows Update, Microsoft's update service, with the process determined by the server software's Automatic Updates settings, Headrick promised. He also said that although the WHS team was aware of file corruption reports related to Torrent applications, Intuit Inc.'s Quicken personal finance program and Intuit's QuickBooks small business accounting software, it has not been able to reproduce the bug on its test systems. In addition, Headrick put the responsibility for any problems with Quicken on users' shoulders.

"Quicken [data] was never meant to be stored on a network share," said Headrick.

Computerworld is an InfoWorld affiliate.

A legal battle is shaping up in California involving a Chinese startup that makes equipment used to produce semiconductors.

Advanced Micro-Fabrication Equipment (AMEC), of Shanghai, was sued in California by Applied Materials, which claims the company misappropriated its trade secrets. But lawyers for the Chinese company asked the judge to dismiss the suit, arguing the U.S. court has no jurisdiction over AMEC's activities.

AMEC's motion for dismissal will be heard by Judge James Ware of the U.S. District Court for the Northern District of California, on Feb. 11.

Applied's lawsuit, filed in October and amended last month, claims AMEC used its trade secrets to develop etch and CVD (Chemical Vapor Deposit) tools that are used to make chips. AMEC's tools will compete against similar products from Applied, which cost millions of dollars each. Applied is seeking an injunction from the court to prevent the misappropriation of its trade secrets and wants punitive damages as well as a declaration that it owns patent applications recently filed by AMEC.

Applied identified four former employees in the suit, including AMEC founders Gerald Yin and Aihua Chen.

Applied's amended complaint describes Yin, who left Applied in 2004 to start AMEC, as a former corporate vice president and chief technology officer who"managed the etch product group and had broad access to Applied confidential information and trade secrets concerning its etch tools." In addition, the complaint says Chen at one point served as general manager of Applied's CVD product group and had access to proprietary technology related to those tools.

To bolster its case against AMEC, Applied noted that the former employees identified in the lawsuit signed agreements that give Applied all rights to inventions made during their employment, and prevent them from using Applied's confidential information for anyone else's benefit. Under the agreement, any patents filed by the former employees within one year of leaving Applied are"presumed to have been conceived or made during their employment with Applied and would belong to Applied."

As a result, Applied's complaint lays claim to two AMEC patent applications filed in China on August 5, 2005, that name Yin and other former Applied employees as inventors. These patents should belong to Applied as the patent applications were made"one year and three days after Yin left applied" and therefore must be based on information that Yin disclosed to AMEC during the one year period, the complaint said.

AMEC subsequently filed patent claims in Japan and the U.S. based on the Chinese patent applications. Applied's complaint also claims these patent applications as its own, noting Applied filed its own patent applications covering the same technologies.

In response, AMEC's motion to dismiss argues that the U.S. court has no jurisdiction over the Chinese company.

"In this case, there is no jurisdiction over AMEC Inc., because the allegations of the (amended complaint) relate exclusively to actions that took place in China. None of Applied's claims arises out of allegations concerning contact with California," the motion said, adding any legal action by Applied against AMEC should be heard in a Chinese court instead.

LG.Philips LCD is planning to unveil a 52-inch multi-touch LCD (liquid crystal display) at next week's Consumer Electronics Show, it said Monday. The screen is 5-inches larger than one it recently showed in Japan and is the largest display of its type in the world, the company said.

Multi-touch screens differ from conventional touchpanels because they allow input from more than one spot on the screen so, for example, an image can be manipulated from opposite corners. Probably the most famous current example of the technology is the display on Apple's hit iPhone and iPod Touch devices.

With the technology helping to make the iPhone a smash hit display makers are now pursuing its inclusion in screens. The LG.Philips 52-inch screen uses an infrared image sensor to gauge input from fingers or other instruments and can recognize gestures such as the movement of fingers. It boasts full HD resolution (1,920 pixels by 1,080 pixels).

Additionally, the company will be showing an 84-inch multi-touch display that is made up of four 42-inch panels joined together.

LG.Philips LCD will also unveil a 47-inch"triple-view" screen. This has a filter over the front that sends light from pixels in one of three different directions so that three images can be displayed at once: one to viewers on the right of the screen, one to people in front of it and one to those on the left. The feature is being positioned at public display applications for use in advertising.

Also at CES the company will show a 47-inch double-sided screen that is made up of a single backlight sandwiched between two LCD panels and a 42-inch transreflective panel for outdoor advertising use.

International CES opens in Las Vegas on Jan. 7.

The One Laptop Per Child project suffered a blow this week, with Chief Technology Officer Mary Lou Jepsen quitting the nonprofit to start a for-profit company to commercialize technology she invented with OLPC.

Jepsen, who joined OLPC as its first employee in 2005 after Nicholas Negroponte started the effort, will pursue an opportunity to chase after"her next miracle in display technology," OLPC said in an e-mail sent on Sunday.

Jepsen was responsible for hardware and display development for the rugged and power-saving XO laptop, designed for use by children in developing countries. Though the laptop has struggled to find buyers, it has been praised for its innovative hardware features and environmentally friendly design.

Her last day with the organization is Dec. 31, though she will continue consulting with OLPC, according to the e-mail. Dec. 31 is also the end of OLPC'sGive One Get Oneprogram, in which two XO laptops can be purchased for about $400, with a user getting one laptop and the other being donated.

Satisfied that XO laptops were shipping in volume, Jepsen noted in an e-mail that she was starting a for-profit company to commercialize some of the technologies she invented at OLPC.

"I will continue to give OLPC product at cost, while providing commercial entities products they would like at a profit," Jepsen wrote in an e-mail.

"I believe that the work I led in the design of the XO laptop is just the first step in changing computing," she wrote.

Powered by solar power, foot pedal or pull-string, the laptop doesn't rely on an electrical outlet to run, making it useful for situations where power is unreliable or unavailable. The laptop's specially designed lithium-ferro phosphate battery consumes between 2 watts to 8 watts depending on usage, compared to 40 watts on commercial laptops depending on usage.

The laptop's battery lasts up to 21 hours because of custom-designed, efficient power-saving features implemented at the hardware and software level. Batteries in commercial laptops may explode at high temperatures, while XO's batteries can run and recharge in temperatures around 100 degrees Fahrenheit (38 degrees Celsius), Jepsen said in earlier interview.

OLPC is also designing acow-powered generatorthat works by hooking cattle up to a system of belts and pulleys.

For connectivity, the laptop has mesh-networking features for Internet access.

Shawn Wang, the chief financial officer of Baidu.com, China's top search engine, was killed in an accident on December 27, the company said Saturday.

"We are all completely shocked and deeply saddened by this tragic news," said Robin Li, Baidu's chairman and CEO, in a statement that described Wang as a"tremendous leader" and"wonderful friend."

Baidu did not provide details of the fatal accident, except to say that it took place"in China during the Christmas holiday vacation."

Wang joined Baidu in 2004 and helped guide the company through its 2005 initial public offering on the Nasdaq stock exchange. Before Baidu, Wang worked as a partner at PriceWaterhouseCoopers' Global Capital Markets Group.

Baidu did not immediately name a new CFO, saying Wang's responsibilities would be overseen by the company's management team until a successor is found.

New rules will go into effect on Jan. 1 that prohibit air passengers in the U.S. from carrying spare lithium batteries in their checked baggage.

The new rules, announced Friday by the U.S. Department of Transport, are designed to reduce the risk of fires in aircraft. Lithium batteries have been identified as a possible cause of several aircraft fires.

Passengers will still be able to carry lithium batteries in checked bags if they are installed in a device like a laptop or digital camera. But loose batteries will need to be put in a plastic bag and carried on the plane as hand luggage, the DOT said.

The rules also limit each passenger to two"extended-life" lithium batteries. These are larger batteries with more than 8 grams of equivalent lithium content, examples of which are pictured in the DOT'sstatement.

The rules arealso describedat the SafeTravel.dot.gov Web site.

In February 2006 a United Parcel Service flight landed at Philadelphia International Airport after the crew detected a fire in its cargo. The National Transportation Safety Board said later that it found several burned out laptop batteries on the plane, and could not rule them out as a possible cause of the fire.

Lithium batteries are a fire hazzard because of the heat they can generate when they are damaged or suffer a short circuit, the NTSB said at ahearingabout the Philadelphia incident last July.

"Several lithium battery incidents have occurred in recent years, including a lithium-ion battery fire that occurred less than two months ago on an airplane in Chicago," the NTSB said.

Several big makers of laptops and cell phones, including Dell and Nokia, have recalled batteries recently because of flaws that created a potential fire hazzard.

The SCO Group has been removed from the Nasdaq Stock Market because the company declared bankruptcy in September.

The stock market delisted SCO and suspended trading of its shares (SCOX) at the beginning of trading on Thursday, SCO said in afilingto the U.S. Securities and Exchange Commission. Nasdaq had told the company in September that it would be delisted, and SCO's subsequent appeal of that determination was turned down.

SCO has been waging an expensive legal battle against IBM for years, claiming the company inappropriately used copyrighted SCO Unix code as part of its support of the Linux operating system. SCO suffered a major loss in that case in August when a federal judge ruled that Novell, not SCO, owned the Unix copyright. In September, the Lindon, Utah, company said the ruling might cost it US$30 million and that it had just $10.4 million in cash.

In October, SCO said it had a"potential" buyout offer for $36 million from JGD Management, a company affiliated with investment firm York Capital Management. That deal would have to be approved by the bankruptcy court.

An historic name in software will effectively pass into history in February as AOL discontinues development and active support for the Netscape browser, according to an official blog.

AOL will keep delivering security patches for the current version of Netscape until Feb. 1, 2008, after which it will no longer provide active support for any version of the software, according to a Fridayentryon The Netscape Blog by Tom Drapeau, lead developer for Netscape.com. The Netscape.com Web site will remain as a general-purpose portal.

Netscape was the original mass-market Web browser and helped to popularize the Internet in the mid-1990s, but it has long taken a back seat to Microsoft Internet Explorer and Mozilla Firefox. Firefox itself traces its roots back to Netscape software that was made into open source. The Mozilla Foundation was founded in 2003, with support from AOL, and has released successive versions of Firefox while AOL continued to develop Netscape on top of the same platform, Drapeau wrote.

Groups within AOL have tried and failed to revive Netscape Navigator and gain market share against Internet Explorer, according to the blog entry.

"AOL's focus on transitioning to an ad-supported Web business leaves little room for the size of investment needed to get the Netscape browser to a point many of its fans expect it to be," Drapeau wrote."Given AOL's current business focus ... we feel it's the right time to end development of Netscape branded browsers, hand the reins fully to Mozilla, and encourage Netscape users to adopt Firefox," Drapeau wrote.

The Mosaic Netscape browser was posted for downloading in 1994 by Mosaic Communications, which later changed its name to Netscape Communications. That company kicked off the dot-com boom with its hugely successful initial public offering in August 1995 and was acquired by AOL in 1999. But Internet Explorer, introduced in 1995, eventually dominated the browser market. Microsoft's bundling of its browser with Windows operating systems was a key issue in antitrust lawsuits filed against it in 1997.

As of this month, Netscape had only 0.6 percent of the browser market, which was still dominated by Internet Explorer with more than 77 percent, according to Web application and analytics firm Net Applications. Firefox was gaining, however, with market share just over 16 percent.

Users will still be able to download old versions of Netscape from an archive, currently locatedhere, though they will not be supported by AOL, Drapeau wrote.

An innovative malware honeypot project backed by a leading consortium of IT security experts is preparing to re-launch its global sensor network after Jan. 1 in an effort to dupe more cyber-criminals into handing over information about their latest attack methods.

The Web Application Security Consortium's Distributed Open Proxy Honeypot Project, which was initially turned on in Jan. 2007, will relight its set of attack monitoring sensors on or about the first of the year after significantly scaling back its operations during the month of December.

After its initial 11 months of data collection, the project undertook the month-long hiatus to give project researchers more time to examine results and plan for the year ahead.

In addition to tweaking their tactics for tracking and luring malware distributors in 2008, WASC project leaders said they are also planning to add new honeypots to their existing network, which already spans locations in Europe, Russia, South America, and the United States.

Unlike more traditional OS-level or SMTP-based honeypot applications -- systems designed to collect individual malware samples for subsequent examination by anti-virus researchers -- the WASC project utilizes a network of 14 specially-configured open proxy servers (or proxypots) to monitor traffic for nefarious activities carried out by everyone from botnet herders to adware purveyors.

Traditional honeypots have proven useful for tracking widespread computer viruses and allowing AV companies to produce the signature files needed to protect machines against infection, but those targets are ill-suited to provide the level of real-time intelligence needed to protect against today's fast-moving customized threats, said Ryan Barnett, the WASC project's leader.

By serving up an unprotected open proxy server to the larger Internet, and thereby advertising itself as exactly the type of anonymous conduit that attackers seek out to distribute their work -- rather than merely an undefended computer, the effort is already garnering new insight into cyber-criminals' methods, he said.

Barnett, who is also director of application security training at Breach Security and an instructor for the SANS Institute, said that despite being pleased with the project's initial ability to identify attacks and test ways to thwart malware campaigns further upstream, he is hoping that 2008 will provide even greater rewards.

Among the improvements the group is aiming to make to its system -- built around the ModSecurity open-source Web application firewall, for which Barnett also serves as development community manager -- are more effective ways for categorizing attacks, correlating anomalies, and applying forensics to trends that it charts over time.

The security expert is hoping that the same open-source movement that has allowed ModSecurity to mature, with the firewall recently adding a range of new features in its late-December version 2.5 release, will also take hold with the honeypot effort and encourage more people to launch sensors or help research its data findings.

"Getting different versions of data analysis will be key, but we will need to get a lot more people onboard," Barnett said. "We feel that there's a whole symbiotic approach with the project and the open-source community already. We need to export more of the raw data into that community to help analyze the results -- there's simply too much data for us to churn through alone."

The future of the proxypots
What the use of the proxypot model allows the project to observe are the source IP addresses being used by attackers running over its sensors, along with the nature of their threats and their targets.

For instance, out of the 8.9 million questionable transactions carried out over the group's servers in October, when the sensor network was last running at full bore, 2.6 million of the requests were related to advertising click fraud, the leading type of threat observed in the firewalls' logs.

Further investigation of the results would allow WASC to figure exactly which sites were being pumped-up by those automated traffic hoarders and inform any companies involved of the illegal activity, Barnett said.

For the record, more than three quarters of the traffic moving over the proxypots fails to trigger any of the firewall rules, meaning that it is either benign or unidentifiable as malware.

While the WASC honeypot project could eventually be used to snuff out some malware sources or block the threats themselves, for now, the idea is to create an early warning system to help the security industry respond to emerging attacks.

Along with finding more bodies to throw at analysis of its findings, the project is also considering how it will continue to move forward in relation to the matter of allowing its proxypots to be used to carry out actual attacks.

Thus far, participants in the program have been sending spoofed information back to the attackers channeling traffic over their proxies to fool them into thinking that their campaigns are working and prevent detection of the honeypots.

However, some researchers involved with the program have been asking to allow traffic to pass over their systems unrestricted under the belief that it would be the best way to screen for the newest and smartest threats.

In most cases, project participants will need to defer to local laws governing their level of liability for allowing nefarious traffic flow over their servers if they decide to run wide open, said Barnett. Figuring out exactly how to tackle the issue is one of the WASC honeypot's other major goals in advancing its status during 2008.

"We're trying to regroup and figure out how to best address everything in the next twelve months, enough people are asking about the alternative of not blocking malicious traffic that it has become a question we seriously need to consider," said Barnett. "There are legal issues to study if we want to let real attack run through us, it could still happen anyways -- people can always get around rules, so, there is definitely still some risk involved."

Saudi Arabian officials have reportedly detained a blogger whose writing has criticized religious extremism in the country, according to the two press freedom groups and a regional human-rights organization.

Blogger and IT professional Fouad Ahmed al-Farhan, 32, was taken into custody on December 10, the Committee to Protect Journalistsreportedon Wednesday. His Arabic-languagesitenow has a"Free Fouad" banner in English across the top.

In a letter sent to friends shortly before his arrest, al-Farhan wrote that he had been told that the interior ministry was investigating him and would pick him up within two weeks. At the time he described the worst case as being jailed for three days, but he was still being held without charge as of Friday, according to Joel Campagna, Middle East program coordinator for the CPJ in New York.

Al-Farhan's blog promotes political reform and bears the tagline,"Searching for freedom, dignity, justice, equality, Shura and all the remaining Islamic values which are missing," along with a dedication to his daughters, according to areporton the website of the Arabic Network for Human Rights Information. Some of his more critical commentary has dealt with the question of religious extremism, Campagna said. Al-Farhan also recently posted a blog item criticizing ten well-known personalities who have close ties to the Saudi royal family, he said.

The Saudi government heavily censors Internet content, both political criticism and pornography, Campagna said. Contentious news or political commentary sites are frequently blocked.

There have been previous incidents of online writers suffering retaliation. In 2006, Saudi journalist Rabah al-Quwai’, who had criticized religious extremism, was held for 13 days. In order to obtain his release he had to confess to having denigrated Islamic beliefs, and promise to would defend Islamic values in his future work, the CPJ reported.

Reporters Without Borders Thursday released a statement calling for al-Farhan's release; its current list of"13 Internet Enemies" includes Saudi Arabia.

Research into Internet content filtering by the OpenNet Initiative shows substantial blocking activity by the government of Saudi Arabia. The groupsaysthat filtering content for political reasons is the common denominator across the Middle East.

The CPJ last year detailed Saudi media censorship in its report,Princes, Clerics and Censors.

Amazon.com has added songs from Warner Music Group to the range it sells as MP3 files without DRM (digital rights management), the companies said Friday.

The online retailer launched its music download service in September and now offers 2.9 million songs without copy prevention technology, including tracks from Warner, EMI, Universal, and 33,000 independent record labels -- although it has still not won over Sony BMG, the only one of the music majors still insisting on the use of DRM.

Warner said it also planned to offer album bundles including exclusive tracks through the Amazon service.

The move is a blow to Apple's iTunes Store, which has only persuaded EMI and a handful of independent labels to let it offer their tracks in the DRM-free iTunes Plus format it launched in May. The rest of the songs available through iTunes come with digital limitations on where they can be played, or how many times they can be burned to a CD.

Three formats dominate the market for online music sales: MP3 and AAC, which are both open formats, and WMA, a proprietary format owned by Microsoft.

MP3 files do not include provision for DRM: music recorded in that format will play on most digital music players, many mobile phones, and in software readily available for all the major operating systems, including Windows, Mac OS X, and Linux, opening up a huge potential market to Amazon and to other online music stores such as eMusic dealing in unprotected MP3 files.

AAC is the format Apple chose for its iTunes Store. Most of the 6 million tracks in its catalog come wrapped in a proprietary DRM layer called FairPlay, although EMI and independents such as Sub Pop, Nettwerk, IODA and The Orchard also allow it to offer higher quality AAC recordings without DRM. The DRM-encumbered tracks will play on authorized iPods, iPhones, PCs, and Macs -- but won't play on digital music players from other vendors. Unprotected AAC files will also play on many mobile phones, PCs running Linux with the appropriate software, and even Microsoft's Zune digital music player.

WMA files without DRM will play on PC or Macs using Windows Media Player, and some phones and digital music players -- although typically not on the same ones that play AAC files. Microsoft has also introduced a range of DRM systems enabling online stores to sell locked WMA files -- and later abandoned some of them, leaving a certain amount of confusion and doubt about whether devices and songs branded"PlaysForSure" really will play for sure.

Industry executives expect initiatives such as iTunes Plus and Amazon MP3, which remove the DRM locks placed on music downloads by an earlier generation of music services, will encourage consumers to buy more music.

Warner believes that giving consumers the assurance that the music they purchase can be played on any device they own will only encourage more sales of music, it said Friday.

It may also persuade music-buyers to look at other brands of digital music player such as the Zune range from Microsoft, ending Apple's dominance of that market segment.

With the locks off the music, Apple also faces the prospect of a price war with Amazon, which offers 1 million of its MP3 tracks for just $0.89, compared to the $0.99 Apple charges for all its tracks. Before the launch of Amazon MP3, Apple also charged a $0.30 premium for tracks in the iTunes Plus format, which is recorded at a higher quality than the DRM-encumbered versions. Other Amazon tracks sell for $0.99.