Arguably Microsoft's biggest threat is its irrelevance to Web developers. Though the company dominates personal computing and is a major force in enterprise computing, it remains a distant also-ran to LAMP (Linux, Apache, MySQL, PHP/Python/Perl) development for the growing Web ecosystem. On Thursday Microsoft announced its WebsiteSpark program to build inroads with the Web crowd, but the program is unlikely to make a serious dent on LAMP's dominance.

The reason? There are some big strings attached.

Microsoft has gone after Web developers before, but products like Expressions haven't made much headway with Web developers, as The Seattle Times reports.

WebsiteSpark, following on the heels of successful student (DreamSpark) and start-up (BizSpark) technology seeding programs, will likely make more of a dent. Free, high-quality tools to Web developers, as TechCrunch suggests, are going to be a big win.

But it's not going to be enough.

The problem isn't one of cost. At least, not primarily. WebsiteSpark has that nailed. The program gives thousands of dollars of technology away for just $100 at the end of three years, and then two options ($999 per year for everything or a scaled down $199 per year option) that aren't much more expensive.

But this overlooks the larger issue: Microsoft constrains who can join the program (start-ups with fewer than 10 employees) and meters their growth after the three years. Open-source alternatives do neither.

No upfront cost...but what about the future?

The first constraint isn't a big deal. Many aspiring Googles have fewer than 10 employees, and will continue to be small through their first few years.

The second, however, is the killer. At the end of the three years, Microsoft doesn't require WebsiteSpark participants to buy anything, but if the start-up is successful, it faces big bills as it scales out its Microsoft technology. This wouldn't be a big problem if there were no free alternatives that offer equal or better performance. But there are.

Microsoft tries to spin the open-source LAMP alternative as disjointed, and further argues it is a more expensive development path, and even that Microsoft offers better Web performance than LAMP-based development.

But this isn't the way the Facebooks of the world see it. They view the open-source LAMP stack as the proven, scalable winner in Web development. Microsoft can't match that with a price tag.

LAMP gives Web developers control over their destiny, both in terms of source code (they can finely tune LAMP to fit their needs) and in terms of cost (they need not pay anyone to scale out). They may choose to pay someone like Red Hat or MySQL for a support subscription, but at scale, companies like Google simply don't. They have the expertise in-house to support themselves.

But that's at scale. The problem remains, however, for Microsoft, that many of those sub-10-employee shops are dreaming of being Google, not being a mom-and-pop shop forever. So, if they're seeing thousands of servers in their future, tying themselves to the Microsoft stack, with all the license fees associated with it, is going to look like a poor decision.

Most companies will fail. Most of the rest will remain small. Rationally, most of these small start-ups, then, should be content to get Microsoft's technology for a song, assuming they don't care about the flexibility that comes from LAMP.

The other side is that with open source--which many of these Web developers will have picked up while at school or just on their own--there are no barriers to how the developer wants to use the software. Ultimately, Microsoft's WebsiteSpark requires Web developers to color within the lines that Microsoft dictates. That may be well and good for a big population of developers, but it's not the path that Digg, Google, Facebook, etc., have taken.

Microsoft is huge in enterprise computing, in part because it lowers the cost and complexity of development for enterprises of any size. But the Web is built on open source. Microsoft is playing catch-up in this market, and it's simply not going to be enough to wave great tools in front of developers for a low fee.

Microsoft isn't alone in making such a pitch. Oracle, for its part, is touting the development of OraTweet, a Twitter clone built with Oracle Application Express Web development platform. But the reality is that enterprise ISVs like Oracle and Microsoft are largely invisible in Web development.

This is one reason Oracle is interested in picking up MySQL, the leading Web database. MySQL is almost entirely complementary, not competitive, to Oracle's enterprise-focused database.

Microsoft, however, has no such plans to buy its way into the open-source development community, which means it must rely on programs like WebsiteSpark to catch up. It's a start-up, but it's not enough.

Malware developers are going open source in an effort to make their malicious software more useful to fraudsters.

By giving criminal coders free access to malware that steals financial and personal details, the malicious software developers are hoping to expand the capabilities of old Trojans.

According to Candid W?est, threat researcher with security firm Symantec, around 10 percent of the Trojan market is now open source.

The move to an open source business model is allowing criminals to add extra features to their malware.

"The advantages are that you have more people involved in developing it, so someone who is into cryptography could add a cryptographic plug-in or somebody who does video streaming could add remote streaming of the desktop," W?est said.

Releasing Trojans as open source dates back to 1999, when the Cult of the Dead Cow group released the source code for its Trojan called Back Orifice.

More recently, the developers of the Limbo Trojan published its source code in an effort to boost take-up following a slump in its use by fraudsters.

Following its release in 2007, the Limbo Trojan became the most widely used Trojan in the world but fell from favor in 2008 after the more sophisticated Zeus Trojan was released, according to security company RSA.

There is a big cash incentive to be the dominant Trojan, with infected machines and the financial and personal details they capture worth millions of dollars on the black market. The Limbo Trojan kit was previously sold to fraudsters for $350 per time before it went open source, while the Zeus Trojan today sells for between $1,000 to $3,000.

However, head of new technologies at RSA, Uri Rivner, said the move to become open source had not reversed Limbo's decline in fortunes.

"It is a move to the same business model as that behind any open source project--to give away a basic version and sell more advanced versions, professional services or customizations.

"At the beginning of it going open source it was big news but people have since stopped investing in it.

"It is not the best Trojan any more but because it's open source you can try it as your first Trojan and it is still used in some places," he said.

Limbo's popularity continues to slump, despite numerous features in the basic version that allow criminals to add extra fields for PIN numbers into fake banking websites and capture the keystrokes and the files saved on an infected computer.

And while open source may not have boosted Limbo's fortunes, it also brings with it separate problems for the fraudsters: open sourcing code also places it in the hands of security professionals.

"If you make (the Trojan) open source, that means that a security company can find the source code and it is easier to make a general heuristic detection for it, as they know what could be in it," Symantec's W?est said.

The majority of Trojan infections occur via drive-by downloads, where the malware is automatically downloaded after browsing an infected website, or messages sent via social networking sites that encourage people to download a Trojan masquerading as a legitimate security update, according to RSA's Rivner.

These infection methods are proving far more effective at getting Trojans onto machines than earlier techniques such as sending an e-mail with a link to an infected file or attachment.

RSA analysts say these new methods have fuelled an exponential growth in the rate of infection, with the security firm detecting 613 Trojan infections in August 2008 compared to 19,102 in August 2009.

More than a few technology sectors seem to be turning up the volume on "big data" and the enormous challenges and opportunities that enterprises face in managing and analyzing their data and system resources.

There are a number of hip technologies and frameworks like Apache Hadoop, which is used to store, process, and analyze massive data sets, enabling applications to work with thousands of nodes and petabytes of data.

One area that provides never-ending data analysis fodder are log files. For those not aware, log files are usually automatically created and updated whenever a machine or machine user does something. Logs are often been put under the "dark matter" umbrella, signifying the challenge of mining useful information from raw data.

But, operating system and application logs are a goldmine of vital information about the health and well-being of an organization's computer infrastructure. Plus, they can record the day-to-day activity of system users as well as capture evidence of malicious activity.

I spoke with Dimitri McKay, security architect for LogLogic, and asked him to provide a few examples of real-world use cases demonstrating how logs are used for business analytics and intelligence purposes in the enterprise.

Example 1--A global retail company uses log analysis to meet regulations established by the PCI DSS compliance standards. Comprehensive reporting capabilities and secure long-term storage capacity are critical elements that must be met, and in order to support forensic analysis, all data must not only be stored but also encrypted.

Example 2--A customer in the telecom industry was overwhelmed with the sheer amount of log data they were forced to consume for both forensics and operations. They were doubling their amount of log data storage every nine months, and the home-grown solution they had been using was just not keeping up.

This company wanted the ability to track a session from start to finish across their entire infrastructure for forensics and operations. With that it could see where sessions were failing, it could reduce downtime and increase the value of the user experience.

Example 3--A global financial firm analyzes its log data to increase and improve network performance as well as for intrusion detection of the infrastructure, scanning for vulnerabilities and vulnerability assessment.

Keep an eye on the buzz meter to see how vendors address the impending data explosion by providing solutions that help enterprises take advantage of these massive data sets.