InsideMicrosoft

part of the Blog News Channel

Three Security Bulletins Coming Next Tuesday

Microsoft has sent out its monthly security bulletin, indicating which security patches are coming next Tuesday. The most severe of the security warnings is of a “critical” level.

The bulletins are part of Microsoft’s policy to combine all patches into a monthly update and give users advance notice of the coming security updates. In part, it reads:

On 11 January 2005 the Microsoft Security Response Center is planning to release:
- 3 Microsoft Security Bulletins affecting Microsoft Windows. The greatest maximum severity rating for these security updates is Critical. These security updates may require a restart.

I’ll have all the info on the patches as soon as it comes in.

You can sign up for this update service yourself here.

January 6th, 2005 Posted by Nathan Weinberg | Security, General | no comments



Patent Filings Provide Peek At XBox 2

Microsoft has filed for some patents that point to heavy duty graphics for the next iteration of its XBox game console.

Ars Technica has the details on how Team Xbox discovered some recent Microsoft patent filings that indicate XBox 2 will have support for procedural geometry generation, a highly advanced form of graphics rendering, running off multi-core CPUs. This points to a lot of horsepower under the hood of the next Microsoft console, a strategy that eventually paid off for the first XBox, which is now in striking distance of the Playstation 2.

January 6th, 2005 Posted by Nathan Weinberg | General | no comments

Hosting sponsored by GoDaddy

Bill Gates And Conan Yuck It Up At CES

Bill Gates sat down with late night talk show host Conan O’Brien at the Internation Consumer Electronics Show for an unusual keynote address. The two sat down at a rough interpretation of Conan’s Late Night NBC set and discussed Windows Media.

The highlight of the keynote was, as usual, the technical glitches. A short bit where photos were shows that ended with Bill Gates waking up in a cheap motel room with an iMac laptop (don’t ask) wound up being pushed twenty minutes late because the Media Center PC froze wouldn’t respond to the remote.

Later, as a product manager attempted to display some car customization options for the new XBox racing game, Forza Motorsport (due in April), that computer crashed to a blue screen, forcing the PM to admit that, in testing, that was the most boring part of the presentation anyway.

Still, the demo was informative, similar to the one I saw Intel’s CEO gave at Digital Life back in October (minus the technical errors), and a lot more fun, with Conan being his usual funny self, stealing all the demo products whenever Gates put them down and stashing them in his jacket pocket.

You can watch a video of the keynote, thanks to Microsoft At Home’s website, which has both a 100k and 300k version of the video.

Quote from Seattle PI (which also notes that a transcript is available here):

“I don’t know who’s running things here,” O’Brien joked when the remote control wouldn’t work. “Who’s in charge of Microsoft?” he asked, looking at Gates. “Oh.”

Also: AP Story

UPDATE: Sean Alexander of the Media Center team explains all the technical glitches at his blog. A fun and interesting post.
(via Slashdot)

January 6th, 2005 Posted by Nathan Weinberg | Humor, General | no comments

Microsoft AntiSpyware First Impression

The single biggest problem Microsoft faces is not Google, Linux or Firefox. It is security. Security problems with Windows and Internet Explorer destroys user confidence in Microsoft, and pushes users to switch to open source alternatives, all of which make them more likely to be Google fans as well. Security threats bolster Microsoft’s competitors like no amount of advertising could ever accomplish.

To combat this, Microsoft released (just a few hours ago) Microsoft AntiSpyware, the first MS branded version of its aquisition from GIANT Company last month. AntiSpyware is designed to block programs that maliciously and secretly install themselves on your computer, either crippling it, serving unwanted advertising, sending personal data to parties unknown, or opening your computer to outside attacks.

Two popular and effective programs already exist to combat spyware, or as it is more accurately know, malware. Both Adaware and Spybot Search & Destroy are well-known as the solution for these problems, and in most cases, you can spot an internet novice by finding the person without the antispyware program.

Two problems exist: First, too many users don’t protect themselves. Microsoft bought an antivirus firm a year ago because it couldn’t rely on users to arm themselves in this battle (or at least to pay for it), so Microsoft realized it had to supply its own solution, since it was getting blamed for problems that, while its fault, were still preventable by vigilant users. For the same reason, Microsoft picked up GIANT last month.

Second, both Adaware and Spybot are effective, but not effective enough. Most smart users install both, because neither is really that good at catching spyware, and a combination of both is needed to accomplish anything. Microsoft hopes to be better so users only need its program.

*note: you can click on thumbnails to get higher quality screenshots*

Does Microsoft AntiSpyware work better? Well, its user interface is more friendly than Spybot’s stark, confusing, overburdened interface, and it has far better access to options than Adaware’s does. In one funky design decision, it seems to use the same color coded threat warning system as the Department of Homeland Security, telling you your malware infection is “elevated” or “guarded”.

Once you start using the program, your main start page is the system summary page, which provides quick links to all the functions of the program. It lets you know when your last scan was, how many threats have been found and protected against, and when your spyware definitions file was updated. Interestingly, there is also a nice little message that informs me that the product expires in 206 days, on July 31, 2005. This may or may not confirm that you will need to pay for AntiSpyware eventually.

The real-time protection is far more advanced than Spybots (Adaware doesn’t even have the feature in its free version). There are three portions to real-time. 9 internet agents protect you against attacks over the net, from attacks over dialup, wi-fi, Winsock LSPs, Windows Messenger Service, changes to your safe sites list, internet proxy server, name protection server, or TCPIP parameters, as well as attempts to send spam from your system.

25 system agents protect you from changes to your HOST file (KaZaA is nutorious for this), Windows services, right-click context menus, Windows shell execute hooks and shell extensions, open commands, system.ini, control.ini and win.ini files, as well as .ini file mapping, Windows extensions, user shell folders, your winlogon shell, winlogon usernit and logon policies, AppInit DLLs, Windows Update settings, Windows protocols, Restrict Anonymous settings, programs adding themselves as startup or bootup items, attacks from Explorer trojans and directory trojans, and most importantly, changing your passwords.

25 application agents protect you from threats executing and running processes or scripts, adding themselves as startup items (in folders or the registry), installing ActiveX, Browser Helper, IE toolbars, extensions, URLs, plugins, or Explorer bars, changing IE security settings or security zones, adding third party cookies or trusted sites, modifying IE’s shell or WebBrowser, changing URL hooks or menu extensions, disabling RegEdit, resetting your web settings, and adding to your installed components list. Also, there are two agents that prevent additions to Internet Explorer and application restrictions.

The scanning itself seems quite effective. It found two spyware products, one of which received a level 3 “elevated” warning, that neither Spybot or Adaware had noticed. It also identified thatthe Yahoo toolbar was attempting to change my personalized search settings and remove the Google toolbar, and let me block that (Spybot also saw that). Scanning was fast, on par with its major competitors.

Problem is, the program is buggy, very buggy. When it works, it works well, but when it doesn’t, forget about it. I had to reboot halfway through writing this review since I couldn’t get it to open anymore. There are some GUI bugs that need to be fixed, including how Windows sometimes forgets about it, and random crashes when clicking on buttons. The GUI is also slow to draw on the screen, which can be annoying.

Still, the most important thing is that it protects your computer. I feel pretty secure with it (as long as it runs), but then again, that proves nothing. My suggestion / plan? Stop using any other antispyware programs for two weeks, making sure Microsoft AntiSpyware is active the whole time. Then, run your regular programs. If they find anything MS-AS missed, keep ‘em. Otherwise, we’ve got a new front-runner on our hands. One thing you can rely on: The internet hates Microsoft when it comes to security, so if there is a major threat that Microsoft AntiSpyware doesn’t detect, it’ll be on Slashdot within 20 minutes.

January 6th, 2005 Posted by Nathan Weinberg | Security, General | 84 comments

Microsoft AntiSpyware Available For Download

Microsoft has put Microsoft AntiSpyware beta online.

More to come…
(via Michael Swanson’s MSDN blog)

UPDATE: The download is just under 6.4 megabytes, not bad. The text from the site reads (boring portions cut out):

Windows AntiSpyware (Beta) is a security technology that helps protect Windows users from spyware and other potentially unwanted software. Known spyware on your PC can be detected and removed. This helps reduce negative effects caused by spyware including slow PC performance, annoying pop-up ads, unwanted changes to Internet settings, and unauthorized use of your private information. Continuous protection improves Internet browsing safety by guarding over 50 ways spyware can enter your PC.

The worldwide SpyNet™ community plays a key role in determining which suspicious programs are classified as spyware. Microsoft researchers quickly develop methods to counteract these threats, which are automatically downloaded to your PC, so you stay up-to-date.

The user must be an administrator to install this application.

Note to Users of Giant AntiSpyware:
Current Giant AntiSpyware users with active subscriptions are advised to continue to use their existing software. Click here for more information.

If your subscription has expired, and you choose to download and install Windows AntiSpyware (Beta), you must first uninstall any previous versions of Giant AntiSpyware.

Supported Operating Systems: Windows 2000, Windows 2000 Advanced Server, Windows 2000 Professional Edition , Windows 2000 Server, Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows Server 2003, Windows XP, Windows XP Home Edition , Windows XP Media Center Edition, Windows XP Professional Edition , Windows XP Service Pack 1, Windows XP Service Pack 2, Windows XP Tablet PC Edition

You may have trouble reaching the download page, just keep hitting refresh. Also, so far I have been unable to actually open the program, although it does appear to be running in the background.

UPDATE 2: So, I’ve found my first bug. The initial setup doesn’t have a taskbar button, and doesn’t show up when you ALT-TAB, so if you switch to another window, you will never be able to find it again. Of course, I’m being overdramatic, since you can start minimizing windows till you find it, or you can close it in the task manager and start again, but its still something that needs to be fixed. Also, the program seems to fail / crash randomly. Not a good start…

UPDATE 3: So far so good. Past the initial hickups, its scanning my system quite quickly. Seems as fast as Ad-aware or Spybot, even with 20 programs running on my system. It found two spyware programs (with 49 spyware signatures) which both of those competitors completely missed, despite the fact that I scan with Spybot every night and with Ad-aware once a week, plus have Spybot’s active scan, Teatimer, always running. I’ll do a full review later, but so far I’m satisfied with the program.

January 6th, 2005 Posted by Nathan Weinberg | Security, General | no comments

Bill Gates Calls Copyright Violators “Communists”

In an interview with C|Net, Bill Gates said:

There are some new modern-day sort of communists who want to get rid of the incentive for musicians and moviemakers and software makers under various guises. They don’t think that those incentives should exist.

Boing Boing calls copyright violators “Free Culture advocates”, and thinks BillG said something wrong or “evil”. Look, I violate copyrights every day, both in my private life and my jjjjjjjj—, but I harbor no illusions about what I do. I’m no more a “Free Culture advocate” than a abortion activist is a “Free Choice advocate”. I’m sorry, but Boing Boing can’t make jokes about stupid political correctness and then follow it up with the same stupidity. If you can’t use the real words for what you are advocating, then you should be embarressed to call yourself an advocate. Besides, complaining about Bill Gates saying that copyright violators are wrong is a waste of time while the RIAA is flooding file sharing networks with computer viruses. Microsoft puts barely effective piracy controls in its software, but when it comes to copyright violations, its pretty tame.

Another detail from the interview: close to a million people have already set up MSN Spaces. Wow. Also:

What do you think of Apple’s success so far? I mean, they clearly have had a hit with the iPod.
Absolutely. They had a hit with the Apple II, they had a hit with the Macintosh, and they have a hit with the iPod, so this is a company that’s had three hits, and that’s very impressive. There are a lot of companies that don’t have three hits. And in the same way that Macintosh helped get people exposed to the graphical user interface, the iPod is doing a great job getting people to think about digital music.

Read between the lines: Just like the Mac created the market we eventually took over, so will the iMac. Bill also says Microsoft is working on updates to IE, and doesn’t see Firefox as much of a competitor, because far more people try it out than actually switch to it. Are there any statistics on that?

January 6th, 2005 Posted by Nathan Weinberg | Open Source, General | one comment