Not that much happening, apparently….
Windows 7 beta getting yanked.
The Dalai Lama wasn’t tweeting.
Another prediction of $99 iPhones.
iTunes gets digital Marvel comics.
Apple nixed Android multi-touch?
Microsoft’s ten thousandth patent granted.
Kaspersky’s customer database gets exposed.
Yesterday I wrote about the Windows 7 dust-up that involved a couple of security bloggers’ concern that malware could silently turn User Account Control off, and Microsoft’s seeming unwillingness to talk much about the issue other than to say it wasn’t really a problem. Today, Microsoft’s Jon DeVaan addressed the controversy on the Engineering Windows 7 blog. The gist of his 2100-word post: Microsoft appreciated the input, but UAC’s behavior wasn’t an issue, because malware could only fiddle with UAC settings after it had gotten on a PC, and Windows 7 is really good at warding off malware. And to change UAC’s default behavior to alert users when UAC settings changed would be inconsistent with the approach which Microsoft’s testing had shown that real people liked.
I make no claim to being a security expert (or even the intended audience for DeVaan’s post, which was aimed at developers). But like the rest of Microsoft’s response to this mini-firestorm to date, it was profoundly unsatisfying. No matter how strong Windows 7’s anti-malware protections are, some bad stuff is going to get on some PCs. Why not make it tough for it to perform one task which would unlock the ability for it to do further damage? Screwy but possibly appropriate metaphor: It’s like an apartment manager telling tenants that a presence of a burly doorman in the lobby meant that anyone found in the building changing the lock on a particular conso must be doing so with the owner’s permission.
That post went up at midnight. At 3pm, another one appeared–cosigned by DeVaan and Windows 7 honcho Steve Sinofsky. With reasonably good humor, it ate crow and said that Microsoft will change Windows 7’s behavior:
With this feedback and a lot more we are going to deliver two changes to the Release Candidate that we’ll all see. First, the UAC control panel will run in a high integrity process, which requires elevation. That was already in the works before this discussion and doing this prevents all the mechanics around SendKeys and the like from working. Second, changing the level of the UAC will also prompt for confirmation.
It’s startling that it took Microsoft so many false starts before they got this right: Even if Microsoft was right on some theoretical, technical level, the issue had snowballed into an argument the company simply couldn’t win, period. Nerds will be nerds, and nerds are often stubbon, prickly, and prone to falling victim to the hobgoblin of little minds. But good for Microsoft for (eventually) engaging in healthy, bloggy debate, and being willing to concede its mistakes and move on. Knowing when you’ve screwed up and being unafraid to admit it in public is very 2009.
More at Dwight Silverman’s TechBlog, Mary-Jo Foley’s All About Microsoft, and I Started Something by Long Zheng (one of the guys who raised the issue in the first place).
When it comes to Windows’ User Account Control security feature, Microsoft just can’t catch a break. The version of UAC that debuted in Windows Vista is famously paranoid and pushy. And now there’s controversy brewing that the default settings of Windows 7’s less in-your-face UAC are too lax. Malware can turn off UAC without Windows 7 notifying the user; it can also take advantage of a security hole to give itself auto-elevate permission, thereby hiding its actions. Over at ZDNet, Mary Jo Foley has a good report on this.
I’m most concerned about the fact that Microsoft refused to let Mary Jo interview anyone on the subject–instead, the company provided her with a terse and not very satisfying prepared statement. There may be a rational argument for why Windows 7’s approach to UAC makes sense, but so far, Microsoft doesn’t even seem to be trying to make it…
As my colleague Ed Oswald blogged, details are out about the versions of Windows 7 that Microsoft will make available. Here’s the scoop on the six versions as explained at Geekzone:
Windows 7 Starter: up to 3 concurrent applications, ability to join a Home Group, improved taskbar and JumpLists;
Windows 7 Home Basic: unlimited applications, live thumbnail previews & enhanced visual experience, advanced networking support (ad-hoc wireless networks and internet connection sharing), and Mobility Center;
Windows 7 Home Premium: Aero Glass & advanced windows navigation, improved media format support, enhancements to Windows Media Center and media streaming, including Play To, and multi-touch and improved handwriting recognition;
Windows 7 Professional: ability to join a managed network with Domain Join, data protection with advanced network backup and Encrypting File System, and print to the right printer at home or work with Location Aware Printing;
Windows 7 Enterprise and Windows 7 Ultimate: bitLocker data protection on internal and external drives, DirectAccess for seamless connectivity to corporate networks based on Windows Server 2008 R2, BranchCache support when on networks based on Windows Server 2008 R2, and lock unauthorized software from running with AppLocker.
In other words, the lineup is mostly similar to the situation with Windows Vista, except that the version that’s called Windows Vista Business will be replaced with one called Windows 7 Professional. But there are, apparently, some subtle differences in emphasis.
According to Geekzone, Windows 7 Starter will be available on netbooks and Windows 7 Home Basic will be for emerging markets. I hope it’s true that Home Basic won’t show up over here, since the existence of Windows Vista Home Basic was a contributing factor to the train wreck that was Microsoft’s “Windows Vista Capable” program. But the news that Windows 7 Starter, unlike Windows Vista Starter, will be marketed in more developed nations is potentially a big deal. Microsoft is presumably doing so in order to get Windows onto super-cheap netbooks that would otherwise run Linux. Will people who buy such machines be happy with an intentionally crippled copy of Windows that can only run three programs at a time? We’ll see, I guess.
Some folks had held out hope that Microsoft might move to a simpler, easier-to-understand lineup of Windows versions a la the one that Apple offers. (There’s only one version of OS X, unless you count the Family Pack as a separate edition.) No such luck, apparently–which is kinda understandable given the far larger universe of people who Microsoft must attempt to make happy. (Apple, presumably, feels no need to figure out how to make Macs appealing to people in the world’s poorest nations.)
According to Mary Jo Foley’s post at ZDNet, Microsoft learned from the customer confusion that resulted from all the Windows Vista versions…but whatever lessons it learned still resulted in a mess o’ Windows 7 versions. That says a lot about Microsoft. Even though the theory is that most people will only encounter Windows 7 Home Premium and Windows 7 Professional.
Of course, there’s one version of Windows that’s not in the new lineup which would sell a lot of copies if it were available. That would be Windows XP. Maybe Microsoft should sneak it in under the name Windows 7 Classic Edition or something…
Windows Vista has been available for over two years now, but Windows XP has proven its staying power. It remains the dominant desktop operating system for businesses in Europe and North America, according to a new report by Forrester analyst Benjamin Gray.
While I’m hesitant to make any conclusions about a survey without reviewing its methodology, the findings mesh with similar research from other analysts. Gray surveyed IT managers–I don’t know how he defined the position–and found that Windows Vista was powering fewer than 10% of PCs within enterprises. Windows XP remained strong and steady with a 71% share of the market.
“While most IT managers are anticipating the struggle with managing their upcoming dual-OS environments of Windows XP and Windows Vista, some recognize it will only get worse as they are required to more broadly support Macs, Linux, and even consumer PCs as a result of Tech Populism’s impact on the client domain,” Gray wrote.
It’s not all doom and gloom for Windows Vista: thirty-one percent of respondents have begun to migrate to it. That finding led Forrester to predict that Windows Vista will be the OS that displaces Windows XP, despite interest in Windows 7.
My sense is that Microsoft is aiming Windows 7 most directly at consumers, not businesses. The changes Microsoft is making to the Windows Taskbar are long overdue, and well done, but business users might require training to work with it and other new features in the OS. Other changes, including more mellow User Account Control settings, also target home users.
Windows Vista is a fine OS for businesses. It got off to a rough start due largely to compatibility issues, but many of those issues were ironed out in Service Pack 1.
With Vista Service Pack 2’s release imminent, it is stable and reliable enough for businesses to migrate to. It also provides better support for many core applications and hardware than Windows XP does.
My take: If given a choose between the reasonably mature Windows Vista and a new, unproven OS such as Windows 7, any IT manager worth his or her salt would migrate to Vista and not skip a generation.
It’s probably inappropriate of me to squawk that the posts over at Microsoft’s Engineering Windows 7 blog often bury important stuff in thousands of words of inpenetrable, unadorned text–the blog is aimed at developers, not simple folks like myself. Windows 7 chief Steve Sinofsky has a 2500-word post today and for me, at least, the key tidbit is something that Sinfosky never quite states explicitly: Microsoft plans to release only one Release Candidate test version of Windows 7 before wrapping up development of the OS and shipping it to PC manufacturers and users. That would seem to suggest that the company thinks that the upgrade is in solid shape, and that it’s far more likely to ship it surprisingly soon than surprisingly late.
I still can’t quite believe there’s a chance you’ll be able to buy Windows 7 in the summer of 2009. But perhaps Microsoft will be done with the OS by then, so that PCs bearing it will be on store shelves comfortably in time for back-to-school sales.
Sinofksy says that Microsoft is currently looking at all the feedback it’s gotten from Windows 7 beta testers and figuring out what changes it can reasonably implement. I mostly like W7–it’s already the version of Windows I use most often–but there are a few things about it that I sure hope Microsoft refines, such as the confusing way HomeGroup networking doesn’t seem to let you explicitly change a PC’s HomeGroup, and assigns each HomeGroup a password which you can’t change.
It’s no surprise that Sinofksy has no news in his post about when the Release Candidate will arrive, or when Microsoft expects the final version to show up. As usual, every rational Windows user should have the same take on such matters–which is to hope that Microsoft errs on the side of moving slowly and carefully and releasing an OS that works well right out of the box. (You gotta wonder whether anyone in Redmond ever kicks him or herself for not having worked on Vista for another six months, especially after the company missed the 2006 holiday season anyhow.)
Microsoft was planning to pull the public beta of Windows 7 off its site today. Based on popular demand, it’s decided to extend availability–but only until February 10th. (If you start snagging the beta by February 10th, you have until the 12th to complete the download.) More details here, and here’s the download page itself.
Should you try Windows 7 at this point? Yes, if you’re intrigued, have some time to devote to the project, and can do it without messing up an installation of Windows which you need to preserve as it is for work or play. (The beta will time out in August.) It’s the most promising Windows beta since…well, let’s see. Probably Windows 2000. It’s not perfect or even close, but I’d much rather spend time in it than in Windows Vista Service Pack 1.
Next big question: With the beta winding down, what’s Microsoft’s roadmap for all the rest of the steps between right now and general availability of the operating system? I hope we’ll get at least a few details in the not-too-distant future
I’ve used this metaphor before, but I can’t shake it out of my head: In the case of the class-action lawsuits over the “Windows Vista Capable” stickers that were slapped on PCs before Vista’s release, Microsoft resembles nobody so much as Wile E. “Super Genius” Coyote. I’m not a fan of most class-action lawsuits and don’t instinctively root against big corporations. But by leading consumers to think that PCs would run Vista decently when they could in fact only run the most basic version–the one without the “Aero” interface that was Vista’s signature feature–Microsoft catapulted a giant boulder into the air over its own head. It may not deserve to get crushed by it, but it finds itself in an exceptionally sticky situation as a direct result of its own actions.
Over at Computerworld, Gregg Keizer has an update on the case. The judge has unsealed documents including expert testimony for the plaintiffs that says that if Microsoft were to forced to spring for upgrades for every single PC sold as being “Windows Vista Capable” that wasn’t Aero-read–which was nearly 20 million laptops and desktops–it could cost the company between $3.92 and $8.52 billion. Which, even if you’re Microsoft, doesn’t meet any standard definition of chump change.
I haven’t done the math on whether those calculations are realistic, and last time I checked, I wasn’t a judge or a lawyer. But I do think that Microsoft gave millions of people a false impression in order to spur PC sales when it would have been entirely possible to avoid doing so. Even if it wins this case, it’s presumably poured a heck of a lot of time and money into defending itself that it would have preferred not to invest. I hope that the company, unlike Wile E., learns a lesson here–and doesn’t propel this particular type of boulder into the air again. (The company hasn’t released any news yet about certification programs for Windows 7, but I’m assuming it’ll be very, very careful this time around…)
Quarterly financial results are in from Microsoft, and they’re pretty ugly: The company’s revenue fell short of guidance by $900 million, and net income was down by 11 percent. In reaction to these numbers and general economic gloom, the company says it’s eliminating 1400 jobs today and a total of 5000 positions over the next 18 months (while hiring in some areas where the company sees growth or opportunity). At least that headcount cut is less severe than the worst rumors would have had it.
The sentence in the announcement with the most profound long-term implications for the company is this one: “Client revenue declined 8% as a result of PC market weakness and a continued shift to lower priced netbooks.” Translation: Windows Vista sold poorly during the quarter, and it did so in part because folks were buying low-cost computers that didn’t run it. Vista has been a poor fit for notebooks for two reasons–it’s too resource-hungry to run well on many of them, and it costs PC manufacturers too much. End result: Many netbooks run Windows XP or Linux.
The country’s economic mood at the moment is so miserable that it’s difficult to extrapolate what current news might mean for the future. (In fact, Microsoft announced today that it’s not giving guidance on its likely results for the rest of the year.) So it would be dangerous to assume that disappointing sales for Windows in one quarter means that the OS is entering an era of decline.But it’s fascinating to see Microsoft’s money machine break down. And if a meaningful percentage of PCs are going to cost so little from now on that Windows will be an unaffordable luxury, it means that the financial model that made Microsoft a monopolistic monolith could crumble in the years to come.
Sluggish Vista sales show just how important it is to Microsoft that Windows 7 be a reasonable operating system for netbooks. That definitely means that it must run respectably on PCs that sport low-end CPUs and skimpy amounts of RAM. But it may also force Microsoft to charge PC manufacturers less for the OS, in hopes of preventing them from opting out of Windows altogether. (I was in a Target recently that had two Asus Eee PCs for sale side-by-side: A $300 Linux model and a $350 Windows one. I’d love to know what the sales breakdown is…)
Anyone out there care to guess where Windows will be, say, three years from now? It ain’t going to disappear, and if Microsoft is fast enough on its feet it might be doing okay. But it’s possible, at least, that the planet will be noticeably less Windows-centric come 2012…
Vulnerabilities in Microsoft’s Server Message Block (SMB) file-sharing protocol could pose a serious threat to enterprise networks if companies fail to promptly patch their systems, according to reports. Microsoft has released fixes for the holes.
For Microsoft, the days when worms like Blaster and Sasser regularly blackened its eye have passed; the number of major operating system vulnerabilities fell dramatically after it weaved security into its development life cycle. However, two out of the three SMB vulnerabilities that the company disclosed today are critical enough that virus writers could exploit them in a similar fashion.
I don’t expect anything on the scale of Blaster or Sasser to happen even though un-patched enterprise systems will be easy targets. Microsoft has better security procedures in place, and will get the word out to network administrators. Most home users will be using firewall and have anti virus protection; the average user should be well protected.
These defects do not mean that Microsoft is returning to the bad old days of Windows security. It has made a big investment in its security development life cycle, and has top down approval from upper management. In fact, Microsoft invests more into security than most software makers, has a comprehensive patch process, and has firm plans for how future operating systems should handle security.
Microsoft’s problem is all of the legacy code and protocols that it must continue to support – they weigh like an anchor around its neck. While Microsoft introduced the affected protocol SMB 2.0 in 2006, SMB itself dates back circa the early 1990s. It would not at all surprise me if these vulnerabilities have something to do with legacy support (it’s too late in the evening to expect a response from Microsoft).
We attempted to reach several security experts for analysis, but did not receive a response before press time. I will update this story should any contribute their ideas this evening.
