11.01.08

Eye on Microsoft: Foggy Clouds, Counterfeiting, and Security Problems

Posted in Asia, Google, Law, Microsoft, Office Suites, Security, Servers, Windows at 4:00 pm by Dr. Roy Schestowitz

Lights out for the Microsoft cloud?

MANY of the posts so far today have been about Microsoft (e.g. [1, 2, 3]), but before we come to Novell — as there’s plenty to cover there too — it’s important to show just how troubled and confused Microsoft has become. PDC let it be shown out in the open, provided the observer looks deep enough beneath the surface (or Surface, which is another failing product).

Heads in the Cloud

Whatever “the cloud” actually means (mostly Web services), Microsoft has been in this market for a good while and it was never successful. In PDC, Microsoft threw all sorts of names and made announcements of non-existent products. It also tried to give the illusion that Mr. Softee has not yet entered this market, as if to say, “get ready! Microsoft is coming soon.”

“In PDC, Microsoft threw all sorts of names and made announcements of non-existent products.”Remember Office Live? It’s not a new product (or service). Not at all! Microsoft pretended to have ‘unveiled’ it in order to generate some hype and receive coverage, just like Sun Microsystems ‘announced’ the ‘release’ of OpenSolaris about half a dozen times in order to earn media attention and grab some testers or early adopters. It was the same with Live/MSN search, which was reopened/overhauled/relaunch/ renamed/ reinvented/relocated/ rebranded/redesigned/whatever so many times to beg for attention and attract new dabblers. Mojave, Longhorn and Vista 7 [sic] are another nice example of shuffling names and identities.

It was over a year ago that a Microsoft executive confessed there was not much interest in the product called “Office Live”. Many people did not even know it existed. Perhaps Microsoft just didn’t market it properly, for fear it would cannibalise sales of Microsoft Office. Could it be an experiment and a placeholder? At the time, as means of damage limitation, Microsoft required that Office Live users also obtain a copy of the desktop version (Microsoft Office). Platform and browser support was limited and it sure stays the same way now, if not made worse by the introduction of Silverlight (XAML), which hardly works in two platforms (proprietary ones). Moonlight is not Silverlight.

So how is it coming along? Well, a manager involved with the program left the company quite recently and now its co-founder too (mind the highlight in red).

GMI Appoints Luis Salazar as Chief Marketing Officer

[...]

Salazar joins GMI’s executive team after a successful 11-year career at Microsoft Corporation, bringing over 20 years of experience in international sales, marketing and general management to the company, and a proven track record launching new ventures in the software and services industries. Most recently, as General Manager for Marketing, he co-founded Microsoft Office Live, leading worldwide marketing and engineering teams through several successful product launches, reaching millions of customers with one of the first business-focused services from Microsoft that is monetized through advertising revenue.

With this in mind, what is Microsoft’s latest “cloud” hype all about? According to Dana Gardner, it’s possibly a case of “too little too late,” and on purpose.

Microsoft needs to decide whether it really wants to be in the software or services business. Trying to have it both ways, for an indeterminate amount of precocious time, to in effect delay the advancement of serious productivity, seems a terrible waste and a terrible way to affect its community.

Over at InformationWeek, another question comes up in the headline: “Is The Cloud The End Of Microsoft?”

Microsoft’s failure to explain any aspect of its cloud business model renders the rest of its good words about as intelligible as Charlie Brown’s teacher. Its competition can tell you exactly how you’ll pay for services, and for a developer looking to field their own SaaS product, that makes all the difference. More than anything, Microsoft is describing what’s come to be known as platform as a service. The platform is for developers, and developers have to understand how (or whether) they’ll make money.

Bob X. Cringely was not particularly impressed, either.

[B]ased on the Microsoft announcement this week, all Windows Azure looks like to me is Microsoft’s effort to sell web services or maybe cut the sticker shock for smaller businesses adopting SQL Server. But more properly, it likely means Microsoft’s acceptance that computing clients may eventually be free or nearly so. In short, Windows Azure is an insurance policy against the possible Vista-like failure of Windows 7.

Dave Rosenberg, whose whole career involves a specialty in this area, still fails to grasp what Microsoft is on about.

I’m still trying to figure out if Microsoft’s Azure announcements are meaningful beyond just providing a bit of color for the newly revealed Cloud services.

Mary Jo Foley provides some good insight in her “Microsoft’s Azure cloud platform: A guide for the perplexed” though the fact that she even had to write such a thing speaks to the lack of clear message coming from Microsoft.

One of our readers wrote to ask: “Why does Microsoft Jack think it a bad idea for Google to store all your data but has no complaint about the Microsoft cloud?”

Well, that’s just typical Jack Schofield [1, 2], who loves to accuse everyone else of hypocrisy. He refuses to know what Microsoft has done to deserve negative treatment.

Counterfeiting

Going back a couple of days, we accumulate some background reading. Among the links posted the other day there was also the following chunk:

• Piracy – The Enemy of Free Software
• China’s Evermore Office suite takes off
  

  Evermore attributes the increased consumer interest in its office productivity offering to a backlash against Microsoft’s aggressive “black screen” anti-piracy feature that the company launched on October 21st.

• Should Proprietary Software Companies Be More Concerned About Open Source Or Piracy?
• Artist Thrilled That His Work Was ‘Stolen’ By Fashion Designer

There is some more of the same pattern in China following Microsoft’s muscling.

When Microsoft noticed ‘misunderstandings’ among the Chinese public over its ‘black screen’ move to crack down on piracy, the country’s domestic software industry saw opportunity and couldn’t wait to embrace it.

Earlier this month we covered the situation in China using groupings of reports (e.g. [1, 2, 3, 4]). Some newer reports about this saga are very encouraging. Here are a few:

Wired: Chinese Strike Back at Microsoft for Anti-Piracy Measures

“Microsoft has no right to judge whether the installed software is pirated or not. It has no right to penalize users by intruding on their computers,” Liu, a man one man who is suing Microsoft, told the Xinhua News Agency.

China View: Lawsuit ramps up pressure over Microsoft’s ‘black screen’ anti-piracy move

Public pressure on Microsoft over its controversial anti-piracy campaign in China has been stepped up with news that a Beijing man is taking the software giant to court to uphold the principle of the integrity of his computer.

Reuters: Microsoft anti-piracy move irks Chinese official

A top Chinese copyright official chided Microsoft for launching an anti-piracy tool that nags users of counterfeit software with a black computer screen and said the company’s prices were too high.

Forbes: Microsoft Tests Chinese Law On Piracy

But scrutiny centered on how Microsoft folded the anti-piracy program into an automatic update that was sent to users who opt to receive updates through Windows or Microsoft Update. Microsoft can “get into trouble for bundling,” Dickinson said. Dong told the English-language China Daily that “Microsoft uses its monopoly to bundle its updates with the validation programs.” This bundling issue is also the subject of a pending U.S. lawsuit, brought in 2006 when Microsoft packaged a similar anti-piracy program with a security update for U.S. users. A public relations officer for Microsoft stressed Wednesday that users can reject an automatic update before it is installed on their computers.

Zero-cost Windows is not a sustainable strategy. Until now, however, it has been a long-term investment.

Security

Almost every single version of Windows is under attack now. Machines that are not fully patched can be compromised without any user intervention at all. The latest reports about it include:

1. Update: New Trojan Exploits Microsoft Bug

Tuesday, Microsoft Corporation released an emergency security update more than two weeks ahead of the company’s regular time of the month when update patches are issued, notifying of a vulnerability that could allow worms and trojans to run malicious codes on affected by the security hole machines.

The first patch released outside Microsoft’s mainstay update cycle in eighteen months revealed the bug was apt to render attackers to remotely take full control of an infected system.

2. Trojan targets Microsoft’s emergency fix

There are reports emerging Friday morning of a new Trojan exploiting the MS08-067 RPC vulnerability in Windows that Microsoft patched with an emergency fix yesterday. Known as Gimmiv.A, the Trojan propagates automatically through networks, and also installs a number of small programs on compromised machines. But its most worrisome capability is a feature that enables Gimmiv.A to find cached passwords in a number of locations and then send them off to a remote server. Before sending the data, the Trojan encrypts the passwords with AES encryption.

Those who are frightened by the thought of 320 million zombie PCs, which are quite are a lot (accounting for almost half), should brace themselves for more. Technology companies join forces in desperate attempts to combat this serious issue that jeopardises the entire Web and even banking institutes.

Several ISPs and Internet companies will meet in San Francisco early next year to adopt a common strategy for combating botnets, the remotely controlled networks that are used to carry out distributed denial-of-service attacks and massive spam campaigns.

The other day, the BBC reported on bank fraud, indicating that about half a million people are affected. Even the World Bank is suffering. And even the French president is a victim, but he is not a liked figure [1, 2].

But never mind money. Never mind the Internet. National security too is in jeopardy because of these zombie botnets. Even the US Army is reacting to them now.

The US Army has set up a new task force for the protection against cyber attacks. The Defense Industrial Base Cyber Security Task Force (DIB CSTF) will combat the apparently widespread theft of controlled but unclassified information from computer systems. The group will have an annual budget of $1.2m. According to a report issued by the US Army last August, such incidents can “potentially undermine and even neutralise the technological advantage and combat effectiveness of the future force”.

When the military needs to step in because of software issues, shouldn’t a sanity check be required? █

“The Internet? We are not interested in it.”

–Bill Gates, 1993

Permalink  Send this to a friend