11.24.08

Gemini version available ♊︎

Eye on Microsoft: Vista/7 Trouble and More Security Chaos

Posted in Apple, GNU/Linux, Google, Microsoft, Security, Vista, Vista 7, Windows at 3:36 pm by Dr. Roy Schestowitz

THERE is a large heap of things to cover today, so we’ll dive right into it.

Vista/Vista7

The Vista case revealed a lot of ugly secrets, such as Rob Enderle's intimate relationship with Microsoft. In evidence preceding the Ballmer deposition, it is also shown how sloppy a CEO he is.

Grammar check optional for Microsoft boss Steve Ballmer

Newly-released emails in the Microsoft ‘Vista capable’ lawsuit not only demonstrate that Microsoft managed to piss off HP as well as Dell with its confused approach, but that people who are running busy companies don’t have time for full stops.

[...]

Quite frankly, this reads more like an MSN chat transcript than a CEO trying to resolve a potentially major partner crisis. Memo to Steve:

* Full stops can make it much easier to read sentences.
* Please avoid meaningless phrases like “I am not even in the detail of the issues”.
* Outlook has had a spelling and grammar checking facility for some time; using it more often might be sensible. After all, you never know when internal email might end up in a court document these days.

Windows Vista is still being rejected and GNU/Linux chosen for the server, according to this survey.

This survey continued the trend with 64% of users preferring to evaluate on Windows. Of interest is that 91% do not intend to use Vista but instead are staying with XP or Windows Server 2003. The logical conclusion from the analysis is the open source community either deploys on Linux, or stays with the Windows operating systems it has, not moving to Vista.

Eric Raymond, citing the Vista trouble, talks of Microsoft as a falling empire. He explains why in his personal blog which recently returned to life.

There’s another problem. Vista is so dead that Microsoft is already touting its successor “System 7″. Not end-of-lifing XP on schedule means they’ll actually have to support three different operating systems for at least the years until System 7 ships, and some time afterward. Even Microsoft is going to feel the strain, and ISVs are likely to play safe by writing to the minimum (XP) specification.

Raymond may be considered biased, but even a Windows-oriented Web site, Neowin, has published the article “Six reasons Microsoft will continue to lose market share.”

Microsoft has positioned itself at the top, a top that is targeted by hundreds if not thousands of companies. They have spread themselves from their core identities and they are opening themselves up for a loss of market share. For this article market share is defined as a broad term where Microsoft will lose users from its user base to its competitors.

Readers respond to this almost angrily.

Windows Vista 7 [sic] is not in a better position and according to the editor of The Inquirer, all that vapourware strategy might do a lot to lift GNU/Linux.

Microsoft CEO, the shy and retiring, softly spoken Steve Ballmer admitted that this was happening and seems to be slowly walking away from Vista.

[...]

It could be that this will be the moment for Linux to make its long awaited rise to fame. If firms want to cut costs but upgrade hardware then Linux ideas are probably the only way to go forward. Indeed some companies will be able to keep their older hardware for a bit longer.

Vista 7, it is worth remembering, is just another Vista.

Yet when InfoWorld gave Windows 7 a through benchmarking and shakedown, the result was the same ill foreboding that accompanied pre-release Vista (and proved all too accurate).

Online Business

We mentioned Jerry Yang earlier in the day. As everyone probably knows by now, he was pressured out, essentially giving room to Microsoft cronies who accommodated the company’s highest ranks (even Board of Directors) over the course of the past few months. Meanwhile, others pounded on Yang with Microsoft’s encouragement.

Yahoo has been struggling for months to improve its financial performance, but things have gone from bad to worse for the company this year, and its stock has sunk to a closing price of $10.63 on Monday. First, the company thwarted Microsoft’s unfriendly attempt to acquire Yahoo outright, and later just its search business, though Yahoo appeared to grow more interested in a deal even as Microsoft grew cooler. At one point, Microsoft offered to acquire the company at $33 per share.

Fortunately, Yahoo has begun negotiating with AOL.

Observers must be wondering whether, in internet economics, a negative added to a negative gives a positive. In other words, whether two losers getting together can do something against the apparently overwhelming competition from Google. The failure of Microsoft’s takeover bid for Yahoo this summer has already drawn criticism, in view of both Microsoft’s rather luckless efforts at internet search and Yahoo’s weak position. It is equally questionable whether an amalgamation between the troubled Yahoo internet group with Time Warner’s wobbly online subsidiary AOL, has any better prospects of success. According to German press agency DPA, Yahoo is negotiating a takeover of AOL.

According to the latest surveys, Google continues to gain, so there’s no real effect on them.

Google Inc.’s lead widened in the U.S. search market over Yahoo Inc. and Microsoft Corp. in October, a report shows.

Motivated by Boycott Novell, InformationWeek published this article about Microsoft’s latest attack on Google (via former seniors):

Two of ClickStream’s employees, CEO and co-founder Cameron Turner and senior research analyst Kim Anderson, used to work at Microsoft.

ComputerWorld covered this too, citing Boycott Novell as its source.

Mobile

On the face of it, Windows Mobile continues going the way of the dodo. Here are some of the latest reports which are left to readers’ judgment:

1. Microsoft’s mobile strategy has gone missing

Against this background, Microsoft’s continued tardiness in developing its own mobile strategy gets more worrying. At the company’s Professional Developers Conference recently, Windows Mobile was notable by its absence — and not for the first time. No clear guidance has been given for the next major revision of the software, and the trends are not good. It is now commonplace for flagship Windows Mobile handsets to come with a non-Microsoft web browser — a sign that something is badly broken.

2. Microsoft falls behind in mobiles

Microsoft chief executive Steve Ballmer – in Sydney the other day for a software developers conference – was quick to pour scorn on Google’s new Android mobile phone system when he turned up at a Telstra investor briefing.

3. Microsoft fixes Windows Mobile 6.1 email bug

Microsoft has patched a Windows Mobile 6.1 bug that left some users unable to send messages until they deleted and recreated their email accounts. The “Windows Mobile 6.1 POP and IMAP Send Mail Patch” is downloadable now, the company says.

This belated fix is also mentioned here. These are almost signs of neglect.

Failing Hardware Businesses

Microsoft’s CEO recently called Zune and XBox360 “funny products” because the company is unable to derive profit from them. Microsoft is now “hiding from the Zune,” as Matt Asay puts it.

The Seattle Post-Intelligencer spots – or, rather, doesn’t spot – the Zune in Microsoft’s new advertising for that uber-social iPhone “competitor.” According to Zune marketing director Adam Sohn, this is on purpose: “We’re trying to funnel people from the software side….You don’t have to buy the device immediately.”

Regarding XBox360, same old, same old. Microsoft’s servers are probably down again. There’s malfunction.

This weekend, Xbox Live is experiencing connectivity issues again and the company can’t find a solution yet. Larry Hryb, known by the pseudonym Major Nelson, said in his blog that these issues were resolved on Friday, only to correct himself on Saturday and reveal that “some folks are still having issues” and that “the Operations center is investigating.”

Hype Factor

The main thing going for proprietary software vendors is marketing. Lots of marketing! Just how much? Almost half a billion dollars for Apple, per annum. It’s about the same as Vista, which is a product, not a company. For Microsoft, it’s well over a billion overall.

Update: Microsoft spends more on advertising across all of its combined businesses than Apple does, but its Windows business is what competes most directly with Apple. Microsoft’s total advertising budget across all of its businesses, including Windows, Office, Xbox, and all the enterprise stuff, was the following (from the 10K): “Advertising expense was $1.2 billion, $1.3 billion, and $1.2 billion in fiscal years 2008, 2007, and 2006, respectively.”

This is also covered in:

1. Apple spends almost $500 million on ads

Apple spent $486 million on ads last year, up from $467 million the year before, and $338 million in 2006, according to a filing with the SEC. The ‘Get a Mac’ campaign was launched in mid-2006.

2. Analysis: Apple Ads More Effective Than Microsoft’s

Todd Bishop has crunched the numbers and found that Apple’s advertising success over the last year has paid off.

Microsoft’s marketing push is now becoming more desperate than Jerry Seinfeld and “Mojave”, not to mention mischievous guerrilla tactics.

Microsoft’s new ‘I’m a dork’ store

[...]

I’m a Microsoft critic, but it’s depressing to watch the company make such a lame attempt at creating its image as trucker “I’m a PC” hats. It can and should do better.

Microsoft is also using photos of its competitors’ products to promote its own.

Microsoft Using Apple’s Macbook Pro In Promotional Material?

[...]

[S]ometimes one encounters stuff that is just too good to pass. So that other day my dad bought a new HP Pavilion desktop, and since I am the geek in residence I ended up setting it up for him.

Priceless. Almost pathetic in fact.

Security

Quite a huge mess in the past week. Here is a quick roundup.

First of all, there is a kernel flaw in Windows Vista. Watch Microsoft’s schedule for addressing it:

A flaw in Vista’s networking has been found that can crash the system, but no fix is expected until the next service pack

Microsoft recently admitted that it took it 7 years to fix a bug, but now it’s coming up with excuses. A reader wrote to us about it, claiming that “the liars spinning press releases for Redmond claim that the patch was 7 years in the making because it would disrupt existing services. Contrast that to what they did with XP SP2, broke darn near everything…

http://news.cnet.com/8301-1009_3-10096611-83.html
http://www.theregister.co.uk/2008/11/17/ms_explains_patch_delay/
http://www.techworld.com/security/news/index.cfm?newsID=107034

“I guess what must have happened was that the hole started driving more people back to Samba,” he added.

Here is another new example.

Worm Risk Spurs Critical Microsoft Patch

This marks the first time since April 2007 that Microsoft has released a fix outside of its normal Patch Tuesday cycle; it was sparked by lessons learned from worm epidemics like Blaster and Slammer, which cost users billions of dollars to disinfect in 2003.

They also did this in Christmas. All versions of Windows had a “Critical” flaw which required an emergency patch..

Here is another new flaw that affects Microsoft Communicator and is highlighted in several Web sites right now.

Researchers at VoIPshield Labs have pinpointed a wide range of denial-of-service vulnerabilities in Microsoft Communicator, the unified communications that features business-grade instant messaging , voice, and video tools.

With such insecure-by-design systems [1, 2] abound, no wonder even kids can become botmasters and/or cyber-criminals.

Teen hacker confesses three-year crime spree

Known by the online handle of Dshocker, the 17-year-old Massachusetts hacker also admitted he breached multiple corporate computer systems, called in bomb threats and engaged in credit card fraud. The defendant, who was identified only by the initials N.H., pleaded guilty to charges in court documents that included one count each of computer fraud and interstate threats and four counts of wire fraud.

Symantec warned about unprecedented turbulence.

Symantec is warning of a sharp jump in online attacks that appear to be targeting a recently patched bug in Microsoft’s Windows operating system, an analysis that some other security companies disputed Friday.

Symantec raised its Threat Con security alert level from one to two because of the attacks, with two denoting “increased alertness.” But other vendors, including Arbor Networks and McAfee, said they were seeing no such activity.

Will there be more zombie PCs to join a faction of about 320 million? It sure looks like it, but the following article is peppered with ‘vapourware speak’.

Fake Windows “Antivirus” Code Infected 1 Million Computers

Even with Windows 7 in pre-Beta stage, Microsoft is emphasizing the need for end users to run security software with the operating system, indicating that it is working with members of the industry in order to have the first antivirus products tailored for the Windows client as early as the Beta development milestone. Fact is that the necessity to install security solutions is valid for all Window operating systems, not just Windows 7, but at the same time, there are some antivirus products that users need to steer clear of. Just in November, Microsoft contributed to removing malicious code posing as Windows antivirus solutions from approximately 1 million computers worldwide.

More of the same here:

Known as Kardphisher and “in the wild” since April, 2007, last week the malware author of this trojan horse mimicking the Windows XP activation interface while collecting the credit card details the end user has submitted, has made significant changes to visual interface and usability of the trojan, consequently improving its authenticity. Guess what happens when a gullible end user falls victim into this social engineering attack?

Zombie PCs aside (they spew over 100 billion SPAM per day), Microsoft is named the fifth most spammer-friendly harbour.

The software giant debuted on the list earlier this month at number 9 (one being the worst), and has slid over the past few days down to number 5. Spamhaus says spammers and scam artists are abusing Microsoft’s live.com and livefilestore.com properties to redirect visitors to sites that peddle fake pharmacy products, porn and Nigerian 419 scams.

Due so so many compromised machines, espionage and DDOS attacks ensue:

1. Pentagon Hit by Unprecedented Cyber Attack

“We have detected a global virus for which there has been alerts, and we have seen some of this on our networks,” a Pentagon official told FOX News. “We are now taking steps to mitigate the virus.”

[...]

Military computers are often referred to as part of the Global Information Grid, or GIG, a system composed of 17 million computers, many of which house classified or sensitive information.

2. Net bombarded by heaviest ever attacks this year

Online networks suffered their heaviest brute force attacks to date this year, with more sites than ever coming under sustained assault.

With so much trouble around, what would Microsoft do? Maybe ‘pull a Netscape’? It has just decided to bundle its security products with Windows, thereby gaining unfair advantage over a more advanced competition. Below we have some selective coverage.

Rivals: Low share led to drop of OneCare”

[...]

In a statement, Rowan Trollope, the senior vice president of consumer business at Symantec said:

We view this announcement as a capitulation by Microsoft, and a reinforcement of the notion that it’s simply not in Microsoft’s DNA to provide high-quality, frequently updated security protection.

Well, Symantec’s CEO has just announced his retirement/exit.

Here is some more coverage of interest:

1. AVG Sees Uphill Battle for Microsoft in Its Launch of Free Anti-Virus Software

Microsoft will also likely contend with a severe backlash from dissatisfied channel partners, whose margins and unit sales will be negatively impacted as a result of the free product offering, AVG believes.

2. Microsoft’s Morro Incites Mixed Feelings From Competition

Microsoft’s Morro, its new free antimalware software scheduled to be released next year, will probably not be a threat in the long run, major security companies say.

3. Microsoft kills Windows Live OneCare and Equipt subscription services

Microsoft’s Equipt — which Microsoft launched in July of this year — is dead and Microsoft is having to go back and pull copies of Equipt from the channel (Circuit City in the U.S. and DSGI in the U.K.). Microsoft is offering customers a pro-rated refund for the service and allowing purchasers to keep Office Home & Student edition for free forever, Microsoft officials said.

4. Microsoft give students the finger, once again

I wrote about Microsoft Equipt some months ago, and now that people are starting to buy it, they’re pulling it from the ranks. They’re pulling the product from all shelves, online and offline, but on the plus side, they’re allowing subscribers to get a pro-rata subscription refund and they’re letting you keep the Office Home & Student edition for free, forever.

This marks the death of yet another Microsoft product/service, this time the short-lived Equipt. It was Symantec’s CEO (or someone equally senior) who warned that without competition in this area, products will become very poor yet irreplaceable. This is a recipe for further problems where defenses are predictable, uniform, universal and therefore easier to consistently defeat. It’s not good for anyone. According to today’s BBC article, on-line crime is now estimated at billions, but should this be surprising at all?

Radiation

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

4 Comments

  1. Needs Sunlight said,

    November 25, 2008 at 6:31 am

    Gravatar

    Better with one subject per article so that the discussions can be more focused.

    Anyway, there is a remote vulnerability present in the current Windows Vista kernel, which will remain accessible at least until the next service pack (which is a long way off)
    http://news.cnet.com/8301-1009_3-10106173-83.html

    It’s not the first nor the last.
    http://news.cnet.com/8301-1009_3-10106173-83.html

    Windows Vista is full of holes. For security go with RHEL, ubuntu, Fedora, Debian, OpenBSD, Slackware, or just about anything except Windows.

  2. Roy Schestowitz said,

    November 25, 2008 at 6:33 am

    Gravatar

    I’ll slice it in the future.

  3. Needs Sunlight said,

    November 25, 2008 at 11:50 am

    Gravatar

    Ok. Thanks.

    The remote vulnerability is interesting. M$ apparently plans to leave it open until some months in the future. I wonder how they will try to spin or misrepresent the patch time?

    Two weeks ago the issued a patch for a problem made public two years ago. Also recently they issued a patch for another problem made public over 7 years ago. Some of those patches don’t actually fix the problem. How will they fit into M$ fake patching metrics?

  4. Roy Schestowitz said,

    November 25, 2008 at 11:56 am

    Gravatar

    > How will they fit into M$ fake patching metrics?

    See this. A secondary accumulation is this or this.

    Someone should coin the term “Goebbelsian Patching”.

DecorWhat Else is New


  1. Links 6/12/2021: LibreOffice Maintenance Releases, Firefox 95 Finalised

    Links for the day



  2. “Wintel” “Secure” uEFI Firmware Used to Store Persistent Malware, and Security Theater Boot is Worthless

    Guest post by Ryan, reprinted with permission



  3. No Linux Foundation IRS Disclosures Since 2018

    The publicly-available records or IRS information about the Linux Foundation is suspiciously behind; compared to other organisations with a "tax-exempt" status the Linux Foundation is one year behind already



  4. Jim Zemlin Has Deleted All of His Tweets

    The Linux Foundation‘s Jim Zemlin seems to have become rather publicity-shy (screenshots above are self-explanatory; latest snapshot), but years ago he could not contain his excitement about Microsoft, which he said was "loved" by what it was attacking. Days ago it became apparent that Microsoft’s patent troll is still attacking Linux with patents and Zemlin’s decision to appoint Microsoft as the At-Large Director (in effect bossing Linus Torvalds) at the ‘Linux’ Foundation’s Board of Directors is already backfiring. She not only gets her whole salary from Microsoft but also allegedly protects sexual predators who assault women… by hiring them despite repeated warnings; if the leadership of the ‘Linux’ Foundation protects sexual predators who strangle women (even paying them a salary and giving them management positions), how can the ‘Linux’ Foundation ever claim to represent inclusion and diversity?



  5. Microsoft GitHub Exposé — Part IX — Microsoft's Chief Architect of GitHub Copilot Sought to be Arrested One Day After Techrights Article About Him

    Balabhadra (Alex) Graveley has warrant for his arrest, albeit only after a lot of harm and damage had already been done (to multiple people) and Microsoft started paying him



  6. The Committee on Patent Law (PLC) Informed About Overlooked Issues “Which Might Have a Bearing on the Validity of EPO Patents.”

    In a publication circulated or prepared last week the Central Staff Committee (CSC) of the EPO explains a situation never explored in so-called 'media' (the very little that's left of it)



  7. Links 6/12/2021: HowTos and Patents

    Links for the day



  8. IRC Proceedings: Sunday, December 05, 2021

    IRC logs for Sunday, December 05, 2021



  9. Gemini Space/Protocol: Taking IRC Logs to the Next Level

    Tonight we begin the migration to GemText for our daily IRC logs, having already made them available over gemini://



  10. Links 6/12/2021: Gnuastro 0.16 and Linux 5.16 RC4

    Links for the day



  11. Links 5/12/2021: Touchpad Gestures in XWayland

    Links for the day



  12. Society Needs to Take Back Computing, Data, and Networks

    Why GemText needs to become 'the new HTML' (but remain very simple) in order for cyberspace to be taken away from state-connected and military-funded corporations that spy on people and abuse society at large



  13. [Meme] Meanwhile in Austria...

    With lobbyists-led leadership one might be led to believe that a treaty strictly requiring ratification by the UK is somehow feasible (even if technically and legally it's moot already)



  14. The EPO's Web Site is a Parade of Endless Lies and Celebration of Gross Violations of the Law

    The EPO's noise site (formerly it had a "news" section, but it has not been honest for about a decade) is a torrent of lies, cover-up, and promotion of crimes; maybe the lies are obvious for everybody to see (at least EPO insiders), but nevertheless a rebuttal seems necessary



  15. The Letter EPO Management Does Not Want Applicants to See (or Respond to)

    A letter from the Munich Staff Committee at the EPO highlights the worrying extent of neglect of patent quality under Benoît Battistelli and António Campinos; the management of the EPO did not even bother replying to that letter (instead it was busy outsourcing the EPO to Microsoft)



  16. IRC Proceedings: Saturday, December 04, 2021

    IRC logs for Saturday, December 04, 2021



  17. EPO-Bribed IAM 'Media' Has Praised Quality, Which Even EPO Staff (Examiners) Does Not Praise

    It's easy to see something is terribly wrong when the people who do the actual work do not agree with the media's praise of their work (a praise motivated by a nefarious, alternate agenda)



  18. Tux Machines is 17.5 Years Old Today

    Tux Machines -- our 'sister site' for GNU/Linux news -- started in 2004. We're soon entering 2022.



  19. Approaching 100

    We'll soon have 100 files in Git; if that matters at all...



  20. Improving Gemini by Posting IRC Logs (and Scrollback) as GemText

    Our adoption of Gemini and of GemText increases; with nearly 100,000 page requests in the first 3 days of Decembe (over gemini://) it’s clear that the growing potential of the protocol is realised, hence the rapid growth too; Gemini is great for self-hosting, which is in turn essential when publishing suppressed and controversial information (subject to censorship through blackmail and other ‘creative’ means)



  21. Links 4/12/2021: IPFire 2.27 Core Update 162 and Genode OS Framework 21.11

    Links for the day



  22. Links 4/12/2021: Gedit Plans and More

    Links for the day



  23. Links 4/12/2021: Turnip Becomes Vulkan 1.1 Conformant

    Links for the day



  24. IRC Proceedings: Friday, December 03, 2021

    IRC logs for Friday, December 03, 2021



  25. Links 4/12/2021: EndeavourOS Atlantis, Krita 5.0.0 Beta 5, Istio 1.11.5, and Wine 6.23; International Day Against DRM (IDAD) on December 10th

    Links for the day



  26. Another Gemini Milestone: 1,500 Active Capsules

    This page from Balázs Botond plots a graph, based on these statistics that now (as of minutes ago) say: “We successfully connected recently to 1500 of them.” Less than a fortnight ago more than 1,800 capsules overall were registered by Lupa, almost quadrupling in a single year



  27. [Meme] António Campinos and Socialist Posturing

    Staff of the EPO isn’t as gullible as António Campinos needs it to be



  28. António Campinos as EPO President is Considered Worse Than Benoît Battistelli (in Some Regards) After 3.5 Years in Europe's Second-Largest Institution

    The EPO's demise at the hands of people who don't understand patents and don't care what the EPO exists for is a real crisis which European media is unwilling to even speak about; today we share some internal publications and comment on them



  29. Media Coverage for Sale

    Today we're highlighting a couple of new examples (there are many other examples which can be found any day of the year) demonstrating that the World Wide Web is like a corporate spamfarm in "news" clothing



  30. Links 3/12/2021: GNU Poke 1.4 and KDDockWidgets 1.5.0

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts