Fjodor's thoughts » Microsoft

Microsoft getting nostalgic?

Fjodor — Thu, 10 Sep 2009 09:37:53 +0000

If the reader remembers the days of Windows 95 and NT, she should also remember the teardrop attacks.

It would appear that some brave MS programmer pined for those days of remote BSODs, and thus has reintroduced this beloved feature in the SMB2 protocol driver in Vista and Windows 7.

Kudos!

Now, where did that file go?

Fjodor — Fri, 20 Jul 2007 15:14:04 +0000

Hal Licino did an interesting experiment, suggesting that Hotmail loses an indecently high number of mails containing attachments. Worth noting, he did the experiment with paid for accounts, not the free ones, even though the numbers would be outrageous even if that was the case.

Lost any mails in transfer lately? Using Hotmail? Go sue someone!

Testing vista for 30 days -> data loss and instability

Fjodor — Thu, 05 Apr 2007 08:47:55 +0000

HardOCP.com writer Brian Boyko took Vista for a spin, using it exclusively on his home machine for 30 days, resulting in 30 Days with Windows Vista.

It is a lengthy piece, seems unbiased, and he even puts in a nice little disclaimer, stating that he is by no means an MS-basher. It could be hard to tell, though, from what he has to say about Vista.

The only mildly interested readers should at least read the conclusion (reachable from the article front page).

When the Blue Screen of Death may be just that

Fjodor — Mon, 26 Feb 2007 18:58:37 +0000

I will probably never be heard touting the security and reliability of Windows. Never have, can’t see it happening anytime soon. It would seem however, that the UK’s Royal Navy is more easily impressed.

Cue Windows 2000 for Warships… Am I the only one who remember the case of Windows 2000 and LAX not mixing well?

UAC (still) not a security boundary

Fjodor — Mon, 26 Feb 2007 18:13:59 +0000

Once again, a UAC vulnerability has been found. And once again, MS fails to see it as a problem…

Speak up or shut up

Fjodor — Mon, 26 Feb 2007 13:58:10 +0000

Known to most, Mr. Steve Ballmer has repeated ad nauseam his claims that Linux infringes on MS intellectual property. And contrasting his claims has been the utter reluctance to name even one case in which it is true.

Sometimes someone has to call “enough”, and thus has come forward this open letter, urging MS to either identify problem areas or stop spreading unfounded FUD.

I call it most welcome, however the outcome may be.

Microsoft “lost” evidence in Burst vs. Microsoft

Fjodor — Sat, 17 Feb 2007 18:25:17 +0000

Remember the “Burst vs. Microsoft” case?

At some point in time, Microsoft were ordered to deliver copies of email correspondence relating to Burst, but told the court it would be infeasible. The order was none the less repeated, but before said emails were delivered, the case was settled. Robert X. Cringely covered the case, and he recently received an email from a contractor involved in backup procedures within Microsoft.

The following timeline seems to cover the problem of the email correspondence:

Microsoft is ordered to hand over the emails.
Microsoft informs the court that this would be infeasible
None the less, Microsoft instructs their contractors to gather backups from the specified period, and store them at a given location
The court repeats it’s orders
The backup contractors discover that the previously gathered tapes are “mysteriously missing”, and are held responsible by Microsoft
The case is settled out of court without Microsoft producing the emails

How very convenient, and how very sad.

Microsoft fighting for open standards?

Fjodor — Fri, 16 Feb 2007 19:16:34 +0000

As may be known to you, proposals for open, XML-based document formats have been submitted to the ISO/IEC. Open Document Format (wikipedia article), ODF, meets the usual requirements for being an open standard, and on the outside, MS’ competing format Office Open XML (wikipedia article), OOXML, appears to do so as well.

ISO adoption of the OOXML format has been blocked by IBM, backing ODF, which has sparked this open letter from MS, stating among other things that

When ODF was under consideration, Microsoft made no effort to slow down the process because we recognized customers’ interest in the standardization of document formats.

While it is true that MS did not hinder the standardisation process, it certainly did not forgo chances to hinder the adoption of it by interested parties: Inside story: How Microsoft & Massachusetts played hardball over open standards, Computerworld.com.

Furthermore, while a proposed standard may be openly presented, that certainly does not mean that it is openly implementable, as this article shows.

I will let it suffice to ask, if a standard containing the tags “lineWrapLikeWord6″, “useWord2002TableStyleRules” or “useWord97LineBreakRules” conveys a sense of openness or interoperabilty, considering that the formats for Word 6, Word 97 and Word2002 are strictly closed.

MS’ answer to Rutkowska: UAC is not about security afterall

Fjodor — Wed, 14 Feb 2007 08:58:40 +0000

Seems MS has an answer for Joanna Rutkowska (her blog entry), with regards to the situation described in my last post.

Contrary to all statements leading up to the Vista relase, she quotes Mark Russinovich of MS as writing that UAC is not “a security boundary”, and thus that:

Because elevations and ILs don’t define a security boundary, potential avenues of attack, regardless of ease or scope, are not security bugs.

So, not only is the much hyped security measures not reagarded as security measures by MS, and thus their failing to provide security is a non-bug.

Now isn’t that lovely?

Joanna Rutkowska on Vista security

Fjodor — Wed, 14 Feb 2007 08:35:10 +0000

Rutkowska is trying out Vista. And as always, it seems to be a different world than what MS marketing would have us believe…

Quote from her blog:

One thing that I found particularly annoying though, is that Vista automatically assumes that all setup programs (application installers) should be run with administrator privileges.
[...]
That means that if you downloaded some freeware Tetris game, you will have to run its installer as administrator, giving it not only full access to all your file system and registry, but also allowing e.g. to load kernel drivers!

Now how about that. She describes the XP option of customised privileges, enabling the user to assign only the strictly required privileges for installing software, and still disallowing e.g. loading kernel drivers. Seems neat, but, alas, a thing of the past.

Next, she finds that while Vista still does go through some work to protect itself, it seems a little more careless with actual user data. In other words, even processes running at the lowest “Integrety Level” might still read data from more privileged processes. As she puts it:

So, the statistics look better and everybody is generally happier. Including the competition, who now has access to stolen data

She goes on to describe her ability for an “IL” process to send keyboard and mouse events to a shell running as Administrator. How very reassuring.

Go Vista!