Latest Posts

Latest Comments

Archive for the ‘Microsoft’ Category

Microsoft fighting for open standards?

By Fjodor on Feb. 16, 2007.

As may be known to you, proposals for open, XML-based document formats have been submitted to the ISO/IEC. Open Document Format (wikipedia article), ODF, meets the usual requirements for being an open standard, and on the outside, MS’ competing format Office Open XML (wikipedia article), OOXML, appears to do so as well.

ISO adoption of the OOXML format has been blocked by IBM, backing ODF, which has sparked this open letter from MS, stating among other things that

When ODF was under consideration, Microsoft made no effort to slow down the process because we recognized customers’ interest in the standardization of document formats.

While it is true that MS did not hinder the standardisation process, it certainly did not forgo chances to hinder the adoption of it by interested parties: Inside story: How Microsoft & Massachusetts played hardball over open standards, Computerworld.com.

Furthermore, while a proposed standard may be openly presented, that certainly does not mean that it is openly implementable, as this article shows.

I will let it suffice to ask, if a standard containing the tags “lineWrapLikeWord6”, “useWord2002TableStyleRules” or “useWord97LineBreakRules” conveys a sense of openness or interoperabilty, considering that the formats for Word 6, Word 97 and Word2002 are strictly closed.

MS’ answer to Rutkowska: UAC is not about security afterall

By Fjodor on Feb. 14, 2007.

Seems MS has an answer for Joanna Rutkowska (her blog entry), with regards to the situation described in my last post.

Contrary to all statements leading up to the Vista relase, she quotes Mark Russinovich of MS as writing that UAC is not “a security boundary”, and thus that:

Because elevations and ILs don’t define a security boundary, potential avenues of attack, regardless of ease or scope, are not security bugs.

So, not only is the much hyped security measures not reagarded as security measures by MS, and thus their failing to provide security is a non-bug.

Now isn’t that lovely?

Category: Microsoft

1 Comment

Joanna Rutkowska on Vista security

By Fjodor on Feb. 14, 2007.

Rutkowska is trying out Vista. And as always, it seems to be a different world than what MS marketing would have us believe…

Quote from her blog:

One thing that I found particularly annoying though, is that Vista automatically assumes that all setup programs (application installers) should be run with administrator privileges.
[…]
That means that if you downloaded some freeware Tetris game, you will have to run its installer as administrator, giving it not only full access to all your file system and registry, but also allowing e.g. to load kernel drivers!

Now how about that. She describes the XP option of customised privileges, enabling the user to assign only the strictly required privileges for installing software, and still disallowing e.g. loading kernel drivers. Seems neat, but, alas, a thing of the past.

Next, she finds that while Vista still does go through some work to protect itself, it seems a little more careless with actual user data. In other words, even processes running at the lowest “Integrety Level” might still read data from more privileged processes. As she puts it:

So, the statistics look better and everybody is generally happier. Including the competition, who now has access to stolen data 😉

She goes on to describe her ability for an “IL” process to send keyboard and mouse events to a shell running as Administrator. How very reassuring.

Go Vista!

Category: Microsoft

1 Comment

Vista and HD content? Not likely…

By Fjodor on Feb. 13, 2007.

This almost speaks for itself: A Cost Analysis of Windows Vista Content Protection. Therefore I shall restrain myself to this little nugget of totalitarian gold from MS’ specs and a comparison:

“It is recommended that a graphics manufacturer go beyond the strict letter of the specification and provide additional content-protection features, because this demonstrates their strong intent to protect premium content”

…which seems unscrupulously close to Sir Ian Kershaw’s concept of “working towards the Führer”, as explained by this http://goodreports.net book report on his “Hitler: Nemesis 1936-1945”:

“‘Working towards the Fuhrer.’ What this refers to is the way in which radical actions were often instigated from below, not as the result of express directives, but because they were felt to be in line with Hitler’s broadly defined aims.”

Now, I am not saying that the software business is comparable to the holocaust. Not by a long shot. However, it would seem that MS is trying, in the first, to reap the benefits of a mechanism, that was an instrumental factor in the radicalisation of the second.

Category: Microsoft

1 Comment

Vista and security practices

By Fjodor on Feb. 13, 2007.

Extremetech has tested 25 games on Vista, and though I am not a gamer, I thought I’d take look. It does have some interesting tidbits, considering normal security practices.

In the section about Battlefield 2, it is noted, that to connect to servers employing Punkbuster protection, you need to run the game with Administrator privileges, seeing this as being somewhat of a non-issue (“That little fix allowed me to jump on any server with Punkbuster enabled…”).
This procedure is referred to a number of times, either as not needed or as a normal procedure (“This is starting to look like a pretty common cure-all for Vista games compatibility issues.”, “…and only a handful needed just a minor tweak or two, like running the game as Administrator”). Now, how is that for security, running large, networked, closed-source, cracker-luring programs with full privileges on the system?

Another little thing, concerning Lord of the Rings: Battle for Middle Earth II, Rise of Legends, is seen as a feature. I am oblivious to the actual procedure of adding anything to the Windows Firewall, but even assuming a dialog window, many users would undoubtedly be compelled to just click on “Yes” and be done with it: “As it does with Windows XP, the game can add itself to the Windows Firewall exception list to make sure online play isn’t blocked.”. Now that just makes me feel warm and fuzzy all over…

And you thought they limited you with Vista?

By Fjodor on Feb. 13, 2007.

Modular operating systems are a good idea. Not a new idea, though. But wouldn’t it be wonderful, if you could distribute just the bare minimals (as in ability to boot and upgrade, nothing more), and have the user pay for every little extension like running more than a very few apps, connecting devices, browsing the web?

Now, it could almost be argued, that what was harder to code should cost more, but in the case of number of apps, it would actually be harder to limit the number than the opposite. Likewise, network must be present to download extensions, so it would be harder to code restrictions there too. And USB? Obviously, the user must at first startup be able to have keyboard and mouse. Including that functionality, but restricting all else is also harder.

So what’s the point? Why, testing the limits of user abuse comes to mind, but then again that limit seems nonexistant, since people actually want to use Vista.

Your money, that’s what.

Cue This patent application and Groklaw’s
take on it
.

Best US business reputation?

By Fjodor on Feb. 13, 2007.

Wall Street Journal reports (here) that Microsoft tops US business reputations. Apart from being completely nonsensical for MS to top such a list, it seems they owe the position to the charitable donations of The Bill and Melinda Gates Foundation. Now I can almost see a where people might get the idea that this is fair, however when mr. Gates is at the helm, it would seem inevitable that inferior ethics plays a part:

Fighting diseases in developing countries?
Dark cloud over good works of Gates Foundation

Fighting homelessness in the US?
Money clashes with mission

© 2017 - Fjodor's thoughts
Designed by Shauryadeep Chaudhuri
Coded by XHTML Valid
Minor modifications by Fjodor

Powered by WordPress

FireStats icon Powered by FireStats