Brian Krebs from The Washington Post has been advising the average Windows user on various things. A while ago, people started asking him if they could trust a Service Pack for the .Net framework. While you probably are well aware about .Net, what it is and what it does, many people are not. So Brian took it upon himself to test the SP and after some time gave it a go.

However, it seems now that when installing this update, Microsoft is so friendly to add their own add-on for FireFox. While it is nice to see that MS is acknowledging FF as a major player in the browser world, it is not the normal way to install add-ons. One of the great features of FF has always been it extendability, but moreover the choice what & when to extend it.

No big deal right? Let’s just go and remove this unwanted extension. Right, this would work with any other developer, but we are dealing with Microsoft, which means the ‘Uninstall’ button is disabled, and removing the add-on is only possible through some obscure registry hacks, with which you don’t only risk in breaking the good operation of your favorite browser, but also your whole OS when you don’t really know what you’re doing.

Nobody really knows how this add-on behaves, but personally I don’t like this situation at all. Like Brian says in his article, it makes you wonder what else Microsoft’s installs behind your back… Maybe calling this malware is a bit over the top, but nevertheless I’m going to tag this post with it, since such behaviour is typical for malware, and it’s not because it’s coming from MS that we should keep one eye closed.

It’s already bad enough the Redmond company does not seem to be able to create a decent browser of their own, but now they seem to have to mess up the work of others as well. I for one am not very happy with this. In fact this makes me going to avoid Microsoft software even more than before, and I hope the same for you as well… Remember, it’s for your own good .

But what is happening in the corporate environment? Well, this aren’t looking so gloomy there… InformationWeek is reporting that a staggering 83% of businesses will not upgrade to Windows 7 next year. So what is happening there?

Well of course our Redmond friends are still suffering from a big PR problem surrounding Vista. With this OS being plagued with so many problems and incompatibility, it’s only natural the corporate world is not very enthusiastic about it. While Windows 7 looks promising from an end-user point of view, IT professionals say that most of the important functionality needed for a successful deploy-scenario are still missing. One of the key ingredients here is the fact that you can’t really upgrade from XP to 7. A clean install seems necessary. Also since 7 shares the code-base of Vista, many of the compatibility problems will remain, and companies just can’t afford any major downtime in the current economical climate, at least not because of a Windows upgrade…

While XP still holds a lot of popularity, it’s death is getting very near as well. Mainstream support is ending today (Tuesday), and many businesses that won’t make the leap to 7 immediately risk of getting trapped in a no-service period spanning the duration of their waiting. Additionally, the 9 year old OS is getting out-dated, with little to no support for current hardware advances that are being sold for a couple of years now (hello!? multi-threading support?!)

Microsoft definitely needs to step it up a notch, fixing both their shattered reputation and the remaining technical issues responsible for the upgrade hold-offs.

On the security side it’s probably a bit early to tell. It’s clear that Microsoft has plenty of experience creating relative insecure browsers and hopefully they have learned from earlier mistakes. Of course you have to look at this in perspective. IE still is the one with the biggest market share, so it only makes sense that more security issues and bugs are found faster. This in turn is also the main reason the browser is targeted the most by malware authors. On the other hand, being the leading software in your field, my opinion is that security should be top priority. I’m not saying it isn’t over at Redmond, but we can all agree it doesn’t always look that way. Surely problems will arise sooner or later, whether IE8 will live up to it’s expectation here, I guess only time will tell.

So what about the standards side? I for one can only be happy with the fact that finally Microsoft has decided to be more standards-compliant. This is definitely a step in the right direction. But let’s take a closer look… Over at the IE blog, there’s an interesting post about backwards-compatibility. To ensure that old(er) sites work seamlessly with this new version, IE8 is getting shipped with what is called Compatibility View. This mode is there to make sure IE7 code still runs on IE8, even if it’s not really adhering to the standards. And I think here is where the problems start. If you browse down on the blog-post to the comments, you can see a lot of people are concerned about this. In essence IE8 is providing 2 new ways of rendering pages. One of course using the native IE8 mode, using the provided standards, the other one implementing sometimes strange behaviour in handling code. This is surely going to cause quite some headaches with developers.

Last but not least, I’d like to share some Microsoft marketing trick I found lining out the different loading times of IE8, Firefox and Chrome. Personally I found the video quite funny, but what scares me is that a lot of end-users will walk right into this. I’m not saying the claims made are wrong or twisted, but I do wonder if people really think speed is THAT important. Let’s be honest here, who really cares if a site takes one of half a second longer to load in your browser of choice. Differences like this are really marginal. What should matter most is the overall performance of the application, on all domains. Such a campaign proves one thing for me: Microsoft is really feeling the heat from Firefox and Chrome breathing down it’s neck. They are afraid, and they should be!

Downadup is one of the nastiest worms I’ve seen in my professional history. Having quite the amount of hands-on experience with it myself, I can say that I haven’t seen such a persistent one before. And I’m not alone… F-Secure reported Friday in a blog-post that they estimate the number of affected machines to be over 8 million. EIGHT MILLION!!! My god…

So what happened? Well the worm seems to be detected first late September, using a flaw in one of Windows’ services which allowed it to brute-force account passwords it spread rapidly. Once successful, it starts spreading itself through network shares, USB-sticks and other computers affected by the same security hole. Late October, Microsoft released an emergency patch to fix the hole, but a lot of machines still remain unpatched, thus very vulnerable.

A lot of corporate networks got infected as the worm spread havoc using the exploit. It locked users out of their accounts by keeping on guessing the password. Once on the machine, it starts securing the places it uses by removing all access rights to parts of the file system and registry, making it very hard to remove. Once your network is infected, it feels like your efforts to wipe out the worm are like carrying water to the sea. Counter-measures like installing the MS-patch and updating your anti-virus solution do help, but seem to only slow down the spreading. Use of USB sticks should definitely be heavily restricted, or if possible be banned completely.

To make things worse, the worm in some cases renders the infected computer useless, using methods like stopping services or using excessive bandwidth. It’s ability to install third-party malware such as trojans and other viruses, which gives full control over the machine to the worm author(s), doesn’t help either.

I think we haven’t seen the last of this one yet. The biggest question I think is, if you ever get your network clean again, how can you be sure no remnants are left behind. After all, as with any virus or malware, can you ever be sure you are completely safe? I guess only time will tell…

The new software, codenamed ‘Morro’ is supposed to be a light version of OneCare.  The program will be used to detect viruses and other types of malware. Other features that are present on OneCare, like the defragmentation and backup tool, will not be included in Morro.

This is probably a good thing for the consumer market, but don’t get too enthusiastic. After all, we’re still talking about Microsoft here. While I don’t have any experience with their current suite, I doubt it is as good as other commercial or even free alternatives. On the other hand, they know the Windows system better than anyone else, so if they take this thing serious enough, this might just become something all Windows-users want!

Surely to be followed…

Meanwhile, the Redmond company is almost begging hardware vendors to not make the same mistake as happened with Vista. When Vista first came out, finding good drivers for it was hell. One of the most important reasons for this was of course that at the time, Microsoft decide to use a completely new driver model, forcing the vendors in writing drivers for Vista from scratch.

While this is not the case for Windows 7, as it continues to build on the Vista model,  drivers that were built for Vista should work with 7 as well after some minor changes. This is definitely an advantage and will ensure that this new version is not badly perceived from the start (well, concerning drivers at least ).

On the other hand, there probably won’t be that much time for private testing. As said above, a public beta is to come out beginning 2009, and Microsoft is already hinting on an official release later that year. Of course nothing official yet (as usual from the Redmond boys).  Because of this, M$ is urging the HW-vendors to already start testing on the pre-beta, which of course also has been leaked already on many torrent sites.

A little note on this pre-beta though. All of you thinking to take a quick peek already at the new hot features coming up, hold your horses, as this release hardly stocks any of the new goodies. In fact, I tried to install this release myself on my VirtualBox, but the install failed .

Finishing up this article, I’d like to share with you all a rather funny post I found on the Net, concerning Microsoft’s plans to re-release almost every Windows version ever. Have fun!

More in detail, the vulnerability is caused by a hole in the Server Service. Using a custom crafted RPC-call, an attacker could execute code without any authentication. All current supported platforms are affected, but mostly Windows 2000, XP and 2003 are the most vulnerable. For Vista and server 2008 the bug is marked ‘Important’, as on these platforms there is already a double-check through the much debated UAC option.

However it needs to be noted that even without patching, you can successfully protect a computer against the attack by properly using the firewall, or of course turning off the file-sharing option.

The striking fact is that usually Microsoft doesn’t like to deviate from their normal patch cycle. In fact, this has only happened 3 times before according to the Washington Post. So when the Redmond boys do, it usually means the hole is already being used to break into machines.

I’d recommend to everyone to update their Windows machines as soon as possible, either by using Windows Update, or by visiting the Microsoft Update website.

Included will be Windows Search 4, wireless Bluetooth support, support for the new VIA 64-bit CPU and additional application compatibility updates.

Considering that SP1 is still pretty fresh, it’s kind of a surprise to already see a second version coming out. This is probably because Microsoft wants to release the final version of SP2 well before the launch of their new OS, Windows 7. It probably is meant mostly to convince those people who have not yet made the switch from XP to Vista.

I’m seriously doubting this will work. Seeing in my own environment, most people still prefer XP over Vista, as the latter is not really conceived as being worth going through the trouble of upgrading. Also the fact that a lot of people need to upgrade their hardware only to be able to run it in a comfortable way, doesn’t strike me as a good point . And also the corporate world is still not convinced. Although some of us already switched to Vista (mainly for testing purposes), my manager even refuses to think about it, as it’s just too much of a hassle. I think there’s a lot of companies, who’s core task isn’t technology, are taking the same stance.

However for those already running Vista, this is definitely good news. Where SP1 already fixed a lot of buggy things, hopefully this new one will pick up where SP1 left off. Personally I can’t wait to get it, but I’m not that crazy to go install the beta though… In this case, and knowing Microsoft reputation, the best thing to do is wait for the stable release.

Many fellow bloggers on the Net are of course flaming Microsoft for this decision. Personally, I don’t care so much, but one has to scratch his head at the following statement:

Simply put, this is the seventh release of Windows, so therefore “Windows 7″ just makes sense.

Now, in my opinion, however you look at previous Windows releases, there is no way that this counts up to the seventh release…

Yet again, Microsoft techs seem to be intimidated, owned, bitchslapped, whatever you want to call it, by their marketing department. Or not? Let’s face it, nobody really cares about what they name it, as long as it functions. I see a lot of discussion about kernel version numbers here & there, release dates, versions, all the mumbo jumbo, but what the heck, let’s cut them some slack…

Now people who know me will attest to this, I’m not the biggest Microsoft-fan on the globe. Hell, if I’d get it my way, they’d probably have a lot less market-share. But ever since they released Vista, I’ve been seeing light at the end of the tunnel.

Yes I know, Vista is not perfect, but what OS is (and no Linux isn’t either )?? In the end, it all depends on preference, just with about anything else in life. Let’s just hope the Microsoft-boys will have learned from their mistakes with Vista. If so, I think we can expect a hell of a good release with this new version.

Anyway, the beast is out . Seems they will be handing out pre-beta versions to some developers soon, so now the wait for the rest of us to find them on torrent-sites begins!