[Security] Microsoft sneaks in updates while no one's looking

Before, I called Microsoft's Windows Genuine Advantage Tool as spyware. Now, another suspicious activity regarding Windows XP and Vista has been reported.

InformationWeek reports on Microsoft secretly updating Windows Update, the tool used by Windows for checking and installing patches to the operating system, even if the Windows Update is turned off by the user. In short, the operating system is being updated without the user's permission.

Microsoft's stance was understandable but quite risky. As Bruce Schneier opines:

Note that Microsoft can do this; that's just stupid company stuff. But what's to stop anyone else from using Microsoft's stealth remote install capability to put anything onto anyone's computer? How long before some smart hacker exploits this, and then writes a program that will allow all the dumb hackers to do it?

When you build a capability like this into your system, you decrease your overall security.

For Windows users: have you turned off Automatic Updates? Why?

[Security] What were you thinking, Microsoft?

By default, Windows does not display the extension names of common file types. This was OK until someone sleazy took advantage of that oversight and used that as a social engineering tool.

The I Love You virus (VBS_LOVELETTER) is such a simple worm, very small since it is only a script. Yet it had caused much damage, and put the Philippines in the malware map. All because it appeared as a text file and its name made a lot of people curious. All because Windows hid the extension name. All because Microsoft thought VBScript files were common.

Microsoft Vista was supposed to be a secure OS, but it seems Microsoft has not learned its lessons (or it is being stubborn). In its weblog, F-Secure laments the fact that Vista by default does not display the file extension names. I ask the same question that the post author posited: "What were they thinking?"

[Web] Free the Internet?

I came across this very interesting BBC article by Bill Thompson wherein he discusses how the freedoms that have made the internet so popular are slowly being challenged with the introduction of new technologies like Windows Vista that seek to implement greater controlls on what information becomes accessible and of course the neverending push of DRM groups to protect their copyrights at the expense of internet freedom.

read more digg story

This was also an experimental posting from Digg, at least for me.

[Microsoft] Enter: Vista

Today's the "big" launch of Windows Vista, the latest version of the Windows Operating System.

Of course the question on everyone's mind is if it's worth the time, effort and most of all money to switch to the new OS already. The Geeky Guide has been doing its part to research possibilities, and here's what we've come up with in terms of research data.

Dropping by CNET.com, there's a lot to be said about Windows Vista, of course. There have been some disappointments for XP users upgrading to Vista since the new license policy doesn't allow for a clean install - you need a certified version of Windows XP still installed on your PC. Furthermore, experts are saying Vista isn't worth solely the security aspect in terms of a purchasing decision. Vista for now performs similary to a well-patched Windows XP so security alone shouldn't force a decison. Heck, most users are going to end up with the home edition, won't even get all the security features that the Microsoft marketing folk keep ranting about.

I guess if you really want to experience Aero, then go right on ahead and upgrade. Otherwise, it's better to wait it out some more while the other software and hardware companies catch up in making their products fully compatible with the new OS.

PC World also had a lot of interesting things to say about Vista's release. They have both a list of 15 reasons to switch and why you shouldn't as well, and both sides present some pretty interesting arguments. Of course for those wanting to just know more about what it's all about, try checking out this extensive guide. Lastly, if you're just after the look-and-feel of the new OS, you might want to experiment with these Windows XP hacks to make your PC run like Vista.

On the other side of the fence are those that argue that this is also a good time to consider switching to a new OS since migrating to Vista will have a learning curve factored in as well. You can consider going Mac now or perhaps trying Ubuntu Linux as some bloggers argue. (Credit to Digg for that last reference.

Personally, I think it's too early to tell if it's worth the switch. For now I'm staying with XP unless I need to get a new computer. Only then will I consider going the Vista route, or perhaps I'll finally make that switch to Ubuntu, hehe.

Related Links:

• Engadget: Windows Vista in pictures
  
• CNNMoney.com: Microsoft launches Vista worldwide
  
• CNET.com: Windows Vista Complete Guide
  
• CNET News.com: Vista's actual launch? Think whisper, not bang
  
• ZDNet News: A frat party for Vista's debut
  
• Gizmodo: Vista Launch Party Schwag Bag: Add It Up

[Tech News] Now McAfee Has Joined the Fray

Previously, I had written about Symantec's complaints about Microsoft and how they've been handling the information around Vista's security features. Microsoft's current claim is that they're choosing to keep the information secure from third party groups in order to better secure the new operating system.

This week McAfee joined in the calls for Microsoft to disclose the needed code for their own security applications to interface or even replace (hence shut down) Microsoft's security applications what are set to be bundled with the Vista operating system.

Things are definitely going to be messy and I'm fairly certain they'll only escalate as we near the official Vista launch by next year. Current reports are that Microsoft only expects to publish one more version of the OS, Vista RC2, prior to the final launch. It's really not that far off, when you put things into perspective, and this means the computing world is going to go through another ripple of change as everyone scambles to adapt to the new operating environment.

With luck, we the users will be the ones to benefit, but somehow I'm not quite sure if that's really what is primarily in the minds of these big software companies. Only time will tell.

[Tech News] Breaking Into Windows

CNet News reports that Symantec has accused Microsoft of withholding key APIs for Windows Vista, which in turn gives the software giant an undue advantage in the security market.

In case you haven't been following the news, Window Vista is the next big upgrade to the largely successfuf Microsoft operating system, which is touted as their most secure OS to date. There are a host of security features that have been announced as part of the Vista package, many of them being direct competitors to other existing security software out in the market today.

The arguments raised by security companies like Symantec are that Microsoft are deliberately keeping the lid on the information they need to make their programs compatible with the default security programs that are a part of Vista such as Windows Defender and Windows Vista Firewall. If the third party software providers are unable to make their products compatible with Vista in time for the October production releases of the newer Vista-compatible PC units of the various manufacturing companies, they stand to miss out on providing their products to Windows Vista customers.

Microsoft stands to benefit from such a scenario given they're only recently entered the security market. Keeping their application programmable interfaces (APIs) private can force third party groups to customize their products to work within Vista's security suite as opposed to replacing Vista's applications with their own products.

It's unlikely that Microsoft will necessarily go to this extreme in order to promote its own products at the expense of others given their previous history with antitrust suits in Europe including the EU's current scrutiny the upcoming Windows release. Let's face it - they can't be that stupid, can they?

This promises to be an interesting release, to say the least. As 2007 draws closer, more and more complications appear to be popping up left and right. This is not something all that new - I don't think there have been any new Windows releases in recent history that have not been met with concerns as varied as they appear to be today.

[Firefox] Bon Echo Release Candidate 1

We're certainly in a Release Candidate 1 (RC1) period for a lot of the next generation products coming out. Recently we've seen the release of Microsoft's Windows Vista RC1 (5600) followed briefly by Release 5728, which has been reported to be unstable. Now it's Mozilla's turn to release their own RC1 product.


Just yesterday Mozilla Firefox 2 RC 1 (previously code named Bon Echo) was released for public download. While personally I've yet to test the new version myself, reviews are already popping up left and right such as CNET Reviews First Look at the new Firefox.

The new Firefox has a number of new features such as an enchanced visual interface, built-in phishing protection, improved tabbed browsing, session management, in-line spell checking and many more as documented in the release notes previously linked to. The CNet take on the new product warns that this release is more suited to experienced programmers and developers rather than for your average user. Given the final version of the browser is expected by the end of next month, it might be advisable for most people to wait for the finished product.