Microsoft must kill Apple’s tablet before it can strike

posted on August 4, 2009 by Bryant Zadegan

No Apple tablet, yo Lots of people are asking for the logic behind Apple’s apparent move into the tablet market. Matthew Miller of ZDNet posted this inquiry-of-a-post asking for any potential reason for why Apple would want to enter the tablet game, but it seems he (and two of my favorite colleagues, Mary Jo Foley and Zack Whittaker) may have missed the answer:

Students.

Many schools suggest tablets for note-taking or engineering work. Heck, some even mandate them. This market is currently owned by Microsoft, and given Apple’s de facto hip-couture status in universities, it’s only logical to see that Apple wants to snatch the remaining Windows tablet users and turn them to the dark side, preferably before Windows 7 strolls along. My own discussions with students of various universities which suggest or mandate tablets (the biggest one which comes to my mind is a school I was considering attending myself and which currently lists as alumni a few of my friends, Virginia Tech), lead me to believe that a vast number of the attending students wish they could use Apple’s own hardware. Sure, there are a few hackintoshy solutions (modbook) but these aren’t official, supported by Apple, or anywhere near as “hip.”

Granted, Apple’s rumored tablet offering isn’t actually aiming for the engineering students, but that’s beside the point. The point is that if one Apple tablet succeeds, they will swiftly aim for turning it into a billion-dollar business, just as they have with the iPod, the iPhone, et. al.

Here’s the problem: Microsoft is coming with Windows 7 on October 22nd. That’s long after classes begin and likely a month after Apple’s seemingly-real tablet offering, which might still find its way into the hands of hipster-poseurs and college students. If Apple’s tablet happens to be an unproductive media device with no purpose other than to watch films and browse the internet, then I suppose only the crunchpad may possibly need to worry, but if Apple’s tablet offers any decent means of taking notes or generally being even slightly productive, Microsoft quickly needs to put it to bed.

Otherwise, Apple’s legions will embrace it like the second coming of choose-your-deity rather than the outcast child the business world would much prefer to see (before these students force said businesses over to the worlds most unproductive OS). Given Apple’s recent streak of screwing the consumer, the last thing people need is another outlet for the consumer to be, well, screwed.

Yes, I wrote this on a MacBook, which thankfully currently possesses no trace of any Leopards, Snow Leopards, or any other endangered sources of luxury furs. I also gracefully stole the article’s image from PC World.

Tags: , , , , , ,

Microsoft lists UAC hack as malware

posted on July 30, 2009 by Maurice

As those involved in the Windows 7 community may know, Microsoft has failed to fix a crucial flaw in the User Account Control feature of the operating system which allows a specific whitelist of applications to inject code that can allow any application to silently elevate. The code was released about a month ago as a proof-of-concept by Leo Davidson showcasing the flaw elevating a command prompt window using the whitelisted explorer.exe process.

The company stands by UAC in its final form, but they’re taking it a step further by blocking the program that causes the exploit using their own security software.

Today, I just happened to download the zip file that causes the exploit when Microsoft Security Essentials greeted me with a nice dialog telling me that what I just downloaded is malware, specifically HackTool.Win32/Welevate.A and HackTool.Win64/Welevate.A (depending on architecture). While I’d agree that this can be considered a form of malware, it’s just a very bad way of dealing with the situation. However, Leo noted that Windows Defender in Vista did not detect this exploit, and Bryant confirmed that the same is true for Windows 7 (where the trick would actually work), so this seems to be exclusive to Microsoft Security Essentials.

It’s not clear what method the signatures take to detect it, but I promptly recompiled the source code under the Visual C++ 10.0 toolkit using VS 2010 Beta and the application ran undetected. Not a very good solution if it actually hash checks for the specific applications.

Leo, and I (or Bryant) will update our respective pages accordingly as we discover more. Bryant is seeking official word from Microsoft on what’s going on. Meanwhile, you can see the VirusTotal report here and grab the exploit here.

Update (~Bryant): let’s take a look at what’s going on here from a different approach. Microsoft says that the vulnerability here is not actually a vulnerability and is, in fact, by design. However, they’ve also classified Leo’s proof-of-concept as malware. Logically speaking, if a process whose sole purpose is to exploit a perceived vulnerability is marked as malware, then it’s reasonable to assume that the perceived vulnerability is indeed a significant problem. Basically, Microsoft contradicted themselves by listing the proof-of-concept as malware.

Update 2 (~Bryant): A friend of mine proposed one particular argument as a potential explanation to this issue, whereby this is a bug within Microsoft Security Essentials. The reasons I don’t believe this to be the case are:

  • This exploit was specifically named as HackTool:Win32/Welevate.A (A quick googling shows only three links; one is to the aforementioned virustotal link, the second and third to a Microsoft encyclopedia entry.
  • This particular label only applies to this specific proof-of-concept
  • A reasonable vulnerability assessment (”Medium”) was applied to this particular proof-of-concept, which makes sense given that this security vulnerability in UAC is only really an issue if either a user runs a malicious application or if some other internet-facing application were to be compromised. I covered the latter in an older post of mine where I explain how this flaw essentially raises the vectors of attack many-fold.

Leo and Bryant contributed to this post.

Tags: , , , , , ,

Expression Studio 3 and DreamSpark: when?

posted on July 24, 2009 by Bryant Zadegan

expression3dreamsparkDreamSpark is one of those relatively-awesome-yet-equally-as-known initiatives from Microsoft. Yeah, plenty of people know about it, especially many up-and-coming developers who happen to be the intended audience, but there are also others who could easily benefit. I always manage to run into an IT or CS student who has no idea about DreamSpark until I tell the person, and once they see it, it’s like this treasure trove of lightbulbs turns on in the person’s mind.

For those who don’t know, DreamSpark throws free software at students (after verifying their student-hood, of course). I previously wrote about using DreamSpark to get and use a free OS in place of Vista over here.

Now, keeping the awesomeness of DreamSpark in mind, Expression 3 was only very recently released. A number of threads have popped up on the internet, with the most notable first result for me being this thread on Channel 8. Coupled with requests from other students I personally know as well as faculty from schools near the DC area (thanks for reading, guys!), I figured I’d look into it.

There’s good news, and there’s the news which isn’t exactly bad. I’ll spill the news which isn’t exactly bad first.

There’s no official target date on getting Expression Studio 3 up on DreamSpark, nor will it be available in July, nor is the target timeframe a certainty or guarantee. There; that’s the news which isn’t exactly bad.

The good news: the target timeframe is still before the point when classes start for many of you. The word, as given by a Microsoft spokesperson, is that a “target timeframe would be [the] end of August.”

If you can’t wait ‘til then, go grab Expression Studio 2 from DreamSpark right now. Otherwise, show some patience, be awesome, and grab Expression Studio 3 once it drops for you guys for free in a month. Cheers to dreamers at Channel 8 for holding out, and I’ll have an update for people once a specific date has been settled upon.

Tags: , , , , , , , , ,

Rafael accidentally discovers Trident in Windows 7 E

posted on July 16, 2009 by Bryant Zadegan

Internet Explorer 8 logo Rafael Rivera, as he usually does, put a massive amount of research into discovering workarounds for downloading Internet Explorer on Windows 7 E. He found and posted a rather ingenious workaround for users stuck in Europe with Windows 7 E(U-gimped). The trick, which you can read over at Within Windows, definitely succeeds in winning the “clever” label applied by Rafael, but what Rafael didn’t mention is that Windows 7 (or at least Windows Media Player) still has the Trident rendering engine somewhere within the stripped OS. This means a number of things:

  1. Bad: Upgrading from Windows Vista to Windows 7 E shouldn’t be a problem whatsoever, despite what Microsoft may say. This, unfortunately, doesn’t do much for Microsoft’s image in Europe (unless Steven can come and tell us specifically why Windows Vista can’t be upgraded to Windows 7 E)
  2. Good: Windows really does rely on Trident for at least a few non-browsing-related functions, which makes sense given how useful HTML can be for creating a UI. It also gives a sense of validity to Microsoft’s claims with regards to the EU.
  3. Bad (for browser peddlers, Microsoft, and the user. Good for the EU): The EU, in its limited comprehension of how a browser works, might now use this as “evidence” of Microsoft being deceitful.
  4. Good: Your shiny new better-than-Snow-Leopard OS won’t be as gimped as you originally thought.

This also means that any applications which use Trident for rendering any HTML to present an interface to the user will still work without needing a browser, which means that application developers should still be happy.

You can catch Rafael’s guide here. While you’re at it, if you’re a native of an EU-governed state, please email them a few one-fingered salutes on behalf of the rest of the world.

Update: Paul would like to note that Microsoft has been “very upfront” about Windows 7 E having the Trident rendering engine. The fact is, Microsoft hasn’t really done a good job at pushing this note around, and given Microsoft’s other communication issues (again, noted by Paul), I’m inclined to say that the existence of Trident actually is news.

In fact, Microsoft also posted about it on their legal blog… in typical legalese. The official statement is:

Most importantly, the E versions of Windows 7 will continue to provide all of the underlying platform functionality of the operating system—applications designed for Windows will run just as well on an E version as on other versions of Windows 7.

To those of us who assume things in the most unrealistically general sense, “underlying platform functionality” includes Trident, but this by no means makes it obvious that Trident will still be in Windows 7 E, thereby proving Paul’s previous point about communication being a problem.

Tags: , , , , , , , , , , ,

The Hotmail Team’s Supposedly New Features

posted on July 15, 2009 by Devin

The available options for the Quick Add feature.The only problem… they aren’t new.

Reading through Paul Thurrott’s SuperSite Blog last week, it appears that Microsoft announced new integration of Windows Live Hotmail and Bing. While it’s fine and dandy for the two products to work together, they announced a feature that has existed since February. Heck, they even own up to it:

We announced in February that Windows Live was piloting a new feature unique to Hotmail we’re calling “quick add.”

They went on to say that they were adding Bing integration to the “quick add” feature (the currently available options for which can be seen to your right). In reality, nothing at all changed with this feature. Don’t get me wrong, this could be a very useful thing, but every single option that is there was there yesterday, and as I recall, has been for a long while. Obviously, before June it was powered by Live Search, but as far as I know, it worked for the past month too.

Apparently, there’s not much new in the Hotmail department.

Tags: , , , , , ,

Why all this fussing over builds is meaningless

posted on by Bryant Zadegan

RTM! A few days ago, Long famously proclaimed that build 7600.16384 would be RTM (now retracted). Since then, another build has been compiled, and WZOR claims that this new build, 7600.16385, would be RTM. With this back-and-forth and soon-to-be-short-lived debate over which build will be released to manufacturing, I felt the need to drop by and remind people of a few things:

  1. RTM isn’t just this magical thing which is compiled and then immediately signed off. It takes roughly a week’s worth of testing (in the Windows world. Shane Nokes, who happens to have experience elsewhere, knows that Microsoft could sign a project off after only three days) before certifying that a build is worthy of RTM.
  2. 7600 will be RTM. Stop worrying about which compile of 7600 will be RTM; they only have very minor changes, if anything at all.
  3. There’s nothing new in these last few builds. There’s no new theme, no new components… nothing. What’s the point of worrying about which build is compiled if there’s literally no visible difference?

Of course, there’s much more to my little OP/ED here after the jump, so be cool and get to it.

Read More »

Tags: , , , ,

Zune HD technically supports 1080p via Tegra [video]

posted on July 6, 2009 by Bryant Zadegan

tegra

No, it’s not a joke, but it’s not hands-down proof that Microsoft will allow it either. The Tegra platform is fully capable of 1080p playback (as you’ll hear after the jump roughly two minutes into the video), and the Zune HD has already been outed as being built on the Tegra platform. Now, with this in mind, there are still a few things holding Microsoft back from enabling 1080p video playback on Tegra: The Zune HD likely won’t have the hard drive space to store more than a few movies in full 1080p resolution, nor is there much of a point in squandering space on a 1080p film and playing it back on a reduced screen. Storing 720p and scaling it down for playback on a smaller screen while on the move makes sense, but it doesn’t make sense to do this with massive 1080p video, especially when there isn’t even much of a perceived difference in quality when outputting both 720p and 1080p to a TV. Keep in mind as well that while Tegra’s power usage is awesomely low, playing 1080p video is still more energy-expensive than playing 720p, so 1080p will also reduce battery life. The benefits v. drawbacks aren’t in favor of 1080p, but at least it’s comforting to know that the ZuneHD is capable.

The reason this matters, though, is that for those enthusiasts out there who want the capability to throw 1080p at their TVs from their Zunes, this may be nothing more than a quick hackjob to enable. If Microsoft decides to produce a high-capacity model down the road (say, 320GB), I also wouldn’t be surprised to see it officially enabled on the Zune HD by default.

As for the Tegra platform, I managed to run into two separate Tegra netbooks, one of which was throwing 720p video at a TV without any problems. Tegra itself is ridiculously tiny, and NVIDIA seems to be working quite hard to get deals with car manufacturers, smartphone makers, netbook makers, TV makers, etc. for the Tegra platform. The goal, basically, is to get Tegra embedded into anything in which it might possibly fit, which is to say, basically everything. Power usage is also amazingly low, which opens the gates for many applications.

Update: I’ve checked the specs for the two different Tegra Systems-on-Chip, and neither state support for 1080p. However, there’s clear confirmation in the video that at least one of the Tegra models is 1080p-capable, so who knows. Thanks goes to @clubdirthill for sparking a desire within me to look into the matter.

More details on everything (including the size) can be found in my video of NVIDIA’s Tegra platform, which happens to be below the fold in both vanilla and HD YouTube form.

Read More »

Tags: , , , , , , ,

Windows 7 Anytime Upgrade boxing hands-on (exc)

posted on June 25, 2009 by Bryant Zadegan

Update: Please, if you’re going to copy my images, don’t delete the watermark. I went through effort to get these pictures, and having them torn off (as is the case with ArsTechnica’s recent linkback)just means that I’ll have to present unsightly watermarks over the entire picture next time as opposed to keeping the images presentable by leaving the watermark in the corner. Update 2: ArsTechnica corrected their image accordingly. Thanks!

Just about everyone has seen the shots of the new Windows 7 retail packaging, but pictures of the new Anytime Upgrade packaging are much harder to come by. Impossible to find are any current examples of the packaging besides press shots and renders, so having said that, here are a few good hands-on shots I managed to take. For those wondering, yes, this means the boxes themselves are real, and that yes, Microsoft will indeed be pushing Anytime Upgrade through retail channels.

If you want some context as to how Microsoft arrived to this new box design, go ahead and check out Brandon LeBlanc’s post over at the Windows Team Blog. As for a physical size comparison: the full version boxes carry the same dimensions as the current Vista boxes.

(There’s nothing relevant inside the boxes themselves; just a fake key and a CD of Visio inside the retail box of which I was also taking some pictures.)

Have at it:

Retail Ultimate v. Anytime Upgrade UltimateInside boxes exposedBusiness AU v. Ultimate AUBusiness AU v. Ultimate AU side by sideBusiness AU v. Ultimate AU perspective shotBusiness AU v. Ultimate AU lower shot

On an unrelated note, we (the staff of AeroXperience) would like to wish our condolences to the Jackson family with regards to the recent, sudden, and highly tragic passing of Michael Jackson

Tags: , , , , ,

UAC in 7: Silent Attack Vector Multiplier (redux)

posted on June 12, 2009 by Bryant Zadegan

badUAC

Update: added a link to the original exploit

I really, really hate having to interrupt a good series bashing Apple, but this has to be said.

Long has resumed his crusade on fixing UAC, and normally, I would tell him to give it up for the sake of saving his own time. However, even though Mark Russinovich might not see UAC as a security boundary, the original UAC team sure as hell did, which makes me want Long to see this all the way through. (check the sidebar on the left)

“User Account Control (UAC) is a core security feature in the next release of Windows Vista and Windows Server code name Longhorn.” –UAC Blog

Guys, just fix it. I don’t see why things have to be made so hard; the UAC team clearly calls it a security feature, so do them a favor, don’t make them feel like they’ve wasted their time, and fix the problem. Thanks, Long, for telling me that this can’t actually be fixed as it’s a design issue, so here’s a better solution: give the user the ability to chose which UAC setting he/she wants upon first run. Here are three good options:

  1. Always On
  2. Notify when programs try to change settings (give a warning with this option about the potential risk of compromise)
  3. Always Off (give a bigger warning with this option)

You’ll notice that I didn’t actually suggest the option which gets rid of the secure desktop: I personally believe that that particular option offers absolutely no benefit over having UAC off altogether.

I figured it had to be said.

(If you want to take this for a test run yourself, check Leo Davidson’s site for the original source code and binaries for the proof of concept exploit)

Mark & friends, I love you guys dearly, but I’ll be taking the original team’s word on this one. If you guys try editing it out, keep in mind the Internet Archive has a copy of the original statement.

Tags: , , , , ,

Why “Bing” might be a name destined to fail

posted on May 28, 2009 by Bryant Zadegan

bingNote: I’m not saying that Bing is a bad service! My entire argument is based around the fact that the marketing seems gimmicky and that the name itself might serve as a significant impediment towards adoption. I honestly hope it turns out to be good.

Microsoft announced today a new search initiative (and yet another brand identity) for their struggling game against Google, and unfortunately, it’s not exactly the best name. Microsoft has used too many different brandings for its search initiatives within the past decade (unlike Google and Yahoo who, well, used the same name all throughout), and besides creating confusion for people, all it does is make it harder to create those mental associations Microsoft is looking for.

Once all is said and done, Bing is a search engine which aims to present more relevant information. Since this is the perpetual, never-ending goal of search engines, I can’t actually say that Bing is something new, nor can I agree with the “decision engine” marketing term because, in the end, all search engines exist to help us make decisions. Hopefully, Bing can provide better results than Google, but that completely depends on how much time and effort Microsoft invests into Bing. Given that search was the future, Microsoft might’ve been better off finding a new disruptive technology as opposed to fighting an established goliath.

Back to the name:

Long ago, Yahoo tried to get their name woven into the fabric of public literacy. Yahoo wasn’t successful for the same reason Bing won’t be successful either: they’re both ever so slightly too hard to pronounce as a verb. Here’s a good rundown of worked and what didn’t:

  • Yahoo has two syllables with weak starting consonants, of which one is the confused letter Y.  It also ends in an audible vowel which, when paired with the next word in the sentence, makes pronunciation harder. Since the next word after the term would likely have been “it,” saying “yahoo it” doesn’t properly roll off the tongue.
  • Kumo (the old name for Bing) doesn’t work because it ends on a vowel and has one soft consonant in the middle, deflating the word itself. The word “Kumo” makes the person saying it feel like he’s losing enthusiasm as a result of not holding some degree of assertion through the name.
  • Cuil sure as hell didn’t work because no one knew how the hell to pronounce it. (It’s pronounced “cool,” unlike the name)
  • Google works because both syllables start with a solid consonant, and the word itself ends in a silent (and therefore irrelevant) vowel. Larry and Sergey got lucky with the name; they were just making a play on Googol, but the end result is the same. The name itself implies an assertive action through the use of hard consonants but succeeds in avoiding aggression because it ends in a soft consonant. The consonant ending also allows the word to easily be appended to other words during pronunciation, especially the word “it.”

Bing is a different case altogether. It’s a monosyllabic word (like Cuil, but it doesn’t look as intimidating), which means the rules change a bit. One-syllable words have the advantage of being quick to pronounce and easy to remember, which also means that the word is best starting and ending with a rather solid consonant (Digg is a good example), but there are too few permutations of letters for any cool monosyllabic words starting with a good, solid consonant to be unused in this world of Web 2.LetsNameOurWebsiteAnything. The problem is that Bing actually sounds cool and usable. Unfortunately, Bing has two drawbacks which set what would otherwise be a rather successful name up for failure:

  • It sounds too much like “ping.” While this won’t be a problem for lay-users who don’t know what an ICMP Echo is, it will be a problem for the more advanced users who will inevitably struggle to differentiate the pronunciation of “bing” from “ping.” The problem is that when the advanced users have to put too much effort into saying something, they will subconsciously lose motivation to spread the word, which limits the spread of the brand. This would be the biggest drawback of all since Bing is yet another tech service looking for appeal.
  • It just feels analogous to ‘hit,’ ‘bang,’ ‘tap,’ and any other term which falls into that category of slang.

There aren’t really any words left with four letters ending in “ing” that haven’t been taken already, and Bing actually sounds better than what’s left. The best goal for any name is to be easy to pronounce in context while serving as a subconscious motivator to do the act to which the name is tied, which is why Google worked, and which is the only way any other name can work.

Honestly, I wish Bing the best of luck. The world knows how badly Google now needs a competitor in the search space. It’s just that Microsoft’s resources might’ve been better spent on disruption rather than throwing blunted stones at a shielded Goliath. If you want to read a full rundown of the service itself, drop by the WinSuperSite and have at it.

Tags: , , , , , , , , , ,
Advertisement (by Google)
Twitter icon   Follow Bryant on Twitter!   Twitter icon
Tag Cloud
Worthy Communities
HardwareGeeksJoeJoe NeowinStardock Windows ConnectedThe Windows Club
Latest Comments
Blogroll