Tag Archives: Vista

Microsoft, Tech

Microsoft urges death of Windows gadgets as researchers plan disclosures

Reacts to upcoming revelations of gadget vulnerabilities at Black Hat by offering tool that kills feature in Vista, Windows 7

Computerworld – Just two weeks before researchers are to disclose bugs in Windows “gadgets” at Black Hat, Microsoft acknowledged unspecified security vulnerabilities in the small pieces of software supported by Vista and Windows 7.

To deal with the vulnerabilities, Microsoft has provided a way to cripple all gadgets and disable the “sidebar” engine that runs them.

“The purpose of this advisory is to notify customers that Microsoft is aware of vulnerabilities in insecure Gadgets affecting the Windows Sidebar on supported versions of Windows Vista and Windows 7,” Microsoft said in a security warning issued Tuesday.

“The deprecation of gadgets and the sidebar is interesting,” said Jason Miller, manager of research and development at VMware, in an interview. “Gadgets are not much used for business, so if you don’t use it, get rid of it. That’s one of the best ways to reduce your attack profile.”

Microsoft did not detail the vulnerabilities or explain why it was letting users ditch gadgets, but the move may be linked to an upcoming presentation at Black Hat, the annual security conference held in Las Vegas. On July 26, Mickey Shkatov and Toby Kohlenberg are scheduled to present research on gadget flaws and exploits.

 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

The Black Hat entry for their presentation, “We Have You by the Gadgets,” noted “a number of interesting attack vectors” in gadgets.

“We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets,” the description stated.

In its advisory, Microsoft thanked Shkatov and Kohlenberg for their help with gadget bugs. The researchers were unavailable for comment or to answer questions late Tuesday.

Gadgets and the sidebar engine were introduced in 2007’s Windows Vista as a way to run and manage single-use, lightweight applications. Windows 7 also supported gadgets, but let users place them directly on the desktop rather than on the separate sidebar.

At their debut, some critics noted gadgets’ similarity to the widgets and Dashboard introduced two years earlier by Apple in OS X 10.4, also known as Tiger.

While touted by Microsoft before the launch of Vista, gadgets never caught on with users. It was thus no surprise when Microsoft announced last fall that it was pulling support of gadgets from Windows 8. At the same time it retired the Windows Live Gallery, a source for desktop gadgets.

The Windows website, which until Tuesday described how to obtain gadgets, now warns users. “Gadgets installed from untrusted sources can harm your computer and can access your computer’s files, show you objectionable content, or change their behavior at any time,” said the site.

Microsoft offered users a “Fixit” — one of its automated configuration tools — that disables the sidebar and all gadgets in Vista and Windows 7. The tool can be found on this page of Microsoft’s support site.

“My first take was that Microsoft was admitting that it’s very difficult for a third-party developer to securely write a gadget,” said Andrew Storms, director of security operations at nCircle Security. “So they’re disabling them all. Thank goodness for that.”

This was not the first time that Microsoft has reacted to security problems in gadgets. More than four years ago, Microsoft updated Vista with a tool that let the company automatically — and remotely — disable suspicious or malicious gadgets.

IE9, Microsoft, Tech

IE ‘silent’ upgrade helps put newest browser on Windows

Stats show some Windows 7 and Vista users upgraded to IE9, but the new practice affected few XP users

Computerworld – Microsoft’s decision late last year to switch on “silent” upgrades for Internet Explorer (IE) has moved some Windows users to newer versions, but has had little, if any, impact on the oldest editions, IE6 and IE7, according to usage statistics.

In December 2011, Microsoft announced it would start automatically upgrading IE so that users ran the newest version suitable for their copy of Windows.
MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training
at certkingdom.com
Under the plan, Windows XP users still on IE6 or IE7 would be updated to IE8, while Windows Vista or Windows 7 users running IE7 or IE8 would be pushed to IE9.

Previously, Microsoft has always asked users for their permission before upgrading IE from one version to the next, even if Windows’ automatic updates was enabled.

First to get the automatic treatment, Microsoft said, would be Australia and Brazil, both guinea pigs for the January 2012 debut. The program would then be gradually expanded to other markets.

Yesterday, Microsoft declined to disclose what other countries, if any, had had the auto-upgrade switched on.

But in Australia and Brazil, the move shuffled share among some editions of IE, according to data from StatCounter, an Irish Web analytics company that publishes country-by-country usage share numbers for IE6, IE7, IE8 and IE9.

In both countries, IE9 jumped unexpectedly in February, the first full month after the auto-upgrade switch was thrown, while IE8 saw an almost-corresponding decline in share.

IE9 in Australia climbed 3.3 percentage points that month, a 23% increase, which was significantly greater than any spike of the previous 12 months. Meanwhile, IE8 slipped 2.8 points, or 15%, in February.

The result in Brazil was eerily similar: IE9 jumped by 3.5 points (42% increase over the previous month) and IE8 dropped by 3.1 percentage points (for a decline of 16%).

There was some evidence that the auto-upgrade did impact IE7’s share in Australia, since the browser’s February decline was only a third that recorded for both January and March.

It’s impossible to tell if, assuming some copies of IE7 were upgraded to IE8 or IE9, which operating system — Windows Vista or Windows XP — was affected: Both those editions can run IE7.

The theory that IE auto-upgrades primarily applied to Windows 7 and Vista users was bolstered by the shares XP owns in each of the two countries: In Australia, XP accounted for 19.5% of all operating systems used in February, while Brazil’s XP share that month was double that at 37.7%.

If appreciable numbers of XP users had had their copies of IE upgraded, one would have expected to see Brazil’s numbers for IE 6 and IE 7 show a larger variance from the norm than Australia. That just wasn’t the case.

The shifts reported by StatCounter hint that IE’s automatic upgrade program successfully moved some Windows 7 and Vista users from IE8 to IE9, but did little to migrate Windows XP users to a more modern browser, since IE6 and IE7 shares did not drop more than the usual.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training
at certkingdom.com

MCTS, MCTS Certification, MCTS Training, Microsoft, Tech, Windows 8

Microsoft starts XP retirement countdown

‘You are late,’ Microsoft tells customers who haven’t started XP-to-Windows 7 migration

Microsoft yesterday kicked off what it called a “two-year countdown” to the death of Windows XP, its longest-lived operating system.

Windows XP and the business productivity suite Office 2003 both exit all support on April 8, 2014, a company spokeswoman said in a Monday blog post.
MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training
at certkingdom.com
[ Also on InfoWorld: Microsoft retires Vista, Office 2007 from mainstream support this week. | Windows 8 is coming, and InfoWorld can help you get ready with the Windows 8 Deep Dive PDF special report, which explains Microsoft’s bold new direction for Windows, the new Metro interface for tablet and desktop apps, the transition from Windows 7, and more. | Stay abreast of key Microsoft technologies in our Technology: Microsoft newsletter. ]

On that date, Microsoft will stop shipping security updates for XP and Office 2003.

XP went on sale in October 2001 while Office 2003 launched October 2003.

“Windows XP and Office 2003 were great software releases for their time, but the technology environment has shifted,” argued Stella Chernyak, a Microsoft marketing director.

When Microsoft pulls XP’s plug, it will have maintained the OS for 12 years and 5 months, or about two-and-a-half years longer than its usual practice and a year longer than the previous record holder, Windows NT, which was supported for 11 years and 5 months.

This wasn’t the first time that Microsoft has urged XP users to dump the operating system — and perhaps their PCs too — for newer tools.

In June 2011, a Microsoft manager said it was “time to move on” from Windows XP, while earlier that year an executive on the Internet Explorer team belittled XP as “lowest common denominator” when he explained why the OS wouldn’t run the then-new IE9.

The company has not yet turned on Windows XP like it has on the 11-year-old Internet Explorer 6 (IE6). For more than two and a half years, Microsoft has urged users to give up IE6, going so far in March 2011 to launch a deathwatch website that tracks IE6’s dwindling usage share.

Windows XP’s share is dropping.

In the last 12 months, XP has lost nearly 10 percentage points of share, or 14 percent of what it had as of April 1, 2011, according to Internet measurement company Net Applications. If XP continues to shed share at that pace — unlikely as a linear decline might be — the OS would have just 17.1 percent in April 2014.

As Net Applications’ data hints, some PCs will still be running Windows XP when Microsoft retires the operating system.

“Our recent Symposium survey [in October 2011] had respondents telling us they’d have 96 percent of their PCs migrated off XP by end of support,” said Gartner analyst Michael Silver in an email reply to questions Monday. “But 16.5 percent of organizations say they will have more than 5 percent of their users still on XP after support ends.”

Not surprisingly, Microsoft wants XP users to upgrade to Windows 7 now, perhaps figuring money in the hand with Windows 7 is better than dollars from the bush that’s the unfinished Windows 8.

“We don’t recommend waiting [for the next editions of Windows or Office], said Microsoft’s Chernyak. “Not only is it important for companies to complete deployment before support runs out, but … by upgrading to Windows 7 and Office 2010 today they can gain substantial results while laying the foundation for future versions.”

On Microsoft’s website, the company was blunt about XP’s ticking clock.

“If your organization has not started the migration to a modern PC, you are late,” Microsoft said, citing data that claimed OS migration programs in businesses take between 18 and 32 months to complete.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training
at certkingdom.com