The official name for Windows 7 will be: “Windows 7”

Considering all the gruff Microsoft took over the name “Windows Vista” (including some gruff from me) it’s probably a smart move on their part to just go with something simple for the next major release:

Windows Vista Team Blog : Introducing Windows 7

And, as you probably know, since we began development of the next version of the Windows client operating system we have been referring to it by a codename, “Windows 7.”  But now is a good time to announce that we’ve decided to officially call the next version of Windows, “Windows 7.”

While I know there have been a few cases at Microsoft when the codename of a product was used for the final release, I am pretty sure that this is a first for Windows. You might wonder about the decision.

The decision to use the name Windows 7 is about simplicity. Over the years, we have taken different approaches to naming Windows.  We’ve used version numbers like Windows 3.11, or dates like Windows 98, or “aspirational” monikers like Windows XP or Windows Vista.  And since we do not ship new versions of Windows every year, using a date did not make sense.  Likewise, coming up with an all-new “aspirational” name does not do justice to what we are trying to achieve, which is to stay firmly rooted in our aspirations for Windows Vista, while evolving and refining the substantial investments in platform technology in Windows Vista into the next generation of Windows.

Simply put, this is the seventh release of Windows, so therefore “Windows 7” just makes sense.

As you know if you’re an SEB regular, I actually like Vista despite my initial dislike of the name itself. Which I suppose makes me a kind of maverick. Which I suppose makes me like John McCain. No wonder everyone hates me.

Anyway, I find the name Windows 7 to be very agreeable. It’s simple and doesn’t try to evoke a vaguely defined “experience” that the product will supposedly provide me. It’s Windows and it’s the 7th version. Short, to the point, and not wishy washy.

Mozilla to IE: You will be standards compliant whether you like it or not!

I literally laughed out loud when I read this article:

Most browser implementors are quick to adopt emerging Internet technologies, but Microsoft can’t or won’t make Internet Explorer a modern web browser. Despite some positive steps in the right direction, Internet Explorer still lacks many important features. Its mediocrity has arguably hampered the evolution of the web and forced many site designers to depend on suboptimal proprietary solutions.

IE’s shortcomings won’t hold back the Internet for much longer, however, because Mozilla plans to drag IE into the next generation of open web technologies without Microsoft’s help. One of the first steps towards achieving this goal is a new experimental plugin that adapts Mozilla’s implementation of the HTML5 Canvas element so that it can be used in Internet Explorer.

That’s certainly one way to bring standards to IE, but it’s not perfect by a long stretch as Microsoft seems determined to make it as hard as possible:

Vukićević is confident that a lot of the holes can be filled without substantial effort, but his primary concern is with the challenges posed by deployment. The plugin is designed to snap into IE as a binary rendering behavior, but the browser’s defensive security mechanisms insist on prompting the user before every time it is used. This detracts from the seamlessness of the plugin and makes it difficult to use for conventional web applications.

“Currently, the experience is pretty crappy: you have to click through an infobar to allow installation of this component, then you have to click ‘Yes’ to say that you really want to run the native content, and then you have to click ‘Yes’ again to allow the component to interact with content on the page,” he wrote in a blog entry. “In theory, with the right signatures, the right security class implementations, some eye of newt, and a pinch of garlic, it’s possible to get things down to a one-time install which would make the component available everywhere.”

Let’s hope the Mozilla folks are composed of some skilled witches then. Having a few plugins to help make IE standards compliant would be a welcome development for anyone who codes in HTML.

Vista’s security is not quite totally useless after all.

Last Friday I wrote about a presentation on a new hack attack that was claimed to make Vista’s security improvements all but useless. A lot of tech related websites ran the story as though it were the apocalypse for Windows as an OS, but the folks ovet at say things aren’t quite as bad as they might seem:

The work done by Dowd and Sotirov focuses on making buffer overflows that were previously not exploitable on Vista exploitable. These are buffer overflows that would be exploitable on Windows XP anyway; after all, there’s no need to defeat ASLR if an OS does not have ASLR at all. Furthermore, these attacks are specifically on the buffer overflow protections; they do not circumvent the IE Protected Mode sandbox, nor Vista’s (in)famous UAC restrictions. DEP, ASLR, and the other mitigation features in Vista are unlikely to ever be unbreakable, especially in an application like a web browser that can run both scripts and plugins of an attacker’s choosing. Rather, their purpose is to make exploitation more difficult. Microsoft has a solution for those wanting to make it impossible—use .NET. These protections are there for when that’s not an option, to reduce—but not eliminate—the vulnerability caused by such programming errors. Even with DEP and ASLR, the coding errors that result in buffer overflows still ought to be fixed; it is only through fixing the errors that the flaws can truly be eliminated.

Even with the attacks described in the paper, Vista has many worthwhile security improvements compared to XP. Internet Explorer on Vista runs in a highly restricted environment, so that even when it is running malicious code it cannot harm the system. Stories suggesting that Vista’s security is now irredeemably broken are far off the mark; the truth is merely that some of its automatic security protection is less effective than it was before.

They even have a few suggestions on how Microsoft may be able to reduce, if not eliminate, the effectiveness of these new exploits. The whole article is worth a read just for the overview of the security improvements Windows Vista has in place and what the problems are that allow this new attack to succeed. The upshot, however, is that Vista isn’t completely vulnerable to hackers as some sites have suggested.

A new attack method may render Vista’s security useless. May also work on other platforms.

If this article at is correct then Vista’s security system has been rendered moot for folks who insist on using Internet Explorer:

In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they’ve found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user’s machine.

Researchers who have read the paper that Dowd and Sotirov wrote on the techniques say their work is a major breakthrough and there is little that Microsoft can do to address the problems. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista’s fundamental architecture and the ways in which Microsoft chose to protect it.

“The genius of this is that it’s completely reusable,” said Dino Dai Zovi, a well-known security researcher and author. “They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over.

“What this means is that almost any vulnerability in the browser is trivially exploitable,” Dai Zovi added. “A lot of exploit defenses are rendered useless by browsers. ASLR and hardware DEP are completely useless against these attacks.”

I doubt that there’s truly little Microsoft can do about the problem, but the solutions involved might be unpalatable to their business goals (e.g. drop ActiveX altogether). The attack appears to rely on Internet Explorer specifically so one possible solution for Vista users is to switch to a different browser such as Firefox or Safari. Which, really, they probably should do anyway.

What’s more interesting is the conclusion of the article:

Dai Zovi stressed that the techniques Dowd and Sotirov use do not rely on specific vulnerabilities. As a result, he said, there may soon be similar techniques applied to other platforms or environments.

“This is not insanely technical. These two guys are capable of the really low-level technical attacks, but this is simple and reusable,” Dai Zovi said. “I definitely think this will get reused soon, sort of like heap spraying was.”

Unless those other platforms are running Internet Explorer and ActiveX I’m not sure how they’d be vulnerable, but then the article doesn’t go into great detail on exactly what the hack involves. Microsoft has said their aware of the presentation and are interested in looking at it more closely once it’s made public.

Will Midori be Microsoft’s post-Windows OS of the future?

While Microsoft is trying to brush up Windows Vista’s image with some marketing stunts, they’re also considering what the future should bring as multi-core processors and ubiquitous access to broadband become more common. One of the concepts that’s been generating a lot of interest of late is Cloud Computing where instead of buying software packages to install on your PC you’ll subscribe to services that are run over the Internet. An area that Google has a good start in with not only popular email services such as Gmail, but also with Google Docs (online word processor and spreadsheets), Google Calendar, and Google SketchUp (3D modeler) all of which are supported by online advertising. 

As usual Microsoft wants in on that action and as such are developing a cloud computing OS called Midori that may end up replacing Windows as the OS you’ll run on your PC in the future. The folks at take a look at it:

The big excitement in Microsoftland this week has been further news of Midori. Midori is claimed to be Microsoft’s “post-Windows” operating system—a new platform for the future. The SD Times claims to have seen internal Microsoft documents describing the company’s plans for the new OS, and it says that Midori will be a commercial derivative of the Singularity project. Say hello to a cloud-computing-ready .NET OS.

Singularity’s big feature is that it is written in managed code. While Midori looks to follow suit, it is also written for a cloud computing world. Microsoft has already spoken of its plans for cloud computing; in particular, the company plans to introduce tools to enable cloud computing applications to be written as easily as normal applications are today. Midori will offer the same; the Midori platform will give developers the basic tools to write applications that can be run in massive parallel and that can withstand unreliable communications.

[…] Is Midori that long-term operating system? Well, it certainly does some of the things that a future Microsoft OS should do. The safety and portability of managed code would eliminate many of the security flaws that still regularly crop up in software. .NET already makes these bugs impossible; Singularity and Midori perform even greater analysis of software and prohibit even more bugs. To help address problems with parallel programming, Midori’s programming model uses immutable data; immutable data can be shared without locks and so prevents lock-based bugs from ever occurring.

Another way in which Midori is engineered for high concurrency is through an asynchronous architecture. Current OSes are usually largely synchronous; that is, whenever software asks the OS to do something (read a file from disk, send data over a network, etc.) the software must wait until the OS has completed the action. With an asynchronous design, the OS returns control to the software immediately, allowing the software to do useful work while waiting for the OS to finish the operation it was asked for. When the operation is finished, the OS notifies the software.

The whole thing is an interesting read if for no other reason than to get an idea of what software developers in general, and Microsoft in particular, are working on as the Next Big Thing in computing.

Microsoft uses Vista haters to demonstrate that Vista’s not so bad.

If you’ve spent much time here then you already know that I think Windows Vista is a decent operating system that is unfairly maligned. If I had a dime for every time I’ve had someone talk to me about how much Vista sucks only to say they haven’t tried it when I ask if they’ve even touched the OS, well, I’d have at least a few bucks to spend. Surely I’m not the only person who’s noticed that it’s gotten to the point of being “common knowledge” that Vista blows chunks such that the criticisms are repeated endlessly by people who haven’t even used the OS.

It seems Microsoft noticed that trend as well and they set out to put it to the test:

Spurred by an e-mail from someone deep in the marketing ranks, Microsoft last week traveled to San Francisco, rounding up Windows XP users who had negative impressions of Vista. The subjects were put on video, asked about their Vista impressions, and then shown a “new” operating system, code-named Mojave. More than 90 percent gave positive feedback on what they saw. Then they were told that “Mojave” was actually Windows Vista.

“Oh wow,” said one user, eliciting exactly the exclamation that Microsoft had hoped to garner when it first released the operating system more than 18 months ago. Instead, the operating system got mixed reviews and criticisms for its lack of compatibility and other headaches.

To be sure, the focus groups didn’t have to install Vista or hook it up to their existing home network. Still, the emotional appeal of the “everyman” trying Vista and liking it clearly packs an emotional punch, something the company has desperately needed. Microsoft is still trying to figure out just how it will use the Mojave footage in its marketing, though it will clearly have a place.

I wouldn’t be surprised by that at all. Certainly Vista has it’s issues, but then what OS doesn’t. The truth is the problems it had at launch were no where near as bad as what XP went through and, as was the case with past versions of Windows, it’s been slowly improving since then.

Apparently Microsoft is rolling out a new campaign promoting Vista that will run into the hundreds of millions in dollars and will include such things as free technical support for small businesses that switch to using Vista. Along the way you can be sure they’re going to be using that Mojave footage to show that Vista has gotten a bad rap:

“In the weeks ahead, we’ll launch a campaign to address any lingering doubts our customers may have about Windows Vista,” Ballmer wrote. “And later this year, you’ll see a more comprehensive effort to redefine the meaning and value of Windows for our customers.”

What gives the Mojave project its power, though, is the fact that it isn’t Ballmer or someone else at Microsoft saying that Vista has gotten a bad rap. It’s everyday people.

With scenes reminiscent of both Apple’s “real people” campaign of a few years back as well as classic commercials from Folgers and others, the Mojave project could prove a formidable weapon.

The Mojave project is remarkable both for its humble origin as well as the speed with which it was pulled off. The idea started barely two weeks ago in an e-mail from Microsoft’s David Webster to several superiors, including Veghte. Given the green light, Microsoft started videotaping responses just last week, in San Francisco. The preview Veghte gave to CNET News on Wednesday was the first time the footage had been shown outside the company and its contractors.

The footage could get a public airing as soon as next week or even at Thursday’s financial analyst meeting, although plans were still in flux as of late Wednesday night.

With the success of Apple’s anti-Vista ads—Macs are up to an 8.5 market share now—I’m surprised it’s taken this long for Microsoft to get around to fighting back. Now the question is are the big enough to overcome “conventional wisdom”?

Microsoft E3 keynote address was full of surprises.

I’m not an Xbox 360 owner myself, but if you are then the Microsoft E3 keynote address yesterday gave you a lot of things to look forward to in the coming months.

One of the biggest announcements was probably the fall update coming for Xbox Live which will radically alter how it looks—my sister-in-law’s better half called it “Vista-esque”—and adds things such as Nintendo Mii-ish like avatars, which seems like a pretty transparent ploy to try and counter the aforementioned Miis and the upcoming Playstation Home. Nintendo has certainly captured a lot of the casual gaming market and Microsoft is setting their sights on trying to claim some of that for themselves. The new avatars and a whole bunch of more causal oriented games coming soon are the result. Quite a few new features are aimed at encouraging social interactions with your friends online including being able to enter a multi-chat environment using your avatars as well as move from game to game as a group (assuming you all have the same game).

They also announced new deals for downloadable movies and videos with NBC/Universal and Netflix. Xbox Live Gold members who also have active Netflix accounts will be able to access their Netflix Watch Now queue to stream movies straight to their Xbox 360 at no extra charge. Additionally you’ll be able to share those streaming videos with your friends using the previously mentioned avatar social tools. Alas those buddies will also have to be Gold members and have Netflix accounts to participate.

Three other announcements worth noting include the fact that soon you’ll be able to copy an entire game off of DVD onto the Xbox 360 hard drive, assuming you have one, and run it from there to speed up load times. You’ll still need to have your disc in the drive to play, but if load times are a concern then this should help. Of course this means you’ll be using up lots more hard drive space so they’re dropping the 20GB version of the 360 and replacing it with a 60GB version. The last, and probably biggest, announcement was that the Xbox 360 will be getting a port of Square-Enix’s Final Fantasy XIII, which was believed to be a PS3 exclusive.

I’ve got to give Microsoft credit for managing to diminish some of the titles that were big Playstation hardware sellers in the past. Grand Theft Auto IV and now Final Fantasy XII would’ve likely sold a shitload of PS3s had they remained exclusives like the previous versions had. For some strange reason Sony hasn’t focused on spending any money to secure exclusive titles for the PS3 as it has in the past and it’s probably cost them some hardware sales as a result. It’ll be interesting to see what Sony has to say in their upcoming E3 keynote to try and put a little momentum behind their flagship product.



MSN changes its mind. Won’t nuke the MSN Music servers… for now.

Remember how back in April we got word that Microsoft was going to shut down license servers that authenticated music purchased through their now-defunct MSN Music store?

Well apparently there was enough of an outcry that they’ve changed the mind and will be keeping the servers up through the end of 2011.

Dear MSN Music customer,

On April 22, Microsoft notified you that as of August 31st, 2008, we would be changing the level of support for music purchased from MSN Music, and while your existing purchased music would continue to play, you would no longer be able to authorize new PCs and devices to play that music.

After careful consideration, Microsoft has decided to continue to support the authorization of new computers and devices and delivery of new license keys for MSN Music customers through at least the end of 2011, after which we will evaluate how much this functionality is still being used and what steps should be taken next to support our customers. This means you will continue to be able to listen to your purchased music and transfer your music to new PCs and devices beyond the previously announced August 31, 2008 date.

Microsoft continues to recommend that you back up your music on CD or hard drive along with other important data.


MSN Music team

Which is nice and all, but just postpones the problem to a later date. Perhaps they’re hoping you’ll be sick of those songs by then and won’t care if you can’t use them any more. Or, if they’re smart, they’ll just release a tool that strips the DRM right off the files in a future update of Windows Media Player.

Yeah, as if.

Thinking of buying a Zune? Microsoft has plans to put “Copyright Cop” on it.

Microsoft’s Zune media players continue to lag behind Apple’s popular iPods so they’re looking to gain an advantage wherever they can. One possible boost is a recent deal with NBC to license shows for use on the Zune after NBC yanked them from Apple’s iTunes offerings after a dispute over pricing and DRM. Microsoft seems eager to do whatever it takes to make NBC happy including developing software that would check for and block any illegitimate NBC shows found on your Zune. Here’s a snippet from the New York Times Blog:

Late Tuesday afternoon I reached J. B. Perrette, the president of digital distribution for NBC Universal, to ask why NBC found Microsoft’s video store more appealing than Apple’s.

He explained that NBC, like most studios, would like the broadest distribution possible for its programming. But it has two disputes with Apple.

First, Apple insists that all TV shows have an identical wholesale price so that it can sell all of them at $1.99. NBC wants to sell its programs for whatever price it chooses.

Second, Apple refused to cooperate with NBC on building filters into its iPod player to remove pirated movies and videos.

Microsoft, by contrast, will accept NBC’s pricing scheme and will work with it to try to develop a copyright “cop” to be installed on its devices.

Oddly enough there appears to be some debate at Microsoft about whether or not this Copyright Cop software will actually ever see the light of day on the Zune:

In the Zune Insider Blog, Cesar Menendez, a member of Microsoft’s Zune team, refers to this post, and the blog discussion it prompted. He writes:


    We have no plans or commitments to implement any new type of content filtering in the Zune devices as part of our content distribution deal with NBC.

It’s worth noting that Mr. Perrette told me that Microsoft committed to explore filtering; he didn’t say it committed to implementing those filters.

Here is what Mr. Sohn, the Microsoft spokesman, told me yesterday when I asked him about what Mr. Perrette said: “I don’t think they are wrong, but we are not going to characterize those discussions.” Later he added, “We have agreed to work with NBC across a range of topics, and protection of copyrighted material is certainly one of them.”

Either way it’s certainly a good reason to think twice about whether or not you want to purchase a Zune especially given the fate that befell users of the defunct MSN Music service.

Windows XP SP3 is now available through Windows Update.

The new service pack brings a handful of new security related features, a whole host of bug fixes, and a purported speed boost as well. As always it’s probably a good idea to install it if you’re running Windows XP on your machine. Microsoft has also re-released Windows Vista SP1 which was pulled after some compatibility issues. Both are available through Windows Update.