Trying out Microsoft Security Essentials.

Microsoft entered the free anti-virus utility arena today with the release of Microsoft Security Essentials:

Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.

Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.

Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want—without interruptions or long computer wait times.

Early reports from folks that participated in the beta and others who have tried the final product are that it’s pretty good so I thought I’d give it a shot. It’s most attractive feature is that it’s relatively lightweight, the Vista/Win 7 (64 bit) install was 4.71MB and XP was 8.61MB, and it has a low impact on system resources. I’ve been running the free version of Avast Anti-Virus for home users for a few years now and it does a pretty good job, but can slow your system down a bit at times. One big advantage of Microsoft’s solution over Avast’s is that I’ll no longer need to reapply for a license key once a year. Not that it was ever a huge burden, but it’s nice not to have to worry about it.

Assuming, of course, that I decide to stick with it. Already after install it managed to detect a dormant trojan on my system which Avast had missed. The trojan wasn’t running as it had never been launched, but it was still surprising to see it was on my system. Avast probably would’ve caught it if I were to launch it, but it’s always best to catch it before it ever gets a toehold on your system. I suspect it tagged along on a recent ISO burning utility I downloaded to fill an immediate need as I couldn’t find my Nero Burning ROM discs. The folks over at ArsTechnica are impressed with it as well.

The upshot is that you now have even less of a reason not to have an up-to-date anti-virus utility on your system. Between all the free options already out there and this new almost no-hassle offering from Microsoft there’s no good reason not to protect yourself.

“Red Alert 3” will also have SecuROM DRM.

It appears the folks at Electronic Arts are doing everything they can to ensure I never purchase one of their PC games again. Word over on the official support forums for Command and Conquer says that the upcoming Red Alert 3, a sequel to my all-time favorite RTS, will use a slightly more lenient SecuROM DRM scheme:

Hi guys—

I’ve been hearing your concerns about the DRM situation and wanted to get back to you with some information about our plans. In the case of Red Alert 3 (and all PC titles coming out of EA), we will use SecuROM – the same copy protection that the EALA RTS group has used on our last three titles. This time around, however, the copy protection will be configured to be more lenient than we’ve supported in the past.

I know this can be somewhat of a polarizing topic, and I thought it would be best to open the lines of communication with some facts:

– We will authenticate your game online when you install and launch it the first time.

– We will never re-authenticate an installation online after the first launch. In other words, no reaching out to a central server post-install to see if you’re “allowed” to play.

– You will be able to install and play on up to five computers.

– This system means you don’t have to play with the disc in your computer. Personally, I think this is a huge improvement over our previous copy protection requirements, which have always required a disk to play.

– Life happens. I know it’s unlikely, but for those unlucky few who install the game and have their machines nuked (virus, OS reinstall, major hardware upgrade, etc.) five times, EA Customer Service will be on hand to supply any additional authorizations that are warranted. This will be done on a case-by-case basis by contacting customer support.

-You can, of course, play offline without impediment or penalty.

Red Alert 3 is shaping up to be a world-class RTS game that will give you many hours of enjoyment. I think it would be a shame if people decided to not play a great game simply because it came with DRM, but I understand that this is a very personal decision for many of you and I respect that. As you might imagine, I’m a lot less respectful of those people who take the position that they will illegally download a game simply because it has DRM.

Either way, we’ re very proud of the hard work our team has put into this game and we hope you will all enjoy it when it launches.

I’m so not happy. So not happy that I took the time to leave the following comment on that thread:

    I’m a 41 year old gamer who has bought numerous titles from Electronic Arts all the way back to the original Archon on the Commodore Amiga back when EA was just a small company run by Trip Hawkins. That was back in 1982 and I was 15 at the time. In the 26 years since I’ve spent countless thousands of dollars on EA games for the Amiga, PC, and various consoles. I’ve watched over the years as the copy protection became more and more intrusive while doing nothing to actually stop the pirates, but the games were good and the copy protection not much more than an annoyance so I spent the money and enjoyed myself. It’s safe to say that I’m a long-standing fan of EA and many of the titles they’ve put out. Red Alert and its sequel remain two of my all-time favorite RTS games and I was eagerly looking forward to playing the latest installment when it is released.

    Electronic Arts, however, has decided to reward my (literally) decades-long loyalty by making use of one of the more problematic DRM systems available. These days I make my living as a PC support specialist and there are various legitimate programs, such as Process Explorer, which may or may not run properly if I have SecuROM installed on my systems. SecuROM said this was an attempt to stop people from hacking their DRM system, but considering that Spore was cracked and on the Bittorrent sites almost a week before its release it doesn’t seem to be stopping the hackers. In fact the only people being inconvenienced by this DRM system are legitimate customers who have paid for the software. You’ve already admitted that even if it works fine without conflict for the vast majority of your customers there’s still likely to be a subsection who run into problems. I believe you called that “Life Happens” in your original post. What a great attitude to take with your paying customers. It was enough to get me to take the time to register an account just so I could let you know how I feel about it.

    I’m done being treated like a criminal in order to use the software I’ve paid for. I did not purchase Bioshock despite being a fan of the original System Shocks because of SecuROM, I did not purchase Mass Effect for the same reason, I also haven’t purchase Spore in spite of following its development since its announcement, and I won’t be purchasing Red Alert 3 for the same reasons. I don’t care how many copies you allow me to install before I need to call your support line. I’m testing software and OS installs all the time which means I’m restaging my PC on a regular basis which means it won’t be long before I have to start calling and explaining why I need a 5th, 6th, 7th… 20th reinstall to some poor sap on the phone. Meanwhile Joe Pirate Boy is able to enjoy his copy as much as he wants and reinstall it as much as he wants without having to call anyone.

    There are three of us in my family who were dieing to play Spore so much so that we would’ve spent $150 for three copies of the game just so we wouldn’t have to wait for one person to stop playing before someone else could start, but now its not going to happen. I still play my copy of Red Alert 2 some eight years after it was released and it still installs just fine without any need for an Internet connection or calling someone up on the phone. Will I be able to do that with Red Alert 3 in 8 years? Will you still have registration servers running for it and someone sitting by a phone ready to grant me my 130th install? Will you release a patch at some point that removes the DRM so that nonsense won’t be necessary?

    In summary: Explain to me why I should spend $50 just so I can be treated like a criminal?

Every now and then some PC developer goes on a rant about how piracy is destroying PC gaming. I say what’s destroying PC gaming is the bullshit DRM schemes. While they whine about how some game they just released has been cracked and downloaded some 10,000 times being the loss of 10,000 sales (which isn’t entirely true) they manage to overlook the loss of sales from people like me who are sick of the pirates having the hassle free version of the game. If the reaction to Spore is any indication then people are starting to get fed up and the publishers risk alienating the few people who are buying their software.

Stardock proposes a “Gamer’s Bill of Rights” at PAX.

Stardock is one of the few game publishers out there that seem to understand their market. Their games generally don’t have any DRM systems mucking up your system or other forms of copyright protection and yet they tend to sell pretty well despite the fact that they’re pirated just as much as any other title. They’ve also been at the forefront of arguing against the use of such systems for quite awhile now.

Now at the Penny Arcade Expo (PAX) they’ve put out what they consider to be a Gamer’s Bill of Rights:

…a statement of principles that it hopes will encourage the PC game industry to adopt standards that are more supportive of PC gamers. The document contains 10 specific “rights” that video game enthusiasts can expect from Stardock as an independent developer and publisher that it hopes that other publishers will embrace…

…the objective of the Gamer’s Bill of Rights is to increase the confidence of consumers of the quality of PC games which in turn will lead to more sales and a better gaming experience.

Chris Taylor, CEO and founder of Gas Powered Games, expressed support for the Bill of Rights, which Stardock enumerates as:

  • Gamers shall have the right to return games that don’t work with their computers for a full refund.
  • Gamers shall have the right to demand that games be released in a finished state.
  • Gamers shall have the right to expect meaningful updates after a game’s release.
  • Gamers shall have the right to demand that download managers and updaters not force themselves to run or be forced to load in order to play a game.
  • Gamers shall have the right to expect that the minimum requirements for a game will mean that the game will play adequately on that computer.
  • Gamers shall have the right to expect that games won’t install hidden drivers or other potentially harmful software without their consent.
  • Gamers shall have the right to re-download the latest versions of the games they own at any time.
  • Gamers shall have the right to not be treated as potential criminals by developers or publishers.
  • Gamers shall have the right to demand that a single-player game not force them to be connected to the Internet every time they wish to play.
  • Gamers shall have the right that games which are installed to the hard drive shall not require a CD/DVD to remain in the drive to play.

It would be wonderful if more publishers were to take this seriously, but I doubt it’ll happen. With any luck most of the independent developers will jump on it as a means of drawing attention to their products. I currently own Sins of a Solar Empire by Stardock and I have to say it’s damned refreshing to be able to start it up without having to find the damned CD or worry about if my Net connection is down. The game is pretty damn good too.

Will Midori be Microsoft’s post-Windows OS of the future?

While Microsoft is trying to brush up Windows Vista’s image with some marketing stunts, they’re also considering what the future should bring as multi-core processors and ubiquitous access to broadband become more common. One of the concepts that’s been generating a lot of interest of late is Cloud Computing where instead of buying software packages to install on your PC you’ll subscribe to services that are run over the Internet. An area that Google has a good start in with not only popular email services such as Gmail, but also with Google Docs (online word processor and spreadsheets), Google Calendar, and Google SketchUp (3D modeler) all of which are supported by online advertising. 

As usual Microsoft wants in on that action and as such are developing a cloud computing OS called Midori that may end up replacing Windows as the OS you’ll run on your PC in the future. The folks at take a look at it:

The big excitement in Microsoftland this week has been further news of Midori. Midori is claimed to be Microsoft’s “post-Windows” operating system—a new platform for the future. The SD Times claims to have seen internal Microsoft documents describing the company’s plans for the new OS, and it says that Midori will be a commercial derivative of the Singularity project. Say hello to a cloud-computing-ready .NET OS.

Singularity’s big feature is that it is written in managed code. While Midori looks to follow suit, it is also written for a cloud computing world. Microsoft has already spoken of its plans for cloud computing; in particular, the company plans to introduce tools to enable cloud computing applications to be written as easily as normal applications are today. Midori will offer the same; the Midori platform will give developers the basic tools to write applications that can be run in massive parallel and that can withstand unreliable communications.

[…] Is Midori that long-term operating system? Well, it certainly does some of the things that a future Microsoft OS should do. The safety and portability of managed code would eliminate many of the security flaws that still regularly crop up in software. .NET already makes these bugs impossible; Singularity and Midori perform even greater analysis of software and prohibit even more bugs. To help address problems with parallel programming, Midori’s programming model uses immutable data; immutable data can be shared without locks and so prevents lock-based bugs from ever occurring.

Another way in which Midori is engineered for high concurrency is through an asynchronous architecture. Current OSes are usually largely synchronous; that is, whenever software asks the OS to do something (read a file from disk, send data over a network, etc.) the software must wait until the OS has completed the action. With an asynchronous design, the OS returns control to the software immediately, allowing the software to do useful work while waiting for the OS to finish the operation it was asked for. When the operation is finished, the OS notifies the software.

The whole thing is an interesting read if for no other reason than to get an idea of what software developers in general, and Microsoft in particular, are working on as the Next Big Thing in computing.

Firefox 3 will be unleashed on June 17th.

If you’re a Firefox web browser fan then you’ll be happy to hear that the release of Firefox 3 will happen next Tuesday:

After more than 34 months of active development, and with the contributions of thousands, we’re proud to announce that we’re ready. It is our expectation to ship Firefox 3 this upcoming Tuesday, June 17th. Put on your party hats and get ready to download Firefox 3 — the best web browser, period.

I’ve been using the Release Candidates both at home and at work and it’s definitely an improvement in both speed and usability. Good to see the final version is just about ready.

Trying to track down “Setsune” who once wrote about WinFixer 2005.

OK this is going to seem a bit odd, but I’ve been asked if I can track down someone who wrote an entry about the WinFixer 2005 Malware over at the B.I.S.S. Forums circa September of 2005 who posted it under the user name “Setsune.” In case you’re wondering why I’ve been asked if I can track them down it’s because Setsune had listed SEB as his favorite blog in his signature file so he may be a regular lurker around these parts.

I’ve been asked to do this by Joseph Bochner, a lawyer out of Menlo Park California, who’s been trying to bring the makers of WinFixer 2005 to justice for almost four years now. Jospeh hasn’t said what he wants to talk to Setsune about, but I’m assuming it’s to find out how he managed to come by some of the information he had in that old forum posting. The folks at the Mercury News just did an article on Joseph’s ongoing quest which gives some background on what he’s been through:

Bochner, a Menlo Park lawyer who handled mostly real estate cases at the time, soon discovered that the PC was infected by malware, malicious software that attacks computers. The program had apparently infected the machine despite anti-virus protection and the latest virus definitions. It piqued Bochner’s interest. He sought to track down those responsible and stop the scam.

But over the past four years, Bochner has discovered that despite the enormous economic and social costs of online crime, there is no simple way to disrupt these schemes. His experience provides further evidence, on a personal level, of a key finding of the November Mercury News series “Ghosts in the Browser”: Shadowy con men, responsible for an explosion of illicit online activity, often find it all too easy to evade uninterested law enforcement agencies and out-staffed security experts.

Bochner tried federal agencies and state task force officials. He called on security software companies. He even filed his own class-action lawsuit, which he abandoned because, Bochner said, he lacked the resources and expertise to handle the case on his own.

“I am astounded at the inaction,” said Bochner, who has continued to search for help in reviving the case.

Filings in the lawsuit, as well as interviews and other public documents, provide details of what Bochner uncovered about “WinFixer,” the alleged conspiracy named for a variant of the malware that has gone by many names, including WinAntiVirus, Errorsafe and SystemDoctor.

WinFixer, as you can probably already tell, is one of the many fake anti-virus apps out there that deliberately infect your PC and then tell you it’s infected as if the problem had been there all along. If you want to get rid of the viruses you have to purchase the program except that the program doesn’t actually remove the viruses because it’s what put them there in the first place. Joseph’s saga is illustrative of how hard it is to get law authorities to do anything about these scammers in part because they don’t see it as a big problem, in part because they lack the manpower, and in part because they don’t really understand what the problem is. This is one of the reasons you have to be very careful about what you install on your PC and consider carefully any pop up warnings from software you’ve never installed from companies you’ve never heard of. There’s a good chance that even if you do complain to someone nothing will be done:

Bochner became convinced that the operators of the system should be prosecuted, and turned to the FBI. Agents from both Silicon Valley and southern Florida, where one potential defendant lived, investigated before deciding against seeking criminal charges.

“There was a lot of hoopla and there were complaints made, and (the WinFixer operation) was shady and backward,” San Francisco FBI Special Agent Joseph Schadler said in an interview.

But FBI agents, like officials from a series of other agencies, decided against pursuing a criminal case. Some questioned whether a crime had occurred; others said it would be too difficult to prove. One agent who turned Bochner down, Sacramento Valley High Tech Crimes Task Force commander Capt. Glenn Powell, told the Mercury News his unit didn’t have the personnel to pursue such computer fraud cases.

Joseph hasn’t given up the fight, however, and he’s tracking down every lead he comes across. Which is how he came to send me an email. His last reply which just arrived in my inbox explains what he’s hoping to accomplish:


Thanks much for the prompt reply.

The poster referred to your blog as his favorite…perhaps a request for help to your reader community might attract a response? Setsune said he had complained to Big Pipe; I’m looking for people who have submitted a complaint regarding WinFixer…to anyone!

Regarding “lack of concern or manpower,” I would add lack of understanding. Hence my efforts.

Thanks again and best wishes,

Joseph Bochner

So Setsune, if you’re still reading SEB some three years later, Joseph would really appreciate it if he could contact you. Or if any of you regulars have had experiences with WinFixer 2005 and tried to complain to someone about it then Joseph would like to hear about that as well. Leave a comment here or drop me an email and I’ll get you in contact with Joseph and maybe he’ll be able to win at least one victory in the war against the scammers.


IBM Internet Security System’s X-Force annual report is out.

The folks over at have a summary of IBM’s latest annual report on the state of security and malware threats which you should read:

Annual IBM security report paints worrisome picture for 2008 –

IBM Internet Security System’s X-Force has released its annual report (PDF) on malware trends and statistics from last year. 2007 saw some significant changes in malware distribution, and there’s reason to think that some of these shifts mark the beginning of new attack patterns rather than small abnormalities. The following are some of the highlights from the report:

  • Reported vulnerabilities in 2007 were down five percent compared to 2006, but the number of those vulnerabilities that were classified as severe rose by 28 percent.
  • Microsoft, Apple, Oracle, IBM, and Cisco reported the most vulnerabilities, but collectively account for only 13.6 percent of all reported vulnerabilities.
  • 90 percent of the 2007 vulnerabilities were exploitable from a remote location, up 1 percent from 2006
  • Most in-the-wild exploits are being generated by web toolkits. Prevalence of these toolkits has risen dramatically since they appeared in 2006.

There’s a couple of things in the report that stood out to me. The first being that, contrary to what most people seem to believe, Microsoft products aren’t miles and away worse in terms of security than those of Apple, Oracle, IBM, and Cicso. Of those top 5 vendors a good 80% of the known vulnerabilities have been patched and while that still leaves 20% of them unpatched, that’s still a boatload better than the 50/50 ratio that everyone else tends to have.

The second thing that stood out is the fact that the percentage of exploits that could be accessed remotely jumped from 43.6 percent in 2000 to 89.4 percent this year. That’s huge and shows just how valuable taking over your PC has become to these people:

Trojans were the overall darlings of the year, accounting for 26 percent of all malware distributed. Worms, adware, viruses, and downloaders also grabbed significant chunks of the pie, while keyloggers, rootkits, and spyware all were all confined to small pieces of the market. Trojans were also responsible for the largest number of malcode additions in 2007—a total of 109,246 new Trojans were detected in 2007, compared to 64,173 worms, 55,873 adware programs, and 48,889 viruses.

Those numbers are staggering, though it helps to keep in mind that a lot of these programs are variations on a theme as each hacker modifies the code to try and avoid detection and/or adapt it to their specific goals. It all should act as a reminder of the need to keep your anti-virus software up to date, make use of a decent firewall, and be very careful about knowing exactly what you’re installing on your PC. Some of the more recent, but less successful, exploits have tried to spread themselves through PDF and MP3 files. While some of the most successful exploits are the fake media codecs from sites that tempt you with some outrageous or titillating video that requires you to install a media codec you’ve never heard of before you can watch the clip. When you do you’re suddenly infected with malicious downloader or spyware. 

Windows Vista SP1 released to manufacturing, available in March.

The first service pack for Windows Vista has been finalized and is headed to the CD presses for distribution. It’ll also be available as a Windows Update download sometime in mid-march according to

Windows Vista Service Pack 1 has been released to manufacturing, Microsoft says, pegging the software update to a public roll-out in March. Along with Vista SP1, Windows Server 2008 is also said to be finished and set to arrive in the very near future.

Mike Nash from the Windows Product Management group at Microsoft confirmed Vista SP1’s arrival on Monday, saying that update contains “reliability and performance” enhancements as well as improved hardware support. Nash says that Windows Vista SP1 will be released via Windows Update and the download center in mid-March. A month later, in mid-April, Vista SP1 will be served to customers who chose to have system updates downloaded automatically.

Good news not just for Microsoft, but for Vista users struggling with the latest version of Windows. Although precise details of what will be in Vista SP1 are not yet available, judging by the beta releases, the update will address a number of common Vista headaches.

Aside from the promised improvements outlined in Nash’s blog post, Vista SP1 is also said to improve hardware compatibility, one of the chief problems for many that made the leap from XP only to find that their peripheral devices wouldn’t work under Vista.

Other changes include speeding up core system tasks, including sleep, hibernate, resume, start up and shut down. Copying or transferring files should also be sped up and there are also said to be support for new file formats in Vista.

It’ll be interesting to see if this will result in more folks making the switch to Vista as there’s a common feeling among some in the PC industry that you wait until the first service pack before adopting a new version of Windows. This service pack isn’t expected to be a big change in the way the first one for XP was for that OS, but it should help smooth things out a bit.

Six Apart has released Movable Type Open Source.

The folks at Six Apart, makers of very popular Movable Type blogging package, announced today that the Open Source version of MT is now available. I’m not sure, but the announcement makes it sound like the Open Source version will be the official version from here on out.

The Movable Type Open Source project exists thanks to the passion, dedication, and inspiration of a community that has been incredibly generous for more than six years. We thank you for all the work leading up to this launch, and especially for the valuable contributions you’ll be making in the future. Today, we’re honoring the spirit of openness that’s always been part of the Movable Type community and taking it to its logical conclusion: Please welcome Movable Type Open Source.

A few quick answers to questions you might have about MTOS:

  • MTOS has every feature in Movable Type 4.0 along with several new minor improvements and bug fixes.
  • All plugins, themes, templates, designs, and APIs that work with MT4 work with MTOS. MTOS also works with other Six Apart open source technologies such as memcached.
  • MTOS is one of the only open source blogging tools with built-in support for an unlimited number of blogs, an unlimited number of authors, and sign-in with OpenID, with no plugins needed.
  • We’ll be adding additional paid benefits for people who’ve paid for commercial licenses for Movable Type, with benefits like improved technical support and custom add-ons such as plugins or themes.
  • MTOS is complemented by the paid software products we sell on top of the MT platform, such as our Enterprise Solution, Community Solution and personal and commercial licenses which include support.
  • There’s a public Subversion repository for getting the MTOS code and nightly builds.
  • Once there are stable public builds, those downloads will be on as well.
  • You can find out how to contribute to the MTOS project and the MT community at
  • MTOS support is provided by other members of the community. (A great place to start is the new Movable Type Wiki.) You can buy a standard paid license for one of the existing Movable Type products if you’d like professional support directly from Six Apart.
  • Movable Type Open Source is being released under the standard GPL license.
  • We welcome and encourage the distribution and reuse of all or part of MTOS in other open source projects. Get in touch if you want to work together.

Be sure to check out the full MTOS details for more details on how MTOS works, a list of Frequently Asked Questions, and information about how you can contribute.

The weird part of this announcement is that it pretty much sets things back to the way they were prior to the licensing fiasco at the release of version 3.0. Despite not being officially Open Source, pre-3.0 MT was freely available, fully modifiable, and unrestricted in the number of blogs and authors you could have which is part of what made it so popular. The only real difference is that with the move to Open Source it’s possible a branch could split off if enough of the community decides to take on such a project. My first thought is to question why they bothered with the whole licensing issue at 3.0 to begin with, but I actually do understand why it just seems silly when you have the benefit of hindsight. Making MT Open Source back with the release of 3.0 would’ve probably been the best move at the time, but better late than never.

MS announces IE Desktop Online Web Browser Live Professional Ultimate Edition for the Internet.

Or, as it’s more commonly known, Internet Explorer 8. Alas, not much in the way of details, in fact no real details at all, but at least they’ve confirmed they’re working on it and it’ll be even more standards compliant than IE 7 was. Which really shouldn’t be that hard.

Just as he was the first to talk about IE7, Bill Gates kept the tradition alive and discussed IE8 at the Mix ‘n Mash event here on campus yesterday. Bill was talking to some bloggers about IE.Next and called it IE8, the same way we do here in the IE team hallway.

So, yes, the version after IE7 is IE8. We looked at a lot of options for the product name. Among the names we considered and ruled out:

  IE 7+1
  IE 1000 (think binary)
  IE Eight!
  IE for Web 2.0 (Service Pack 2)
  IE Desktop Online Web Browser Live Professional Ultimate Edition for the Internet (the marketing team really pushed for this one wink
  Ie2.079 (we might still use this for the Math Major Edition)

Of course, some people care about other aspects of IE8 much more than they care about the name. As I’ve walked different people through the plan, I’ve gotten “Does it have feature X?” “When is the beta?” “When does it release” and even the more thoughtful “What are you trying to accomplish with this release?” 

So, yeah, IE 8 is coming sometime in the near future. In case you were wondering.