VistaBillGates.com | Vista!

PCWorld:Microsoft Microsoft Reveals First Vista Gadget Bugs
Microsoft patched several Windows Vista gadgets this week, the first time it’s had to fix the small applications. Microsoft Corp. Tuesday patched several Windows Vista gadgets, the first time it’s had to fix the small applications, prompting one researcher to mark the date as the real “arrival of the next-generation of vulnerabilities.”

Forrester: Businesses Still Saying No to Vista
Software incompatibility, the need for hardware upgrades, and comfort with existing versions of Microsoft Windows are all causing businesses that once planned to roll out Windows Vista as fast as consumers to put off their deployments, according to Forrester Research Inc.

A bump on the road to Windows Vista
“IT managers are finding themselves pulling back their initial Windows Vista deployment plans,” Forrester analyst Benjamin Gray said in a report issued this week.

Buggy ATI Driver Leaves Vista Open to Attack
Microsoft is working with AMD to fix a bug in an ATI driver that ships preinstalled on millions of laptops and which leaves the Vista kernel open to arbitrary memory writes by malicious driver authors.

Olympic Committee Chooses XP Over Vista
“The popularity of Windows XP is still making things difficult for Vista. Now Vista has again suffered a major setback, with Lenovo (Olympic 2008′ official sponsor) installing XP on it’s machines to run the Olympic Games’ vital PC-related tasks. Vista will only be used in internet lounges set up for athletes to use during the games.”

Microsoft tightens Vista kernel defenses, updates PatchGuard
Microsoft seems to be doing something to harden its Windows Vista Patch Protection defenses ????? PatchGuard, which has issued an update through Windows Update as a high-priority download.

ComputerWorld:Microsoft Updates Vista in Bid to Boost Speed, Reliability
Microsoft Corp. last week released a pair of Windows Vista updates that had leaked onto the Internet at the end of July, but the company didn’t say when it will begin pushing them to users via Windows Update.

Vista Performance and Compatibility updates officially released
Although the tech world is still taking shots in the dark regarding the official beta release date of Service Pack 1 for the Windows Vista operating system, American software behemoth Microsoft Corp. has this week offered up two new updates that reports claim will be included in the final SP1 package.

ComputerWorld NZ:Tech Ed: The top ten reasons why you should deploy Vista
It was easy to see why Microsoft picked this as one of the kick-off sessions at Tech Ed ‘07. Based on a show of hands, I counted less than ten people (out of an audience of around 600) who indicated they had been involved in a serious Vista deployment, that is something more than installing the OS on a home machine.

Leaked Vista SP1 installed and analyzed
If you are one of the lucky few that have managed to get your hands on Vista SP1 then most likely you are enjoying a much improved Vista experience. If you do not have access to a legitimate copy of Vista SP1 (meaning the one Microsoft shipped to testers) then you are on your own to find it.

Vista SP1 analysed in-depth
It’s no secret that there’s a leaked beta of Vista SP1 floating around, but no-one yet has really taken the time to analyse it in detail to find out what it really does.

Neil McAllister, InfoWorld

?

According to Microsoft, it’s the most secure operating system the company has ever produced. Five years in the making, Windows Vista promises to lock down the desktop and usher in the era of “trustworthy computing,” in which PCs are more reliable, user experience is improved, and rampant malware is a thing of the past.

Just three months into the official commercial release of the OS, however, questions are flying. Anti-malware vendors, hackers, and security experts have raised doubts as to the efficacy of Microsoft’s new security measures, with one — blogger Joanna Rutkowska — going so far as to suggest that Vista’s security model might be merely “a big joke.”

Microsoft is always an easy target, especially when it makes extravagant claims. The truth is that early testing suggests Vista is significantly more secure than previous versions of Windows.

That doesn’t mean that the new OS signals an end to Windows security headaches. Some of the pain for IT administrators will subside, but weak spots and their work-arounds should be top of mind as always.

?

Administrator no more

One of Windows Vista’s most lauded security enhancements is also one of the most criticized. UAC (User Account Control) aims to address a long-standing flaw in how Windows handles user permissions, but its detractors say it doesn’t offer enough protection and that inadequate design undermines its effectiveness.

At issue is the role of the administrator account. Best practices dictate that a user should be assigned administrator privilege only when performing tasks that require it, such as installing device drivers or changing the registry. But part of the legacy of DOS is that older versions of Windows were essentially single-user systems. Even on Windows XP, which was Microsoft’s first multiuser client OS, users would routinely log in as administrator by default, even for mundane tasks.

This practice made workstations easy to manage but was a security disaster. When a user is logged in as administrator, worms and Trojan horses have free rein to run amok. Worse, Microsoft’s inattention to user permissions encouraged ISVs to use sloppy, insecure programming practices that compounded the problem. Many Windows applications simply would not work unless they were allowed to run with full administrator privilege — that is, to run in the least secure way possible.

UAC attempts to correct these bad habits. Under UAC most software runs at reduced privilege by default. When an application attempts to do something that requires administrator privilege, UAC prompts the user with a dialog box asking for permission to “elevate” the application to the increased privilege level.

Unfortunately, UAC is not perfect. On her blog, Joanna Rutkowska details several flaws in Vista’s UAC implementation that are potentially exploitable. For example, software installers are always allowed to run with full administrative privilege, just like in old-fashioned Windows. In addition, Symantec security analyst Ollie Whitehouse points out that Vista ships with executables that can be used to compromise UAC.

“I still think that Microsoft did a good job with Vista,” Rutkowska says, yet the significance of these discoveries is clear: Don’t expect UAC to eliminate problems associated with the administrator account overnight.

Programmatic exploits aren’t the only way around UAC’s protections, either. User behavior is equally critical. UAC confirmation dialogs can be intrusive and somewhat cryptic. Users might be tempted to simply disable UAC out of frustration, or they might become so numb to the UAC warning messages that they click “OK” without thinking. What’s more, they can easily be tricked into doing the wrong thing using social engineering or deception.

“Windows Vista provides many features to protect your system, but they require proper use,” reads Microsoft’s Windows Vista Security Best Practice Guidance for Consumers on the subject of UAC. “Your system security is only as strong as your actions, so think before you click.” In other words, relying on UAC puts the responsibility for system security in the hands of the individual user — hardly an ideal scenario.

In fact, Microsoft discourages customers from thinking of UAC as an explicit security boundary — and therefore, as Rutkowska notes, it does not consider flaws in the UAC implementation to be security flaws . Don’t ignore this point. It speaks volumes to how IT should view UAC within the enterprise environment.

Tweaking out

Microsoft has added numerous other features to Windows Vista besides UAC, many of which are intended to increase the overall security of the OS. But upon closer examination these add-ons are only marginal improvements over previous versions of Windows.

Windows Firewall has been enabled by default on all new Windows installs since the introduction of Windows XP Service Pack 2. With Vista, Windows Firewall gains the capability of blocking outgoing connections as well as incoming ones — a marked improvement, when you consider the growing threats of spyware, phishing, and DDoS attacks. Unfortunately, the filtering of outgoing packets is not enabled by default. In other words, Vista’s firewall won’t provide significantly more protection than the one included in XP SP2 without manual configuration.

A new program called Windows Defender adds anti-malware capabilities to Windows, but it’s primarily consumer-focused and so far does not seem to be up to par with the major aftermarket options already available for XP. According to competing anti-malware vendor Webroot,

Windows Defender misses the vast majority of spyware. Worse, in February Windows Defender was shown to actually be a vector for attack on Vista, with the disclosure of an exploitable bug in Microsoft’s malware detection engine. Similarly, while Vista includes a new hard drive encryption feature called BitLocker, it is not enabled by default, and whether it offers any real protection against advanced computer forensics techniques is questionable.

Worst of all, some new features added to Vista actually have proven detrimental to overall security. In January, hackers discovered that Vista’s speech recognition feature could be used to gain limited access to a remote system, including the ability to delete arbitrary files. Such annoyances sound almost cute — until they result in real data loss.

?

Enemy at the gates

The Vista speech recognition exploit underscores an important point. As with previous versions of Windows, by far the majority of attacks on systems running Windows Vista will come not in the form of exploits of the OS itself, but of applications running atop the OS.

Microsoft actually has made significant improvements to Windows Vista that are designed to mitigate some of the most common types of application vulnerabilities. A group of new technologies makes it more difficult for hackers to exploit commonplace bugs by obscuring the memory addressing space and protecting access to the OS kernel.

Preliminary research by Symantec suggests that Vista may still be vulnerable to some forms of attacks but concludes that “the implementation of these protections achieves many of the security goals that Microsoft had envisioned.”

The rise of .Net as the dominant development model for Windows Vista also bodes well for security. The managed code and security sandbox features of the .Net platform protect developers from common programming errors that can lead to exploitable vulnerabilities.

Despite these improvements, the primary weakness of these technologies is that developers must rewrite their code to take advantage of them. Legacy applications that are unaware of Vista’s new security model will remain vulnerable. Examples have already begun to surface, including a previously patched bug in Computer Associates’ BrightStor backup software.

Patches to widely used commercial applications will doubtless continue to surface during the next few months, but custom enterprise software remains the big unknown. Until older applications are upgraded to take advantage of Microsoft’s latest security technologies, they will gain little benefit when running under Vista beyond what is provided by UAC. Though Microsoft has made significant advances, this new OS is no panacea for a secure Windows-based IT environment.

?

The road to security

“We remain confident that Windows Vista is the most secure version of Windows to date,” says Russ Humphries, senior program manager for Windows Vista security, “however, it is important to note that no operating system is ever going to be 100 percent secure — there are no silver bullets.”

The bottom line: Windows Vista is not immune to attack, nor would it be fair to expect it to be. Technological advances within the OS bestow real security benefits, but Microsoft acknowledges that Vista users will benefit from aftermarket security and anti-malware products, as they have for previous versions of Windows.

As is often the case with Microsoft operating systems, perhaps Vista’s biggest weakness lies in the desire for backward compatibility. Most of the vulnerabilities discovered in Vista so far exploit legacy applications that don’t take advantage of the new Windows security model. Even UAC itself is a capitulation to outdated practices.

The sooner enterprises embrace the latest Windows technologies, the sooner they will begin to benefit from Microsoft’s engineering efforts in the area of security. Wherever possible, custom applications should be migrated to managed code and the .Net framework, and care should be taken to observe the new core Windows security APIs and practices. Even more hardware-based security mechanisms will become available as the industry transitions to 64-bit computing platforms.

In the meantime, the watchword is caution. Microsoft has issued specific security guidance for IT administrators who are evaluating Vista for enterprise networks with Active Directory.

The exact configurations recommended depend on the level of security required within a given organization, but the overall message is straightforward: Effective security under Windows Vista will still require a combination of IT oversight, adherence to security policies, and third-party anti-malware and security management tools — in other words, business as usual. Vista does represent a significant security improvement over Windows XP, but after all, it’s still Windows.

Initial sales figures from Microsoft show its new operating system Windows Vista made a splash in its debut. In the first month of Windows Vista?? general availability, sales exceeded 20 million licenses, more than doubling the initial pace of sales for its predecessor, Windows XP. These initial figures reflect the broad interest in the security and usability enhancements in Windows Vista.

Windows Vista license sales after one month of availability have already exceeded the total of Windows XP license sales in the earlier product?? first two months of availability. In January 2002, the company announced sales of Windows XP licenses had exceeded 17 million after two months on the market. The more than 20 million copies shipped represent Windows Vista licenses sold to PC manufacturers, copies of upgrades and the full packaged product sold to retailers and upgrades ordered through the Windows Vista Express Upgrade program from January 30 to February 28.

By JOE KIRBY
STAFF WRITER

It is safer. Faster. Better-looking. And, according to Bill Gates, just what your PC needs.

It is Vista, the long-anticipated overhaul of Microsoft’s operating system (OS), the chassis and foundation to roughly 90 percent of the world’s laptops and desktops. Released this week to much fanfare as the most powerful and polished version of Windows yet, the much-delayed Vista arrives more than five years after the introduction of XP, the current industry standard.

New on store shelves, Vista has been in the hands of millions in beta form (a limited test version) since November, downloaded for free from Microsoft. Also, Christmas and post-holiday shoppers may have purchased PCs already loaded with Vista. As a result, online message boards, blogs, industry publications and Web sites are awash with commentary on tinkering to the product that put Microsoft on the computing map.

Should you be among the early adapters?

E-mail: kirby@northjersey.com

FAQ for the home computer user

Window shopping The Record’s PC Guy (Peter Grad) and cnet.com, the online reference to all things tech, recommend that users of Microsoft XP hold off purchasing Vista — for now. Both say that while the new OS is a significant improvement over XP, it isn’t a quantum leap that justifies an immediate purchase. Moreover, all the bugs and kinks have yet to be found and worked out.

Where and how should I buy Vista? Vista is the first operating system to be offered for sale online (via download from Microsoft), but most will purchase the software at a major retailer. Best Buy, CompUSA, RadioShack and other computer outlets have been preparing for the changeover, offering training to their sales staffs on the finer points of Vista. Of course, these stores also will sell PCs with Vista pre-installed.

Which version is right for me? There are three versions of Vista. Home Basic ($199 for the complete version; $99 for the upgrade), is a bare-bones product that does not include Aero, the snazzy new interface. So, most will want to opt for Home Premium ($239; $159), which features the new visuals and multimedia entertainment tools, or Home Ultimate ($399; $259), which contains high-end networking and security capabilities. Before installing any software, make backups of all important files!

Will Vista affect my current software or peripherals? Maybe. Some online users report that Vista may conflict with other software programs, including Quickbooks, Lotus Notes, iTunes, some anti-virus utilities, some Adobe and Roxio products, and even Microsoft Media Player.

It’s probably best to first check a reference page on the Vista Web site (windowsvista.com) and download a utility that will scan your system and let you know which hardware and software components may or may not work. In the case of glitches, consult the software makers’ Web sites for updates, tools and patches to rectify Vista-specific issues.

Will I need to do anything to my computer before installing Vista? You may. Vista has steep hardware requirements ?

IT WAS billed as the Jack and Bill show with the First Minister and the richest individual on the planet signing an agreement to help young Scots adopt skills to make them more attractive to the business world.

Then it was the Gordon and Bill show, as Bill Gates said goodbye to Jack McConnell and joined Chancellor Brown to bring to a climax the Microsoft Government Leaders Forum in the Scottish Parliament. A first for the UK.

The Microsoft founder had landed in Scotland on the last leg of a schedule that had taken in Switzerland, New York and London, during which he had promoted good causes and the latest addition to the Microsoft family, the Vista software package.

The man reputedly worth ?27bn swept into Edinburgh in an ordinary people carrier, accompanied by just one security guard, to meet Jack McConnell at Bute House.

Gates can lay claim to having changed the way that many of us work and his Foundation has contributed millions to help fight poverty and disease. Even so, he does not receive universal acclaim. He may retain boy-next-door looks but he also attracts critics who see him as the head of an organisation exploiting the very people he is setting out to help. Opponents say his Foundation invests in those who create the problems in the first place.

It is an accusation Microsoft refutes and Gates himself now contributes more than ?760m each year to a range of charities and agencies.

He believes in the power of the PC to change lives and the world’s “richest geek” was in Scotland to engage the public sector and the country’s young people in computer skills, specifically to help those not in education and employment. Gates believes computers empower people and he was keen to play his part in improving the condition of those he sees being left behind.

At a press conference he told journalists that Scotland had punched above its weight in some growth sectors, such as life sciences, and noted its “long history of innovation and top universities”. He left promptly to receive an honorary degree from Edinburgh University and meet with Ian Wilmut, the scientist whose team created Dolly the Sheep.

He departed with a warning that the competition for blue chip investment is high and that further investment, on the educational front for example, is needed for Scotland to stay on top of its game.

But on the big issue of the moment - independence - Gates refused to comment, particularly on whether Microsoft would alter its investment strategy in Scotland if it broke away from the union. “I’m not here to answer political questions,” he said.

And so to the Scottish Parliament, where his arrival must have looked to the bemused passer-by as something akin to a royal visit. This time, though, the police presence was a bit heavier.

Gates shared a platform with Gordon Brown to address an audience of international politicians, business people and the global press in the debating chamber, but the event passed off without living up to its high billing, and the odd assortment of representatives, which included the president of Iceland and the prime minister of Albania, left some wondering what it was trying to achieve.

Gates and Brown were preceded by a series of warm-up acts - Gerri Elliot, a Microsoft public sector contracts boss, Augusto Lopez Claros, a South American economist, and Eberhard Sinner, a state minister from Bavaria. A hush descended as Gates and Brown entered the chamber and sat down at what looked like a daytime TV studio set - two maroon chairs and a table with a bottle of water.

First, the man tipped to become the UK’s next prime minister took to the podium and spoke with his usual exuberance about Adam Smith and Andrew Carnegie and the need to get the UK’s workforce better educated, while Gates sat casually, his arm looped over the back of his chair and an inscrutable smile on his face. Gates followed with a lecture on how the internet and websites such as Wikipedia could help more children to get educated, while Brown brooded and occasionally remembered to smile.

A handful of prepared questions followed, but without any sparking the remotest controversy. The closest anyone came was a member of the Scottish Youth Parliament who secured a pledge from Gates to look at the idea of incorporating a young person’s forum into the next Microsoft Government Leaders Forum.

Upstairs, the gallery was packed with the world’s press and other interested observers, including the tyres tycoon Sir Tom Farmer.

But there was a degree of confusion, even cynicism, about the purpose of the event aside from providing a worldwide audience for Microsoft’s Vista platform. The announcements appeared fairly random - one on Scottish schools, another deal between Microsoft and the Albanian government.

One observer said: “I am here because Microsoft paid for me to come and I wanted to see Edinburgh. But I’m still not sure what this is all about.”

Speaker after speaker praised Microsoft for its efforts in helping spread technology and Gates for his philanthropy. There was nothing resembling a debate.

Microsoft paid nothing for the use of the parliament building, the first time a working parliament has been used for one of the software company’s annual Government Leaders Forums.

But the company did meet the cost of flying 300 delegates and 70 journalists to Edinburgh, feeding them and supplying them with drink and accommodation in the city’s Caledonian Hilton, Balmoral and Radisson hotels for three nights.

Whether or not the event will have any lasting benefits for the good causes it promoted, at least all those who took part now know about Vista.

This article: http://business.scotsman.com/technology.cfm?id=183382007

By Steven Levy

?

Feb. 12, 2007 issue - Is Vista, Microsoft’s latest version of Windows??eleased last week with press events, parties, rock bands, a circuslike “human billboard” in downtown New York City and a multimillion-dollar ad campaign??he last operating system to launch in a sea of hype? Clearly, we’re no longer in the era when the rollout of a computer OS is greeted with the hosannas showered upon a conquering army returning home. At one of the events last week held under banners declaring that with Vista the wow starts now, Microsoft CEO Steve Ballmer sat on a stage with five other middle-aged executives, all of whom worked for chipmakers or computer manufacturers, in what seemed to be a contest over who could say the word “excitement” the most. But the midnight release of Vista did not generate blocks-long lines serpentining around computer stores to buy an upgrade. Ballmer himself explained that only a small percentage of Windows users would be sufficiently thrilled by Vista to purchase an upgrade. Instead, people will get Vista when they replace their current PCs with a new one, a process that will occur over a period of years.

True, that’s not terribly different from the way that systems like Windows 95 were adopted. The difference is that in 2007, operating systems, however important, aren’t where people seek the wow factor. Obviously, OS upgrades are essential for helping our computers keep pace with mightier processors, gluttonous storage, skyrocketing use of media and persistent high-speed connectivity, among other mileposts in the march of high tech. And Vista indeed is an improvement over its predecessors (especially in terms of securing your PC from malfeasants). But the real excitement in technology in recent years has come from Internet-based start-ups that take advantage of the aggregate power of a connected population, like Google, Flickr or YouTube. We’ve also been wowed by devices dedicated to delivering a single experience so well that they transform our behavior??he BlackBerry, the iPod or game consoles like Microsoft’s own Xbox. In comparison, operating systems are infrastructure, and wildly feting a new version is like throwing a party for scaffolding.

So will this Vista launch be the last OS rollout that comes on like an MTV “My Super Sweet 16″ on steroids? (In fairness, Microsoft paired the Vista celebration with a launch of its revamped productivity suite, Office 2007.) Chairman Bill Gates, who jetted in from Davos for the events, insists that it won’t be. “People have said that at every major Windows release,” he says, citing predictions that the Java programming language would obviate the need for Windows, or network computers would kill the PC. “People don’t seem to have a good memory about having cried wolf every single time. Will the [next] operating system advance so that speech and vision and ink are built in? Well, you can bet against that, but the breakthroughs that Microsoft research is making in these things [will be] very advantageous to users.”

Gates does admit that with Vista, Microsoft may follow the industry trend of doing significant upgrading every couple of years, maybe even yearly. But he won’t budge on his insistence that the era of the big release isn’t over. He says that the major decisions on Vista’s successor will be made before his departure from a full-time role at Microsoft in mid-2008, and the release of this newbie in 2011 or whenever will generate just as much hubbub as previous launches. At that time, he jokes, “we’ll tell you how Vista just wasn’t good enough.” Oh, wow.

According to security researchers, Windows Vista’s speech-recognition feature is flawed and hackers could use it to remotely force a PC to execute commands.

Security researchers began offering details on how pranksters could exploit the speech technology just a day after the consumer launch of the new operating system.

A malicious Web site, for example, could load an audio file that shouts commands to shut down the operating system without the user’s authorization, they say.

While some security researchers believe Vista’s first public flaw is serious, Microsoft has downplayed the risk, noting that a targeted system’s speech-recognition feature would need to be configured correctly for the attack to be successful.

Microsoft insisted that Vista’s User Account Control feature could not be circumvented by speech commands. The new feature is responsible for not giving rogue programs administrator-level access to key operating system functions.

Windows Vista offers a high-end speech recognition feature in the built-in speech-to-text conversion software, which controls the Windows interface and dictating text.

Posted by Marc Wagner @ 4:35 pm