Category Archives: Microsoft

When Windows XP support ends…

After April 2014, it will no longer be possible to obtain security updates for Windows XP – unless you’re paying Microsoft a ton of money. This has some interesting ramifications.

Clearly, there will be renewed interest in the aging O/S as an attack target. New vulnerabilities will continue to appear, but will remain unpatched on most Windows XP computers. Tools that exploit these vulnerabilities will increase in value, resulting in a boom for anyone developing them.

Depending on how many XP systems remain after April 2014, and the number and seriousness of vulnerabilities discovered after that date, there may be some backlash against Microsoft. There may be calls to extend support for XP even further. It’s possible that as many as one third of all computers and devices will still be running XP after support expires.

If Microsoft declines to extent support, you can bet that any new patches they develop for XP will find their way into the hands of regular users through unauthorized torrents and underground web sites.

On the other hand, while keeping Windows XP patched is obviously an important part of an overall security plan, there are other ways to protect yourself. Most users these days connect to the Internet through a router/firewall, which – if configured correctly – makes it almost impossible for an attacker outside the router to identify or even detect a computer inside the router. So, while I’m not recommending that you ignore this problem (you should really upgrade to Windows 7), there may not be a reason to panic if you’re still running Windows XP next year.

Update 2013Aug21: Another ComputerWorld post on this subject, and a post from ZDNet.

Today is Patch Tueday for August 2013

It’s that time again. This month Microsoft has issued eight bulletins, with three of them flagged as Critical. The associated patches affect Windows and Internet Explorer. The August 2013 security bulletin has all the technical details. A post on the Microsoft Security Response Center has a somewhat friendlier summary. For a slightly different view of this month’s updates, check out this post on the SANS Internet Storm Center.

Windows 8.1 update coming in October

Windows 8 Service Pack 1 8.1 will be made available starting some time in October 2013, according to various sources.

Included in the free update will be several tutorials on the new user interface. The exclusion of such tutorials in Windows 8 was a strange decision by Microsoft, since they were in every previous version of Windows.

The update will also include a variety of changes related to user interaction, affecting the use of touch, mouse and keyboard input. Context menus will be improved for better usability.

Related:

Update: Microsoft has set a firm date for availability of Windows 8.1: October 18, 2013.

Microsoft says “your privacy is our priority” (unless the NSA is involved)

Over at TechDirt, a post by Tim Cushing details a recent leak published by The Guardian, showing that Microsoft values your privacy, unless the NSA comes calling. When the NSA asks for your ‘private’ information, Microsoft is happy to hand it over. This means that nothing you say on Skype, Outlook.com, Skydrive or Hotmail is safe from prying eyes.

Microsoft is quick to point out that nothing they’ve done is illegal, but that’s really the problem, isn’t it?

Windows 8.1 available to manufacturers in late August

On July 8, at the Worldwide Partner Conference in Houston, Microsoft executives announced that Windows 8.1 will be released to manufacturing in late August. Still no word on when the update will become available to consumers in retail stores or through other channels.

Another question that remains is whether Windows 8.1 will be available through Windows Update or Windows automatic updates. If so, will it be a forced update, or will it be optional? In the past, Windows Service Packs (which are the closest analog to the 8.1 update) were available via Windows/auto update and – at least initially – not forced.

Windows 8.1 makes search even less useful

Microsoft has been gradually destroying Windows’ search capabilities since Vista. When I originally evaluated Vista, I discovered that searching for file contents would mysteriously fail if the search string only existed past the first ten kilobytes in the files being searched. I posted a video on Youtube to demonstrate the problem.

Vista search had a lot of problems, but I had discovered workarounds for most of its bizarre limitations. The 10K problem looked like a bug, so I dutifully reported it to Microsoft. After several hours on the phone with Microsoft Support, they were able to reproduce the problem and it was fixed in Vista Service Pack 1.

But the damage was done. With each new version of Windows, search has become increasingly useless, and I’m reluctant to trust it. I still try to use it, but I always go back to third party tools such as Everything and Fileseek, or even (when desperate), ancient DOS tools like FINDSTR.

The root of this gradual decline in Windows’ search functionality seems to be one of perspective. As clearly demonstrated by the Windows 8 UI, Microsoft no longer cares about ‘enthusiast’ users, which include power users, system administrators and software developers. For these elite users, the new UI just gets in the way, and the search tools are almost entirely useless.

<rant>Microsoft is making Windows a consumer-oriented O/S. What Microsoft doesn’t seem to realize is that while this change may solidify Windows as the consumer O/S of choice, and reduce support costs, they are driving enthusiast users, including me, to Linux. Worse, business IT departments are staffed with enthusiast users, and these are the people who evaluate software and make organization-wide recommendations. Eventually, these people are going to get tired of fighting Microsoft and look elsewhere for a corporate O/S.</rant>

All of which leads me to wonder how the otherwise reliable Ars Technica could publish an article extolling the virtues of the search changes coming in Windows 8.1. Possibly Ars has realized that Windows is now a consumer-grade O/S and adjusted their viewpoint to suit.

In Windows 8.1, search will be entirely integrated with the Bing web search engine. Any time you search for something, Windows will assume you want to search the web as well as certain specific areas of your local system. This also means that you’ll start seeing advertisements in your Windows search results.

Problems I see with this change:

  • Blurring the line between local and web search is dangerous for privacy.
  • For me, as with many users, there are distinct search use cases; there is almost never any reason to search the web when I’m looking for something on my local system, or search my local system when I’m looking for something on the web.
  • The same applies when searching for locally installed programs or features; it’s an activity that’s completely separate from web searching.
  • I was previously able (in Windows XP) to easily search local files in a particular folder and its subfolders, by file name and/or contents. Now that functionality has been eliminated: it is simply no longer possible to perform useful local searches and third party software is required.

Advance notification for July 2013 Patch Tuesday

The next batch of updates from Microsoft will become available starting at about 10am PST on July 9. This month’s patches comprise seven bulletins – four of which are flagged as critical – addressing vulnerabilities in Windows, the .NET Framework, Silverlight, Internet Explorer and the GDI+ subsystem.

Related posts from Microsoft: