amarbledesk.com
a not infamous place
| posts tagged ‘microsoft’ |
The Scoop on Seven
23 Oct 2009 02:16 EST
Today Microsoft released Windows 7, their newest version of their operating system. I’ve worked with Windows and various Microsoft OS development teams over the years, especially with some of the Server OS’s (NT 5.0/Windows 2000, and 2003 server in particular, when I spent a lot of time in Redmond), so I’ve had a fairly intimate view of the evolution of the system. I’ve been on the beta, and I have a fairly positive view of the release, especially compared to Vista. When my disk comes, I’ll definitely upgrade my home machine to the release version. Yeah, I’m not the average Windows user.
So what does Windows 7 mean for the average user then?
If you buy a new PC, it will probably come with Windows 7. That’s good. If your dealer gives you an alternative choice of XP or Vista, choose 7. It will work with your hardware and it will have all the latest code.
If you just bought a new PC with Vista, then you qualify for a free Windows 7 upgrade. Do it. Get the upgrade from whoever you bought the PC from. The upgrade will definitely be worth it since it’s free and better.
If you have an older PC running Vista, you can pay for an upgrade. It’s a hundred or so bux, depending on your edition. This choice is tougher. The jury is still out on whether it’s worth paying to upgrade from Vista to 7, especially since it’s so new. I’d hold off for a while and see; if 7 has a much better security track record then I’d recommend the upgrade. Until then, I can’t recommend paying for it.
If you have an older PC running XP, don’t upgrade to Windows 7. It’s really not worth it yet. First, you have to make sure 7 will even run on your machine. Then you have to buy the upgrade to 7 (see above). Wait, but it’s not really an upgrade! It’s a complete system reinstall where you have to back up your data. When you finally do all this, all your XP apps might not even run (unless you buy a more expensive version of 7). After all this, you do get an OS that’s somewhat better than XP, and with a significantly updated interface. Microsoft has a few other reasons they think you should upgrade from XP to 7, but to be honest the reasons don’t seem compelling to me. Given the potential hardware incompatibilities, the cost, the hassle of a complete reinstall, all for minimal benefit I’d recommend holding off until there is a very very compelling reason to upgrade: like, you need a new PC.
So in short:
- New PC? Get it with Windows 7.
- Recent PC with Vista? Upgrade to Windows 7 for free,
- Older PC with Vista? Wait a bit to see how it pans out, since it costs money to upgrade.
- Older PC with XP? Stay on XP.
HTH
[ Trivia: did you know that the code name for XP was Cairo? Cairo = Chi Rho = χρ = XP ! ]
Vista calling today's Critical updates only "Important"??
14 Oct 2009 02:12 EST
Today (Patch Tuesday!) Microsoft released a record number of security patches. This includes some items rated Critical — here’s a good breakdown of the patches at SANS and another from Microsoft themselves.
I’ve been through the Patch Tuesday rounds seemingly countless times now, whether on my personal machines, in data centers, or as part of the process of building and operating commercial security software that’s patch-aware. It’s complex — lots of moving parts that can go wrong.
So I immediately noticed something when doing my check for today’s patches. None of the patches were rated Critical on my Vista machine. Instead, Vista told me that I had 15 Important patches ready to download and install:
With all the news and hype surrounding this release, I certainly expected more than this. Where was the Windows Media Player vulnerability? The SMBv2 vulnerability? I dug in and looked:
Well, there they are: the Media Player fix is KB954155. The SMBv2 fix is KB975517. Etc. These are Critical vulnerabilities with known exploits. But they are all listed as only Important by my Vista Home Premium SP2 personal laptop.
This is a major oversight. If someone thinks these updates are only Important, they may defer installation. Since there are in-the-wild exploits, this would be a very dangerous choice to make. People who aren’t following the news, aren’t tech-savvy, and don’t have their updates set to automatically install could find themselves in a bad situation.
Microsoft needs to investigate and correct this. I’ll report the issue and follow up on anything I learn.
Danger in the clouds!
13 Oct 2009 01:52 EST
OK, everyone, let’s take a deep breath here.
Any kind of architecture might carry the risk of losing all your customer data in one catastrophic event – if it’s poorly designed or poorly operated. Microsoft/Danger’s loss of customer data was due either due to a design failure or an operations failure or both. It’s also possible that the loss was due to a calculated risk: that known design or operations flaws were nevertheless judged unlikely to lead to a loss. Or all three. Either way, it was not due to any particular feature of cloud computing.
Secure computing gets a lot of attention today — but mostly in the attacker/malware aspects. To be sure, malware and other attacks are significant and serious risks. But another important aspect of security is reliability. Even if your data were absolutely impregnable to attackers, in the event of irrecoverable data loss your customers are just as out of luck as if they’d been hacked. There are decades of best practices on how to maintain data reliably, yet naturally, losses still occur.
It’s impossible, of course, to guarantee against data loss with 100% certainty. There are always events which have some small yet finite chance of occurrence that are capable of causing catastrophic loss in any system. And in the real world of engineering, there is always a trade-off between cost and function. Generally speaking, the more you engineer a system to be reliable, the more the system costs. Money isn’t unlimited, and so there is only so much reliability one can realistically achieve with any given budget.
The best kind of risk is the one you’re aware of — the one you can calculate the chance of occurring, the cost if it does occur, and how to recover from the event. Not every risk is even imaginable, much less predictable. In the best case, Microsoft/Danger was aware of the kind of risk that existed in their system, engineered appropriately around that risk, operated with awareness of that risk, and simply got hit with an unlucky event. In the worst case, they were unaware of a poor design or slipshod operations.
None of the above has anything to do with ‘cloud computing’.
Now, ‘cloud computing’ does have some general features which do change the risk profile of these sort of events.
- In contrast to a system where customer data is always stored locally to the customer, a system where data is stored centrally is more likely to experience a loss of data across multiple customers. But central data storage is neither a necessary nor a sufficient feature of cloud computing.
- In contrast to a system where customer data never transits the Internet, a system were it does cross the Internet is more likely to experience a loss related to such transit. Internet transit is a necessary feature of cloud computing, but not a sufficient one. Customer data travels across the Internet in many other ways that are unrelated to cloud computing.
Proper architectures and proper operations will be made with awareness of these risk profiles and account for them in line with the costs of the system. But hey, that ain’t exactly rocket sci…actually, come to think of it, that is rocket science; or at least rocket engineering.
One can argue that the above points represent the very essence of why cloud computing may be more prone to this kind of problem: it encourages centralized data storage and transmission of data across untrusted networks. Well, yes. Different architectures have different risks, different benefits, and different economies. As cloud-based architectures become more and more pervasive, engineers and architects will need to adapt to patterns and models that are appropriate to the cloud and its unique characteristics. (In my opinion, these disciplines should become part of a modern computer-systems education. I digress…)
But this doesn’t seem to be the problem in the MS/Danger/T-Mobile case. Sounds like they just screwed up in any number of ways. Lay this at the feet of ordinary human failings, but not of cloud computing.
MS kills the consumer AV market
30 Sep 2009 13:28 EST
MS has just released Microsoft Security Essentials, which they call “high-quality, hassle-free antivirus protection for your home PC“. It’s free – ‘free’ as in beer, not ‘free’ as in speech. And, surprisingly, it works: independent anti-virus testing organization AV-Test GMBH says that MSE detected every virus on the WildList of viruses, and detected no false positives: “All files were properly detected and treated by the product. That’s good, as several other AV scanners are still not able to detect and kill all of these critters yet.”
Microsoft already has an AV product in the business market, OneCare, but it hasn’t really taken hold since it’s not a free product, MS does not have a good security reputation, and AV vendors are already very entrenched in most organizations. So there is not a huge threat to the AV vendors in the business sector.
There are a lot of free AV products already available in the consumer market: Avira, AVG, Avast, BitDefender, etc. These often don’t reach mainstream consumers, though. Microsoft has a huge marketing engine and unbeatable distribution channels. If MS AV is free, works, well-known, and easy to get, then people will use it.
MS has probably changed the market. Consumer AV will become free. Symantec, Trend, McAfee will keep making consumer AV but their enterprise business will just become even more important. Companies like Sophos that focus on business only will escape this one.
about mark beadles
I write the things you read here. Polymath renaissance redneck. I build software, stories, and young men. More...on the desk
around the web
in the vault
-
