In a recent blog I indicated that MS planned to make its Microsoft Security Essentials product available as a free beta soon. Well, it went into beta on 6/24 but the number of downloads was limited to 75,000. Within 24 hours of the opening gate, that ceiling was reached and the gate was closed. If you weren’t lucky enough to grab it during that narrow window, console yourself with this screencap of the Beta home page:
In case you can’t read the fine print in the reduced-size screenshot, let me reproduce it here “Thank you for your interest in joining the Microsoft Security Essentials Beta. We are not accepting additional participants at this time. Please check back at a later date for possible additional availability.”
Since I can’t check it out for myself having also missed the window of opporutunity, I’ll cadge from an interesting blog on ChannelWeb from Stephanie Hoffman entitled Microsoft Security Essentials Reaches Max Downloads. She reports on independent Web testing from AV-Test.org that indicates MSE fared well against a week-old collection of malware from their current WildList, and also did well against false positives. These are all good signs, so I’m hopeful MSE will emerge as a viable low-cost security software alternative in the future when it becomes more broadly available.
Sigh. Another chance missed…
With all the details on Windows purchase, upgrades, and pricing now established, it should come as no great surprise that Microsoft has also finished up its retail packaging for the boxed versions of the new OS. For a sneak peek, you can check out the “...New Windows 7 Packaging” entry on the Microsoft Windows 7 Blog.
To me, it looks like MS retained a similar box shape as compared to the Vista design, with a rounded upper right corner, though it looks like the Windows7 box may be a bit bigger than the hard plastic Vista version. The best change, however, is that they abandoned the clumsy hinged interior chamber (you had to pull on a tab at the upper left corner of the Vista package to expose the contents of a “box within a box” where the CDs and documentation was inserted with the product key label affixed to the back of the interior chamber). The Windows 7 retail box is a simple translucent plastic clamshell that opens and closes like a book.
Microsoft also indicates that they made the plastic case lighter and completely recylable. I’m sure that’s as much a consequence of switcher to a simpler box design that is not only easier to open and close but also requires substantially less raw materials to fabricate. Gone, too, is the 42-page Quick Start Guide included with Vista retail versions. All you find is a very short Getting Started Guide, a DVD, and the case itself. The product key label is on the inside front cover of the box, which makes it easy to find and see.
In retrospect and by comparison I see many of the seeds of Vista’s problems in the box itself: a snazzy but overly complex and not terribly user friendly design presaged much of what I’ve learned to expect from Vista since then, software-wise. Let’s hope that by this logic the simple spare design of the Windows 7 box also speaks to the design and behavior of the OS itself. In my last three months of intensive testing and writing for the upcoming Pearson book Windows 7 in Depth, I have to say that this appears to be the case! But of course, only time will tell…
OK, so here are the long-awaited particulars on three areas related to Windows 7 pricing and upgrades, where references to “Today” mean 6/26/2009:
Terms of the “buy Vista now, upgrade to Windows 7 later” deal. Starting today, those who purchase a PC equipped with any of these Vista versions: Home Premium, Business, or Ultimate from a participating retailer or computer manufacturer will get a free or low-cost upgrade to the equivalent Windows 7 version some time after October 22, 2009, the general availability (GA) date for Windows 7. This program continues through January 31, 2010. Details will be made available from the seller about how to collect (and how much to pay, if anything), and provided as part of the post-purchase paperwork.
Pre-order Windows 7 at a substantial discount. Starting today, upgrades to Windows 7 Home Premium will be available for pre-order for $49, and to Windows 7 Professional for $99 at a list of retailers that includes: Office Depot, Amazon.com, Best Buy, the Microsoft Store, TigerDirect.com, Newegg.com, and Fry’s. This offer is only good until July 11, so those wishing to cash in on this half-price deal should act fast. You’ll also want to check the upgrade matrix for Windows 7 to figure out which one to buy (hint: Vista Home Premium upgrades to Windows 7 Home Premium, Vista Business upgrades to Windows 7 Professional; XP Home upgrades to Windows 7 Home Premium, XP Professional to Windows 7 Professional; for XP versions a clean install is required–you can’t perform an upgrade install to get from XP to Windows 7, though you can use various migration tools to move preferences and settings).
Pricing for boxed copies of Windows 7 has been set. When these items go up for sale starting on October 22, 2009, upgrades will cost $119 for Home Premium, $199 for Professional, and $219 for Ultimate (this is $10 cheaper for Home Premium, and the same price for Professional vs. Business, and Ultimate on the Microsoft Store site). I’m hoping this means third parties will offer more substantial discounts (for example, you can buy a Vista Home Premium upgrade from Directron right now for $60). Full retail versions will go for: $199 for Home Premium, $299 for Professional, and $319 for Ultimate (this is $40 cheaper for Home Premium than for its Vista counterpart, though Professional/Business and Ultimate pricing remains on par with Vista).
For those thinking about upgrading personal machines to Windows 7, the current pre-order pricing is hard to beat. Though you’ll still have to wait to lay hands on the package until after 10/22/2009 (and how much longer after that is anybody’s guess), with savings of 50-60% in the balance it’s still worth doing, if you ask me. I’d hoped to see Microsoft knock more off its prices this time around, but all in all it could have been worse!
If you’re more of a “visual learner” than a text-oriented type of person, you’ll find a video recap on all of this material in the 6/25/2009 Windows 7 blog entitled “Announcing the Windows 7 Upgrade Option Program & Windows 7 Pricing – Bring on GA!“
The Windows 7 Upgrade advisor is still in beta — as is the Windows 7 OS itself — but it’s recently acquired a pretty permanent-looking URL: http://www.microsoft.com/windows/windows-7/upgrade-advisor.aspx. System admins who may be thinking about upgrading current XP or Vista platforms to Windows 7 will definitely want to download and check out this interesting tool. FWIW, I plan to upgrade my production machine as soon as I can lay hands on the RTM version of Windows 7 (hopefully, not too long after its reported mid-July release date to OEMs for testing and slipstreaming into their factory install programs), if only to see if Windows 7 can’t arrest and repair some of my current problems with networking, the snipping tool, and the sidebar on that machine.
Once you download and install the program, you’ll launch it from the Start menu. Thir produces a startup screen.
Click the “Start Check” button to perform the upgrade review of the machine upon which the software is running.
Wait several minutes while the hardware check is underway.
When it’s complete, a report appears as shown. It will tell you what kind of upgrade you can perform (if any), indicate any components on your current OS that may not be available in Windows 7 (for my Vista Ultimate install that includes Windows Mail, now supplanted by Windows Live Essentials Mail, parental controls that are no longer supported in Windows 7, and Ultimate Extras which are likewise gone, gone gone).
If you’re curious, you can also click on the System Requirements link to see how well your system meets Windows 7 minimum install requirements.
If you’re even halfway thinking about upgrading any machines to Windows 7, you definitely want to install and get to know the beta version of this tool. At 6.3 MB, it’s a pretty speedy download.
I was both bemused and pleased to read about NY Attorney General Andrew Cuomo having extracted a $375K settlement from both Symantec and McAfee to set aside what Network World reports as “…charges that they automatically charged customers software subscription renewal fees without their permission.” The gist of the argument is that customers didn’t receive sufficient warning that their AV service fees were really subscriptions that would renew automatically on a yearly basis after the initial purchase period expired. Here’s my favorite snippet from the story, a quote from Cuomo’s office: “Companies cannot play hide the ball when it comes to fees consumers are being charged.”
At least, in the enterprise world where service contracts are an important part of any volume purchase agreement, and must be invoiced yearly, things are a bit more explicit. But since so many IT administrators also dole out advice on home and personal gear and software, as well as take care of company or organization assets, you might want to let your users know that they’ll be able to opt out of automatic renewals in the future if they choose to do so.
Cynics see this tactic as a way to keep company revenue streams topped up, because they virtually guarantee ongoing cash flow once users sign up for a subscription. Both companies explain this maneuver as a way to help protect customers, especially by making sure they can keep their security software up-to-date. It will be interesting to see how their bottom lines fare as a result of this ruling (companies that do business in NY state are now required to refund such charges at user request, as long as users ask for a refund within the 60-day period following the posting of fees to a credit or debit card, bank account, or other payment instrument).
Personally, I think auto-renewal is a good thing, but that consumers shouldn’t be forced into accepting the arrangement. I also think that companies should be required to send a notification 60 days before auto-renewal occurs, and include opt-out information and links in such e-mails to make it easy for consumers who don’t want to stay on that bus to get off if they choose. I already get this level of service from companies based in the EU (where this sort of treatment is the norm), so US-based companies should be able to do likewise.
In the wake of numerous leaks about the upcoming product, Paul Thurrot was finally allowed to go public on June 18 about the replacement product for Windows Live OneCare. Formerly code-named “Morro” (for the famous beach in Rio de Janeiro), the product is almost into public beta, and will be called Microsoft Security Essentials (MSE). His story about the product and its checkered history makes fascinating reading: check it out on his SuperSite for Windows. It looks like current plans are for general availability when Windows 7 goes into GA (on or about 10/22/2009). This offering will be free of charge, and will work with 32- and 64-bit versions of Vista and Windows 7 (32-bit Windows XP versions only).
In describing the product, Thurrot starts by listing what’s been rumored or reported about the product that isn’t true. Here goes my summary/recap:
- it’s not a “cloud computing AV solution” though it does support near-real-time updates
- There’s no managed firewall
- There’s no management facility for multiple computers on a home network
- There’s no application controls nor GPO capability
According to Thurrot, what MSE does have to offer essentially boils down to “OneCare minus the stuff that’s not related to fighting malware.” He also goes on to describe MSE as “small, fast, light, and effective.” Right after that he starts to elicit some incredulity when he says “…and since it’s built on the same award-winning underpinnings as Microsoft’s other security products you know you can trust it.” Wait a minute: is this for real. Yep! When I go off to look at the latest Virus Bulletin 100 (aka vb100) there it is with a vb100 sticker (but it appears that Thurrot is really talking about ForeFront which has also earned vb100s consistently starting as far back as June 2007 ).
I have to say that MSE appears to be a real boon, especially for users in need of low-cost/no-cost protection for virtual machines as well as real ones. According to Thurrot the public beta will commence next Tuesday on June 23. I think we’re going to have to check this out!
Here’s an interesting story from June 16 on the SPAMfighter.com Website, based on recently-released research work from leading antispyware firm Webroot. It’s entitled “Vista Low on Malware Detection” and makes some pretty interesting points:
- The OS demonstrates only limited built-in malware blocking capabilities: it cannot block 84% of common malware elements, including some of the most common and well-known malware and spyware versions.
- Some malicious code was able to install at administrative privilege level, execute code, and use a keylogger, but Windows Defender could neither detect nor stymie its installation or run-time activities.
- Signature updates for malware were also observed to be “extremely slow” on Windows Vista.
What’s the point? Try this quote for size “…security experts…cautioned users that the default malware blocking software as well as the anti-virus programs of Microsoft may fail to provide them comprehensive protection…” Duh!?
When it comes to news like this, I’d like for them to tell me more about what they learned in doing their analysis, and how other threat prevention mechanisms fared as well. Everybody knows that additional protection is necessary for Windows PC active on the Internet, and most corporate security policies require specific and more powerful antimalware coverage anyway. What would have been more interesting and potentially useful would have been a comparison of effectiveness for leading antispyware programs (including Webroot’s own Spyware Sweeper, PC Tools Spyware Doctor, and so forth and so on), as well as speed comparisons for signature updates and scanning for XP, Vista, and Windows 7.
I’m hoping more and more of that detailed information becomes available as Windows 7 heads for commercial release in October. And gosh, would I ever love it if somebody stepped up to fund an organziation like Virus Bulletin for the anti-spyware community. There may never be an AntiSpyware 100 (AS100) like the VB100 if what I know about spyware remains true — and things show no signs of changing in this regard — but it would be nice to have AS80-plus or AS90-plus ratings to help separate the merely adequate antispyware packages from the real star performers. To me, that would be some real news!
A great story in Western Australia Today (WAtoday.com.au) features Ms. Larson-Green, the person behind the ribbon technology introduced in Office 2007, who has since taken over ownership of the Windows 7 UI and its usability (called “Windows Experience”) prior to the imminent launch of that new flagship OS in October, 2009. The story is entitled “Meet Microsoft’s antidote to Vista” and describes Larson-Green’s background, motivation, and focus in helping to prepare Windows 7 for beta testing and launch. Refreshingly her self-professed goal is to “…build an operating system that doesn’t require people to take computer classes or master thick manuals.” Larson-Green credits a work history that includes waiting tables and answering customer support calls at Aldus (now part of Adobe) for sensitivity to customer wants and needs, and empathy with their trials and tribulations.
She focused on more centralized planning, and better coordination to create a more cohensive and intuitive look and feel for Windows 7. She also worked hard to eliminate the scores of pop-ups, alerts, and notification that system developers mean to be informative, but which bedevil ordinary users who simply want nothing more than to get them out of the way (to me, this finally explains the consolidation of alerts into the Windows 7 Action Center, and why only generic alerts get issued periodically–I hadn’t realized the noise had gone away, but had definitely noticed its reduction subliminally).
According to the story, Larson’s mantra is best stated as “user in control’ (hooray, what a simple but significant concept). The goal was “…to build an operating system people could use without studying first, one that would let them get right to reading the news or sending email without dragging them down a rabbit hole of setting and configurations. A system with manners…”
Larson-Green is already at work on Windows 8, though her group is still engaged in occasional tweaks to Windows 7 (though this will freeze solid in mid-July when the RTM version goes to OEMs for the October 22, 2009 release). Larson-Green says she plans to measure how well Windows 7 is doing “…by conversations she overhears at Best Buy and comments posted by bloggers.” Her hope is that people will like it. If my recent experiences in getting to know and writing about Windows 7 in the past three months are any indication, I don’t think she’s going to be too disappoointed.
Last November, MS announced its plans to create a no-cost consumer security software product. Code-named “Morro,” this solution is supposed to debut in H209 and be able to deal with viruses, spyware, rootkits, and Trojans. It’s going to be low-footprint on the client side, and use Web-based services and scanning technologies to keep resource consumption and local file sizes small and zippy. Ultimately, Morro will replace Windows Live OneCare, and take over the low-end security role for the company.
Recently, lots of published accounts have mentioned that MS is now testing Morro internally in-house, and is preparing a public beta of the technology (see this ComputerWorld story, for example). This Reuters newswire story posted on Wednesday, June 10, indicates that this beta will be unleashed “soon.” Interestingly, stock values for both Symantec and McAfee dropped with this news, with investors guessing that those companies will lose (paying customer) market share in the face of an at least potentially credible free product. Well-known Windows maven Paul Thurrot is quoted in the ComputerWorld story as suggesting that news of the imminent beta was leaked prematurely, and that “…it wasn’t supposed to be today,” apparently confirming that “soon” means “not yet.”
When the product does make its appearance, even enterprise administrators might find it worthwhile for certain applications. Chief among these will be the new Windows XP Mode available in copies of Windows 7 Professional, Enterprise, and Ultimate editions. Even VMs need security software, and this could be just the ticket for sufficient coverage to keep those occasionally used virtual desktops safe and secure.
OK, so yesterday’s Patch Tuesday does the deed for June. It’s a monster: 10 security bulletins, 31 vulnerabilities addressed, and involving most versions of Windows itself, IE, and various MS Office and related elements (Works, Word, and Excel). Even the Windows Print Spooler and OS Kernel get in on the act!
Of the 10 bulletins issues, half (5) are critical, and fill some gaping widely-known holes in MS security. Chief among these: the dual WebDAV gothas for IIS publicized in May (explained in this Ryan Naraine blog from 5/19) and the infamous Pwn2Own vulnerability discovered in March at the CanSecWest conference in Vancouver.
|MS09-018||Critical||Active Directory, Server 2000/203||2 remote code execution items|
|MS09-019||Critical||IE version 5-8||8 vulnerabilities, including remote code execution items|
|MS09-020||Important||IIS||2 vulnerabiliites allowing elevation of privilege|
|MS09-021||Critical||MS Excel||7 vulnerabilities including remote code execution|
|MS09-022||Critical||Windows Print Spooler||3 vulnerabilities, including remote code execution (Windows|
|MS09-023||Moderate||Windows Search||Single vulnerability could allow info disclosure|
|MS09-024||Critical||Microsoft Works converter||Could allow remote code execution|
|MS09-025||Important||Windows kernel||4 vulnerabilities that could allow elevation of privilege|
|MS09-026||Important||RPC||Could allow execution of arbitrary code or takeover|
|MS09-027||Critical||MS Word||2 vulnerabiltiies could allow remote code execution|