Windows Enterprise Desktop

October 10, 2012  2:52 PM

MS Puts Win8 on Patch Tuesday Schedule

Ed Tittel Ed Tittel Profile: Ed Tittel

Yeah, sure, yesterday was the second Tuesday of the month. As expected, MS dropped a sizable load of updates for currently supported Windows versions (14-18 for my various 32- and 64-bit Windows 7 machines, and 8 for my sole remaining Windows XP VM; I’ll check on Vista later when I take my HP Dragon home from my son’s school for updates and maintenance next weekend). What I didn’t expect but received with great delight was a package of updates for Windows 8. According to Steven Sinofsky’s blog on the subject (Updating Windows 8 for General Availability), Win8 is not just on the Patch Tuesday schedule going forward. In addition, this first batch of updates for Win8 is tantamount to an initial service pack, not just as a patch/bug-fix maneuver but also as a reflection on input and requests from OEMs in response to their preparing their desktop, notebook, and tablet offerings for sale on or after the GA date of October 25, 2012).

Here’s a screen cap of the update history for my Windows 8 desktop showing 4 updates applied yesterday:

One driver update and one Defender item, but two "real updates" for Win8, too.

One driver update and one Defender item, but two “real updates” for Win8, too.

In his Building Windows 8 blog, Sinofsky makes special mention of the update related to KB2756872 which is called “Windows 8 Client and Windows Server 2012 General Availability Cumulative Update.” There’s also a Flash update as well, but alas, Secunia still doesn’t see Flash as patched because Adobe has come out with another, newer patch for pre-Win8 versions in the meantime (sigh!).

This is pretty cool because it means that what MS has done before in its SP1 release (often as long as 6 months to a year after GA) it has done for Windows 8 before GA actually happens. Should be interesting to poke around on my systems to see if I can notice any perceptible improvements to security, reliability or responsiveness — but so far, all I notice is that my drivers (except for the Camera codec) haven’t required any post patch updates just yet. We’ll see!

October 8, 2012  5:12 PM

What Are a Few Zeroes, Between Friends? Windows Store Apps A’Comin Soon!

Ed Tittel Ed Tittel Profile: Ed Tittel

Over on her ZDnet blog, Mary Jo Foley reports this morning that an MS VP (Keith Lorizio, US Sales and Marketing, Microsoft) has claimed that MS will have over 100K apps in the Windows 8 App Store within three months (90 days) of the GA date on October 25, 2012. Because there are only 3,600 or so apps currently available, that would require an additional 96,400 items to appear to make such a claim good. I agree with Ms. Foley’s assessment that this strains credulity, and applaud the graphs and charts she provides in her blog post to support her contentions.


Today’s App Store offers less than 4,000 items, so there’s a long way to go to get to 100k!

I expect we’ll see perhaps a few hundred more apps before the 10/25 GA date hits, so I can take the total count up to 4,000 by that time without being overly generous. That means we’d need to see an average of 32,000 apps per month for November, December, and January for Mr. Lorizo’s claim to prove correct. Something tells me the actual count will probably fall short of that final number. I’d love to be wrong, and for him to be right, but there’s not only some work involved in writing the apps, they must also go through a submissions, vetting, and listing process to show up in the App Store  as well. If only because of the time involved in moving items through that pipeline, it seems highly unlikely to me that so many items could successfully make that transit in such a relatively short period of time.

We’ll see!

October 5, 2012  4:25 PM

The Politics of Windows 8 Upgrades

Ed Tittel Ed Tittel Profile: Ed Tittel

Until the end of January, 2013, anybody who owns a valid license to Windows XP, Vista, or 7 can pay $40 for a download upgrade to Windows 8, or $70 for an upgrade package with DVD. That certainly removes most financial barriers to jumping into the Windows 8 soup. And at least for Windows 7 users, the near-identicality of drivers for the two “numbered Windows OSes” (7 and 8, that is) make driver issues something less of a concern than it was for those who faced the transition from XP to Vista, when Microsoft revamped its device driver model thoroughly (and catastrophically for its sales results). I’ve installed and upgraded systems from XP, Vista, and Windows 7 to Windows 8 now for customer preview, release preview, and RTM versions and have encountered only half-a-dozen driver issues or so, most related to printers and scanners, and one mysterious USB device that has yet to give up its secrets.

Having been down this road quite a few times in the last year myself, I had to chuckle this morning when reading well-known curmudgeon John Dvorak’s latest piece for PC Magazine entitled “The Great Upgrade Upheaval.” His observation that upgrade involves finding files and serial numbers for software installed long, long ago, then using that information to reinstall strikes a pretty humorous chord with me. My solution has been to enshrine legacy stuff like that in a virtual machine, then run the VM when I need to use the old stuff I couldn’t install on a new OS, not because of compatibility issues, but because I couldn’t find the necessary information to obtain the original media and a license key to make things work!  I’m not sure Dvorak is right to blame Microsoft for this, but it’s certainly a problem all of us can relate to.

As for Dvorak’s whining and moaning about data, preferences, and settings that Windows strews willy-nilly all around the system drive, I agree this creates complexity that has to be addressed. That’s why I’ve learned to appreciate tools like the Microsoft User State Migration tool, or the Windows Easy Transfer tool, both of which automate all the little files, settings, preferences, favorites, and so forth that gradually turn into any user’s customized and comfortable desktop environment.

For example, I just transferred my wife’s working environment from an older mini-ITX system to a new Dell notebook and everything moved over for her just fine, thanks to Windows Easy Transfer. But what queered her move in this case was the Dell’s behavior with the external monitor with the notebook lid open or closed: open, it restricted screen resolutions to settings related to the laptop’s own built-in display; closed, it allowed the external monitor’s native resolution and settings to decide what things looked like. Because it’s difficult to tell if the lid is closed all the way, the behavior of the system just seemed too capricious, arbitrary, and unpredictable for her to enjoy making a go of things using the Dell box. It’s too bad because its speedy SSD, Sandy Bridge processor, and Intel HD 3000 graphics ran rings around the MSI G945 industrial mini-ITX mobo on her old and trusted mini-desktop setup. But because she couldn’t easily make things look the way she wanted them to on the Dell, she’s now reverted happily back to her old machine.

The same sort of inertia seems to be afflicting Mr. Dvorak. Though I do understand it completely, he would do well to remember that there’s more than one way to skin the upgrade cat. Buy a new Win 8 machine with enough RAM for multiple VMs, and he can take all of his legacy runtime environments with him to Windows 8 in VM form, and use them when and as he sees fit. Shoot! He could even just use Win8 as a hypervisor environment, and live entirely in his legacy VMs if that’s what he prefers.

October 3, 2012  8:25 PM

Yes, There Is a Flash Update for IE 10, But …

Ed Tittel Ed Tittel Profile: Ed Tittel

Despite MS having promised to provide an update for the insecure version of Adobe Flash integrated into IE 10 in Windows 8 “soon” (see my 9/12/2012 blog post on this subject) I hadn’t seen the update come across the transom yet, and wondered what the story was. A little online research turned up this IEBlog post entitled “IE 9.0.10 Available via Windows Update,” which explains that Security Update MS12-063 (“Cumulative Security Update for Internet Explorer (2744942)”) released on 9/21/2012 addresses the flash issue among other reported problems with IE versions from 7 through 10. Sure enough, I checked my Update History in Windows 8, and here’s the relevant line that shows up therein:

The info comes from KB article 2755399
The info comes from KB article 2755399

Nevertheless, when I run Secunia PSI on my Windows 8 machine, it still claims that Adobe Flash player still needs updating on that system for the 64-bit version, as shown in this screen snippet

The update is installed but PSI's still not happy.

The update is installed but PSI’s still not happy.

After some further digging around, I found a passel of downloads in the cited KB2755399 article that included a Microsoft Installer executable for x64-based systems, which I proceeded to download and install. After restarting my Windows 8 test machine as per the installer’s request, Secunia still reports that Adobe Flash player is out of date! This creates something of a Catch-22 until Windows 8 GA on October 25, because Secunia’s official policy is that it doesn’t support beta OSes, even though their software (mostly) runs fine with Windows 8.

My gut feel is that the issue should be resolved with the application of Windows Update item KB2755399, but we can’t get official confirmation from Secunia until Windows 8 goes into official public release later this month. Stay tuned!

October 1, 2012  2:04 PM

Closing Store Apps in Win8 Manually

Ed Tittel Ed Tittel Profile: Ed Tittel

Although Windows 8 does a pretty good job of managing memory, and will close open Store Apps (using TIFKAM, or “The Interface Formerly Known As Metro”) when memory starts to get in short supply, there may be time you’ll want to close apps yourself directly. Though Windows 8 apps lack a close button, you can close them pretty easily using one of two hands-on methods:

Method 1: Use the Switch List

The Switch list appears when you drag from the upper left corner of the screen using finger (touchscreen) or mouse cursor. Once the list is open you can press and hold (touch) or right click (mouse) to provoke a control menu. Among its options you will see a Close option. Select that entry, and the app is closed.

Right click or press-and-hold to bring up the right-click menu, then select Close.

Right click or press-and-hold to bring up the right-click menu, then select Close.

Method 2: Close the App While It’s in the Foreground On-Screen

OTOH, if you’re in the App you’d like to close you can either press the Alt+F4 key combination to close it, or click or press at the top of the app and hold until the Apps closes. On a touchscreen, you can also drag the app to the bottom of the screen and hold until the app shrinks and makes an animated move to vanish.

For real Windows 8 fans, there’s another option, too. Click the Settings charm, then click Change PC Settings, then select General from the PC Settings menu. Then, click the Delete history button that appears under the App switching heading: in addition to deleting your App switching history, it will also close all open Store apps as well.

The Delete history button under App Switching closes open apps too.

The Delete history button under App Switching closes open apps too.

These maneuvers remind me a little of IOS, where a quick double-tap on the control button pulls up the list of open apps, and a press and hold on any entry provokes a minus sign to shut things down. My son’s always playing games on my phone, so about once a week, I have to go in and shut down all the stuff that won’t be used until the next time he “plays” on that device.

September 28, 2012  8:18 PM

Windows 8 Forums Surveys 50K Users

Ed Tittel Ed Tittel Profile: Ed Tittel

I’m a big fan of the various Windows Forums sites, including those for Vista, Windows 7, and Windows 8. They offer a great set of how-to’s and tutorials for all kinds of interesting and widely-followed topics on installation, tweaking and tuning, and working with specific system components (graphics cards, SSDs, eSATA, USB 3.0, and so forth). On Wednesday, September 26, 2012, Windows 8 Forums published a survey of 50,000 of their members on feelings and reactions to the company’s emerging flagship Windows 8 OS, as well as earlier versions. While the audience is by no means composed of enterprise IT types (its population probably includes less that 25% of such people), the survey results do paint an interesting picture of the current Windows landscape and users’ attitudes toward the various Windows versions available (or soon to be commercially released).

Here’s a list of responses that shows how survey takers feel about Windows 8:

Top 9 positives about Windows 8 from forum respondents.

Top 9 positives about Windows 8 from forum respondents.

But probably the most cited and illuminating responses from this group come in the elements of the system where forum members sought improvements:

The dislikes generated less heat, but still indicate issues for MS to address.

The dislikes generated less heat, but still indicate issues for MS to address.

Overall just over half (53%) of respondents cited Windows 7 as their favorite Windows system, with Windows 8 capturing only one-quarter (25%) on that question, almost tied with XP at one-fifth (20%). Clearly, Windows 8 still has some ways to go to catch up with its ever-popular predecessor.

September 26, 2012  2:15 PM

Intel CEO sez “Windows 8 being released before it’s fully ready” Huh?

Ed Tittel Ed Tittel Profile: Ed Tittel
Otellini tells Intel employees that Windows 8 still needs improvement.

Otellini tells Intel employees that Windows 8 still needs improvement
Source: Bloomberg.

The trade press wires are buzzing with news from an unnamed source at Intel who attended a company event in Taiwan this week (see this Bloomberg story for representative reporting) that attributes Intel CEO with remarks to the effect that “Windows 8 is being released before it’s fully ready” and that “Windows 8 bugs could hurt Microsoft.” Extremely interesting remarks, methinks, from the CEO of a company much of whose core business hangs upon the success or failure of Windows in general, and that has told analysts it expects the Windows 8 release to have a positive overall impact on its sales of CPUs and chipsets for x86 PCs.

Microsoft spokesperson, Mark Martin, responded to this reporting in typical corporate style as follows: “With over 16 million active preview participants, Windows 8 is the most rested, reviewed, and ready operating system in Microsoft’s history.” These remarks certainly reflect my own experiences in installing, running, and using — and even occasionally, intentionally trying to “break” — Windows 8, starting with the Developer Preview late last year, and progressing through the Customer Preview, Release Preview, and RTM versions that have been released this year.

What with recent projections from Intel cutting their third-quarter revenue forecast by 0.9-1.3 billion dollars, and citing “lackluster demand for PCs,” I find myself wondering if Otellini isn’t seeking to shift blame for market conditions away from the chip-maker that employs him and onto the shoulders of the Colossus of Redmond, as some occasionally refer to Microsoft. While those shoulders are certainly broad, I’m not sure they can carry the burden of the success or failure of the entire PC market by themselves. If you ask me the real culprit is slyly fingered in Bloomberg’s closing remarks that “… the PC market may not grow this year as customers [especially in emerging markets] flock to smartphones and tablets.” For those who can buy only one computing and communications device, the reach and power of modern smartphones like Android and iPhone models may simply represent a better and more affordable value proposition than PCs do. Paradigm shift, anyone?

September 24, 2012  2:48 PM

InformationWeek Windows 8 Business Survey Shows Workplace Plans Still Shaping Up

Ed Tittel Ed Tittel Profile: Ed Tittel

Today InformationWeek began reporting on the results of its latest Windows 8 Survey which,  according to Kurt Marko’s blog “Windows 8 Makes Strides in Mobility” polled “…859 business technology pros at organizations with 500 or more employees.” Here’s how their latest read on what they call Windows 8’s “favorability rating” shakes out:

InformationWeek: latest survey on Windows 8 from businesses

InformationWeek: latest survey on Windows 8 from businesses

  • 37% of respondents like or love Windows 8
  • 13% of respondents dislike or hate Windows 8
  • 21% are indifferent to Windows 8
  • 29% don’t know enough about Windows 8 to express an opinion

Perhaps what’s most interesting here is that half of the respondents are tilted either for or against, while the other half either have no opinion or simply don’t care enough about Windows 8 to form an opinion. To me, that speaks first and foremost of an issue that hasn’t really risen high enough on the priority list to be a big concern for the business community just yet.

My guess is that the uncertainty, fear, and doubt regarding changes to the Windows 8 UI will take the typical two-to-three year migration gap for new Windows versions — that is, the time between general availability for a new desktop OS and the time when more than half of businesses have started the upgrade or migration process for their users — and stretch it out even further. This could be good news for Windows 7 which just hit that crossover point earlier this year, and keep its adoption and use strong for another three years or perhaps even longer.

Some naysayers have been inclined to label Windows 8 as “another Vista” — a moniker that is undeserved, based on my own experiences with drivers, security, and stability of the new OS. They have been inclined to speculate that many businesses will elect to pass on Windows 8 entirely, in much the same way they elected to skip Vista completely. In light of such speculation, it’s also interesting to observe that this latest InformationWeek survey also reports that over half (53%) of companies do plan to upgrade to Windows 8 at some point in the future. Of course, these numbers could change either way, based on reports from early adopters on the enterprise and corporate fronts. Glad tidings will probably improve Windows 8’s prospects in the business world, while dire or even mostly negative tidings will no doubt strengthen the link between Vista and Windows 8 that some already see shaping up.

One thing’s for sure: with half the business audience either in the don’t care (indifferent: 21 percent) or don’t know (no opinion: 29 percent) columns, there are still a lot of business professionals who have yet to take on the go/no-go decision regarding Windows 8. This is certainly enough to tip the balance entirely one way or the other, even though those who are positive about the new OS currently outnumber those who are negative by a ratio of almost 3 to 1 (2.846, to 1, to be a little more precise).

September 21, 2012  3:31 PM

MS Introduces New “Comfort Sculpt” Keyboard for Win8

Ed Tittel Ed Tittel Profile: Ed Tittel
The Sculpt Comfort Keyboard is arched to make hands stay in proper typing position.

The Sculpt Comfort Keyboard is arched to make hands stay in proper typing position.

Along with its new Windows 8 OS, MS has been introducing various new items of hardware to help users make best (or at least, better) use of this new runtime environment. In past months we’ve seen a revisited Touch Mouse, a Wedge Touch Mouse, the ultra-thin Sculpt Mobile Keyboard (a petite cousin of this model, lacking a 10-keypad for numeric data, and many special function keys),  and the Touch Cover, designed to work with the MS Surface tablet as a combination screen cover (when draped over the Surface display) and as a wireless mobile keyboard (when detached from the surface and laid out keyside-up for typing).

Now, the company is almost ready to start selling its Sculpt Comfort keyboard as well, a $60 (MSRP) wireless and ergonomic keyboard. It features a split space key front and center, that allows users to redefine the left hand half of the space key as a backspace key if they so choose (research shows that using the regular backspace key, at the upper right of the QWERTY layout, breaks typing rhythm and speed by forcing users to stop typing as normal as they seek out and use the backspace key instead; this redesign lets them train their left thumbs to get in the game and keep their hands in normal typing position).

The keyboard also includes keys for the so-called Windows 8 “Charms” (the symbols that show up when you call up the top-level, right-hand side activities menu — namely Search, Share, Device, and Settings) on the top edge of the keyboard, along with media controls for sound, video, and audio. The Windows 8 key replaces the older “Windows key” found on most MS keyboards, and calls up the Start screen (but also invokes the Start menu on older Windows versions).

As somebody who makes his living typing like mad all day long, I’ve come to appreciate and use the Microsoft keyboards all the way back to the original microphone style keyboard connector version of the MS Natural keyboard (I still have one with a PS/2 connector in my office, though nearly all of my production keyboards are USB or wireless these days). My current favorite is the USB attached Comfort Curve 4000 keyboard from Microsoft. I’ve tried several wireless models recently but encountered communication problems between dongle and keyboard that put me off my stride — a definite no-no for somebody who types for a living. Even so, I’ll gladly give the new MS model a whirl when it becomes available, mostly to see if the left-hand thumb backspace can help me improve my productivity. My gut feel is “Yes, it can!” But the proof’s in the typing, so we’ll see if it works for me or not…

September 19, 2012  4:59 PM

Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) Offers Fix for IE Zero-day Issues

Ed Tittel Ed Tittel Profile: Ed Tittel

The old saying goes “You learn something new every day.” Yesterday, Ed Bott and others helped me to learn about the Microsoft Enhanced Mitigation Experience Toolkit (aka EMET). This free download enables users or IT departments to add extra layers of protection to software that otherwise might remain vulnerable to attack. Not coincidentally what with a slew of zero-day exploits in the recent news, Internet Explorer is amenable to extra protection from EMET that might be well worth adding to whatever mix of anti-malware and security software you already have in place on your Windows machines.

The download is a mere 6.0 MB in size, and both quick and easy to download and install. It also works with Group Policy settings and is thus Active Directory friendly as well. It’s absolutely true some of the program’s security settings are available in other forms, but these generally require access to (and recompiling) source code to be put to work, whereas EMET can protect applications with no need for source code access and recompilation. As the MS Download page says “This is especially handy for deploying mitigations on software that was written before the mitigations were available and when source code is not available.” To that latter end, recompiling IE isn’t an option for most of its users, so EMET’s protection comes doubly welcome.

The program’s Application Configuration screen lists the mitigations that EMET can wrap around already-installed programs on Windows PCs:

Seven mitigations appear as column headings to the right of App Name.

Seven mitigations appear as column headings to the right of App Name.

Here’s a little more information on the seven mitigations, in the same order in which they appear in the preceding screen capture:

  • DEP (Data Execution Prevention): a method for invoking modern processor-level protections that block segments of information labeled as data from being executed as a series of processor instructions. Enabling DEP helps stymie dangerous and frequent attacks based on buffer overflow and other techniques that seek to trick computers into executing instructions included in Web page or program input.
  • SEHOP (Structured Exception Handler Overwrite Protection): Introduced with Windows Vista, and present in all more modern forms of Windows, this setting blocks exploits that seek to overwrite exception handling routines with their own (rogue) code, especially in older programs that may not have been able to use a /SAFESEH compile setting when compiled. See this discussion for more details.
  • NullPage: Allocates the first page of memory — a predictable and obvious target for malware attacks — before a program is initialized, then blocks attackers from seeking to exploit NULL references in user mode. This prevents attackers from exploiting known and obvious code entry points, or using empty/null values or entries to open applications to various forms of attack.
  • HeapSpray: Frequent use of address randomization techniques makes it hard for attackers to predict (or insert) their own code at known addresses within the runtime environment for vulnerable applications. The heap is a working area of memory available to running programs that attackers “seed” with injected code at a wide variety of known addresses — hence the term “heapspray” — that they can attempt to access, one location at a time, if they gain a toehold within an application. This technique prevents such injections by pre-allocating memory addresses to block them from illicit use.
  • EAF (Export-Address-Table Access Filtering): This is a table of addresses that program modules use to call various Windows application programming interfaces or APIs. For a module to call an API, it must know the address at which the API has been loaded. To this end, such code works through the export table for all loaded modules, seeking out elements that reference useful or interesting functions (often this involves the kernel32.dll or ntdll.dll modules). This technique filters access to the Export Address Table (EAT), and permits or denies read/write access based on the calling code. If EMET is in use, illicit code will be blocked when it seeks to look up or use APIs it needs to execute its payloads.
  • MandatoryASLR (ASLR = Address Space Layout Randomization): In general, ASLR randomizes the addresses where modules are loaded to prevent attackers from using data stored at predictable locations. Normally, using ASLR requires a program to use compile-time flags, but EMET forces modules to load at randomized locations, regardless of compilation flags used. This foils all kinds of attacks based on known address, or address prediction techniques.
  • BottomUpASLR (ASLR = Address Space Layout Randomization) Randomized base addresses for bottom-up memory allocations — such as for heaps, stacks, and other commonly used memory structures in programs — so that attackers cannot predict or manipulate these structures for their own purposes.

EMET works with Windows XP at SP3 and higher, Vista SP 1 and higher, and all versions of Windows 7 and 8. It also works with Windows Server 2003 SP1 and higher, Windows Server 2008 (and R2) at all service packs, and Windows Server 2012 (which doesn’t have any Service Packs at this writing, the product only having attained GA status earlier this month on 9/4/2012).

Again, EMET is quick and easy to download and install. The companion User’s Guide explains how to use it through a GUI interface, via Group Policy, or at the command line. Interested readers will also find Ryan Naraine’s and Ed Bott’s coverage of this tool quite useful as well. And don’t forget: it’s free!

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: