.NET Developments

February 2, 2009  1:08 PM

Windows 7’s UAC has a security flaw

Yuval Shavit Profile: YuvalShavit

A couple blog entries ago, I mentioned that among Windows 7’s improvements is a fix to the user account control (UAC) functionality introduced in Vista. UAC was always a good — and overdue — idea, but Vista’s implementation was annoyingly chatty. Windows 7 would fix that, I wrote.

A security hole in Windows 7’s UAC has been found that uses a script to disable future UAC warnings, according to blogger Long Zheng. I haven’t tested it yet (our work machines still run XP), but Zheng’s blog entry includes proof-of-concept code. According to the blog, the issue had previously been marked as a bug on Microsoft Connect, but Microsoft closed the issue as “by design.

The easy fix is to set your UAC warning level to always ask for confirmation, even if it’s just to set system settings. That means malicious code won’t be able to disable UAC behind your back, but it also  means UAC will be back to its annoying Vista persona.

Let this be a reminder to us all: convenience and security are often at odds.  The problem is that too many warnings are also a problem, as users are apt to just click “yes” without reading your warning message. Striking the right balance between giving users power, giving them options, giving them convenience and giving them security is always difficult.

January 28, 2009  5:41 PM

Microsoft’s open source projects may help it sell software

Yuval Shavit Profile: YuvalShavit

If you’re linking to outside JavaScript code in your Web pages, you’re probably (hopefully!) aware that there are certain security risks. Microsoft’s Scott Isaacs talked about the problem at a session at PDC 2008 and said there are essentially two ways most sites handle this threat: some ignore it and hope for the best, while others bring in IFrames — which have their own problems, like clickjacking.

The problem remains unsolved, but one approach Microsoft is trying is a new technology called Web Sandbox, which it announced at PDC. The Web Sandbox is a server-side program that retrieves outside scripts, transforms them to make them secure and embeds them directly to the HTML. You can see Isaccs’ complete talk explaining how to use Web Sandbox on Channel 9.

Which brings us to today’s news: Web Sandbox is now being released as open source, under the Apache License 2.0. What’s interesting here isn’t just that Microsoft is continuing its overtures into OSS, but that it’s continuing to do so primarily on the Web front. Two of its other major flirtations with open source have been its support of jQuery and its release of the code for its business-oriented Silverlight controls.

I don’t think anybody is accusing Microsoft of being altruistic, so I won’t bother making the case that this is an obvious example of “if you can’t beat ’em, join ’em.” But it seems to me that Microsoft’s open source strategy hinges on being open on the Web and sticking with proprietary software everywhere else. Pricing for Windows 7 hasn’t been released yet, but I’m guessing it’ll cost more than Ubuntu.

That two-pronged approach makes a lot of sense. The Internet has always been free to use, and if people aren’t going to pay for your software, you may as well give away the source. Desktops and enterprise apps, on the other hand, still provide major sources of income for software vendors.

For Microsoft to stay relevant as a software company, it has to continue to attract top developers, both to itself and to the ISVs who develop for Windows. Playing nice with OSS on the Web may help Microsoft keep up with the cool new upstarts so that it can continue to make money where there’s money to be made.

January 21, 2009  10:47 AM

Windows 7: The new Mojave

Yuval Shavit Profile: YuvalShavit

Microsoft’s “Mojave Experiment” was an interesting case of managing expectations. Convinced that Vista OS had gotten the short shrift, Microsoft demoed its next OS, Mojave, to a slew of people. Everyone thought it was a great improvement over Vista, and then came the surprise ending: Mojave was Vista. Ta-dah!

If the lesson for Microsoft was that Vista failed largely because it was badly marketed, the solution was simple: launch it again, this time with better marketing. And thus we come to Windows 7, the real-life Mojave.

To be fair, Windows 7 has some significant differences. One of the best new ideas in Vista was UAC, which fixed the fairly big security risk of programs always running with administrator privileges. But Vista’s UAC was poorly designed and annoyed users: Windows 7 should fix that to a large degree, although programmers will also do themselves a service if they elevate privileges correctly.

The biggest new feature in Windows 7 is the new taskbar, a significant if largely cosmetic change. Instead of a program living in up to three places on the taskbar — as a quicklaunch icon, a notification tray icon and a window tab — all its functionality is now consolidated into a single, square icon. You can also reorder icons, which is great for OCD people like me who just have to have their browser on the far left.

Yes, the new taskbar in Windows 7 has design implications for developers, and yes, Windows 7 has better connectivity for peripherals (although I haven’t been able to test it; the laptop I have it running on isn’t connected to any peripherals). But all in all, Windows 7 feels more like a big minor release than a lurch forward in OS technology. Vista took the hits — especially for UAC — and Mojave Windows 7 will reap the rewards. So it goes.

January 16, 2009  5:12 PM

Obama’s inauguration will be streamed with Silverlight

Yuval Shavit Profile: YuvalShavit

When millions of eyes tune in to see president-elect-but-about-to-be-President Obama’s inauguration at noon on Tuesday, Microsoft will be working behind the scenes. The Presidential Inaugural Committee (PIC) will be streaming the Obama inauguration live using Silverlight, Microsoft announced today. The stream will be available at the PIC’s website.

The inauguration will be the biggest event that we know of to be broadcast using Silverlight 2 since it came out of beta in October. This announcement is good news for Microsoft, given that MLB announced in November that it would be switching from Silverlight back to Adobe Flash.

Microsoft executives have donated heavily to the inauguration: Bill Gates and Steve Balmer each gave $50,000 for the event, and other executives also donated five-figure sums. Microsoft also donated to the Obama campaign heavily during the election, giving it $2,124,186 — over twice what it gave to the McCain campaign, according to opensecrets.org. Most of that money came from individuals, so it doesn’t look like the company overtly bought what will likely turn out to be a huge surge in Silverlight downloads. But with Adobe not even appearing on opensecrets.org‘s “heavy hitters” list, I can’t help but wonder if Microsoft’s generosity helped it get this event.

January 12, 2009  2:44 PM

Mono brings C# to the iPhone, Wii

Yuval Shavit Profile: YuvalShavit

Mono is best known as an open source implementation of .NET, but as we mentioned in our coverage of Mono 2.0, the project actually started with just a C# compiler. The idea was that C# is a nice programming language, and it’d be nice if non-Microsoft programmers could use it — with or without the .NET framework.

A lot of Mono’s recent progress has been on the .NET side, but the pure-play C# compiler is still relevant.  Game programmers have used C# to write an iPhone app, Mono’s lead Miguel de Icaza announced on his blog. He followed that entry with another, more complete list of C# iPhone apps. Mono has also been used to write at least one game for the Wii in C#.

This is exciting news. The Windows world is a great place to develop, but as other platforms keep cropping up, it’s becoming harder and harder to ignore everything that doesn’t come from Redmond. The iPhone has made a splash, and gaming consoles have always been huge. Thanks to Mono, programmers can reuse their existing skills — and code base — as they look for broader audiences.

January 7, 2009  10:31 AM

Ja.NET: A Java compiler for .NET CLR

Yuval Shavit Profile: YuvalShavit

Early last month I wrote an article about Java application frameworks being ported to .NET. The piece caused a bit of commotion on our sister site TheServerSide.net, and it also brought to my attention a related project.

All of those ports start with the idea that it’d be nice to use established Java frameworks and paradigms in .NET and come up with the natural solution, which is to port the software. But there’s another approach, too: why not just compile those existing frameworks to work with .NET’s CLR?

That’s the idea behind Ja.NET SE, an open source project based on the Apache Harmony compiler for Java. Instead of targeting Java bytecode, Ja.NET compiles to Microsoft’s Common Intermediate Language (CIL), which the .NET runtime then consumes natively.

Continued »

January 2, 2009  6:00 AM

Microsoft extends Windows XP availability, but layoffs on the horizon

Yuval Shavit Profile: YuvalShavit

Here’s what we’ve been seeing around the Web…

Microsoft extended Windows XP‘s lifespan for OEMs who want to put it on low-end machines. Manufacturers have until the end of January to put in their orders, which can get them XP licenses through May. The move seems to support Windows-based netbooks, low-end laptops primarily designed for browsing the Internet, by letting those computers use the less resource-hungry XP.

But higher-end computers got to see a better glimpse of the future when a beta of Windows 7 was leaked. Torrents of Windows 7 started spreading late last week, but the leak may be good news for Microsoft: early reports say that Windows 7’s development is farther along than that of previous betas of its Windows line.

Continued »

December 19, 2008  6:00 AM

Microsoft patches critical IE bug, warms up to open source software

Yuval Shavit Profile: YuvalShavit

Here’s what we’ve been seeing around the Web…

Microsoft was hit hard by a zero-day Internet Explorer bug late last week. The bug affected IE versions 5 – 8 and let hackers run code remotely. Microsoft’s initial advice was to change security settings to “High,” thus disabling scripting. The company issued a patch for IE on Wednesday, prompting discussions about whether IE’s auto-upgrade feature is less robust than other browsers’.That was in addition to another critical bug that targeted WordPad’s handling of Word 97 files. That bug made it possible to hijack systems if Word 97 files are opened in WordPad, as might happen on systems that don’t have Microsoft Word or other office suites installed.

Microsoft also continued its slow-but-steady warming to open source. The company hired an open source liaison, although Microsoft senior director Robert Duffner also said that the Microsoft isn’t trying to promote OSS to its customers.

And a Russian entrepreneur tried to get a monopoly on snark when he trademarked the winky emoticon, ;-). Close derivations, like noseless winkies, may also be covered.

Happy holidays and new year!

December 5, 2008  6:00 AM

News Roundup: Release dates announced for Vista SP2 beta and Win7 beta

Yuval Shavit Profile: YuvalShavit

Here’s the Microsoft news we’ve been seeing around the Web….

The big headliners this week were release dates for two Windows OSs from Microsoft, both betas. The first, Vista SP2, came out yesterday; even before it came out, sites were writing about Vista SP2 beta’s new features. The release is expected to go RTM in April 2009.

Separately, the first beta release for Windows 7, the operating system’s major release, was rumored to be set for January 13. That came from a blog comment by Microsoft employee Keith Combs.

But those two news items came with a damper: market share for Windows dropped below 90% for the first time, and Internet Explorer’s market share dropped below 70% as Firefox grabbed a record high of over 20%, according to Net Applications.

Continued »

November 28, 2008  6:00 AM

News roundup: Ballmer to testify in “Vista capable” case

Yuval Shavit Profile: YuvalShavit

Here’s the Microsoft news we’ve been seeing around the Web….

Thanksgiving week is usually slow for news, but that hasn’t stopped the rumor mill. A lot of the talk has been around what Steve Ballmer might say in a lawsuit which alleges that Microsoft let manufacturers label computers as “Vista capable” when they weren’t fully so. A Seattle judge ruled last Friday that Ballmer has to testify in the case within 30 days. Some speculated that rather than put Ballmer on trial, Microsoft should settle the case out of court.

There was much speculation over whether Windows Live Search would be relaunched as Kumo. Microsoft bought the domain, which was one of the names being batted around for the search portal’s rebranding. But the word means both “spider” and “cloud” in Japanese, leading some to wonder whether Microsoft is wants for a search portal or a homepage for Azure, Microsoft’s newly announced cloud OS.

Continued »

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: