An often irreverent look at some of the week's other news...
Longhorn Aero Prototypes: Yes, They're Real
Contrary to what you might have read on the Web, those Longhorn Aero UI screen shots on the SuperSite for Windows are real and originated with Microsoft. This week, I spoke with various Microsoft contacts about the screen shots, and they all verified the screen shots' authenticity ("I didn't debunk your Aero screen shots," Microsoft evangelist Robert Scoble told me yesterday). I should note, however, that with Windows Longhorn still 2 years away, the details of Aero's design could change dramatically, but that's the nature of this type of technology. The Aero screen shots I posted provide a look at the task-based UI that Microsoft has long been touting for the upcoming OS but represent only a snapshot in time.
Microsoft: Windows XP SP2 Needs to Happen Now. Not Later--Now.
This heartfelt message is for the good people at Microsoft: Delaying Windows XP Service Pack 2 (SP2) to 2004--any time in 2004--is a mistake of epic proportions. Windows Update currently provides almost 100MB of updates the first time you turn on an XP SP1 box, and almost half of those updates are critical security updates. That situation isn't too troublesome for customers who have broadband connections, but for most people (in other words, most of your customers--you know, the people you supposedly care so much about), 100MB of code is an often-insurmountable amount to download and install. If you're serious about making SP2 all about security and bug fixes, and if you're serious about keeping your customers as safe and secure as possible, I strongly urge you to stop whatever other work the Windows client team is doing immediately and ship XP SP2 within the month. Then, adopt a schedule in which you deliver new Windows client service packs every 6 months on the nose and make CD-ROMs with those fixes available--for free--in major electronics stores such as Best Buy and CompUSA. If you don't do this--and I suspect you won't because you're dead set to complete whatever silly long-term road map you've started--you will have undermined any remaining good will your customers still have toward you. Remember when you supposedly "stopped on a dime" and embraced the Internet? Why don't you truly make a difference by stopping on a dime and embracing your customers with the security fixes they all desperately need? It's almost too late.
Windows Server 2003 SP1 Delayed to First Quarter 2004
And speaking of service packs, Microsoft's controversial service pack road map also notes that Windows Server 2003 SP1, originally due in December 2003, will now ship in first quarter 2004. And, yes, I've verified the new date. Unlike the XP SP2 release, however, Windows 2003 SP1 isn't a desperately needed update, at least not yet, so a short delay isn't a big deal. After all, I don't think anyone expected Microsoft to ship this service pack on time. When was the last time that happened?
Ohmygodohmygodohmygodohmygod ... Is Windows Update Running on Linux?
In the news-of-the-strange category I present multiple reports that Windows Update is now running on Linux to protect the service from the MSBlaster worm. That story would be so awesome if only it were true. Sadly, the truth--as always--is a bit less sensational. A quick visit to the Netcraft Web site shows that http://windowsupdate.microsoft.com is running the curious combination of the Linux OS and the Microsoft IIS Web server, leading to wild speculation. The simple truth is that Microsoft has redirected the http://windowsupdate.com URL to http://windowsupdate.microsoft.com, as previously reported. In the past, http://windowsupdate.com was the primary first stop for Windows Update requests and, naturally, it runs some form of Windows Server. When Microsoft created the redirect, however, the company had to move to a new frontline of defense, so it used long-time partner Akamai, which runs a caching service that uses Linux. As I've noted repeatedly, this kind of infrastructure server is perfect for Linux, but Microsoft doesn't own or run the servers. The Linux servers simply route Windows users to the Windows Server-based servers that host the Windows Update service. If MSBlaster had been better written, this solution wouldn't have worked, and a Distributed Denial of Service (DDoS) attack would simply have taken down the Linux servers. So don't get too excited about the notion that Microsoft is somehow using Linux for better security or whatever. Linux just happens to be the product Akamai uses for this type of service.
Future Windows Versions to Have New Security Defaults
Given all the recent security problems we've seen, no one should be surprised that future Windows versions will have new security defaults, the first of which will be the Internet Connection Firewall (ICF), which Microsoft will enable by default in Windows XP SP2 (the firewall isn't enabled by default in current versions). In Windows Longhorn, Microsoft will significantly update this free firewall so that it offers bidirectional support; the current version scans only incoming bits. Second, Microsoft will enable Auto Update by default in future Windows versions, although the timetable for that change is unclear. Today, Microsoft leaves this important feature turned off by default to respect the wishes of users who don't like the thought of Microsoft silently installing code on their machines. Well, get over it: Thanks to the MSBlaster worm, anonymous attackers are now silently installing code on your machine, so I think the alternative is quite necessary. If you're particularly conspiratorial, however, you'll appreciate the fact that you'll still be able to turn off Auto Update if you want. And shame on you for even thinking about doing so. In the meantime, check out Microsoft's "Protect Your PC" campaign, which explains what you can do now to protect yourself against Internet-borne attacks.
Microsoft Forces MSN Messenger Upgrades
And just in case you thought I'd be able to stop discussing security this week, here's another related story: Microsoft revealed this week that the company will require its Instant Messaging (IM) users to upgrade to newer versions of MSN Messenger and Windows Messenger. For security reasons, beginning October 15 the company will shut off older-version access to the MSN Messenger network. Acceptable versions include MSN Messenger 5.0 or newer, Windows Messenger 4.7.2009 or newer, and MSN Messenger for Mac version 3.5 or newer. The company is also shutting out third-party IM applications, such as Cerulean Studios' Trillian, that integrate with Messenger, citing security concerns. Microsoft isn't discussing the security problems the company found in earlier Messenger versions, but this news doesn't come as a huge surprise, and most IM users tend to upgrade to newer software versions anyway.
Why Is SoBig.F So Big?
Why is the new SoBig.F virus so dangerous? Now acknowledged as the fastest-growing computer virus of all time, SoBig.F was well written, frankly, and it performs some devious actions that make it more pernicious than earlier viruses. For example, SoBig.F doesn't just scan your email address book for addresses to which it can replicate, it searches your hard disk to find email addresses in documents, then uses those addresses as well. SoBig.F also includes its own mini send-mail server, which sends virus replicants through email without using any additional email software. The virus's creator clearly launched SoBig.F on a large scale instead of letting it slowly propagate around the Internet the way earlier viruses did. SoBig.F is so efficient that it's spreading at a rate about four times as fast as the earlier record holder, Klez. The one upside? SoBig.F doesn't physically damage systems by deleting files or doing other malicious work. And it expires on September 10, meaning its evil streak has a time limit.
How Many Security Flaws Are Too Many?
After a summer of repeated virus and worm attacks, security experts and bored editors are turning once again to an interesting question: How many times does Microsoft software have to be attacked before we stop using it? The situation has become so bad that you can almost hear pundits from the Mac OS X, Linux, and Sun Microsystems side of the fence rubbing their hands in glee. Have we had enough? Is Windows inherently insecure? Of course not. We're targets because we represent 95 percent of the computing population. Attackers aren't going to attack Mac OS X users for an obvious reason: The OS has only a few users. If we all jumped ship to Linux, for example, that platform would then come under attack. "The Wall Street Journal" pundit Walt Mossberg got it all wrong when he wrote that "switching to Macs can help users avoid hassle of viruses," because if we all did that, the Macintosh would become the target. Apple hasn't invested in security the way Microsoft has, so the situation would be even worse. And nothing about switching to the Mac helps us with our current applications, hardware investments, and years of experience on Windows. No, what we really need is for the industry to rally around the notion of securing Windows instead of wasting time with silly talk. If you think that the Mac is safer, go for it. But don't complain when you can't run the applications or games you want, the hardware is too expensive, or the performance isn't quite what you're used to. Sure, the grass is often greener on the other side of the fence, but remember, that statement is true from the other side as well.
Is Windows "Behind" Linux From a Security Standpoint?
Mossberg isn't the only person taking advantage of the recent spate of security problems to tout his favorite platform. "LinuxWorld" published a rant this week in which it declared, "Microsoft continues to demonstrate that \[it is\] years behind Linux and open-source innovators in many areas, not the least of which is security." That statement is fascinating but untrue for the reasons cited earlier. The real problem is that the article claims Linux is more secure than Windows because turning off unused services in Linux is "trivial." The idea that anything in Linux is trivial is almost humorous because your definition of trivial depends on your experience level. Is a control panel that enables and disables services Linux's only security advantage? Frankly, the knowledge and experience of the people who use these systems is what counts, which basically proves that Linux is no more secure than Windows; Linux just has more technical users.
Analyst: No Longhorn Before 2006. LOL. No Kidding?
I love analysts; I really do. They get paid to spout opinions, most of which are fairly obvious. And for some reason, this week an analyst made news when he reported that Windows Longhorn \[release\] will slip from late 2005 to ... gasp! ... 2006. Is this report really news? Did anyone think Microsoft would hit a release date for a major product for the first time in the company's history? I don't often quote analysts in WinInfo Daily UPDATE for a reason--because they usually have nothing to say. While the other news sites wait for the white smoke to issue out of the analysts' ivory towers, I'll continue to do what I've always done--analyze the news myself. Yes, doing so is more difficult than being a parrot, but it's worth it.
Palm to Change Name to palmOne
This week, Palm announced that the company will change its name to palmOne and will launch a new logo as sort of a corporate makeover. It turns out that although Palm-based PDAs still own more market share than Windows Powered PDAs, the gap is closing fast. I suspect the company's plans have as much to do with the need for change as anything.
Linux Fan Seriously Hurt from Laughing After SCO Offers Evidence in UNIX Case
Ever since SCO Group sued IBM for $1 billion, people around the world have wondered about the veracity of SCO's claim. Did IBM and other Linux users steal copyrighted UNIX source code to help the open-source phenomena improve more quickly? This week, for the first time, SCO publicly displayed a few of the offending lines of source code, and some people came away impressed. "It's compelling," one attendee noted. "Some people were either extremely sloppy or copied and thought no one would go after them." Apparently, spelling errors and a huge number of comments that were originally in UNIX show up in the Linux source code. But Linux developers remain unimpressed, and some open-source leaders have openly laughed at the accusations after viewing the displayed code snippets. The huge gap between the believers and the unbelievers hasn't changed. Ultimately, the case might have to go to court before this controversy is resolved.
Intel CEO: No Tech Recovery Yet
Intel CEO Craig Barrett said this week that it's still too early to say that a tech recovery is underway. "We are in the middle of upgrading and buying a substantial number of PCs, and we see some other examples around the world that that is happening," he said. "I'd like to see a lot more before I proclaim a recovery ... I've taken the very conservative attitude that after the recovery occurs, I will proclaim it." No one should know more about the situation than Barrett, whose company makes the chips that run in about 90 percent of the computers used worldwide. But Barrett probably should step aside and let the industry analysts proclaim the tech recovery, seeing as how that's their job.
Apple Ships Something Similar to the World's Fastest PC
Apple recently did something the company hasn't done since it launched the original iMac; Apple shipped some of its Power Mac G5 systems exactly when the company said it would. This startling feat is somewhat muted by the fact that the systems Apple shipped included only the low-end single-processor Power Mac G5 systems, not the so-called "world's faster computer," a dual-processor model Apple used in tainted performance benchmarks against fast PCs and workstations. I have little doubt, however that the Power Mac G5 systems are barn burners, and compared with the Power Mac G4 iMac I own, they had better be: I have Pentium III laptops that outperform my iMac. I hope that Apple's Power Mac G5 bet pays off: The company deserves good hardware on which to run its excellent software, tainted benchmarks notwithstanding.