The Windows 8 Consumer Preview has been out long enough for people to try and get used to its dual Metro/Desktop interface. But the longer it’s out there, the less people like it, and there’s a backlash against the dual system from people ranging from normal users to engineers. Will Microsoft listen and fix the hybrid operating system?
What a whole lot of FAIL, Vista 2.0 here we come. This is great for tablets, but tablets are a fad. This has no place on a desktop operating system. Smart phones are the evolution of computing. Mark my words – in 5 years, tablets will not exist. You will have a phone that will be your primary mobile computer. At home, you will connect your phone to a wireless mouse, keyboard and display.
“Windows 8 just dumps you into the Start screen. No tutorial, no help icon on the main screen, nothing. This will be fixed by launch or Windows 8 will fail.”
Bibik is on target. Most people who use Windows 8 on traditional computers rather than tablets will spend their time in the Desktop because that’s where the apps they most use are, notably Microsoft Office, which won’t run as a Metro app. Yet the Windows 8 Desktop is less useful than in previous versions because the Start menu and Start button have been taken away.
Metro and the Desktop are essentially two different operating systems incompletely bolted together. Sure, techies can figure out how to navigate between the two interfaces, but other people will have a hard time.
Today could be the day malware artists figure out how to do remote code execution on many millions of PCs and servers running Microsoft’s OS with RDP enabled. Microsoft has released a patch this patch Tuesday but who knows how many machines will be unpatched in the next few days?
Need we say more about the foolishness of leaving your IT as a monoculture of Microsoft’s stuff after decades of them demonstrating little or no concern for security?
Microsoft yesterday released updates to sew up at least seven vulnerabilities in Windows and other software. The sole “critical” update in the bunch patches a particularly dangerous flaw in all supported versions of Windows that allows attackers to seize control over vulnerable systems remotely without authentication.
In the company’s words, one of the vulnerabilities “could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system.” Only systems that have remote desktop actually enabled are vulnerable, but Microsoft recommends that everyone install the update, just in case. Affected operating systems include Windows XP, Vista, and 7, not to mention Windows Server 2003, 2008, and 2008 R2.
“Microsoft is urging organizations to apply the sole critical update in this month’s Patch Tuesday release as soon as possible. The critical bulletin – one of six security bulletins issued as part of Tuesday’s release – addresses two vulnerabilities in the Remote Desktop Protocol (RDP). Those IT admins who use RDP to manage their machines over the internet, which is essentially the default in cloud-based installations such as Amazon’s AWS, need to patch as quickly as possible, said Qualys CTO Wolfgang Kandek. Besides the RDP bugs, this month’s Patch Tuesday addressed five other vulnerabilities: two denial-of-service bugs and an escalation of privileges issue in Microsoft Windows; a remote code execution vulnerability in Microsoft Expression Design; and an escalation of privileges issue in Microsoft Visual Studio.”
The critical update plugs two security holes in Microsoft’s Remote Desktop Protocol (RDP), a service that is designed to let administrators access Windows systems remotely over a network. The saving grace for these vulnerabilities — which are present in Windows XP, Vista and 7, and Windows Server 2003, and 2008— is that RDP not enabled by default on standard Windows installations. That means it is far more likely to be a threat to businesses than to consumer systems.
“It needs to be configured and started by the system’s owner, which then makes the vulnerability accessible; consequently we expect that only a relatively small percentage of machines will have RDP up and running,” said Wolfgang Kandek, chief technology officer for vulnerability management firm Qualys.
Dave Marcus, director of advanced research and threat intelligence at McAfee Labs, said this bulletin should be considered a top priority, noting that Microsoft has rated its “exploitability index” as 1, meaning that Microsoft expects working exploits to be available in fewer than 30 days.
“An unauthenticated remote code execution is pretty much as bad as it gets,” Marcus said.
For users and organizations that need time to evaluate the RDP patch before installing it, Microsoft has developed and released a FixIt tool to enable “Network-Level Authentication,” which according to the company is an effective mitigation for this issue.
The remainder of today’s updates address three other Windows vulnerabilities, and problems in Microsoft Expression Design and Microsoft Visual Studio.For a breakdown of the patches, see Microsoft’s Security Bulletin Summary for March 2012. The fixes are available through Windows Update.
“A little about MS12-020…this bulletin addresses one Critical-class issue and one Moderate-class issue in Remote Desktop Protocol (RDP),” Angela Gunn, security response communications manager for Microsoft’s Trustworthy Computing Group, explained in a blog post. “Both issues were cooperatively disclosed to Microsoft and we know of no active exploitation in the wild. The Critical-class issue applies to a fairly specific subset of systems – those running RDP – and is less problematic for those systems with Network Level Authentication (NLA) enabled.”
“That said, we strongly recommend that customers examine and prepare to apply this bulletin as soon as possible,” she added. “The Critical-class issue could allow a would-be attacker to achieve remote code execution on a machine running RDP (a non-default configuration); if the machine does not have NLA enabled, the attacker would not require authentication for RCE access.”
Ben Greenbaum, senior principle software engineer for Symantec’s Security Intelligence Group, agreed users should pay close attention to the RDP vulnerability.
“RDP’s purpose is to enable remote access from the Internet, but preferably to an authenticated user,” he said. “In this case, a malicious attacker can potentially take complete control of the computer. Failed exploit attempts of this issue will likely result in the user being confronted with the blue screen of death. If an attacker can bypass standard memory protection measures, however, they will have access at the kernel level.”
Those IT admins who use RDP to manage their machines over the internet, which is essentially the default in cloud-based installations such as Amazon’s AWS, need to patch as quickly as possible, Qualys CTO Wolfgang Kandek opined.
“If the patch cannot be applied that quickly or the necessary reboot cannot be scheduled, IT Admins should look into the available work-arounds that function immediately: protect the machine with restrictive firewalling, access RDP through a VPN service or switch to Microsoft’s NLA protocol that is supported in newer versions of Windows (Vista+) and is not vulnerable to the attack,” he said.
The final bulletin for the month was only rated moderate. A vulnerability in DirectWrite could result in a denial of service condition on receipt of a maliciously crafted sequence of Unicode characters.
This issue could be exploited via instant messenger clients. Windows 7, Vista and Server 2008 are affected.
Paul Henry, security and forensic analyst at Lumension, pointed out that the Internet Explorer 9 zero-day exploit used at the Pwn2own event was not addressed by Microsoft, but noted “To be fair, they received the details only yesterday.” more on that later.
He also observed that while the number of bulletins released this month represented a light load of patches, they “will be disruptive in terms of required reboots.”
This doesn’t surprise me at all, people tend to forget that Microsoft is well in it’s rights to put something like that in, after all they own it not you, you paid a license to use, NOT own. In reality, kill switches are nothing new, all recent versions of Windows OS’s have one built in, that’s why you have to activate your version of Windows. (more…)
With Microsoft readying Windows 8 for release later this year, companies are expected to evaluate whether it is worth renewing existing Microsoft licenses or splashing out on the latest Microsoft revision of its desktop PC operating system. However, according to Canonical CEO Jane Silber, it isn’t undercutting Windows 8 that holds the key for take-up of Ubuntu Linux but Microsoft’s termination of Windows XP support that will drive Ubuntu growth.
Talking with The INQUIRER, Silber said, “We certainly track it and keep an eye on competition. [...] The larger impact in terms of Microsoft in our customer base isn’t the emergence of Windows 8 but the upcoming, long awaited end-of-life of [Windows] XP.”
Silber’s point rests on the well known fact that many users, especially large businesses, are still running Windows XP. Microsoft has supported the operating system for over a decade, but the Redmond, Washington software house has said that it will end support for Windows XP on 8 April 2014.
Silber said, “What we are seeing there, particularly with enterprise customers with large desktop deployments in the tens of thousands, [is that they are] taking the opportunity to move to Ubuntu at that point, and they are, in some cases, not even evaluating future Windows desktop operating systems.
“It’s not that they are turning down Windows 8, [it's that] with the end of life of [Windows] XP there’s a disruption and a good point for them to re-evaluate their options.”
While Microsoft’s Windows XP April 2014 end of life date is still two years away, organisations that run thousands of Windows XP machines will have already started planning. Working out whether to upgrade to Windows 7 or Windows 8 or move to Linux could take the best part of a year to evaluate and test, and deployment might take another year, so the battle for those customers is well underway.
Silber believes punters are not necessarily looking for bells and whistles when evaluating an operating system. She said, “It’s more likely people are evaluating their desktop experience in terms of what they really need, this is one of the reasons why we’ve seen a lot of interest from enterprises for Ubuntu for Android. People are looking at what does it mean to have a desktop in five years from now. There’s more interest in client solutions, converged device scenarios, so it’s really an opportunity for us.”
Although some will question Silber’s belief that Windows XP, not the cost of upgrading to Windows 8, holds the key to Canonical’s push into the enterprise, the fact is that Canonical and other Linux vendors have two strong opportunities to go up against Microsoft as it tries to push customers into its next churn of its PC operating system cash machine.
Microsoft has finally seen use of its Windows 7 operating system (OS) overtake that of its ten year old brother, Windows XP. Windows 7 was released on July 22, 2009 and with Windows XP so intrenched, it has taken little over two-years to catch up.
Web analytics firm Statcounter revealed the change in usage and explained that globally Windows 7 has a 40.5 per cent market share, Windows XP has 38.5 per cent, and Windows Vista has 11.2 per cent. (more…)
The month of February is a month to remember for the LibreOffice project. LibreOffice, the OpenOffice fork, is a very popular open-source office suite. But, while it has great support from Linux distributors, like openSUSE and Ubuntu, LibreOffice has never had a major corporate backer on the Windows side… until now. Intel is now offering LibreOffice to Windows users via its AppUp application store. I wonder how Microsoft feels about this. (more…)
Still using OpenOffice? if you are your behind the times. LibreOffice is a free and open source office suite developed by The Document Foundation as a fork of OpenOffice.org. It is largely compatible with other major office suites, including Microsoft Office, and available on a variety of platforms. LibreOffice has no licensing fees, is available in a large number of local languages and gives users the opportunity to participate in its development.
LibreOffice is a hybrid word, meaning “Free Office”. Libre means free (as in freedom) in French and Spanish. Between January 2011 (its first stable launch) and October 2011, LibreOffice was downloaded approximately 7.5 million times. It is the default office suite in many Linux distributions, such as Fedora, Linux Mint, openSUSE, and Ubuntu.
LibreOffice can be run on Microsoft Windows, Mac OS X 10.4 Tiger or newer, and Linux-based systems running Linux kernel version 2.6.18 or newer. (more…)
This March 8th, the FBI is planning to unplug domain name servers (DNS) it set up to help eliminate malware from over half of Fortune 500 companies and government agencies still infected in early 2012. Those computers still infected with the Trojan, will not be able to access the Internet after the FBI shuts down their temporary servers.
…the feds replaced the criminals’ servers with clean ones that would push along traffic to its intended destination. Without the surrogate servers in place, infected PCs would have continued trying to send requests to aim at the now-unplugged rogue servers, resulting in DNS errors.
The malware, called DNSChanger Trojan, is said to illegally redirect traffic and prevent users from accessing the updates necessary to remove it. Without access to these critical patches, these large companies, government agencies, and home users are said to be more susceptible to hackers. (more…)
Microsoft is planning to release nine bulletins, addressing 21 vulnerabilities in Microsoft Windows, Office, Internet Explorer, .NET framework and Silverlight. The patches are scheduled to be released Feb. 14.
The software giant said that four of the bulletins are listed as “critical,” and three of those, all of which affect Windows, will require a restart. The critical bulletins address errors in Windows, Internet Explorer and server-side software. They all are said to address vulnerabilities that would allow remote code execution. (more…)
Summary: Rooting a phone can be a rewarding project, but it also has several dangers attached with it. When considering phone hacking, you need to know what to do if something goes wrong. Read these 3 quick steps to find out what to do if something goes wrong when rooting your phone.
Tweaking a rooted smartphone is mostly a simple process so long as you follow the instructions to the letter. But if something goes wrong it can leave you unable to boot your phon, can you say “brick”?
Thankfully it can be recovered with the helpful ROM Manager app.
Rooting your Android phone is a term that you are bound to across at some point or another while searching on how to optimize your Android device. If you you would like to know more, Wikipedia has a decent entry on the subject: http://en.wikipedia.org/wiki/Rooting_(Android_OS)