Elliott C. Back: Internet & Technology

Will IE7 be better than Firefox?

Posted in Browsers,Microsoft,Spread IE by Elliott Back on February 20th, 2005.

Ensight asks the seminal question, “Will it be better than FireFox?” Then he lists the top four features he thinks that the new browser will include:

  1. Standards compliance
  2. Security (especially with regards to plugins)
  3. Tabbed browsing
  4. Modularity

In that regard, we’re really just talking about catching up to Firefox. In a market where Firefox currently dominates for features, people are hard pressed to think up anything original that Microsoft might do with IE7 to actually innovate on top of what Firefox and other browsers have introduced. So, here’s my list of thing I think Microsoft might, and ought, to do to beat Firefox:

  1. Visual bookmarks and history: you should be able to navigate your history like looking at a tree of webpages you accessed. The idea of history should also be extended to the future–to get a view of what pages yours links to.
  2. Context sensitive panels and toolbars, that would for example display map information for pages with addresses, or lookup names and addresses in telephone directories, or that could even define tricky words and learn the vocabulary of end users.
  3. Better support for achiving and storing favorite pages.
  4. Different kinds of printing: four pages to one, for example.

These are just some ideas, but I’m Microsoft has more in mind than the Firefox featureset.

Microsoft Antispyware: Torn Apart

Posted in Microsoft,Spam,Spread IE by Elliott Back on January 17th, 2005.

You’ve all heard about Microsoft Antispyware Beta 1 by now. Scripting News gave it a minor mention, Neil’s World has a list of pros and cons, Asymptomatic just links it, and Peter Provost has some nice screenshots. Numerous others also cover it. But, what nobody’s doing is actually testing how much spyware the new Microsoft anti-spyware program can remove.

Luckily for me, a quick VMware Workstation installation of Windows XP Professional with 3 Gb of HD and 128MB of RAM will allow me to fill up a virtual system full of spyware–and then test it all. VMware is also offering a public beta of version 5.0, for those wanting a controlled test environment. The operating system is a raw version of XP–no service packs preinstalled, and no windows update for me. I want to maximize exposure to spyware. Since it’s running on a LAN inside a firewall, it will be safe from most viruses. I only want spyware, not miscellanious vagrant malware!

Installing Windows XP on VMware Workstation 4.5Booting Windows XP on VMware Workstation 4.5Running Windows XP on VMware Workstation 4.5

Virtual OS installed, the next step is to infect it with spyware in a systematic way. The first nasty thing I can think of to install is Kazaa, our spyware-laden p2p buddy. This gets us the GAIN network. Now I’ll install the Gamespot Download Manager, reportedly bundled with spyware. Unfortunately, I could download from HTTP–it seems as if the download manager were unavailable. Real Player, Weatherbug, MorpheusUltra, and tried Suprnova.com, which didn’t work. To increase my surfing and spyware acquiring speed, I used this list of spyware, Firefox’s tabs, and many, many google windows to try to install *each* of the the products.

Getting Weatherbug SpywareGetting Real Player SpywareGetting Kazaa Spyware

Here’s some of what the system looks like after a complete infection. IE is covered in new “tools,” and the desktop is totally trashed:

Spyware on Internet ExplorerSpyware on the Windows Desktop

Microsoft Antispyware comes to the rescue. It identified 53 spyware threats over 12 infected processes, 5031 files, and 6330 registry entries. It also gave default recommended actions for each of them, and thread-level ratings. Descriptive text on the right panel made it clear exactly what each piece of rogue software did.

Microsoft Antispyware, ScanningMicrosoft Antispyware, Removing

Next up is Lavasoft’s Adaware Personal, with the latest definitions, of course. It labelled 10 processes, 685 registry keys, and 259 files as spyware, for a total of 1594 objects. Compared to Microsoft’s default scan, this seems sparse. At first glance, it seems as if Lavasoft either has an incompetent product, or a crippled “free” version of their real product. I don’t see enough results! Scientific comparison pending, Microsoft’s new product looks like a winner.

Lavasoft Adaware ScanningLavasoft Adaware Results

Our final contendor is the tough, free Spybot Search and Destroy. It offers a one-click “find spyware” button, automatic updates, and system background protection. It checks your system against a database of over 13,000 spyware with signatures, so you can bet if you’ve got spyware, it knows about it. Of course, it’s only as good as its database, which may or may not be frequently updated. One bad thing about its austere interface is the lack of spyware explanation that the Microsoft product has. When I find spyware, I want to know what it is. The final report? 20 nasties, not many views into the data. I don’t know where they came from–just that they’re there.

Spybot ScanningSpybot Results

Here’s an Excel graph of the final comparison between the new Microsoft Antispyware Beta 1, Lavasoft Adaware Personal Edition, and Spybot S & D, the three most popular free antispyware programs:

Total Spyware Removed

As you can see, Microsoft’s Antispyware product dominates the bunch. For a more specific graph, see: specific-spyware-removed.png. Hands down, go Microsoft. It caught more spyware than any of the others–nearly perfect coverage. Still, keep another product on hand for the occasional messup.

Mike Nash visits Cornell

Posted in Computers & Technology,Microsoft by Elliott Back on October 26th, 2004.

Today I attended a Microsoft Presentation with Mike Nash, Corporate VP of Security Business and Technology. The infosession was hosted by the Society of Women Engineers at 155 Olin, and featured a long talk about Security and Trustworthy Computing, followed by Q&A and a raffle of Xbox, Ipaq, Office, and VS.NET prizes. I unfortunately did not win.

Mike Nash is a Cornell Alumni of 1985. He majored in computer science and got his MBA in 1991 from Wharton. His 13 year career at Microsoft started as an intern in relations and LAN. After that, he spent 5 years in NT, 3 in Server Infrastructure, 1 in Business Windows Product Management, 2 years of VP of Content Development and Delivery Group, and has currently been the VP of the Security Business & Technology Unit for 2 years. Microsoft’s vision is his vision: “To enable people and businesses throughout the world to realize their full potential.”

His talk emphasized trustworthy computing. “We have to deliver a level of trust in these systems,” he said. Now that computers have become pervasive in the world, users depend on them alone. Rather than buy a paper backup and go online to check movie times, in 2004 you just go online. You trust your computer to perform certain tasks flawlessly. Therefore, he says, Microsoft has a responsibility to its customers in four categories:

  • Security
  • Privacy
  • Reliability
  • Business Integrity

An amusing video of his grandmother Estelle emphasizes the need for secure, reliable, easy to use software. 91 years old, she takes online surveys to save money, and inadvertantly aquires various malware. Patches, she says, are “too … too involved. I’ve never made a patch.” With this kind of typical user experience, Microsoft realizes that it must protect its customers from attack transparently. Security updates should be rolled out automatically and painlessly.

Nash points at XP Service Pack 2 as a breakthrough in solving those problems. With over 100 million installations, SP2 features stronger security settings, increased control and managability, an improved end-user experience, and a centralized security center which highlights the three most important security features. And in the future, he hints at dynamic system protection, where your operating system identifies vulnerable system and user components and disables them until they’re patched, application aware firewalls, behavior blocking, and intrustion protection.

Most malware, Nash said, is discovered and reported by annoyed users who find additional toolbars and ads on their computers, decreased performance, or other anormalities. His comments on user security brings up the question, “Should spyware just provide a better user experience?” If spyware causes computers to misbehave, why not simply write better, less annoying spyware. This would increase the stick rate of spyware, and market saturation would increase. No more processor hogging, hard-disk churning, and countless popups means more happy infected consumers!

Internally, Microsoft has begun a number of intensive automated and manual code review processes, as well. The source trees for patches have been split into two trees–one for corporate QFA patches, the other for security flaws. Patches and code get more testing than before, and there is a new emphasis on quality. Nash referenced Bill Gates’ Memo on Trustworthy Computing frequently.

Mike’s prime example of the new Microsoft security iniative was a server vulnerability (MS03-007) reported in Windows 2000 just before Windows 2003 server was about to ship. The bug, in IIS 6’s WebDAV module ntdll.dll, had been fixed in secure code review in Windows 2003, but image it weren’t. Windows 2003 ships with IIS 6.0 turned off by default, so the bug would not apply to a default installation. But, even if IIS were on, WebDAV is not running by default. Supose, even, that WebDAV were running. The maximum URL length of WebDAV is shorter than the exploit’s needed length, by default. Suppose, as a final hypothetical, that the user changed the default URL length longer. The IIS thread is running in user mode and would not allow system compromise, just DOS at worst.

It was a good presentation, but I had some reservations. First, he cited the infamous “Is Linux more secure than Windows?” report, to which you can read the linux response. At best, it makes an unfair generalization of the nature of security flaws. Second, a number of the Microsoft policies he mentioned with regards to DRM and licensed users seem needlessly harsh. I think that Microsoft should support its products, legal or not. A worm in a pirate’s computer will negatively affect neighboring systems, and doesn’t cost more to support with patches that are publically released. Third, he said nothing about fighting Microsoft’s poor security reputation except an aside in an anecdote. This is a real problem for Microsft that won’t go away by ignoring it. Even if you highlight security improvements, you should beg forgiveness for past security flaws.

All in all, quite interesting, and Mike Nash is a nice guy. I had a chance to speak with him afterwards about Windows Starter Edition, piracy, and some other themes. Just wish I won that Ipaq.

Next Page »