beforeyoukillyourcomputer.com

Microsoft Corp. mounted an unusual legal attack this week to try to take down a global network of PCs that the company accuses of spreading spam and harmful computer code.

A federal judge in Alexandria, VA, granted Microsoft’s request for an order to deactivate 277 Internet addresses, or domain names, that the company linked to a “botnet“—an army of tens of thousands of PCs around the globe, infected with malicious code that allows them to be harnessed for nefarious purposes.

Microsoft on Monday filed a suit that targets a botnet identified as Waledac. It accuses 27 unnamed “John Doe” defendants of violating federal laws against computer crime.

In a private hearing that day, Microsoft attorneys asked U.S. District Judge Leonie Brinkema to issue a restraining order under seal—a rare move in civil cases of this nature—to allow the company to secretly sever communications channels to the botnet before its operators could reestablish links to the network.

“We have a high degree of confidence this will be major blow to this botnet,” said Richard Boscovich, a senior attorney in Microsoft’s digital crimes unit and a former federal prosecutor for 18 years.

Full Story ~ The Wall Street Journal

One of the updates from this month’s giant Patch Tuesday is wreaking havoc on some users Windows PCs by giving them the Blue Screen of Death (BSOD), according to a thread on Microsoft Answers, the company’s support forum. Based on what users have found, the update in question is KB977165, which is described by Microsoft as “MS10-015: Vulnerabilities in Windows kernel could allow elevation of privilege.” The issue was first reported by Krebs on Security.

Microsoft Security Bulletin MS10-015 goes into further detail about the flaw being patched: “The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.” The security update is rated Important on the versions of Windows it patches: Windows 2000, Windows XP (32-bit and 64-bit), Windows Server 2003 (32-bit and 64-bit), Windows Vista (32-bit and 64-bit), Windows Server 2008 (32-bit and 64-bit), and Windows 7 (32-bit).

The majority of users who are complaining about the issue are on Windows XP, but some users in the thread mention this occurs for them on Windows Server 2003 and Windows Vista. Those running Windows 2000, Windows Server 2008, and Windows 7 have yet to report problems, though the issue is fairly new so it’s still possible that as more and more users install the update, the BSOD will creep up on the remaining versions of Windows as well. We have yet to see the problem occur, as most of our systems and those of our peers are running Windows 7 64-bit or Windows Server 2008 R2.

Full Story ~ arstechnica

A lawsuit that accused Microsoft of misleading consumers to download and install an update for Windows Genuine Advantage (WGA) under the guise that it was critical security update has been tossed out. Last month, a federal judge refused to certify the lawsuit as a class action, which would have meant anyone who owned a Windows XP PC in mid-2006 could join the case without having to hire an attorney, and on Friday the same judge dismissed the case completely.

This was a day after the plaintiffs and Microsoft agreed to drop the lawsuit. “This case has been dismissed, and we are pleased it was resolved successfully,” a Microsoft spokesperson told Ars. The move means Redmond has managed to avoid hundreds of millions in potential damages. In January, Microsoft was told it had until February 12, 2010 to submit its expense list to the court but as part of the stipulation to dismiss the case, however, the plaintiffs and Microsoft agreed that each would pay their own attorneys’ costs and fees.

Full Story ~ arstechnica

This download provides the DirectX end-user multi-languaged redistributable that developers can include with their product. The redistributable license agreement covers the terms under which developers may use the Redistributable. For full details please review the DirectX SDK EULA.txt and DirectX Redist.txt files located in the license directory.

System Requirements

• Supported Operating Systems: Windows 7; Windows Server 2003; Windows Server 2008; Windows Vista; Windows XP 64-bit; Windows XP Service Pack 3

Additional Information

• The DirectX redist installation includes all the latest and previous released DirectX runtime. This includes D3DX, XInput, and Managed DirectX components.
• The DirectX runtime cannot be uninstalled. We recommend Windows Me and Windows XP users create a “System Restore” point before installing. For information on creating a restore point, please refer to the following Microsoft Knowledge Base articles: Windows XP: Microsoft Knowledge Base article 310405.
• This update is recommended for users that do not have internet connection during installation
• If you would like the websetup version of the runtime package, please click here.
• Starting with Febraury 2007 SDK release – The redist no longer supports Win9x

Download DirectX End-User Runtimes (February 2010)

A computer operating system is like a desk. It should be comfortable to work at; sturdy and stable; handsome to look upon, but not distracting; it should be able to store files and tools away when not in use, but keep them accessible when you need them. But above all else, an OS should get out of the way and let you get your work done. Now imagine if your desk were enormous—taking up a significant portion of the room you keep it in. To get started working requires unfoldings, knob-twistings and other complex procedures. When you finally are seated, you open a drawer on your desk to get a new pen and the drawer instantly snaps shut on you, saying “Do you really want to use that pen? It’s new and I don’t know where it came from.” Then you say, “Yes, I bought the pen and I’d like to use it. I know where it came from.” And then your desk replies, “All right, fine. Use the pen, but before you do, I want to make sure that I’ve expressed my reservations about that pen. It’s a fountain pen and those have been known to explode and shoot ink all over the place. You’ve been warned.”

It sounds silly, but that’s exactly the problem with Windows Vista, a big, creeping, cumbersome embarrassment for Microsoft the past few years. The worst part is that Vista was an honest attempt to deal with the consequences of the success of Microsoft’s Windows XP’. The ubiquity of Windows has made it a frequent target of cyber attackers and criminals, and the reviled User Account Control was intended to create a barrier so no program could install itself on your computer without your consent. The world got more dangerous, so Windows got more protective. The slow boot time and bloated size of Windows were consequences of the system’s need to be a photo viewer, media player, e-mail client and movie editor. And because, unlike Apple’s Macintosh OS, Windows is built to support thousands of potential computers with millions of potential peripherals, it must have generic support for most of those things built in.

Full story ~ Popular Mechanics

InformationWeek – Microsoft is offering the Home Premium version of its new Windows 7 operating system to college students for just $30. The OS usually sells for $119.

In order to qualify, students must enter their college or university e-mail address into a special Web site that Microsoft has established in partnership with distributor Digital River for the promotion.

Microsoft said it also may require proof of enrollment, but it was not immediately clear how rigidly the software maker plans to enforce the policy.

The Web site also features a link to Microsoft’s online Upgrade Advisor, which students can use to verify that their PCs are capable of running Windows 7.

What’s not known is whether scholastic IT departments will support Windows 7 when it debuts on Oct. 22nd. Many held off supporting Windows Vista when it debuted in early 2007 due to concerns about application compatibility.

Earlier this week, Microsoft said it plans to release a set of tools in late October designed to help organizations, including academic institutions, deploy Windows 7.

Source

Microsoft said that some “in-place” upgrades from Windows Vista to the new Windows 7 may take some users more than 20 hours to complete.

The best that users can hope for is a 1 hour and 24 minute process, said Chris Hernandez, who works in the Windows deployment team, in a company blog published Friday.

So-called “clean” installs, where the user overwrites an existing edition of Windows to end up with the newest version of the operatiing system, but no former data or applications, take less time: from 27 to 46 minutes.

Hernandez said the in-place upgrade times were obtained from lab machines in three different configurations — labeled low, mid-range and high-end — with three simulated users: a medium user, a heavy user and a super user. The profiles differed in the amount of data and the number of applications that were on the PC before the upgrade to Windows 7.

Full Story

Microsoft has ported back changes to its AutoRun and AutoPlay features to Windows Vista and XP to help users fight malware that spreads through USB devices.

Microsoft made the change in Windows 7 earlier this year to stop the spread of the infamous Conficker worm, which was taking advantage of the functionality to silently jump from PC to PC. With the change, Windows will no longer display the AutoRun task in the AutoPlay dialog except for removable optical media such as CDs and DVDs.

The functionality was made available for XP, Vista and Windows Server 2003 and 2008 on Aug. 25. Information on how to download the updates can be found here.

The decision to make the change followed the well-publicized growth of malware spreading via USB devices during the past couple of years. In fact, a report by Symantec (PDF) found that self-copying to removable media was among the most common means of malware propagation in the second half of 2007.

“McAfee expects increased attacks involving USB sticks and flash-memory devices used in cameras, picture frames, and other consumer electronics,” Dave Marcus, director of security research at McAfee Avert Labs, blogged in January. “This trend will continue due to the almost unregulated use of flash storage across enterprise environments as well as their popularity among consumers.”

Source

Microsoft still has a variety of issues with its software licensing structure, according to a new research note by two analysts at Directions on Microsoft. Previous attempts at restructuring the often-complicated licensing for Microsoft products has resulted in benefits to the enterprise, particularly with new technologies such as virtualization. Windows 7 has the potential to introduce new licensing issues upon its general release on Oct. 22.

Microsoft licensing is likely to remain “unwieldy” in the near future, although solutions to licensing issues do exist, according to a new research note by two analysts linked to Directions on Microsoft, an independent organization that tracks the company.

The Sept. 8 research note by Rob Horwitz, CEO and founder of Directions on Microsoft, and Paul DeGroot, the organization’s research vice president, breaks down five reasons why Microsoft licensing is supposedly difficult:

1. A Variety of Products and Markets
The sheer size of the Microsoft product portfolio, coupled with the company’s global reach and multiple markets, means a “one-size-fits-all product packaging, licensing and pricing approach couldn’t possibly work.”

2. Decentralized Decision Making
The different product groups within Microsoft decide their licenses and pricing, often independent of the company’s central licensing division. Each of these product groups operates with an eye toward its own competitive profile and revenue generation.

3. New Technology
Technological innovations such as multicore processors and cloud computing can force Microsoft to adjust its licensing structure, which in turn can complicate life for customers as new rules and exceptions are introduced.

4. Limited Enforcement and Compliance Tools
“Most Microsoft products do not include features to help medium and large organizations match product use to license purchases or comply with license usage rules,” Horwitz and DeGroot write. “Customers are responsible for building the complex infrastructure and processes necessary to police themselves.” This can lead to excessive purchases of licenses or inadvertently signing up for programs such as Enterprise Agreements.

5. Lack of Inventive
According to the research note authors, “Microsoft executives don’t see current licensing policies as a problem … and the executives are reluctant to tinker with such a complex system.” The sheer amount of effort and cost involved in restructuring licensing policies also acts as a drag on the potential for system reform…

Full Story