AutoRun and AutoPlay, Microsoft's "dangerous duo" for launching programs from CD/DVD and other removable media types, have become among malware authors' favorite infection vectors - and Microsoft has finally said, "enough already!"
A research study by Forefront Client Securitycited by the Engineering Windows 7 blog determined that infections that can be started with AutoRun amounted to 17.7% of detected infections in the second half of 2008.
Although AutoRun was originally designed strictly for optical media, it can be used for other types of media. For example, you can create an autorun.inf file that adds the program on the media to the AutoPlay menu Windows displays, and change the default icon to make the malware program mimic a legitimate program. Conficker used this method to spread, as illustrated here.
Starting in Windows 7 RC, Microsoft has changed how both AutoRun and AutoPlay work:
AutoPlay no longer supports AutoRun on non-optical removable media. An autorun.inf file on a USB or other type of non-optical removable media will be disregarded. Only AutoPlay options that pertain to the types of files on the media will be listed.
When AutoPlay displays programs present on the media, the dialog now states that those programs will be run from the media.
To learn more about these changes, and to find out what other Microsoft operating systems will eventually get similar protection, join us after the jump.
Starting yesterday, MSDN and TechNet subscribers have been able to download the Release Candidate (RC) for Windows 7, Microsoft's upcoming operating system. This latest version represents the final phases of development and is geared towards giving hardware and software partners a headstart in coding device drivers and services.
"Listening to our partners and customers has been fundamental to the development of Windows 7," said Bill Veghte, senior VP for the Windows business at Microsoft. "We heard them and worked hard to deliver the highest quality Release Candidate in the history of Windows. We have more partner support than we've ever had for an RC and are pleased to say that the Windows 7 RC has hit the quality and compatibility bar for enterprises to start putting it through its paces and testing in earnest."
That should come as good news to everyone who plans on upgrading once Windows 7 starts shipping. By contrast, Vista's release was the polar opposite to what Microsoft is claiming we can expect out of Windows 7. Driver issues, particularly with Nvidia hardware, plagued Vista's release, as did several performance hampering bugs.
If you're not an MSDN or TechNet subscriber, you still won't have to wait long to get your hands on the RC. Microsoft says it will make Windows 7 RC available to the general public on May 5, which is next Tuesday.
Acer president and CEO Gianfranco Lanci acknowledged yesterday all the attention Google's open-source Android platform has been receiving and assured investors that his company has taken notice, too.
"We are testing Android on a lot of different solutions," Lanci said during Acer's first-quarter investors conference in Taipei. "We are working on an Android solution for the smartphone, but I think it's too early to say if we're going to see Android on a netbook in the near future."
Lanci had previously been critical of Android for use in netbooks, noting Android is not yet ready to fit the needs that come with them, such as being able to "view a full web for the total internet experience." At the time, Acer did say it was testing Android for netbooks, noting that other companies have been doing the same thing.
Netbooks aside, Acer's latest statements regarding smartphones follow in line with what HTC, Far EasTone, and Samsung have also indicated. In other words, be prepared for a deluge of Android-based cellphones in the not too distant future.
Softpedia reports that pirated copies of Windows 7 will be provided with security updates, update rollups, and even service packs. What is Microsoft thinking? Is Redmond promoting piracy?
The idea of providing security and other updates to pirated copies as well as legit copies of Windows might seem crazy, but here's the reasoning, straight from Paul Cooke, director of Windows Client Enterprise Security:
Keeping a machine up to date is one of the first steps in helping ensure that they remain reliable, compatible, and safe from threats when they are online. Some of the most famous incidents of malicious software infection have come after security updates were publicly available from Microsoft - Blaster, Zotob, Conficker and Sasser, just to name a few. Rest assured that we at Microsoft are committed to making sure that security updates are available to all of our users to help ensure a safe online experience for everyone.
Note that Cooke is laying the blame for many recent security problems where it belongs: on users and companies who will not upgrade their software to block such threats. By continuing the recent policy of allowing users of non-genuine Windows to receive security updates, Microsoft is saying, in effect, 'don't blame us if unpatched systems are compromised.'
However, don't think that Redmond's turning a patched eye to either casual piracy or software counterfeiting. Pirated copies of Windows 7 won't be eligible for some of Microsoft's goodies, and Softpedia points out that counterfeit copies of Windows often come with a "free" bonus: malware.
For your chance to sound off on security for software pirates, join us after the jump.
Tuesday, Microsoft clarified exactly what Windows 7 users will need if they want to run XP Mode (officially known as XP Virtual Machine). Although it appeared initially that XP Mode would include Windows XP SP3, Cnet's Ina Fried reports that users will need to supply their own licensed copies of Windows XP SP3 to go along with the free XP Mode download for Windows 7 Professional, Enterprise, or Ultimate editions.
As we reported Monday, XP Mode will indeed require hardware virtualization support in the processor, meaning that low-end processors as well as some older mid-range and high-end processors from Intel and AMD won't support XP Mode. Microsoft also states that computers will need at least 2GB of memory to run XP Mode. Thankfully, potential XP Mode users won't need to wait until after Windows 7 ships to see if XP Mode works for them: Fried states that Microsoft will roll out a beta of XP Mode at the same time as Windows 7 RC - May 5th for most of us.
To find out who will be happiest with XP Mode, and how to manage it, join us after the jump.
Once Windows 7 ships, Windows 7 Professional, Enterprise, and Ultimate edition users will be able to download a free Windows XP Mode upgrade from Microsoft, WinSuperSite's Paul Thurrott reports. What Thurrott calls XP Mode will enable these versions of Windows 7 to be almost perfectly compatible with Windows XP applications. Essentially, Windows 7 will have "Windows XP inside" when XP Mode is installed.
What is XP Mode? Officially known as Virtual Windows XP, it combines a hardware-accelerated host virtualizer based on Virtual PC with a fully licensed copy of Windows XP Professional SP3 which the user must supply [updated 4-29-09]. While, at first glance, this might sound like little more than a more convenient replacement for downloading a copy of Virtual PC 2007 and scrounging up a Windows XP Pro disc and license from a dead PC, there's a lot more to Virtual Windows XP.
As the WinSuperSite screenshow reveals, Virtual Windows XP will be able to share your system's USB drives, and when you install apps to Virtual Windows XP, your Windows 7 menu will automatically be updated with shortcuts, enabling you to run Windows XP programs in separate virtualized windows on your desktop. Although the virtualizer used by Virtual Windows XP is a host-based virtualizer, these features put it miles ahead in usability compared to Virtual PC 2007 plus Windows XP. And, because Virtual Windows XP's virtualizer requires hardware virtualization support, it won't bog down your system the way an unaccelerated virtualization host will do.
Are there any downsides? For a couple of potential gotchas, and for your chance to sound off, join us after the jump.
Available in alpha form for the past several month, Canonical has officially released its newest version of Ubuntu, 9.04 (Jaunty Jackalope). Canonical says it will maintain its latest open-source OS until 2010.
Ubuntu 9.04 brings a new kernel to the table, version 22.214.171.124, as well as several other features. Some of these include:
Faster boot time
Latest GNOME 2.26 desktop environment
Better handling of mutliple monitors
Latest X.Org server 1.6 with support for several new videocards
Wacom tablet hotplugging
Ext4 file system support
Brasero 2.26 (all-in-one CD burning application)
Also new to the latest version of Ubuntu is a Netbook Remix version. According to Canonical, the Netbook Remix brings even faster boot speeds, a "built-for-purpose interface" that keeps favorite applications and websites a click away, enhanced power-management features, and easier switching between networks. Canonical says it has tested its Netbook Remix version on a range of netbook models, including Acer's Aspire One, Asus' EeePC 1000, and Dell's Mini 9.
Recent postings on the Microsoft Partners website suggest that Redmond's about to pour a refreshing glass of Win7 RC the first full week of May.
Although the Microsoft Partner Program page that Neowin.com posted last week has since been updated to remove the Download Windows 7 RC button, the newest version of the page now notes that May 7 (two days after the reported public release of Windows 7 RC noted in the earlier version) will be Windows 7 Virtual Partner Readiness Day.
Does this indicate that Microsoft is delaying the public release of Windows 7 RC by a couple of days? We won't know until later, but early May continues to look like RC time.
Windows 7 brings enterprises more security with less annoyance, says Paul Cook, director of Microsoft's Windows Client Enterprise Security, Cnet reports. Cook's remarks come as the annual RSA security conference opens.
How much less annoying? 29% fewer UAC prompts, according to Cook, and UAC can be fine-tuned to meet any Windows 7's user's requirements.
But there's more to Windows 7 security than a less nagging UAC. To learn more about how Windows 7 Enterprise and Ultimate editions and Windows Server 2008 R2 work together for more security and to discover why a new BitLocker feature enables Windows XP users to access BitLocker media, join us after the jump.
Earlier this month, a pair of bigwigs over at Acer said during a press event that the company plans on using Google's open-source Android OS in its upcoming smartphones, but doesn't feel the OS is ready for netbooks. Just don't tell that latter part to Chinese company SkyTone, the first company (we're aware of) to release an Android netbook.
SkyTone, who's best known for its Skype headsets and kiddie PCs, lists on their website the Alpha-680 Google Android netbook. Available in pink, red, yellow, white, or black, the low cost netbook comes equipped with a 7-inch LCD screen, ARM11 533MHz processor, 128MB of DDR2 (upgradeable to 256MB), a 1GB SSD (upgradeable to 4GB), WiFi, memory card slot, two USB 2.0 ports, and of course Google's Android OS.
ComputerWorld describes the rig as a "glorified cellphone...without the glory," and we'd have to agree. It's unclear when it will be available for purchase and for how much, but even if it checks in somewhere between $100 and $200, Dell's $199 Vostro A90 would make the Alpha-680 a tough buy.