For a week or two after the official Windows 7 launch, I’ll be posting all sorts of videos, interviews, and other content. Stay tuned and either bookmark this post (and check repeatedly) or simply check AeroXperience for more updates. These will be the last major posts prior to the rollout of winJade, of which I’m intentionally withholding details because I’m mean and simultaneously awesome.

1. The day after 7: perspective… and Brad Brooks (October 23, 2009) (Update: video brightened)
2. The Windows 7 tweet-up in New York City, Winners, etc. (October 24, 2009)
3. The Effects of Leaks: A Candid Interview (October 25, 2009)
4. Coming Soon

Trust me when I say that whatever I’ll deliver will be worth your while in many ways.

When a product garners so much positive attention that the press are cheering after demonstrations, it’s generally considered a rather outstanding feat. I don’t remember the same kind of positive attention during the late January 2007 launch of Windows Vista (php str_replace("ch", "j", "cheering") would be a more accurate description of what happened after the Windows Vista launch event), but the crowd at the Windows 7 launch was far more enthusiastic and festive. That having been said, a few things put this launch into perspective for me and might give a sense of just how important and gamechanging Windows 7 might be.

1. Microsoft is fully shifting focus to Windows 7. Windows Vista, of which the sheer length of the development cycle was inversely related to the level of approval and favor it garnered as time passed, has turned into something of an elephant in the room for Microsoft employees. Using the same metaphor and finding an excuse to quote an anonymous Microsoft employee I overheard yesterday afternoon, Windows 7 is the equivalent of a reputational wrecking ball designed for the sole purpose of “getting that elephant the f*** out”; it was the first Windows consumer OS born almost entirely from what the user wanted (read: what the average user hated about Vista). Now that it’s out and it starts replacing what was a good OS blighted by pre-SP1 bugs with what is a good OS right from the get-go, Microsoft has switched into what’s essentially a massive damage control mode.
2. Adoption rates and momentum are high, at least according to an analysis by Rob Enderle. Based on his analysis of a study done independently from Microsoft by Laura DiDio and Sunbelt Software, he believes that Windows 7 adoption rates are “unmatched since Windows 2000” adoption rates almost a decade ago. Consumer adoption rates are also up there, with PCMag using the line “Windows 7 More Popular Than Harry Potter” to carry their point. Given that Windows 7 beat Harry Potter on Potter’s home turf, I’m going with the notion that PCMag and Amazon UK are right.
3. Apple created more ads specifically for launch day. Yes, that depressing and uninspired ad campaign which Apple has continued for the last 4 years saw three new additions to the lineup. That’s three new ads released on the same day, which makes sense given the massive dearth of negative press against Windows 7. When a competitor simultaneously launches three attack ads specifically for your product launch, it’s a sign of desperation and a good enough reason for you to pull out your grill and refill that propane tank.

   Hey, it wasn’t just me. The vast majority of Engadget’s commentators happen to agree.

Despite the recession and the subdued projections stemming as a result, it’s fair to say that all of the excitement is actually making jobs easier. Microsoft’s PR teams have an easier time when products don’t suck, and the press can move on to fuming at something more important, like the name of the next celebrity’s adopted baby.

The benefit to you? Better apps, higher developer morale, a solid OS, a higher willingness to publicly be a fan of Windows 7, and enough free time for a quick and awesome interview with a certain keynoting executive and perhaps the new face of Windows client by the name of Brad Brooks (Brandon LeBlanc would wisely and accurately like to remind me that there is no single face to Windows).

You can catch the video after the break. This interview happened near the end of our day, so the detailed questions were reserved for others who were around the event. You’ll see all (but one) of them over the coming week.

(more…)

On Tuesday, some no-good hackers decided to post a vulnerability, complete with a proof-of-concept Python script, that can remotely crash any Windows-based computer that has the SMB 2.0 network protocol enabled, which includes any system running Windows Vista or later. So like anybody with a bunch of free time would do, I cracked open a couple of VM’s and had some BSoD fun with Vista but noticed that 7 didn’t budge whenever I sent the exploit packets, so I suspected that they probably tested the RC version against this exploit

Well my gut feeling was right, and Microsoft released a security advisory later that day stating that it only affected Windows Vista and Server 2008, as well as the Windows 7 RC, but no mention of the 7 RTM (or Server 2008 R2). Plus, the scope was narrowed further when it was revealed that Public network locations were unaffected (they blocked incoming connections anyway). So nothing that bad to get riled over.

Of course, until a hotfix is released, if you’d like to completely protect yourself from the exploit you can follow the directions to either

• Block ports 139 and 445 from inbound connections using a firewall
• Disable the SMB2 driver
• Both (why not? unless you’re actively using file/printer sharing)

For the uninitiated,

FSF = Free Software Foundation

CC = Creative Commons

That out of the way, let’s get to the point: The Free Software Foundation’s latest ridiculous hit piece on Microsoft (after the break) not only uses a license considered a “cardinal sin” (as stated by Matt Asay) amongst free open source software proponents, they actually render their own licensing null and void by blanketing IP which they don’t actually own. Let’s take a look.

The important part, circled in mspaint-esque red, can be found at the bottom of the campaign’s page. Basically, their Creative Commons license requires attribution, denies derivative works (the “cardinal sin”), and, quite ironically, puts no limits on commercial reproduction. I’ve saved a copy of the page to commercially reprint for the sake of covering my PDC bills since they apparently don’t care, but that’s beside the point. The point is that they applied a Creative Commons license to the entire page, which of course spans all of the elements used within the page. This also spans the header image, which violates Microsoft’s trademark by reproducing the new Windows logo with the primary four colors intact, thereby qualifying as a gross breach of Microsoft’s trademark. Because the FSF did not receive permission to use the Windows logo and because they did not exempt the trademark from the license, they’re now left with a license which covers items in violation… which renders the Creative Commons license spanning their entire page (and every other page mentioning that license with that header) null and void. This, of course, also means that my derivative works are perfectly allowed. Score one for defense.

To summarize, not only did the Free Software Foundation violate their own principals, they hypocritically denied the right to create derivative works from the campaign page while creating a derivative work from Microsoft’s logo which is close enough to the original as to give grounds to Microsoft for a lawsuit. In addition, it begs the question of whether the funds they happen to have are truly being used to better the open source cause or if they’re just burning money in a campaign of FUD.

Microsoft, of course, likely won’t sue because giving the Free Software Foundation their own Streisand Effect would be a nightmare scenario.

All of the above is from my primitive understanding of IP law and licenses. I am not a lawyer, but I would love to be corrected by someone who is and hasn’t chosen a side in this mess.

(more…)

Once upon a time, a Microsoft employee said that UAC was designed to annoy people, thus encouraging people (and systems administrators) to bug application developers and get those developers to fix their use of resources in Windows. Well, it seems that one company actually went backwards, making its application more annoying than it used to be.

Of course, I’m talking about Java.

I figured I would turn Java into an example of what not to do when designing something for Windows before uninstalling it. Since Sun Microsystems clearly has no idea how to develop for Windows Vista, I’m going to direct them to this wonderful page.

I highlighted the single switch present in the command which indicates the problem: “-auto”. UAC prompts should never be automatically launched without informing the user prior to launching one. It’s very plain and very simple, and when developers start writing applications which throw consent prompts without any obvious reason as to why, they’re clearly doing something wrong.

Worse yet, Java Automatic Update decides to tell me after I click Cancel that it wants to update.

This bubble should be thrown first, followed by launching the consent prompt should the user decide to update. Doing it the other way around is mindblowingly stupid. It’s not exactly an easy thing to screw up, either, so I’m chalking this one up either to developers not knowing what they’re doing or developers testing UAC out for the heck of it to see how many people obey random UAC prompts.

If you’re seeing this, I highly encourage you to click Cancel. Better yet, go ahead and uninstall Java. That’s what I did.

Now if you’ll excuse me, I’ll be going off to celebrate my birthday away from random UAC prompts.

Oh hey, seems like Windows 7-E is making a comeback (source-link is German) after having lived and died a very uneventful life in the EU. The German-language Microsoft Store is selling it for 299 euros, and the box art (as well as the page) clearly notes the lack of internet explorer on this version.

Mistake? Joke? A sign that Microsoft might’ve gotten pissed at Opera’s and Mozilla’s recent efforts to milk even more out of them? Who knows, but the box art for “Ultimate-E” has a weird stuttery look to it.

Credit goes to Andre Da Costa for pointing me to the buy page via MSN. I can’t read German, but from the presence of the box art, I’m certain this is for a retail copy of Windows 7-E.

My thanks goes to Ed Bott, legendary Microsoft columnist and author, for pointing me to this rather depressing article on Wired this afternoon. Before you begin reading my rebuttal, I’d like to remind all of you that I quite like my Windows and quite hate my Apples, so if you’re an Apple fan, lover, loyalist, and/or propagandist, you can save yourself a lot of adrenaline-inspired organ damage by avoiding this article.

With that aside, let’s get to it.

Brian Chen, a self-admitted Mac user (I’ll explain why this is bad at the end) and writer for Wired Magazine, has come out swinging hard at Windows 7, likely out of his own fear of seeing Apple’s marketshare decrease once Windows 7 gains traction. His current piece, eloquently titled “7 Reasons to Avoid Windows 7” strikes at the most commonly misunderstood points in Windows without properly dissecting the logic behind any of Microsoft’s decisions. In this piece, I’ll be going through each of Mr. Chen’s points, one by one, in order to explain exactly why both Windows 7 should be embraced and why Mr. Chen’s writings should be avoided. Awesomeness exposes itself after the jump.

(more…)

As those involved in the Windows 7 community may know, Microsoft has failed to fix a crucial flaw in the User Account Control feature of the operating system which allows a specific whitelist of applications to inject code that can allow any application to silently elevate. The code was released about a month ago as a proof-of-concept by Leo Davidson showcasing the flaw elevating a command prompt window using the whitelisted explorer.exe process.

The company stands by UAC in its final form, but they’re taking it a step further by blocking the program that causes the exploit using their own security software.

Today, I just happened to download the zip file that causes the exploit when Microsoft Security Essentials greeted me with a nice dialog telling me that what I just downloaded is malware, specifically HackTool.Win32/Welevate.A and HackTool.Win64/Welevate.A (depending on architecture). While I’d agree that this can be considered a form of malware, it’s just a very bad way of dealing with the situation. However, Leo noted that Windows Defender in Vista did not detect this exploit, and Bryant confirmed that the same is true for Windows 7 (where the trick would actually work), so this seems to be exclusive to Microsoft Security Essentials.

It’s not clear what method the signatures take to detect it, but I promptly recompiled the source code under the Visual C++ 10.0 toolkit using VS 2010 Beta and the application ran undetected. Not a very good solution if it actually hash checks for the specific applications.

Leo, and I (or Bryant) will update our respective pages accordingly as we discover more. Bryant is seeking official word from Microsoft on what’s going on. Meanwhile, you can see the VirusTotal report here and grab the exploit here.

Update (~Bryant): let’s take a look at what’s going on here from a different approach. Microsoft says that the vulnerability here is not actually a vulnerability and is, in fact, by design. However, they’ve also classified Leo’s proof-of-concept as malware. Logically speaking, if a process whose sole purpose is to exploit a perceived vulnerability is marked as malware, then it’s reasonable to assume that the perceived vulnerability is indeed a significant problem. Basically, Microsoft contradicted themselves by listing the proof-of-concept as malware.

Update 2 (~Bryant): A friend of mine proposed one particular argument as a potential explanation to this issue, whereby this is a bug within Microsoft Security Essentials. The reasons I don’t believe this to be the case are:

• This exploit was specifically named as HackTool:Win32/Welevate.A (A quick googling shows only three links; one is to the aforementioned virustotal link, the second and third to a Microsoft encyclopedia entry.
• This particular label only applies to this specific proof-of-concept
• A reasonable vulnerability assessment (”Medium”) was applied to this particular proof-of-concept, which makes sense given that this security vulnerability in UAC is only really an issue if either a user runs a malicious application or if some other internet-facing application were to be compromised. I covered the latter in an older post of mine where I explain how this flaw essentially raises the vectors of attack many-fold.

Leo and Bryant contributed to this post.

Rafael Rivera, as he usually does, put a massive amount of research into discovering workarounds for downloading Internet Explorer on Windows 7 E. He found and posted a rather ingenious workaround for users stuck in Europe with Windows 7 E(U-gimped). The trick, which you can read over at Within Windows, definitely succeeds in winning the “clever” label applied by Rafael, but what Rafael didn’t mention is that Windows 7 (or at least Windows Media Player) still has the Trident rendering engine somewhere within the stripped OS. This means a number of things:

1. Bad: Upgrading from Windows Vista to Windows 7 E shouldn’t be a problem whatsoever, despite what Microsoft may say. This, unfortunately, doesn’t do much for Microsoft’s image in Europe (unless Steven can come and tell us specifically why Windows Vista can’t be upgraded to Windows 7 E)
2. Good: Windows really does rely on Trident for at least a few non-browsing-related functions, which makes sense given how useful HTML can be for creating a UI. It also gives a sense of validity to Microsoft’s claims with regards to the EU.
3. Bad (for browser peddlers, Microsoft, and the user. Good for the EU): The EU, in its limited comprehension of how a browser works, might now use this as “evidence” of Microsoft being deceitful.
4. Good: Your shiny new better-than-Snow-Leopard OS won’t be as gimped as you originally thought.

This also means that any applications which use Trident for rendering any HTML to present an interface to the user will still work without needing a browser, which means that application developers should still be happy.

You can catch Rafael’s guide here. While you’re at it, if you’re a native of an EU-governed state, please email them a few one-fingered salutes on behalf of the rest of the world.

Update: Paul would like to note that Microsoft has been “very upfront” about Windows 7 E having the Trident rendering engine. The fact is, Microsoft hasn’t really done a good job at pushing this note around, and given Microsoft’s other communication issues (again, noted by Paul), I’m inclined to say that the existence of Trident actually is news.

In fact, Microsoft also posted about it on their legal blog… in typical legalese. The official statement is:

Most importantly, the E versions of Windows 7 will continue to provide all of the underlying platform functionality of the operating system—applications designed for Windows will run just as well on an E version as on other versions of Windows 7.

To those of us who assume things in the most unrealistically general sense, “underlying platform functionality” includes Trident, but this by no means makes it obvious that Trident will still be in Windows 7 E, thereby proving Paul’s previous point about communication being a problem.

A few days ago, Long famously proclaimed that build 7600.16384 would be RTM (now retracted). Since then, another build has been compiled, and WZOR claims that this new build, 7600.16385, would be RTM. With this back-and-forth and soon-to-be-short-lived debate over which build will be released to manufacturing, I felt the need to drop by and remind people of a few things:

1. RTM isn’t just this magical thing which is compiled and then immediately signed off. It takes roughly a week’s worth of testing (in the Windows world. Shane Nokes, who happens to have experience elsewhere, knows that Microsoft could sign a project off after only three days) before certifying that a build is worthy of RTM.
2. 7600 will be RTM. Stop worrying about which compile of 7600 will be RTM; they only have very minor changes, if anything at all.
3. There’s nothing new in these last few builds. There’s no new theme, no new components… nothing. What’s the point of worrying about which build is compiled if there’s literally no visible difference?

Of course, there’s much more to my little OP/ED here after the jump, so be cool and get to it.

(more…)