Good evening, Slashdotters. Feel free to check out the rest of our Windows 7 launch coverage, including a quick video interview with Microsoft Corporate Vice President Brad Brooks as well as a rundown of how the Windows 7 tweet-up went on Thursday night

We’ve tried to withhold ourselves from sourcing our news from leaky valves in Microsoft as of late (and you can see where that’s gotten us. ahem), but we don’t just stay away for the sake of keeping ourselves out of that eternally stressful race for content. We tend to stay out of it because behind every leak, someone’s job suffers as a result.

I had a very open interview with someone at the launch event. This person frequently deals with product leaks, and as a result, it’s fair to say that the person knows exactly how said leaks impact work, the lives of everyone connected to the project, the public perception of a product, and so forth. My interview with this particular Microsoft employee was fulfilling in the sense that I’m able to offer an uncensored glimpse into what Microsoft has to deal with whenever someone decides to leak a build, leak a screenshot, break an embargo, and what not.

Check the break to read about how it all went down. Keep in mind that there’s no video or audio and that this is, indeed, a long read apparently not as long as some people have seen in the past. Thanks is due to the anonymous commentators who pointed this out.

Just to clarify: this is a selective issue; the scope of this issue isn’t known, but not everyone is seeing this problem. The fix is outlined after the jump for the issue listed below for those of you experiencing it.

In the wonderful world of Zune, all the Zune teamsters, Zune coders, Zune pushers, and Zune lovers are busy celebrating the launch of the Zune HD. That’s not to say there aren’t any snags with which to deal. Case in point: I came across this wonderful screen when I tried to sign into my account under Zune 4.0 for the first time:

“Great, there’s no terms to which I must agree. I’ll just go ahead and click Accept,” (the result of which you can see after the jump)

(more…)

On Tuesday, some no-good hackers decided to post a vulnerability, complete with a proof-of-concept Python script, that can remotely crash any Windows-based computer that has the SMB 2.0 network protocol enabled, which includes any system running Windows Vista or later. So like anybody with a bunch of free time would do, I cracked open a couple of VM’s and had some BSoD fun with Vista but noticed that 7 didn’t budge whenever I sent the exploit packets, so I suspected that they probably tested the RC version against this exploit

Well my gut feeling was right, and Microsoft released a security advisory later that day stating that it only affected Windows Vista and Server 2008, as well as the Windows 7 RC, but no mention of the 7 RTM (or Server 2008 R2). Plus, the scope was narrowed further when it was revealed that Public network locations were unaffected (they blocked incoming connections anyway). So nothing that bad to get riled over.

Of course, until a hotfix is released, if you’d like to completely protect yourself from the exploit you can follow the directions to either

• Block ports 139 and 445 from inbound connections using a firewall
• Disable the SMB2 driver
• Both (why not? unless you’re actively using file/printer sharing)

For the uninitiated,

FSF = Free Software Foundation

CC = Creative Commons

That out of the way, let’s get to the point: The Free Software Foundation’s latest ridiculous hit piece on Microsoft (after the break) not only uses a license considered a “cardinal sin” (as stated by Matt Asay) amongst free open source software proponents, they actually render their own licensing null and void by blanketing IP which they don’t actually own. Let’s take a look.

The important part, circled in mspaint-esque red, can be found at the bottom of the campaign’s page. Basically, their Creative Commons license requires attribution, denies derivative works (the “cardinal sin”), and, quite ironically, puts no limits on commercial reproduction. I’ve saved a copy of the page to commercially reprint for the sake of covering my PDC bills since they apparently don’t care, but that’s beside the point. The point is that they applied a Creative Commons license to the entire page, which of course spans all of the elements used within the page. This also spans the header image, which violates Microsoft’s trademark by reproducing the new Windows logo with the primary four colors intact, thereby qualifying as a gross breach of Microsoft’s trademark. Because the FSF did not receive permission to use the Windows logo and because they did not exempt the trademark from the license, they’re now left with a license which covers items in violation… which renders the Creative Commons license spanning their entire page (and every other page mentioning that license with that header) null and void. This, of course, also means that my derivative works are perfectly allowed. Score one for defense.

To summarize, not only did the Free Software Foundation violate their own principals, they hypocritically denied the right to create derivative works from the campaign page while creating a derivative work from Microsoft’s logo which is close enough to the original as to give grounds to Microsoft for a lawsuit. In addition, it begs the question of whether the funds they happen to have are truly being used to better the open source cause or if they’re just burning money in a campaign of FUD.

Microsoft, of course, likely won’t sue because giving the Free Software Foundation their own Streisand Effect would be a nightmare scenario.

All of the above is from my primitive understanding of IP law and licenses. I am not a lawyer, but I would love to be corrected by someone who is and hasn’t chosen a side in this mess.

(more…)

Bing has officially become a verb, according to CNN: http://is.gd/2yjnh

Oh hey, seems like Windows 7-E is making a comeback (source-link is German) after having lived and died a very uneventful life in the EU. The German-language Microsoft Store is selling it for 299 euros, and the box art (as well as the page) clearly notes the lack of internet explorer on this version.

Mistake? Joke? A sign that Microsoft might’ve gotten pissed at Opera’s and Mozilla’s recent efforts to milk even more out of them? Who knows, but the box art for “Ultimate-E” has a weird stuttery look to it.

Credit goes to Andre Da Costa for pointing me to the buy page via MSN. I can’t read German, but from the presence of the box art, I’m certain this is for a retail copy of Windows 7-E.

Lots of people are asking for the logic behind Apple’s apparent move into the tablet market. Matthew Miller of ZDNet posted this inquiry-of-a-post asking for any potential reason for why Apple would want to enter the tablet game, but it seems he (and two of my favorite colleagues, Mary Jo Foley and Zack Whittaker) may have missed the answer:

Students.

Many schools suggest tablets for note-taking or engineering work. Heck, some even mandate them. This market is currently owned by Microsoft, and given Apple’s de facto hip-couture status in universities, it’s only logical to see that Apple wants to snatch the remaining Windows tablet users and turn them to the dark side, preferably before Windows 7 strolls along. My own discussions with students of various universities which suggest or mandate tablets (the biggest one which comes to my mind is a school I was considering attending myself and which currently lists as alumni a few of my friends, Virginia Tech), lead me to believe that a vast number of the attending students wish they could use Apple’s own hardware. Sure, there are a few hackintoshy solutions (modbook) but these aren’t official, supported by Apple, or anywhere near as “hip.”

Granted, Apple’s rumored tablet offering isn’t actually aiming for the engineering students, but that’s beside the point. The point is that if one Apple tablet succeeds, they will swiftly aim for turning it into a billion-dollar business, just as they have with the iPod, the iPhone, et. al.

Here’s the problem: Microsoft is coming with Windows 7 on October 22nd. That’s long after classes begin and likely a month after Apple’s seemingly-real tablet offering, which might still find its way into the hands of hipster-poseurs and college students. If Apple’s tablet happens to be an unproductive media device with no purpose other than to watch films and browse the internet, then I suppose only the crunchpad may possibly need to worry, but if Apple’s tablet offers any decent means of taking notes or generally being even slightly productive, Microsoft quickly needs to put it to bed.

Otherwise, Apple’s legions will embrace it like the second coming of choose-your-deity rather than the outcast child the business world would much prefer to see (before these students force said businesses over to the worlds most unproductive OS). Given Apple’s recent streak of screwing the consumer, the last thing people need is another outlet for the consumer to be, well, screwed.

Yes, I wrote this on a MacBook, which thankfully currently possesses no trace of any Leopards, Snow Leopards, or any other endangered sources of luxury furs. I also gracefully stole the article’s image from PC World.

As those involved in the Windows 7 community may know, Microsoft has failed to fix a crucial flaw in the User Account Control feature of the operating system which allows a specific whitelist of applications to inject code that can allow any application to silently elevate. The code was released about a month ago as a proof-of-concept by Leo Davidson showcasing the flaw elevating a command prompt window using the whitelisted explorer.exe process.

The company stands by UAC in its final form, but they’re taking it a step further by blocking the program that causes the exploit using their own security software.

Today, I just happened to download the zip file that causes the exploit when Microsoft Security Essentials greeted me with a nice dialog telling me that what I just downloaded is malware, specifically HackTool.Win32/Welevate.A and HackTool.Win64/Welevate.A (depending on architecture). While I’d agree that this can be considered a form of malware, it’s just a very bad way of dealing with the situation. However, Leo noted that Windows Defender in Vista did not detect this exploit, and Bryant confirmed that the same is true for Windows 7 (where the trick would actually work), so this seems to be exclusive to Microsoft Security Essentials.

It’s not clear what method the signatures take to detect it, but I promptly recompiled the source code under the Visual C++ 10.0 toolkit using VS 2010 Beta and the application ran undetected. Not a very good solution if it actually hash checks for the specific applications.

Leo, and I (or Bryant) will update our respective pages accordingly as we discover more. Bryant is seeking official word from Microsoft on what’s going on. Meanwhile, you can see the VirusTotal report here and grab the exploit here.

Update (~Bryant): let’s take a look at what’s going on here from a different approach. Microsoft says that the vulnerability here is not actually a vulnerability and is, in fact, by design. However, they’ve also classified Leo’s proof-of-concept as malware. Logically speaking, if a process whose sole purpose is to exploit a perceived vulnerability is marked as malware, then it’s reasonable to assume that the perceived vulnerability is indeed a significant problem. Basically, Microsoft contradicted themselves by listing the proof-of-concept as malware.

Update 2 (~Bryant): A friend of mine proposed one particular argument as a potential explanation to this issue, whereby this is a bug within Microsoft Security Essentials. The reasons I don’t believe this to be the case are:

• This exploit was specifically named as HackTool:Win32/Welevate.A (A quick googling shows only three links; one is to the aforementioned virustotal link, the second and third to a Microsoft encyclopedia entry.
• This particular label only applies to this specific proof-of-concept
• A reasonable vulnerability assessment (”Medium”) was applied to this particular proof-of-concept, which makes sense given that this security vulnerability in UAC is only really an issue if either a user runs a malicious application or if some other internet-facing application were to be compromised. I covered the latter in an older post of mine where I explain how this flaw essentially raises the vectors of attack many-fold.

Leo and Bryant contributed to this post.

DreamSpark is one of those relatively-awesome-yet-equally-as-known initiatives from Microsoft. Yeah, plenty of people know about it, especially many up-and-coming developers who happen to be the intended audience, but there are also others who could easily benefit. I always manage to run into an IT or CS student who has no idea about DreamSpark until I tell the person, and once they see it, it’s like this treasure trove of lightbulbs turns on in the person’s mind.

For those who don’t know, DreamSpark throws free software at students (after verifying their student-hood, of course). I previously wrote about using DreamSpark to get and use a free OS in place of Vista over here.

Now, keeping the awesomeness of DreamSpark in mind, Expression 3 was only very recently released. A number of threads have popped up on the internet, with the most notable first result for me being this thread on Channel 8. Coupled with requests from other students I personally know as well as faculty from schools near the DC area (thanks for reading, guys!), I figured I’d look into it.

There’s good news, and there’s the news which isn’t exactly bad. I’ll spill the news which isn’t exactly bad first.

There’s no official target date on getting Expression Studio 3 up on DreamSpark, nor will it be available in July, nor is the target timeframe a certainty or guarantee. There; that’s the news which isn’t exactly bad.

The good news: the target timeframe is still before the point when classes start for many of you. The word, as given by a Microsoft spokesperson, is that a “target timeframe would be [the] end of August.”

If you can’t wait ‘til then, go grab Expression Studio 2 from DreamSpark right now. Otherwise, show some patience, be awesome, and grab Expression Studio 3 once it drops for you guys for free in a month. Cheers to dreamers at Channel 8 for holding out, and I’ll have an update for people once a specific date has been settled upon.

Update: Please, if you’re going to copy my images, don’t delete the watermark. I went through effort to get these pictures, and having them torn off (as is the case with ArsTechnica’s recent linkback)just means that I’ll have to present unsightly watermarks over the entire picture next time as opposed to keeping the images presentable by leaving the watermark in the corner. Update 2: ArsTechnica corrected their image accordingly. Thanks!

Just about everyone has seen the shots of the new Windows 7 retail packaging, but pictures of the new Anytime Upgrade packaging are much harder to come by. Impossible to find are any current examples of the packaging besides press shots and renders, so having said that, here are a few good hands-on shots I managed to take. For those wondering, yes, this means the boxes themselves are real, and that yes, Microsoft will indeed be pushing Anytime Upgrade through retail channels.

If you want some context as to how Microsoft arrived to this new box design, go ahead and check out Brandon LeBlanc’s post over at the Windows Team Blog. As for a physical size comparison: the full version boxes carry the same dimensions as the current Vista boxes.

(There’s nothing relevant inside the boxes themselves; just a fake key and a CD of Visio inside the retail box of which I was also taking some pictures.)

Have at it:

On an unrelated note, we (the staff of AeroXperience) would like to wish our condolences to the Jackson family with regards to the recent, sudden, and highly tragic passing of Michael Jackson