Posts matching tags 'windows'
2008/2/1
Holy shit, Microsoft have made an offer to buy Yahoo, for a generous US$44.6bn. I hope that this doesn't happen; given how Microsoft are fond of leveraging their power to lock people into using their products, a Microsoft-owned Yahoo would be bad news. We could probably expect things like YUI going the way of the Dimension X Java VRML libraries (remember those?) and Flickr being rewritten as a Silverlight application and/or requiring Windows Vista/7 to upload photos.
The Guardian reports that users of Windows Vista are experiencing severe audio performance problems, with choppy, glitchy audio from applications, which is annoying home users and driving professional musicians to old copies of XP or else the Apple store. The Graun article gives the reasons a cursory examination, essentially writing them off as growing pains of a shift to a new, improved driver model, though somehow managing to miss the elephant in the room, i.e., that at any time when there is the possibility that a Windows Vista machine might come into contact with copyrighted audio or video content, a draconian DRM regime kicks in, diverting a large proportion of the machine's resources into ensuring that you, the user, cannot do anything with the content that you're not explicitly permitted to.
2007/9/4
Security expert Peter Gutmann claims that a botnet run by organised criminals is now the most powerful supercomputer in the world. The Storm botnet is estimated to have between 1 and 10 million computers, all Windows machines infected by trojans, viruses or worms, and (assuming a typical machine to have a 2.3 - 3.3 GHz CPU and 1Gb of RAM), it easily outclasses machines such as BlueGene/L.
As Alec Muffett points out, Microsoft could now claim that the world's most powerful supercomputer is built on their technology.
(via alecm) ¶ [no comments]
2007/4/25
Computer criminals have found a new way of distributing bank-account-stealing trojans: by scattering USB flash drives in car parks. Some percentage of the population (perhaps the same that opens email attachments) would pick up these shiny flash disks, take them home and insert them into their Windows PCs, not having disabled autorunning beforehand.
Sooner or later, the default Windows configuration will refuse to autorun content on a strange flash drive, and this won't work. Unless, of course, the criminals have special USB units manufactured containing an active processor which uses DMA to probe and interfere with the host PC's memory. They could possibly use the same facilities they use to make fake ATM front panels to manufacture them. The units could even contain an empty, perfectly innocent flash drive to deflect suspicion; after all, there's no limit to how many devices something on the end of a USB connector can appear to be.
2006/12/27
When Windows Vista comes out, it won't just have a Mac-killingly cool user interface; it will also include the most total intellectual-property protection regime ever developed, designed to keep your thieving fingers off Hollywood's precious content. Peter Gutmann has an analysis of the costs of this regime, and it's alarming: it looks like we're all going to be footing the bill (in terms of increased costs, decreased performance, and reduced reliability and interoperability) of Hollywood and the RIAA's demands (and Microsoft's ambitions for control of the content-delivery system).
Beyond the obvious playback-quality implications of deliberately degraded output, this measure can have serious repercussions in applications where high-quality reproduction of content is vital. For example the field of medical imaging either bans outright or strongly frowns on any form of lossy compression because artifacts introduced by the compression process can cause mis-diagnoses and in extreme cases even become life-threatening. Consider a medical IT worker who's using a medical imaging PC while listening to audio/video played back by the computer (the CDROM drives installed in workplace PCs inevitably spend most of their working lives playing music or MP3 CDs to drown out workplace noise). If there's any premium content present in there, the image will be subtly altered by Vista's content protection, potentially creating exactly the life-threatening situation that the medical industry has worked so hard to avoid. The scary thing is that there's no easy way around this - Vista will silently modify displayed content under certain (almost impossible-to-predict in advance) situations discernable only to Vista's built-in content-protection subsystem [Note E].
Once a weakness is found in a particular driver or device, that driver will have its signature revoked by Microsoft, which means that it will cease to function (details on this are a bit vague here, presumably some minimum functionality like generic 640x480 VGA support will still be available in order for the system to boot). This means that a report of a compromise of a particular driver or device will cause all support for that device worldwide to be turned off until a fix can be found. Again, details are sketchy, but if it's a device problem then presumably the device turns into a paperweight once it's revoked. If it's an older device for which the vendor isn't interested in rewriting their drivers (and in the fast-moving hardware market most devices enter "legacy" status within a year of two of their replacement models becoming available), all devices of that type worldwide become permanently unusable.
Vista's content protection requires that devices (hardware and software drivers) set so-called "tilt bits" if they detect anything unusual. For example if there are unusual voltage fluctuations, maybe some jitter on bus signals, a slightly funny return code from a function call, a device register that doesn't contain quite the value that was expected, or anything similar, a tilt bit gets set. Such occurrences aren't too uncommon in a typical computer (for example starting up or plugging in a bus-powered device may cause a small glitch in power supply voltages, or drivers may not quite manage device state as precisely as they think). Previously this was no problem - the system was designed with a bit of resilience, and things will function as normal... With the introduction of tilt bits, all of this designed-in resilience is gone. Every little (normally unnoticeable) glitch is suddenly surfaced because it could be a sign of a hack attack. The effect that this will have on system reliability should require no further explanation.
In order to prevent active attacks, device drivers are required to poll the underlying hardware every 30ms to ensure that everything appears kosher. This means that even with nothing else happening in the system, a mass of assorted drivers has to wake up thirty times a second just to ensure that... nothing continues to happen. In addition to this polling, further device-specific polling is also done, for example Vista polls video devices on each video frame displayed in order to check that all of the grenade pins (tilt bits) are still as they should be [Note H].
As part of the bus-protection scheme, devices are required to implement AES-128 encryption in order to receive content from Vista. This has to be done via a hardware decryption engine on the graphics chip, which would typically be implemented by throwing away a rendering pipeline or two to make room for the AES engine.
I see some impressive class-action suits to follow if this revocation mechanism is ever applied. Perhaps Microsoft or the content providers will buy everyone who owns a device that inadvertently leaks content and is then disabled by the revocation process replacement hardware for their system. Some contributors have commented that they can't see the revocation system ever being used because the consumer backlash would be too enormous, but then the legal backlash from not going ahead could be equally extreme. For anyone who's read "Guns of August", the situation seems a bit like pre-WWI Europe with people sitting on step 1 of enormously complex battle plans that can't be backed out of once triggered, no matter how obvious it is that going ahead with them is a bad idea. Driver revocation is a lose/lose situation for Microsoft, they're in for some serious pain whether they do or they don't. Their lawyers must have been asleep when they let themselves get painted into this particular corner - the first time a revocation takes out a hospital, foreign government department, air traffic control system, or whatever, they've guaranteed themselves first-person involvement in court proceedings for the rest of their natural lives.
(via Schneier) ¶ [1 comment]
2006/1/27
It looks like the next version of Microsoft's Windows OS will require all device drivers and kernel-level code to be digitally signed. This is ostensibly to prevent kernel-level rootkits from installing themselves, though has the bonus feature of adding a ring of steel to the black iron prison the RIAA/MPAA want to build around everything handling their precious intellectual property. Oh, and it will also restrict device-driver development on Windows to those with the resources to pony up for the Verizon digital signature.
(via bOING bOING) ¶ [2 comments]
2005/7/12
Screenshots of the latest Windows Longhorn beta. It looks like Microsoft have one interesting eye-candy feature that Apple currently don't: the ability to do translucent elements, i.e., ones in which the pixel value can be a function of not only the background pixel but its neighbours (which allows Gaussian blurring and such). I wonder how computationally expensive this is compared to Apple's straightforward transparency; it certainly looks pretty, though.
(via /.) ¶ [1 comment]
2005/5/30
The latest malware won't merely spew ads at you or use your Windows PC as a zombie to send spam: it will encrypt your files and demand a ransom for the key:
Stewart managed to unlock the infected computer files without paying the extortion, but he worries that improved versions might be more difficult to overcome. Internet attacks commonly become more effective as they evolve over time as hackers learn to avoid the mistakes of earlier infections.
"The problem is getting away with it -- you've got to send the money somewhere," Stewart said. "If it involves some sort of monetary transaction, it's far easier to trace than an e-mail account."Perhaps future versions will demand that the users donate CPU cycles/network bandwidth instead of money? Then again, those are easy enough to steal without extortion.
(via schneier) ¶ [no comments]
2005/5/27
Music Thing has a feature on how various tiny, ubiquitous sounds and pieces of music were created. The Mac startup sound, for example, was a C Major chord played on a Korg Wavestation, whereas Brian Eno created the Microsoft sound during a creative dry spell.
(via MusicThing) ¶ [no comments]
2004/12/30
Thanks to the technological miracle of Microsoft DRM, Windows Media files can contain adware, viruses and spyware, and it appears that an anti-P2P company named Overpeer have been launching such trojan WMAs into the KaZaA network. More details here:
But since the license dialog box acts just like an Internet Explorer window, it can display whatever is on the page it points to--whether a legitimate call for license information or a series of pop-up ads.
Not only did we get bombarded with unwanted ads, but one of the ad windows in a video file tried to install adware onto our test PC surreptitiously, while another added items to our browser's Favorites list and attempted to change our home page. And a window from the original music file asked to download a file called lyrics.zip, which contained the installer for 180search Assistant, commonly categorized as an adware program.
And if the asphead agencies can do it, so can the Bulgarian Mafia and their ilk. Expect to see spam-zombie-trojan-infected WMAs appearing on a file-sharing network near you. The moral of this story, kids, is use MP3 don't pirate music.
(via bOING bOING)
2004/6/11
Mac lust knows no bounds. Now those who can't afford actual Macs can do their Windows XP PCs to look like Macs, with a set of 10 cosmetic programs, from a menu bar for the top of the screen (I wonder whether it strips the menu bars off application windows, or whether it just takes up extra space) and a dock to Aqua-style window frames and icons, giving you something that looks just like a Mac, only with the usual Windows viruses, worms and spyware. Or perhaps that looks just Maclike enough to remind you of what you're missing out on. (via bOING bOING)
2004/5/18
From a Slashdot interview with Jeremy White of the WINE Windows API emulator project and/or Crossover:
We also go to all kinds of interesting lengths to avoid problems with viruses and worms. For example, we have a hack in our flavor of Wine, in the CreateProcess call (the code to start an executable) that basically checks to see if the parent process is outlook.exe, and if it is, we crash and burn, preventing many of the worms and such from running.
Meanwhile, someone's porting WINE to MacOS X. It doesn't actually emulate an Intel CPU, so it won't run your Windows binaries, but you can recompile Windows programs from source code and get them to run, and look authentically Windowslike, on your Mac. Though you'll need to use X11 as well, as it doesn't speak directly to Quartz/Cocoa/Carbon (and there don't appear to be any plans to make it do so).
2004/5/12
Another reason to avoid Microsoft operating systems: if your Windows PC gets infected with malware and you're unlucky, you may lose your job, your relationships, or even be convicted as a paedophile, on the strength of pornographic images downloaded into your cache, as happened to one man in the US (or so he claims).
Fact 1: If you write a CD-RW in packet mode (i.e., if you set it up so that you can write files to it one at a time, rather than burn disc images to it), it is formatted as one long track, and data is somehow written into the middle of this track. Which means that if you put it into a CD player or other device, it sees a disc with one data track of 74 or so minutes' length.
Fact 2: computer-based CD playing/ripping software recognises track titles by matching a profile of track lengths against a large database of titles, artists and track listings. This occasionally comes up with collisions, especially for singles or 1-track CDs. Which can be briefly amusing when it mistakes your favourite band's latest single for a European boy band or a rap-metal action-movie tie-in from 5 years ago or something odd like that.
Conclusion: When it looks at FreeDB, Grip recognises a formatted Verbatim CDRW as "Mi maletn", by the well-known artist "Windows XP".
Oddly enough, one can imagine that in a decade or two's time, there may well be a European retro-pop band named Windows XP. Whether their albums clock in at one 74-minute track is another question altogether.
2004/3/4
I just found the following in my mailbox:
From: management@null.org
Subject: Email account utilization warning.
Dear user of Null.org,
Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service.
For more information see the attached file.
Have a good day,
The Null.org team http://www.null.org
Given that I own null.org (and that no address such as "management@null.org" actually exists), I must say I was a touch suspicious. And then I looked at the attachment portion of the email:
Content-Type: application/octet-stream; name="Information.pif" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Information.pif"
Which looks to be a Windows executable of some sort. That's undoubtedly the "free auto-forwarding service" they mentioned. I'm sure it would have done exactly as that, only with the proviso of forwarding penis-pill spam to millions of mailboxes worldwide through my machine.
That is, if I (a) used a Windows machine, and (b) was sufficiently clueless to open an attachment from somebody claiming to be in charge of the "main mailing server" on my domain.
2004/2/17
The rather eye-opening dissection of an online greeting-card spam; an email telling the user to go to a web site to see an electronic greeting card, and the website in question, which uses Internet Explorer security holes to overwrite your Windows Media Player and install a keylogger apparently programmed to look for online banking sites (and undetectable by current spyware detectors). Nasty; and another reason to not use IE (or, preferably, Windows). (via Slashdot)
Kuro5hin finds the stolen Windows 2000 source code, greps it for obscenities and other things. Assuming that this is authentic, the Windows code is not as shoddy as some would think, save for it being riddled with layers of kludges and bugs kept for backward compatibility, and there's no obvious evidence of them stealing code from open-source projects either. At least, not as of 25 July, 2000.
2003/12/19
The PCs at a certain hostel in Byron Bay appear to be fuzzy with adware; every few minutes, a program named "Save!" throws up a pop-under ad for some product. Not sure whether they installed it themselves or whether it snuck in with a "funny screensaver" or porn downloader or something.
"Save!", which claims to be associated with some outfit named "WhenU", strenuously disclaims acting as spyware, logging websites, passwords or anything like that. Though, of course, any piece of conspicuous spyware would say that as well. Just in case, I've taken to entering passwords by cutting and pasting words from other pages, deleting bits of them and adding the odd keystroke or two. It is probably theoretically possible to write a piece of spyware that keeps track of pastes, cursor positions, &c. into a password entry box, but in practice it may be quite difficult.
I wonder whether the alleged yuppification of Byron Bay has extended to there being wireless internet anywhere.
2003/11/25
Windows worm infects teller machines, in the first documented incidence of the sort. The Windows XP-based ATMs were made by Diebold (of dodgy voting-machine fame), connected to standard TCP/IP-based networks, and have been replacing legacy OS/2-based machines on proprietary networks.
2003/11/13
Another resourceful criminal use of the countless thousands of virussed Windows machines on the internet: online protection rackets, where the "businessmen" (predominantly from Eastern Europe) target a high-profile website and threaten to knock them offline with a massive DDOS attack unless they pay up. Online casinos (which make a lot of money and are in poorly-policed areas) are a popular target.
Most of the computers used are broadband-connected home Windows PCs owned by clueless people, of whom there is, sadly, no shortage; and it doesn't look like the problem is going to go away, at least not until a totalitarian "trusted computing" regime is imposed on the internet at the IP level, or something equally drastic happens. Which makes me wonder whether or not Microsoft are deliberately allowing viruses to flourish on their OS as to drive people into the highly profitable embrace of Big Brother.
2003/1/31
Another part of the Windows web browsing experience us Linux users miss out on: Malignant toolbar installs itself into Internet Exploiter, redirects home page/web searches to xupiter.com (owned by a shadowy Hungarian company, apparently) or the sites of businesses who paid them for placement (and who are, I would guess, unlikely to be highly ethical), and downloads pop-up gambling games behind your back. The toolbar resists attempts at uninstallation, and the programmers keep changing its code to keep one step ahead of anti-spyware tools.
Healan said some installations probably occurred when people clicked "OK" in a pop-up box without really knowing what they had agreed to, or when they meant to close the pop-up window.
2002/9/27
First there was spyware, and now there's diversionware; hidden add-ons to free Windows utilities/toys, which intercept the user's web requests to shopping web sites and substitute in the software maker's affiliate ID, even if someone else's ID was used. And this is completely legal, because users agree to it in the click-through licence agreements.
I suppose that's a key cultural distinction between UNIX and Windows. In the UNIX world, "free software" implies Richard Stallman's ideology. In the Windows world, "free software" implies layers of parasitic spyware and diversionware working behind the user's back. (via Techdirt)
2002/8/8
Research reveals that the MS Windows API is intrinsically insecure; any application can spoof window messages to any other application, regardless of permissions, bypass the feeble "security" present and pull off all sorts of exploits. In other words, typical Microsoft security. And furthermore, the flaw is fundamental to the API and is irreparable, short of changing the fundamental design of the Windows message queue mechanism and breaking every existing Win32 application. (via the Reg)
2002/6/25
Somebody has written a plug-in for the Linux xmms media player to allow it to use Winamp visualisation plugins, using the Wine Windows emulation library. Which is fairly nifty. Now if only someone wrote a Linux library for accessing Windows VST audio processing/synthesis plugins, perhaps in the aRts or LADSPA framework...
2002/5/8
Extreme marketing in the new millennium: Here come the banner ads which install spyware, disable firewall software; the rogue pop-up ad in question uses a Shockwave applet and an Internet Explorer bug to surreptitiously download and install the software onto the user's PC. Needless to say, it only affects the 99.999% of users who use Windows; Maccies and Penguinheads can look smug.
2002/3/28
CodeWeavers, who wrote the CrossOver web browser plug-in for Linux (which allows Windows plug-ins to run under Linux) have now released a system for running MS Office on Linux. Which is technically a fairly impressive feat; equally impressively, all the code has been contributed back to WINE, the LGPLed Windows emulation system for Linux; which means that, after all these years, WINE may be becoming more than a technical curiosity. (It's certainly better than things like Lindows, as (a) it isn't based on a customised, dumbed-down Linux distribution, and (b) the code is going back to the community.) (via Slashdot)
2002/1/17
The Beast of Redmond: Microsoft buys SGI's graphics patents; penguinheads concerned they may be used to crush OpenGL, or cripple 3D graphics capabilities on non-Windows platforms. Meanwhile, if you use Windows Media Player to download content from sites, the sites can keep track of you, using a convenient global ID number. Apparently this is not a bug but a feature. (via Slashdot)
2001/11/7
And while I'm stealing links from Slashdot, the CrossOver plug-in for Linux is out now. This is a plug-in allowing you to use Windows web browser plug-ins (QuickTime, Shockwave, &c) in Linux browsers (i.e., Mozilla, Konqueror and so on). There's a downloadable demo version too. (Currently, if I need to look at Shockwave content, I use IE under Win98 under VMWare, though this looks interesting.)
2000/12/2
Rabid Penguinheads post a Windows email virus which prints a pro-Linux message. Or is it an anti-Linux black-op by Darth Bill's forces? (via Slashdot, of course)
2000/10/26
Good news on the emulation front; Plex86, which aims to become a free VMWare-like virtual-PC program for Linux, now boots Linux normally. Granted, Linux on Linux is not particularly impressive from a practical point of view, but it's a step to running Windows on Linux, not sacrificing having a real OS on the machine. Meanwhile, Windows emulator WINE allegedly runs Word/Excel 2000 on Linux. No Internet Exploiter though.