Oh, it is ON between Google and Microsoft. A Google security engineer in Switzerland warned Microsoft of a vulnerability in Windows XP, but after they didn't fix it within five days, he went public.

Tavis Ormandy was the Google engineer who discovered the XP hole in the Help and Support Center of Windows, which normally allows people to download help documents from the internet if needed. The hole though (if you know what you're doing), actually lets you download more than just the help files-you could actually "execute arbitrary commands with the privileges of the current user," according to the engineer, with PCs running Windows XP SP2 and SP3, and IE7 or IE8.

While going public before the flaw was fixed might not have been the smartest move, Ormandy believes it was the only way to make Microsoft sit up and pay attention, rather than shelve the problem for a later day: "If I had reported the...issue without a working exploit, I would have been ignored," he wrote in the Full Disclosure email newsletter. Microsoft understandably hit back, with Jeff Bryant, the group manager at the Microsoft Security Response Center writing of his concern "about the public disclosure of this issue given we were only notified about it by this researcher on the 5th of June."

Security experts are now calling for a public hanging (well, dismissal) of Ormandy, with the CEO of SecTheory, Robert Hansen, wading in and saying that he should be fired. I think that's a little harsh personally, but what do you feel about Google publicly admonishing Microsoft about their security flaws-especially in light of ditching Windows as their HQ OS of choice?

This article was written by Kat Hannaford, and first appeared on www.gizmodo.com.

Comment (0)

Microsoft recently announced that they are sticking to the cutoff date for Windows XP of June 30^th. They tried this in January, but everyone complained and it was extended to June. But so far, it looks like June 30^th will be the date. It is pretty amazing to think of how long Windows XP has lasted. For example, when it was released in October of 2001, the minimum processor to run it was a 233 MHZ processor, with 300 MHZ the recommended speed. Amazingly, they claimed you could run it on 64 MB of Ram, and that you only needed 1.5 GB to install it. As an interesting comparison, here are the system requirements for Vista:  1 GHz Processor, 1 GB memory, 15 GB of available hard drive space, and a 128 GB graphics card. Maybe that is why 99% of the computers we have sold in the past two years have still had XP on them. On identical hardware, Windows Vista is slower than Windows XP. Functionally, our users don’t see any improvements that justify the required extra expenses to get a machine fast enough to tolerably run Vista.  Windows XP still accounts for about 63 percent of all Internet-connected computers, according to March 2009 statistics from Hitslink, while Windows Vista makes up about 24 percent.

Comment (1)

“Insanity: doing the same thing over and over again and expecting different results.” - Albert Einstein 

For those of you that are following the blog, you may be interested to know that I am writing this post from my new Latitude E4300. Overall, I am fairly impressed with the combination of speed and portability. Usually you have to sacrifice one for the other. But I will leave that review for a different post. For anyone who has purchased a computer from I.T.NOW in the past year, you will truly be amazed by my next confession. I am running Vista on my new laptop. I also must confess that this is my third attempt at converting to Vista. Rumor has it that there is currently a pool going on at I.T.NOW betting on when I will switch back to XP (email Jason if you want in on it).  So why do I run Vista when I tell all of my customers to steer clear of it? I guess it is just one of the things I have to know. I can walk anyone through pretty much all functions of XP without having a computer in front of me, so it is time to achieve that same level of familiarity with Vista. That and when I try to install XP on my laptop, the solid state disk appears to cause a blue screen, in spite of how many things I have tried (and I have sadly tried several times).

So, what am I doing differently this time to ensure that I get a different result and don’t go insane? Here are a few tips for those of you who for one reason or another are on the Vista bus.

·         Don’t complain about it in front of your Mac friends. They will just talk to you about the latest “I’m a Mac” commercial and make you regret your decision.

·         Feed the beast. If you don’t have 4GB of memory, upgrade. If you don’t have a video card, consider adding one. If you can use a faster hard drive (10,000 RPM Raptor or a Solid State Disk), you won’t regret the price.

·         Unvistafy Vista. Part of what makes Vista more secure than XP is all of the extra layers of security, which means you have to click a lot more than you would have to on an XP machine. The technician in me has to warn you that this will make Vista less secure. But you wish you had XP, so this isn’t that big of a deal. Wired Magazine has a great Wiki on some steps you can take to clean up Vista.

·         Relax. In less than two years, you will get to do it all over again with Windows 7

Comment (0)