Data Cube Systems

Microsoft is planning to make Windows 8 an 128-bit operating system, according to details leaked from the software giant’s Research department.

The discovery came to light after Microsoft Research employee, Robert Morgan, carelessly left details of his work on the social-networking site, LinkedIn.

The senior researcher’s profile said he was: “Working in high security department for research and development involving strategic planning for medium and longterm projects. Research & Development projects including 128-bit architecture compatibility with the Windows 8 kernel and Windows 9 project plan. Forming relationships with major partners: Intel, AMD, HP and IBM.”

Morgan’s LinkedIn profile has now been pulled down, but a version remains in the Google search cache.

A move to 128-bit support would be a bold move for Microsoft. Many, including PC Pro’s own Jon Honeyball, were urging Microsoft to make Windows 7 64-bit only, but the company continues to offer a 32-bit version of the forthcoming OS.

Microsoft has said very little publicly about Windows 8, although on a visit to the UK earlier this week, CEO Steve Ballmer denied rumours that Windows 7 would be the last major client OS the company produced. Ballmer admitted that planning was underway on Windows 8, although it’s highly unlikely that the OS will arrive until 2012 at the earliest.

Morgan’s talk of planning for Windows 9 supports Ballmer’s claim that the company thinks there is plenty of life left in Windows yet.

The NSW Department of Education is using asset-tracking software, RFID tags, and BIOS-embedded filtering smarts to roll out 240,000 netbook computers into what CIO Stephen Wilson calls “the most hostile environment you can roll computers into” - the local high school.

The rollout of Lenovo netbooks, funded under the Federal Government’s Digital Education Revolution initiative, is a massive logistical and IT security challenge, and the solution Wilson and his team has put together to fix these issues could well be applicable to any corporate IT department.

Over four years, some 240,000 Lenovo netbooks will be offered to students in year nine. The netbooks can be kept until year 12, or permanently should the student finish his or her studies at the school. Netbooks are also being offered to teachers.

To take receipt of the netbooks, students and parents are asked to sign forms in which they acknowledge their responsibility to take care of the machines and use them appropriately.

They are armed with an enterprise version of the new Windows 7 operating system, Microsoft Office, the Adobe CS4 creative suite, Apple iTunes, and content geared to students. Although the netbooks are loaded with many hundreds of dollars of software, 2GB RAM and a six-hour battery, the cost to the NSW Department of Education is less than $500 a unit.

Underneath the covers of the netbooks - and within the network that controls them - lies a great deal more smarts to ensure that the total cost of ownership of each machine does not blow out.

Wilson said that while private schools and other states have taken a “carte blanche” approach to handing out laptops as part of the Digital Education Revolution, the DET rollout is “among the more systematic, automated and paperless” projects ever embarked upon.

Security smarts

At the physical layer, each netbook is password-protected and embedded with tracking software at the BIOS level of the machine.

That is administered through an enterprise services bus, which also connects the Remedy suite for asset management, Active Directory for authentication and Aruba’s Airwave for wireless network management.

If a netbook were to be stolen or sold, the department can remotely disable it over the network. Even if the hard drive of the machine was swapped out or the operating system wiped, it would be useless to unauthorised users.

Already, it has noted the loss or damage of just six netbooks out of the 20,000 rolled out since August - and have tracked a teacher using their device on a field trip in New Zealand.

While there is a serial number and barcode on each computer, the department said that thieves or students might be able to remove them. To combat this, it is using passive RFID chips on every machine that will enable them to be identified “even if they were dropped in a bathtub”.

Being passive, an RFID reader needs to be within close proximity of the device to read it. (Active RFID transmitted a signal back to base.)

The department used the AppLocker functionality within Windows 7 to dictate which applications are installed.

Web access on the netbooks is filtered according to a corporate security policy (using McAfee’s SmartFilter technology) plus an additional SOCKS-based proxy client, which provides web filtering at the network layer.

The devices also use Microsoft’s Forefront Antivirus technology.

Upgrades

With such a huge fleet of computers in the hands of students, Wilson said it would be “unrealistic” for the department to offer technical support for software applications.

The netbooks were built so that the department can remotely upgrade and patch the devices over a wireless network.

It used Microsoft’s System Centre Configuration Manager tool to distribute software down to devices.

The update service switches off once a student finishes year 12.

Wilson said there was no way such a large fleet of machines could be managed at such low cost without the smarts embedded within Microsoft’s new operating system.

“There was no way we could do any of this on XP,” he said. “Windows 7 nailed it for us.”

Microsoft late last week said it won’t patch Windows XP for a pair of bugs it quashed Sept. 8 in Vista, Windows Server 2003 and Windows Server 2008.

The news adds Windows XP Service Pack 2 (SP2) and SP3 to the no-patch list that previously included only Windows 2000 Server SP4.

“We’re talking about code that is 12 to 15 years old in its origin, so backporting that level of code is essentially not feasible,” said security program manager Adrian Stone during Microsoft’s monthly post-patch Webcast, referring to Windows 2000 and XP.

“An update for Windows XP will not be made available,” Stone and fellow program manager Jerry Bryant said during the Q&A portion of the Webcast.

Last Tuesday, Microsoft said that it wasn’t patching Windows 2000 because creating a fix was “infeasible.”

The bugs in question are in Windows’ implementation of TCP/IP, the Web’s default suite of connection protocols. All three of the vulnerabilities highlighted in the MS09-048 update were patched in Vista and Server 2008. Only two of the trio affect Windows Server 2000 and Windows XP, Microsoft said in the accompanying advisory, which was refreshed on Thursday.

In the revised advisory, Microsoft explained why it won’t patch Windows XP, the world’s most popular operating system. “By default, Windows XP SP2, Windows XP SP3 and Windows XP Professional x64 Edition SP2 do not have a listening service configured in the client firewall and are therefore not affected by this vulnerability,” the company said. “Windows XP SP2 and later operating systems include a stateful host firewall that provides protection for computers against incoming traffic from the Internet or from neighboring network devices on a private network.”

Although the two bugs can be exploited on Windows 2000 and XP, Microsoft downplayed their impact. “A system would become unresponsive due to memory consumption … [but] a successful attack requires a sustained flood of specially crafted TCP packets, and the system will recover once the flood ceases.”

Microsoft rated the vulnerabilities on Windows 2000 and XP as “important” on Windows 2000, and as “low” on XP. The company uses a four-step scoring system, where “low” is the least-dangerous threat, followed in ascending order by “moderate,” “important” and “critical.”

The same two bugs were ranked “moderate” for Vista and Server 2008, while a third — which doesn’t affect the older operating systems — was rated “critical.”

During the Q&A, however, Windows users repeatedly asked Microsoft’s security team to explain why it wasn’t patching XP, or if, in certain scenarios, their machines might be at risk. “We still use Windows XP and we do not use Windows Firewall,” read one of the user questions. “We use a third-party vendor firewall product. Even assuming that we use the Windows Firewall, if there are services listening, such as remote desktop, wouldn’t then Windows XP be vulnerable to this?”

“Servers are a more likely target for this attack, and your firewall should provide additional protections against external exploits,” replied Stone and Bryant.

Another user asked them to spell out the conditions under which Microsoft won’t offer up patches for still-supported operating systems. Windows Server 2000 SP4, for example, is to receive security updates until July 2010; Windows XP’s support doesn’t expire until April 2014.

Stone’s and Bryant’s answer: “We will continue to provide updates for Windows 2000 while it is in support unless it is not technically feasible to do so.”

Skipping patches is very unusual for Microsoft. According to a Stone and Bryant, the last time it declined to patch a vulnerability in a support edition of Windows was in March 2003, when it said it wouldn’t fix a bug in Windows NT 4.0. Then, it explained the omission with language very similar to what it used when it said it wouldn’t update Windows 2000.

“Due to these fundamental differences between Windows NT 4.0 and Windows 2000 and its successors, it is infeasible to rebuild the software for Windows NT 4.0 to eliminate the vulnerability,” Microsoft said at the time.

Microsoft has released its security updates for the month of September, but a couple of unpatched flaws have some security experts wondering if the software company will be forced to release an emergency patch sometime in the month ahead.

Security researchers believe that an unpatched flaw in the SMB (Server Message Block) 2 software that ships with Windows Vista and Windows Server 2008 could turn into a major headache.

Proof of concept code showing how the bug could be leveraged to crash a Windows machine was posted Monday to the Full Disclosure mailing list by Laurent Gaffie.

But security experts believe that more serious attacks are possible.

Kostya Korchinsky, a senior security researcher with security-assessment software vendor Immunity, said the flaw could be exploited in a privilege-escalation attack. This type of attack is used once the attacker has already found a way to run software on the victim’s machine. It gives the hacker a way of accessing system resources that would otherwise be prohibited.

A more dangerous “remote-code execution” attack “might be possible, but it would be a lot more difficult,” Korchinsky said. With remote-code execution, the attacker is able to run unauthorized software on the victim’s machine.

Security vendor SourceFire is examining the bug too. “We’re unwilling to call it a DoS-only, but we’re not willing to call it a remote-code-execution [flaw] either,” said Matt Watchinski, the company’s senior director of vulnerability research, referring to a denial of service attack.

SMB 2 is typically blocked at the firewall, so even if these attacks could be written, they would have a hard time spreading from company to company.

Gaffie said the flaw most likely works on Windows 7, Windows Vista and Windows Server 2008. Earlier versions of Windows do not use SMB 2 and are thought to be immune.

Meanwhile, Microsoft has yet to patch a flaw in its Internet Information Services (IIS) software that was disclosed last week. That bug could let an attacker crash an IIS server, or even install unauthorized software in certain configurations.

The flaw could be used in a remote-code execution attack, but only in very specific circumstances. For the attack to work, the victim must run the older IIS 5 software on Windows 2000 and allow the attacker to create an ftp directory on the server.

Although Microsoft says it’s seen a “limited number” of attacks that leverage this bug, Watchinski said it’s unlikely to affect most IIS users.

Microsoft issued five security patches Tuesday, fixing eight vulnerabilities in Windows.

Could Windows 7 accomplish everything that’s expected of it? Probably not, but it makes a damn good attempt. We’ve tested the gold master, the final version going out on October 22. Upgrade without trepidation, people. With excitement, even.

Windows 7 is not quite a “Vista service pack.” It does share a lot of the core tech, and was clearly designed to fix nearly every bad thing anyone said about Vista. Which ironically puts the demon that it was trying to exorcise at its heart. What that means is that Windows 7 is what Vista should have been in the public eye—a solid OS with plenty of modern eye candy that mostly succeeds in taking Windows usability into the 21st century—but it doesn’t daringly innovate or push boundaries or smash down walls or whatever verb meets solid object metaphor you want to use, because it had a specific set of obligations to meet, courtesy of its forebear.

That said, if you’re coming from Windows XP, Windows 7 will totally feel like a revelation from the glossy future. If you’re coming from Vista, you’ll definitely go “Hey, this is much better!” the first time you touch Aero Peek. If you’re coming from a Mac, you’ll—-hahahahaha. But seriously, even the Mactards will have to tone down their nasal David Spadian snide, at least a little bit.

The Long Shadow of Windows Vista
The public opinion of Windows Vista—however flawed it might have been—clearly left a deep impact on Microsoft. While we’ve got final Windows 7 code, it’s hard to look 2 1/2 months into the future to predict what the Windows 7 launch will be like. However, based on this code, and the biggest OS beta testing process in history, it sure won’t look like the beleaguered Vista launch at all.

If you installed Vista on your PC within the first month of its release, there was a solid chance your computer ran like crap, or your gadgets didn’t work, since drivers weren’t available yet. That’s not how it shakes down with Windows 7. The hardware requirements for Windows 7 are basically the same as they are for Vista, the first time ever a release of Windows hasn’t required significantly more horsepower than the previous one. And it runs better on that hardware, or at least feels like it does.

Ambiguous benchmarking aside, our experience during the beta period was that Windows 7 actually ran beautifully, even on netbooks that made Vista cry like a spoiled child who’d had its solid gold spoon shoved up its butt sideways, so the difference isn’t based entirely on “feelings.” Even Microsoft never attempted to market a Vista for netbooks, but is gladly offering Windows 7 to that category.

Installing XP, Vista and Windows 7 on the same hardware over the space of a week also proved that point: Hardware just worked when I booted up Windows 7 for the first time, while my machines were practically catatonic with XP until I dug up the drivers, and gimped with Vista until I dutifully updated. Hitting Windows Update in Windows 7, I was offered a couple of drivers that were actually current, like ones for my graphics cards. Centralizing the delivery of drivers is huge in making the whole drivers thing less over whelming. (It helps that manufacturers are actively putting out drivers for their gear this go-around, rather than waiting until the last minute, as they tended to with Vista.)

Microsoft has even corrected the pricing spike that Vista introduced, even if they didn’t fully streamline that confusing, pulsating orgy of versions. A full version of Windows 7 Home Premium is $200, down from $260, and if you were lucky, you could’ve pre-ordered an upgrade version for $50. (Microsoft says that deal has sold out, but we wouldn’t be shocked to find it re-upped in the near future, possibly even as we head toward the October 22 launch.) So yes, most of the early Vista problems—performance, compatibility and price, to an extent—will likely not be early Windows 7 problems.

What’s Good
Windows 7 is the biggest step forward in usability since Windows 95. In fact, over half of what makes it better than Vista boils down to user interface improvements and enhancements, not so much actual new features.

Its fancy new user interface—the heart of which is Aero Peek, making every open window transparent except the one you’re focusing on at the moment so you can find what you’re looking for—actually changes the way you use Windows. It breaks the instinct to maximize windows as you’re using them; instead, you simply let windows hang out, since it’s much easier to juggle them. In other words, it radically reorients the UI around multitasking. After six months of using Aero Peek and the new launcher taskbar, going back to Vista’s taskbar, digging through collapsed app bars, or even its Peek-less Alt+Tab feels barbaric and primitive. I wouldn’t mind an Mac OS Exposé ripoff to complete the multitasking triumph, though.

Windows 7 brings back a sense of a tightness and control that was sometimes missing in Vista—there’s a techincal reason for this relating in part to the way graphics are handled—moments where I’ve felt like I wasn’t in control of my PC have been few and far between, even during the beta and release candidate periods. The more chaste User Account Control goes to that—the frequency with which it interrupts you was grating in Vista, like standing under a dripping faucet. But it actually works as Microsoft intended now, with more security, since you’re less likely to repeatedly hammer “OK” to anything that pops up, just so it leaves you the hell alone.

Other super welcome improvements are faster, more logical search—in the Music folder for instance, you can narrow by artist, genre or album—and more excellent file previews, though they’re not quite as awesome as what OS X offers up. (And why aren’t they on by default?) There are lots of little things that make you say, “finally” or “that’s great,” like legit codec support baked in to Windows Media Player, Device Stage when you plug in your gadgets, or the retardiculously awesome background images.

In short, Windows 7 is what Windows should feel like in 2009.

What’s Not So Good
There are a few spots Microsoft rubbed polish on that still don’t quite shine. Networking is much, much better than Vista—the wireless networking interface isn’t completely stupid anymore—but the Network and Sharing Center still doesn’t quite nail it in terms of making networking or sharing easy for people who don’t really know what they’re doing. I wouldn’t turn my mom loose inside of it, anyway. The HomeGroup concept for making it easy to share files sounds good in theory, but in practice, it’s no slam dunk. I imagine regular people asking, “What’s up with crazy complicated password I have to write down? Can I share files with PCs not in my HomeGroup? What’s all this other stuff in my Network that’s not in my HomeGroup?”

Not all parts of the user experience are sweeter now. Microsoft, just fix the unwieldy Control Panel interface, please. (Hint: Steal OS X’s. Everything’s visible and categorized.) And Windows Media Player’s UI while you’re at it. If it makes iTunes look simple, it’s got problems. I’d really like to be able to pin folders directly to the Taskbar as well, not simply to the Windows Explorer icon in the Taskbar. It’s kind of confusing behavior, actually—why can you pin some icons (apps or files) and not others (folders)?

Internet Explorer 8 ain’t so great, either. It’s better than IE7, sure, and actually sorta supports modern web standards. But you’ll be downloading Firefox, Opera, or Chrome as soon as you get Win 7 up and running, since IE’s not better than any of them. And while you could argue you wouldn’t be so inclined to use Microsoft’s own mail application either, you might, but you’ll have to download it first. Instead of being app-packed, Windows 7 gives you an optional update for Live Essentials, with apps like Mail, Photo Gallery and MovieMaker. Some people might like the cleaner install, but this is a fairly senseless de-coupling—not including a mail app with your own OS? I know those European regulators are ridiculous, but come on.

I suppose the biggest thing missing from Windows 7 is any sense of daring (psychedelic wallpapers aside). It’s a very safe release: Take what was good about Vista, fix what people bitched about, and voila. We get it, people want a safe operating system, not an experiment in behavioral science. But even as Windows 7 restores some of the joy in using Windows, you get the sense that it could’ve been more, if it hadn’t been saddled with the tainted legacy of Vista. I wonder what Windows 7 would have been without Vista.

The Verdict
Windows XP was a great OS in its day. Windows Vista, once it found its feet several months in, was a good OS. With Windows 7, the OS is great again. It’s what people said they wanted out of Windows: Solid, more nimble and the easiest, prettiest Windows yet. There’s always a chance this won’t be a huge hit come October, given the economy and the state of the PC industry, but it’s exactly what Microsoft needs right now. Something people can grab without fear.