Some of the “smaller” stories of the week that didn’t find a post of their own:
Microsoft’s partnership with NBC gives MSNBC.com exclusive online use of NBC news video clips for 99 years …
The Interactive Advertising Bureau (IAB) today announced that they are forming an industry-wide Click Measurement Working Group to create a set of Click Measurement Guidelines. These Guidelines, a joint effort with the Media Rating Council (MRC), will provide the detailed definition of a “click” and the standard against which clicks are measured and counted including the identification of invalid clicks and/or fraudulent clicks.
Member companies who have confirmed their participation in this Working Group thus far include: Ask.com, Google, LookSmart, Microsoft Corp., Yahoo!, and others.
Microsoft invites hackers to test Vista. They need an invitation? Actually, Microsoft got a nice reception at the Black Hat Briefings conference even if attention for the Microsoft hosted sessions waned in the face of more exciting sessions. One such was a demonstration of installing a rootkit on a Vista beta. See, I told you they didn’t need an invitation!
Microsoft and Ziff Davis convert Computer Gaming World into Games for Windows: The Official Magazine. Note that it is PC gaming, not console.
Microsoft to Offer Xbox 360 Bundle? Microsoft may not be cutting the Xbox 360 price to fight Sony’s PS3, but there are lots of other ways to play the game.
Robert McLaws speculates that .NET 3.0 will RTM before Vista.
Microsoft is planning to bring its Windows Storage Server operating system, currently available only to OEMs, to a wider range of custom-system builders as its Longhorn version of Windows becomes available.
IDC: Global handheld market sees tenth quarter of on year decline in 2Q. Old fashioned PDAs are toast. Related: Dell Abandons PDA Development. Surprisingly, IDC didn’t have a much cheerier outlook for smartphones, in Europe at least. Feature bloat gets the blame.
IPTV subscriber base set for explosive growth, says iSuppli. The good news for Microsoft and all the other vendors is that it has a projected CAGR in subscribers of 92% through 2010. The bad news is that only amounts to 63 million subscriber worldwide in 2010. Still, it’s not chicken feed. Full iSuppli press release here.
Google: We won’t sell music. They seem to be the only ones.
Lenovo Hires Former Microsoft Executive To Lead Human Resources. It’s Kenneth DiPietro, a former vice president of human resources at Microsoft.
Harrison Magun, a general manager of Avenue A/Razorfish, has left the agency to take a position with Microsoft.
Magun recently wrapped up work at the aQuantive agency. Next month, he starts at Microsoft’s MSN unit as director of media analytics.
Ryan Naraine at eWeek:
LAKE BUENA VISTA, Fla. – In a rare discussion about the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation.
Yikes – don’t encourage them! My experience with large corporate IT departments is that their answer to just about any nontrivial problem is wiping the machine. Of course, the statement is actually more explicit:
“When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit,” Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here.
He cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. “In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,” Danseglio added.
I guess the government isn’t keeping up with the private sector in this regard. I hope they at least had automated data backup. More details on Danseglio’s view of the current state of the malware situation and remediation measures by following the link.
I haven’t mentioned the Sony DRM rootkit story which blew up in the last two weeks since it didn’t seem to have a direct Microsoft “hook” besides the general proposition that the design of Windows makes it easy for 3rd party chuckleheads to install stupid and annoying software on end user systems. This isn’t new news, but now Microsoft is getting involved (as will be explained later), so here’s the background.
Mark Russinovich, the well known Windows internals expert, discovered something distinctly odd on one of his machines and reported it on his weblog:
Last week when I was testing the latest version of RootkitRevealer (RKR) I ran a scan on one of my systems and was shocked to see evidence of a rootkit. Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden (see my “Unearthing Rootkits” article from thre June issue of Windows IT Pro Magazine for more information on rootkits). The RKR results window reported a hidden directory, several hidden device drivers, and a hidden application…
After some detective work, Mark discovered that a Sony music CD had installed the rootkit on his system when it installed the player that was required to play the music. At this point, the story blew up:
My posting Monday on Sony’s use of a rootkit as part of their Digital Rights Management (DRM) generated an outcry that’s reached the mainstream media. As of this morning the story is being covered in newspapers and media sites around the world including USA Today and the BBC. This is the case of the blogosphere having an impact, at least for the moment. But, there’s more to the story, like how Sony’s patch can lead to a crashed system and data loss and how Sony is still making users jump through hoops to get an uninstaller.
After a variety of waffling and weaseling, Sony had been forced to provide an uninstaller which turned out to be just as wacky and then as things deteriorated further (including the appearance of Trojan Horses that exploited the Sony rootkit), they announced they were suspending the manufacture of the copy protected CDs while they re-examined their digital rights management strategy.
Throughout this, Microsoft had just issued a “statement of concern”, but now we learn via a post from Jason Garms on Microsoft’s Anti-Malware Engineering Team weblog that something stronger is in the works:
We use a set of objective criteria for both Windows Defender and the Malicious Software Removal Tool to determine what software will be classified for detection and removal by our anti-malware technology. We have analyzed this software, and have determined that in order to help protect our customers we will add a detection and removal signature for the rootkit component of the XCP software to the Windows AntiSpyware beta, which is currently used by millions of users. This signature will be available to current beta users through the normal Windows AntiSpyware beta signature update process, which has been providing weekly signature updates for almost a year now. Detection and removal of this rootkit component will also appear in Windows Defender when its first public beta is available. We also plan to include this signature in the December monthly update to the Malicious Software Removal Tool. It will also be included in the signature set for the online scanner on Windows Live Safety Center.
Ed Bott’s weblog has more information in numerous recent posts.
Update (11/14): Mark Russinovitch has more.
Oct. 6, 2005 — Today in Munich, Germany, Steve Ballmer, Microsoft Corp.’s chief executive officer, and Mike Nash, corporate vice president of the Security Technology Unit, outlined Microsoft’s companywide strategy and product road map for helping secure the breadth of its customers from home PC users to businesses of all sizes. As part of its comprehensive security strategy, which focuses on a defense-in-depth approach, Ballmer announced Microsoft’s plans to release Microsoft® Client Protection, a solution to help protect business desktops, laptops and file servers from current and emerging malware threats. In addition, the company announced the creation of the SecureIT Alliance, which will further enable participating security partners to efficiently integrate their solutions with the Microsoft platform to build new security features and products for the benefit of their common customers.
Concerning Microsoft Client Protection:
Microsoft Client Protection will help protect business desktops, laptops and file servers by providing unified protection against emerging threats such as spyware and rootkits, as well as viruses and other traditional attacks.
“We have heard from business customers that they want protection from viruses, spyware and other malware threats with a single solution. Backed by a global research system, Microsoft Client Protection will address this need with one solution that combines proven protection technology with integrated management and reporting capabilities,” Nash said.
An integrated management console puts IT professionals in control of their environment, and prioritized reports and alerts help focus resources on critical issues. Microsoft Client Protection will integrate with existing IT infrastructure, such as Active Directory® and existing software distribution systems, helping to reduce deployment time and maximize value.
The product is currently in development and Microsoft plans to make an early beta of the product available to select customers later this year. Pricing and licensing will be announced at a later date.
There’s also a Q&A.
As for the SecureIT Alliance:
Microsoft today announced the creation of the SecureIT Alliance, a group of industry partners that are working together to develop security solutions for the Microsoft platform. The SecureIT Alliance unites and expands various security and Internet safety partnerships Microsoft currently has with other industry leaders and governments, including the Virus Information Alliance (VIA) and the Global Infrastructure Alliance for Internet Safety (GIAIS), among others.
At the time of the announcement of the SecureIT Alliance, founding members include: Altiris Inc., Aventail Corp., BindView Corp., Centrify Corp., Citrix Systems Inc., Computer Associates International Inc., Configuresoft Inc., e-Security Inc., F5 Networks Inc., Forum Systems Inc., F-Secure Corp., FullArmor Corp., LANDesk Software Ltd., McAfee, Inc., Microsoft Corp., Net Report, NetIQ Corp., Network Intelligence Corp., Panda Software, Ping Identity Corp., Quest Software Inc., RSA Security Inc., Symantec Corp., Trend Micro Inc., Utimaco Safeware AG, VeriSign Inc., Voltage Security Inc., Vormetric Inc. and Websense Inc.
They plan to eventually have a web site at http://www.secureitalliance.org.
Finally, (back to the original press release) Microsoft announced Microsoft Antigen:
Today Microsoft also announced plans to release Microsoft Antigen anti-virus and anti-spam security software for messaging and collaboration servers based on the technology from recently acquired Sybari Software Inc. Adding to the defense-in-depth strategy inherent in Microsoft Antigen, Microsoft will add its own anti-virus scan engine. When it is available, customers of the Microsoft Sybari product line will benefit from the addition of the Microsoft anti-virus scan engine at no additional charge throughout the length of their contracts. In addition, Microsoft Antigen for Exchange recently completed Microsoft’s Security Development Lifecycle review process, which has been shown to achieve measurably improved levels of security for numerous Microsoft software solutions. Microsoft Antigen for Exchange is scheduled to be available in beta to customers in the first half of 2006.