Todays News Good article on Microsoft...
Todays news
Losing weight:
3. Drink water. You've heard the health benefits of water just so many times. So finally do it: Get yourself a big, interesting, friendly cup or Mason jar or travel mug, fill it up after breakfast, and keep it with you everywhere. Refill, refill, refill. At the end of the day, wash it out and have it ready for tomorrow. Nothing will satiate your hunger as well as plentiful cool water.
6. Spice up your meals. Add zest to food with cayenne and jalapeño peppers, ginger,
7. Sleep better. It sounds like quackery, but you really can encourage weight loss by sleeping. Research into sleep and hormone function finds that your metabolism rises and you burn calories more efficiently when you're well rested.
11. Do the ring test. Should you cut back your portions of salt? Even if you don't have high blood pressure, try this test: Slip a ring on your finger. Now eat salty food, wait a few hours, and try to take the ring off. If sliding the ring is more difficult now than earlier, you're probably among the many people (mainly women) for whom salt causes bloat -- potentially grounds for several extra pounds, according to researchers at the
This is a good website by mark who gives you a lot of good info..
Mark's Sysinternals Blog
Sony, Rootkits and Digital Rights Management Gone Too Far
Last week when I was testing the latest version of RootkitRevealer (RKR) I ran a scan on one of my systems and was shocked to see evidence of a rootkit. Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden (see my “Unearthing Rootkits” article from thre June issue of Windows IT Pro Magazine for more information on rootkits). The RKR results window reported a hidden directory, several hidden device drivers, and a hidden application:
Given the fact that I’m careful in my surfing habits and only install software from reputable sources I had no idea how I’d picked up a real rootkit, and if it were not for the suspicious names of the listed files I would have suspected RKR to have a bug. I immediately ran Process Explorer and Autoruns to look for evidence of code that would activate the rootkit each boot, but I came up empty with both tools. I next turned to LiveKd, a tool I wrote for Inside Windows 2000 and that lets you explore the internals of a live system using the Microsoft kernel debugger, to determine what component was responsible for the cloaking.
Rootkits that hide files, directories and Registry keys can either execute in user mode by patching Windows APIs in each process that applications use to access those objects, or in kernel mode by intercepting the associated kernel-mode APIs. A common way to intercept kernel-mode application APIs is to patch the kernel’s system service table, a technique that I pioneered with Bryce for Windows back in 1996 when we wrote the first version of Regmon. Every kernel service that’s exported for use by Windows applications has a pointer in a table that’s indexed with the internal service number Windows assigns to the API. If a driver replaces an entry in the table with a pointer to its own function then the kernel invokes the driver function any time an application executes the API and the driver can control the behavior of the API.
It’s relatively easy to spot system call hooking simply by dumping the contents of the service table: all entries should point at addresses that lie within the Windows kernel; any that don’t are patched functions. Dumping the table in Livekd revealed several patched functions:
I listed one of the intercepting functions and saw that it was part of the Aries.sys device driver, which was one of the images I had seen cloaked in the $sys$filesystem directory:
Armed with the knowledge of what driver implemented the cloaking I set off to see if I could disable the cloak and expose the hidden processes, files, directories, and Registry data. Although RKR indicated that the \Windows\System32\$sys$filesystem directory was hidden from the Windows API, it’s common for rootkits to hide directories from a directory listing, but not to prevent a hidden directory from being opened directly. I therefore checked to see if I could examine the files within the hidden directory by opening a command prompt and changing into the hidden directory. Sure enough, I was able to enter and access most of the hidden files:
Perhaps renaming the driver and rebooting would remove the cloak, but I also wanted to see if Aries.sys was doing more than cloaking so I copied it to an uncloaked directory and loaded it into IDA Pro, a powerful disassembler I use in my exploration of Windows internals. Here’s a screenshot of IDA Pro’s disassembly of the code that calculates the entries in the system service table that correspond to the functions it wants to manipulate:
I studied the driver’s initialization function, confirmed that it patches several functions via the system call table and saw that its cloaking code hides any file, directory, Registry key or process whose name begins with “$sys$”. To verify that I made a copy of Notepad.exe named $sys$notepad.exe and it disappeared from view. Besides being indiscriminate about the objects it cloaks, other parts of the Aries code show a lack of sophistication on the part of the programmer. It’s never safe to unload a driver that patches the system call table since some thread might be just about to execute the first instruction of a hooked function when the driver unloads; if that happens the thread will jump into invalid memory. There’s no way for a driver to protect against this occurrence, but the Aries driver supports unloading and tries to keep track of whether any threads are executing its code. The programmer failed to consider the race condition I’ve described. They’ll have to come up with a new approach to their rootkit sooner or later anyway, since system call hooking does not work at all on x64 64-bit versions of Windows.
After I finished studying the driver's code I rebooted the system. The cloak was gone as I expected and I could see all the previously hidden files in Explorer and Registry keys in Regedit. I doubted that the files had any version information, but ran my Sigcheck utility on them anyway. To my surprise, the majority did have identifying product, file and company strings. I had already recognized Dbghelp.dll and Unicows.dll as Microsoft Windows DLLs by their names. The other files claimed to be part of the “Essential System Tools” product from a company called “First 4 Internet”:
I entered the company name into my Internet browser’s address bar and went to http://www.first4internet.com/. I searched for both the product name and Aries.sys, but came up empty. However, the fact that the company sells a technology called XCP made me think that maybe the files I’d found were part of some content protection scheme. I Googled the company name and came across this article, confirming the fact that they have deals with several record companies, including Sony, to implement Digital Rights Management (DRM) software for CDs.
The DRM reference made me recall having purchased a CD recently that can only be played using the media player that ships on the CD itself and that limits you to at most 3 copies. I scrounged through my CD’s and found it, Sony BMG’s Get Right with the Man (the name is ironic under the circumstances) CD by the Van Zant brothers. I hadn’t noticed when I purchased the CD from Amazon.com that it’s protected with DRM software, but if I had looked more closely at the text on the Amazon.com web page I would have known:
The next phase of my investigation would be to verify that the rootkit and its hidden files were related to that CD’s copy protection, so I inserted the CD into the drive and double-clicked on the icon to launch the player software, which has icons for making up to three copy-protected backup CDs:
Process Explorer showed the player as being from Macromedia, but I noticed an increase in CPU usage by $sys$DRMServer.exe, one of the previously cloaked images, when I pressed the play button. A look at the Services tab of its process properties dialog showed it contains a service named “Plug and Play Device Manager”, which is obviously an attempt to mislead the casual user that stumbles across it in the Services MMC snapin (services.msc) into thinking that it’s a core part of Windows:
I closed the player and expected $sys$DRMServer’s CPU usage to drop to zero, but was dismayed to see that it was still consuming between one and two percent. It appears I was paying an unknown CPU penalty for just having the process active on my system. I launched Filemon and Regmon to see what it might be doing and the Filemon trace showed that it scans the executables corresponding to the running processes on the system every two seconds, querying basic information about the files, including their size, eight times each scan. I was quickly losing respect for the developers of the software:
I still had to confirm the connection between the process and the CD’s player so I took a closer look at each process. Based on the named pipe handles I saw they each had opened when I looked in Process Explorer’s handle view I suspected that the player and $sys$DRMServer communicated via named pipes and so I launched Filemon, checked Named Pipes in the Volumes menu, and confirmed my theory:
At that point I knew conclusively that the rootkit and its associated files were related to the First 4 Internet DRM software Sony ships on its CDs. Not happy having underhanded and sloppily written software on my system I looked for a way to uninstall it. However, I didn’t find any reference to it in the Control Panel’s Add or Remove Programs list, nor did I find any uninstall utility or directions on the CD or on First 4 Internet’s site. I checked the EULA and saw no mention of the fact that I was agreeing to have software put on my system that I couldn't uninstall. Now I was mad.
I deleted the driver files and their Registry keys, stopped the $sys$DRMServer service and deleted its image, and rebooted. As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\Control\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting.
When I logged in again I discovered that the CD drive was missing from Explorer. Deleting the drivers had disabled the CD. Now I was really mad. Windows supports device “filtering”, which allows a driver to insert itself below or above another one so that it can see and modify the I/O requests targeted at the one it wants to filter. I know from my past work with device driver filter drivers that if you delete a filter driver’s image, Windows fails to start the target driver. I opened Device Manager, displayed the properties for my CD-ROM device, and saw one of the cloaked drivers, Crater.sys (another ironic name, since it had ‘cratered’ my CD), registered as a lower filter:
Unfortunately, although you can view the names of registered filter drivers in the “Upper filters” and “Lower filters” entries of a device’s Details tab in Device Manager, there’s no administrative interface for deleting filters. Filter registrations are stored in the Registry under HKLM\System\CurrentControlSet\Enum so I opened Regedit and searched for $sys$ in that key. I found the entry configuring the CD’s lower filter:
I deleted the entry, but got an access-denied error. Those keys have security permissions that only allow the Local System account to modify them, so I relaunched Regedit in the Local System account using PsExec: psexec –s –i –d regedit.exe. I retried the delete, succeeded, and searched for $sys$ again. Next I found an entry configuring another one of the drivers, Cor.sys (internally named Corvus), as an upper filter for the IDE channel device and also deleted it. I rebooted and my CD was back.
The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.
While I believe in the media industry’s right to use copy protection mechanisms to prevent illegal copying, I don’t think that we’ve found the right balance of fair use and copy protection, yet. This is a clear case of Sony taking DRM too far.
For an update on the story, read More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home.
posted by Mark Russinovich @ 11:04 AM
Comments:
November 10, 2005
Microsoft's Ray Ozzie on the Web Office
Posted by Richard MacManus @ 10:29 am
One of the interesting parts of Ray Ozzie's leaked memo was his take on what he calls the "connected office":
"How would we extend or re-conceptualize Office modules to fit in this seamless model of connectedness to others, and to other applications? Should PowerPoint directly ‘broadcast to the web’, or let the audience take notes and respond? How should we increase the role of Office Online as the portal for productivity? What should we do to bring Office’s classic COM-based publish-and-subscribe capabilities to a world where RSS and XML have become the de facto publish-and-subscribe mechanisms?"
I want to compare this statement to my own recent musings on a Web-based Office. On 28 September I outlined a rather radical vision for a fully Web-based office, with the proviso that it wouldn't be happening any time soon. Here's what I wrote then:
"The time for the web-based office will come, mark my words. When broadband is ubiquitous, web functionality is richer, issues of security and reliability have been put to rest, and most importantly of all - when Corporates are ready to make the jump. It may be 5-10 years down the track, it may be longer."
Exactly a month later, 28 October, I followed up by noting that a web-based Office product won't necessarily replace the desktop version (although very long-term, it may well do). I said at that time that a web-based Office will be an extra product offering, with some hybridizing between desktop and Web.
And that's basically what was announced a few days later by Microsoft, as Office Live. Except that currently it's just a gussied up small business marketing promotion - the service itself is not expected to be released in beta form until "early 2006". When it eventually goes live, one would expect that over time it'll evolve into a fully-fledged Web-based Office suite of tools and be expanded out past the small business market.
Ray Ozzie's memo indicates that Microsoft is still internally questioning the approach for Office Live. Should they web-enable traditional desktop personal productivity tools like PowerPoint? A web-based Office will be - should be - a much more collaborative suite of tools than its desktop equivalent. It won't simply be a re-hash of the desktop products - because to take advantage of the two-way, open and collaborative nature of the Web, Microsoft product designers and engineers will need to re-think Office functionality.
Ray Ozzie more than anyone is certainly aware of that need, so it's interesting he pegs Office Live as a "portal for productivity". In the 90's a portal was known as a central place on the Web, where users could quickly access a variety of different services and websites. I think Ozzie may be extending the meaning of 'portal' to mean the Office Live suite of web-based tools and services.
The technologies he mentioned in the memo, RSS and XML, are often used nowadays to remove the necessity of a central portal website. With RSS for example, users can publish and subscribe to different forms of data. So with PowerPoint, the Office Live version of that tool could potentially become my portal to the Web for all presentation content that I have an interest in.
From the memo, it sounds like Microsoft don't yet have the Office Live functionality sorted out. So there's still an opportunity for smaller innovators to build web-based Office applications and capture some market share before Microsoft releases Office Live next year. Maybe even get acquired.
Blog This | E-mail This | Print This | Permalink
Categories: Web 2.0, Business
Gates memo calls for new Web strategy at Microsoft
Wednesday 9 November 2005, 2:30pm EST
| |
| |
By Reed Stevenson
SEATTLE, Nov 9 (Reuters) - Microsoft Corp. (MSFT.O: Quote, Profile, Research) must change its business to better compete against an array of new competitors offering technology and services on the Internet, Bill Gates, the world's largest software maker's chairman, said in a recent memo to executives.
"The broad and rich foundation of the Internet will unleash a "services wave" of applications and experiences available instantly over the Internet to millions of users," Gates said in the memo, which was sent to senior Microsoft executives in late October and obtained by Reuters and other media outlets this week.
Gates' memo acknowledged that the giant software maker is facing increased competition from rivals such as Google Inc. (GOOG.O: Quote, Profile, Research), Salesforce.com Inc. (CRM.N: Quote, Profile, Research), Yahoo Inc. (YHOO.O: Quote, Profile, Research) and Skype Inc. that have built businesses by delivering services over the Internet.
"We have competitors who will seize on these approaches and challenge us," Gates said.
"The next sea change is upon us," Gates said, evoking his famous memo a decade ago calling for Microsoft to shift its focus to the Internet, which resulted in a companywide effort to develop the Internet Explorer browser and unseat market leader Netscape -- and which led to the landmark antitrust trial with the
Microsoft, recognizing that it needs to deliver more of its software technology over the Web, announced last week that it would offer users some of the basic features of Windows and Office over the Internet, without the complexity of installing and maintaining the software in computer hard drives.
Gates' memo was also complemented by a more critical note from one of Microsoft's chief technology officers, Ray Ozzie, who recently joined Microsoft and was put in charge of Microsoft's efforts to deliver software services over the Web.
Ozzie, a longtime software services pioneer who sold his company Groove Networks to Microsoft earlier this year, said that Microsoft had moved too slowly to recognize industry trends and to use its technology to fend off new rivals.
"Just as in the past, we must reflect upon what's going on around us, and reflect upon our strengths, weaknesses and industry leadership responsibilities, and respond," Ozzie wrote in his memo, "As much as ever, it's clear that if we fail to do so, our business as we know it is at risk. We must respond quickly and decisively."
A Microsoft spokesman confirmed the the contents of the memos but declined to elaborate on the strategy shift.
The memos also reflect a recent company-wide reorganization at Microsoft that put the MSN Internet business under the Windows division and put Ozzie in charge of Microsoft's efforts to deliver software services over the Web.
Computer Hardware & Software
Out: .Net, In: Web Services
11.09.05, 7:35 PM ET
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Microsoft (nasdaq: MSFT - news - people ) is great at embracing causes. Ten years ago Bill Gates wrote an employee memo titled "The Internet Tidal Wave". Over night, it seemed, Microsoft was all-Internet, all the time. Five years ago the awkward moniker .Net (dot-net) stood for all things forward-thinking in
Now the tide has turned. Revealed in two internal memos crafted by Gates and recently arrived Chief Technology Officer Ray Ozzie, Microsoft is ready to take on the "services wave" of software available to millions over the Web. (The Gates and Ozzie e-mails were posted on a blog called Scripting News; their authenticity was confirmed by Microsoft.)
Hints of the wave were unveiled on November 1 to a small crowd of journalists and analysts in
Both execs argue for a revamped Microsoft that taps advertising to fund software development, delivers software online, and lets customers trial-run software before buying. All of this should "just work," writes Ozzie.
Gates' letter emphasizes Microsoft's opportunity to grow, and its past success at taking advantage of technological shifts. He is typically upbeat. Ozzie's account is a much more sobering one. While Gates lauds the company he founded for seeing software services as far back as 1998, Ozzie blasts Microsoft for missing out on key trends.
Ozzie writes: "While we've led with great capabilities in Messenger & Communicator, it was Skype, not us, who made VoIP broadly popular and created a new category. We have long understood the importance of mobile messaging scenarios and have made significant investment in device software, yet only now are we surpassing the Blackberry."
Ozzie's battle cry is as instructive as it is decisive. He is assigning what he dubs "scenario owners" to monitor services-driven software development. It is unclear how many of these jobs there will be across Microsoft. The role entails prioritizing features and making sure teams are meeting goals. "They'll listen," Ozzie writes. Listening is not known to be a great strength of Microsoft's upper ranks.
Microsoft is a latecomer to its latest cause. The pioneer of advertising-based software delivery, Google (nasdaq: GOOG - news - people ), has sales of $4.5 billion. Marc Benioff founded business software-as-service firm Salesforce.com (nyse: CRM - news - people ), in 1999. Salesforce is up to $237 million in sales. Both have richer values on Wall Street. Google trades at 44 times next year's earnings, Salesforce at 85 (Microsoft trades at 17).
Microsoft has had glimmers of success in the newest areas of tech. But without boosting its sales dramatically and at a huge cost. The Xbox videogame machine, MSN, wireless and the small business software group have racked up $7 billion in losses in four years.
The transition to more dynamic, customer-drive software risks being an uncomfortable one for Microsoft and its shareholders. Windows and Office, product lines released over a decade ago in Microsoft's last fiscal year accounted for 70% of sales and 140% of profits (makes up for the other lines that lose money). Both products have historically been rolled out in big-bang semi-annual releases. One of Microsoft's greatest strengths has been its entrenchment in the industry. From chips to store shelves, Microsoft dominates. That distribution channel seems less relevant if Microsoft selling its wares over the Web.
Microsoft's tremendous profits will likely be tough to match if more and more software is sold online, paid for by ads. Microsoft isn't yet suggesting Windows and Office should be untethered from a PC. Instead, an ad-funded layer of services will be built on top of Windows and Office.
A hundred days into arriving at Microsoft, Ozzie said he needed a dictionary to understand the goings on in
|
| ||
| | 1 of 1 | |
0 Comments:
Post a Comment
<< Home