Microsoft Related News
Security flaw discovered in Microsoft Word
WASHINGTON (AP) — Microsoft's flagship word processor has a security flaw that could allow the theft of computer files by "bugging" a document with a hidden code, the company disclosed Thursday. It was exploring how to fix the problem and whether to extend the repair to an older version of the software still used by millions. The attack begins when a bugged document goes out, usually with a request to be revised and returned to the sender — a common form of daily communication. When the document is changed and sent back, the targeted file accompanies it. "It has the potential of allowing people to get at data that they are explicitly not allowed to get to," said Woody Leonhard, who has written books on Microsoft's Word and Office software.
The flaw would most likely occur in the workplace, where Word is the most prominent word processing program. Potential targets for theft are sensitive legal contracts, payroll records or e-mails, either from a hard drive or computer network, depending on the victim's access to files. "The issue appears to affect all versions of Microsoft Word," Microsoft said in a statement in response to questions by the Associated Press. "When the investigation is completed, we will take the action that best serves Microsoft's customers."
Word 97, an earlier version of the program, is most susceptible to the attack. But Word 97 will not be repaired because Microsoft no longer supports it, the company said. A research firm reported in May that about 32% of offices have copies of Word 97 running, according to a survey of 1,500 high-tech managers worldwide. Analyst Laura DiDio of the Yankee Group said the companies are taking a risk by using such old software. But she said Microsoft should correct the problem because of its severity. "These are paying customers," DiDio said. Leonhard said Word 97 users "bought the package with full faith in Microsoft and its ability to protect them from this kind of exploit." Word 97 users may be able to get some help through Microsoft's telephone tech support, company spokesman Casey McGee said. But, referring to Microsoft engineers, McGee said "there's only so far back they can go." The flaw involving Word 97 was discovered by Alex Gantman of cellular phone company Qualcomm and was released on the Internet last month.
XP Service Pack Said to Fix Major Flaw
Security boards are buzzing with warnings of a serious hole, but
Microsoft is simply urging users to upgrade.
Critical Alert for Windows, Office, Internet Explorer, and Outlook Express Users
A flaw has been identified that could enable an attacker to craft a bogus digital certificate that would pass as valid. Please read the Security Bulletin dated September 5 for more information and newly released patches.
Users Complaining About Email Not Arriving?
S~pam filters are revealing their darker side. Network World just came up with an article that shows server-side s~pam filters are causing problems. Here is an extract: "Stepped up efforts to eradicate s~pam are creating collateral damage as net execs find that aggressive filters can block receipt of legitimate mail and create uncertainty over successful delivery. Antispam filters are a work in progress, and network professionals must carefully fine-tune the software to ensure they don't cripple confidence in the reliability of email, which has become an indispensable business tool. Filters are causing headaches for e-mail senders, especially those who ship large volumes of legitimate mail such as newsletter publishers, who are seeing spikes in the number of messages that are filtered out by corporate systems." Link to article:
https://www.w2knews.com/rd/rd.cfm?id=020916TP-NoEmail Link to a great solution that filters s!pam on the user level and does not have the problem of users complaining: https://www.w2knews.com/rd/rd.cfm?id=020916TP-iHateSpam
Here is a happy user: "Just wanted to report back to you on how well your s~pam software works. It was nice finally to open my inbox, download my mail, and see 11 legitimate emails sitting there waiting for me, then looking at the quarantined email list, and seeing well over 45 pieces of s~pam. This is the kind of quality software I am looking for, and will be sure to be in touch with you if I need anything at all. Thanks again!" -- James
posted on 6/9/2002 at 20:58
Windows update puts PC makers, consumers in driver's seat
REDMOND, Wash. (AP) — Microsoft plans to release on Monday a packet of upgrades for its Windows XP operating system, including changes to satisfy a proposed settlement with the U.S. Justice Department.
The so-called Service Pack 1 includes the usual software patches to fix security flaws and bugs, most of which have already been released separately, and adds temporary support for the Java programming language.
More significantly, though, it will allow computer manufacturers and consumers to switch off and conceal Microsoft's e-mail, Web browser, Internet audio-video player and other software programs. That gives computer vendors and users the option to select rival software — instead of Microsoft applications — as default programs.
The changes are part of a settlement reached by Microsoft, the Justice Department and nine states to resolve the government's landmark antitrust litigation against the software giant, which was found to have used illegal means against its competition.
Nine other states are seeking stricter penalties against Microsoft.
U.S. District Judge Colleen Kollar-Kotelly in Washington, D.C., the same judge who will decide whether to approve the federal settlement, also must decide whether to grant the states any or all of their requests.
She is expected to make her decision in both cases within the next several months.
Customers can download the service pack from the Microsoft Web site (www.microsoft.com) or order a CD for $9.95 to cover shipping and handling costs.
Microsoft, Allies Gear to Reshape Copyright Debate
Saturday September 7, 8:42 am ET
By Elinor Mills Abreu
SAN FRANCISCO (Reuters) - An industry push to tighten security on personal computers could be either the salvation of electronic commerce or the bane of consumers, who view the Internet as their digital information playground. Microsoft Corp. (NasdaqNM:MSFT - News), Intel Corp. (NasdaqNM:INTC - News) and nearly 200 other companies from the computer hardware, software and security industries are working on technologies designed to protect data in computers from being tampered with by intruders. Maintaining that these systems are needed to impede hackers, proponents say they could help restore law and order in a world where digital piracy is rampant. Critics counter that the technologies are part of an industry power-play that would end the freewheeling culture of information-sharing that now exists over the Internet. Either way, specialized security microprocessors and related software being developed by members of the Trusted Computing Platform Alliance (TCPA) would, if implemented, fundamentally shift the balance of power between individual and corporate ownership of data -- a debate that is already being played out in U.S. courts and Congress. "If we're going to get content on the 'Net, somehow we're going to have to reward the people who put it on there," said Dave Farber, an Internet engineering pioneer and computer science professor at the University of Pennsylvania who is an independent consultant to the TCPA. Others say the efforts are desperate attempts by PC and media companies to control the next big wave of computing. "It's a struggle between the wonks and executives," said Paul Saffo, a director at the Institute for the Future in Menlo Park, California. "The real battle ahead is not over desktops, it's in the living rooms. There is a flat-out race to own the ideo game" and computer entertainment market. "Microsoft would love nothing more than to be the software forge for Hollywood," Saffo added.
Microsoft's latest contribution to trusted computing is a technology it has code-named "Palladium," which is targeted for future versions of Windows. Peter Biddle, a product unit manager in Microsoft's Windows Trusted Platforms Technologies group, said he began in 1997 trying to address the problem of how to protect copyrighted content after media companies complained they wouldn't release high-quality versions of their published content to personal computers because of piracy concerns. Later, he says, he realized the same technology could be used to protect consumer data from theft or tampering. While Palladium is still a long way off, an uproar has arisen over how technologies might be used to curtail consumer "fair use" rights to make personal copies of movies and music and to more tightly control software use. "I like to call this controlled computing rather than trusted computing," said Chris Hoofnagle, legislative counsel for the Washington, D.C.-based Electronic Privacy Information Center. "The companies are creating a system or infrastructure that the user cannot tamper with." Critics fear new technologies will make it easier for corporations and governments to spy on computer users and even censor dissent by allowing applications like document revocation, or programmable data deletion. What may be perceived as minor intrusions in a Western corporate setting might have Big Brother consequences for computer users in countries with more controlled environments like China and Saudi Arabia. "Microsoft wants the Chinese to pay for software," said Ross Anderson, head of computer security at the University of Cambridge in England and a renowned software expert.
DIGITAL RIGHTS MANAGEMENT
Critics also contend Palladium and the TCPA were created to appease the entertainment industry in order to ensure that the PC is the entertainment device of the future. As proof, Anderson points to a patent called "Digital Rights Management Operating System," for which Microsoft has rights. However, Microsoft's Biddle says the patent title is "unfortunate" and downplays its significance to Palladium. "That's not something that really is part and parcel of what Palladium is," Biddle says, adding that it is related to optional add-on features that customers could elect to use. Biddle and a TCPA spokesman deny the assertions, saying that no monitoring, reporting or censoring capabilities are designed into the systems, and people will be able to choose whether they want to use the security features, or not. Still, they acknowledge that certain controversial functions could be added by others later. "In developing the technology for the platform, there's all kinds of usages and capabilities that could be taken advantage of that have not been thought of yet," said Marc Varady, TCPA chairman and marketing manager for Intel's Safer Computing Initiatives. To some, the TCPA plan is reminiscent of Intel's proposal in the mid-1990s to put a serial number on its Pentium chips. Public backlash caused Intel to abandon the plan. By contrast, in trusted computing, special security chips and other hardware will work with software to verify the source of data and that it has not been changed, and to create safe zones within the computer for storing information. Technology companies must carefully balance individual rights and corporate interests, says Bruce Schneier, cryptography expert and chief technology officer at Counterpane Internet Security, a network monitoring firm. "Security is more social than technical," Schneier said. "There are a lot of good technical controls in Palladium, but it's unclear whether they'll be used to protect personal privacy or limit personal freedom. (Additional reporting by Bernhard Warner in London and Eric Auchard in New York)
Microsoft rolls out mice, keyboards in consumer push
SEATTLE (Reuters) — Microsoft launched a wide collection of new-look keyboards and mice Monday as the world's largest software maker gears up to offer a barrage of consumer-oriented products this fall.
The new keyboards and mice, which will be available to consumers by the end of September, feature new colors such as blue, gray and black, and are designed for specific tasks, such as browsing the Web or working with Office, Microsoft's set of word processing and spreadsheet productivity software.
Top-end models will include a wireless keyboard and optical mouse. Models to be released later this year will feature Bluetooth technology, a new wireless technology that allows devices to work with each other without cables.
Microsoft, hoping to extend its reach beyond the desktop, is marketing new consumer products such as a mobile phone with its software, online services for its Xbox video game console and other consumer-friendly products this fall.