Category Archives: microsoft

microsoft, software development, vista, windows, windows 7

Service triggers: an attempt to reduce bloat in Windows 7

4 Comments

I’ve been reading through the Windows 7 Developer Guide. I like this document; it is tilted more towards information than hype, and is readable even for non-developers. There are things mentioned which I had not spotted before.

One example is triggers in the service control manager. There was actually a PDC session which covered this, among other things, under the unexciting title Designing Efficient Background Processes (PowerPoint). If you check out the slides, you’ll see that this is actually something significant for Windows users. It is an attempt to reduce all that stuff that runs whether or not you need it, increasing boot time and slowing performance. Apparently some people are so upset with the time it takes Windows to boot that they are threatening to sue; so yes, this does matter.

Services are applications that run in the background, usually without any visible interface. They consume system resources, so it makes sense to run them only when needed. Unfortunately, many services run on a “just in case” basis. For example, if I check the services on this machine I see I have one running called Apple Mobile Device, just in case I might connect one. It is using 4MB of RAM. However, I never connect an Apple device to this machine. I’m sure it was installed by iTunes, which I rarely use, though I like to keep up-to-date with what Apple is doing. So every time I start Windows this thing also starts, running uselessly in the background.

According to Vikram Singh, who took the PDC session, adding 10 typical 3rd party services to a clean Vista install has a dramatic effect on performance:

  • Boot time: up by 87% (24.7 to 46.1 seconds)
  • CPU time when idle: up by six times (to 6.04%)
  • Disk Read Count: up by three times (from 10,192 to 31,401 in 15 seconds)

Service triggers are an attempt to address this, by making it possible to install services that start in response to specific events, instead of always running “just in case”. Four trigger types are mentioned:

  • On connection of a certain class of device
  • On connection to a Windows domain
  • On group policy refresh
  • On connection to a network (based on IP address change)

In theory then, Apple can rewrite iTunes for Windows 7, so that the Apple Mobile Device service only starts when an Apple device is connected. A good plan.

Now, I can think of three reasons why this might not happen. First, inertia. Second, compatibility. This means coding specifically for Windows 7, whereas it will be easier just to do it the old, compatible way. Third, I imagine this would mean faster boot, but slower response when connecting the device. Apple (or any third party) might think: the user will just blame Windows for slow boot, but a slow response when connecting the device will impact the perceived performance of our product. So the service will still run at start-up, just in case.

Still, I’m encouraged that Microsoft is at least thinking about the problem and providing a possible solution. We may also benefit if Microsoft tweaks some of its own Windows services to start on-demand.

apple, microsoft, security, software, vista, windows

Microsoft plans free anti-malware

5 Comments

Microsoft will be offering a free anti-malware suite codenamed “Morro”, from the second half of 2009, according to a press release:

This streamlined solution will … provide comprehensive protection from malware including viruses, spyware, rootkits and trojans. This new solution, to be offered at no charge to consumers, will be architected for a smaller footprint that will use fewer computing resources, making it ideal for low-bandwidth scenarios or less powerful PCs.

It’s a good move. Here’s why:

  • The current situation is calamitous. Even users with fully paid-up anti-virus solutions installed get infected, as I recently saw for myself. PC security is ineffective.
  • The practice of shipping PCs with pre-installed anti-virus that has a trial subscription is counter-productive. There will always be a proportion of users who take the free trial and do not renew, ending up with out-of-date security software. A free solution is better – several are available now – if only because it does not expire.
  • Microsoft wants to compete more effectively with Apple. It is addressing an extra cost faced by PC users, as well as (possibly) the poor user experience inherent in pre-installed anti-virus trialware.
  • The performance issue is also important. Anti-malware software is a significant performance drag. Microsoft is the vendor best placed to implement anti-malware that minimizes the drag on the system.

Counter-arguments:

  • Only specialist companies have the necessary expertise. I don’t believe this; Microsoft’s investment in security is genuine.
  • Single-supplier security gives malware a fixed target, easier to bypass. There’s some merit to this argument; but it is weakened by the fact that the current multi-vendor scenario is clearly failing. Further, the Mac is a fixed target that does not appear to be easy to bypass.

All of this is hot air compared to the real challenge, which is securing the operating system. Vista is progress, Windows 7 not much different according to my first impressions.

Why not just use another operating system? There’s a good case for it; ironically the theory that a large factor in Windows insecurity is its dominance can/will only be properly tested when an alternative OS is equally or more popular. If people continue switching to Macs perhaps it will happen some day. Windows is still hampered by its legacy, though my impression is that Vista’s UAC is having its intended effect: fewer applications now write to system areas in Windows, bringing us closer to the day when security can be tightened further.

What about business systems? This is one area that needs clarification. Microsoft says Morro is only for consumers. Why should businesses have to pay for a feature that consumers get for free? On the other hand, some equivalent initiative may be planned for business users.

.net, adobe, eclipse, flash, microsoft, software development, visual studio, web authoring

Develop for Adobe Flex in Microsoft Visual Studio – or maybe not

News from the Adobe MAX conference this week in San Francisco: Ensemble has developed an add-in for Visual Studio for Flex development, code-name Tofino. It’s currently in beta and available for download. Flex is Adobe’s developer-focused SDK for Flash applications.

I installed it this morning, and so far it does not impress. There is zero documentation (just a few links to the standard Flex docs on Adobe’s site), and it lacks even MXML Intellisense, let alone a visual designer. When you go to project properties, there is nothing to configure. The toolbox is also empty. On the plus side, it successfully invoked the Flex compiler to build the project, and managed to open it as a static file in Internet Explorer when I clicked Debug. I’d prefer an option to use Visual Studio’s built-in web server for debugging. There must be more to it than this; then again it is advertised as a beta which is meant to mean well advanced (ha ha). I suggest sticking firmly with Flex Builder for the time being.

Adobe has largely ignored .NET in its Flex and AIR technology, though it does support SOAP. I am not sure whether this is caused by aversion to Microsoft, or an assumption that Microsoft developers will use Microsoft technologies like Silverlight or Windows Forms, or a bit of both. Integration with Visual Studio and server-side .NET could be significant for Flex adoption, though it would be better if Adobe itself were doing the add-in.

You can see the same thing happening on Microsoft’s side, with a half-hearted Silverlight project for Eclipse (which only works on Windows), or the well-regarded Teamprise which integrates Eclipse with Visual Studio Team System. In both cases Microsoft keeps itself at arms length, which does not have the same impact as in-house support.

There are always concerns about the quality of third-party applications. I am sure Adobe itself would not have put such an inadequate preview up for download, as Ensemble has done for Tofino.

microsoft, open source, Sun

OpenOffice to become adware?

4 Comments

From Jonathan Schwartz’s blog:

An auction’s afoot … to see who we’ll be partnering with us to integrate their businesses and brands into our binary product distribution – the possibilities are limitless: people tend to print those documents, fax them, copy them, project them (and I know this annoys my friends in the free software community, but branding allows us to invest more in OpenOffice.org community and features, from which everyone benefits).

An alarming prospect. But OpenOffice.org is meant to be free and open source. What does Schwartz mean by “our binary distribution”? Note he says OpenOffice.org not Star Office, Sun’s commercial version.

I presume it will be possible for others to step in and offer branding-free distributions of OpenOffice. I’ll go for those, thanks very much.

Contributors to OpenOffice.org put their trust in Sun and even assigned their copyright, supposedly to protect the open source status of the code. If Sun commercialises the free distribution (it can do what it likes with Star Office), that strikes me as stretching the limits of what people understand by free software.

If Sun, by Schwartz’s own admission, is willing to “annoy” its friends in the free software community, OpenOffice.org will lose a lot of momentum – I foresee forks and anger. A good day for Microsoft Office.

Then again, I may have misunderstood. I’m seeking clarification.

Technorati tags: , ,
cloud computing, internet, linux, microsoft, open source, software

Microsoft Office vs OpenOffice.org in UK education

6 Comments

Yesterday I took a seminar with a small number of people from schools and colleges in the UK, who had purchasing responsibility for software.

I talked about some of the history, differences between the products, the ISO standardisation wars, the ribbon, and the way Microsoft’s pricing escalates in order to charge the maximum to business users. I also mentioned online alternatives like Google docs and asked whether they could contemplate switching entirely to a web-based productivity suite.

It is always interesting talking to people with a real-world perspective, in contrast to the hothouse of Internet discussions and attempting to follow what is happening at the bleeding edge. What I found:

  • These folk knew about OpenOffice.org but none use it regularly themeselves; one had a reasonable number of students using it, but only because they were using netbooks running Linux. Not very encouraging for OpenOffice.org since the buzz is that netbooks are increasingly switching to Windows.
  • There was very little interest in ISO standards. On the other hand, there was real concern about interoperability, which is related. However, the best solution at the moment is to use Microsoft’s old binary formats throughout. Filters in MS office for OpenDocument, and in OpenOffice.org for Open XML, will be welcome.
    Incidentally, I used Office 2007 PowerPoint for the session. I tried to open the .pptx in OpenOffice.org 3.0; it worked, but there were extra borders round objects and some unwanted text. I saved from Office 2007 as .ppt, re-opened in OpenOffice.org. It was perfect.
  • Some had already rolled out Office 2007, and reported that the Ribbon UI was better for new users, but caused problems for some who were familiar with the old menus. Mainly a training issue.
  • Education gets generous pricing for MS Office. There was interest in saving money by using OpenOffice.org, but the sums involved are relatively small. We discussed the ethical issue – whether it is right to get young people hooked on a product that will cost them or their businesses dearly later on – but this particular group didn’t engage with this much. Little desire to change the world; focused on getting their work done.
  • I mentioned the negative Becta report on Vista and Office 2007, which I also looked at again in preparation. I was struck again by what a poor report it is, ducking important issues and giving a rose-tinted view of ODF, though I am in sympathy with Becta’s efforts to promote choice and open source in education. However, none of this group had read the report, or even heard of it. Becta is a government organization focused on technology in education.
  • There was little enthusiasm for web-based office suites. Interest perked up a little when I mentioned Google Gears and the possibility of seamless online/offline use. One person said his school was rural and could not get broadband at all.

My overall impression is that Microsoft Office remains dominant in the institutions represented by this group, and that seems unlikely to change soon. The web-based suites have more chance of breaking the habit, since they represent a more fundamental shift than simply moving from one fat desktop application to another.

I would likely have got a better attendance for a seminar on rolling out Office 2007.

google, java, microsoft, Sun

Sun distributing Microsoft toolbar, Google drops Star Office from its Pack

2 Comments

Microsoft has done a deal with Sun where its search toolbar is distributed with the Java runtime. The deal only applies to US Internet Explorer users who download the JRE. Previously Sun distributed the Google toolbar with Java.

Separately, as one or two have noticed, Google is no longer distributing Sun’s Star Office suite with the Google Pack. Cracks appearing in the Sun/Google relationship?

The Star Office aspect is interesting because it may (or may not) be significant for Google’s overall strategy for productivity software.

Google has its own office suite, one that works online. So why promote a competitor? Well, Star Office is a traditional desktop suite that has more features and works offline. It is also one in the eye for Microsoft and might inhibit a few Office 2007 sales. I had wondered whether Google would try some deep integration with Star Office, where you could seamlessly open and save documents to Google storage on the Internet.

Maybe Google has now decided that Star Office muddies its message, which is a pure Internet play for office applications, with offline features coming via Gears. When combined with the speed of Chrome, this has plenty of potential.

Alternatively, Star Office is just being upgraded and will be back soon. Or perhaps Sun and Google fell out over the terms. Now that Google is so dominant in search, users visit Google and get the toolbar anyway; it doesn’t need Sun’s support. All speculation; Google has yet to comment, as far as I know.

Let me add that I hate this method of promoting software, where you download one thing and get another by default. It’s called foistware.

Technorati tags: , , , ,
microsoft, software development, windows

Windows is an adventure game

2 Comments

Many video games in the adventure genre are in essence collecting games. You have to get the gem to open the gate, and to get the gem you need the three pieces of tablet, etc etc.

Windows is like this sometimes. I want to try Windows Azure. I need SQL Express. I download SQL Express 2008. Try to run, it tells me I need Windows Installer 4.5. I download Windows Installer 4.5. Try to run, it tells me “The system cannot find the file specified.”

This makes me pause. Is it a broken download, or is my system broken? Maybe it’s because I downloaded to a network drive. Yup – copy it to a local drive, and it runs fine. This is the adventure game equivalent of a puzzle.

Now the dialog says, “You must restart your computer for the updates to take effect.” To be continued, then.

Shame Microsoft hasn’t (as far as I know) issued a VM image with all this ready to go.

microsoft, software development, windows

Anti-virus failure leaves XP broken, DNS hijacked, user frustrated

3 Comments

A colleague had some problems with his Windows XP laptop while I was away last week, and I promised to look at it on my return. It’s a sad story, particularly as he is doing everything Microsoft recommends (aside from upgrading to Vista). His HP laptop was fully patched with SP3, and he had a commercial license for AVG anti-virus. He noticed that his system started running slowly when connected to a network, though it worked fine offline, and suspected a faulty network card. It sounded suspicious to me. I wondered if malware was causing heavy network traffic, and advised him to check that his anti-virus was up-to-date and to scan his machine.

It got worse. He ran AVG, which discovered two viral autorun.inf files that it quarantined, but the machine still did not work right. The AVG tech support could not see what was wrong, and suggested reinstalling AVG. Reinstallation failed because AVG could not get updates (this was actually a good clue). Tech support said maybe a firewall problem. Hmm.

The best solution in cases like this is to flatten the machine and reinstall everything, but I was intrigued. I booted from the Ubuntu 8.10 live CD and confirmed that the hardware was fine. I then tried a couple of anti-virus scans that run from boot CDs, which is safer than running from within an infected operating system – the Kapersky rescue disk and the Avira Rescue System. Kapersky identified and removed Trojan-Downloader.Win32.Agent.ahcg somewhere in temporary files. Antivir found nothing. I also ran the Malicious Software Removal Tool which found Trojan: win32/Alureon.gen. Funny how all these tools find different things. No, I don’t find that reassuring.

At this point I connected the machine to the internet. Tried re-installing AVG but it still would not update. Tried downloading a more recent AVG build. However, when I clicked to download, I got an advertisement page instead. Aha! I checked the DNS settings. Instead of being set to obtain the DNS automatically, it was hard-coded to a pair of DNS servers in Ukraine. Clearly the AVG download site was among the ones privileged with an incorrect entry.

Things looked up after I fixed that. Spybot found evidence of Zlob.DNSChanger.Rtk: a registry entry pointing winlogon\system to an executable with a random name somewhere in Windows\system32, but the file itself was not present. Fixed that entry, and Spybot was happy. AVG installed and updated sweetly and found nothing wrong.

I also noticed a hidden directory called resycled (sic) on the root of both partitions, containing the single file boot.com. Has to be a virus, and seems to be associated with the autorun.inf infection; but none of the clean-up tools detected it.

The machine seems fine now, though it should still be flattened as a precaution. I do find the DNS hijack spooky though. It means you can visit safe sites but get dangerous ones. Nasty.

What all this illustrates (again) is that even users who do everything as recommended still get viruses – in this case, probably from an infected USB stick, though I can’t be sure. Why didn’t AVG catch it? Good question. Why didn’t AVG tech support advise how to fix it? Another good question. Vista would have been a little more robust – you would have to pass a UAC prompt to write to the root of drive C, or to HKLM – but I imagine some users would click OK to a prompt after connecting a USB stick, presuming it to be a driver install or something like that.

And if you get ads or porn sites appearing unexpectedly when you browse the web, yes you should be worried.

Update

I sent the suspect file boot.com to Sophos for analysis. I would have sent it to AVG as well, but could find no easy way of doing so. I received an email informing me that this is a worm called W32/Autorun-NX. A filter to detect it was added to Sophos on 7th November at 20.27, which is about 4.5 hours after I submitted it. If mine was the first report, that is impressive speed; but bear in mind that the infection was over a week old when I encountered it, and had circulated for an unknown length of time before my colleague picked it up. Anti-virus software offers only limited and inadequate protection from malware.

Technorati tags: , , , ,

.net, microsoft, silverlight, software development

Microsoft’s new .NET logo

1 Comment

One thing I forgot to mention from PDC 2008: the new .NET logo:

Note the visual link to the Silverlight logo; the ribbon (I may be reading too much into this); and the soft brushwork that is meant to evoke “designer” as well as “developer”.

The .NET part has changed from lower case to upper case. This was the old logo:

 

Since as far as I’m aware Microsoft has always preferred .NET to .net or .Net (except in the logo) I guess this makes sense. Must remember to type it that way.