Category Archives: windows

security, software, windows

How secure is Windows Vista?

4 Comments

Tech journalists have a tough job. They are meant to take the vast complexity of things like computers and operating systems and translate them into terms that ordinary people can understand.

Of course there is never a one-to-one mapping between the complex and the simple. The simplified explanation is a compromise.

So let’s look at the question: how secure is Windows Vista? Unfortunately the question is not amenable to a simple answer. Perhaps the best you can do is to try and explain the issues, the ways in which it is more secure than earlier versions of Windows, the ways in which it remains insecure.

Now read this piece on weaknesses in Vista’s UAC (User Account Control). Looks bad, right? About some insightful researcher who “found out — from Microsoft officials — that the default no-admin setting isn’t even a security mechanism anymore.”

This is a misunderstanding of a typically balanced and well-reasoned piece by Microsoft’s Mark Russinovich on UAC in Vista. At least the link is there in the ZDNet article, so you can read it for yourself.

Apparently, “In an e-mail interview, the Polish malware researcher said she was “pissed off” by what she perceived as Russinovich’s flippant attitude to the potential risk.”

Frankly, I defy anyone to read and understand Russinovich’s article and call it “flippant”. He explains how the mechanism works, he explains why it works as it does, acknowledges areas of compromise, and shows how to achieve higher security if you want it:

Without the convenience of elevations most of us would continue to run the way we have on previous versions of Windows: with administrative rights all the time. Protected Mode IE and PsExec’s -l option simply take advantage of ILs to create a sandbox around malware that gets past other security defenses. The elevation and Protected Mode IE sandboxes might have potential avenues of attack , but they’re better than no sandbox at all. If you value security over any convenience you can, of course, leverage the security boundary of separate user accounts by running as standard user all the time and switching to dedicated accounts for unsafe browsing and administrative activities.

He’s right. And personally I think ZDNet is giving too much weight to the strident researcher who calls Vista security “a big joke“, while doing too little to examine the real issues which Russinovich explains.

Of course that doesn’t prevent Slashdot and others picking up the story and presuming, because that’s what they want to believe, that Vista security is shot to bits.

It’s not. It is a real advance on XP, not least because of the point Russinovich highlights:

Why did Windows Vista go to the trouble of introducing elevations and ILs? To get us to a world where everyone runs as standard user by default and all software is written with that assumption.

Update

This story gets more curious the more you investigate. The gist of this researcher’s original complaint was that Vista forced her to run setup and installer applications with local admin rights:

That means that if you downloaded some freeware Tetris game, you will have to run its installer as administrator, giving it not only full access to all your file system and registry, but also allowing e.g. to load kernel drivers!

It’s a fair point, though problematic on examination. Installing applications is an administrative task. Still, it’s correct that many installers do not need full admin rights, so the system could be more granular. Fortunately Vista covers this. You can disable the automatic elevation of setup applications in local security policy. In fact, enterprise rollouts have this disabled by default. The researcher is actually aware of this, but says:

Even though it’s possible to disable heuristics-based installer detection via local policy settings, that doesn’t seem to work for those installer executables which have embedded manifest saying that they should be run as administrator. I see the above limitation as a very severe hole in the design of UAC.

Now she’s lost me. The complaint has shifted – there is no problem running setup applications with less than full admin rights, but if the developer specifies with a manifest that full admin rights are required, then Vista automatically prompts for elevation. This of course is working as designed. If you downloaded a “freeware Tetris game” and discovered a manifest insisting on full admin rights, you would likely be wary in any case.

So where is the “very severe hole in the design of UAC”? There is a “severe hole” here, but it is not in the design of UAC. The core problem is that users may try to install malware. They are browsing the web, and perhaps come across a flashing advertisement that says their PC has spyware, but this utility will fix it. They download it. They pass a dialog warning that the file is from the internet and might not be safe. They pass a dialog requesting elevation. At this point, only anti-virus software or something like Windows Defender might save them. How do you fix this, without taking away the user’s right to do what they want with the computer they own?

That said, there is a weakness in UAC in the potential of non-elevated processes to interfere with elevated processed. Mark Russinovich covers this well in his post referenced above. Bottom line is that it’s still best not to run with full admin rights, even with UAC enabled. The long-term purpose of UAC is to get Windows across the hump of legacy applications to a point where local admin rights for day-to-day use are unnecessary.

Technorati tags: , ,

software, windows

Why Outlook 2007 is slow: Microsoft’s official answer

158 Comments

A knowledgebase article published last week acknowledges performance problems with Outlook 2007, though it says these only occur with mailboxes larger than 2GB:

You may experience one or more of the following performance problems when you are working with items in a large Personal Folder file (.pst) or in a large Offline Folder file (.ost) in Microsoft Office Outlook 2007 … Note When you perform the same operations on the large .pst or .ost file in earlier versions of Outlook, the same performance problems do not occur. These problems may occur if the .pst or .ost file is larger than 2 GB. Additionally, the performance problems are more pronounced when the .pst or .ost file is larger than 4 GB.

I think this is optimistic and that smaller mailboxes are slower too; nevertheless, it does confirm that that the size of the local store is the key issue.

If you use Exchange, the local store is the .PST or .OST file on your workstation or laptop. If you do not use Exchange, a local .PST store is all you have.

Here’s what Microsoft says is the reason:

To accommodate new features, Outlook 2007 introduced a new data structure for .pst and .ost files. In this new data structure, the frequency of writing data to the hard disk increases as the number of items in the .pst or .ost files increases.

Intriguing, especially as I had thought the .pst format was the same in Outlook 2003 and 2007. The big change was from Outlook 2000 to Outlook 2003, when Unicode was introduced and the maximum size increased to 20GB.

I’d also like to know whether Microsoft is just stating the obvious here (bigger file, more disk access); or whether there is some exponential increase in disk writes, suggesting a design fault in the software. I have already noticed that if you show the I/O columns in Task Manager’s performance tab, Outlook 2007 shows some extraordinarily large numbers.

So what’s the fix? The news is not too good. In essence, you have to reduce the size of the local store. You can archive or move items to separate .pst files, or switch off cached mode so you always work online to Exchange.

The article doesn’t say it, but there are significant problems with switching off cached mode. These include hugely increased network traffic, problems with junk mail filtering, and loss of all your mail when using a laptop disconnected from the network.

The most imaginative suggestion is to filter the sychronization. For example, you could filter out messagse with large attachments, or all messages from last year or earlier. These messages will still exist in Exchange, but not in the local store.

Worth a try, but none of the workarounds is really satisfactory. Outlook 2003 worked fine with large mailboxes, Outlook 2007 does not. That’s a blunder.

 

software, windows

Vista – worth having?

Now that Vista is on the shelves, people are asking: is it worth having?

I’ve been testing it for a while now, using it for most of my work and as a media center.

If there is a “Wow” in Vista, it is in the Windows Presentation Foundation, not the core operating system. And WPF is available for XP as well; and there aren’t yet many applications which use it. So forget the wow for now.

That said, it is mostly an improvement. Why mostly? Mainly because of driver quality. For example, I’ve been chasing an Intel display driver bug for a couple of weeks. It made certain games unplayable and also caused problems when more than one display was active. Last week Intel posted an update that fixes the problem. That’s on a laptop; on my desktop the sound card doesn’t work as it should – because Creative’s Vista drivers are still in beta and far from production quality. I get stuttering sound from a supposedly high-end X-Fi card.

These issues will gradually disappear as the hardware vendors properly support Vista. That said, I have a scanner that will probably never work. It’s old enough that the vendor has no incentive to come up with a driver.

The other major issue is software compatibility. Everything has to work with XP, but Vista is new and there may be problems. Most of these are caused by the new security feature called User Account Control. In reality I have not had many problems. If you have a few key applications you depend on, it makes sense to verify whether or not they run on Vista before making the switch.

Upgrade? Buy new?

Now a few specifics. Would I upgrade a laptop? No, not unless you enjoy techie problems or can get a supported upgrade pack from the vendor. Laptops are stuffed with devices, updating the hardware is near-impossible, and things like sleep and resume are prone to go wrong.

Would I upgrade a desktop? Possibly, if it is no more than a couple of years old. It’s still somewhat risky. I’d plan to upgrade the RAM to 1GB or more, update the motherboard BIOS, and buy a new graphics card. You might get away without; but my impression is that Vista is more demanding (ie. slower) on the same hardware than XP.

Would I buy a new compter – desktop or laptop – with Vista rather than XP? Yes, provided you’ve established that you can run or replace the applications you depend on and the hardware you intend to plug in. 

Vista is a better version of Windows, more logically organized, more pleasant to use, more secure. The best feature for usability is the search box on the start menu. No more hunting through the fly-out menus; just click Start, type the first few letters of what you want and hit Enter.

Security

How much more secure? Unfortunately the blizzard of hype and counter-hype has obscured the security changes in Vista. A substantial industry has been built on security weaknesses in Windows, and this industry is desperate to persuade us that we still need its services, while journalists everywhere are keen to find and publicise any security problems; and undoubtedly there are and will be problems to find.

The key change is that users by default run without local administrator permissions. This brings Windows into line with standard practice on other operating systems including Linux and Mac OS X. In consequence system files are protected unless the user passes a dialog approving a change. Some claim that these dialogs pop up frequently and are annoying. I can’t substantiate that – I don’t often see them, and when they do appear I don’t find them particularly objectionable though there are cases when I’m not sure why admin rights are needed.

Of course if a virus comes along in an email attachment and says, “I’m an important update from Microsoft, please run me”, and you click Allow, then Vista isn’t going to help you.

Another less publicized change is Internet Explorer’s Protected mode, again on by default. This means IE runs with even more limited rights, and should help to prevent silent installs of malicious software. Arguably, this makes IE more secure than FireFox on Vista. 

In reality, this is a process. The changes in Vista mean that software vendors might actually stop producing applications that breach basic Windows guidelines. A side-effect will be better separation of application code and data, which will help with backup as well as security. It will make sense to set Vista to a higher level of security, where you have to enter an admin password to make system changes, and the intrusive dialogs will appear less often.

 

Technorati tags: , , , ,
internet, microsoft, software development, web authoring, windows

IE7 script madness

11 Comments

Ever seen this guy?

Stop running this script dialog in IE7

I’m writing a piece on Javascript. In the new world of AJAX, web applications may run large amounts of client-side code in the browser. I’m having a look at performance issues, so I wrote some code that does some processing in a tight loop and tested it in IE7, FireFox 2.0 and Flash 9.

Getting timings was difficult, because IE7 pops up this “Stop running this script” dialog when my code is running. Nor will it let go. You click “No”, and 1 second later the dialog pops up again. And again. And again.

I’ve trawled through the IE7 options looking for a way to switch this thing off, but cannot find one. I’m hoping I’ve missed it, or that there is a secret registry key I can change, because it is really annoying.

I don’t understand why there is no option for “don’t ask me again”, or “allow long-running scripts at this site”. After all, this scenario is going to get increasingly common. Neither FireFox nor Flash suffers from this problem.

I appreciate that IE7 is trying to be helpful here. There is though a fine line between helpful and annoying. Without any obvious way to prevent it, this falls in the latter category.

That said, I did find a way to get my timings, because of my experience with the htmleditor.  If you host Mshtml in an application, you can implement the COM interface IDocHostShowUI. This has a ShowMessage function which IE calls when it wants to show a dialog. This enables you to catch the over-helpful “stop this script” message and not show it.

Unfortunately this solution isn’t something users can easily apply. It requires creating your own customized version of IE. There must be some easier way and I look forward to learning what it is.

One last comment: why does Microsoft still come up with poorly thought-out UI elements like this? It is easy to think of better ways than a brutal modal dialog. How about a “stop script” toolbar button that appears only when scripts are taking too long or grabbing too much CPU?

Update

FireFox does exactly the same thing, also with a modal dialog, “A script on this page may be busy” …

Still, two benefits to FireFox. First, the timeout is set to a more reasonable 10 seconds. Second, you can easily amend it. Navigate to about:config. Find the entry dom.max_script_run_time. Change it from 10 to whatever you like. 

Further update

A comment has pointed me to this knowledgebase article.

Here’s the fix:

  1. Using a Registry Editor such as Regedt32.exe, open this key:
    HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Styles

    Note If the Styles key is not present, create a new key that is called Styles.

  2. Create a new DWORD value called “MaxScriptStatements” under this key and set the value to the desired number of script statements.

    By default the key doesn’t exist. If the key has not been added, Internet Explorer 4 defaults to 5,000,000 statements executed as the trigger for the time-out dialog box.

Technorati tags: , , ,

internet, windows

Windows web server market share grows

3 Comments

Netcraft reports that Windows/IIS has a growing share of the web server market:

Microsoft-IIS gains 935K sites, continuing an advance that has seen Microsoft steadily chip away at what once seemed an insurmountable lead for Apache. In our Feb. 2006 survey, Apache held 68% market share, giving it lead of 47.5% over Windows (20.5% share). In this month’s survey, Microsoft’s share has improved to 31.0%, narrowing Apache’s advantage to 27.7%.

Netcraft counts sites, which means that its monthly figures are hugely influenced by the actions of a few big players in the web hosting market; many “sites” are no more than parked domains. It’s also worth noting that the total number of sites is constantly increasing. Apache probably has more users than ever before, despite the above “decline”. Other web servers have a miniscule market share.

Even with these caveats, it seems that Microsoft is at least holding its own in the web server market. My hunch is that this has to do with the high quality of ASP.NET, and the fact that Windows Server 2003 has won a decent reputation for security as a web server. I am not saying it is more secure than say Linux-Apache; just that security isn’t the deal-breaker that it tends to be on the desktop.

Congratulations to Scott Guthrie and his team.

Technorati tags: , ,

software, windows

Open Document to Office Open XML converter: not good

8 Comments

The first full release of the Open XML to Open Document Format translator is available for download. Great news for interoperability – or is it?

I like to try things out before writing about them, so here’s what I did. I downloaded the Word 2007 add-in and ran the setup. Then I opened Word, and opened the document I was working on, which happens to be called Using DigiKam.docx. This is just under 800 words long and contains no graphics. I went to Home – Save As, and looked for Open Document in the list of document types. No deal. Puzzled, I looked again at the Home menu in Word 2007. Ah, there it is. A separate top-level entry for ODF with Open and Save As menu items. Not ideal in terms of integration, but never mind.

Note: there is an important issue here. Imagine you are an organization that has decided to mandate ODF for your documents, but to continue using Microsoft Office. What you want to do is to fiddle with Group Policy and have Word default to opening and saving ODT (Open Document Text). As far as I can tell, this is not possible with this version 1.0 release. In fact it is worse than that. If you have a new document, and choose ODF – Save As, you get the following error:

Please save your document before exporting to ODF. So instead of just clicking Save, users have to save twice, first as .docx, next as ODT. Ugly. It gets worse, read on.

OK, so I decided to save my current document as ODF. A wait message appeared: it took the converter about 30 seconds to save the document. I don’t like to think what would happen to a 10,000 word report full of charts and tables.

Next, I closed the document, went to ODF – Open, and chose the document I just saved. Another 30 seconds later I get this message about lost elements:

If I go into details, it tells me that the header dimensions and document creation and modification dates might have been lost. Fair enough, nothing drastic – unless perhaps I am laying out a booklet for publication. Of course you would be mad to use a document converter like this in such circumstances – but let’s not forget the implications of potential inflexible government legislation that might mandate such a thing.

I notice a curious thing. My opened document has been renamed to Using DigiKam_tmp.docx. Let me get my head round this. Let’s say I want always to save in ODF. I have to save as .docx, then export to ODF. Then I open the ODF document, which now has _tmp appended. I make some changes, and want to export it as ODF. I get, you guessed it, the “Please save before exporting” message. So I click save, and get a view of all my temporary documents, because the converter puts the imported document in my temp folder. If I try to save it directly, I get a “this file is read-only” error. So I save it to My Documents, then I go to ODF – Save As. Next session, I go to ODF – Open and guess what. My file is now called Using DigiKam_tmp_tmp.docx.

So the message is: don’t even think about using this converter as a means of standardising on Open Document while still using Word. It will cause immense and unnecessary hassle. However, it could still be useful for importing and exporting documents interchanged with others using, say, Open Office.

Not the same

That said, I noticed something else about my round-tripped document. It was different. In Word, I have my Normal style set with no space before or after. After round-tripping, these paragraphs had 10pt space after applied.

It gets worse. The converter lost all my paragraph styles – not the formatting, but the style tagging. This is a deal-breaker for me, as I depend on paragraph styles; but I am probably in a minority. Still, it prompted me to look at the list of unsupported features. Casting my eye down the page I came across this item:

In Open XML in real spacing between two consecutive paragraphs is the biger [stet]. For example first paragraph style has spacing after 10pt and second has spacing before 20pt the real spacing is 20pt. In Open Document Format real spacing is sum. In our example the real spacing is 30pt.

Is that my spacing problem? It could be related; but this is not what I would call a model of clarity. Let’s just say that the ODF converter will mess up your paragraph spacing.

Question: why was I warned that I might lose “header dimensions”, but these more significant issues – no paragraph styles, messed up spacing – went unmentioned?

Not professional quality

I realise that despite the flaws this converter could be a life-saver if you get a document that would otherwise be unreadable, or if you are forced by regulation to send a document in ODF format. However it does not merit Microsoft’s effusive press release, nor Brian Jones enthusiatic blog entry. It falls far short of the standards set by Microsoft Office. Perhaps I am judging too swiftly; but you will understand my scepticism considering the design flaws noted above, the extreme performance problems, and the fact that it somewhat messed up my short document without any graphics.

Practical considerations

In closing, some practical notes. If you really want to work with Open Document, don’t use Microsoft Office. If you want to use Microsoft Office, don’t use the converter except in an emergency, not in this release at least. For Word documents, RTF is the least bad option and macro-free; or failing that, the Office binary formats are actually well understood by third-party applications.

What if you use an application that supports Open Document and want to distribute richly formatted documents to others? Well, in the real world Microsoft Office is everywhere, so the same applies: RTF or Microsoft Office binary formats will help the recipients to get their work done.

Update: I spoke to Microsoft’s Jean Paoli about a number of Office Open XML issues – see here for the interview. He acknowledged there are some issues but said that performance is usually better than I found it to be. I’m sceptical but will try to do some more testing.

Technorati tags: , , , , , , ,

software development, windows

Free WPF datagrid control from Xceed

A notable omission from the controls available in the first release of Windows Presentation Foundation is a datagrid. Component vendor XCeed has stepped up with a free WPF datagrid. Registration is required, but Xceed says:

The free license is a perpetual license and includes royalty-free distribution, bugfixes, and new features, so your company can use it with full confidence.

Paying customers get support along with an option for source code.

I’ve not tried the control yet, but if you are experimenting with WPF, it strikes me as worth a look.

Technorati tags: , ,

windows

Vista display driver takes a break

289 Comments

I’m seeing an annoying error on my Portege M400 running Vista. The thing is almost clear of beta drivers now, after numerous downloads from Toshiba, including the display driver. The graphics chipset is a Mobile Intel 945GM, and I have a production release driver dated 13th December 2006, version 7.14.10.1151, though I saw the same problem with earlier releases.

Specifically, from time to time the display blanks out and an error 4101 is logged. Sometimes I get this supposedly reassuring toast pop-up:

The warning message is:

Display driver igfx stopped responding and has successfully recovered

The error is worse than it sounds. The screen blanking is irritating, and sometimes causes the current application to crash (I’ve seen this with games). I’ve also seen it when working with multiple displays. Fortunately it only seems to occur with the display is being stressed in some way – I can work all day in Word and Excel, and not see the problem.

I’ve tried turning off Aero and it makes no difference.

A bug in Intel’s driver I suppose (I never get this on my Vista desktop), though it is not exclusive to Intel; this user reports the same problem with a GeForce 7900.

This is the kind of thing that spoils Vista right now. I think this OS will work much better six months from now.

Technorati tags: , ,
borland, delphi, software, software development, windows

Delphi and Windows Installer: small problem, fiddly solution

4 Comments

A Windows technology I love to hate is the Windows Installer, the setup engine built into Windows that is hard to avoid if you want to comply with Microsoft logo requirements and system management tools.

I have a little application which uses this, which uses a custom action written in Delphi. Originally this was an executable with some command-line arguments, which worked fine except that occasionally the custom action needs to show a dialog. Sometimes (not always) this would show up behind the main setup window, causing users to think that setup had hung.

Incidentally, I saw this exact problem when installing Delphi itself on Windows Vista.

It is all to do with a long-standing and complex Windows issue concerning whether applications can force a window to be on top of other windows. In a nutshell, a well-behaved application should not normally do this, though it can make itself flash in the taskbar. Not a great user experience. However, you can ensure that a window is on top within a specific application (in this case the setup), provided you know the handle of that application’s main window. Unfortunately there is no obvious way to get this value, other than via an API called FindWindow which might occasionally find the wrong window, for example if the user managed to open two instances of the setup.

The correct solution for this is not to use an EXE as a custom actions, but rather to use a DLL. This runs in-process with the setup, which enables it to call MSI (Microsoft Installer) functions like MsiProcessMessage, enabling it to show dialogs safely. You can also do useful things like writing entries to the installer log. (Thanks to Mike on the Microsoft.public.windows.msi newsgroup for this tip).

Therefore I converted the custom action to a DLL. Not too difficult; but I discovered that the Windows Installer is not especially flexible about calling custom actions in DLLs. The only argument it can (and must) give is a handle to itself. That’s unlikely to be enough. So how do you pass data to your custom action?

If you use an MSI editor such as that in Visual Studio, you will see a property called CustomActionData which you can set when calling a custom action. All this does is to set a property within the installer. Your custom action can then call MsiGetProperty to retrieve the value. It is a single string; if you want to pass several values, you need to use some sort of delimiter and parse it within your custom action code.

Although many Windows API functions have Delphi wrappers built into Delphi’s runtime library, the Installer functions are not among them. I hate reinventing the wheel, so I searched for a Delphi wrapper for msi.dll. It’s not easy to find, suggesting that few developers have gone down this route, though it is part of some versions of the Project JEDI JCL (JEDI component library). In the end it was easier to find the header files in the SDK and do my own wrapper for the few functions I needed.

Delphi is a great tool, but at times like this you realise that there is a price to pay for not falling in with the crowd and using Visual C++. All the low-level Windows API documentation assumes that you are at least using C++.

The good news: it all works fine. Dialogs appear reliably above the setup window, and access to the MSI API may prove useful for other things as well.

That said, it all goes to demonstrate why developers sometimes take ages to fix seemingly simple problems.

 

Technorati tags: , , ,
software, software development, windows

Tube trains show off Windows Presentation Foundation

1 Comment

If you have any interest in .NET Framework 3.0 I recommend this keynote presentation, from Microsoft’s UK developer launch for Vista and Office last weekend. It was given by Sanjay Parthasarathy, Vice president of the Developer and Platform Evangelism Group at Microsoft Corp. He reiterates the themes Microsoft watchers will have heard before: unifying designer and developer, SOA (Service Oriented Architecture), Office as a platform, Enterprise mashups and so on. I’d advise skipping forward to about 38.30 and viewing the presentation given by a couple of developers from the London Underground on their WPF (Windows Presentation Foundation) application for managing the network.

The London Underground is a busy network, clocking up 971 million passenger journeys last year. The WPF app is a real-time visual presentation of its status, based on the familiar tube map. There are “teardrop” indicators which show where there is congestion, technical problems, crime or other incidents. You can click an indicator to open a detailed panel, and dock the panel to get live update. All the data is driven by web services. Everything zooms and drags; you can show or hide specific lines and indicators; and finally there is an amazing 3D view which seems to model the entire system so you can access a report on any part of it with a click. Of course there is an option to see little trains chugging round and stopping at lights; how could this fail to enthuse developers?

The claim is that WPF/XAML combined with SOA makes creating this kind of application much easier than in the past (the whole thing is an XBAP – browser-hosted WPF).

I certainly found the demonstration thought-provoking. This particular case study is a great fit for a highly visual presentation, but to what extent does this also apply to the mainstream business applications that occupy so much developer time? What about the danger of prettification – highly visual apps that are slower and harder to use than the simple GUIs they replace? That app you are working on right now – would it benefit from a WPF redesign?

If you have any insights or comments on the above, I’d love to hear them.