The Russian government is using Microsoft software piracy investigations as a pretext for seizing computers and other materials from political opponents and news organizations, according to a comprehensive report in The New York Times. The report accuses Microsoft of supporting the raids despite their political nature. Furthermore, the software giant is reportedly refusing to help targeted groups that have gone out of their way to purchase legitimate software, saying the issue is in the hands of the Russian security police.

On top of all of this, international anticorruption group Transparency International and Russian human rights group Memorial are claiming that certain private lawyers representing Microsoft are involved in corruption schemes (the accusations appear in a separate Times article). Specifically, the two groups say they have received dozens of reports where corrupt Russian officials allegedly work with lawyers from Microsoft to seize computers, claim that they have found pirated Microsoft software, and demand bribes.

In response to the report, Microsoft gave the Times a very detailed statement, admitting that its antipiracy efforts may need some improvement. "We have to protect our products from piracy, but we also have a commitment to respect fundamental human rights," a Microsoft spokesperson told The New York Times. "Microsoft antipiracy efforts are designed to honor both objectives, but we are open to feedback on what we can do to improve in that regard." 

Microsoft says it has promised Russian human rights advocacy groups that it will make three changes: improve the training and accountabilities tied to its antipiracy program, publish a list of its authorized representatives in Russia on its website, and increase awareness of its Infodonor program, which makes software available to NGOs for free in Russia.

Read the comments on this post

Microsoft today opened up a little on the results of its strategy for Windows Live Messenger Wave 4. We had the chance to talk to Dharmesh Mehta, Windows Live Director of Product Management, who explained to us that his team has realized the social networking market is not one that Microsoft should enter and just throw money at. Instead, he says, Windows Live is taking the low-cost and easier approach of partnering with the existing leaders of the social Web (Facebook, MySpace, LinkedIn, YouTube, and Twitter were all mentioned by name).

Messenger is easily the most popular Windows Live application with 330 million active users. Dharmesh explained that while the application started out as a closed IM network, its future is in helping users share all the types of content they already consume—audio, video, status updates, and text messages. Currently, this content overload is resulting in "people missing lots of stuff." He revealed that since the beta release, the number of users linking third-party services to Messenger has tripled, while data being shared has quadrupled.

Facebook and Twitter

"Nobody wants another Facebook," Dharmesh told Ars. So with the recent beta, Microsoft added Facebook integration. The beta has been out for just eight weeks in just seven languages. Despite these constrains, Microsoft points to AppData, which shows that Windows Live Messenger already ranks fourth in daily active users who connect to Facebook worldwide. Specifically, about 4.6 million Messenger users are using the client to consume their Facebook feed, comment on something, or communicate with Facebook Chat users. Dharmesh didn't know the number of users on Messenger beta, but he said it was somewhere between 6 million and 10 million, which makes the number even more impressive. 

At one point, Windows Live Messenger was capable of hooking up to Twitter and displaying tweets within the application. About three months ago, however, Microsoft killed its implementation and now Twitter support is nowhere to be found. Twitter's "anatomy of a tweet" changed in the last 6 to 8 months, according to Dharmesh, and Microsoft was no longer able to use tweets in Messenger. "We currently don't have the ability to integrate with Twitter in the standard approach due to the recent change of terms of use" he told Ars. "We want to work with Twitter 100 percent, but right now we can't do it."

"Windows Live and Twitter would love to work together in a fashion that is great for customers and their respective businesses," a Microsoft spokesperson followed up with us. "We previously had an implementation, but it didn't meet Twitter's latest policy updates and so we have taken that down while we work through how to best deliver this scenario and are actively working to build a great solution, but don’t have anything to announce at this time."

This must be particularly annoying for the Windows Live team, given that Bing has access to the whole Twitter firehose. Unfortunately for Microsoft, Twitter now looks at each of the software giant's teams as separate entities with which it needs to make separate deals. While Facebook support is thriving on Windows Live, it looks like Twitter won't be added for a long time, or at least not in time for the Wave 4 release.

Read the comments on this post

The US Court of Appeals for the Ninth Circuit today ruled (PDF) on a long-standing case involving used software on eBay, and it came to an important decision: if a company says you don't have the right to resell a program, you don't have that right. Could this mean the end of the resale market for all digital content? Yup. But the court says it had no choice.

The case is Vernor v. Autodesk, in which Timothy Vernor made his living from selling items (including software) on eBay. Vernor had picked up some old copies of AutoCAD from an architect's office sale, complete with their serial numbers, and he put them up on eBay noting that they were not currently installed on any computer. Sounds legal, right?

According to the Microsoft Security Response Center, Microsoft will issue nine Security Bulletins addressing 13 vulnerabilities on Tuesday, September 14. It will also host a webcast to address customer questions the following day.

Four of the vulnerabilities are rated "Critical" and the other five are marked "Important." All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least four of the nine patches will require a restart.

Late last week, a security flaw in Internet Explorer 8 was publicly disclosed to the Full Disclosure mailing list. The flaw allows attackers to steal private information from online services such as web mail and Twitter, allowing attackers to, for example, delete e-mails or send tweets from their victims' accounts.

The post was made by Google employee Chris Evans. He stated that the reason for going public was to try to persuade Microsoft to fix the problem—the new flaw is a variant on an older attack, and the details of the flaw were made public in a paper authored by Carnegie Mellon students that Evans reviewed. While the other major browser vendors have made fixes to their browsers to prevent attack—Chrome 4.0.249.78, Safari 4.0.5, and most recently Firefox 3.6.7 and 3.5.11 all include protection against the flaw—Microsoft has thus far failed to update Internet Explorer to provide protection.

Microsoft unveils shape-shifting Arc Touch Mouse: Microsoft has officially announced the $70 the Arc Touch Mouse. The device is available for presale now, starts shipping in December, and officially goes on sale in January.

New malware detects browser, shows fake malware warning page: There's a clever new piece of malware that goes to extreme lengths to pass itself off as genuine software.

Microsoft is warning about a new piece of malware, Rogue:MSIL/Zeven, that auto-detects a user's browser and then imitates the relevant malware warning pages from Internet Explorer, Firefox, or Chrome. The fake warning pages are very similar to the real thing; you have to look closely to realize they aren't the real thing. The ploy is a basic social engineering scheme, but in this case the malware authors are relying on the user's trust in their browser, a tactic that hasn't been seen before. 

Beyond the warning pages, the actual malware looks like the real deal: it allows you to scan files, tells you when you're behind on your updates, and enables you to change your security and privacy settings. Performing a scan results in the product finding malicious files, but of course it cannot delete them unless you update, which requires paying for the full version. Attempting to buy the product will open an HTML window that provides a useless "Safe Browsing Mode" with high-strength encryption. To top it all off, the rogue antivirus webpage looks awfully similar to the Microsoft Security Essentials webpage; even the awards received by MSE and a link to the Microsoft Malware Protection Center have been copied.

While the malware is a pretty good attempt, it's not perfect. The goal is to get the user to download and install something, shelling out some cash in the process, which neither of the three browser vendors would ever recommend. The Firefox warning page, meanwhile, has an obvious typo ("Get me our of here"). In addition, it's suspicious that a webpage is going out of its way to tell you it is protecting your purchase. It's also not hard to check that the supposedly detected files do not actually exist on the user's computer. All of these missteps should raise red flags immediately; having said that, we've still not before seen this level of detail and effort from the bad guys.

Malware progress

Just two years ago, a fake malware warning page and a fake antivirus looked like this: