Microsoft

When we reviewed Windows Phone a year ago, we liked a lot of what we saw, but recognized that it had more than a few gaps and rough edges. While the platform has attracted developers and applications, with more than 30,000 titles in the app store, success with consumers has been harder to come by. Though there are signs that the platform is at least appearing on buyers' radars, actual sales remain low.

Windows Phone 7.0 was not a perfect release. Desirable features—chief among them copy-and-paste and multitasking—were missing. It had an SDK and a development environment that were easy to use but narrow in scope; applications couldn't access the camera and were limited in the network connections they could make, for example. The release of the first upgrade, which added copy-and-paste, was anything but smooth, with delays, incompatibilities, and even the occasional bricked phone. Living with Windows Phone in the first year of its release meant living with some compromises.

Earlier this week, Microsoft reported the successful takedown of what it calls the Kelihos botnet, a network of more than 40,000 infected computers capable of sending 3.8 billion spam e-mails per day. But while criminals no longer control the botnet, the work needed to contain it is not over. Botnet traffic is now being redirected to a “sinkhole,” allowing the good guys to oversee traffic from infected machines and prevent further distribution of malware and scams.

Kaspersky Lab, which collaborated with Microsoft on the takedown, says 3,000 infected hosts are connecting to its sinkhole every minute. Kaspersky reverse-engineered the bot malware, cracked the botnet’s communication protocol, and then developed tools to attack its peer-to-peer infrastructure, explains Kaspersky Lab expert Tillmann Werner in a blog post. That allowed Kaspersky to create a situation in which the bots are "talking to our machine, and to our machine only. Experts call such an action sinkholing—bots communicate with a sinkhole instead of its real controllers.”

When we reviewed Windows Phone a year ago, we liked a lot of what we saw, but recognized that it had more than a few gaps and rough edges. While the platform has attracted developers and applications, with more than 30,000 titles in the app store, success with consumers has been harder to come by. Though there are signs that the platform is at least appearing on buyers' radars, actual sales remain low.

Windows Phone 7.0 was not a perfect release. Desirable features—chief among them copy-and-paste and multitasking—were missing. It had an SDK and a development environment that were easy to use but narrow in scope; applications couldn't access the camera and were limited in the network connections they could make, for example. The release of the first upgrade, which added copy-and-paste, was anything but smooth, with delays, incompatibilities, and even the occasional bricked phone. Living with Windows Phone in the first year of its release meant living with some compromises.

Microsoft is teaming up with the OpenNebula project to create infrastructure-as-a-service clouds combining open source software and Microsoft’s Hyper-V virtualization platform. While Microsoft has traditionally been no friend to open source projects, Redmond’s attempt to gain broader acceptance of Hyper-V has led it to submit drivers to the Linux kernel and to support several Linux-based operating systems.

But supporting Linux isn’t really enough. Virtualization is increasingly being used by businesses to deploy Amazon-like infrastructure clouds within their own data centers, using a mix of hypervisors and cloud automation software. OpenNebula, cloud software released under the Apache License, was already supported by VMware, Xen, and KVM, but not by Hyper-V. That will change in mid-October when a prototype of the Hyper-V and OpenNebula integration components will be released under the Apache license, says OpenNebula project director Ignacio Llorente.

“Microsoft is providing support and technical guidance to [the] OpenNebula open-source project to add and maintain Hyper-V on the list of officially supported hypervisors,” Llorente writes. “The integration will support both variants of Hyper-V, namely in Windows Server 2008 and Windows Server 2008 R2 SP1. Disk images will be managed using a shared storage server (e.g. SAN) and standard POSIX calls from the OpenNebula server. OpenNebula will additionally leverage the networking management functionality provided by Hyper-V. The integration will not require the installation of new services in the nodes, making [it] quite simple and rapid to build an OpenNebula cloud on existing Hyper-V deployments.”

Microsoft previously ensured Hyper-V interoperability with OpenStack, another open source cloud computing project developed by NASA and Rackspace. Hyper-V is taking on an increasingly important role in Microsoft’s Windows platform, and will be featured in next year’s Windows Server 8 as well as in the Windows 8 desktop OS.

Read the comments on this post

Fresh off the success of decapitating the Rustock botnet, Microsoft today announced the takedown of another botnet known as Kelihos, which controlled 41,000 computers worldwide and was capable of sending 3.8 billion spam e-mails per day. While not as massive as Rustock, Microsoft said the operation is noteworthy because it marks the first time Microsoft has produced a named defendant in a botnet civil case. Microsoft is also updating its Malicious Software Removal Tool to clean up malware distributed by the botnet.

“Kelihos infected Internet users’ computers with malicious software which allowed the botnet to surreptitiously control a person’s computer and use it for a variety of illegal activities, including sending out billions of spam messages, harvesting users’ personal information (such as e-mails and passwords), fraudulent stock scams and, in some instances, websites promoting the sexual exploitation of children,” Microsoft Digital Crimes Unit senior attorney Richard Domingues Boscovich writes. “Similar to Rustock, some of the spam messages also promoted potentially dangerous counterfeit or unapproved generic pharmaceuticals from unlicensed and unregulated online drug sellers. Kelihos also abused Microsoft’s Hotmail accounts and [the] Windows operating system to carry out these illegal activities.”

Microsoft has issued a security advisory about an exploit that can decrypt SSL and TLS Web traffic. While actual attacks are considered improbable, a security patch to protect Microsoft software is likely on the way.

As noted by Ars last week, security researchers have developed a hacking tool called BEAST, or Browser Exploit Against SSL/TLS, which can decrypt “secure Web requests to sites using the Transport Layer Security 1.0 protocol and SSL 3.0.” In the Microsoft advisory released yesterday, Microsoft listed affected software as Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Server 2008 R2 and Windows 7. A patch may be issued either in Microsoft’s usual round of monthly security updates, or in an out-of-cycle update “depending on customer needs.”

Citrix today released XenServer 6.0 with greater disaster recovery protection that removes dependencies on Windows virtual machines, but Citrix and Microsoft were still able to bolster their virtualization partnership with increased integration between XenServer and Microsoft’s management software.

Although Citrix and Microsoft have a strong virtualization partnership on both the technical and marketing fronts, several improvements listed in the XenServer 6.0 release notes include dropping requirements to use Windows to perform certain tasks.

Businesses have dragged their feet on upgrading from the ten-year-old Windows XP to newer versions of Microsoft’s operating system. First, they skipped Windows Vista en masse after the OS was the target of scorn from critics and IT analysts. Now, they are making the upgrade to Windows 7, but analysts at Gartner are worried some XP-using businesses will consider skipping Windows 7 in anticipation of next year’s release of Windows 8.

This would not be wise, Gartner and other analyst firms say. Microsoft will end support for Windows XP in April 2014. For a home user, that is a long time away. But enterprises have long deployment cycles for new operating systems that depend heavily on budgets, internal processes and third-party vendors updating applications to support the latest version of Windows.