Problem with Vista SP2 and Kaspersky Internet Security

Reader P wrote with a warning about installing Vista Service Pack 2:

I just got bit by Microsoft Vista SP2 update. I took a backup before I installed Vista SP2 just to be safe and guess what after 15 minutes of using the new SP2 software I got a blue screen with the error code of 7B. Tried Vista repair using my Vista SP1 CD and was informed that no fix existed.

Then later…

Hi Woody, turns out that Kaspersky Internet Security 2009 was the cause of the problem. After deleting KIS 2009 I managed to install Vista SP2 successfully.

There’s a detailed discussion on the Kaspersky Lab site.

At the risk of repeating myself, I do NOT recommend that you install Vista Service Pack 2 just yet. There are bound to be lots of niggling problems.

We remain at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

AOL is Free!

So who cares?

Time Warner just announced that it’s going to spin off AOL, in an attempt to distance itself from what must surely be one of the most disastrous and ill-formed acquisitions in history.

Time Warner could’ve revived AOL. I think. Instead, AOL has just slowly sunk into the sunset.

New 0day in DirectShow

Microsoft has just released information about a newly discovered 0day vulnerability in DirectShow. The bad guys can use it to create a drive-by web page that can take over your system, simply by surfing to the page.

Security Advisory 971778 says:

Microsoft is investigating new public reports of a new vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted QuickTime media file.

The MS Security Research & Defense site goes on to say:

The vulnerability is in the DirectShow platform (quartz.dll). While the vulnerability is NOT in IE or other browsers, a browse-and-get-owned attack vector does exist here via the media playback plug-ins of browsers. The attacker could construct a malicious webpage which uses the media playback plug-ins to playback a malicious QuickTime file to reach the vulnerability in Quartz.dll. Please note this type of attack could happen for any browsers, not IE specific.

There is also a file-based attack vector by opening a malicious QuickTime file via Windows Media Player to trigger the vulnerability.

Microsoft offers a simple solution – a “Fix It For Me” option in the related Knowledge Base article. It wouldn’t hurt a bit if you went to KB 971778 and clicked the “Fix It” button to, uh, Fix It. The worse that’ll happen? DreamScape won’t run QuickTime files.

Vista Service Pack 2 = 843 Patches

Microsoft just posted a list of all the patches and hotfixes that have been rolled into Vista Service Pack 2. All 843 of them.

So far, the newsgroups have quite a few messages about installation failures. Some people have found that SP2 doesn’t play well with NOD32 v 4. And so on.

We waited many months for Vista SP2. You can afford to wait another week or so, to see what shakes out. Patience, grasshopper.

Bing? Microsoft pays money for this stuff?

The latest edition of MSN Search, er, Windows Live Search, uh, Live Search, formerly code-named Kumo, has now emerged as Bing.

Imagine. Instead of telling someone to “Google it,” you can now tell them to “Bing it.” Kinda has a nice, cheap and sleazy feel to it, eh?

Advertising Age says that Microsoft will spend $80,000,000 for an advertising campaign designed to convince you to Bing it.

People with knowledge of the planned push said the ads won’t go after Google, or Yahoo for that matter, by name. Instead, they’ll focus on planting the idea that today’s search engines don’t work as well as consumers previously thought by asking them whether search (aka Google) really solves their problems. That, Microsoft is hoping, will give consumers a reason to consider switching search engines, which, of course, is one of Bing’s biggest challenges.

Maybe I’m old-fashioned (heck, maybe I’m the only sane one left), but I just can’t imagine having Internet Explorer sitting on my desktop, the search bar in the upper right corner, with a subtly grayed-out “Bing” in the search bar inviting me to search the Microsoft way.

I should start taking bets on how long this name will last.

UPDATE: MS is renaming Virtual Earth “Bing Maps.” Farecast (which is a worthwhile service!) becomes “Bing Travel.” Gawd, you’d think they would’ve learned something from the horrible “.NET” branding some years ago.

Get ready for Windows Vista and Server 2008 SP2; It has arrived!

It looks like Windows Vista & Windows Server 2008 Service Pack 2 has been released to the public for download at both Windows Update and at the Microsoft Download center. Check out the following MS Technet page on Windows Server 2008 SP2 & Windows Vista SP2:
http://technet.microsoft.com/en-us/windowsserver/dd727510.aspx

Note that Microsoft has only posted the five language standalone version of the huge SP2 downloads for x64 and x86 systems. The all language standalone edition of the SP2 downloads are not yet available until sometime in June. If you look at the Download Center info page on either the x64 or x86 edition of the SP2 downloads, the pages make references to the all language edition downloads of Vista/Server 2008 SP2 but the links to them are broken.

Recap of how and when Vista/Server 2008 SP2 was released so far:
RTM (release to manufacturing) or finalized April 29, 2009
released to MSDN/Technet subscribers as 5 language standalone downloads April 30, 2009
released to MSDN/Technet subscribers as integrated SP2 DVD ISO images May 11, 2009
released to MSDN/Technet subscribers as all language standalone downloads May 22, 2009
RTW (release to web) or GA (general availability) starting May 26, 2009

Caution: If you are using Bluetooth devices, do NOT install SP2 yet. Bluetooth devices connected to USB 2.0 ports may not work correctly with SP2 installed. This has been documented in MS KB article 970408. Wait until Microsoft offers a solution or a fix for it.

Article Updated: May 30

Windows 7 Starter to Drop 3 App Restriction?

That’s the hot topic in Windows 7 land.

Windows 7 Starter Edition – which will only be available pre-installed on laptops – was hobbled by Microsoft. Among other restrictions, Starter Edition only allows thye consumer to run a  maximum of three programs concurrently. As Ed Bott explained ages ago, that three application restriction didn’t include many apps that most people use all the time. It wasn’t – and isn’t – clear which apps Microsoft includes in the three application count.

The three app restriction has always been a red herring – as best I can tell it was invented by a committee that said, in essence, “We have to find something to differentiate our more-expensive versions of Windows 7, to convince people to pay for an upgrade.”

That’s precisely the wrong way to approach the feature set decision. Somebody should’ve asked, “What does it take to make sure every new netbook ships with Windows?” That’s the crux of the matter.

Hobbling the maximum number of concurrent applications doesn’t add to Microsoft’s coffers. Ensuring every new netbook ships with Windows 7 has all sorts of good side-effects. Good for Microsoft, that is. MS would also benefit from ensuring that every hardware manufacturer offers Windows 7 Home Premium as an inexpensive upgrade to the Starter package: if I have to spend an extra $30 to get Home Premium, instead of the Starter edition, with my new netbook, I’ll open up that vein and send more lucre Microsoft’s way.

(Remember I’ve been running Windows 7 Ultimate on a plain ol’ everyday Asus Eee PC 1000H for the past three months, and it works like a champ.)

As things stand, Paul Thurrott claims that Microsoft has just decided to lift the three app limitation in Windows 7. Ed Bott tweets that the matter is under discussion, and not decided yet. (Ed’s in Redmond right now in a Windows 7 briefing/lovefest. I think Paul’s in Redmond, too.)

My guess is that Paul’s sources have trumped Ed’s. We should know for sure soon enough.

Polishing off the new Chrome

It’s been a slow news week, with British tabloid The Sun taking top ranks for titillating news, confirming what we’ve all known for decades: IT workers are the best in bed.

Nevermind.

Now comes word that Google has officially raised the version number for its Chrome browser. Chrome 2.0 (actually, Chrome 2.0.172.28), branded a “stable update” – probably to differentiate it from all of those unstable updates – includes substantial speed improvements, improved security, a number of interface tweaks, and more stability.

Unfortunately, it doesn’t address the substantial privacy concerns that are part and parcel of Chrome’s operation. Michael Muchmore at PCMag put it well:

Will Chrome be just another way for the company to gather even more detailed information on your activities and habits? The designers have said that the JavaScript renderer works in a virtual machine with no access to the rest of your system, but that’s not necessarily the case for the app as a whole. Also, the tech press has noted that each copy of Chrome has an identifying number that’s tied to any data Google collects. It’s worrisome, and a move similar to one Microsoft took a lot of heat for a few years ago with the Windows XP launch.

So by all means take Chrome 2 for a spin, but realize that Big Brother may be watching.