My Latest Books Pulled from Apple Stores

Hey, if you dropped by one of the three remaining Apple retail stores and couldn’t find any of my most recent books, there’s a reason why.

According to CNN/Money magazine, Mr. Jobs doesn’t like iCon Steve Jobs: The Greatest Second Act in the History of Business, a biography about him that’s due to appear in the next couple of weeks.

Steve’s response? Pull all the books from the publisher, John Wiley, from the shelves of Apple Computer stores. (Actually, there are more than 100 of them, worldwide.) Since all of my most recent books are with Wiley, I guess you won’t be seeing any of my books on Apple Store shelves.

Ah well. Life goes on.

Longhorn Wrassling

WinHEC (Windows Hardware Engineering Conference) has arrived and, as expected, Microsoft is flogging Longhorn like a mad cow. We can expect to see Beta I this summer, but nobody knows when a feature complete beta will become available. The version that’s out right now (called “Build 5048”) was put together so the people who write Windows drivers could start playing with the system – it’s far from finished. Microsoft says the final product won’t be out until Christmas-time in 2006, so don’t hold your breath.

Loyd Case at PCMag.com has posted an initial review.

Neowin reports that all of the major Web sites have been forced to take down their screenshots of this initial test release of Longhorn: At the bloggers lunch yesterday I was taken aside and asked to remove the 5048 screenshots from Neowin. I expressed concern and asked why. “Because of the EULA,” hmmm so fair enough – we complied. Next, PCmag.com and Paul Thurrott were both asked to remove screenshots. This caused a big discussion in the press room at WinHEC between myself, Steven Bink, Chris Pirillo, Paul Thurrott and others. People couldn’t believe it, nor can I personally but I sort of understand it. Simply put – 5048 sucks. One year on and look what we’ve been given and seen of Longhorn. Chris Pirillo put it nicely, “it looks like ass” and another classic – “Only Microsoft could have an OS where you have a Windows 95 icon, a Windows XP icon and a Windows Longhorn icon in the same window” referring to My Computer in 5048, I’d post a screenshot but hey, I can’t.

You might want to see if Flexbeta still has its screen shots posted.

As I mentioned some time ago, I’m astounded at how much the current version of Longhorn looks like more of the same-old same-old, and the anticipated new features don’t seem to improve much on what’s already available. Maybe Microsoft has some rabbits up its sleeve, but for now, I’m completely unimpressed.

One of the slides at the keynote (which has also been pulled from the Web) shows the new anticipated timeline: Beta 1 this summer, with some sort of Beta 1 refresh in September. (Jim Allchin says that Beta 1 will be “about 1/3 feature complete”.) Beta 2 – which is supposed to have the final user interface – will ship sometime after the Beta 1 refresh, presumably around the end of this year or early next year. It’ll be a public beta, so you’ll have a chance to see Longhorn long before its release “in time for the holidays”, presumably in Fall, 2006.

Aaron Ricadela at Information Week reports that Gates, in his keynote, “…showed technology called Metro, a file format based on XML that will preserve the formatting of documents created in Microsoft Office apps and print them faster, and with better fidelity, on compatible printers. It’s reliant on graphics technology and APIs that will ship with Longhorn. Metro could also be a challenge to the Portable Document Format controlled by software maker Adobe Systems Inc.” Mary Jo Foley at Windows Watch compares Metro to PostScript, a page description language that’s been around for centuries.

Funny. I thought the free Word, Excel, and PowerPoint viewers did a pretty good job with preserving formatting, and that InfoPath was positioned as the PDF-killer. Now we get a “Next Generation Print Path”. Ah well. Sic transit gloria computerii.

I’ll be following the WinHEC blog at Neowin for a relatively unbiased, slightly jaundiced view of the proceedings. WinBeta has some good (but far from revolutionary) screen shots. I’m also keeping an eye on Paul Thurrott’s excellent coverage. Worth a look, if you have a few minutes.

Microsoft’s New Mantra: ‘It Just Works’

The April 21 edition of Fortune Magazine contains an article by David Kirkpatrick entitled “Microsoft’s New Mantra: ‘It Just Works'”. Kirkpatrick apparently had a private audience with Windows head honcho Jim Allchin (as did, oh, 50% of the computer press; see article below), so Allchin could pass on the good news and Party Line about Longhorn, the next version of Windows.

Of course, the title of the article caught my eye, as did the theme line (quoting Kirkpatrick):

“You shouldn’t have to spend a lot of time struggling with things,” Allchin said, adding that the number one design goal for Longhorn has been: “It just works.”

That may be Microsoft’s number one design goal for Longhorn, and it may be Microsoft’s Mantra, but it sure as shootin’ ain’t a new mantra – for Microsoft in general, or Windows in particular. Microsoft has been promising “Windows – It Just Works” for six years now. Windows Millenium Edition was supposed to be Really Cool because “It Just Works”.

Check out this press release from Microsoft, dated July 26, 1999: “It Just Works: The Consumer Windows Division is committed to providing consumers with a solution that ‘just works,’ from the moment a user starts their PC and throughout their daily computing experience. This promise will be delivered upon by the advancement of the PC’s self-healing functionality, in addition to providing a simpler set-up and a great out-of-the-box experience for new computer users.”

Why do I get a sinking feeling that we’ve been down this path before?

Windows Media Player – Plugged At Last?

It looks like Microsoft has finally, finally issued a patch (actually, a series of patches) for Windows Media Player 9 and 10 that plugs a troublesome security hole. Seems that most versions of WMP (prior to the ones that were quietly updated last weekend) can be tricked into going to a malicious Web site. The vulnerable versions of WMP will reach out to the Web site, expecting to get a Digital Rights Management license, then download a file and run it on your computer, all without your knowledge or consent.

This stupid DRM behavior persists even if you uncheck the box that allows WMP to “Acquire licenses automatically for protected content”. WMP may still go out, download and install a piece of malware, and you wouldn’t know anything about it.

Ed Bott has been at the forefront of this long and incredibly Byzantine story, and you should follow his instructions, posted here. You need to update WMP, whether Windows Update says you need to update WMP or not.

The Year in Worms, So Far

Kaspersky Labs has just released a fascinating report called “Malware Evolution: January – March 2005” that’s well worth your time.

Where have all the email worms gone? Why are most of the new IM worms written in Visual Basic, and designed to attack MSN Mail? The report answers those questions and many more.

I was surprised – no, stunned – to learn that half of all the files on the Kazaa P2P network these days are infected with P2P worms. A third of a million computers are turned into zombies every month. More than 2,500 spoofed Web sites were operating in January, luring phishing victims to divulge financial information.

So take a moment to look at the report. You don’t have to believe all of it – after all, Kaspersky has a vested interest. Still, the observations and conclusions they draw are well worth pondering.

Firefox Patch – version 1.0.3

Mozilla has just released a bunch of patches to Firefox, bringing the version number up to 1.0.3.

For a description of the patches, look here.

Or just download it here.

Re-Thinking Outlook 2003 Spam Filtering

The first time I saw the spam filter built into Outlook 2003, I was sorely disappointed: while Microsoft claimed it was built on Bayesian techniques, there was no way to tell the filter if it had mis-handled a message, and there was no way to adapt the filter to my individual version of “junk.” I tried to use the filter many times, got a bunch of false positives, and threw up my hands in disgust.

Then, in late 2003, a company called MAPILab published a thorough analysis of the spam filter in Outlook 2003, and I felt vindicated. The authors showed precisely, technically, how the Outlook 2003 spam filter relied on a rather unsophisticated dictionary look-up algorithm that couldn’t possibly adapt to individual user’s needs. (MAPILab has since pulled the report “due to legal issue”, but you can see the original here, in the Web Archives’ WayBack Machine.

I’ve tried using the Outlook 2003 spam filter, off and on, for the past year, and it generally left me cold – it generated far too many false positives, taking perfectly legitimate messages and slamming them into the Junk Mail folder’s never-neverland. But in the past few months, it’s gotten better. Much better. I now use the filter exclusively, and rarely find false positives.

Whhat happened? The filter got a whole lot better, at least in my case. While Outlook doesn’t have the hooks necessary to implement a Bayesian filter that adapts to my profile, the program itself works better, and the dictionary comes very close. I still get a handful of annoying messages in my inbox every day. But I rarely find important mail in the Junk Mail folder.

I have always been concerned about the fact that what’s spam to me may not be spam to you – thus, the importance of individually adaptable Bayesian filters. What I overlooked was the fact that almost all of the masses of spam out there today qualifies as “spam” to just about anybody. There’s insecurity in numbers. Microsoft has legions of people working on identifying spam as it emerges, and the people who are honing both the programs and the dictionary are doing a very credible job.

I just cracked open this month’s Scientific American and read a little bit about the mathematics behind the current filter. Check out Stopping Spam / What can be done to stanch the flood of junk e-mail messages? / by Joshua Goodman, David Heckerman and Robert Rounthwaite, all of whom are Softies. Impressive reading.

More Details About Longhorn

Windows Group VP Jim Allchin has been flying all over the US spreading the gospel and spilling a few beans about the next version of Windows – which is still known as Longhorn.

Joris Evers from IDG/PC World, Carol Sliwa and Robert L. Mitchell at ComputerWorld, John Foley at Information Week, Ina Fried at ZDNet/CNET, and Michael Miller at PC Mag all have essentially identical coverage. As usual, Paul Thurrott had the most insightful coverage in his WinInfo Daily Update newsletter. And, as usual, Mary Jo Foley’s Windows Watch site included some tantalizing additional information.

When it comes to features, I’m still not overly impressed with Longhorn – but I may change my mind. We’ll see a new 3D interface (Avalon, driving the Aero interface – the “glittergrade”?). There’s new plumbing for Internet applications (Indigo). We’re supposed to get “Instant Desktop Search”, but whether it’ll be much better than Google Desktop Search remains to be seen. (No, I don’t use Search Folders in Outlook 2003, and I’d be willing to bet that the new Longhorn “Virtual Folders”, sans WinFS, will have all of the same problems). Microsoft says that it will finally get a folder synchronization routine that works. Could happen. Heaven knows they’ve been trying long enough.

On the security front, I wonder how Longhorn will balance the power of Admin accounts with the new default “Standard User” accounts. As for parental controls, pardon me while I guffaw. Any teenager who can read a newsgroup posting will be able to crack whatever Microsoft comes up with, in no time flat. “Whole-volume encryption” sounds a lot like NTFS encryption. Where’s the beef? IPv6 is neat, but I wouldn’t pay for it. So far, Longhorn’s feature set strikes me as being a whole lot of warmed-over-what-we-got-now.

As for the schedule… man, Microsoft’s bafflegab machine is in high gear.

There’s a “pre-Beta 1” going out to WinHEC attendees next week. No word on how that differs from the Avalon and Indigo preview that Microsoft released a few weeks ago, except that pre-Beta 1 is “dramatically improved” and we still won’t see the much-anticipated Aero interface.

After the pre-Beta 1 we get “a Beta” after the Professional Developer’s Conference in September, per Mr. Allchin. I have no idea if this Beta will be the real Beta 1, Beta 1 Reloaded, pre-Beta 2, pre-post-Beta-Preview 3, or The Beta At The Bottom Of Blackcomb. Paul says that Microsoft’s interrnal schedule calls for Beta 1 in May (about the same time as the “pre-Beta 1”) and Beta 2 in October (about the same time as Allchin’s “a Beta”). Mary Jo says Beta 1 will go out in July/August, with “Technology Previews” in late 2005 and early 2006, with Beta 2 sometime in the first half of 2006. Clearly, Microsoft’s timeline is up in the air, although they will shove something out the door at the end of this month, and no doubt have something else ready around the time of PDC.

Longhorn’s final delivery date is way up in the air, too. Not too long ago, Microsoft announced that Office 12 (the next version of Office) would not require Longhorn, thereby prompting speculation that the Office and Windows development teams were off on separate schedules, presumably because Office would be done long before Longhorn. But Allchin’s comments have me scratching my head (and other parts of my anatomy). He says, “We’re still on track for shipping by holiday 2006, so we’ll be done before then.” Paul’s conjecture is that Microsoft may hold off on shipping Longhorn until Office 12 is ready – presumably, Christmas 2006.

This much I know for sure. If we’re still 12 to 16 months away from a final product, absolutely anything could happen, with either Longhorn or Office 12. Stay tuned.

JET Database Vulnerability

HexView, the same company that discovered the holes in Word that were just patched, released a security advisory on March 31 that details an exploit in the Access JET database engine.

It isn’t a huge, gaping security hole, in my opinion. But it’s one that every Access user should know about.

Here’s how it works. Many Access applications use the old, tired JET database engine. The guys at HexView have found a way to jigger an Access database – an .mdb file – so that opening the file could clobber your computer, thanks to this hole in the JET engine.

I’m not the least bit certain as to which versions of JET are vulnerable, and there’s a lot of cat-fighting on the security boards. If you have the file msjet40.dll on your machine, you are probably vulnerable. There’s a working sample of “bad” code posted on the Internet. As the author says, “The issue is trivial to exploit.”

The bottom line: you should assume any Access database you receive could be infected. Your antivirus software might not pick up the infection. Access itself won’t warn you. If somebody sends you an .mdb file attached to a message, you should be suspicious, and check with the person who sent it to you before you open it.

New Malicious Software Remover

One bright light shone amid all the doom and gloom of this month’s Patch Tuesday (see the next article). Microsoft’s new virus scanner doesn’t scan for very many viruses, but it does hit the high points, and it manages to zap most of the recent baddies, without messing up your system.

Microsoft has a site that’ll run the program – but for the life of me, I can’t get it to work with either Firefox or IE. Guess it’s those pesky default security settings. Best to download and run the scanner. It only takes a couple of clicks.

Four New Windows Patches and One Each For IE, MSN Messenger, Exchange Server, and Word

As expected, Microsoft released four security patches for Windows on Patch Tuesday. Those of you who run Windows XP Service Pack 2 will only be interested in three of them: MS05-016, MS05-018, and MS05-019. If you have Windows XP SP1 or Windows 2000, you should also look at MS05-017.

There’s a patch for Internet Explorer (actually, three different patches rolled into one Security Bulletin): MS05-020. Microsoft already knows that there are bugs in this patch. Kinda makes you feel warm and fuzzy, eh?

MSN Messenger gets patched, MS05-023 , but only if you have the older version, MSN Messenger 6. The recently released MSN Messenger 7 is OK (details about downloading MSN 7 below).

Word got a patch (actually two patches, but they’re bundled together), MS05-024, for the versions of Word in Office 2000, Office XP, Office 2003, and all the modern versions of Works. This patch tackles a buffer overrun problem that was first announced six months ago. Microsoft has taken advantage of the opportunity to roll up more than 30 additional patches into this one download, so caveat emptor.

Patch MS05-021 only affects Exchange Server.

My recommendations:

DON’T install any of the patches yet. Wait until the patches get patched.

Install Service Pack 2 – Microsoft has worked out the bugs. I talk about it in the latest editions of my books, and there’s a quick overview on my Microsoft Patch Reliability Ratings page.

That IE patch is a disgrace. Microsoft obviously rushed it out the door. There’s one tiny part of the patch that affects Outlook (remember that IE is used to “render” formatted email messages – kind of like rendering lard). You can circumvent all of the other problems by simply installing and using Firefox.

If you use MSN Messenger, go ahead and get version 7. It seems to be stable.

Watch the Microsoft Patch Reliability Ratings page. for updates. I’ll give the all-clear when things look right.

MS Releases MSN Messenger 7 and MSN Spaces

Microsoft just released MSN Messenger 7, which includes video conferencing, higher-quality audio, winks and nudges, the ability to view photos and slide shows together, and even broadcast notification to all of your buddies, telling them which song you’re currently listening to (providing you’re listening to the song with Windows Media Player or iTunes).

Microsoft has also officially announced availability of MSN Spaces, the ‘Softie blogging service “enabling people to connect on their own time, letting friends and family know they have something new to share via “gleam” notifications on their MSN Messenger contact list.”

All of this gets mixed in with the usual Microsoft sell-sell-sell routine: free Theme packs that advertise Adidas and Sprite; extra-cost options in many forms; ads at the beginning of video chats; ads at the top of your Spaces blog; ads in the chat window; ads on Tabs. Why, if you click on that song your buddy is listening you, MSN Messenger will give you the opportunity to purchase the very same song, right there online. Golly gee.

Gleam me up, Scotty.