:: Microsoft on Vista - 'The time of worry is over.' ::

By Atif Latif

Microsoft wants its partners and customers to know that it's done letting its competitors and critics walk all over Windows Vista.

We know our story is very different from what our competitors want us to think. We are drawing a line and are going to start telling the real story about Vista.

While someone didn't call out Apple by name (he instead referred to a "pretty noisy competitor out there"), he made it clear that Microsoft is finally going to hit back via ad campaigns, including the $300-million-plus one it has under development, sadly, Microsoft didn't show off during the keynote any of the new ad collateral that Crispin Porter is creating.

At the Microsoft partner show, people reiterated the same messages that Microsoft has been attempting to get out to the market over the past few months. He acknowledged that partners stopped believing that Microsoft would ever manage to ship Vista and thus didn't prepare adequately for the launch of the operating system. He admitted that many of the feature changes, especially those in the security area, broke a lot of hardware and software apps. And he emphasized that the Vista that Microsoft first shipped nearly two years ago is very different from the Vista that's out in the market today. Microsoft is using Windows Update to ship updates to Vista users every week in order to continue to improve and hone the product, he added.

People also re-emphasized that because Windows 7 won't veer widely from Vista's hardware requirements and core set of features, partners should encourage customers to move to Vista today in so they will be well-prepared for Windows 7.

During his keynote, staff took the wraps off a new portal site, the Windows Vista Compatibility Center, which is designed to provide users with a single place to check whether specific hardware and software is compatible with Vista. The site currently lists 9,000 devices and software products (3,500 apps and 5,500 devices) --- a number that Microsoft is planning to expand via customer and partner feedback. The site will be all about helping to 'bust the myth' that Windows Vista is not compatible with many apps and devices, Brooks said.

The new Vista Compatibility site has no connection (so far) with Microsoft's still-private 'Don't Blame Vista' tool, a k a Windows Advisor. But over time, I wouldn't be surprised to see the site and the tool tied together in some way.

Risks are a part of every small business. Making the move to Windows Vista isn't one of them. Buy a new PC with genuine Windows Vista Business or Windows Vista Ultimate and receive free coaching and support from Microsoft to help you get the most out of Windows.

As part of the programme, Microsoft is providing free phone support; tips and tricks via a new Vista Small Business Assurance Web site; and access to existing online tools and guidance.

The quiet majority of million and millions of Windows Vista users out there are going to have a great experience. The message is 'Move to Vista. The time of worry is over.

I, for one, can't believe it has taken Microsoft so long to get more proactive about trying to polish Vista's tarnished image. What do you think Microsoft needs to do to regain control of the Vista conversation? Are these kinds of programmemes, portals and ad campaigns enough?



Storm Worm's Independence Day campaign

A Storm Worm's Independence Day campaign is circulating online using email as propagation vector, attempting to trick users into visiting a Storm Worm infected host, where a multitude of what looks like over five different exploits attempt to automatically infect the visitors next to the malware binary fireworks.exe. Historically, Storm Worm is constantly changing its tactics, and the use of live exploit URLs is back in their arsenal for the last last couple of campaigns. Therefore, visiting a Storm Worm infected IP sent to your email would launch multiple exploits against your third-party software.

Colorful Independence Day events have already started throughout the country. The largest firework happens on the last weekday before the Fourth of July. Unprecedented sum of money was spent on this fabulous show. If you want to see the best Independence Day firework just click on the video and run it.

Storm Worm is a case study on successful social engineering attacks based on the timing, combination of tactics, and their persistence. In this particular campaign, they rely on the fact that a lot of users would be clicking on their exploit serving links from their homes, and that being away from the at least theoretically better hardened corporate network, would result in more infections. Storm is among the many other botnets currently active online, which when partitioned and access to them resold to different parties, make it harder to keep track of its size, since the wannabe botnet masters introduce new malware on the Storm Worm infected hosts, using them as foundation for creating their own unique botnet.

Moreover, the stereotype of zero day vulnerabilities as the critical success factor for a malware campaign, was originally broken by the time Storm Worm took the leading position as the largest botnet online for a certain period of time, without exploiting a single zero day vulnerability but relying on the fact that unpatched vulnerabilities are just as effective as zero day vulnerabilities when you diversity the exploits set well enough.

In times when client-side vulnerabilities are driving the success rates of malware campaigns, unpatched software or third-party software is just as vulnerable as unpatched software or third-party software that's getting exploited with a zero day vulnerability. So consider self-auditing yourself by ensuring you're not running unpatched third-party software, and stay away from spam and phishing emails enticing you to visit a particular URL in general, since both are starting to converge with malware.