There has been a lot of commentary following last week's New York Times op-ed by Dick Brass, a former Microsoft executive who claims that the company is bogged down by process and infighting, and has hence lost its ability to innovate.
One of the most interesting follow-ups comes from Groklaw, which dug up some e-mails placed into the public record a few years ago during an antitrust case against Microsoft. (These materials have been a treasure trove of interesting and sometimes-embarrassing internal communications, including then-Windows chief Jim Allchin's 2004 admission that he would have bought a Mac over a Windows PC at that time.)
Almost immediately after Apple launched the iTunes Music Store in April 2003, Microsoft Chairman Bill Gates sent an e-mail to a bunch of folks in the Windows Media and MSN groups praising Steve Jobs' ability to get "a better licensing deal than anybody else has gotten for music." He continued, "We need some plan to prove that even though Jobs has us a bit flat-footed again, we move quick, and both match and do stuff better."
Allchin added his opinion in a follow-up e-mail: "We were smoked."
A bit of history
At the time, the major record labels had built a couple of music stores, as well as online-delivery platforms Pressplay and MusicNet, which were almost universally panned for their lack of usability. Initially, songs purchased through the services couldn't be burned to CD or transferred to any portable device. Other online music stores were similarly hampered.
By the time Jobs struck his iTunes Music Store deal, the labels had loosened these restrictions only slightly, and they still required users to pay a subscription fee for a limited number of downloads or streams. Jobs was able to get consistent (99 cent) single-song download pricing, unlimited CD burning, and--critically--unlimited transfers to the iPod.
As Allchin asks, "How did they [Apple] get the music companies to go along?" Jobs' personal magnetism, as well as status as a Hollywood insider through his founding of Pixar Animation Studios, probably had some effect. But more importantly, the iTunes Music Store was originally Mac-only.
The Mac had less than 5 percent market share at the time, so content owners probably figured that allowing single-song downloads into such a small market would provide a good test bed for Apple's FairPlay DRM system and pricing model.
By the time Apple was ready to launch the Windows version of iTunes in October 2003, Apple had sold 13 million songs through the service, outpacing all other music stores, despite the Mac's small market share. In other words, FairPlay and the consistently priced single-song downloads worked.
Almost seven years later, the iTunes Store is the largest music retailer in the United States, online or offline, and most of the stores based on the Windows Media Platform (including MSN Music) are out of business or have moved to selling unrestricted MP3 files.
Getting back to Dick Brass's criticism of Microsoft, I find it fascinating that top Microsoft executives were aware almost immediately of the threat the iTunes Music Store posed to the whole Windows Media ecosystem, but Microsoft was still unable to stop it. This matches what I've seen time and time again in my last 10 years following the company.
Microsoft has some smart executives who can quickly and correctly assess market changes and opportunities. Often, they come up with a good strategy to capitalize on those changes. But somewhere between strategy and execution, the thread is lost. Windows Media and Zune are most relevant to this blog, but you can see it elsewhere: online advertising, search, and mobile phones, to name three obvious examples.
Microsoft fixed 26 vulnerabilities in 13 security bulletins as part of its Patch Tuesday, including critical ones for Windows that could be exploited to take control of a computer and one that has resided in the 32-bit Windows kernel since its release 17 years ago.
The top priorities for deployment are bulletins plugging holes in the SMB (Server Message Block) Protocol, Windows Shell Handler, ActiveX via Internet Explorer, DirectShow, and the 32-bit version of Windows, Jerry Bryant, a lead senior security communications manager at Microsoft, wrote in a blog post.
The DirectShow bulletin should be at the top of the list, according to Bryant. It is critical for all supported versions of Windows except Itanium-based server products. To exploit the hole, an attacker could host a malicious AVI (Audio Video Interleave) file on a Web site, and lure a user to visit the site or send the file via e-mail so the user could open it.
In the SMB bulletin, critical for all versions of Windows except Vista and Server 2008, an attacker would need to host a malicious server and convince a client system to connect to it, or an attacker could try to perform a man-in-the-middle attack by responding to SMB requests from clients, Bryant said.
In the critical Windows Shell Handler vulnerability, which affects Windows 2000, XP, and Server 2003, an attack could come via a specially crafted link that appears to be valid to the ShellExecute API (application programming interface).
The cumulative update for ActiveX Killbits is critical, but a Killbit does not address the underlying vulnerability. It is a registry setting that keeps the vulnerable ActiveX control from running in IE.
The vulnerability affecting the 32-bit Windows kernel, which Microsoft announced last month, after Google engineer Tavis Ormandy disclosed it on a security e-mail list, could allow an attacker to elevate privileges to full system access, once the attacker is already in the system.
Microsoft's Adrian Stone and Jerry Bryant explain the security bulletins in a video on the Microsoft Security Response Center blog.
(Credit: Microsoft)Much as been made of the fact that the hole is 17 years old, but Ormandy said he informed Microsoft about it in June 2009. "You can criticize them for taking a long time to fix a bug," but not if they didn't know about it, said Pedram Amini, who runs the Zero Day Initiative.
Microsoft is aware of publicly available proof-of-concept code for that issue, but is not aware of any active attacks at this time, Bryant wrote.
The most important bug for IT security teams is the one affecting DirectShow, said Andrew Storm, director of security compliance at security firm nCircle. "The nature of the exploit lends itself to drive-by attacks that leave unsuspecting victims infected," he said. "Since media is what excites people most on the Internet today, an exploit of this bug would make it extremely easy to entice users to watch videos that are actually gateways to malware."
Meanwhile, the Shell Handler vulnerability has the potential for an unlimited amount of damage, which should make potential attackers take notice, he said.
This month's "sleeper update" is probably a hole in Windows TCP/IP (Transmission Control Protocol-Internet Protocol) that could allow remote code execution if specially crafted packets were sent to a computer with IPv6 enabled, said HD Moore, chief security officer of Rapid7. "While it has an exploitability rating of 2 based on the requirement for an attacker to be on-link to the target host, Wi-Fi access points provide link level connectivity to target systems" he said. "Customers should not confuse the exploitability index with exposure severity--the priority of this patch should be raised where mobile users are prevalent."
Two bulletins, both rated "important," affect older versions of Microsoft Office and could allow an attacker to remotely execute code on the computer via a hole in PowerPoint or via a specially crafted Office file.
The bulletins affect Windows 2000, XP, Vista, and Windows 7, as well as Server 2003 and 2008, Office XP, Office 2003, and Office 2004 for Mac, according to the advisory.
Microsoft also issued a security advisory to provide a work-around for a publicly known hole in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
And Microsoft updated its Malicious Software Removal Tool to include the Win32/Pushbot, a worm that spreads via MSN Messenger and AIM, and opens a backdoor so an attacker can take complete control of the machine.
Microsoft is still working on patches for a hole disclosed last week in Internet Explorer that could lead to data leakage and an SMB hole that was disclosed in November.
"The [SMB] issue cannot be used to allow an attacker to take control of a system remotely, but instead can result in a system becoming unresponsive due to resource consumption," Microsoft said in a statement. "At this time, Microsoft is not aware of any attacks using this vulnerability."
Updated 12:33 p.m. PST with nCircle and Rapid7 comment.
Although some users have been grumbling about a variety of battery issues related to Windows 7, Microsoft says that its testing shows that nothing is amiss.
(Credit:
Microsoft)
The software maker initially thought that there might be a problem with the firmware in some PC models causing an error message to appear where one was not warranted. However, Microsoft now says that it believes that the operating system is behaving properly.
In a blog posting on Monday, Windows division President Steven Sinofsky said that the company's follow-up research shows that those seeing a notification that their batteries need replacing are getting the message because, in fact, the batteries are not performing up to a certain threshold.
"To the very best of the collective ecosystem knowledge, Windows 7 is correctly warning batteries that are in fact failing and Windows 7 is neither incorrectly reporting on battery status nor in any way whatsoever causing batteries to reach this state," Sinofsky said. "In every case we have been able to identify the battery being reported on was in fact in need of recommended replacement."
He noted that the error message is new to Windows 7, so people upgrading to Windows 7 may indeed see the message where no warning appeared before.
"We recognize that this has the appearance of Windows 7 'causing' the change in performance, but in reality all Windows 7 did was report what was already the case," Sinofsky said.
The company and PC makers have received a total of 20 support inquiries related to this error message, all of which have turned out to be older batteries whose performance had degraded, he said. Although there have been complaints on Microsoft's TechNet and other forums, Sinofsky said it has not seen anything in the cases it has followed up on to suggest anything other than the system correctly identifying underperforming batteries.
Sinofsky said it is actually seeing a smaller percentage of systems producing the error message than it had during the testing of Windows 7, in part because more and more new systems (with new batteries) are running the operating system.
"Only a very small percentage of users are receiving the 'Consider replacing your battery' notification, and as expected, we are seeing systems older than (around) 1.5 years," he said.
Microsoft plans to begin phasing out Unix and Linux platform support for its FAST enterprise search products, as of its next release.
According to a Thursday blog post from Microsoft Distinguished Engineer Bjørn Olstad, the team will be "investing in interoperability between Windows and other operating systems, reaffirming our commitment to 10 years of support for our non-Windows products, and taking concrete steps to help customers plan for the future."
Enterprise search remains a lucrative, if oddly fractured market. According to analyst firm Gartner, in 2008, software revenue (new licenses and maintenance revenue) in the enterprise search market totaled $1.1 billion worldwide. The firm also forecast that revenue would rise to $1.9 billion by 2013, with a compound annual growth rate of 11.7 percent.
Currently, the market is dominated by Microsoft and Autonomy, though recently, the Apache Lucene project (commercialized by Lucid Imagination) has made inroads into the enterprise, as has Google's search appliance.
But Microsoft has one huge advantage, in that it effectively controls the data through the Windows file system, along with a vast array of applications and server platforms.
Windows has an obviously huge corporate server software footprint, and SharePoint continues to provide additional inroads into business data. But enterprise systems are expanding into a multitude of different services--on-site and off-site, that are far from homogeneous.
While it makes sense, from a development perspective, for Microsoft to drop Linux and Unix support for FAST, it doesn't make much sense from a market perspective. Offering FAST only on Windows means that businesses that want to use it will potentially incur costs for Windows licenses, system administration, and systems redesign.
Linux servers, especially for file systems and non-Exchange e-mail, continue to grow. Throw in the notion of cloudlike systems that are effectively operating system-agnostic, and this move seems even less logical.
In the same blog post, Olstad references cloud-based services that customers can choose instead of on-premise deployments. Cloud services may work for some enterprises, but most will want to keep their data behind the firewall.
Microsoft said on Friday that has lost the remainder of Facebook's display advertising business as the social network will now handle all of the graphical ads on its site.
"We made the mutual decision that Facebook would take over responsibility for selling display advertisements on its own site," Bing general manager Jon Tinter said in a blog posting. "We have been working together on advertising for a long time, creating the best experience for (Facebook) users and advertisers. Given the kinds of advertisements that make sense within a product as unique as Facebook, it just made more sense for them to take the lead on this part of their advertising strategy."
The deal represents a scaling-back of a 2007 pact in which Microsoft invested $240 million in Facebook and became "the exclusive third-party advertising platform partner for Facebook," serving up display ads, in addition to search results. Microsoft had already lost some of the international display ad business in recent months.
However, Microsoft also said that it is expanding its search advertising partnership with Facebook, with Bing serving up more detailed search results and being used for Web search internationally, in addition to the U.S.
"We have deepened our joint work together on web search to provide even more compelling experiences to Facebook users with Bing," Tinter said. "As part of this expanded cooperation in search, our two companies will soon provide Facebook users with a more complete search experience by providing full access to great Bing features beyond a set of links, including richer answers combined with tools that help customers make faster, smarter decisions."
Microsoft said on Friday that it plans to discontinue support for playing original Xbox games on its online service.
In a blog posting, Microsoft's Marc Whitten said that after April 15, users of the Xbox Live service will no longer be able to play titles like Halo 2 that were created for the first Xbox console.
"This isn't a decision we made lightly, but after careful consideration, it is clear this will provide the greatest benefit to the Xbox Live community," Whitten said. "And as we look down the road, we'll continue to evolve the service with features and experiences that harness the full power of Xbox 360. To reach our aspiration, we need to make changes to the service that are incompatible with our original Xbox v1 games."
Whitten said Microsoft will be reaching out directly to those affected by the change.
In the note, Whitten referenced the company's work to support the upcoming Project Natal add-on that will bring gesture and voice recognition to the Xbox 360 when it makes its debut later this year.
"We'll share more details soon, but in the meantime I want to assure you that the best is yet to come for Xbox Live," he said. "I believe we'll look back on 2010 as a landmark year in gaming and home entertainment, and I couldn't be more excited about what we have in store."
An item briefly posted to a blog by a Microsoft employee offered details of a "technology guarantee" program giving purchasers of Office 2007 a free update to a comparable version of Office 2010--if they buy between March 5 and September 30.
(Credit: CNET)It is not uncommon for Microsoft to launch a "technology guarantee" program ahead of a new version of Office or Windows, offering buyers of a product late in one cycle an upgrade to the new version once it comes out. So it's not a shocker that Microsoft has one planned for Office 2010.
That said, Microsoft wasn't quite ready to tell the world about the program. Nonetheless, an employee briefly posted details of the planned upgrade offer on a blog. It was quickly pulled down, but the cat is out of the bag. (The post also lives on in a Google-cached version, as noted by Ars Technica.)
According to the now-removed posting, the program will kick off March 5, meaning people who purchase Office 2007 between March 5 and September 30 can get a free upgrade to a comparable version of Office 2010. Users will be able to download Office 2010 as soon as it is made broadly available. Customers can also order a DVD, for a small fee.
Buyers get one copy of Office 2010 for each eligible copy of Office 2007 they buy, with a limit of 25 free upgrades per person.
Microsoft said any posting was done in error and the company has nothing to say about a tech guarantee program.
The company did confirm to CNET earlier this week that it has given some testers a near-final "release candidate" version of Office 2010, with the final version due to go on sale in June.
Meanwhile, SD Times has a post up on its Web site noting that Microsoft is considering some new subscription pricing options for business users of Office. Microsoft declined comment on that report.
Microsoft will patch 26 holes next week, including critical ones in Windows, one affecting the kernel of 32-bit versions, and several holes in Office, the company said Thursday in a preview of its Patch Tuesday.
Five of the 13 bulletins affect vulnerabilities that could lead to remote code execution and they are rated critical. The bulletins affect Windows 2000, XP, Vista, and Windows 7, as well as Server 2003 and 2008, Office XP, Office 2003 and Office 2004 for Mac, according to the advisory.
"The Office-related bulletins are both rated Important and would require user action to be exploited (usually in the form of convincing a user to open a specially crafted file)," Jerry Bryant, a senior security communications manager at Microsoft, wrote in a blog post. "The vulnerabilities only affect older versions of Office so customers on Office 2007 or Office 2008 for Mac will have no actions this month."
Included in the bulletins will be a fix for a hole in the kernel of 32-bit versions of Windows that Microsoft disclosed two weeks ago, Bryant said.
Meanwhile, Microsoft will not have fixes ready by Tuesday for two other issues--a hole in Internet Explorer that could lead to data leakage and which was disclosed on Wednesday, and a hole in the Server Message Block file-sharing protocol that was disclosed in November.
"We are not aware of any attacks on these vulnerabilities and continue to encourage customers to implement the mitigations and workarounds outlined in the advisories," Bryant wrote.
This chart shows the number of bulletins affecting the different versions of Windows and their rating of importance.
(Credit: Microsoft)As I noted on the day the iPad was released, the fact that another company may be the one to make the tablet computer a mass-market consumer device has to leave plenty of folks in Redmond smarting.
But while most of that frustration has stayed private, one former Tablet PC team member has lashed out publicly. Dick Brass, a former Microsoft VP who left the company in 2004, lashed out at Redmond in an op-ed piece that ran Thursday in The New York Times.
As some have questioned what the release of the iPad means for Amazon, Brass said he wonders what it says about Microsoft.
"The much more important question is why Microsoft, America's most famous and prosperous technology company, no longer brings us the future, whether it's tablet computers like the iPad, e-books like Amazon's Kindle, smartphones like the BlackBerry and iPhone, search engines like Google, digital music systems like iPod and iTunes, or popular Web services like Facebook and Twitter," Brass wrote.
Brass, who worked for Larry Ellison at Oracle before joining Microsoft in 1997, notes that while Microsoft continues to report record financial results, its products are not keeping pace.
"Microsoft's huge profits--$6.7 billion for the past quarter--come almost entirely from Windows and Office programs first developed decades ago," Brass wrote. "Like GM with its trucks and SUVs, Microsoft can't count on these venerable products to sustain it forever.
Microsoft, Brass says, "has become a clumsy, uncompetitive innovator." The company, he says, lacks a systemic approach to take advantage of its innovation.
I'm interested to see what Microsoft as a company--as well as individual worker bees in Redmond--have to say on this topic.
Regardless of where one stands on the matter, this is the key question facing Redmond. It pours plenty into research and development and has no shortage of talent. But will it be able to convert that into products that are competitive and profitable in a new era of technology.
Will Windows Azure prove to be the operating system of the cloud computing world or will it seem like a last gasp to extend a declining empire? Will Microsoft be able to tap online advertising and subscriptions to replace dollars no longer spent on packaged consumer software?
Equally critical--and perhaps largely out of Redmond's control--is how long the Office and Windows profit engines fire at their current levels. That will dictate how much breathing room Microsoft has for things like Azure and Bing to pay off.
While many people are ready to stick a fork in Microsoft, I think its next chapter has yet to be written. And that's what makes things fun.
Update, 12:37 p.m. PT: Microsoft has responded in a blog post by chief spokesman Frank Shaw.
"Obviously, we disagree," Shaw writes, adding a smiley face emoticon. "But his piece does represent a good opportunity to touch briefly on how we think about innovation."
Shaw points to some of the work Microsoft is doing, including the Project Natal gesture recognition work and Xbox Live. He also notes that the ClearType technology that Brass cited as having been stifled, now ships in every copy of Windows.
With Windows Azure now commercially launched, Microsoft is looking for some new ways to fill up its cloud.
The software maker on Thursday announced a deal in which it will work with the National Science Foundation to find cloud computing projects that could benefit from free access to Windows Azure. Those chosen by the NSF will get three years of free Azure access and support.
"Cloud computing can transform how research is conducted, accelerating scientific exploration, discovery and results," Microsoft Vice President Dan Reed said in a statement. "These grants will also help researchers explore rich and diverse multidisciplinary data on a large scale."
Microsoft unveiled Windows Azure in October 2008 and finalized its product late last year, although customers only started getting charged as of this week.
