Microsoft

Steven Sinofsky may not be talking about Microsoft's future Windows plans, but the Windows Server team appears to see more value in letting customers know its road map.

In at least two slides apparently shown at the Professional Developers Conference in Los Angeles this week, Microsoft suggests that a major release update to Windows Server is due around 2012, with one of the slides confirming the Windows 8 code name.

I've asked both the desktop and server teams for more context on the slides, which were noted this week by blogger Stephen Chapman. A similar slide cropped up--that time in Italian-- in August.

For his part, Sinofsky sat completely stone-faced when I asked him in our interview Wednesday where Microsoft was at relative to Windows 8--later noting that he hadn't even used the word Windows next to the numeral 8.

"I didn't say any of the words--Windows 8--those were all your words," he said

The 2012 time frame would roughly coincide with Windows Server's plans of having a minor release every two years or so and a major release every four years. It released Windows Server 2008 R2, a minor update, earlier this year as the desktop team released Windows 7.

In recent years, Microsoft has tended to line up its desktop and server releases fairly closely, although in this case the desktop OS was probably a more significant release than its server counterpart.

SINGAPORE--In a year, most enterprises will have the choice to "get rid" of Microsoft Office if they so choose, suggests Dave Girouard, president of Google's enterprise division.

Girouard said in an interview here with ZDNet Asia that he expects Google's online suite of applications, Google Docs, to reach a "point of capability" next year that it will serve the "vast majority's needs."

He acknowledged that Docs is currently "much less mature" than Google Mail or Calendar. "We know it. We wouldn't ask people to get rid of Microsoft Office and use Google Docs because it is not mature yet," he said.

But this is expected to change in about a year, after the company's introduces another "30 to 50" updates.

Read more of "Google: Firms can 'get rid' of Office in a year" at ZDNet Asia.

Microsoft made two enterprise moves on Monday, one expected and the other a bit of a surprise.

As promised, the company used its TechEd event in Berlin to release Exchange 2010, the latest version of its e-mail and calendar server software. Microsoft finalized the code for the product last month and had said it would launch at TechEd.

Microsoft VP Tami Reller talks about enterprise adoption of Windows 7 as part of a Webcast held after the first day of TechEd Europe.

(Credit: CNET News)

Meanwhile, the company also announced it is buying the Teamprise technology from SourceGear. Teamprise allows developers using Eclipse and those working on non-Windows operating systems to build applications using Microsoft's Visual Studio product.

"We know our customers face daily challenges with management, collaboration and development in heterogeneous environments. The industry must take steps to make interoperability a stronger business asset for our customers," senior vice president and developer unit head S. Somasegar said in a statement. "With the acquisition of the Teamprise assets, we're taking a step forward on this journey, providing customers with a viable cross-platform development solution that will help produce business results more quickly."

Microsoft didn't announce financial terms of the deal, but did say the Teamprise technology will be integrated into Visual Studio 2010.

At TechEd Europe, Microsoft also talked about enterprise adoption of Windows 7 and Windows Server 2008 R2, highlighting some early customers of the two products.

"We remain just pleased and humbled by the very warm reception we're seeing," Microsoft vice president Tami Reller said in a Webcast on Monday.

As part of the same Webcast, senior vice president Chris Capossela sounded off on Cisco's announcement of updated collaboration tools that could take on Exchange.

"Rather than stitching together acquired products and calling that a solution, we've built Exchange form the ground up," he said.

Some businesses midway through upgrades to Vista are asking for Windows 7 instead, a Microsoft executive said at Thursday's launch event in London.

"This is the first time that we have had customers talking about slipstreaming the deployment of one OS into another version," said John Curran, who until recently headed the Windows client group in the U.K.

About 15 percent of business computers in the U.K. have Vista installed.

Ten large companies in the U.K. have already begun deploying Windows 7 on a total of 300,000 machines, according to Microsoft.

"In terms of the numbers of seats being deployed at launch, we are well ahead of where we were from a Vista perspective," Curran said.

Read more of "Vista jilted for Windows 7 midway through upgrades" at Silicon.com.

Microsoft is set to announce on Monday that it is ready with a second beta version of its Visual Studio 2010 and .Net Framework 4.0 developer tools. Both products are set for a final release on March 22, Microsoft said.

"Microsoft has reached the home stretch for Visual Studio 2010," said Dave Mendlen, a senior director in Microsoft's developer division. "This is probably the biggest release we've had in many years."

Among the product's features is a Tivo-like recording feature that Microsoft has now dubbed "IntelliTrace."

"That's our time machine," Mendlen said. "We're very proud of that."

Other features new to the 2010 release include support for Windows 7 and Windows Azure as well as tools for building on top of Microsoft's Sharepoint product.

With Visual Studio 2010, Microsoft is also taking the opportunity to scale back the number of different versions it sells, cutting the number of subscription options from seven to three. In a telephone interview, Microsoft Vice President S. "Soma" Somasegar said that move came from customer requests.

They told us "one place you can do better is making it simpler how you package your products," Somasegar said.

Under the new plan, myriad Visual Studio options will be consolidated into Professional, Premium, and Ultimate. Microsoft is planning an "ultimate offer" promotion that will give many current subscribers access to the next-higher version of Visual Studio as well as 750 Windows Azure compute hours per month. Next year, the company plans to change that to offer varying amounts of Azure compute time based on the level of the Visual Studio subscription.

Microsoft on Thursday said it is delaying the release of its Forefront Endpoint Protection 2010 antimalware product for Windows desktops and servers until the second half of next year.

Forefront Endpoint Protection is a component of the upcoming Forefront Protection Suite, formerly code-named "Stirling."

"Based on customer feedback and market trends, we have made the strategic decision to build Forefront Endpoint Protection (FEP) on System Center Configuration Manager, Microsoft's solution to comprehensively assess, deploy, and update servers, clients, and devices," the company said in a blog post.

"This approach better aligns our customers' client management and security infrastructure, helping simplify deployment and reduce costs," the post said. "We are confident this is the right decision for our customers."

In the interim, Microsoft said, it will continue to offer its Forefront Client Security solution to customers.

Meanwhile, Microsoft said it is on track to release related products, including Forefront Protection Manager, in the first half of next year.

Microsoft has created the nonprofit CodePlex Foundation to target increased communication between open-source communities and software companies.

Citing an under-representation of commercial software companies and their employees in open source, the CodePlex Foundation aims to work with particular projects to bridge the gap between the open-source and commercial worlds.

The Redmond giant has contributed $1 million to the foundation and has filled out its board and advisory panel with many Microsoft staffers, including Sam Ramji, who is leaving Microsoft as its open-source point man but is also becoming CodePlex Foundation's interim president.

Unlike other open-source foundations, such as the Mozilla Foundation and GNOME Foundation, the foundation said on its Web site that it intends to address the full spectrum of software projects.

This is an unexpected and interesting move from Redmond. Don't think that this is completely like other open-source foundations that you may be used to, though.

Take this line from the Codeplex Foundation FAQ: "We wanted a foundation that addresses a full spectrum of software projects, and does so with the licensing and intellectual property needs of commercial software companies in mind."

Add to this that the About page states that companies will contribute code, not patents, and that is what I think will stop the existing open-source community from going anywhere near the CodePlex Foundation.

I can't see any patent-encumbered CodePlex project being accepted into, or contributing code into, any large existing open-source project while still having the patent specter looming overhead--it's something that the open-source community has tried to avoid whenever possible.

But this is probably not that audience that the foundation is aiming for--it's more likely to target purely Microsoft companies/developers and attempt to get them to open up a little. Allowing these companies to keep their patents will make it easier for them to engage in the Microsoft ecosystem but not in the wider open source world.

Chris Duckett of ZDNet Australia reported from Sydney.

Microsoft on Tuesday issued five critical Windows-related updates as part of its monthly Patch Tuesday release.

While the issues affect different versions of Windows differently, Microsoft said none of the issues apply to the final version of Windows 7, which Microsoft wrapped up in July.

The five bulletins address eight vulnerabilities. According to Symantec Security Response research manager Ben Greenbaum, the two vulnerabilities most likely to be used by attackers involve the way Windows handles ASF and MP3 media files. "We've seen similar exploits in the past and all a user would have to do is visit a compromised Web site hosting one of these malicious files, which could be an MP3, WMA or WMV file, and they could become infected."

McAfee Avert Labs director Dave Marcus said that two of the flaws, in particular, relate to serious security vulnerabilities in the networking components of Window Vista, Windows Server 2008 and Windows Server 2003 that could allow for malicious software to spread from one PC to another.

"These vulnerabilities are the most likely to be exploited by malicious code and are two of the best worm candidates that we've seen since Conficker," Marcus said in a statement. "That said, all of today's security bulletins address vulnerabilities that could allow an attacker to take complete control of a vulnerable PC."

In addition, Microsoft said it is re-releasing a bulletin from last month to address an additional control found to be vulnerable to an issue with the Microsoft Active Template Library.

Greenbaum noted that Microsoft has yet to issue a patch for a zero-day flaw in Internet Information Services that was made public last week. "Until a patch for this is issued, as a temporary workaround we suggest IT administrators using IIS 5.0 and 6.0 turn off anonymous write access immediately," Greenbaum said. "We also recommend using a firewall and restricting access to creating directories. Those using IIS 7.0 with FTP Service version 6.0 installed should upgrade to FTP Service version 7.5."

There are already some attacks being seen based on that flaw.

"While the company will not release an update this month, it will do so once it has reached an appropriate level of quality for broad distribution," Microsoft said.

Meanwhile, Microsoft said Tuesday that it is investigating another zero-day issue, this one a reported flaw in Windows Vista and Windows 7.

As for the patches Microsoft did release on Tuesday, Qualys CTO Wolfgang Kandek noted that some of the bulletins are interesting in that they either affect only newer operating systems or are more critical on later versions--the reverse of what is normally the case. Overall, he said, five Windows patches should keep IT workers busy.

"Due to the criticality of the patches and wide coverage of the operating system, this will be a busy day for IT administrators," Qualys CTO Wolfgang Kandek said in an e-mail.

A vulnerability in Microsoft's software for housing Web sites is now being used for "limited attacks" on the servers it's running on, the company said Friday.

Microsoft disclosed the Internet Information Services (IIS) vulnerability on Monday and said Friday it's still working on a security update to fix the problem. In the meantime, the advisory has instructions for a workaround, including disabling various elements of the vulnerable FTP (File Transfer Protocol) service to upload and download files.

According to the advisory, the vulnerability could let somebody run arbitrary code on a server using FTP on IIS 5.0 and conduct a denial-of-service attack using FTP on IIS 5.1, 6.0, and 7.0. The present version 7.5 isn't affected, though, and FTP 7.5 can be downloaded and installed on IIS 7.0 to protect it.

"Customers should be aware that the Download Center has FTP 7.5 available for Windows Vista and Windows Server 2008. FTP 7.5 is not vulnerable to any of these exploits," said Alan Wallace, senior communications manager for Microsoft's security response communications team, in a statement.

Initially, the company said it was investigating a vulnerability only with versions 5 and 6 of IIS.