Microsoft

Microsoft is set to announce on Monday that it is ready with a second beta version of its Visual Studio 2010 and .Net Framework 4.0 developer tools. Both products are set for a final release on March 22, Microsoft said.

"Microsoft has reached the home stretch for Visual Studio 2010," said Dave Mendlen, a senior director in Microsoft's developer division. "This is probably the biggest release we've had in many years."

Among the product's features is a Tivo-like recording feature that Microsoft has now dubbed "IntelliTrace."

"That's our time machine," Mendlen said. "We're very proud of that."

Other features new to the 2010 release include support for Windows 7 and Windows Azure as well as tools for building on top of Microsoft's Sharepoint product.

With Visual Studio 2010, Microsoft is also taking the opportunity to scale back the number of different versions it sells, cutting the number of subscription options from seven to three. In a telephone interview, Microsoft Vice President S. "Soma" Somasegar said that move came from customer requests.

They told us "one place you can do better is making it simpler how you package your products," Somasegar said.

Under the new plan, myriad Visual Studio options will be consolidated into Professional, Premium, and Ultimate. Microsoft is planning an "ultimate offer" promotion that will give many current subscribers access to the next-higher version of Visual Studio as well as 750 Windows Azure compute hours per month. Next year, the company plans to change that to offer varying amounts of Azure compute time based on the level of the Visual Studio subscription.

Microsoft on Thursday said it is delaying the release of its Forefront Endpoint Protection 2010 antimalware product for Windows desktops and servers until the second half of next year.

Forefront Endpoint Protection is a component of the upcoming Forefront Protection Suite, formerly code-named "Stirling."

"Based on customer feedback and market trends, we have made the strategic decision to build Forefront Endpoint Protection (FEP) on System Center Configuration Manager, Microsoft's solution to comprehensively assess, deploy, and update servers, clients, and devices," the company said in a blog post.

"This approach better aligns our customers' client management and security infrastructure, helping simplify deployment and reduce costs," the post said. "We are confident this is the right decision for our customers."

In the interim, Microsoft said, it will continue to offer its Forefront Client Security solution to customers.

Meanwhile, Microsoft said it is on track to release related products, including Forefront Protection Manager, in the first half of next year.

Microsoft has created the nonprofit CodePlex Foundation to target increased communication between open-source communities and software companies.

Citing an under-representation of commercial software companies and their employees in open source, the CodePlex Foundation aims to work with particular projects to bridge the gap between the open-source and commercial worlds.

The Redmond giant has contributed $1 million to the foundation and has filled out its board and advisory panel with many Microsoft staffers, including Sam Ramji, who is leaving Microsoft as its open-source point man but is also becoming CodePlex Foundation's interim president.

Unlike other open-source foundations, such as the Mozilla Foundation and GNOME Foundation, the foundation said on its Web site that it intends to address the full spectrum of software projects.

This is an unexpected and interesting move from Redmond. Don't think that this is completely like other open-source foundations that you may be used to, though.

Take this line from the Codeplex Foundation FAQ: "We wanted a foundation that addresses a full spectrum of software projects, and does so with the licensing and intellectual property needs of commercial software companies in mind."

Add to this that the About page states that companies will contribute code, not patents, and that is what I think will stop the existing open-source community from going anywhere near the CodePlex Foundation.

I can't see any patent-encumbered CodePlex project being accepted into, or contributing code into, any large existing open-source project while still having the patent specter looming overhead--it's something that the open-source community has tried to avoid whenever possible.

But this is probably not that audience that the foundation is aiming for--it's more likely to target purely Microsoft companies/developers and attempt to get them to open up a little. Allowing these companies to keep their patents will make it easier for them to engage in the Microsoft ecosystem but not in the wider open source world.

Chris Duckett of ZDNet Australia reported from Sydney.

Microsoft on Tuesday issued five critical Windows-related updates as part of its monthly Patch Tuesday release.

While the issues affect different versions of Windows differently, Microsoft said none of the issues apply to the final version of Windows 7, which Microsoft wrapped up in July.

The five bulletins address eight vulnerabilities. According to Symantec Security Response research manager Ben Greenbaum, the two vulnerabilities most likely to be used by attackers involve the way Windows handles ASF and MP3 media files. "We've seen similar exploits in the past and all a user would have to do is visit a compromised Web site hosting one of these malicious files, which could be an MP3, WMA or WMV file, and they could become infected."

McAfee Avert Labs director Dave Marcus said that two of the flaws, in particular, relate to serious security vulnerabilities in the networking components of Window Vista, Windows Server 2008 and Windows Server 2003 that could allow for malicious software to spread from one PC to another.

"These vulnerabilities are the most likely to be exploited by malicious code and are two of the best worm candidates that we've seen since Conficker," Marcus said in a statement. "That said, all of today's security bulletins address vulnerabilities that could allow an attacker to take complete control of a vulnerable PC."

In addition, Microsoft said it is re-releasing a bulletin from last month to address an additional control found to be vulnerable to an issue with the Microsoft Active Template Library.

Greenbaum noted that Microsoft has yet to issue a patch for a zero-day flaw in Internet Information Services that was made public last week. "Until a patch for this is issued, as a temporary workaround we suggest IT administrators using IIS 5.0 and 6.0 turn off anonymous write access immediately," Greenbaum said. "We also recommend using a firewall and restricting access to creating directories. Those using IIS 7.0 with FTP Service version 6.0 installed should upgrade to FTP Service version 7.5."

There are already some attacks being seen based on that flaw.

"While the company will not release an update this month, it will do so once it has reached an appropriate level of quality for broad distribution," Microsoft said.

Meanwhile, Microsoft said Tuesday that it is investigating another zero-day issue, this one a reported flaw in Windows Vista and Windows 7.

As for the patches Microsoft did release on Tuesday, Qualys CTO Wolfgang Kandek noted that some of the bulletins are interesting in that they either affect only newer operating systems or are more critical on later versions--the reverse of what is normally the case. Overall, he said, five Windows patches should keep IT workers busy.

"Due to the criticality of the patches and wide coverage of the operating system, this will be a busy day for IT administrators," Qualys CTO Wolfgang Kandek said in an e-mail.

A vulnerability in Microsoft's software for housing Web sites is now being used for "limited attacks" on the servers it's running on, the company said Friday.

Microsoft disclosed the Internet Information Services (IIS) vulnerability on Monday and said Friday it's still working on a security update to fix the problem. In the meantime, the advisory has instructions for a workaround, including disabling various elements of the vulnerable FTP (File Transfer Protocol) service to upload and download files.

According to the advisory, the vulnerability could let somebody run arbitrary code on a server using FTP on IIS 5.0 and conduct a denial-of-service attack using FTP on IIS 5.1, 6.0, and 7.0. The present version 7.5 isn't affected, though, and FTP 7.5 can be downloaded and installed on IIS 7.0 to protect it.

"Customers should be aware that the Download Center has FTP 7.5 available for Windows Vista and Windows Server 2008. FTP 7.5 is not vulnerable to any of these exploits," said Alan Wallace, senior communications manager for Microsoft's security response communications team, in a statement.

Initially, the company said it was investigating a vulnerability only with versions 5 and 6 of IIS.

Microsoft on Monday said it is looking into a report of a flaw in some versions of its Internet Information Services product that could allow an attacker to gain control of a system.

In a statement, a Microsoft representative said the company "is investigating new public claims of a possible vulnerability in IIS 5 and IIS 6 File Transfer Protocol (FTP)."

Microsoft said it is not aware of any attacks using the vulnerability. "We will take steps to determine how customers can protect themselves, should we confirm the vulnerability."

According to IDG News Service, code for exploiting the unpatched flaw was posted to the Milw0rm Web site. IDG said the exploit appears to affect primarily older versions of IIS--and only when the FTP function is enabled.

Once it is done with its investigation, Microsoft said, it will decide how to address the matter, which could include a security update as part of its monthly Patch Tuesday or an out-of-cycle update.

In a posting on Monday, the U.S. Computer Emergency Readiness Team (US-CERT) suggested IT administrators "disable anonymous write access to the FTP server to help mitigate the vulnerability" but added that "a proper impact analysis should be performed prior to taking defensive measures."

The fact that many customers are shifting from running their own e-mail servers to getting mail as a hosted service doesn't have to spell doom for Microsoft, insists Rajesh Jha, the man who heads the Exchange business.

In an interview on Monday, Jha said that, although many see the rise of services as more of a benefit to companies like Google, he sees it as an opportunity for his business.

Microsoft's Rajesh Jha, shown here in his office earlier this year, says the shift from a world of servers to a world of services need not spell trouble for the Exchange business.

(Credit: Ina Fried/CNET)

"I feel we will grow our share overall with the move to services," Jha said. In particular, Jha said that Microsoft has a better option for small and midsize businesses than it did when its only option was for those companies to run their own Exchange servers. "I think we have a huge opportunity for growth. I don't think we are in a defensive position at all."

In a year in which many software businesses--including a number within Microsoft--took a hit, the Exchange business continued to grow last year, Jha said, saying that revenue for the product nearly hit $2 billion and has 70 percent market share among corporate users.

Jha acknowledged, though, that competition for the in-box is definitely heating up.

"It is where people spend more of their hours," Jha said. "It's become a real critical part of the day. Our competitors are smart. They see it too."

In addition to Google, IBM continues to push its Lotus Domino/Notes combination while Cisco has said it will have a Linux-based e-mail offering based on last year's Postpath acquisition.

Sounding a familiar refrain, Jha said that he expects customers to warm to Microsoft's strategy, which lets them have the option of running Exchange themselves or purchasing it as a subscription hosted service.

"With Exchange, we don't give them any kind of technology ultimatum," Jha said. "We don't say 'Thou shalt move to the cloud.' "

Microsoft has shifted its priorities, though. Unlike past versions of Exchange, Microsoft developed Exchange 2010 as a service first, and only later has it done the work on the server product. That server product, which has been in testing for some time and reached the beta stage in April, is now ready in a near-final "release candidate" form.

Among its features is one that lets users "mute" an e-mail thread that they are no longer interested in being part of.

Jha reiterated that the final version of Exchange 2010 should be done later this year.

"I feel pretty good about how we are tracking," he said, noting that half of Microsoft's in-boxes--some 80,000--are now on the new version of Exchange. " We'll definitely be ready this year."

Microsoft and Verizon may need to learn a thing or two about customer service from IBM's Informix, according to a report released Wednesday by market researcher VendorRate.

Among IT professionals questioned, Microsoft's customer satisfaction ratings for the second quarter dropped in three key areas.

Out of a score of 100, Microsoft's server and infrastructure software rated 55, a 17 percent decline from the first quarter; its operating systems scored 67, down 9.5 percent; and its applications came in at 64, an 18 percent dip.

"Microsoft was cruising along with satisfactory scores in earlier reports, but it simply fell off a cliff in this quarter," Rick Schaefer, CEO of VendorRate, said in a statement.

Of all vendors measured, Verizon Communications came in lowest as an overall company for customer satisfaction, scoring 61 out of 100. Sprint Nextel and AT&T Wireless also came in near the bottom, at 64 and 67 points, respectively--a reflection of the telecom industry's poor showing overall.

(Credit: VendorRate)

"Once again the telecom sector sinks to the bottom of all lists," Schaefer said. "Either telecom vendors don't get it, or they don't seem to care."

However, not all of telecom is broken. Telecom equipment maker ShoreTel made it into the No. 2 slot of vendors with a rating of 92.

IBM's Informix scored at the top of the list with a rating of 96. Formed when IBM bought the Informix technology in 2001, it specializes in online transaction processing, an automated system used by banks, airlines, and other industries to interact with customers.

(Credit: VendorRate)

"IBM Informix was among the top rated vendors for the fourth straight quarter," noted Schaefer, "and this is the first time that ShoreTel made it into the top rankings."

Still, not everything that IBM touches turns to gold. IBM Global Services ranked near the bottom of consultants with a rating of 66.

VendorRate gathers ratings and reviews from IT and business professionals. For its second-quarter report, the company surveyed more than 1,500 IT professionals at trade shows, conferences, its own Web site, and "virtual events."

Those questioned by VendorRate ranked nearly 350 companies on 10 criteria, including customer service, reliability, integrity, budget, and effectiveness for a cumulative score of 100. The ratings were collected from April 1 through June 30.