Category: Microsoft

On top of Blaster, SoBig, and Welchia, there is yet another email Trojan Horse loose: w32.squirm@mm. This is the best yet: it poses as an email from support@microsoft.com asking you to install a file that it attaches.

Word to the wise: Microsoft Support does not email files asking you to install them! Ever! Tell your friends!!!!

I got something like 60 messages on my home email account between 10 pm last night and 7 am this morning, all carrying the Sobig virus. Dave Winer had about 650 infected messages. Who is opening these damned attachments??? The BBC has more information on Sobig.

Meanwhile, the worm designed to patch the Blaster vulnerability, known variously as Welchia and Nachi, is spreading in the wild and Slashdot reports it’s slowing emergency response networks in Canada.

Could we all just knock it off for a few minutes, please?

Just got four separate email messages in the last hour that all look like the Sobig worm. Check the Symantec site for info on Sobig, which unlike Blaster only relies on people being willing to open email from strangers.

Official and unofficial pages about fixing the infection. Note that Windows 95, 98, and ME machines are NOT affected by the worm.

• Official page of Blaster info on the Microsoft.com security site. Contains really good step by step instructions on how to clean your system and prevent re-infection.
• Scoble posts an abbreviated list of instructions courtesy Jeff Sandquist.

To recap, if the official site is unreachable:

Step 1 – Patch the machine and turn on the XP Firewall

http://www.microsoft.com/security/incident/blast.asp
[Steps inline:

1. Turn on your firewall.
2. Update Windows—using either Windows Update or the information in this Security Bulletin.
3. Make sure your antivirus software is up to date.
4. Remove the worm using a utility provided by, for example, Symantec.]

Step 2 – Remove the Virus from your machine

Copy this file to a floppy disk before you go, run this utility on your mother’s machine and it will scan for the Virus and remove it.

If you forgot to copy it, you can download it from here:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

Step 3 – Turn on Auto update

Your mother got the Virus because her machine was not properly patched. Turn on automatic download and installation of updates by completing the following steps:

• Open Control Panel, select the System icon
• Select the Automatic Updates Tab
• Turn on Keep my computer up to date option by selecting the check box
• Turn on Automatically download the updates, and install them on the schedule that I specify, by selecting the radio buttons
• Set the date to every day and a time when you know the machine will be turned on.

Now your mother’s machine will automatically check each night if there are any new patches and install them for you.

If you run Windows NT 4.0, Windows 2000, Windows XP, or Windows Server 2003, and you haven’t gone to Windows Update in the last few weeks, you may be vulnerable to a new worm that started spreading yesterday, W32.Blaster.Worm. This nasty little worm is spreading on machines that didn’t apply the MS03-026 patch, then replicating itself and apparently mounting an attack against WindowsUpdate.com. This post on Slashdot suggests that one sign of infection is that your machine will start showing a 60 second shutdown timer, and the comments provide some really good tips about dealing with the worm, including a way to abort the shutdown (by typing shutdown /a at a command prompt) so you can apply the patch that works on some systems (though maybe not on Windows 2000). There’s also a worm removal tool on Symantec’s advisory page, if you suspect you’re already infected (though I would suggest downloading the patch first).

Tip: If you haven’t already patched your system and you can’t get to Windows Update to apply the patch, you may want to try going to the security advisory on TechNet, which points directly to the patch download location for your OS.

On a personal note, I wonder if this has something to do with the dog-slow performance I was having at home (Comcast DSL) yesterday and this morning.

Here’s a feature that Office 2003 has (and maybe Office XP, too) that Office X for the Mac doesn’t. Somewhat to my chagrin. In Office 2003, you can import an arbitrary XML file, with or without a DTD, into a regular old Excel worksheet.

Why might you want to do such a thing? Think data acquisition and analysis on the cheap, without having to write an XML parser to understand the data. Say, for instance, you’re bringing in about 200K of XML data from Weblogs.com every hour for two weeks and you want to look at, munge, and export it quickly to a format that can be imported by a SQL database. Possible using Excel 2003. Not possible using Excel X for Mac.

Little known not-secret: Excel X for Mac is a completely separate code base from the Windows versions of Excel, produced by a different team in a different division. Good news: this means it acts more like a Mac product (remember Word 6?). Bad news: sometimes major features go missing.

Anil Dash lays into Microsoft (er, us) for the Add Font dialog box in Windows XP, which has not substantially changed since Windows 95. He has a complaint, and an offer we can’t refuse:

… you still can’t even get this one dialog box to look like every other one in the operating system, with a little My Computer over on the side. You’ve got the “Drives:” dropdown box still partying like it’s 1994. It doesn’t even let me type in a network path unless I map a drive letter. Sweet, that way I can easily connect to my Netware 3 server over Token Ring and install the font I downloaded on my 9600 baud modem! Kickass!…

Here’s my offer. For less than 10% of your outstanding cash on hand, a mere four billion dollars, I will personally create a working, usable, UI guidelines-compliant version of this dialog box. I’ll even create it in .NET managed code. I’ll make sure it’s compatible with all the apps out there and regression test it against even the most obscure configuration.

Then, I’ll fly myself to Redmond and smack the product manager for Windows on the ass on his way out the door.…

It gets better. Some of the funniest ranting I’ve seen in a long time. And embarrassing, if you’re one of the folks in Redmond like me.

My bread and butter for workday software, not counting the omni-present Office suite, is probably SQL Server. In my job, I’m frequently dealing with Very Large Data Sets, and with my years of training in the client server salt mines, SQL is still the best way for me to deal with that data and interrogate it in a meaningful way. I learned SQL on Sybase and Watcom (now called Sybase SQL Anywhere), and have hacked on various open source packages, but started using Microsoft’s implementation around v. 6.0 or 6.5 for a port of our software that never happened. Now in the last year I’ve had to come up to speed on SQL Server 2000, just in time to start making the transition to Yukon.

I am really pleased to see some hard core SQL bloggers start up at the appropriately named SQLBlogs site. None of the bloggers appear to be actual Microsofties; they’re all dedicated professionals who spend a ton of time day in and day out with the SQL engine, and are covering some cool topics, including handling errors with connection pooling and some tricky stuff about the various datetime data types in SQL Server. Looks to be a good place for me to push my skills.

Scoble writes about getting spyware, and laments, “Yeah, I know I can run Ad Aware to remove it, but, what happens if a ‘normal’ customer gets spyware at home. Think they know how to remove it? No way.”

Actually, Scoble, at least some of them do. The stats on Download.com say that AdAware has been downloaded over 18 million times. Sounds to me like the market is working pretty efficiently here. But yes, it would be good if we got off our butts and put popup blocking in IE. (This is one of those times that I have to remind everyone that this opinion is mine alone, and that there is no warranty expressed or implied by my comment.)

Yesterday was the first anniversary of my full-time employment at Microsoft.

I’ve been hesitant, before today, to put that fact in print, because I wasn’t sure how the company would take my blogging. But internal conversations around how we engage our customers on line and offline have convinced me that it would be dishonest to our customers not to publicly disclose my employment.

What does that mean about my blogging? When I write about RSS, for instance, does that mean I speak for Microsoft? No, and if I think I’m getting close to a core area of the company in a post I’ll add an official disclaimer.

As for what I do at Microsoft, I am not now, nor have I ever been, working on one of the core software products at Microsoft. I work on Microsoft.com, which is to an ex-consultant like myself sometimes more interesting, because we are an internal customer for all of Microsoft’s server software, usually well before it actually hits the street. My title is Lead Product Manager, but what I mostly do is to study online customer behavior. My group reports up to Eric Rudder, another Microsoft blogger.

To anyone who may be caught off guard by this admission: I’m sorry, and if you want to discuss it with me on or off line, please feel free to contact me. I hope that the only change in my posting will be that I will be able to be more open. I plan to continue to write about the same set of topics, and will add Microsoft-specific notes to the mix where appropriate.

Don Box notes that he and Chris Sells (new at Microsoft as of yesterday) have been discussing blogging infrastructure. They both think that blogging from Word, rather than an HTML editor or InfoPath, is the right way to go. They appear to be discussing how to architect it. Don may not be aware, but there’s some interesting prior art in the Word macros that Simon Fell constructed (using PocketSOAP) to talk to the Manila API or to Radio. I don’t know what API Don’s blogging infrastructure supports, but using a slim SOAP client it should be trivial to send XML message packets from Word.

BTW, there are a ton of Microsoft bloggers blogging about, well, blogging, but also RSS, .NET, web design, and other topics near and dear to my heart. Some of the other interesting guys are Tim Ewald at MSDN, Dare Obasanjo, Chris Anderson, Scott Guthrie… and soon Robert Scoble.

(Man, I oughtta get around to adding a Microsoft department to this blog.)

Tim Ewald: “RSS at MSDN!” New RSS feeds for MSDN, including a comprehensive all-new-articles feed and separate feeds for Visual Basic, C#, C++, the overall Visual Studio product, the .NET Framework, and XML Web Services. There’s a lot of content in MSDN (even if most of it is by definition Microsoft-centric), and having an RSS feed through which to consume it makes it immeasurably easier to consume, navigate—and blog about, natch. Dave thinks so too.

I’ve been thinking about getting a new TV. I’m really a movie guy and watching letterboxed content on my 27″ screen is a little painful. But my options for getting a bigger TV were:

1. A larger conventional or rear projection TV, which are a good value but won’t fit in our built in entertainment center;
2. A front projection unit (like a computer projector), which is also a relatively good value (80″ screen, anyone?) but which requires a totally dark room for best fidelity;
3. A plasma TV, which has the right form factor but which is way too costly for me right now

Then I noticed on Microsoft.com’s home page a link that said something about a plasma television set (the link is down now). Curious, I followed the link to find a sweepstakes: “Sign up for alerts and win cool prizes.” Including, coincidentally, the 42″ Panasonic plasma TV I was looking at. Unfortunately I’m, for various reasons, not eligible to play…

Dare Obasanjo has published sample C# code and an EXE at the Microsoft Developer Network (MSDN) for an RSS news aggregator. To my surprise, it does some interesting things like importing OPML subscription lists. It also seems to handle both RSS 0.91 and RSS 2.0 feeds, and has some neat tricks like browsing directly in the aggregator (why not if you’re embedding IE?).

NetNewsWire it isn’t. In fact, it’s not quite up to Radio’s standards either. There are some definite GUI issues, like not remembering the width of columns and not being able to resize any of the panes in the main window; no delete confirmation for subscriptions; no memory of read items between updates; and calling the “mark all as read” option “Catch Up” (logical, but I was expecting something consistent with all the other email, news, and RSS apps I’ve seen). But it is free, and for all you C# hackers out there it gives good sample code.

Now if only MSDN would add an RSS feed…

I’d love to say I’ve been incommunicado leading up to the first product launch I’ve been involved with at my company, but it’s not really true. My involvement is for real, but my piece was done weeks ago.

I’m almost finished helping a cross-group team put together a deck on a high visibility project to be presented at pretty high levels in the company. The presentation is Monday, November 11. This is a date with positive and negative memories for me: the anniversary of my first date with Lisa eight years ago, and the anniversary of a particularly ugly party I attended nine years ago in my last year of college. I’m hoping the presentation is more karmically similar to the former than the latter.
more…