Tag: windows

End of Windows

It’s important to note that Windows persisted as the linchpin of Microsoft’s strategy for over 30 years for a very good reason: it made everything the company did possible. Windows had the ecosystem and the lock-in, and provided the foundation for Office and Windows Server, both of which were built with the assumption of Windows at the center. Office 365 and Azure are comparatively weaker strategically: Office 365 has document lock-in, but the exact same forces that weakened Windows in the first place weaken the idea of documents as well. It’s not clear why new companies in particular would even care. Azure, meanwhile, is chasing AWS, with a huge amount of business coming from Linux VMs that could run anywhere. Unsurprisingly, both are still benefiting from Windows: Office 365 really does, as Nadella noted in his retreat, work better on Windows, and vice versa; it is seamless for organizations that have been using Office for years to move to Office 365. Azure’s biggest advantage, meanwhile, is that it allows for hybrid deployments, where workloads are split between legacy on-premise Windows servers and Azure’s public cloud; that legacy was built on Windows. This, then, is Nadella’s next challenge: to understand that Windows is not and will not drive future growth is one thing; identifying future drivers of growth is another. Even in its division Windows remains the best thing Microsoft has going — it had such a powerful hold on Microsoft’s culture precisely because it was so successful.

Windows fuzzing

this library allows you to use powerful linux fuzzers to fuzz windows, where fuzzing appears to be stuck in the stone age:

library that allows native Linux programs to load and call functions from a Windows DLL. the library will process the relocations and imports, then provide a dlopen-like API. The code supports debugging with gdb (including symbols), basic block coverage collection, and runtime hooking and patching.

this library has found 3 windows defender critical vulnerabilities in 2 months

Windows Uniscribe Fuzzing

Among the total of 119 vulnerabilities with CVEs fixed by Microsoft in the March Patch Tuesday a few weeks ago, there were 29 bugs reported by us in the font-handling code of the Uniscribe library. Admittedly the subject of font-related security has already been extensively discussed on this blog both in the context of manual analysis and fuzzing. However, what makes this effort a bit different from the previous ones is the fact that Uniscribe is a little-known user-mode component, which had not been widely recognized as a viable attack vector before, as opposed to the kernel-mode font implementations included in the win32k.sys and ATMFD.DLL drivers. In this post, we outline a brief history and description of Uniscribe, explain how we approached at-scale fuzzing of the library, and highlight some of the more interesting discoveries we have made so far. All the raw reports of the bugs we’re referring to (as they were submitted to Microsoft), together with the corresponding proof-of-concept samples, can be found in the official Project Zero bug tracker. Enjoy!

Upgrade all the windows

Watch 36 years of Microsoft PC operating systems for consumers flash before your eyes, plus more than a couple dick drawings, in this experiment to challenge the limits of sequential Windows installation. Beginning with MS DOS 3.10—which he notes wasn’t even available as a retail product before version 5, you had to buy a whole computer to get your hands on it—he uses VirtualBox to install every Windows operating system from there on up. This involves copying the disks onto the root of the C drive one by one.

Microsoft capitulation

Tech culture is very fond of persistence, stubbornness, perseverance, and the idea that you should never give up. We’re surrounded by stories of visionaries who were told they’d never succeed and went on to change the world. But sometimes, you should put selection bias aside and, yes, give up.

This applies to big companies perhaps even more than for startups. Big companies have entire strategy teams devoted to working out what to do next and how to do it, and budgets to hire strategy consulting firms for millions of $ to produce 100-page decks with more strategies and ways to achieve them. Such people have little interest in saying ‘give up – it won’t work’ (perhaps because that might mean you don’t need a strategy team anymore). And there’s no SmartArt for failure.

Microsoft today, I think, is a case study in knowing when you should indeed give up, and what you should do after that.

God managing the Rapture

crapware is deadly

Worms are back

Cmdline only Windows

TIL there is now a bare bones windows install without explorer etc. that screenshot is how it looks when you login. i suppose the unix approach has won over the last holdout.

Monthly windows releases

I hope Microsoft doesn’t get cold feet, and indeed moves to monthly updates. Obsolete OS versions are holding things back across the industry, and the evergreen strategy has been extremely successful for browsers.

Microsoft will make monthly updates a mandatory part of participation in the upcoming Threshold technical preview. It’s expected to show users some of what’s new in the desktop experience and be limited to running on Intel-based PCs/devices.

TSA runs on Windows 98

the geniuses at the TSA rely on winders 98 for their “security”

A widely deployed carry-on baggage X-ray scanner used in most airports could easily be manipulated by a malicious TSA insider or an outside attacker to sneak weapons or other banned items past airline security checkpoints.