Smaller, less expensive Windows 8 devices based on upcoming Intel processors are in the offing for later this year, the company says.
Specifically, the devices will be based on Haswell and Bay Trail Atom processors, both of which are designed for longer battery life, Microsoft's outgoing CFO Peter Klein said in the company's quarterly earnings meeting.
"In the upcoming back-to-school selling season, we expect to see devices that incorporate advances from throughout the supply chain, including chipsets," he says.
Those prices could be as low as $300 with Haswell chips inside new form-factor devices such as ultrabooks, detachables and convertibles, says Intel CEO Paul Otellini in a Seeking Alpha transcript of Intel's earnings call. He didn't mention the rumored Microsoft watch or 7-inch tablet, but those could be thrown into the mix.
Even cheaper devices -- in the $200 range -- could become possible using non-core chips in thin, light notebooks, he says.
Otellini says that Haswell chips open the door to better compute and graphics performance as well as better battery life.
Otellini says touch is key to Windows 8 adoption, and the new chip will enhance that, too. He says he recently switched to Windows 8 with touch and he thinks it's better than a Windows 7 desktop when using applications built for touch. "There is an adoption curve, and once you get over that adoption curve, I don't think you go back," he says. "And I think people are attracted to touch, and the touch price points today are still fairly high, and they're coming down very rapidly over the next couple of quarters."
He says Intel has written specifications for ultrabooks that will cost as little as $599 with some specially priced at $499 If you look at touch-enabled Intel based notebooks that are ultrathin and light using non-core processors, those prices are going to be down to as low as $200 probably.
Rumored return of Start button
When the next version of Windows 8 -- Windows Blue -- is released later this year look for the Start button. Missing from the initial versions of Windows 8 desktop, the Start button has emerged as the biggest source of complaint from customers about the operating system.
But the rumor, attributed to sources close to Microsoft, are all over the place that Start is coming back, and if it proves false, Microsoft will suffer a renewed wave of complaint about taking it away in the first place and then failing to restore it despite overwhelming popular demand.
Even if the rumor is false, Microsoft should use the time until Blue comes out to make it so.
And if it does prove false, there's already a host of software products that can restore the Start button even without Microsoft cooperation.
Another popular Blue rumor is that users will be able to boot Windows 8 machines directly to desktop mode, avoiding the Windows 8 Start screen that many people find confusing and annoying.
Windows Defender protects Windows 8
"Windows 8 has the lowest malware infection rate of any Windows-based operating system observed to date," according to the latest Microsoft Security Intelligence Report.
Part of the reason is that Windows 8 runs Windows Defender by default, running malware scans in the background and blocking dangerous code. As a result, just 81.% of 32-bit Windows 8 machines and 7% of 64-bit Windows 8 machines are unprotected, the report says.
Also, Windows 8 is still pretty new, so there's been less time for customers to disable the anti-malware or for the real-time protection to expire, the report says. The operating system was only available for the last two months of 2012, and the report covers the second half of the year.
Those Windows 8 machines that didn't have protection turned on had an infection rate 16.2 times greater than machines with protection, according to the report.
The most common threat family found attacking Windows 8 was Win32/Keygen, software that generates product keys for pirated software, allowing the software to be run on a machine illegally, the Microsoft report says. Customers who choose to use these key generators typically turn off malware protection in order to load the generators, increasing their chance of infection, the report says.
The third most common threat found attacking Windows 8 machines was INF/Autorun, malware that is ineffective against Windows 8 even if it is unblocked. Windows Defender blocked it anyway, Microsoft says.
2013年4月24日星期三
2013年4月11日星期四
Windows XP business users offered discount on Windows 8
Microsoft's confirmation that it is really, honestly, genuinely putting Windows XP out to pasture this time next year - a message we've heard several times before from the company - comes with a sugar coating for businesses who will soon need to upgrade: a discount on getting a more modern operating system.
While not as wide-reaching as the company's launch offers for Windows 8, which saw the operating system sold for as little as £15 until jumping significantly in Feburary, the deal is being pushed as a sop for businesses that are going to have to find the cash to upgrade a wealth of legacy hardware from Windows XP by April 2014 or face a bleak future with no security or bug-fix updates.
Designed for small and medium businesses - with larger enterprises being expected to have shelled out for subscription-based licensing that will see them able to upgrade to Windows 8 at no extra cost - Microsoft's Get2Modern offer - yes, that's really what the company has called the programme - allows a company to purchase upgrades at a 15 per cent discount, up to a maximum of 249 discounted licences. While that's better than a kick in the proverbials, there's a slight catch: to qualify, a business has to purchase Windows 8 Pro and Microsoft Office 2013 Standard simultaneously. If you're only looking to upgrade one or the other, then you'll find yourself paying full whack.
Available until the 30th of June for customers buying their licences through Microsoft's Open Licence Programme - available to businesses only - the offer seems a little stingy: Microsoft is ending support for an operating system used by around a third of the web, and while customers have had plenty of notice - its original end-of-life deadline was commuted to April 2014 as the result of poor take-up of Windows Vista in 2008 - that's still a large install base that is looking at the sharp end of an upgrade bill.
This time, however, Microsoft looks to be serious: it has launched a site detailing the reasons to upgrade from Windows XP and Office 2003, support for which also ends in April 2014, talking up the worrying spectre of security risks, software compatibility issues, lack of official support and potential business disruption caused by downtime - blamed, in typically Microsoft fashion, on the age of most Windows XP-based hardware rather than any fault inherent in the operating system - as a means of scaring business customers into compliance.
Whether Microsoft is planning to reintroduce discount Windows 8 pricing for consumers with Windows XP machines remains to be seen - but, for now, the company is concentrating solely on its business customers.
While not as wide-reaching as the company's launch offers for Windows 8, which saw the operating system sold for as little as £15 until jumping significantly in Feburary, the deal is being pushed as a sop for businesses that are going to have to find the cash to upgrade a wealth of legacy hardware from Windows XP by April 2014 or face a bleak future with no security or bug-fix updates.
Designed for small and medium businesses - with larger enterprises being expected to have shelled out for subscription-based licensing that will see them able to upgrade to Windows 8 at no extra cost - Microsoft's Get2Modern offer - yes, that's really what the company has called the programme - allows a company to purchase upgrades at a 15 per cent discount, up to a maximum of 249 discounted licences. While that's better than a kick in the proverbials, there's a slight catch: to qualify, a business has to purchase Windows 8 Pro and Microsoft Office 2013 Standard simultaneously. If you're only looking to upgrade one or the other, then you'll find yourself paying full whack.
Available until the 30th of June for customers buying their licences through Microsoft's Open Licence Programme - available to businesses only - the offer seems a little stingy: Microsoft is ending support for an operating system used by around a third of the web, and while customers have had plenty of notice - its original end-of-life deadline was commuted to April 2014 as the result of poor take-up of Windows Vista in 2008 - that's still a large install base that is looking at the sharp end of an upgrade bill.
This time, however, Microsoft looks to be serious: it has launched a site detailing the reasons to upgrade from Windows XP and Office 2003, support for which also ends in April 2014, talking up the worrying spectre of security risks, software compatibility issues, lack of official support and potential business disruption caused by downtime - blamed, in typically Microsoft fashion, on the age of most Windows XP-based hardware rather than any fault inherent in the operating system - as a means of scaring business customers into compliance.
Whether Microsoft is planning to reintroduce discount Windows 8 pricing for consumers with Windows XP machines remains to be seen - but, for now, the company is concentrating solely on its business customers.
Windows 8 Group Policy Settings That You Should Know
By and large, Windows 8 supports the same collection of group policy settings as Windows 7, so organizations that already have Windows 7 in place can move to Windows 8 with relative confidence that their existing group policy structure will continue to work.
While this is certainly good news for those tasked with keeping Windows secure, there is a bit of bad news. Even though Windows 8 can use Windows 7 group policy settings, those settings alone will likely prove to be inadequate to keep Windows 8 secure.
As you no doubt know, Windows 8 has two widely used modes. On one hand, there is the new modern user interface (formerly known as Metro), but there is also a desktop mode that looks suspiciously like Windows 7. Windows 7 group policy settings do a great job of locking down Windows 8's desktop mode, but they have little impact on the modern user interface.
Thankfully, Microsoft has created a number of new group policy settings that are specifically designed for Windows 8 and Windows Server 2012. There are 169 new policy settings in all (plus some extra settings for Internet Explorer 10). In order to use these new policy settings you will need to either have a Windows Server 2012 domain controller or you can add the policy settings to Windows 8's local security policy.
Windows store policy settings
Some of the most useful new policy settings are related to the Windows store. For organizations that operate managed desktops, the thought of users going into the Windows store and downloading unapproved applications can be stomach churning. Fortunately, Microsoft provides group policy settings that can be used to control access to the store. Group policy settings can be applied at either the user or the computer level and exist at \Administrative Templates\Windows Components\Store. The policy settings themselves are self-explanatory. They include turning off automatic downloads of updates, allowing the store to install apps on Windows To Go workspaces, turning off store applications.
Connected accounts
One of the things that makes Windows 8 really unique is its use of connected accounts. When a user gets ready to log on, Windows 8 gives them the option of logging in using a Microsoft connected account (such as a Windows Live account or a Hotmail account). This account links Windows 8 to online services such as Hotmail, SkyDrive, or even Xbox Live. Of course, these are all consumer-grade services that have no place in most business environments. Worse yet, connected accounts are often tied into social networking sites, such as Facebook.
One of an administrator's first tasks in planning for a Windows 8 deployment should be to prevent users from being able to provide Windows 8 with a connected account. As you have probably already guessed, this can be accomplished through group policy settings.
The policy settings exist at the computer level of the Group Policy hierarchy. You can find them at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Block Microsoft Accounts.
There are actually a couple of different options that you can use when enabling this policy setting. You can either choose the Users Can't Add Microsoft Accounts option or you can choose the Users Can't Add Or Log On With Microsoft Accounts option. The secondary option will prevent Microsoft accounts from being used, even if a user has already added the account to their Windows 8 desktop.
Preventing the accidental removal of modern apps
Windows 8 makes it easy for users to remove modern UI apps. Maybe a little too easy. A user needs only right-click on the app's tile and then tap Uninstall. If you'd rather that users not be able to remove the apps that you have placed on their start screen, you can use group policy settings to prevent them from doing so.
The option to prevent users from uninstalling modern apps is a user-level group policy setting. The option is quite ironically located at: User Configuration\Administrative Templates\Start Menu and Taskbar. This section of the group policy hierarchy contains a number of different settings. The specific group policy setting that you must enable is named Prevent Users From Uninstalling Applications From Start.
Obviously there is no way to discuss hundreds of individual policy settings within the confines of a blog post. While I have tried to discuss some of the more useful policy settings, there are many others. You can access the full list of new group policy settings here. Chances are, there's a policy you need to know about that I couldn't get to.
While this is certainly good news for those tasked with keeping Windows secure, there is a bit of bad news. Even though Windows 8 can use Windows 7 group policy settings, those settings alone will likely prove to be inadequate to keep Windows 8 secure.
As you no doubt know, Windows 8 has two widely used modes. On one hand, there is the new modern user interface (formerly known as Metro), but there is also a desktop mode that looks suspiciously like Windows 7. Windows 7 group policy settings do a great job of locking down Windows 8's desktop mode, but they have little impact on the modern user interface.
Thankfully, Microsoft has created a number of new group policy settings that are specifically designed for Windows 8 and Windows Server 2012. There are 169 new policy settings in all (plus some extra settings for Internet Explorer 10). In order to use these new policy settings you will need to either have a Windows Server 2012 domain controller or you can add the policy settings to Windows 8's local security policy.
Windows store policy settings
Some of the most useful new policy settings are related to the Windows store. For organizations that operate managed desktops, the thought of users going into the Windows store and downloading unapproved applications can be stomach churning. Fortunately, Microsoft provides group policy settings that can be used to control access to the store. Group policy settings can be applied at either the user or the computer level and exist at \Administrative Templates\Windows Components\Store. The policy settings themselves are self-explanatory. They include turning off automatic downloads of updates, allowing the store to install apps on Windows To Go workspaces, turning off store applications.
Connected accounts
One of the things that makes Windows 8 really unique is its use of connected accounts. When a user gets ready to log on, Windows 8 gives them the option of logging in using a Microsoft connected account (such as a Windows Live account or a Hotmail account). This account links Windows 8 to online services such as Hotmail, SkyDrive, or even Xbox Live. Of course, these are all consumer-grade services that have no place in most business environments. Worse yet, connected accounts are often tied into social networking sites, such as Facebook.
One of an administrator's first tasks in planning for a Windows 8 deployment should be to prevent users from being able to provide Windows 8 with a connected account. As you have probably already guessed, this can be accomplished through group policy settings.
The policy settings exist at the computer level of the Group Policy hierarchy. You can find them at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Block Microsoft Accounts.
There are actually a couple of different options that you can use when enabling this policy setting. You can either choose the Users Can't Add Microsoft Accounts option or you can choose the Users Can't Add Or Log On With Microsoft Accounts option. The secondary option will prevent Microsoft accounts from being used, even if a user has already added the account to their Windows 8 desktop.
Preventing the accidental removal of modern apps
Windows 8 makes it easy for users to remove modern UI apps. Maybe a little too easy. A user needs only right-click on the app's tile and then tap Uninstall. If you'd rather that users not be able to remove the apps that you have placed on their start screen, you can use group policy settings to prevent them from doing so.
The option to prevent users from uninstalling modern apps is a user-level group policy setting. The option is quite ironically located at: User Configuration\Administrative Templates\Start Menu and Taskbar. This section of the group policy hierarchy contains a number of different settings. The specific group policy setting that you must enable is named Prevent Users From Uninstalling Applications From Start.
Obviously there is no way to discuss hundreds of individual policy settings within the confines of a blog post. While I have tried to discuss some of the more useful policy settings, there are many others. You can access the full list of new group policy settings here. Chances are, there's a policy you need to know about that I couldn't get to.
2013年4月10日星期三
Microsoft's security apps still trip up on Windows 8
German independent security firm AV-Test has released evaluations of security software for Windows 8 for the first time, and – not entirely surprisingly – it once again found Microsoft's own products were among the weaker performers.
The firm tested its usual batch of 25 antivirus products for consumers, plus eight aimed at corporate users, during the first two months of 2013. It published its results on Saturday.
Microsoft Windows Defender – the rebadged version of Microsoft Security Essentials that comes bundled with Windows 8 – scored just 2.0 out of 6 in AV-Test's Protection rankings. Redmond's enterprise-oriented System Center Endpoint Protection scored a paltry 1.5.
According to AV-Test, Windows Defender managed to spot just 82 per cent of zero-day malware attacks during January and 81 per cent during February, based on 125 samples. The industry average was 95 per cent.
Windows Defender did a little better at detecting "widespread and prevalent" malware, catching 98 per cent of samples thrown at it in January and 99 per cent in February. But that still wasn't quite as good as the industry average, which was 99 per cent.
On the enterprise side, System Center Endpoint Protection caught a consistent 98 per cent of widespread malware samples across both months. That was another subpar showing, though, given that on average, the other enterprise products identified all the samples.
And Endpoint Protection's track record for zero-day malware was even worse than Windows Defender's, spotting just 80 per cent of the samples in January and 83 per cent in February.
Both of Microsoft's products ranked fairly well in other aspects AV-Test looked at. In particular, both scored 6 out of 6 for Usability, with no false positives spotted and no legitimate actions being blocked erroneously. Both offered reasonably good performance as well, although here Endpoint Protection had the edge over Windows Defender.
Many customers might argue, however, that high usability and fast performance aren't much good when the product isn't so hot at what it purports to do: stopping malware.
But others are likely to disagree with AV-Test's assessment of Redmond's security products – not least of which is Microsoft itself. AV-Test has butted heads with the software giant over its testing methodology in the past, which Microsoft says uses malware samples that "don't represent what our customers encounter."
Be that as it may, several other products significantly outperformed Microsoft's on the Protection portion of this round of AV-Test's evaluations. Leading the pack in the consumer sector were products from F-Secure, G Data, Bitdefender, Kaspersky, BullGuard, and Trend Micro, all of which earned perfect scores. Kaspersky and F-Secure topped the list of the enterprise products.
The firm tested its usual batch of 25 antivirus products for consumers, plus eight aimed at corporate users, during the first two months of 2013. It published its results on Saturday.
Microsoft Windows Defender – the rebadged version of Microsoft Security Essentials that comes bundled with Windows 8 – scored just 2.0 out of 6 in AV-Test's Protection rankings. Redmond's enterprise-oriented System Center Endpoint Protection scored a paltry 1.5.
According to AV-Test, Windows Defender managed to spot just 82 per cent of zero-day malware attacks during January and 81 per cent during February, based on 125 samples. The industry average was 95 per cent.
Windows Defender did a little better at detecting "widespread and prevalent" malware, catching 98 per cent of samples thrown at it in January and 99 per cent in February. But that still wasn't quite as good as the industry average, which was 99 per cent.
On the enterprise side, System Center Endpoint Protection caught a consistent 98 per cent of widespread malware samples across both months. That was another subpar showing, though, given that on average, the other enterprise products identified all the samples.
And Endpoint Protection's track record for zero-day malware was even worse than Windows Defender's, spotting just 80 per cent of the samples in January and 83 per cent in February.
Both of Microsoft's products ranked fairly well in other aspects AV-Test looked at. In particular, both scored 6 out of 6 for Usability, with no false positives spotted and no legitimate actions being blocked erroneously. Both offered reasonably good performance as well, although here Endpoint Protection had the edge over Windows Defender.
Many customers might argue, however, that high usability and fast performance aren't much good when the product isn't so hot at what it purports to do: stopping malware.
But others are likely to disagree with AV-Test's assessment of Redmond's security products – not least of which is Microsoft itself. AV-Test has butted heads with the software giant over its testing methodology in the past, which Microsoft says uses malware samples that "don't represent what our customers encounter."
Be that as it may, several other products significantly outperformed Microsoft's on the Protection portion of this round of AV-Test's evaluations. Leading the pack in the consumer sector were products from F-Secure, G Data, Bitdefender, Kaspersky, BullGuard, and Trend Micro, all of which earned perfect scores. Kaspersky and F-Secure topped the list of the enterprise products.
Microsoft Windows 8 Security Software Lacks Teeth
That's one takeaway from a recent study of Windows 8 antivirus products conducted by the independent German lab behind AV-Test, which reviews the effectiveness of endpoint security products.
The firm found that out of nine corporate endpoint security products tested earlier this year, Microsoft's System Center Endpoint Protection security software was the low scorer. Although Microsoft's software was certified by AV-Test for corporate use, it also served as the testing firm's baseline, meaning AV-Test recommends businesses avoid using any software that didn't score at least to that level.
"During January and February 2013 we continuously evaluated nine endpoint protection products using settings as provided by the vendor," said AV-Test's study. "We always used the most current publicly available version of all products for the testing. They were allowed to update themselves at any time and query their in-the-cloud services. We focused on realistic test scenarios and challenged the products against real-world threats. Products had to demonstrate their capabilities using all components and protection layers."
The Microsoft software performed the worst on all tested corporate products on the "protection" front, earning just 1.5 out of 6 possible points. That was based on the software stopping 80% of zero-day attacks, compared with an industry average of 95%. The software did far better at spotting 98% of "widespread and prevalent malware discovered in the past four weeks," although it was still below the industry average of 100%.
For comparison's sake, F-Secure's Client Security 10 and Kaspersky's Endpoint Security 10.1 both led the protection charts with 6.0 scores, followed by Fortinet's FortiClient 5.0 (5.5), Symantec's Endpoint Protection 12.1 (5.0), Webroot's SecureAnywhere Endpoint Protection 8.0 (5.0), Sophos' Endpoint Security and Control 10.2 (5.0), McAfee's VirusScan Enterprise with EPO 8.8 (5.0) and Trend Micro's Office Scan 10.6 (4.5).
Microsoft's System Center Endpoint Protection did, however, perform relatively well in the two other categories assessed by AV-Test: performance (5.0) and usability (6.0).
On the consumer front, meanwhile, Microsoft's Windows Defender 4 -- known as Microsoft Security Essentials (MSE) with previous versions of Windows -- was also certified for use by AV-Test, but likewise placed last in the protection rankings, making Microsoft's offering again the baseline for the comparison test of 26 different consumer antivirus products. The software scored well in both performance (3.5) and usability (6.0), though.
The Microsoft endpoint security product test results represented an improvement for the company's software, which previously failed to pass muster with AV-Test. In November 2012, the testing firm pulled its seal of approval for Microsoft Security Essentials when the product's zero-day attack blocking rate dropped to 64%, compared with an industry average of 89%, and its detection rate for malware that's a few months old dropped to 90%, compared with an industry average of 97%.
Another positive aspect of Microsoft's Windows 8 security software -- known as Microsoft Security Essentials (MSE) in previous version of Windows -- is that's it's free. In Windows 8, furthermore, the software does come enabled by default for all users, unless other endpoint security software has been installed by an OEM, or user install their own endpoint security software. In other words, although Microsoft's free security software might not top the corporate or consumer protection charts, AV-Test CEO Andreas Marx has said that it's literally better than nothing.
Protect the most fragile part of your IT infrastructure -- the endpoints and the unpredictable users who control them. Also in the new, all-digital How To Sharpen Endpoint Security special issue of Dark Reading: Some say the focus should be on education to deal with the endpoint security conundrum; some say technology. But it's not a binary choice.
The firm found that out of nine corporate endpoint security products tested earlier this year, Microsoft's System Center Endpoint Protection security software was the low scorer. Although Microsoft's software was certified by AV-Test for corporate use, it also served as the testing firm's baseline, meaning AV-Test recommends businesses avoid using any software that didn't score at least to that level.
"During January and February 2013 we continuously evaluated nine endpoint protection products using settings as provided by the vendor," said AV-Test's study. "We always used the most current publicly available version of all products for the testing. They were allowed to update themselves at any time and query their in-the-cloud services. We focused on realistic test scenarios and challenged the products against real-world threats. Products had to demonstrate their capabilities using all components and protection layers."
The Microsoft software performed the worst on all tested corporate products on the "protection" front, earning just 1.5 out of 6 possible points. That was based on the software stopping 80% of zero-day attacks, compared with an industry average of 95%. The software did far better at spotting 98% of "widespread and prevalent malware discovered in the past four weeks," although it was still below the industry average of 100%.
For comparison's sake, F-Secure's Client Security 10 and Kaspersky's Endpoint Security 10.1 both led the protection charts with 6.0 scores, followed by Fortinet's FortiClient 5.0 (5.5), Symantec's Endpoint Protection 12.1 (5.0), Webroot's SecureAnywhere Endpoint Protection 8.0 (5.0), Sophos' Endpoint Security and Control 10.2 (5.0), McAfee's VirusScan Enterprise with EPO 8.8 (5.0) and Trend Micro's Office Scan 10.6 (4.5).
Microsoft's System Center Endpoint Protection did, however, perform relatively well in the two other categories assessed by AV-Test: performance (5.0) and usability (6.0).
On the consumer front, meanwhile, Microsoft's Windows Defender 4 -- known as Microsoft Security Essentials (MSE) with previous versions of Windows -- was also certified for use by AV-Test, but likewise placed last in the protection rankings, making Microsoft's offering again the baseline for the comparison test of 26 different consumer antivirus products. The software scored well in both performance (3.5) and usability (6.0), though.
The Microsoft endpoint security product test results represented an improvement for the company's software, which previously failed to pass muster with AV-Test. In November 2012, the testing firm pulled its seal of approval for Microsoft Security Essentials when the product's zero-day attack blocking rate dropped to 64%, compared with an industry average of 89%, and its detection rate for malware that's a few months old dropped to 90%, compared with an industry average of 97%.
Another positive aspect of Microsoft's Windows 8 security software -- known as Microsoft Security Essentials (MSE) in previous version of Windows -- is that's it's free. In Windows 8, furthermore, the software does come enabled by default for all users, unless other endpoint security software has been installed by an OEM, or user install their own endpoint security software. In other words, although Microsoft's free security software might not top the corporate or consumer protection charts, AV-Test CEO Andreas Marx has said that it's literally better than nothing.
Protect the most fragile part of your IT infrastructure -- the endpoints and the unpredictable users who control them. Also in the new, all-digital How To Sharpen Endpoint Security special issue of Dark Reading: Some say the focus should be on education to deal with the endpoint security conundrum; some say technology. But it's not a binary choice.
订阅:
博文 (Atom)