microsoft Archives - COBRA softwares
02 Nov

microsoft macro blocker

Microsoft adds macro blocker to Office 2013 to stymie old-school attackers

downloaddownload
 Admins can take users out of the equation with feature ported from Office 2016

Microsoft yesterday said that it had added a malware-in-macros blocker to Office 2013 after customers demanded that it expand the feature beyond the latest version, Office 2016.

“The predominant customer request we received was for this feature to be added to Office 2013,” the Microsoft Malware Protection Center team wrote in an unsigned blog post Wednesday.

IT administrators have been able to block macros from running in Office 2016 since March. Enterprise IT staff can craft group policies to restrict macros, completely block them, or amplify the warnings users normally see before a macro is opened.

The same capability was extended to Office 2013 last month, Microsoft said.

As Microsoft contended, users had called on the company to bring the feature to other editions. “Great feature, now how about for older versions of Office?” asked Jarrod Morago in a March comment appended to the original explanation of the feature in Office 2016.

“This should get added to Office 2013 as well,” argued someone identified only as Todd. “That would be a goodwill gesture that would go a long way in organizations that are often behind, such as health care.”

The group policy blockade was a response to an increase in malware that relied on users enabling macros within Word, Excel or PowerPoint. “Malware authors have become more resilient in their social engineering tactics, luring users to enable macros in good faith and ending up infected,” Microsoft said.

Malicious macros were once a popular infection vector, but as Microsoft tightened the screws in Office, the technique became outmoded. In the last two years, however, the threat resurfaced as attackers created ever-more-convincing appeals to open attached Office documents and switch on macros.

Microsoft will support Office 2013 until April 11, 2023, but its predecessor, Office 2010, drops off the support list in October 2020. Because the latter is in its last five years of support, and because Microsoft is not obligated to add new features during that period, it’s unlikely that admin-based blocking will also be extended to Office 2010.

Share this
21 Jul

France orders Microsoft to stop tracking Windows 10 users

France’s data protection commission has ordered Microsoft to “stop collecting excessive user data” and to stop tracking the web browsing of Windows 10 users without their consent. In a notice published on Wednesday, the CNIL said that Microsoft must also take steps to guarantee “the security and confidentiality” of its users’ personal information, after determining that the company was still transferring data to the US under the “Safe Harbor” agreement that an EU court invalidated in October. Microsoft has three months to comply with the orders, the CNIL said.

The CNIL, France’s privacy watchdog, based its decision on an investigation carried out between April and June of this year. The organization says that other European data protection authorities formed a “contact group” to investigate Microsoft’s data collection practices following the release of Windows 10 last June. In September 2015, Terry Myerson, Microsoft’s Windows chief, responded to growing privacy concerns surrounding Windows 10, saying that the operating system “collects information so the product will work better for you,” and that users “are in control with the ability to determine what information is collected.”

CNIL wants “users to make their choice freely”

The CNIL says it decided to issue the notice due to the “seriousness of the breaches and the number of individuals concerned,” saying there are more than 10 million Windows users in France. The CNIL found that Microsoft is collecting “excessive” data on Windows 10 users, including the specific apps they download and how much time they spend on each one. The organization added that the company uses cookies to serve personalized ads without properly informing users or allowing them to opt out, and that the four-character PIN system used to access Microsoft services is insecure, because there is no limit on the number of attempts a user can make.

If Microsoft does not comply within the three-month window, the CNIL says it may appoint an investigator who could recommend sanctions against the company. “The purpose of the notice is not to prohibit any advertising on the company’s services but, rather, to enable users to make their choice freely, having been properly informed of their rights,” the CNIL said in a statement.

The CNIL has issued similar notices against US tech companies in the past. Last year, the organization ordered Google to expand Europe’s “right to be forgotten” ruling to cover all Google sites, and earlier this year, it ordered Facebook to stop tracking the web browsing of non-users, giving the company three months to comply.

In a statement provided to Reuters, Microsoft vice president and deputy general counsel David Heiner said that the company will work with CNIL to develop “solutions that it will find acceptable.”

Share this
06 Jul

Microsoft confirms Surface 3 production will end this year, has no public plans for a follow-up

Microsoft has confirmed that its Surface 3 tablet, already in short supply, is in the process of being phased out. Microsoft will stop distributing the device by December at the latest, with no word yet on whether the company will replace its lower-end Surface hardware. In a statement sent to press, a Microsoft spokesperson said:

Since launching Surface 3 over a year ago, we have seen strong demand and satisfaction amongst our customers. Inventory is now limited and by the end of December 2016, we will no longer manufacture Surface 3 devices.

The original Surface RT and Surface Pro were announced just over four years ago, but neither was a smash hit out of the gate. The Surface RT was built on an underpowered Nvidia Tegra 3 and Microsoft badly flubbed its messaging on how its ARM-compatible version of Windows differed from its x86 counterpart. Surface 2 offered much-improved performance courtesy of Nvidia’s Tegra 4, but it was Surface 3 that returned the lower-end Surface platform to the x86 arena, courtesy of Intel’s x7-Z8700 SoC. That chip offers a base clock of 1.6GHz, a 2.4GHz base frequency, two LPDDR3-1600 memory channels, and a Scenario Design Power (SDP) rating as low as 2W.

Of the three non-Pro Surface tablets, the Surface 3 was by far the best-received of the bunch, which makes Microsoft’s cancellation with no word of a successor a bit of a surprise.

The Surface 4 SoC conundrum

Normally, Microsoft would continue adopting Intel’s lower-end Atom SoCs for Surface devices while relying on a mixture of Core M and Core i3/i5/i7 parts for the Surface Pro or Surface Book families. Intel’s decision to cancel its smartphone and tablet products undoubtedly threw a wrench into these plans, and it’s not clear what alternate hardware Microsoft could even use.

Surface3

Surface 3, without its Type Cover. Small tablets need small CPU cores.

Intel doesn’t provide TDP figures for its Atom Z8700 family and it doesn’t give SDP ratings for its Core M hardware. The lowest TDP configuration for current Core M chips is 3.5W — respectably low, but not a useful point of comparison since we don’t know how the two metrics relate to each other. Intel’s list prices, on the other hand, are a matter of public record — and the $281 price tag on a Core M is far above the $37 list price for an Atom SoC. You can say good-bye to x86 2-in-1’s at $400 – $500 price points if OEMs have to move to Core M processors.

AMD doesn’t appear to have anything that would fit Microsoft’s needs, either. The company made a few overtures to the tablet market several years ago but never seriously tried to enter the market. An updated version of AMD’s Puma+ SoC built on 14nm might have been able to address this space, but AMD decided not to update its cat cores past the 28nm node (at least, not in the PC space).

Rumors suggest that Microsoft might have held off on updating the Surface family this year so it can launch new hardware alongside its next major Windows 10 release, codenamed Redstone 2 and expected to arrive in early 2017. Redmond’s options for a new Surface 3 successor, however, will still be quite limited. It can opt for Apollo Lake and accept higher power consumption, but the increased thickness and noise wouldn’t play well with consumers and Microsoft isn’t going to launch an ARM-only Surface 4. Keep in mind, all of this discussion applies only to the standard Surface family — Microsoft is expected to update the current Surface Book and Surface Pro 4 later this year or early next.

The simplest path for Microsoft to take would be to kill Surface 3 outright, keep iterating on the Surface Pro family, and let third-party OEMs like Dell and Asus handle the lower-end of the market. It would be disappointing to see the lower-end Surface line die just after it finally found secure footing. Unless Intel is willing to build custom hardware for Microsoft’s relatively limited needs there may not be a replacement solution on the market.

Share this
01 Jul

Microsoft claims Edge delivers 70% more battery life than Chrome

464297-microsoft-edge-browser-640x361

Microsoft’s Edge browser has been trailing in terms of adoption and usage, even as Windows 10 has won increasing market share. The company has released an official report documenting the power efficiency advantages of using Edge, the new browser it debuted with Windows 10, partly in the hope of convincing more users to spend time with the application. Now, Redmond is claiming that Edge can deliver up to 70% more battery life than Google Chrome.

The team behind the metrics published a blog post in which they detail how Microsoft conducts its tests, as well as information on its power testing criteria and data on how it modifies platforms to measure instantaneous energy consumption. The video comparing power consumption using streaming video is below:

If you read over other blog posts, you’ll note that different scenarios present different comparison metrics for Chrome, Edge, Firefox, and Opera. Each browser’s performance varies depending on the specifics of the workload, but according to Microsoft, Edge is always the consistent winner.

Browser power

Obviously, Microsoft is scarcely a neutral party on this front, but data from other parts of the web at least indirectly backs up the company’s claims. Tests performed at BatteryBox from last year showed that Chrome was often a battery hog on OS X as well. Several years ago, Google fixed a Chrome “feature” that set the system interrupt timer to tick at its lowest possible value across the entire operating system. This had a significantly negative effect on Windows battery life. Obviously other issues remain unresolved, and multiple articles have noted that Chrome doesn’t run particularly well on systems with relatively low-end hardware.

Speed and responsiveness versus battery life

The battle between responsiveness and power consumption dates back at least as far as the introduction of Intel‘s SpeedStep technology. Early SpeedStep systems could lower their operating speeds to reduce power, but the first iterations of the technology could be thrown off and refuse to spin up its clock speed properly (or to reduce it when applicable). Power management on modern computers is now sophisticated enough that even the “Low power” option is often acceptably responsive (though this will vary depending on how many applications you juggle and what your use cases are).

In this day and age, the browser is the application that virtually every user runs on a daily basis, and therefore the single most important application when it comes to reducing overall system power consumption. Chrome has always been architected with speed and responsiveness in mind. That suited the browser extremely well when it was a young upstart challenging established platforms like Firefox or Internet Explorer. Based on battery testing from multiple sources, Chrome really does use more battery life.

Whether this will result in any changes to Chrome, on the other hand, remains to be seen. Microsoft didn’t get serious about fixing problems with Internet Explorer 6 until Firefox had already seized 13.5% of the browser market share (based on Net Applications’ reporting at the time). Chrome’s star has been ascendant for a number of years, at the expense of its competitors at Redmond and Mozilla — until that stops being the case, Google may feel it has no reason to respond to these allegations. Then again, given how important battery life is these days, the company would be foolish to ignore such an obvious performance issue.

Share this
24 Jun

Microsoft finds diagnostic clues in Bing search histories

Servers1

If you ever felt a chill and wondered whether someone, somewhere, could see your search history…now you know. Yes. They have. But they’re using their powers for good. Microsoft scientists have come out with a demo showing that by analyzing a large volume of anonymized queries from their Bing search engine, scientists may be able to identify internet users who are suffering from pancreatic cancer, even before the querent has been diagnosed with the disease.

“We asked ourselves, ‘If we heard the whispers of people online, would it provide strong evidence or a clue that something’s going on?’” said Dr. Eric Horvitz, coauthor. Horvitz, Dr. Ryen White, also of Microsoft, and Columbia grad student John Paparrizos teamed up to work with searches conducted using Bing, Microsoft’s search engine, that indicated someone had been diagnosed with pancreatic cancer. Starting from when queries appeared suggesting the diagnosis, they worked backward in time, hunting for search terms further back in the sample histories that could have shown that the Bing user was experiencing symptoms.

The researchers believe that patterns in those early searches can be red flags that warn of major health problems down the road. The researchers reported in the Journal of Oncology Practice that they could identify between 5 and 15 percent of pancreatic cancer cases, but they did so with false positive rates of as low as one in 100,000. This is like how rapid strep cultures work. They don’t catch strep every time, but when they do report positive results, they’re quite sure it’s strep and not something else.

Coming from a background of both medicine and computer science, Dr. Horvitz said he began looking into this area after a phone conversation with a friend who had described symptoms. Based on their conversation, Dr. Horvitz advised his friend to seek medical attention. He was, in fact, diagnosed with pancreatic cancer, and died several months later.

cancer cells

Cancer cells.

While the anonymized data means that the researchers can’t reach out to the individuals whose data it was, it’s clear that the next steps are practical, logistical. Scientists must learn how to use big data without mistaking quantity for quality of information. Refining the way we handle such biostatistics could enable a whole new class of inexpensive, data-powered health services. “Might there be a Cortana for health some day?” mused Dr. Horvitz.

It makes sense. How many times have you searched for symptoms online rather than go to the expense and trouble of seeing a doctor? This kind of data could be a diagnostic gold mine if we could isolate reliable search patterns; Google has already started surfing this wavefront, but their foray into predictive medicine mostly served as an example of how not to handle big data. But Google Flu often missed high (PDF). Could that fact just represent how easy it is to Google symptoms, compared to getting medical care? We don’t necessarily know that there’s a 1:1 relationship between people who search for flu symptoms, and people who have the flu. It seems like more eyes on the problem, yet again, is the answer.

On the other hand, weren’t we just asking who guards the data? It seems like there are obvious HIPAA implications here. Any such database would be a tantalizing target for black hats and commercial interests. Is Minority-Report-esque precognition of your search history something that you can consent to with a clickthrough TOS?

“I think the mainstream medical literature has been resistant to these kinds of studies and this kind of data,” Dr. Horvitz said. “We’re hoping that this stimulates quite a bit of interesting conversation.” Next they’ll be telling us we should make our browser histories freely available — for science.

Share this
14 Mar

Unreal developer blasts Microsoft, claims company wants to monopolize game development

The Windows Store and therestrictions it places on games and game settings have been rising over the past week, ever since the release of Ashes of the Singularityand Gears of War Ultimate Edition. We’ve reached out to Microsoft in an attempt to clarify some of these issues, specifically those related to V-Sync, WDDM 2.0, and the current limits that lock down Windows Store titles. Tim Sweeney, the founder of Epic Games and lead developer on the Unreal Engine, recently blasted Microsoft’s Universal Windows Platform, UWP, and called for a complete boycott of the platform.

unreal development

In an op/ed for The Guardian, Sweeney describes Microsoft’s actions as an aggressive attempt to lock down the Windows ecosystem, thereby monopolizing both application distribution and commerce. He writes:

Microsoft has launched new PC Windows features exclusively in UWP, and is effectively telling developers you can use these Windows features only if you submit to the control of our locked-down UWP ecosystem. They’re curtailing users’ freedom to install full-featured PC software, and subverting the rights of developers and publishers to maintain a direct relationship with their customers.

Sweeney states that he has no problem with the Windows Store as such, but takes issue with the way Microsoft has locked down the platform. Because Microsoft controls the only distribution point for UWP applications, no other company can offer equivalent software. Side-loading can be enabled, but it’s off by default and could be removed entirely in a future Windows Update.

timsweeney-ed

Epic Games founder and Unreal engine developer, Tim Sweeney

Sweeney calls on Microsoft to allow UWP applications to be distributed just as Win32 applications are now, for any company to be allowed to distribute UWP applications, including Steam and GOG, and that users and publishers should be allowed to directly engage in commerce with each other without paying a 30% fee to Microsoft. It should be noted that Valve, which owns the vast majority of digital distribution on the PC, also charges a 30% fee.

This true openness requires that Microsoft not follow Google’s clever but conniving lead with the Android platform, which is technically open, but practically closed…

The ultimate danger here is that Microsoft continually improves UWP while neglecting and even degrading win32, over time making it harder for developers and publishers to escape from Microsoft’s new UWP commerce monopoly. Ultimately, the open win32 Windows experience could be relegated to Enterprise and Developer editions of Windows.

Right now, the Windows Store is a mess compared with the gaming options available on Steam, GOG, and even publisher-specific options like Origin or uPlay. Microsoft clearly wants to jump-start the store with options like cross-purchase with the Xbox One, but the Gears of War port we got earlier this week was a poor way to do that. Sweeney pulls no punches here, either, writing:

In my view, if Microsoft does not commit to opening PC UWP up in the manner described here, then PC UWP can, should, must and will, die as a result of industry backlash. Gamers, developers, publishers simply cannot trust the PC UWP “platform” so long as Microsoft gives evasive, ambiguous and sneaky answers to questions about UWP’s future, as if it’s a PR issue. This isn’t a PR issue, it’s an existential issue for Microsoft, a first-class determinant of Microsoft’s future role in the world.

Them’s fightin’ words. But is it true?

Is Microsoft trying to take over PC commerce?

It’s interesting to me that Sweeney, who works on one of the leading PC gaming engines, didn’t say much about technical limitations or problems implementing specific features that PC gamers want. The word from Microsoft (such as it has been) on these restrictions is that solutions to the various technical problems are coming. AMD is adding DirectFlip to its DX12 drivers, a V-Sync “fix” is in the works at Redmond, and patches are in development for Gears of War.

The technical issues that the press and readers have been cataloging, in other words, may simply be a sign of a still-developing ecosystem and early support.

Sweeney’s argument isn’t technical, it’s economic. And I can see where he’s coming from. There’s an old saying: “If all your traffic comes from X, your customers (or readers) aren’t yours — they’re X’s.” The rise of Facebook and social networking has had an enormous impact on web publishing — more and more traffic flows over these sources, and less comes in direct web searching or homepage visits. The idea of typing a direct URL into a browser window is apparently an anachronism.

Even Sweeney admits that the Windows Store as it exists today is a shadow of what it would need to be to actually start locking down the game industry. His remarks remind me of Gabe Newell’s back when Microsoft launched Windows 8. The Windows Store is at least a tremendous theoretical threat to Steam — if Microsoft dominated game distribution, Valve, which currently owns most of the digital PC gaming space, would see its revenue plunge. Sweeney may be sincere when he claims to be fighting for the rights of both gamers and publishers, but that doesn’t mean he wants to pay Microsoft a 30% cut for distributing games on the Windows Store platform.

I don’t think Microsoft will ever open the UWP application concept to any and all programs, but hopefully we’ll see some technical improvement to the applications distributed via this method. Allowing Valve or GOG to publish games that have been certified as UWP-compatible also seems like a fair change, provided those titles aren’t gimped like the current products sold via the Windows Store.

Personally, I’m not sure if I agree with Sweeney or not. The puzzle pieces he’s fit together are definitely on the table — Microsoft has moved to new revenue models with Windows 10, the Windows Store lockdown mirrors what Android and iOS already do, and Universal applications are meant to replace the older Win32-style apps in the long run. I’m not sure the PC software industry is particularly interested in doing that, and there are some practical reasons not to — Windows Store applications are restricted in ways that can result in an inferior user experience.

Even if Microsoft has no plans to go full villain, the concerns he raises are valid, and the lack of communication from Redmond on many of these issues is disquieting.

Share this
08 Mar

Microsoft cancels Fable Legends, closes Lionhead Studios

Microsoft announced today that it is cancelling its next-generation Fable title, Fable Legends. The game, which we’d previewed as an up-and-coming DirectX 12 title last fall, was the only title in development at Lionhead Studios, which Microsoft purchased back in 2006.

Fable Legends was a cooperative RPG that allowed a team of four heroes to challenge the Villain of the story in a five-way battle. The game had previously been set for an open beta beginning this spring and would have been Fable’s first foray into free-to-play gaming.

Microsoft has released a statement on the closure of Lionhead Studios, and the imminent closure of another studio, Press Play.

After much consideration we have decided to cease development on Fable Legends, and are in discussions with employees about the proposed closure of Lionhead Studios in the UK. Additionally, we will close Press Play Studios in Denmark, and sunset development on Project Knoxville.

These have been tough decisions and we have not made them lightly, nor are they a reflection on these development teams – we are incredibly fortunate to have the talent, creativity and commitment of the people at these studios. The Lionhead Studios team has delighted millions of fans with the Fable series over the past decade. Press Play imbued the industry with a unique creative spirit behind games like Max: The Curse of Brotherhood and Kalimba, which both captured passionate fans. These changes are taking effect as Microsoft Studios continues to focus its investment and development on the games and franchises that fans find most exciting and want to play.

Project Knoxville was a third-person multiplayer survival game that would have included cooperative gaming elements, while Lionhead Studios was known for its work on both Black and White and Fable. Prior to this announcement, the studios last release was Fable: Anniversary. Microsoft hasn’t said that it’s 100% for-certain closing Lionhead, but the company has refused to expand on its previous remarks. Given that Fable Legends is definitively cancelled, and that’s pretty much all Lionhead has done for nearly a decade, it’s unlikely the studio would continue to exist in its current form, no matter what.

microsoft

Fable Legends was supposed to be one of the major DirectX 12 titles, alongside Ashes of the Singularity and Gears of War. With its cancellation, Ashes is currently the only robust DirectX 12 title we can point to for a reasonable preview of the next-gen API. That’s frustrating for anyone hoping to get a better sense of how AMD and Nvidia compare in DirectX 12, but the new API is coming, no matter what — it’s just going to take a little longer than we thought to get here.

 

 

Share this

© 2015-2020 COBRA Softwares Pvt Ltd. All rights reserved.