The 5th Security Intelligence Report has been released this covers January to June 2008. The full report can be downloaded here. Here's a quick look at it:

First up we see the percentage of browser exploits on Windows XP vs Windows Vista. We can see on Windows Vista only 5.7% of the exploits are targeting Microsoft code, while on Windows XP that figure is 42.3%.

A break down of the security vulnerabilities on Windows XP looks like this, a mix of Microsoft and 3rd party vulnerabilities.

On Windows Vista however none of the top 10 vulnerabilities being exploited effect Microsoft code. We see a make up of RealPlayer, Apple's QuickTime and several browser toolbars and plugins instead being responsible for the exploits.

Lastly we see the infection numbers for Windows XP and Windows Vista. The most secure client version of Windows being Windows Vista SP1 x64, followed closely behind by the 32-bit client.

What can we draw from this? If you want to keep your system secure 1) Use Windows Vista 2) Don't install any Apple software, RealPlayer, or any dodgy toolbars or plugins on your computer.

Question: These UAC prompts are annoying, can I get rid of them somehow?

Answer: Disable UAC.

WRONG.

If any so called "expert" gives you this advice, ignore it.

If you don't like the prompts you should put UAC into silent mode, it should never, ever under any circumstances be disabled by normal computer users.

Microsoft exposing the ability to disable UAC in the UI came quite late in development, as late as one of the release candidates if my memory serves me, much to my disappointment. Previously it had been hidden away on one of the tabs on mcsonfig. Now anyone can find it on the User Accounts page in the Control Panel.

Pros of disabling UAC:

• No more prompts?

Cons of disabling UAC:

• All applications run with full privileges.
• Internet Explorer loses protected mode, and also runs with full privileges!
• Compromised applications can change anything on the system, with no prompts.
• Application state can be lost as applications look for data in Program Files.
• Requires a system reboot.

Pros of silencing UAC:

• No more prompts.
• Applications continue to run as standard user.
• Internet Explorer runs in Protected Mode, and has fewer rights than a standard user.
• Applications writing data into Program Files get redirected to appropriate user locations.
• No reboot required.

Cons of silencing UAC:

• No more prompts?

The biggest non-security problem comes about because many users disable UAC when they're setting up their machines, when installing their software, many older applications will happily write to Program Files as they're running with full rights to the machine, they'll store their data, and config files there, or in system locations in the registry.

This is a disaster waiting to happen, when UAC is re-enabled the applications will suddenly lose all of its config information and whatever else it has saved into Program Files as UAC redirects them to where they should be writing their data, in locations writable by standard users, such as ProgramData or AppData. Many applications will however happily recreate their information with the default settings. Some however will break horribly, I've run into situations where applications won't uninstall or install because its state has gotten so muddled due to the user disabling and enabling UAC over and over. They had to be manually removed from the system and then reinstalled.

How to put UAC into silent mode.

Go to Control Panel -> System and Maintenance -> Administrative Tools -> Local Security Policy (alternatively you can launch by typing secpol.msc in Start Search).

From there navigate your way to Local Policies -> Security Options.

There will be an option for 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode'. It has three options, 'Prompt for consent' (default), 'Prompt for credentials' (requires the user to enter a password as well) and the last one 'Elevate without prompting' (which I call silent mode).

If you're running a home system without the Local Security Policy options you can also make the change by changing the registry. Run regedit from Start Search, and make your way to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Look for 'ConsentPromptBehaviorAdmin' the default option is 2, while 1 prompts for a password and 0 elevates without prompting.

It seems that Mr Naughton is a tad upset about the media coverage Microsoft has been getting lately, a few articles over the last week or so have directly quoted Steve Ballmer because of his recent trip to the UK. Heaven forbid.

Ballmer was in town last week, graciously granting audiences and genially talking through his hat. Yet his every word was reverentially chronicled. The BBC's Rory Cellan-Jones reported Ballmer's metaphorical comparison of Microsoft (annual revenues, $60bn; 90,000 staff) as 'David' in comparison to Google's 'Goliath' (annual revenues $20bn; 19,000 staff).

What's wrong with that? Oh you're trying to make it seem that Microsoft is the Goliath – well sure, they're the larger company but then they're active in more businesses than Google who have one business which is online advertising. Google control depending on the country between 50% and 90% of the online advertising market, primarily through its search engine. Microsoft on the other hand commands worldwide about 9% of the search market. Of course Naughton is fully aware that this was the comparison that Ballmer was making, which is why he's talking about Google, but why bother to report it in context when you can make it seem like Ballmer is nutty straight off?

Commenting on Google's just-launched Android platform for mobile phones, Ballmer declared that 'an open-source solution would not be attractive to phone manufacturers

His opinion, and historically accurate, Linux for example hasn't gained any traction in the mobile phone market.

...and predicted that Windows mobile phones would stay ahead of BlackBerry, Apple's iPhone and Google Android in the smartphone market

Despite the hype over Blackberry, iPhone and Android - Windows Mobile outsells them. Blackberry is close, and possibly slightly ahead in the United States, but Windows Mobile is much stronger in Europe. As for the iPhone, Microsoft sells 20 million Windows Mobile devices in a year. Apple project 10 million iPhones sales this year, however for the first quarter of the year they only moved 1.7 million. IDC project Windows Mobile to continue to outsell iPhone 2 to 1 in the consumer space until 2012, and 9 to 1 in the business space.

And he went on to say that Windows Vista had been 'the most popular operating system that Microsoft had ever introduced'.

It's certainly the fastest selling, both on raw sales figures, but also on how quickly it is spreading through the PC ecosystem, which is larger than ever before. Windows XP sold 17 million units in its first 2 months on the market; Windows Vista achieved 20 million in the first month. Windows XP was on 16.9% of all computers by the end of 2003, about two years after launch; Windows Vista on the other hand was on 18.3% of all computers a year and a half after release, by the end of the year that's projected to be 21.3%.

Unfortunately for John Naughton, despite how he attempts to spin it, Ballmer is actually spot on. But that's not all Naughton does to demonstrate his ignorance.

This hooey was conscientiously relayed by Cellan-Jones, who was too polite to ask why, if Vista is such a success, Ballmer is to unveil its successor, Windows 7, to the Microsoft developers' conference at the end of this month.

Microsoft holding its developer conference two years after release isn't unusual, in fact it is to be expected, the Windows team has been working for last two years and they're ready to start showing off what they've been doing. Microsoft held a PDC in October 2003, two years after Windows XP shipped to introduce Windows Vista (then codenamed "Longhorn"). Here we see Microsoft doing another PDC in October, about 2 years after Windows Vista was finished to introduce Windows codename "7". Getting the people who actually write software (and the hardware, the hardware conference is the following week) for a platform in on the process early means they're not caught off guard by a new release of Windows and then have to work to make all their old applications compatible, they can play with the early version of Windows "7" now so they can start getting ready for its release.

Perhaps Rory Cellan-Jones actually knows something, unlike Naughton, which is why he didn't need to ask Ballmer such a dumb question.

Let's put this bit of FUD to rest.

Fact: Windows Vista on launch was around 5-10% slower than Windows XP for gaming, this was largely due to video drivers not being as mature.

10% isn't even noticeable, I'd happily trade 10% for video drivers which don't take out the entire system when they crash thanks to them running in User Mode in Windows Vista instead of Kernel Mode like they do in Windows XP.

Fact: That gap was closed months ago, and now in many benchmarks Windows Vista is faster.

From ExtremeTech:

They also benchmarked World in Conflict, where the two were dead level.

Conclusion: there's no difference, and if somebody wants to get picky and argue Windows XP must be faster, kindly point them in the direction of some benchmarks.

Not surprising.

Spurred by an e-mail from someone deep in the marketing ranks, Microsoft last week traveled to San Francisco, rounding up Windows XP users who had negative impressions of Vista. The subjects were put on video, asked about their Vista impressions, and then shown a "new" operating system, code-named Mojave. More than 90 percent gave positive feedback on what they saw. Then they were told that "Mojave" was actually Windows Vista.

Should get some content posted up on the Mojave Experiment website tomorrow, at the moment it's just:

The
"Mohave"
Experiment

duration: 3 days in San Francisco, July 2008
conditions: Partly Cloudy, 57 degrees
subjects: Over 120 computer users (Mac, Linux, Windows XP and Windows 2000)
hardware: An HP Pavilion DV 2000 with 2 GB of RAM
technical assistance: A retail computer salesperson
description: Subjects get a live 10-minute demo of "the next Microsoft OS" codenamed "Mohave" – but it's actually Windows Vista

The results?

See for yourself Tuesday, July 29th

Despite the FUD spread around by the press (who don't understand technology), and the anti-M$ brigade, Windows Vista is the best client operating system out there, it is far superior to Windows XP, which after using Windows Vista full-time for over two years now, feels extremely dated.

What a rubbish article, I'm very disappointed at the New York Times for allowing this to go to print. Almost as much as the BBC giving the Free Software Foundation free access to write technology articles on their website, the equivalent of letting Microsoft have their marketing department write for the BBC.

Windows Could Use a Rush of Fresh Air

Ohhh that's new-age sounding, it's gotta be good.

Beginning as a thin veneer for older software code

Yup Windows began as a GUI for DOS.

it has become an obese monolith built on an ancient frame

Wrong, there's nothing of the "ancient frame" remaining in Windows today. It's completely different. More details below.

Adding features, plugging security holes, fixing bugs, fixing the fixes that never worked properly, all while maintaining compatibility with older software and hardware

Oh yeah all very good. Let's stop doing that, we won't add any new features. Then of course you'll be complaining because the new version of Windows doesn't have anything new. Security holes, OK we won't do anything about those, patching bugs, meh we'll just sell you the new version instead like Apple do. Compatibility, ah nobody needs that, we'll just stop worrying about that so you can buy all your hardware and software again every time a new version is released.

What planet is this guy on? Anything as an excuse to bash Windows.

Vista is the equivalent, at a minimum, of Windows version 12 — preceded by 1.0, 2.0, 3.0, 3.1, NT, 95, NT 4.0, 98, 2000, ME, XP. After six years of development, the longest interval between versions in the previous 22-year history of Windows, and long enough to permit Apple to bring out three new versions of Mac OS X, Vista was introduced to consumers in January 2007.

Oh here we go Apple must be nimble and quick because Microsoft didn't release anything new for six years. Wrong.

Microsoft shipped two server releases, four versions of Media Center, and at least two Tablet PC Editions, without counting Windows Mobile and Embedded that's eight versions of Windows right there. I should also mention Windows XP SP2, which could of been sold quite easily as a new version of Windows - Microsoft put pretty much the entire Windows team on SP2 for a year, pushing Windows Vista back so they could give you a free upgrade. I suppose you'd rather of seen a Windows XP R2 or SE in the shops for $200 though right?

The internal code name for the next version is “Windows 7.” The “7” refers to nothing in particular

Wrong, the seven refers to the next major version of the NT kernel, which in Windows Vista and Server 2008 is version six.

Yes version six (with four major releases), so your twelve versions of Windows is junk too. Why? Because there was a version of Windows started up from the ground up. It's called NT, which is why your ancient frame comment in your first sentence is utter nonsense. In fact Microsoft did it so well that apparently Randall doesn't even know they pulled it off.

the company should take heart from Apple’s willingness to brave the wrath of its users when, in 2001, it introduced Mac OS X. It was based on a modern microkernel design

Completely different. Apple took an existing operating system, FreeBSD (based on Unix) and built on it. So on the one hand you're proposing they "borrow" somebody else's operating system, and on the other hand you're telling them to start over fresh. Which is it Randall?

Asking Microsoft to chuck compatibility in the bin and start over new would be the biggest disaster ever in the technology industry, and no doubt the most expensive undertaking in history. Do you have any idea of the scale of forcing a complete overhaul for over a billion computers? Apple only had to worry about the backlash of a few million of their strongest supporters. Microsoft have to worry about a billion computer users, the largest companies in the world and everyone else. Talk about letting Microsoft give ammunition to people like you, who in next week's article would be attacking Microsoft for hurting backwards compatibility.

Windows Vista represents the biggest leap forward in changing the system since Windows 95, huge aspects of the operating system were thrown away and written from the ground up, NT security measures were enforced. That hurt compatibility, and Microsoft spent a considerable amount of time working on using visualisation to keep the impact to a minimum (something I believe they were extremely successful with). Something the scale of change we saw in Windows Vista was really as far as Microsoft could push it. Don't get me wrong, I'm one of the people who say we need to move forward, and that ensuring compatibility does hold things back. But what you're saying a completely re-write of the entire system from scratch, with modern ways of building a system is so far out of the real world. The press and blogosphere have a field day with Windows Vista already because it was so much of a change (completely unwarranted in my opinion Windows Vista is the best OS to date), what you're suggesting would amplify it a hundred times over. But I've got a feeling that's what Randall wants to see, or at least the people he got all these crazy ideas from.

They believe that problems like security vulnerabilities and system crashes can be fixed only by abandoning system design orthodoxy, formed in the 1960s and ’70s, that was built into Windows.

Now he's talking utter crap. Mac OS X you keep going on about is based on Unix from the 1960s!

Windows NT comes from the early 1990s, it was based on VMS which was created to address all the problems with Unix. You've got things completely upside down Randall. And even if they were right, it's not like you can use old or modern in this space to assume an operating system is good or not.

A MONOLITHIC operating system like Windows perpetuates an obsolete design.

What? Oh you're using a technical term to the general public so they think monolithic means bloated and big, and even that is 10 years out of date. This strikes me like creationists calling evolution a "theory", knowing full well how the general public understand the word, and how scientists use it are completely different. Windows NT uses a hybrid-kernel, not a monolithic kernel. He seems to be brushing over the fact that internally it is extremely modular, and not at all similar to something like Windows 95 or Linux, which use a monolithic kernel.

We don’t need to load up our machines with bloated layers we won’t use. We need what Mr. Silver and Mr. MacDonald speak of as a “just enough” operating system. Additional functionality, appropriate to a given task, can be loaded as needed.

What you mean like Windows? When you need to load something, you load it up and when you're finished you close it so it's not using any resources. Jeez.

I can't even be bothered talking about the rest, this guy just has absolutely no clue, everything he says is wrong, it started off completely wrong, and he just went further and further towards cluelessness. He's got so many concepts just completely backwards, and he's propagating so many myths straight out of the Apple/Linux crowd like Microsoft didn't do anything for six years between Windows XP and Windows Vista.

You're wrong Randall, totally wrong.