Ed Bott's Microsoft Report

September 4th, 2008

Microsoft finally earns a passing grade (barely) for WGA

Posted by Ed Bott @ 4:10 pm

Categories: Windows Vista, WGA

Tags: Report, Activation, Microsoft Windows XP, Microsoft Windows Genuine Advantage, Microsoft Windows Vista, Product Key, Microsoft Corp., Forum, Product ID Number, Microsoft Windows

Microsoft launched its Windows Genuine Advantage (WGA) anti-piracy program in early summer 2006. Its first year was, to put it charitably, a disaster. An epic fail. A big fat F on the year’s report card.

A certain amount of error is inevitable in any activation and registration system, but those numbers were clearly too high when WGA first rolled out. In an interview last week, Microsoft WGA director Alex Kochis tacitly acknowledged that fact, pointing out that “we’ve made major strides in the accuracy of the program” in the past two years.

How bad was it? Users began suffering unpleasant consequences almost immediately, including system failures and false positives that flagged perfectly legitimate Windows copies as “non-genuine.” I wrote about WGA and its problems extensively throughout 2006 and 2007, documenting the extent of the problems. (The complete index of WGA-tagged posts is here.) In August 2006, I performed an exhaustive survey of problem reports from Microsoft’s own WGA support forum and discovered that “42% of the people who experienced problems with WGA and reported those problems to Microsoft’s public forums during that period were actually running Genuine Microsoft Windows.”

There was another wave of failures in October 2006 and the first reports of Vista validation problems appeared in February 2007. I met with managers of the WGA program several times in early 2007 and we discussed how they were responding to these issues. To their credit, they made major changes in support policies, back-end systems, and the online experience. But in August 2007, just as the WGA program appeared to be running smoothly at long last, “human error” caused a WGA server failure, with an estimated 12,000 legitimate customers affected. Most of the glaring bugs in the system had been worked out, as I discovered when I examined forum reports from December 2006 and discovered that the failure rate had dropped from 42% to 22%. That failure rate was still too high to rate anything higher than a D-.

The August 2007 outage inspired a wave of rethinking and re-engineering at Microsoft to ensure that this sort of problem couldn’t happen again, Kochis says. “We needed to think about what the impact to the customer was so that we minimize negative impact on customers. In response, we put in place what we call a ‘circuit breaker.’” According to Kochis, the systems are now monitored continuously in real time, through automated systems and by engineers. “If we detect anything that’s happening in response to our automated and human monitoring, one of the first things we do is evaluate pulling the breaker, which will [respond to] any system that calls in for validation and either use the last validation status for that system or just pass that system for that moment in time.” In effect, any time an anomaly in the system is detected, the result defaults in the customer’s favor, declaring the system “genuine,” at least until the next check.

Page 2: No false positives for Windows XP?

Page 3: Windows Vista is more complicated

Page 4: For 2008, WGA gets a C+

Kochis also says the WGA group has revamped its internal processes to make them more responsive to issues that might affect Windows customers. “We do drills,” he told me, “many, many drills. And we get better every time. We’ve had some real events, too, [although] none have been as significant as the [August 2007] server outage. They’ve been invisible or transparent to end users or customers.” The biggest test of the “circuit breaker” system came in January 2008, when two undersea cables in the Mediterranean were severed, disrupting Internet service over much of the Middle East and Europe, including some of Microsoft’s busiest call centers.

“We learned about it very quickly and later that same day, we had a plan pulled together that would enable us to provide support for customers in a number of different ways. We did whatever we could to reduce call volume at that time. In Egypt, we have a call center that services a number of languages, including those in Europe. So one of the first things we did was have people on airplanes flying [from Egypt] to a call center in Germany so we could redirect phone traffic there and have local language support. Likewise, support calls for Spanish-speaking customers were routed to Latin America.

“Our online activation systems were also affected,” Kochis notes. “We actually pulled the circuit breaker in that situation, so that we would minimize call volume. All systems passed, none failed, until we were ready with our rerouting process.”

If that incident had happened a year earlier, the impact on activation and validation systems would have been catastrophic. With the new systems in place, there was literally no discernible impact. I’ve been monitoring WGA longer and more closely than anyone outside of Microsoft, and in the year since the August 2007 server outage, I have seen no reports of even brief failures in the WGA system. (One report at Ars Technica in July turned out to be a false alarm that shut down the telephone-based activation system for about 90 minutes but left WGA untouched.) That doesn’t mean WGA is working perfectly today. There’s still plenty of room for improvement, as I note in the conclusion of this report.

Back in 2006, the percentage of people affected by WGA failures and glitches was  unacceptably high. Microsoft richly earned a big fat F in WGA in its freshman year. And 2007 was only a little better. Although the embarrassing conflicts with third-party software that falsely triggered WGA alerts in its early days had mostly been vanquished, the server outage of August 2007 clearly served as a wake-up call.

So the question is, two years later, has Microsoft finally gotten WGA right? Or at least good enough?

For the answers, I went back to the same rich data source I used in the original August 2006 report and for a follow-up in December 2006: Microsoft’s own WGA support forums. When I did the earlier study, Windows Vista had not yet launched, so all reports involved Windows XP. Today, two years later, there are separate WGA support forums for XP and Vista, and I looked at both of them. Back in 2006, I counted data for a 15-day period, August 1-15, and tallied 137 support requests directly related to product activation, validation, or WGA “non-genuine” messages. For the 2008 version, I used a larger sample, examining every thread on the two WGA forums that was started between August 1 and August 26

Next page: No false positives for Windows XP? –>

August 28th, 2008

An IE8 Beta 2 Q&A

Posted by Ed Bott @ 11:40 am

Categories: Internet Explorer

Tags: Microsoft Windows Server, Microsoft Windows XP, Beta, IE Beta Newsgroup, Microsoft Windows, Operating Systems, Software, Ed Bott

Yesterday I published my first look at the just-released Beta 2 of Internet Explorer 8. I got some great comments in the Talkback thread and via e-mail and thought it would be worth answering them here. If you have any additional questions, post them in the Talkback section and I’ll try get to them in a follow-up.

Is there an official (or unofficial) feature list?

This Microsoft fact sheet seems fairly complete. There are some good descriptions with screen shots here and here and here. And, of course, you can always go look at my screenshot gallery, which has some additional text descriptions for each of a dozen features.

Should I install IE8 Beta 2?

If you have to ask, the answer is probably no. This is beta software. I think it’s pretty well tested, and Microsoft wants lots of people to try it out, but it is not finished, it has known incompatibilities with some software programs and websites, and you run it at your own risk.

Having said that, if you’re comfortable with running beta software and are also comfortable with your ability to deal with problems, then yes, I do recommend it. I especially recommend it for two groups:

• Website developers, who will want to test using it and who will love the developer tools, and
• Firefox users, who already have a working default browser and might be interested in the comparison.

Do I need to do anything special before installing IE8 Beta 2?

Probably. The official caveats and install/uninstall instructions are on this fact sheet. I strongly recommend you read them before blithely beginning the installation. Pay special attention to the required updates. If you’re running Windows XP SP3, read these additional notes. [Update: in the comments, rseiler points out that the official release notes are well worth reading as well. Thanks for the pointer!]

Does IE8 Beta 2 run on my operating system?

According to Microsoft’s announcement, IE8 Beta 2 runs on “32- and 64-bit editions of Windows Vista, Windows XP, Windows Server 2003, and Windows Server 2008.” All versions are currently supported in English, Japanese, Chinese (Simplified), and German. According to Microsoft, support for additional languages “will be available soon.”

There are no versions for non-Microsoft operating systems, nor for any Windows versions prior to Windows XP.

Will it be offered via Windows Update?

The Beta 2 release will be pushed out via Windows Update only to systems that already have IE8 Beta 1 installed. If you are not using that beta, you’ll need to download and install it manually. And even after the final release, it will likely not be available as an Automatic Update for several months, and corporate customers will have a blocking tool.

Does IE8 Beta 2 run alongside IE7?

No, it replaces your current version of IE. You can use the Developer tools and compatibility settings to make IE8 behave very much like IE7, however.

Can I uninstall IE8?

Yes. Go to the Programs option in Control Panel. Remember that IE8 is considered a Windows Update, so you’ll need to select the “Show Updates” check box (in Windows XP) or click View Installed Updates (in the Windows Vista Tasks list, along the left of the Programs window) to see the correct listing.

Where can I download the code?

Here are the official download links.

Windows XP (x86)

Windows Server 2003 SP2 (x86)

Windows Server 2003 SP2 (x64) or Windows XP Professional (x64)

Windows Vista and Windows Server 2008 (x86)

Windows Vista and Windows Server 2008 (x64)

Where can I get technical support?

The IE Beta Newsgroup contains a list of known issues. If your issue isn’t on that list and you get stuck, that’s the proper place to post a request for help. Several Microsoft MVPs and employees are monitoring this newsgroup.

Will my plugins work?

I have successfully used the latest versions of Flash, Silverlight, and RoboForm and several third-party toolbars and browser helper objects. I haven’t heard any widespread complaints about plug-in incompatibilities, but you might want to check out the IE Beta Newsgroup if you’re concerned about a particular add-in.

August 27th, 2008

Internet Explorer 8 gets a massive makeover

Posted by Ed Bott @ 1:07 pm

Categories: Internet Explorer

Tags: Web, Page, Microsoft Internet Explorer 7, Microsoft Internet Explorer, Web Browser, Feature, Internet Explorer 8, IE8, Manage Add-ons Dialog Box, Web Browsers

More than two years ago, when Microsoft was in the final stages of testing Internet Explorer 7, Bill Gates promised more frequent browser updates, as often as every 9 to 12 months. And yet today, nearly two years after IE7’s release, the long-awaited Internet Explorer 8 has just reached the Beta 2 milestone.

I’ve been using a nearly final version of the Beta 2 release for the last 10 days on several test systems here, and after putting the new browser through its paces, I understand why it’s taken so long. This is a top-to-bottom makeover, packed with usability improvements, security enhancements, and a platform for new add-ins that third-party developers are already taking advantage of. My sources at Microsoft tell me this build is feature-complete. Although it’s possible that some dialog boxes and menus will get tweaked between now and its final release date, nothing is scheduled to be added or subtracted.

To show off what’s new, I’ve put together a screen-shot gallery illustrating the most important new changes. In its broad outlines, IE8 is arranged much like IE7. But many features have been tuned, tweaked, and tightened. Even after just a few days with this browser, I can already appreciate the usability improvements in particular, which really concentrate on the activities you’re likely to perform. Here’s a summary of what you can expect.

Read the rest of this entry »

August 22nd, 2008

Is 64-bit Flash support just around the corner?

Posted by Ed Bott @ 1:40 pm

Categories: Internet Explorer, Firefox

Tags: Adobe Systems Inc., Macromedia Flash Player, 64-Bit, Network Technology, Microsoft Windows, Processors, Semiconductors, Hardware, Components, Networking

A few weeks ago, I noted the explosive growth in sales of 64-bit Windows in recent months and wondered aloud when Adobe plans to release a 64-bit Flash player.

A commenter on that post suggested that Adobe was planning to unveil 64-bit support in its upcoming Flash 10 release, but I wasn’t able to confirm that. This morning, a reader pointed me to an eyewitness report that Adobe has publicly demonstrated the Linux and FreeBSD versions of its new 64-bit player at a recent event for Flash developers. Alex Bustin, Senior Engineer of Flash Development for Sony in San Francisco, says, “I just watched Tinic from the Flash Player team demo two 64bit versions of Flash Player 10 here at FlashForward. One on [Ubuntu] Linux and the other running on FreeBSD.” He’s apparently referring to Tinic Uro, whose bio confirms that he works as an engineer on the Flash Player team.

I’ve been keeping tabs on Adobe’s site recently, and there’s still no word on when they plan to release a Windows-compatible 64-bit Flash Player. The current beta downloads of Flash 10 are all 32-bit only. Given the size of the Windows market (and the hockey-stick growth curve for its 64-bit segment), I suspect this is a top priority at Adobe.

Microsoft plans to release Beta 2 of Internet Explorer 8 before the end of this month. It sure would be nice to use that new software in a native version on 64-bit Windows with full support for Flash and Silverlight. If anyone at Adobe or Microsoft wants to add to the discussion, on or off the record, I’d love to hear from you.

August 20th, 2008

Why do you want WinFS?

Posted by Ed Bott @ 9:07 am

Categories: Windows 7

Tags: WinFS, Microsoft Windows, Microsoft Windows Vista (Longhorn), Operating Systems, Software, Ed Bott

One point I made in my wish list for Windows 7 deserves repeating:

Several commenters on [Sinofsky’s] initial “Welcome” post expressed hope that the WinFS file system, which was killed off during the infamous “Longhorn reset,” would be resurrected for Windows 7. Not gonna happen. Nor, frankly, is it necessary.

Last time I looked, at least four commenters on Sinofsky’s post had pleaded for the return of WinFS. Within a few hours of my post, my ZDNet colleague Adrian Kingsley-Hughes banged out his Windows 7 wishes. Right smack in the middle of the list was “WinFS …” No further details, just the bare item. In the Talkback section of Adrian’s post, I was intrigued to see this comment from Larry Osterman:

Why do you want WinFS?

What [capabilities] did WinFS give you that Vista doesn’t already provide?

Good questions. And the guy doing the asking isn’t just some random passer-by, either. Larry Osterman is a veteran Microsoft developer (started in 1984) who has written code for every member of the Windows NT family and who currently works on the core Windows audio engine. (His blog is a must-read if you’re even slightly interested in the Windows Vista audio stack.) Every time I hear someone pining for the return of WinFS, I ask the same question as Larry. Why do you want WinFS? What problem are you trying to solve? Although it made for great PowerPoint slides, WinFS was a terrible idea, and killing it was one of the smartest things Microsoft ever did.

Read the rest of this entry »

August 19th, 2008

My Windows 7 wish list

Posted by Ed Bott @ 8:44 am

Categories: Windows 7

Tags: Team, Microsoft Windows 7, Sinofsky, Microsoft Windows, Team Management, Operating Systems, Software, Management, Ed Bott

Cynics see the new Engineering Windows 7 blog, which launched last week, as a pure PR play from Microsoft. Maybe it’s just a matter of setting expectations properly. In a lengthy post (more than 2,100 words!) yesterday, Steven Sinofsky provided some more details about the development effort, including some clues as to what to expect in Windows 7. He also touches on the feedback to the first post (288 comments posted in the first four days).

There’s a fair amount of information in this post, all of it from 30,000 feet or so. Most interesting to me was the breakdown of how the sprawling Windows development effort is divided into 25 feature teams:

A feature team represents those that own a specific part of Windows 7—the code, features, quality, and overall development. The feature teams represent the locus of work and coordination across the team. …

Windows 7’s feature teams sound a lot like parts of Windows with which you are familiar. Because of the platform elements of Windows we have many teams that have remained fairly constant over several releases, whereas some teams are brand new or represent relatively new areas composed of some new code and the code that formed the basis of the team. Some teams do lots of work for Server (such as the VM work) and some might have big deliverables outside of Windows 7 (such as Internet Explorer).

In general a feature team encompasses ownership of combination of architectural components and scenarios across Windows. “Feature” is always a tricky word since some folks think of feature as one element in the user-interface and others think of the feature as a traditional architectural component (say TCP/IP). Our approach is to balance across scenarios and architecture such that we have the right level of end-to-end coverage and the right parts of the architecture. One thing we do try to avoid is separating the “plumbing” from the “user interface” so that teams do have end-to-end ownership of work (as an example of that, “Find and Organize” builds both the indexer and the user interface for search).

Sinofsky’s list is alphabetical. I thought it might be interesting to arrange the feature teams into groups and discuss what I believe the real challenges of each group are. It’s important to remember that this development team is working on business, consumer, and server products, all of which will be built on the Windows 7 code base.

Read the rest of this entry »

August 14th, 2008

Sinofsky dishes on Windows 7

Posted by Ed Bott @ 11:04 am

Categories: Windows 7

Tags: Microsoft Windows 7, Microsoft Windows, Operating Systems, Software, Ed Bott

The incredibly tight veil of secrecy around Windows 7 is about to lift, at least a little.

After months of information lockdown, Microsoft is ready to begin talking about the next version of Windows. The first bits of information come from the very top, with a new blog that was unveiled today on the Microsoft Developer Network (MSDN). Given the location, it’s not surprising that its name is Engineering Windows 7 and that its focus will be on “the overall engineering aspects of building Windows 7.”

What is surprising is who is slated to host (and write) the new blog, which is due to remain up and running until Windows 7 ships. The co-authors are the Microsoft Senior VPs in charge of Windows 7: Steven Sinofsky, who runs the Windows and Windows Live Engineering Group, and Jon DeVaan, who’s in charge of the Windows Core Operating System Division. Their first post offers an explanation for the silence so far:

In leading up to this blog we have seen a lot of discussion in blogs about what Microsoft might be trying to accomplish by maintaining a little bit more control over the communication around Windows 7 (some might say that this is a significant understatement). We, as a team, definitely learned some lessons about “disclosure” and how we can all too easily get ahead of ourselves in talking about features before our understanding of them is solid. Our intent with Windows 7 and the pre-release communication is to make sure that we have a reasonable degree of confidence in what we talk about when we do talk. Again, top of mind for us is the responsibility we feel to make sure we are not stressing priorities, churning resource allocations, or causing strategic confusion among the tens of thousands of partners and customers who care deeply and have much invested in the evolution of Windows.

That’s a pretty healthy helping of Microsopeak: I think “churning resource allocations” means something like “spinning our wheels,” but I have to confess it’s a new one for me. But there’s no doubt what “make sure that we have a reasonable degree of confidence in what we talk about when we do talk” means.

Related to disclosure is the idea of how we make sure not to set expectations around the release that end up disappointing you—features that don’t make it, claims that don’t stick, or support we don’t provide. Starting from the first days of developing Windows 7, we have committed as a team to “promise and deliver”. That’s our goal—share with you what we’re going to get done, why we’re doing it, and deliver it with high quality and on time.

Oh, and comments are open, too. Those should be fun reading.

Sinofsky took over the Windows development effort nearly two and a half years ago, as Windows Vista was lurching to the finish line. Since then, he’s been tight-lipped (with the noteworthy exception of an interview with Ina Fried of CNET News back in May); instead, as that last paragraph emphasizes, he’s been focused on the internal work of engineering Windows 7 so that it’s the anti-Vista: on time, feature complete, and stable. The fact that he’s willing to speak now (and promise to post “regularly” means, I suspect, that Windows 7 is about to hit a major milestone. The other announcement in that kickoff post confirms that this is the opening salvo in a publicity campaign that we’ll hear much more about this fall, beginning at the Microsoft Professional Developers Conference, to be held in Los Angeles October 26-30, and the Windows Hardware Engineering Conference, scheduled for the following week. (I’ve got my tickets and reservations for PDC already and might stick around for WinHEC as well.)

I wrote about the four Windows 7 sessions scheduled for PDC back in May. Since then, the number of listings on the PDC conference agenda page has doubled, but there’s been nothing new on the Windows 7 front. That should change soon, now that the boss is starting to speak out. Still, I expect mostly hints and small bits of technical detail in the run-up to PDC, where some lucky Softie is going to give one of the most closely watched demos in software history.Having covered the tortured path that “Longhorn” took on its way to becoming Windows Vista, I have to say this feels completely different. I fully expect to see the first public release of Windows 7 code shortly after PDC (if not at the show itself) and am anticipating a blizzard of activity as the New Year begins.

Update: Don’t miss Mary Jo Foley’s counterpoint: Sinofsky to dish on Windows 7? Wishful thinking.

August 11th, 2008

Alarmed about Vista security? Black Hat researcher Alexander Sotirov speaks out

Posted by Ed Bott @ 5:57 pm

Categories: Windows Vista, Security, Internet Explorer, Windows XP

Tags: Black Hat, Paper, Microsoft Windows XP, Vulnerability, Microsoft Windows Vista, Microsoft Corp., Web Browser, Exploitation, Microsoft Windows, Microsoft Windows Vista (Longhorn)

Earlier today I published a lengthy blog post questioning some of the sensationalist conclusions raised in press coverage of a paper presented by Alexander Sotirov and Mark Dowd at last week’s Black Hat Conference in Las Vegas. (See Windows security rendered useless? Uh, not exactly…) As I noted in that post:

It’s a fascinating paper, rich in technical detail and hewing to the Black Hat tradition of providing clues that others can follow to discover, exploit, and ultimately fix vulnerabilities in widely used computer code. …Unfortunately, most people who read about Sotirov and Dowd’s work didn’t bother to read the technical paper. Instead, they relied on quick summaries [that were] wildly inaccurate and hopelessly sensationalized.

This afternoon, I received the following e-mail from Alex Sotirov and am reprinting it with his permission:

Thanks for your blog post about our research. I was horrified by the lack of understanding displayed by the tech press when they covered the paper Mark and I presented at BlackHat. You rightly point out that the sky is not falling and the flaws are not unfixable. In fact, the next versions of Flash and Java will contain specific measures that limit the impact of the techniques we presented. We expect Microsoft to follow suit as well.

Exploitation is a cat and mouse game. The paper we presented puts the offensive side at a slight advantage, but it won’t take long for the defenses to catch up. Our intention was always to nudge the software vendors into improving their defenses and I hope we will succeed.

I just got off the phone with Alex, who took time out of his busy schedule to answer a few follow-up questions:

What was the atmosphere like at Black Hat? How was your paper received by people in the audience?

Positive. A lot of people in the audience seemed to really like the paper. A lot of them came up and asked more questions afterward. Everybody who talked to me said it was pretty impressive.

Did you get any reaction from Microsoft?

Microsoft had contacted us before Black Hat. We had some conference calls and sent them an early draft a few weeks ago. In fact, they put us in touch with the people who designed the [memory protection] defenses [in Windows Vista] and sent us a few minor corrections. It was a very positive experience working with Microsoft. Our research is helping them learn where they need to focus their resources and where they need to improve. We did not take any of the vendors by surprise. Also through Microsoft, both Adobe and Sun were notified about the paper. We haven’t spoken to them directly, but the Microsoft people have, I believe.

Is there any exploit code or proof of concept code available yet for the techniques you describe?

Well, we only gave the paper last week, so I doubt that anyone is using any of these techniques right now. What we presented is weaknesses in the protection mechanism. It still requires the attacker to have a vulnerability. Without the presence of a vulnerability these techniques don’t really [accomplish] anything. We used the ANI cursor vulnerability that had been patched. We chose this example because it worked on XP and Vista, but the example we used would not work [in the real world] because this issue was patched already.

Do you have any advice for Windows users today? Should they be alarmed?

As long as they follow standard security practices — use antivirus products and other typical things that are good standard policy — they shouldn’t have anything to worry about. Our research is to some extent academic. The articles that describe Vista security as “broken” or “done for,” with “unfixable vulnerabilities” are completely inaccurate. One of the suggestions I saw in many of the discussions was that people should just use Windows XP. In fact, in XP a lot of those protections we’re bypassing don’t even exist. XP is even less secure than Vista in this respect. [What we established is that the security advantage of Vista over XP is not as great as [previously] thought. Vista is still very good at preventing vulnerabilities.

Your research focuses on weaknesses in browsers. Does the movement to doing more in the browser mean the danger is increasing?

Browsers are used more widely than they were five years ago. A lot more businesses rely on browsers now to do [everyday work]. Businesses could have blocked access to the web five years ago, but with widespread use of the web as an interface, the importance of the browser has increased. It’s a lot harder to tell people they cannot use a browser. The possibility of a vulnerability in the browser affects their security.

One last question. Your paper was entitled “How to Impress Girls with Browser Memory Protection Bypasses.” In a blog post, your partner Mark Dowd said you were going to be conducting “ongoing research” on this subject in Las Vegas. Did you really flood your hot tub at Caesars Palace?

Uh… [pause] Yeah.

Thanks for your time.

You’re welcome.

August 11th, 2008

Windows security rendered useless? Uh, not exactly

Posted by Ed Bott @ 7:03 am

Categories: Windows Vista, Security, Internet Explorer, Windows XP

Tags: black hat, attacker, windows security, vulnerability, microsoft windows vista, defense, memory protection, microsoft windows, microsoft windows vista (longhorn), operating systems

Update 11-August, 6:00PM: Don’t miss my exclusive follow-up interview with researcher Alexander Sotirov, who says “The sky is not falling and the flaws are not unfixable.”

Oh dear. The Chicken Little contingent is out in full force. Break out your Kevlar helmets, everyone, because the sky is falling on Windows! At last week’s Black Hat conference in Las Vegas, researchers Alexander Sotirov and Mark Dowd presented a paper that outlined some new attack vectors they had discovered targeting some security features introduced in different versions of Windows XP and Windows Vista. It’s a fascinating paper, rich in technical detail and hewing to the Black Hat tradition of providing clues that others can follow to discover, exploit, and ultimately fix vulnerabilities in widely used computer code.

Unfortunately, most people who read about Sotirov and Dowd’s work didn’t bother to read the technical paper. Instead, they relied on quick summaries, most notably the one provided by SearchSecurity, which was picked up by Slashdot and our own Adrian Kingsley-Hughes. Alas, those stories are wildly inaccurate and hopelessly sensationalized.

Read the rest of this entry »

August 4th, 2008

You’ve got Vista x64 questions, I’ve got answers

Posted by Ed Bott @ 4:20 pm

Categories: Windows Vista, Hardware

Tags: 32-bit, Memory, Microsoft Windows Vista, VPN Client, RAM, Mark Russinovich, Microsoft Windows, Microsoft Windows Vista (Longhorn), 64-Bit, Operating Systems

I got a lot of great questions and comments via e-mail and in the Talkback section of my previous post on the sudden surge in adoption rates for Windows Vista x64. In this follow-up, I summarize the answers I’ve found for each question.

How (and why) do 64-bit Windows versions use memory differently?

Rather than try to explain that here, I’m going to refer you to a very crisply written blog post by Microsoft’s Mark Russinovich, entitled “Pushing the Limits of Windows: Physical Memory.” The short version is that 32-bit operating systems can, in theory, address memory above the 4GB line on specially configured systems, but doing so is problematic:

[When] Windows XP SP2 was under development, client systems with more than 4GB were foreseeable, so the Windows team started broadly testing Windows XP on systems with more than 4GB of memory. […]

What they found was that many of the systems would crash, hang, or become unbootable because some device drivers, commonly those for video and audio devices that are found typically on clients but not servers, were not programmed to expect physical addresses larger than 4GB. As a result, the drivers truncated such addresses, resulting in memory corruptions and corruption side effects. Server systems commonly have more generic devices and with simpler and more stable drivers, and therefore hadn’t generally surfaced these problems. The problematic client driver ecosystem [led] to the decision for client SKUs to ignore physical memory that resides above 4GB, even though they can theoretically address it.

You might be surprised to learn that “[e]ven systems with as little as 2GB can be prevented from having all their memory usable under 32-bit Windows because of chipsets that aggressively reserve memory regions for devices.” My colleague Adrian Kingsley-Hughes noted another potential problem with memory usage on 32-bit systems in this comment:

over the past few years we’ve started seeing another [big] addressible space hog - graphics cards. 265MB seems to be about the norm nowadays, but you can get monster cards with 1GB. Start messing with SLI/CrossfireX and you’re consuming a LOT of addressible space there.

Mark Russinovich confirms that observation with this real-world example:

The consumption of memory addresses below 4GB can be drastic on high-end gaming systems with large video cards. For example, I purchased one from a boutique gaming rig company that came with 4GB of RAM and two 1GB video cards. I hadn’t specified the OS version and assumed that they’d put 64-bit Vista on it, but it came with the 32-bit version and as a result only 2.2GB of the memory was accessible by Windows.

Does Vista x64 use more memory than x86?

One commenter confessed to being confused by conflicting information he’s read. Vista x64 does indeed use more memory than its 32-bit cousin, but in my tests on a dual-boot system I found the difference to be about 12-15 percent for the operating system and its essential services.

I have one test machine that’s ideally suited for this purposes, being equipped with 4GB of RAM, two hard disks, and separate installations of x86 and x64 Vista Ultimate running on separate drives. On this test platform, I found that the x64 machine consistently uses roughly 1.05GB of RAM after startup, while its x86 counterpart uses 935MB to run roughly the same number of processes. (These numbers are consistent on other systems as well.) On the x86 machine, the top 11 processes use 220MB of RAM, while the same group of processes at the top of the x64 list use 251MB.

Measuring memory use is tricky. For example, the x64 systems occasionally grabbed extra RAM from the available pool, presumably to use in building the page file and Superfetch cache. In all cases, though, memory usage eventually retreated to a baseline level and stayed there.

Is there any advantage or disadvantage to running 64-bit Windows on a system with only 1-2GB of RAM?

I haven’t specifically tested this, but I certainly wouldn’t recommend Vista x64 on a system with 1GB of RAM. With 2GB, it’s probably a wash and only worth doing if you are certain you will upgrade the system to 4GB or more. Because there’s no upgrade path from 32-bit to 64-bit Windows, this strategy avoids the need to reinstall the operating system from scratch and migrate all your programs and data files after completing the RAM upgrade.

Are there major hardware or software compatibility issues with switching to x64?

Driver coverage for mainstream devices, such as video cards, digital cameras, and network adapters, is uniformly excellent, and by design, any new system you buy with Vista x64 preinstalled will include all necessary drivers and support software for hardware such as fingerprint readers, sound, and card readers. You’re most likely to encounter problems with legacy hardware, especially scanners.

On the software side, the biggest offender is VPN software, a topic so rich it’s worth its own entry (see the next question for more details). Most 32-bit software runs fine on 64-bit Windows, although specific features sometimes change or vanish when you try to run 32-bit software on a 64-bit OS. Microsoft’s OneNote, for example, uses the Vista search index for its own internal searches but doesn’t return useful results when you search from the Start menu. The Print To OneNote feature is available only under 32-bit Windows versions, a showstopper for some OneNote fanatics. Popular consumer-focused security programs (Norton, McAfee, Windows Live OneCare) run well under Vista x64 with the noteworthy exception of ZoneAlarm (noted by this commenter), whose system requirements pointedly add “(32-bit)” after every mention of Windows Vista. It’s encouraging to see new arrivals such as Sunbelt Software’s VIPRE Antivirus + Antispyware support x64 right from the start.

Under Vista x64, some Windows utilities are available in both 32-bit and 64-bit versions, with the 32-bit versions of Windows Media Player and Internet Explorer set as defaults to allow compatibility with plug-ins. You get no support for Flash or Silverlight, for instance, if you run a 64-bit version of IE7 or Firefox.

What’s the story with VPN clients?

Readers report problems with VPN clients from Check Point, SonicWALL/Aventail, and Cisco. Microsoft has compiled information into Knowledge Base article 929490, Windows Vista-compatible third-party virtual private network (VPN) client schedules. The article, whose Last Review date is listed as November 5, 2007) includes an awful lot of “Unknown” entries in the x64 column and notes that Cisco has no plans to update its VPN Client. The release notes for the June 2008 VPN Client 5.0 release makes it clear in two places that only 32-bit Windows versions are supported. This section documents the error message you’ll get if you try:

Installing the VPN Client on a 64-bit Vista Machine Results in a 1721 Error
Cisco IPSec Client does not support 64-bit. If the user requires 64-bit support, the upgrade path is to use the Cisco AnyConnect VPN Client instead, which does support 64-bit. Note that the AnyConnect Client supports only SSL VPN connections (CSCsi26069).

Aventail’s website confirms that its Global VPN Client software works only with 32-bit Windows. Check Point Software likewise notes that its VPN-1 SecuRemote/SecureClient software is “supported on the Windows Vista 32-bit operating system,” with no mention of plans to add x64 compatibility.

Several commenters recommend using Virtual PC 2007 or another virtualization solution under Vista x64 to run a separate 32-bit OS dedicated to VPN access.

Any questions I missed? Leave them in the Talkback section below.