Microsoft says that it won’t include WebGL support in version 10 of Internet Explorer because the 3-D graphics API renders video hardware drivers vulnerable to potential attacks. Without a viable way to secure the drivers, Microsoft is not working on a way to support the protocols.

Driver Vulnerability Risks Too Great

At the heart of the company’s concern is the fact that the WebGL approach could allow a malicious Web site to exploit a computer’s video and graphics hardware to get to system-level functions that are usually insulated from such attacks. Because of the way WebGL (and OpenGL) are designed, there is no good way to resolve the concerns. In addition, the open source nature of the WebGL development gives Microsoft additional pause.

Video and graphics drivers have never been considered a possible attack vector, and aren’t hardened the way other potentially vulnerable parts of the operating system are. Changing the way WebGL works won’t necessarily resolve the list of open issues. The problem is more related to potential vulnerabilities in the most common video and graphics drivers, which are written by third party manufacturers. Microsoft (and other browser authors that have already implemented WebGL support) don’t have enough control over driver construction to ensure that users will have a safe experience while using WebGL services. Microsoft has publicly complained that these hardware driver authors have never before been concerned about device security, so it’s unlikely that they will begin writing more secure hardware driver code as part of their WebGL support.

Microsoft has long history of dealing with security flaws and the resulting exploits. In recent versions of the operating system, the company has gone to great lengths to ensure that its operating system and component parts are safe and secure. Having made user security a significant element of its product development cycle, it shouldn’t come as a surprise that the company would reject WebGL on the basis of security.

WebGL support has been built into the latest version of Firefox, Chrome and Safari, although it is not enabled by default in Safari, as it is in Firefox and Chrome. For its part, Microsoft states that it believes that WebGL will become a source of “hard-to-fix vulnerabilities.” The widespread adoption of WebGL remains to be seen. While the service is attractive to the gaming community because it provides hardware accelerated graphics for Web-based games, nagging concerns about security may see the majority of users disabling WebGL support at the browser level.

Photo Credit: zeeshan810, via Flickr

Microsoft’s fourth quarter revenue reports show that the record company’s record revenues were due largely to Office 2010, Windows 7 and Windows Server sales. A growing number of Windows 7 drivers have made both consumer and corporate adoption more palatable.

Windows 7 Surpasses Windows Vista

In addition, a new survey by Netmarketshare shows that Windows 7 installations now surpass Windows Vista installations by a narrow margin. The number of Windows Vista installations has dropped consistently since October 2009, just after Windows 7 hit the market. Windows Vista market share has dropped from a high of 18.83% in October 2009 to its current level, estimated at 14.34%. While some Windows 7 installations represent upgrades from Vista, the majority of Windows 7 adoptions appear to be new.

Windows XP market share has dropped from 65.89% to 61.87% in the same timeframe, indicating that a small percentage of XP users have adopted Windows 7. The decline in Windows XP use has been gradual but steady since Windows 7 and Windows Server 2008 were introduced last September.

Assisting growth in the adoption rate of Windows 7 is the fact that third-party hardware manufacturers have committed to making more Windows 7 drivers than Vista drivers when that operating system was released. Finding compatible drivers for Windows 7 is arguably easier because those manufacturers that did make Windows Vista drivers for their devices had less work to do to provide Windows 7 drivers. In some cases, no driver modifications were required, meaning that hardware vendors got “two for the price of one” in terms of driver development.

Microsoft has worked hard with third-party manufacturers to help them ensure that their hardware drivers are Windows 7 ready. Nonetheless, many hardware manufacturers have yet to produce Windows 7 drivers for their older hardware devices. Without compatible drivers, these devices are either crippled or useless, a situation that Microsoft had hoped to avoid.

For Windows users, the issue of driver management has always been difficult. Microsoft has attempted to automate the process of finding and downloading drivers in its later OS releases, but many users still do not understand how to configure the updater to download driver revisions. Further, Windows sometimes selects the incorrect driver for the user’s PC.

Despite the improvements in driver detection, driver management software is still the order of the day for many PC users. Users rely on software like Driver Detective to help them keep their PC drivers up-to-date and available, if a corruption of some type should occur.

Photo Credit: Jurvetson, via Flickr

Microsoft says that in an effort to reward loyal customers, it will pre-sell its Windows 7 operating system for half of its expected retail price through July 11. The software, complete with a large complement of fully tested hardware drivers, is expected to make its debut on October 22.

Customers who place an order now for Windows 7 can choose the Home Premium version for $50, or the Professional Edition for $100.
The Windows 7 Home Premium version is expected to retail at $199 or $119, if the purchaser is upgrading from Vista or Windows XP.

Windows 7 Professional will retail for $299 for the full version or $199 for an upgrade from Vista or Windows XP. Windows 7 Ultimate, which isn’t part of the sale, will retail for $319; an upgrade version will be available for $219. Microsoft will also provide free upgrades to Windows 7 for computer purchasers who buy new equipment prior to the official OS release date.

In all likelihood, Microsoft is doing at least three things with its half-price sale. First, it’s encouraging users who have downloaded the Windows 7 Beta or the Windows 7 Release Candidate to move to the actual product and is using the half-price sale as a measure to gauge the public’s genuine interest in the product. Second, it’s attempting to secure a better market position after seeing sales in its Client Division (which is responsible for Windows) drop by 16% in the second quarter of 2009. Third, it’s trying to stave off the loss in revenue that typically precedes a new Windows release.

To the last end, Microsoft says it will defer its pre-sales revenue to the fourth quarter, when the product is actually released. The company expects this move to boost its fourth quarter revenue by about $300 million.

The company is going out of its way to make sure that nothing upsets the release plan. Following the release of Vista, the OS was dogged by consumer complaints that drivers for common hardware products were unavailable, and that computers that had been sold as “Vista-capable” were not able to run the latest version of the OS. While early reports seem to indicate that Windows 7 is stable, it remains to be seen whether the public will take a half-price gamble on that.

Consumers can purchase the half-off software directly from Microsoft, or other software retailers like Amazon, Best Buy and New Egg.

Photo Credit: Clever Cupcakes, via Flickr

Microsoft will launch a free anti-malware beta service today. The new service, called Microsoft Security Essentials, will replace its Live OneCare product. The new service will run on Windows XP, Vista and Windows 7 and will be available in a limited number of countries, including the United States, Brazil and Israel. The company also plans to make a simplified Chinese version later this year. Malware is one of the primary drivers for Windows security enhancements.

MSE Replaces Live OneCare

Microsoft Security Essentials will compare signatures of known malware products with file downloads to determine whether the user is inadvertently downloading malware. If the downloaded file passes the first test (no malware signature match), Microsoft Security Essentials will check its Dynamic Signature Service to see if any new malware signatures match the download. If the download seems like it may be malicious, the DSS will request a code sample to create a new malware signature. New signatures will be published three times daily. If users of the new MSE enable auto-updates, their computers will be protected automatically, even from hours-old malware releases.

In addition to being able to detect and reject malware downloads, the service can sniff out root kits and other malicious code that could impact a computer. The service scans the PC when the CPU is otherwise idle so it does not interfere with the normal operation of the computer.

MSE may not make nice with other anti-virus programs you may have installed on your computer. Running MSE and another antivirus product simultaneously will cause MSE to send up a warning about the unnecessity of running more than one anti-virus program.

Do you really need MSE? MSE might be a good idea for you if you have no other anti-virus or anti-malware program on your computer, or you’ve stopped updating the program you have. It’s always a good idea to have anti virus and anti-malware programs on your computer.

I’m not sure I agree with the “wisdom” Microsoft puts forth when it warns users about not needing more than one anti-malware program. Some malware programs are just better than others, and malware can be notoriously difficult to track down. Having one semi-competent anti-malware program loaded and running may give users a false sense of security about how well their computer is protected. There are multiple anti-malware programs that work well together, but MSE will have to prove itself as reliable before I’ll tell anyone that it’s the only anti-malware program they’ll ever need.

Photo Credit: Wildernice, via Flickr