To end a busy week where Microsoft scrambled to respond to complaints about a faulty patch for Internet Explorer, the software giant said Friday it released an automated workaround to solve the glitch.

Security experts have mixed feelings about the workaround. On one hand, they commend the speedy remedy issued by Redmond, which IT pros hope will keep them from getting locked out of IE after a reinstall. Conversely, some wonder why a whole new patch wasn't issued to correct what happened last week to those who installed the cumulative fix for the application included in the December patch rollout.

According to Microsoft Security Response spokesman Bill Sisk, the fix mostly revolves around Windows XP Service Pack 2 (SP2) and the accompanying IE version 6, even though Security Bulletin MS07-069 was an all-encompassing update for all versions of the browser.

The latest workaround, released two days after Microsoft issued a manual workaround, requires users to change Windows Registry settings. This means essentially tweaking the master directory for the operating system that contains configuration information for all the hardware, OS software and related applications. For instance, when a user updates the control panel, system files or installed software, the changes are replicated and stored in the registry.

As of Friday, Redmond said it still has not ruled out issuing a hotfix to ensure that security administrators have no problems implementing the workaround.

Paul Zimski, senior director of market strategy at Lumension Security, a Scottsdale, Ariz.-based consultancy that makes PatchLink, said the issue is large scale because IE 6, the browser edition most prominently affected by the problem, is also the most popular and most widely used version of the OS-based Web application. In that vein, he cautioned that the workaround is only temporary.

Given the fact that enterprise technologists sometimes just install patches and jump right back into production without testing -- because that�??s what they do every month -- Zimski said it's important for security administrators to evaluate immediate needs, which may or may not include installing a patch right away.

"Anytime you get involved with patching, you're dealing with potential pitfalls," added Zimski. "And when vendors such as Microsoft are up against tight deadlines, things can be missed even though patches are usually pretty safe."

Developers of open-source Samba software will find their work a little easier thanks to an agreement with Microsoft, signed last week, that will give them access to previously secret data on how the Windows operating system works.

Microsoft was compelled to make this information available following a March 24, 2004, European Commission antitrust ruling against the company. In July 2006, the EU fined Microsoft €280.5 million (US$338.6 million at that time) for failing to provide documentation on Windows protocols to its rivals. Microsoft lost an appeal of that decision in September, setting the stage for the deal.

The deal was signed with a nonprofit group called the Protocol Freedom Information Foundation, (PFIF) which negotiated on behalf of the Samba team because Samba is not represented by a corporate entity. PFIF will pay a one-time fee of €10,000 and, in return, will be able to allow open-source developers, including the Samba team, to access the documents.

Developers will have to sign nondisclosure agreements and will not be

allowed to redistribute Microsoft's documentation, but they will be able to write open-source software that implements the Windows protocols. The deal will also clarify which patents Microsoft believes are related to this technology, making it easier for open-source developers to avoid patent violations.

Antitrust rulings forced Microsoft to set up protocol-licensing programs in the past, including the Microsoft Communications Protocol Program (MCPP) and the Work Group Server Protocol Program (WSPP), but these efforts were not compatible with open-source software licenses.

To reach an agreement with the Samba team, Microsoft created a new type of WSPP licensing agreement, which gives developers access to the Windows protocols as well as a clear list of the patents that Microsoft has declared relative to its technology.

"They're giving us all the documentation to make everything work," said Jeremy Allison, co-author of Samba. "We will have no more excuses to suck... if we don't have something, we won't be able to say it's not our fault we don't know how to do it."

Samba and Microsoft executives had been meeting since March in hopes of hammering out a deal, said Sam Ramji, director of Microsoft's Open Source Software Lab, in a blog post entitled "If you're surprised, you're not paying attention."

"I expect that this will significantly improve the process of Samba development, and produce better quality interoperation between Windows and Linux/UNIX environments," he wrote.

Samba is an open-source version of the file-and-print software used by Windows. It is a standard component of the Linux and Unix operating systems, allowing these systems to share data and work alongside Windows clients.

But development of Samba has traditionally been back-breaking work. Developers would analyze network traffic to try and glean how Windows was working and then build their software based on that knowledge-- a process called reverse-engineering.

With the new agreement, developers will have access to Microsoft's own protocol specifications and will be able to build their software based on those documents, Allison said. That, in turn, will accelerate the team's development of its next generation of software, which will implement the new Sever Message Block (SMB) 2.0 protocol, used by Windows Vista.

Though the deal was reached on Thursday, developers were still waiting for the final technical aspects of the document hand-over to be settled, Allison said. He expects to get his hands on the technical specifications fairly soon. "I'm guessing that for my Christmas vacation I'll have some enjoyable things to read," he said.

Microsoft yesterday continued its hand-in-hand development of Windows Server 2008 and Windows Vista's first service pack, publishing release candidates (RC) for each product.

The big updates in Windows 2008 RC1 revolve around enhancements to Group Policy, a management framework first introduced in Windows 2000 Server. Group Policy Preferences, as it has been renamed, was formerly known as PolicyMaker Standard Edition and Policy Share Manager. The main benefits of Preferences appear to be more granularity for admins and simplified administration through reduced complexity of configuration scripts.

The release of RC1 means that Windows 2008 is essentially feature complete, with only very minor tweaks made going forward. Tina Couch, who described herself as the "newest member to the Windows Server team," blogged that Windows 2008 will be released to manufacturing (RTM) by the date of the "Global Launch Wave" on Feb. 27.

In an interesting side note, the Launch Wave itself has undergone a name change, now called "Heroes Happen Here." Couch claimed that it's the "largest enterprise launch in history, a whopping $150 million+ worldwide for outreach and demand generation to IT Pros and developers."

Vista SP1 is at the same stage of development as Windows 2008, and most of the changes since the most recent beta release concern installation issues. Vista Product Manager Nick White, on Microsoft's Vista team blog, wrote that the changes include:

    * Significantly smaller installer packages, reduced in some cases by half
    * Reduced disk space needs to install the SP
    * Better cleanup and deletion of files used for the install
    * Bug fixes to smooth the install process
    * More built-in guidance on how to install

White also added that Microsoft intends to "complete and release" SP1 in Q1 next year, putting it on nearly the identical release path as Windows 2008.

Since Windows 2008 and Vista SP1 share most of the same codebase, it makes sense to keep the releases close together, since getting the codebases too out of sync can cause problems. In an earlier story about delays in the Windows 2008 rollout timetable, analyst Rob Enderle of the Enderle Group speculated about the delay. "From the standpoint of servers, Microsoft would rather have [Windows 2008] at [Vista] SP1 level when it ships," Enderle said in late August.

Vista RC1 was made available today to TechNet and MSDN subscribers. White said that it will be available publicly next week on the Microsoft Download Center.

Both Windows 2008 and Vista SP1 have been hit hard by delays. Windows 2008, formerly code-named "Longhorn," has been in development for years, and has had a number of major features altered or completely eliminated; even then, its ship date kept slipping until the Global Launch Wave date was announced. Vista SP1 is a much-anticipated release for Microsoft, as corporations typically wait until the first service pack is released for a product before it's deemed stable enough to roll out on the network.

Vista could use a boost, as its sales figures have sagged well below expectations since its release early this year.

The other products scheduled to be announced at the launch event in Los Angeles include SQL Server 2008 and Visual Studio 2008.

Microsoft on Friday launched Service Pack 1 for Windows Exchange Server 2007. Features include additions to the Exchange management console, Outlook web access and disaster recovery.

Disaster recovery features already in Windows Exchange Server 2007 include Local Continuous Replication and Cluster Continuous Replication. SP1 introduces Standby Continuous Replication, which allows replication between geographically dispersed areas. Data created in one place can be copied to other areas so that, in the event of failure or disaster, data from the other areas can be recovered automatically.

However, replication will not happen automatically. "Restore after failure will be a manual process," said Microsoft's Mark Deakin, product manager for unified communications. "It has to be manual because it is two separate pieces of data."

Another new feature in the Exchange Server 2007 SP1 is a closer tie with Office Communications Server, with the ability to move voice mail between the two and control a greater variety of mobile devices. "There are lots more mobile devices you can connect as well," said Deakin.

Forefront Security for Exchange Server is now included, as is support for multiple scanning engines from more security firms. These can be implemented in a single module, Microsoft said.

Microsoft claims it has more than 3,000 companies as customers, representing more than a million seats now working with Exchange Server 2007. More than 270,000 people tested out the beta of SP1, the company said.

Microsoft and its partners say the adoption cycle for Windows Vista is still in the early stages, particularly for businesses -- many of which are likely waiting for the release of Service Pack 1. Likewise, many businesses need to upgrade their hardware to run Vista, which is a major proposition. For consumers, this holiday season is the first in which Vista-loaded computers will be on store shelves.

Still, one year after Vista and Office were launched for businesses, some headlines today might have some people at Microsoft cringing.

There's this, from CNET, on a Qualys study that shows a major increase in Microsoft flaws between 2006 and 2007. "We have seen a huge jump in the vulnerabilities in Microsoft Office products," Amol Sawate, manager of Qualys' vulnerability-management lab, told CNET. "These charts show growth of nearly 300 percent from 2006 to 2007, primarily in new Excel vulnerabilities that can easily be exploited by getting unsuspecting users to open Excel files sent via e-mail and instant message."

And the AP's locally based correspondent covering Microsoft, Jessica Mintz, has this report on tests showing that an updated Windows XP will perform faster next year than Vista. Key passage:

    [The testers] found the original Vista performed 50 percent to 100 percent slower than the prevalent XP Service Pack 2, or SP2.

    Vista SP1, due out in the first quarter of 2008, barely improved the operating system's performance.

    But XP SP3, scheduled for the first half of 2008, did improve on XP's earlier performance, running 10 percent faster than SP2.

Microsoft says its too early to make such comparisons.

In the first major Windows Server announcement since its worldwide partner conference in July, Microsoft (NSDQ:MSFT) offered a substantive look into its server virtualization and pricing strategy.

Monday at the TechEd IT Forum in Barcelona, Microsoft announced that its widely awaited server virtualization technology, previously code-named Viridian, will hereafter be known as Hyper-V.

Microsoft also unveiled plans to offer 8 different SKUs for Windows 2008, three of which will ship with Hyper V:

• Windows Server 2008 includes one virtual instance per license and sells for $999 (with 5 Client Access Licenses).
• Windows Server 2008 Enterprise includes four virtual instances per license and sells for $3,999 with 25 CALs.
• Windows Server 2008 Datacenter includes unlimited virtual instances per license and sells for $2,999 per processor.

Microsoft, which is also selling Hyper V as a $28 standalone offering for Linux and Unix machines, will ship a beta version of Hyper V along with Windows Server 2008.

Then, in the second half of next year Microsoft will push out the final version of Hyper V through Windows Update, said Andy Lees, corporate vice president for Microsoft's Server and Tools Marketing and Solutions group.

"Like any beta technology, we don't recommend using Hyper V in production until the final bits are released," said Lees.

Lees noted that Microsoft used the same approach with the release of clustering technology in SQL Server 2005. "Releasing a non-production copy in the SQL 2005 release worked out well because we were able to gather feedback, and then the final bits were of an even higher quality," Lees said.

While previous Microsoft announcements of new product versions and licensing have been somewhat confusing, the vendor has been pretty clear about its server virtualization intentions, says Rand Morimoto, president of Convergent Computing, an Oakland, Calif.-based Microsoft Gold partner.

Microsoft also announced the general availability of System Center Configuration Manager 2007, System Center Data Protection Manager 2007 and System Center Virtual Machine Manager 2007, all of which provide important management functions for server virtualization.

"From a management standpoint, it's important to have a top-to-bottom view of the entire virtualization infrastructure," said Lees.

Microsoft said that it's giving away Search Server 2008 Express in release candidate form to anyone who wants it, just by downloading directly from Microsoft's Web site here. The Express version is the sibling to the enterprise-strength version of Microsoft Search Server 2008, which the company debuted at an enterprise search conference in San Jose, Calif.

According to a press release issued by the company, Search Server 2008 Express packages up the enterprise search capabilities found in SharePoint Server 2007. With it come free connectors for searching among data and documents in EMC's Documentum and IBM's Filenet document management systems. Microsoft says that it's working with other partners to provide more connectors and federated search features that support the OpenSearch standard.

Jonathan Kauffman, general manager of Microsoft's Enterprise Search group, points to several other key features of the Express version in his blog: "relevancy tuning, security-trimmed search results and great out-of-the-box administration and reporting." What's also noteworthy, says Kauffman, is that Express also imposes no limits to the number of documents that can be indexed and searched.

Microsoft Search Server 2008 itself will be available to the general public in January, and only to Microsoft's volume licensing program customers; that version, according to the press release, adds enterprise deployment and scalability options.

To read more about Search Server 2008 and Search Server 2008 Express, click here. To read about partners developing federated search connectors that will work with Search Server, go here.

On Monday VMWare announced the release of VMware Fusion 1.1, an update to its "virtual machine" software for Intel-based Macs. A free update for registered users, VMware Fusion costs $79.99.

Fusion enables Intel-based Mac users to run other X86-based operating systems like Windows and Linux at the same time as they're running Mac OS X; the software operates the other operating systems as "virtual machines" running simultaneously with the host operating system.

The 1.1 update adds official support for Mac OS X v10.5 "Leopard," and further improves 3D graphics support, with experimental support for DirectX 9.0. Unity, which lets users minimize Windows applications to the Mac OS X Dock, switch between Mac and Windows apps using Exposi and more, has also been improved. Support has been added for Vista Boot Camp partitions as virtual machines, and the software has been localized for French, German and Japanese. Performance has been improved as well.

VMware has also introduced VMware Importer, a new beta application that lets Fusion users import virtual machines created using VMware Fusion's principal Mac rival, Parallels Desktop. You can download it from the "Drivers & Tools" tab on the VMware Fusion 1.1 download page.

The Windows Automatic Update brouhaha that arose last month and erupted again this week is not so much a problem with the program itself but perhaps a patch management and change control issue, observers say.

"This is really a cue, if you're an admin, to look at control over configurations of AU as well as user access rights," said Gil Kirkpatrick, chief technical officer of Phoenix, Ariz.-based NetPro, a Windows security and infrastructure consultancy,"It appears that if this is something that happened to specific users, it should have been audited beforehand or known beforehand."

The controversy has its roots in complaints from a recent discussion thread on AeroXperience.com -- a Windows enthusiast portal -- where it was revealed that some users had configured Windows Update to download but not install updates. These users discovered that their machines had rebooted overnight after installing updates automatically, causing some to lose critical application data. Further, the users reported that the Windows Update configuration had somehow reverted to the "install automatically" setting.

Microsoft this week denied any wrongdoing, stating in a blog entry that a detailed inspection of customer logs found that none of the patches doled out during this month's Patch Tuesday release"have made any changes to users' AU settings."

That wasn't the case last month, as Redmond conceded that it had silently updated the Windows Update apparatus in various OS versions without alerting customers.

As for this week's events, Microsoft suggested that components outside of Windows Update may be responsible for the changes, which is puzzling to some since Microsoft has just about corned the market in terms update programs for a Windows environment. In August, Microsoft's legal department even went so far as to contact independent vendors such as AutoPatcher.com and order them to stop developing mechanisms to help in updating Windows programs and applications.

"In this week's case it may very well be a foreign application that's causing this but to say Microsoft's absolutely not at fault would be simplistic," said Gerret Grajeck, founder and chief operating officer of Irvine, Calif.-based IT security firm Multi-Factor Authentication, Inc."The AU has a great impact about how programs on the OS are allowed to run and I'm concerned not just for my customers but about how my product might be affected by such unwanted updates."

Overall, servers running Windows in a complex processing environment might find it more expedient to use AU, but as Net Pro's Kirkpatrick points out, regardless of what Microsoft finds in subsequent investigations about AU, IT pros on the ground need to be thorough.

Grajek agreed, noting that enterprises usually take special precautions with update verifications during gestation periods for new programs and applications at the server level. He suggests that maybe it's time to go deeper and apply the same approach with OSes, hardware and workstations.

"When you look at companies that do regression testing at the server level, you kind of think that enterprises may need to look at how to do the same thing on the client side," Grajek said."This would put that extra assurance in place and prevent something like this from happening."

Trend Micro has released its 2008 Internet security suite, comprising three separate offerings aimed at various levels of Internet usage.

The AntiVirus plus AntiSpyware, and the PC-cillin Internet Security products are updated versions for 2008, with Internet Security Pro making its debut this year.

The Antivirus plus AntiSpyware version, costing $49.95, is the most basic offering and is aimed at casual Internet users. New features include proactive intrusion blocking capabilities to prevent changes to operating systems and critical software, an enhanced software history cleaner, and improved browser and cookie management.

At $99.95 the Internet Security product is a step up from the AntiVirus plus AntiSpyware edition, and according to David Peterson, Trend's consumer segment director for Australia and New Zealand, this version is about "getting back to what we were doing so well in the past".

Internet Security 2008 includes antivirus and spyware protection, a firewall, fraud defense against phishing scams, wireless and home network control and monitoring and parental controls. It is geared towards users who spend a considerable amount of time online, with a focus on protection from identity theft and personal or sensitive information theft.

New features include enhanced Web site behavior monitoring, the ability to detect and block image spam and customizable security warnings and security activity reports.

Ross Wilson, Trend Micro's managing director for consumer products and services, says that the days when viruses presented the greatest threat to Internet users are over.

"Viruses are an old hat," he explains.

"Threats have changed, malware is not what it used to be.... The very nature of the threat has changed. A lot of it now is driven by organized crime."

"Now it's about identity theft, and the theft of sensitive information in order to make money."

Trend's Internet Security Pro edition is subsequently targeted towards users who bank, shop, invest, use Wi-Fi and trade sensitive information online on a regular basis.

Internet Security Pro boasts all the features of the two lower versions, as well as several unique functions such as: keystroke encryption to prevent keystroke loggers from stealing data; the ability to validate the credibility of wireless hotspots and Wi-Fi networks; a remote file lock to secure folders and files in case of computer theft; and a system tuner to clean up the registry, temp files and startup behavior.

Peterson says the Pro product was originally conceived for high end users, but is now aimed at virtually anyone using the Internet to transmit sensitive data and information on a regular basis.

"Trend Micro 2008 products have been designed for people who extensively use their computers to conduct various activities online, whether they are at home or away."

The Pro edition costs $129.95, and all three versions protect up to three PCs for one year.