Microsoft Search: Still Trying after All These Years
November 2, 2021
That was “FAST,” wasn’t it? You lived through LiveSearch, right? Jellyfish? Powerset? Outlook Search in its assorted flavors like Life Savers? I could go on, but I am quite certain no one cares.
Nevertheless,
Bing’s new feature may possibly prompt some workers to switch to the search-engine underdog. TechRadar Pro reports the development in its brief write-up, “One of Microsoft’s Most-Hated Products Might Actually Be Getting a Useful Upgrade.” Writer Mike Moore reveals:
“The tech giant is boosting one of its less-celebrated products to give enterprise users an easier way to search online. The update means that enterprise users will now get their historical searches as suggestions in the autosuggest pane on Bing and Microsoft Search in Bing, according to the official Microsoft 365 roadmap entry. … The new update should mean that enterprise users looking to quickly find files that they’ve searched for or opened before will no longer need to manually trawl through endless files and folders in search of the elusive location. The update is still currently in development, but Microsoft will doubtless be keen to get it out soon and help boost Bing engagement. The feature is set to be available to Microsoft Search users across the globe via the company’s general availability route, meaning web, desktop and mobile users will all be able to utilize it upon release.”
Moore notes Microsoft’s tenacity in continuing to support Bing despite Google’s astounding market share lead. He wonders whether the company may have lost some enthusiasm recently, though, when it was revealed that the most searched-for term on Bing is “Google.” A tad embarrassing, perhaps. Does Microsoft suppose its file-finding feature will turn the tide? Unlikely, but some of our readers may find the tool useful, nonetheless.
What’s next for Microsoft search? Perhaps broader and deeper indexing of US government Web sites for a starter?
Cynthia Murrell, November 2, 2021
Are Threat Detection and Cyber Security Systems Working?
October 26, 2021
I read “Microsoft: Russian SVR Hacked at Least 14 IT Supply Chain Firms Since May.” The write up states:
Microsoft says the Russian-backed Nobelium threat group behind last year’s SolarWinds hack is still targeting the global IT supply chain, with 140 managed service providers (MSPs) and cloud service providers attacked and at least 14 breached since May 2021. This campaign shares all the signs of Nobelium’s approach to compromising a significant list of targets by breaching their service provider.
That’s interesting. At first glance, it seems as if a small number of targets succumbed.
On the other hand, it raises some questions:
- What cyber security and threat detection systems were in use at the 14 outfits breached?
- What caused the failure of the cyber security systems? Human error, lousy cyber security methods, or super crafty bad actors like insiders?
- Is a 10 percent failure rate acceptable? Microsoft seems agitated, but why didn’t Microsoft’s security protect 10 percent of the targets?
Each week I am invited to webinars to learn about advanced security systems. Am I to assume that if I receive 10 invites, one invite will be from an outfit whose technology cannot protect me?
The reports of breaches, the powers of giant software outfits, and the success of most companies in protecting themselves is somewhat cheering.
On the other hand, a known group operating for more than a year is still bedeviling some organizations. Why?
Stephen E Arnold, October 26, 2021
Microsoft and Russia: Who Does What to Whom?
October 26, 2021
Last year’s infamous Solar Winds attack really boosted Russia’s hacking community. That is one take-away from MarketBeat’s write-up, “Microsoft: Russia Behind 58% of Detected State-Backed Hacks.” Writer Frank Bajak shares some details from Microsoft’s second annual Digital Defense Report:
“Russia accounted for most state-sponsored hacking detected by Microsoft over the past year, with a 58% share, mostly targeting government agencies and think tanks in the United States, followed by Ukraine, Britain and European NATO members, the company said. The devastating effectiveness of the long-undetected SolarWinds hack — it mainly breached information technology businesses including Microsoft — also boosted Russian state-backed hackers’ success rate to 32% in the year ending June 30, compared with 21% in the preceding 12 months. China, meanwhile, accounted for fewer than 1 in 10 of the state-backed hacking attempts Microsoft detected but was successful 44% of the time in breaking into targeted networks, Microsoft said. … Only 4% of all state-backed hacking that Microsoft detected targeted critical infrastructure, the Redmond, Washington-based company said, with Russian agents far less interested in it than Chinese or Iranian cyber-operatives.”
Well, that is something. Ransomware, though, is also up, with the U.S. targeted three times as often as the next nation. Anyone who was affected by the Colonial Pipeline attack may be concerned about our infrastructure despite the lack of state-sponsored interest in sabotaging it. We are told state-backed attackers are mostly interested in intelligence gathering. Bajak cites Microsoft Digital Security Unit’s Cristin Goodwin as he writes:
“Goodwin finds China’s ‘geopolitical goals’ in its recent cyber espionage especially notable, including targeting foreign ministries in Central and South American countries where it is making Belt-and-Road-Initiative infrastructure investments and universities in Taiwan and Hong Kong where resistance to Beijing’s regional ambitions is strong.”
North Korea is another participant covered in the report. That country was in second place as a source of attacks at 23%, though their effectiveness was considerably less impressive—only 6% of their spear-phishing attempts were successful. Bajak closes by reminding us the report can only include attacks Microsoft actually detected. See the write-up or the report itself for more information.
Cynthia Murrell, October 26, 2021
Microsoft: A Legitimate Point about Good Enough
October 20, 2021
A post by Stefan Kanthak caught my attention. The reason was an assertion that highlights what may be the “good enough” approach to software. The article is “Defense in Depth — the Microsoft Way (Part 78): Completely Outdated, Vulnerable Open Source Component(s) Shipped with Windows 10&11.” I am in the ethical epicenter of the US not too far from some imposing buildings in Washington, DC. This means I have not been able to get one of my researchers to verify the information in the Stefan Kanthak post. I, therefore, want to point out that it may be horse feathers.
Here’s the point I noted in the write up:
Most obviously Microsoft’s processes are so bad that they can’t build a current version and have to ship ROTTEN software instead!
What’s “rotten”?
The super security conscious outfit is shipping outdated versions of two open source software components: Curl.exe and Tar.exe.
If true, Stefan Kanthak may have identified another example of the “good enough” approach to software. If not true, Microsoft is making sure its software is really super duper secure.
Stephen E Arnold, October 20, 2021
Mapping the Earth: A Big Game?
October 20, 2021
I read “Was Google Earth Stolen?” I have not thought about making a map of the earth game-like for many years. I read the article by Avi Bar-Zeev, one of the individuals close to the Keyhole approach. Interesting stuff.
I want to underscore the fact that Microsoft was noodling around in this geographic earth space as well. There is a short item on the Microsoft Web site called “The Microsoft TerraServer.” The write up states:
The Microsoft TerraServer stores aerial and satellite images of the earth in a SQL Server Database served to the public via the Internet. It is the world’s largest atlas, combining five terabytes of image data from the United States Geodetic Survey, Sovinformsputnik, and Encarta Virtual Globe™. Internet browsers provide intuitive spatial and gazetteer interfaces to the data. The TerraServer demonstrates the scalability of Microsoft’s Windows NT Server and SQL Server running on Compaq AlphaServer 8400 and StorageWorks™ hardware. The TerraServer is also an E-Commerce application. Users can buy the right to use the imagery using Microsoft Site Servers managed by the USGS and Aerial Images. This paper describes the TerraServer’s design and implementation.
The link to download the 23 year old Microsoft document is still valid, believe it or not!
Other outfits were into fancy maps as well; for example, the US government entity in Bethesda and some of the folks at Boeing.
Is this germane to the Bar-Zeev write up? Nah, probably no one cares. I find stories about technology “origins” quite interesting for what each includes and what each omits. Quite game-like, right?
Stephen E Arnold, October 20, 2021
Registering Dismay: Microsoft Azure Blues
October 20, 2021
The Beyond Search team loves Microsoft. Totally.
Some are not thrilled with automated customer service. Talk to smart software. Skip the human thing. Microsoft’s customer service has been setting a high standard for decades. . Despite the company getting bigger and more powerful, Microsoft sparked a story in The Register called “WTF? Microsoft Makes Fixing Deadly OOMIGOD Flaws On Azure Your Job.”
Azure is Microsoft’s cloud platform and users using Linux VMs are susceptible to four “OMIGOD” in the Open Management Infrastructure (OMI). Linux Azure users are forced to fend for themselves with the OMIGOD bugs, because Microsoft will not assist them. What is even worse for the Linux users is that they do no want to run OMIs on their virtual machines. OMIs are automatically deployed when the VM is installed when some Azure features are enabled. Without a patch, hackers can access root code and upload malware.
The write up points out that Microsoft did some repairs:
“The Windows giant publicly fixed the holes in its OMI source in mid-August, released it last week, and only now is advising customers. Researchers quickly found unpatched instances of OMI. Security vendor Censys, for example, wrote that it discovered ’56 known exposed services worldwide that are likely vulnerable to this issue, including a major health organization and two major entertainment companies.…In other words, there may not be that many vulnerable machines facing the public internet, or not many that are easily found.”
Linux VM users on Azure are unknowingly exposed and a determined hacker could access the systems.
Is it possible Windows 11 is a red herring. OMIGOD, no.
Whitney Grace, October 20, 2021
Interesting Behavior: Is It a Leitmotif for Big Tech?
October 18, 2021
A leitmotif, if I remember the required music appreciation course in 1962 is a melodic figure that accompanies a person, a situation, or a character like Brünnhilde from a special someone’s favorite composer.
My question this morning on October 18, 2021, is:
“Is there a leitmotif associated with some of the Big Tech “we are not monopolies” outfits?”
You can decide from these three examples or what Stephen Toulmin called “data.” I will provide my own “warrant”, but that’s what the Toulmin’s model says to do.
Here we go. Data:
- The Wall Street Journal asserts that William “Bill” Gates learned from some Softie colleagues suggested Mr. Gates alter his email behavior to a female employee. Correctly or incorrectly, Mr. Gates has been associated with everyone’s favorite academic donor, Jeffrey Epstein, according to the mostly-accurate New York Times.
- Facebook does not agree with a Wall Street Journal report that the company is not doing a Class A job fighting hate speech. See “Facebook Disputes Report That Its AI Can’t Detect Hate Speech or Violence Consistently.”
- The trusty Thomson Reuters reports that “Amazon May Have Lied to Congress, Five US Lawmakers Say.” The operative word is lied; that is, not tell the “truth”, which is, of course, like “is” a word with fluid connotations.
Now the warrant:
With each of the Big Tech “we’re not monopolies” a high-profile individual defends a company’s action or protests that “reality” is different from the shaped information about the individual or the company.
Let’s concede that these are generally negative “data.” What’s interesting is that generally negative and the individuals and their associated organizations are allegedly behaving in a way that troubles some people.
That’s enough Stephen Toulmin for today. Back to Wagner.
Leitmotifs allowed that special someone’s favorite composer to create musical symbols. In that eminently terse and listenable Der Ring des Nibelungen, Wagner delivers dozens of distinct leitmotiv. These are possible used to represent many things.
In our modern Big Tech settings, perhaps the leitmotif is the fruits of no consequences, fancy dancing, and psychobabble.
Warrant? What does that mean? I think it means one thing to Stephen Toulmin and another thing to Stephen E Arnold.
Stephen E Arnold, October 18, 2021
Office 365: A Petri Dish for Malware?
October 18, 2021
Microsoft has a PR problem? Microsoft may have other issues as well, but “Infosec Expert Beaumont Slams Microsoft Over Hosting Malware for Years” seems like a semi-negative write up. Is the situation as dire as the article suggests? I don’t know, but it seems as if it is not what you would call:
- A ringing endorsement for Microsoft security
- An illustration of Microsoft’s approach to Office 365
The write up asserts:
An overwhelming majority of ransomware attacks only Windows, with an analysis by staff of the Google-owned VirusTotal database last Thursday showing that 95% of 80 million samples analysed — all the way back to January 2020 — were aimed at Windows.
How has Microsoft responded? The write up quotes infosec expert Beaumont as saying:
Before the train of MS employees arrive saying ‘just report it’, try getting them and future ones taken down yourselves. I did. It was a disaster.
The write up, which is a mish mash of quotes and tweets, contains a number of interesting allegedly true factoids.
True? Maybe. Not-so-great PR for the company that follows China’s content guidelines? Sure seems like it.
Stephen E Arnold, October 18, 2021
Another Reason for Windows 11?
October 13, 2021
The team at Beyond Search talked yesterday about Windows 11. One individual installed the system on one of our test-only machines and reported, “Not too exciting.” Another dismissed the Windows 11 as a distraction from the still-lingering SolarWinds and Exchange Server security face plants. I took a look and said, “Run some tests to see what it does to the performance of our AMD 5950X machines.”
Then I turned my attention to more interesting things. This morning my trusty Overflight system spit out this headline: “Microsoft: Here’s Why We Shrunk Windows 11 Update Sizes by 40%.” I noted this statement in the article:
…It was necessary to reduce the size of them, which in the past have been almost 5 GB in size. In a word, it’s about bandwidth, which millions of households in the US have a shortage of due to poor broadband in remote areas.
Maybe cost is a factor?
My hunch is that Microsoft has many employees who have opinions about the shift from the last Windows to a last-plus-n Windows.
Several observations from our underground computer lab in rural Kentucky:
- Updates create problems for Microsoft; for example, security issues lurk and actors world wide are enthusiastic about exploring “new” code from Microsoft. Vulnerabilities R’Us it seems.
- Implementing procedures which produce stable code are more expensive than figuring out how to reduce code bloat in updates. Therefore, the pitch touted in the write up cited above.
- Microsoft has shifted from 10,000 sail boats going in the same general direction to 20,000 motor boats going someplace. Evidence? The changing explanation for the existence of Windows 11.
Net net: Big and changing operating system may add vulnerabilities, not just rounded corners and a distraction from deeper issues.
Stephen E Arnold, October 13, 2021
Microsoft and Its Post Security Posture
October 1, 2021
Windows 11 seems like a half-baked pineapple upside down cake. My mother produced some spectacular versions of baking missteps. There was the SolarWinds’ version which had gaps everywhere, just hot air and holes. Then there was the Exchange Server variant. I exploded and only the hardiest ants would chow down on that disaster.
I thought about her baking adventures when I read “Microsoft Says Azure Users Will Have to Patch these Worrying Security Flaws Themselves.” Betty Crocker took the same approach when my beloved mother nuked a dessert.
Here’s the passage that evoked a Proustian memory:
instead of patching all affected Azure services, Microsoft has put an advisory stating that while it’ll update six of them, seven others must be updated by users themselves.
Let’s hope there’s a Sara Lee cake around to save the day for those who botch the remediation or just skip doing the baking thing.
Half baked? Yeah, and terrible.
Stephen E Arnold, October 1, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
