Living with a Windows “RT” Tablet

Posted on October 22, 2012 by halberenson

I just returned from a 17 day trip in which I did the unthinkable, I left my iPad at home.  For the last couple of years it has gone everywhere with me.  And when I’m not traveling on business the iPad (and my Windows Phone) have been the only devices I bring along.  But for this trip I knew I was going to need a keyboard and so contemplated bringing both my iPad and my Toshiba Portege notebook.  In the end though I made a risky decision.  I’d leave both behind and just take along my Acer Iconia Tab W500 running Windows 8.  Then I could gain real experience living with a Windows 8 tablet and still have a keyboard (detached most of the time) for when I needed it.

The decision to take the W500 had lots of implications.  The first was that my iPad has 3G while the W500 is WiFi only.  I actually was more concerned about this than I was about the limited set of “Windows Store” apps currently available for Windows 8.  I’ve gotten used to always having the iPad with me, and having it be continually connected like a cellphone.  What was it going to be like to need to find a WiFi hotspot, or turn on Internet Sharing on my Nokia Lumia 900, whenever I wanted to connect with the W500?

Next I had to decide how I’d configure the W500.  In particular, what Desktop apps would I take with me (besides Office 2013 of course).  I tried installing the New York Times Times Read 2.0 desktop app which is based on Adobe AIR.  It’s performance and usability on the tablet were so poor I quickly uninstalled it.  I tried installing the Android version of Zinio using BlueStacks and found that while it was finger friendly it was too slow.  I tried some other traditional desktop apps and, while they worked ok, they just weren’t (finger) Touch friendly.  So I could have used them with the keyboard (which has a pencil eraser style pointing device), but not when using the W500 as a tablet.

Finally I decided I would configure the W500 without desktop apps so that it mimicked the user experience of a Windows RT device.  This, plus the lack of a cellular modem, would give me a feel for what it would be like to live with a Microsoft Surface.  The only exception I made was to install the desktop version of Skype, something that won’t be necessary later this week when the first Windows RT (and Windows 8) devices ship with a “Windows Store” version of Skype.

Overall I didn’t miss my iPad.  There were a few apps, Zinio in particular, that it bugged me not to have yet.  I did miss not having a direct cellular connection, but this turned out to only be a modest annoyance.  I found myself using my Lumia 900 more for activities I often do on the iPad just because once I had it out of my pocket to turn on Internet Sharing it was faster to perform the activity on the phone.  And I altered my battery-related behavior for the Lumia as well.  Normally I don’t charge the battery on the Lumia during the day, but I switched to plugging it in whenever I was in the car or our hotel room.  That way the battery drain from using it as a hotspot wouldn’t leave me suddenly high and dry in the middle of the day.  Of course since I was also using the Lumia as my GPS plugging it in when driving was pretty much a necessity anyway.

But by far the biggest problem with the lack of a cellular modem turned out to be an AT&T issue.  I use a (WiTopia) VPN when using public WiFi hotspots.  Although I could have installed WiTopia’s full SSL VPN package on Windows 8, I chose instead to use their PPTP VPN as it requires no software installation (and thus will work on Windows RT as well).  It was easy to set up and easy to connect to.  However in one hotel that used AT&T to provide its WiFi hotspots I could never get the VPN to connect.  AT&T claims it should work, so I don’t know if this was a local configuration problem or something common with AT&T WiFi.  In any case, it is a problem for those of us who know how dangerously non-secure public WiFi is.

Because the Windows Store is still so sparsely populated I did have to use the web for activities that would be better with an App.  Even snappy websites are slow compared to a local app, and very few have been updated for Windows 8, IE10, or touch.  A site that might offer a customized iPad and/or iPhone page will leave a Windows 8/RT tablet user to either use their desktop-oriented or non-smartphone mobile page.  I expect that to change quickly once Windows 8 is out, but local Apps will still provide a superior experience.

On a related note, all too often I had to switch to desktop IE because the site I went to used Flash but was not on Microsoft’s whitelist.  For those who haven’t been following this Windows 8/RT contain two versions of Internet Explorer.  One is a “Windows Store”-style app while the other is the classic desktop IE.  Both have Adobe Flash support built-in.  But the “Windows Store”-style version uses a whitelist to identify sites that use Flash in a way that conforms to Microsoft’s guidelines (e.g., being Touch friendly).  Very few sites are currently on the whitelist.  So after initially trying to view them with the “Windows Store”-style IE you have to switch to the desktop IE to get them to work.  Now two things will change this in time.  First, websites will continue to abandon Flash or at least offer HTML5-based Flashless versions, as they already do for the iPad, up to Widows 8/IE10 systems.  Second, those that still want to use Flash will work to get their sites on the whitelist.  But for the first few months of using a Surface, Windows RT, or Windows 8 you can expect this to be a modest annoyance.

As I previously posted the News app that Bing has provided for Windows 8 is superb and met a good chunk of my news reading needs.  In fact I think I was better off than on the iPad because Bing News gave me not only the search-based newspaper capability but also direct readers for the Wall Street Journal and New York Times.  USA Today, which I also frequently scan, was one of the first to put an App into the Windows Store.   Now if I can get the Denver Post, Colorado Springs Gazette, and Jerusalem Post either as apps or more complete support in News my needs will be complete.  On this trip I let the News app’s stream of the most recent stories in the first two suffice, and used jpost.com for the latter one.

Of course with the W500 it is inconvenient to carry the keyboard around, so it mostly sat in my briefcase.  I did use it to write a couple of blog postings.  With the Surface I’ll always have the Touch cover with me, and I plan to swap to the Type cover when I think I might need to do heavy-duty typing.  The W500 also relies on its keyboard dock as a stand, and I never did find a suitable cover for it.  So when I was carrying it without the dock there was never a way to prop it up.  None of this will be a problem for the Surface, so as good as my W500 experience was the Surface experience should be much better.

As it turned out the experiment was perfectly timed.  The lack of a cellular modem, and the fear that I’d need to supplement the “Windows Store” apps with desktop apps, had almost convinced me to skip the Surface and wait for the Surface Pro (or another Windows 8 tablet).  But when Surface pre-orders opened up in the middle of my trip I’d already concluded that I wanted to replace my iPad 1 with one.

I did make use of some of the unique features that Microsoft is bringing to the table.  Over dinner my Uncle mentioned his PC was acting up.  It sounded like malware to me (though it turned out not to be) and I offered to stop by and take a look.  Of course one of the critical tools here is a bootable malware scanner, but you want to create that DVD or USB Flash Drive on a machine known to be malware free.  How was I going to do that since I hadn’t brought a PC with me.  Well, actually, I had 🙂  I created a Windows Defender Offline USB drive on my W500 and used it to scan his machine.  Now this is something that wouldn’t work on the Surface (or other Windows RT machines), at least not until someone creates a Windows Store app for creating bootable USB drives.  There was also a case where we needed to print something and I was easily able to do it with the W500 whereas we couldn’t solve the problem with my wife’s iPad 2.  For me these things just validated Microsoft’s support for USB ports on tablets, and its general approach of providing considerable legacy device support, compared to the iPad.

Apple, I love what you did with the iPhone and iPad.  They are still awesome products.  But they are stale.  And it looks like there are now options that are fresher and cover a large range of my needs.  So I’ll be permanently retiring my iPad on Friday.  Maybe I’ll be back.  After all you may still have the capability to introduce new products that I just can’t resist.  But I don’t think you have the ability to catch Microsoft sleeping the way you’ve been able to do for the last five years.  And now they’ve become the guys doing the interesting work.  Oh you’ll still have a place in my household.  Microsoft has a long way to go before my wife trades in her iPhone and iPad.  Although once she gets her hands on my Surface I may be forced to revise that assessment.    Especially if Microsoft can really grow the Windows Store so it has the apps she wants.

In any case Apple, you’d better watch out.  There is a new force in town.  And if she doesn’t blow her foot completely off with bad naming decisions (already made) and more poor marketing (still TBD) then your customers are the ones sitting in the auditorium and she’s the one throwing the sledgehammer at the screen from which you preach.

 

Posted in Computer and Internet, Microsoft, Windows | Tagged , , | 1 Comment

WSJ and NYT Readers for Windows 8/RT

Posted on October 20, 2012 by halberenson

Amongst the things I’ve anxiously been waiting to appear in the Windows Store are apps for reading the Wall Street Journal and The New York Times.   Little did I realize that these were already there, though hiding in an unexpected place. Ever since the Windows 8 Developer Preview I’ve been using the Bing-based News app as a primary way of reading the news on my Windows 8 systems. It’s a great app really, from just stunning visuals to its broad range of sources to the ability to follow specific topics of interest. But imagine my surprise when I discovered that it also has built-in (and apparently officially sanctioned) readers for both the WSJ and NYT!

Swipe down from the top and you’ll see a list (currently 4) of featured news sources, amongst them WSJ and NYT.  Select the WSJ and something that looks like a cross between the typical WSJ app and the Microsoft Design Language (Metro) appears.  There is a link where you can sign up or sign in to see subscriber only content. I logged in and there I had it, a WSJ reader.   The process is similar for the NYT.

Although the number of apps in the Windows Store is still dismally low this discovery made the two weeks since I ditched my iPad to travel with only a Windows 8 tablet (an old Acre Icons Tab W500) much more pleasant. I’ll report my fully on my overall experience in an upcoming post.

Posted in Computer and Internet, Microsoft, Windows | Tagged , , , , , | 11 Comments

Stop compounding Microsoft’s Windows RT mistakes

Posted on October 19, 2012 by halberenson

Microsoft has created lots of confusion with the introduction of Windows RT, but I think everyone who does understand the difference between Windows RT and Windows 8 is making things worse by the way they are explaining it.  Basically the difference is “Windows 8 runs both existing and new applications while Windows RT only runs new applications”.

I usually add “So if you want to run Quicken, QuickBooks, Photoshop, or other applications you already have on your PC then you want Windows 8 and not Windows RT”.  For many people that’s all it takes for them to realize that what they want is Windows 8 and not Windows RT.  Note that I didn’t need to discuss Intel vs. ARM, or Desktop vs. “Metro” apps, or the inclusion of Office 2013 in Windows RT or a dozen other thorny details.

Of course with that out-of-the-way some people will then ask additional questions, but at least they are guided questions.  If they ask about installing Windows 8 instead of Windows RT on the new Surface then you’ll have to explain that it isn’t possible.  For non-technical users I think a simple “the Surface wasn’t designed to run older applications so it isn’t supported by Windows 8” may be the best approach.

At some point you’ll be asked “then why would anyone want Windows RT”, and that’s where things get interesting.  Because in truth it is a little hard to justify!  Again, my approach is to simplify things.  “Existing applications are not designed for Touch or the smaller screens usually found on Tablets, lead to reduced battery life, and use too much memory and disk to allow for the best Tablet experience.  So if you don’t need to run existing apps then Windows RT allows for thinner, lighter, less expensive, better battery life Tablets then is possible with Windows 8. ”  If they are still interested in Windows RT I’d go on to mention that it comes with Office 2013 included, but otherwise I’d stop there.

Less than 1% of the potential customer base is going to care why Windows RT even has a Desktop, why Office 2013 is really a Desktop app, why Microsoft made certain decisions (e.g., you can join an existing Homegroup with Windows RT but you need Windows 7 or 8 to create a new one), why you can’t purchase Windows RT except pre-installed on a new Tablet, etc.  But why burden the other 99% with these details up front?

In my opinion Microsoft really screwed up by calling Windows RT “Windows”.  They failed miserably at delivering on the promise they made when Windows on ARM was first revealed to have a name that would clearly differentiate the two offerings for consumers.  That’s water under the bridge.  Now what they need is VERY SIMPLE messaging for guiding purchasers to the right product.  So far we haven’t seen that messaging from them, and in its absence pundits and posters are just making the situation worse.

Windows 8 runs existing and new applications while Windows RT only runs new applications.

Posted in Computer and Internet, Microsoft, Windows | Tagged , , | 39 Comments

A Windows Phone “Plan B”

Posted on October 4, 2012 by halberenson

Let me start out by saying this is totally speculative on my part, I have no information that suggests what I’m about to describe exists anywhere in Microsoft’s thinking.

Microsoft has a huge amount riding on the launch of Windows Phone 8.  OEMs have already announced compelling devices.  Windows Phone 8 itself seems (which is all we can say since Microsoft has still not fully revealed it) quite compelling.  The carriers are largely saying the right things.  Now the devil is in the details.  Which devices on each carriers at what price points.  How committed are the carriers to marketing and selling Windows Phone?  What will Microsoft itself do to promote Windows Phone 8?  Will the concurrent launch of Windows Phone 8 and Windows 8 help or hurt the phone efforts?  Etc.

It won’t take long, perhaps as little as 3-6 months, to get a good read on where Windows Phone 8 is going.  Either Windows Phone market share growth accelerates substantially or it doesn’t.  The worst outcome is that it accelerates somewhat but that you can’t draw a conclusion about where it will be in a couple of years.  But assuming the growth rate accelerates to the point where talk about Windows Phone being the third major ecosystem goes from wishful thinking to accepted reality, Microsoft probably sticks to its current strategy.

But what if Windows Phone 8 doesn’t take off?  If WP8 doesn’t take off why would anyone think that a Windows Phone 9 would?  To put it bluntly, either WP8 is a winner or Microsoft has no role to play in the traditional mobile phone marketplace.  So what is Plan B?

I’ll start with the recent Steve Ballmer revelation that Microsoft is becoming a “devices-and-services” company.  Some people think this was just a random statement in an interview, but I’ve heard Steve has been using this phrase internally for well over a year.  And certainly there have been multiple revelations over the last year that support this as being baked into the strategy rather than just a recent observation.  So what if Microsoft brought “devices-and-services” to the mobile phone market?

Just coming out with a Microsoft-branded Windows Phone isn’t what I’m talking about.  And sure Microsoft has some services tied to Windows Phone.  But I’m talking about something bigger.  If Microsoft truly can’t crack the traditional mobile phone market, how could it disrupt it?

Before I go on I know you’re already thinking that Google tried to disrupt the traditional mobile phone market with the Nexus One.  Really?  Coming out with your own unlocked device that you only sell online constitutes disruption?  Coming out with a device that you still had to get service from a traditional carrier constitutes disruption?  Google’s attempt was half-hearted and a losing proposition for most end-users.  It was good as a “North Star” kind of offering to drive OEMs, but never constituted a real challenge to existing market dynamics.  Forget them as a data point.

A real challenge to existing mobile phone market dynamics requires you to remove the carrier business relationship from the consumer experience.  That seems like an almost insurmountable challenge to me, yet it is exactly what a Microsoft Plan B would have to do.  Microsoft would need to find a way to sell a complete and compelling mobile “devices-and-services” experience that it controlled from end-to-end.

That Microsoft would have to build its own phone is a given in any Plan B.  That’s the easy part.  The hard part is what to do about the carriers.  No, Microsoft would not acquire one nor build out a physical network of its own.  That’s both impractical (on a global scale) and financially foolish (given how capital-intensive it is).  But it could become a Mobile Virtual Network Operator (MVNO).  Microsoft would then be capable of selling an end-to-end experience that included the device, the underlying communications service, and added value services such as music streaming.

By going the MVNO route Microsoft would be freed from carrier decisions about which phones to carry, how to price them, how to promote them, how quickly to update them (!), who shares in what parts of the subsidy pie, lock-in terms, etc.  It would own its own destiny.  On the flip side, it would lose the carriers’ large retail footprint and healthy marketing budgets.  And carriers have developed new techniques, such as family plans, that make switching very unattractive for the consumer.  But if WP8 fails using the traditional carrier model, this is a tradeoff that Microsoft would be forced to make.

In order to succeed with an end-to-end strategy Microsoft would have to accelerate the growth of its own Microsoft Store retail footprint world-wide.  It would also have to forge new retail partnerships to replace the large carrier retail footprint.  Just using the U.S. as a model, a strong partnership with Walmart (which fyi already has its own MVNO) to go after entry-level and budget sensitive buyers would be crucial.  A partnership with Best Buy, whose focus has been shifting towards Mobile, would give it a nationwide footprint aimed at the heart of the market.  There are plenty of other opportunities to build a good retail presence, such as Radio Shack, Target, Cartoys, Staples, etc.  Microsoft has existing (non-phone) relationships with almost all the players, but it would require a substantial investment to build those into what is necessary to succeed in the mobile phone space.

Microsoft would also need some unique angles in order to differentiate their offering, and allow for unique marketing efforts.  One that comes to mind is a focus on landline replacement.  Freed from traditional carriers resistance to alternatives to their voice and SMS services, Microsoft could seamlessly integrate Skype into their end-to-end experience.  Not only would this allow Microsoft to reduce the amount of bulk service the MVNO must acquire from the underlying carrier networks, it offers the possibility for all kinds of interesting home and office configurations.

There are many other areas that Microsoft can differentiate on, such as customer service.  Which is to say that the approach I’m describing offers amazing opportunity, but is also fraught with risk and expense.  I haven’t even touched on the fact that this would launch Microsoft into a regulated telecommunications business.

So there it is, a Plan B for Windows Phone.  Put simply, it’s go it alone.  Truly alone with regard to the existing mobile phone market.  Is it a crazy idea?  Yes.  Could it happen? Yes.  Could it succeed?  Your guess is as good as mine.

Google has toyed with the MVNO approach, but there are no signs that it is actually going to try that route as a strategy.  Imagine if Microsoft followed this approach out of desperation, and Google did it out of its longstanding desire to disrupt the current carrier model.  Google’s efforts would help legitimize Microsoft’s, and between the two they would indeed represent a threat to the current carriers.  At the first hints of success others, such as Facebook, would likely jump on board with their own offering.  This would be one of the rare cases where the interests of the software/internet companies truly converged.  In fact converged to such an extent that it challenged the telecom industry’s status quo.  And that my friends would be true disruption.

So now we wait and see if Windows Phone 8 succeeds in the market using a traditional business model.  And if it doesn’t, then we’ll see if Microsoft has the stomach to try to change everything.

Posted in Computer and Internet, Microsoft, Mobile, Windows Phone | Tagged , , , , | 19 Comments

Is Microsoft really building its own Windows Phone?

Posted on October 3, 2012 by halberenson

Is Microsoft really building its own Windows Phone?  Well, building definitely.  Planning to bring to market?  I’m not so sure.  And if they do,  what does that really mean?

Microsoft has always been building Windows Phones.  One of the original development platforms for Windows Phone 7 was a device that Microsoft Research designed for its own research efforts and then did a manufacturing run to give to the Windows Phone development team.  And Microsoft has long done reference designs for new systems and offered them to OEMs either purely for reference or even for licensing to build and sell on their own.  I don’t know if any of the WP7 or 7.5 devices were based on Microsoft’s designs for a hero phone, though I doubt it.  Instead OEMs seem to have focused on taking their original designs (for Android or Symbian) and reworking them to meet the Windows Phone specs.    So we can’t be sure that a leak about a Microsoft-branded Windows Phone is for a reference design they’ll use internally or is something they will actually bring to market.

Microsoft’s problem with Windows Phone isn’t with its OEMs.  The crop of Windows Phone 8 devices is plenty compelling enough to compete with the iPhone and latest Android phones.  Microsoft’s problem is with marketing and with its reliance on Carriers.  Having their own phone gives them a channel to help address the marketing problem, but does nothing to solve the fact that despite all the rhetoric the carriers are OS agnostic.  They just want your monthly service fee.  And that makes selling iPhones and Android the path of least resistance.  Stick a Surface Phone in an AT&T store and it isn’t going to get any more love than a Nokia Lumia 920 gets.  And Microsoft’s own retail footprint is so small that it is immaterial.  You aren’t going to impact market share by even a 100th of a percent by sales of Surface Phone’s through the Microsoft Stores.

What a Surface Phone would do is give Microsoft something to market directly rather than indirectly through OEMs and Carriers.  I think they’ve concluded that promoting “Windows Phone” doesn’t get them anywhere.  Verizon’s advertising for Droid phones, not the Android OS, made Android popular here in the U.S.   People then walked into stores asking about a “Droid” and were sold whatever Android phones that carrier offered.  Microsoft could advertise the heck out of a Surface Phone, with the real intent of legitimizing Windows Phone.  If it offered said Surface Phone only through limited channels (as is the plan with Surface tablets), perhaps explicitly not including carrier stores initially, it would actually help drive sales of Nokia and other OEM devices.

But for a Surface Phone (or other Microsoft branded device) to really move the needle on Windows Phone market share Microsoft would need to somehow change the game in terms of the carriers.  That is, they’d have to figure out how to take the carriers out of the loop.   And that is a wildly larger challenge to consider than just introducing a phone with their own branding.

Posted in Computer and Internet, Microsoft, Mobile, Windows Phone | Tagged , , | 7 Comments

Yes Virginia, Anti-Virus software is quite useful

Posted on October 1, 2012 by halberenson

Every now and then I come across an article or blog posting arguing that Anti-Virus software is near useless and shouldn’t be bothered with because it can only protect you against known threats and not emerging threats.  First of all modern Anti-Virus software, better called Anti-Malware these days, generally does provide some protection against emerging threats.  More importantly, the malware that users are most at risk from are the known threats not the emerging threats.  Put this in human terms.  Do you skip the vaccines for Polio, Tetanus, Pneumonia, H1N1, etc. because they don’t protect against Ebola?  Or a new swine fly virus?  No.  So you don’t want your computer protected from Conficker (a family of Worms that has been with us since 2008 and remains a major threat) or other known threats because somewhere in Russia, or China, or Peoria a hacker is about to release a piece of malware that won’t be blocked by your anti-malware software’s current signatures or other protections?  Really?

The vast majority of threats on the Internet are known threats.  Mostly they’ve been known about, and protected against, for years.  They lurk on websites, file shares, email archives, and offline copies such as USB keys and DVDs waiting for an unprotected user to activate them.  And the vast majority of new threats become “known threats” rather quickly and are  thus “contained” by anti-malware software.

Keep in mind that like communicable human disease computer malware doesn’t appear everywhere all at once (although there are exceptions, like SQL Slammer that spread incredibly quickly in the primitive security environment that was in place in 2003).  Thousands of machines might be infected by a new piece of Malware before it is discovered and Anti-Malware vendors update their products to block it.  But there are 1.3 Billion PCs in the world (plus the 500+ Million very vulnerable Android devices out there).  What are the odds that YOUR PC will be infected by a new piece of Malware before your Anti-Malware vendor updates their signatures?  You should worry far more about lightning.

Unless of course you don’t have Anti-Malware software with real-time protection on your machine.  Then your odds are more like standing in the middle of a golf course with a golf club thrust towards the sky while a thunderstorm passes directly overhead.  Not smart for those trying to avoid being hit by lightning.  Not any smarter for those trying to protect their computer from being infected by Malware.

At worst Anti-Malware software should be considered absolutely necessary but not sufficient for keeping a computer safe from Malware.  In practice, when combined with a modern operating system (meaning Windows 7 or later in the Microsoft world), other built-in capabilities like the firewall, URL Filter (e.g., IE’s Smartscreen), automatic update of software, and even a minimal amount of attention paid to best practices for surfing the web and reading email, it will keep the typical PC free of Malware.

Posted in Computer and Internet, Microsoft, Security, Windows | Tagged , | 3 Comments

Windows 8 and Arrogance (or not)

Posted on September 27, 2012 by halberenson

I know that I struck a nerve with a comment about Windows Phone apps, Windows 8, and Microsoft Windows President Steven Sinofsky.  I wanted to explore this topic further on two fronts.  First of course is the entire Windows Phone app question, and then a little on the Start menu.  And I’ll include some general SteveSi related comments along the way.

There are basically three ways that Windows 8 could have supported Windows Phone 7.x apps directly.  In increasing order of desirability they are:

1) Packaged a WP7.x emulator in Windows 8, basically allowing apps to run but keeping them completely isolated from Windows 8.  Just say no and leave it at that.

2) Created a parallel WP7.x stack and allowed the Windows Store to carry those applications.  Handled some of the more common Windows 8 Contracts via system provided defaults.  Perhaps even have extended the WP7.x programming model, in conjunction with the WP team, to support the newer Windows 8 concepts (again, like contracts).

3) Started with the Windows Phone 7.0 app model as the basis for the Windows 8 app model.  Evolve it substantially, but in an upward compatible fashion.

We already ruled out #1, so let’s address #3.  While there are over 100K apps now available for WP7.x, that wasn’t the case at the start of the Windows 8 project.  Basically when decisions about Windows 8 were being made there were NO WP7 apps.  Moreover, the overall app plat approach taken by WP was in conflict with a couple of the key beliefs driving the Windows 8 app platform.

Windows Phone 7 was done under the most severe time pressure I’ve ever seen for a project of its size.  To ship on schedule it had to rely on quite a few pre-existing pieces of technology.  For example, the .NET Compact Framework, Silverlight, Visual Studio and Expression Blend had to be used with at most modest changes.  Likewise many other parts of the product were taken from earlier Windows Mobile 7, XNA, Zune, and other efforts.  An overall app model was defined and implemented around and incorporating all these pieces.  I think the team did an outstanding job.

Charlie Kindel (who ran the Windows Phone app platform Program Management team at the time) has commented via Twitter that Steven Sinofsky chose to bet against Windows Phone.  I think that is certainly one of the answers.  If you evaluate Sinofsky’s bet against two criteria you get radically different views of if he was right or wrong.  Based on the size of the app library he was wrong.  Based on the number of Windows Phones sold he was right.  But why bet against Windows Phone rather than build on their work?

You may recall from other sources that Steven Sinofsky has never been known to be a .NET fan.  While others within Microsoft, and even senior people in the (pre-Windows 8) Windows organization, wanted to move to an entirely .NET app model for Windows Steven did not.  He (and others fyi) wanted to re-engage the native code C++ developers that Microsoft had been neglecting.  And they wanted to co-opt the huge base of web developers to create apps for the Windows platform.  Well, what had the Windows Phone guys done?  They’d implemented a .NET only app platform.  Could the Windows Phone app platform evolve to address the native and web developers?  Sure.  But with no existing library of apps and a desire not to have .NET-centric platform at the core of Windows Sinofsky apparently felt pretty comfortable ignoring the Windows Phone team’s work.

Of course deciding not to the base the Windows 8 app model on Windows Phone could just be a case of NIH, and there was probably a little of that at play.  But at the same time I think the notion of a true reboot of Windows was growing.  And evolving the Windows 8 app model from the Windows Phone 7.x app model, particularly in a way that allowed Windows Phone 7.x apps to run unchanged, meant bringing along a lot of legacy that didn’t belong in what was supposed to be a nice clean new app model.

Which brings me to option #2.  Why not have included the ability to run Windows Phone 7.x apps on Windows 8 as a parallel stack?  This seems easy from a technology standpoint as both the CLR and Silverlight can run on the platform.  Most of the work would have been in porting the WP7.x-specific librares.  And deciding how to integrate with Windows 8 concepts that were foreign to WP7.x like Contracts.  And provide a virtual Back “button”.  Its use could have been restricted in such ways that it wouldn’t really be an alternative to the new Windows Runtime app model.  You’d get an instant large library of apps, most of which felt alien running on a Windows 8 system.

Take the early days of the iPad, where most apps were actually iPhone apps that the iPad would run at 2x size.  In that case, even with an identical app model, many apps really felt ill-suited for use on a tablet.  The benefit of sharing the app model came later, when many (perhaps most) apps were able to have a single executable that adapted its experience for the iPhone or iPad.  Or take Android tablets, where they’ve had trouble gaining traction at least partially because they had so few apps that really were tablet-aware.  While it may be changing now, the first generations of Android-based tablets suffered mightily because all they had to run on them were smartphone apps.  And again, that is with a shared app model.  So it is reasonable to question how well WP 7.x apps, with a different app model, user model, etc. would be accepted on a Windows 8 system.

In my earlier post today I took the position that having the large library of suboptimal apps, basically WP 7.x apps running on Windows 8, would have significantly helped the platform.  I might be right, I might not.  Having the large library would have been a marketing message coup that helped the Windows 8/RT tablet business get off to a quick start.  But, if it turned into another excuse for developers to delay writing to the new (“Windows Store”) app platform then it would have hurt the Windows 8/RT effort more than it would help.  And then there is that pesky problem of not wanting to create this new legacy that you could almost never remove from Windows.

So was this a well reasoned decision by Sinofsky or one driven by arrogance?  It is both.  I just layed out an argument that says Steven made the right choice.  But its also true that he bet against another of the company’s key efforts, drove away a number of his senior people, and believed he knew better than the Developer Division what developers wanted.  We’ll soon know if he was right or wrong.  If he was right, then Windows has a nice shiny new app model that will live on for many years and evolutions, including ones in which the legacy Win32 app model dissapears completely.

You can extend this thinking to the controversy around removing the Start menu.  The Start menu, and indeed the entire desktop, are legacies that will have to be removed from Windows over time.  While the desktop itself is probably with us for a couple of additional major Windows releases (though there may be truly desktop-free editions sooner than that) the start menu was something that Steven has bet he could get away with not bringing forward into Windows 8.  By doing so he forces users to start living in the new usage paradigm rather than totally avoiding it.  Yes you can still set up a system to avoid leaving the desktop most of the time.  But you can’t avoid the new world completely.  In doing so he sets people up to eventually accept systems without the desktop at all (or at least Windows RT systems for personal use even if they need the desktop at work, for example).

Is Sinofsky’s unwavering stance on dropping the Start menu arrogant?  Perhaps.  Steven is alienating a lot of Windows users, but they are primarily not the users he’s expecting to adopt Windows 8 anyway.  He can worry about how to bring those people on board as part of a “Windows 9” two or three years down the road.

For me the most interesting part of the decisions that Sinofsky has been making is that they often favor a long term strategic direction over short term more pragmatic ways of enhancing the success of Windows 8.  This flies in the face of his history, which is to focus on the current release and its requirements rather than the future (because, for example, you really can’t predict what the requirements for future releases will be).   If he’d kept an option for the Start menu Windows 8 would be a far less controversial release.  If he’d included a way to run Windows Phone 7.5 apps on Windows 8 then a big chunk of the developer community wouldn’t feel like they’re being abandoned.  But he’d also have tied his hands at moving the reimagined Windows forward in ways that Apple and Google have made absolutely critical.

So is Steven Sinofsky arrogant?  I suspect that anyone who has tried to partner with him or his organization over the years thinks so.  But his decisions aren’t stupid ones.  And he’s been right more often than he’s been wrong.  While I worry about it, I think he’ll be proven right on the decision not to support Windows Phone 7.x apps.  At least if developers don’t take too long to jump on the Windows Store app bandwagon.  The Start menu decision?  That is the one that still could prove his, and Windows 8’s, undoing.  I don’t miss the Start menu, but many desktop power users (and analysts who talk to them) think its absense is the kiss of death.    In a few months we’ll know where on the spectrum, from brilliant move to the horrid mistake, the decision really was.

Posted in Computer and Internet, Microsoft, Windows, Windows Phone | Tagged , , , , | 41 Comments

Developers ignore creating “Windows Store” Apps at great peril

Posted on September 27, 2012 by halberenson

Although the launch of Windows 8/RT is still a month away the number of apps in the Windows Store (aka “Metro apps” aka “Windows RunTime Apps”) is a worry.  There are somewhere around 2200 apps in the store now, probably an order of magnitude below where they need to be soon after launch.  And two orders of magnitude below where they need to be by the end of Windows 8/RT’s first year on the market.  Of course it didn’t have to be this way.  Both iPad and Android tablets benefited, and continue to benefit, by their ability to run smartphone apps on tablets.  That gave them decent sized application libraries out of the gate.  Then as the tablets gained traction, developers came up with tablet-optimized or tablet-specific versions of their apps.

Microsoft could have had most of the 107,000 Windows Phone 7.5 apps running on Windows 8 on day one.  It would have been a fairly (read VERY) easy thing for them to do.  It seems like arrogance on the part of Microsoft Windows Division President Steven Sinofsky is all that kept this from happening.  And it could prove to be a fatal mistake on his part.  But that isn’t what this posting is about.  Despite Microsoft’s possible missteps, developers would be quite foolish to ignore Windows 8/RT’s new “Windows Store” applications.

First let me address why I think the number of Windows Store apps is so low at this point, and it is quite simply because of how successful Windows has been in the past.  This is impacting developers on two fronts, coverage and business model.  Let’s start with coverage.

I have no idea what Microsoft’s expectations are, but I think all external observers believe that Windows 8 will represent the overwhelming majority of shipments in the first year of the Windows 8/Windows RT two-sided coin.  And Windows 8 can run all the legacy “Desktop” applications.  So how urgent is it for The New York Times to have a Windows Store app when you can always install the Times Reader 2.0 desktop app on your Windows 8 tablet?  Ditto for Sonos.  Ditto for Pandora.  Ditto for…just about everyone.  Sure those apps aren’t touch-optimized, but perhaps they are good enough for developers to take a wait and see attitude towards Windows 8 tablets.  Maybe developers will even tweak them to be more touch-friendly, without going the full Windows Store app route.

The second factor here is business model.  Despite its drawbacks most software developers have an existing business model built around Microsoft Windows.  They have a way to promote, sell, collect payment on, distribute, install, update, etc. their Windows desktop apps.  They might not have the reach of the Windows Store, its business model simplicity, its security and platform cleanliness, or its end-user friendliness.  But it works adequately enough. They have to maintain it for Windows 7 (and earlier) anyway.  And, for paid apps, they sit at a premium price point compared to where they’ll have to be with a Windows Store app.  They may even need to continue to offer new versions of the desktop app for enterprise and power users of Windows 8.  For many app developers doing a Windows Store app represents both an increase in costs and a potential decrease in revenue.  So the business guys must be taking a very close look at the potential rewards of a Windows Store app.  I think what they are seeing is that in the long run having a Windows Store app will be a big win.  But in the short run it is a lot of pain for little gain.

The problem with app developers taking the position that they can wait on a Windows Store app is that this is going to be another land-grab.  Windows 8 is going to grow like a field of weeds.  And I’m not even talking about Steve Ballmer’s 400 million Windows 8/Windows Phone 8 devices in a year claim.  Yes Steve, Microsoft may indeed sell a few hundred million Windows 8 devices, but they come with downgrade rights to use Windows 7 and that is what most businesses will actually run.  Still, it is good to get some perspective.

Some 16 million devices out there are running preview editions of Windows 8.  To put that in perspective that is slightly more than the number of iPad 1s that Apple sold.  Yes Apple is now selling that many iPads a quarter, but again this is preview editions of Windows 8 running on older hardware vs a third-generation refined tablet.  What’s going to happen when real Windows 8 hardware hits the market next month?  Even in a worst case scenario Windows 8 will blow by Apple’s non-smartphone platforms right out of the gate.  Combined iPad + Mac sales are running a little over 20 million per quarter.  The ill-fated, much hated, Windows Vista sold 20 million units in the first month.  In another metric, it took the iPad about 27 months to sell 100 million units.  Microsoft’s Windows 7 did that in 6 months.

This is important enough to repeat.  Even if Windows 8 is as poorly received as Windows Vista, it will blow the crap out of Apple’s non-smartphone sales volumes.  And Windows 8, the controversy over dropping the desktop Start menu aside, is no Windows Vista.  It is a fast reliable operating system that works well on a broad array of both legacy and state-of-the-art hardware, has great app compatibility, and lots of user added-value.  None of that was true for Vista.

I’ll take it one step further.  Even in a Windows Vista-like debacle Windows 8 will blow away combined Apple and Android non-smartphone unit volumes.  Let that sink in.

Of course the place where having a Windows Store app matters most is in the narrower category of “tablets” rather than the broader market that includes classic PC form factors.  Here we have far less data to go on, but I won’t be going out too far on a limb by claiming that Windows 8 will almost immediately blow by Android to take the number two position in tablets with screen sizes of 9″ or more.  I’ll justify that prediction in a moment.  I also think it isn’t far-fetched for Microsoft to take the number two position in tablets overall (which I’ll categorize as anything from 7″ up in order to leave “phablets” out of the discussion) within a year.  And it is plausible for Microsoft to challenge Apple for the number one position.

The reason for my apparent optimism is simple, I believe there is great pent-up demand for so-called convertible or hybrid tablets.  These have been around since the dawn of the Tablet PC a decade ago, but have always required too many tradeoffs to achieve significant usage.  Of course the biggest issue in the past was that Windows and Windows Apps weren’t really designed for tablets, a problem solved by Windows 8.   But the hardware was also just not up to snuff.  Now look at the excitement surrounding the Microsoft Surface and how much of that is focused on the Touch and Type covers.  These are pure tablets rather than convertible/hybrid tablets, yet Microsoft has struck a nerve by providing a notebook-like input/navigation capability on a tablet capable of running full Microsoft Office (as well as, in the Surface Pro, all desktop apps).

Last week one of my cousins, a national sales manager for a large distributor, mentioned that he was growing to hate his iPad.  On further investigation it turns out that he finds himself forced to carry his notebook around with him everywhere in addition to the iPad since he can’t get his work done on the iPad.  But he does like the convenience of watching movies, etc. on the iPad when he is on the train, flying, etc.  He was totally unaware of what is happening with Windows 8.  I described the Surface Pro, HP Envy x2, and similar devices.  He asked me if they ran the full version of Microsoft Excel and I said yes, resulting in an immediate response of “that’s my next computer”.  Anecdotal sure, but I see his exact scenario everywhere I look.  I still see far more notebooks than iPads in Starbucks.  I still see business travelers carrying a tablet and a notebook (and sometimes an eReader too).  I still run into a lot of people who classify the iPad as a toy (even if a very good toy) and, like my cousin, could be wooed to a merged tablet/notebook device.  Satisfying this pent-up demand could easily result in quarterly sales volumes that exceed those of the iPad.

You may observe that many of these aren’t really driven by tablet usage scenarios, they are primarily driven by notebook usage scenarios and thus will be satisfied by desktop apps.  I think its more of a 50/50 split over which is the primary usage scenario but let’s not quibble over the exact percentages.  These devices will all be used as tablets part of the time, and the tablet experience will be the long-term driver of customer satisfaction.

Because of the convertible/hybrid scenarios there are quickly going to be tens to hundreds of millions of devices in which Windows Store apps make a lot of sense.  There will be hundreds of millions more Windows 8 devices where the suitability of Windows Store apps is far more debatable, but they dramatically increase the Total Available Market for an app developer.  Back to the convertibles/hybrids, when someone goes to use the device as a tablet they are going to be looking for apps that are truly optimized for that tablet.  Desktop apps aren’t going to cut it in most cases, though tablet-optimized versions of those apps could be made available.  If they are using a enterprise-managed device they may find (that for security purposes) they aren’t allowed to install arbitrary desktop apps but are allowed to install Windows Store apps.  With tens to hundreds of millions of people searching for good Windows Store apps a land grab will indeed be under way.

Let me use another anecdote.  A few weeks ago I received mail from a friend saying he was done with Pandora and had signed up for Spotify’s Premium service.  Why?  He got tired of waiting for Pandora to release an app for his Windows Phone.  Now Pandora can be forgiven for not wanting to spend its resources helping Microsoft solve the chicken and egg problem of Windows Phone’s small sales volume.  But they lost a paying customer who used Pandora across a wide-set of devices because they didn’t support one important to him.  My patience with Pandora is running out too.  Guess what, Spotify works with my Sonos just like Pandora.  It works with my Windows 7 desktops just like Pandora.  It works with my wife’s iPad and iPhone just like Pandora.  But it also works with my Windows Phone.  And once I switch to Spotify, does Pandora really have any leverage to get me back?

Extend the Pandora/Spotify situation to Windows 8 and it’s tremendously higher volumes and you find failure to support Windows 8 could have more dire consequences for app developers.  Now I have no idea what Pandora and Spotify’s plans are around Windows Store apps, so I’m not saying that this scenario is going to play out specifically for them.  I’m saying that for any app developer there is great risk that by failing to jump on the Windows Store app bandwagon they will very quickly find themselves losing customers to those who do.  And as previously claimed, Windows 8 volumes are going to be so staggering so quickly that being left behind could be fatal.

We have examples from the past that are instructive.  Most of the leading app vendors in the MS-DOS era lost their market share and became irrelevant precisely because they did not jump on the Windows GUI bandwagon quickly enough.  Sure you could run the MS-DOS versions of Lotus 1-2-3 and Wordperfect on Windows, but Microsoft’s native Windows versions of Excel and Word eclipsed the competitor’s MS-DOS products and established a leadership position on the new platform that Lotus and Wordperfect couldn’t dislodge when they finally launched Windows products.  Keep in mind that this wasn’t some scheme by Microsoft to give Excel and Word an advantage over the competitors.  Microsoft was urging competitors to support the Windows platform, and but they took a wait and see attitude towards the new platform.  Seeing any eery parallels to today’s situation with Windows Store apps?

I am positive that within the first few months of Windows 8 GA I will make a decision on a new primary financial app to use.  That is, some app for tracking my investments, getting financial news, etc.  Not only will it become my long-term preference simply due to familiarity, once I go through all the trouble of entering portfolio information there will be strong incentive not to go through that again.  Basically as soon as I find a Windows Store app that meets my needs they will “own” me as a customer for a long time.  I can repeat this kind of example for at least a dozen apps that matter to me.

Another example, I use both Yelp and Trip Advisor pretty heavily but I write lots of reviews for the former and few for the latter.  Windows Store apps, or lack thereof, for those two services could either increase my participation on Yelp (i.e., if they have a good Windows Store app) or shift more of my attention to Trip Advisor (i.e., if they have a good Windows Store app but Yelp doesn’t).  I scan multiple (digital) newspapers on a regular basis, but already find I most frequently read those with good support for my devices.  I pay for both the Wall Street Journal and The New York Times digital subscriptions.  Not only would lack of Windows Store apps change my reading habits (and thus the advertising potential) amongst various (paid and free digital) newspapers, but it will affect my willingness to pay for subscriptions as well.  Neither the WSJ or NYT are cheap, and if I find myself not making adequate use of the subscriptions well then….  I also get a few magazines digitally through Zinio.  The lack of a Zinio Windows Store application would either lead me to an alternative (if available) or even to drop subscriptions to the lower priority magazines.

And what of Windows RT?  It more obviously succeeds or fails on the basis of the quantity and quality of Windows Store apps, and in particular on consumer excitement over the new platform.  It doesn’t get much, if any, boost out of the Windows legacy.  They shouldn’t have even given it a Windows family name.  So I don’t see Windows RT as being a near-term primary justification for a Windows Store app.  But I do see it as a place where the land grab will be even more dramatic, because no one can fall back to their desktop app.  So for the first year or so consider sales of apps on Windows RT as a bonus.  Sure once the app library is big enough Windows RT volumes will explode and, particularly for consumer entertainment-oriented apps, it could become a huge focus.  But in the first year I think that the Windows 8 convertible/hybrid market is the real revenue driver for Windows Store apps.

The bottom line for me is simple, it is perilous for application developers to ignore or take a wait and see attitude towards Windows 8 and particularly Windows Store applications.  The volumes of Windows 8 devices will be staggering by any standard, even in what most people would consider a failure scenario.  Land will be grabbed.  Leadership will be established.  Entire cross-platform ecosystems will rise and fall on the basis of how well they support Windows 8.  Betting against Windows 8 is simply foolish.

Posted in Computer and Internet, Microsoft, Windows | Tagged , , , , , | 61 Comments

Goodbye Forefront, it was nice knowing you

Posted on September 15, 2012 by halberenson

My last job at Microsoft was as the “Chief Architect” of the Identity and Security Division (and briefly its successor organization, DAIP) and General Manager for Forefront UAG, Forefront TMG, Rights Management Services, Certificate Services, Windows NAP, and some other odds and ends. The odds and ends are always amusing. Project Sydney reported to me for a short time. And after RMS started working for me I was shocked to discover I was now responsible for the aging software and infrastructure used for Microsoft Reader DRM. Funny how no one mentioned that before I took the job! There has been a lot of news about all these items over the last year, but this posting is specifically about Forefront.

As you may know this week Microsoft killed off the Forefront brand, killed some of the Forefront products, and renamed others to reflect their real strategic alignment. This is the natural outcome of a process that started about four years ago, and most specifically two and half years ago, as the economic downturn and resulting budget cuts at Microsoft collided with its ambitions in the security products space.

In the early years of the last decade (2000-2002) two factors came together at Microsoft that would lead it into the security products business. The first was the recognition that the Internet had changed the game in terms of the security required of Microsoft’s software and ecosystem (and that Microsoft was failing miserably at it), and second was a search for new revenue streams to complement the maturing Windows business. The former people are quite familiar with as Microsoft pursued Trustworthy Computing, took a hiatus from development on many of its products to do a security cleanup, created the security development life-cycle, replaced manual updates with automatic updates across its product lines, etc. But what of its ambitions for a new revenue stream?

Step back to the 2000-2002 period and look at the really strong IT growth businesses and you find Storage Management and Security at the top of the list. In 2004 Symantec would go as far as to combine these two by acquiring Veritas for $13.5 Billion (which is what Symantec’s market cap is today, hmmmm)! Microsoft created two new businesses pursue these markets, a Storage Management business under Bob Muglia and a Security Business under Mike Nash. Neither worked out as expected, though the Security Business came close.

The problem for Microsoft in the early days of its security products business was where to prioritize protecting the Windows ecosystem from malicious activity and where to seek revenue. In one of the earliest moves they made (and I was not an employee at the time, so only have second or third-hand knowledge of what was happening) they introduced a free Anti-Spyware offering called Windows Defender. At the time the Anti-Virus business was well established but mainstream vendors such as Symantec had not yet addressed the growing category of Spyware. A complicating factor for Microsoft was its (then very active) anti-trust issues, where introducing anything free (or worse, packaged with Windows,) was a lightning rod for regulators. So while to those of us on the outside it seems like introducing a free anti-virus product would have made sense, Microsoft instead chose to introduce the paid OneCare service (of which anti-virus was one component). I don’t know how much of this decision was due to its revenue ambitions and how much was due to its anti-trust concerns, but nonetheless the Windows ecosystem did not gain the protection it really deserved. Later, as third parties such as Avast! had success with free anti-virus offerings, Microsoft would introduce the free Microsoft Security Essentials. And with Windows 8 it would (finally!) upgrade the built-in Windows Defender to have full anti-malware capability.

But the real story here is, of course, products for enterprises. Enterprise security products is where the real money is. There is also less conflict with the notion of ecosystem protection versus selling products because enterprises want far more than the basic protection capabilities. No medium to large enterprise is likely to rely on Windows Defender (or Microsoft Security Essentials), not because of any perceived lack of protection but because they don’t offer the centralized reporting and control that enterprises require. Likewise edge protection, that is protecting the corporate network, is something that enterprises have extensive control and reporting requirements on. So this is where Microsoft’s product business focus went, leading to the Forefront brand and products.

Creating Forefront initially is a typical story of pulling together unrelated, even competing, products and acquisitions. For example, Microsoft made three attempts at addressing the SPAM problem. First, the Exchange team took the Microsoft Research developed SmartScreen technology and incorporated it into Exchange as the Intelligent Message Filter. This was a very basic capability that was heavily used by smaller Exchange installations, but was inadequate for larger enterprises. Meanwhile the Exchange team was looking for a solution to high availability and archival requirements and acquired Frontbridge. Frontbridge also offered anti-SPAM as part of its service. At the same time the security business acquired Sybari so that it could offer an anti-SPAM product. This became Forefront Protection for Exchange (FPE). Eventually Frontbridge would be split in two, with the archival offering moving to the storage management business and the anti-SPAM service moving to the security business and becoming Forefront Online Protection for Exchange (FOPE).

Anyway, Microsoft ends up with a bunch of security products for the enterprise. Its ambition is to be a full-line security products vendor and build another $Billion business. A major project is initiated to re-engineer the entire product family and integrate it under a truly unified management umbrella. The group, at this point the Identity and Security Division (ISD), hires a lot of people and embarks on this major undertaking. It turns out to be an over-reach that is very late and is perceived by some to be both lost in the woods and to have made some poor technology choices. A new management team is brought in to get ISD on track.

At the same time this is happening Microsoft’s first set of budget cuts and large-scale layoffs hits, and ISD is hit hard. Two more rounds of cuts would occur over the following 18 months. The first round didn’t really change ISD’s ambitions, it just added to the need to do a reset on the Forefront product plans and re-think tactics and priorities for addressing the market. The second round lead to a re-think about competing across the security product space and to a few areas being declared non-strategic with dramatically pared investment levels. The third round put back into play the question of what’s important, having a security products business per se or having security products that support the needs of other strategic Microsoft initiatives.

External observers saw the first results of our decision in a reorganization about two and half years ago. ISD was dissolved with some products moved to the groups they aligned with and the remained becoming a new Directory, Access, and Information Protection (DAIP) division. In particular end-point security, as well as the general protection technology responsibility, was moved into the management division and the email (and related) filtering technologies were moved to the Office Server organization. Forefront retained a business organization and umbrella, but with the products split over three Microsoft divisions and two Presidents it is no wonder that the other shoe dropped this week.

Forefront as a business is gone. The offerings within Forefront have either been absorbed into the Microsoft offerings they were aligned with, into the businesses they were aligned with, or where neither made sense been declared end-of-life.

Forefront TMG (previously known as ISA) was one of the casualties. This one strikes close to home because it was one of “mine”. TMG was victim to a changing landscape in which the vast majority of the network edge security business had moved to network appliances. And so TMG was the leading product in the software-only category, but it had become an insignificant factor in the overall market. In addition, the general view was that the network boundary was going to disappear as the trends toward BYOD, IPv6, and IPsec accelerated. As such TMG had lost its strategic value before TMG 2010 (which was the major revamp and rename from ISA) even shipped. It’s demise was inevitable, and I knew it couldn’t be far off when I saw an article in which Microsoft made available a SNORT rule that Microsoft IT had created. That meant Microsoft IT had abandoned TMG in favor of a SNORT-based solution.

While Microsoft’s moves with Forefront over the last few years will no doubt cause many customers pain, one has to ask if in the end customers will be better off for them. I think so. Security is being better built into Microsoft’s products and management of security is more fully integrated into Microsoft’s overall management tool set. The focus is on “your email is protected”, “your computer is protected”, “you can centrally manage the security of all your systems” and less on “how do we compete with security vendor X”. I’m actually quite pleased with where things are ending up.

There is a lot more that can be said about why an effort like Forefront was so difficult to pursue inside Microsoft. Comments I’ve made in other blog postings about Microsoft’s sales model apply, for example. But I’ll stop here. Forefront is gone. Hopefully it won’t be missed.

Posted in Computer and Internet, Microsoft, Security | Tagged , , , | 38 Comments

Beware Cloud Services bearing gifts

Posted on September 13, 2012 by halberenson

Last week I tried to access the web site of a company that a few of my former Microsoft colleagues work for and was shocked when Norton DNS blocked my access.  Upon further investigation I realized the company’s site was hosted by Microsoft’s Windows Azure and that Symantec (aka Norton) had blocked all of Azure’s cloudapp.net domain.  Why?  Well as best I can tell one of the subdomain’s on cloudapp.net had been used by another Azure customer to host malware.  Symantec hadn’t just blocked the subdomain though, it had blocked the top-level domain.  Readers of this blog know that I advocate implementing “Ghost Protocol” on those who host malicious user-generated content, but only if they fail to remove it when notified and fail to take adequate steps to prevent this from being a persistent problem.  It seems like Symantec didn’t read the second part of the memo.  I let a Microsoft executive know about this and they worked with Symantec to unblock cloudapp.net.

Of course this isn’t the first time I’ve noticed a legitimate site being used maliciously.  You may recall that a few months back I found links to Tumblr being used in a lot of SPAM.  While Tumblr didn’t host malware directly, it allowed the creation of sites that were nothing more than redirects to malicious sites.  After I, and perhaps others, reported this to Tumblr they must have made some changes because I stopped seeing them being used in this way.  But if Tumblr hadn’t made those changes then I was advocating implementing Ghost Protocol on them.

I had a very similar experience with a German web hosting company, where for a while a lot of SPAM contained links that pointed to subdomains on their site.  I reported them all, and for a while they weren’t responding (to the point that I actually did start advocating that services such as Web of Trust (WOT) should start blocking them).  But eventually they responded and I haven’t seen links to them in SPAM for a while.

I’ve also seen the occasional link to malicious content on Amazon AWS and other cloud services that host user-generated content.  On WOT you can find many legitimate sites that have less than stellar rankings because users have found malicious content on them at some point in time.  If you host content then it just goes with the territory.

Today comes word that Chinese hosting site 3322.org has been taken down in an operation by Microsoft’s Digital Crimes Unit for hosting a botnet and other malware.  How big is this?  Well Kaspersky Labs reports that 40% of malware connects to 3322.org.  40%! Wow, taking this site down is a huge win for Internet users.

Of course 3322.org was hosting legitimate content as well as malicious content, and so there are no doubt many Chinese companies and their customers that are hurting right now.  And the real problem here is that, although 3322.org may have had policies prohibiting its use for hosting malicious content, the site’s owner did little to remove or block malicious content when he was notified of it.  That, in my mind, does warrant blocking the domain in URL Filters and DNS, and even a take down like the one Microsoft pursued.

As more and more content, both consumer and business, is hosted in the cloud it is critical that the providers of Cloud Services keep those services free of malicious content.  Failure to do so endangers web users in general (as in the 3322.org case), but more specifically endangers all users of their service.  Imagine hosting your personal documents on iCloud, Skydrive, Dropbox, Google Drive, etc. and having them become inaccessible because those domains were blocked for hosting malware.  Or imagine your company’s website blocked because Azure, AWS, Google Cloud Platform, etc. domains were blocked.

The Cloud brings many benefits, but it also brings downsides.  This is little different from the centralization/de-centralization tension that has existed on-premise for decades.  Centralization brings efficiencies at the cost of the entire user community being subjected to the limits and failings of the central organization.  The Cloud means all users of a service will share in the failings of that service provider.  And if one of those is a failure to police their service for malicious content, then the penalty imposed on users could be quite severe.

Posted in Cloud, Computer and Internet, Microsoft, Phishing, Privacy, Security | Tagged , , , | 3 Comments