LOGIN | REGISTER NOW | SUBSCRIBE
 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 
Download Current Issue
ISSUE 7/1/2009 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?


 
Is the mystery Borland suitor Serena?
Borland software is considering an offer from another company after a preliminary deal with MicroFocus. Is Serena the new company?
06/30/2009 01:55 PM EST

Windows 7 - An eBayer's dream product?
Windows 7 pre-orders can make people money on eBay.
06/29/2009 03:48 PM EST

Know thine cloud provider
Cloud computing require companies to understand compliance and regulation. Third parties will play a big role in regulated industries.
06/29/2009 02:58 PM EST

 

Microsoft Worldwide Partner Conf.
7/13/2009 to 7/16/2009
New Orleans
Microsoft

OSCON (Open Source Convention)
7/20/2009 to 7/24/2009
San Jose
O'Reilly Media

XBRL Technology Workshop & Summit
7/28/2009 to 7/30/2009
Santa Clara
XBRL US

ACM SIGGRAPH
8/3/2009 to 8/7/2009
New Orleans
ACM SIGGRAPH

OpenSource World (formerly LinuxWorld)
8/12/2009 to 8/13/2009
San Francisco
IDG World Expo


 
print Printable version 
Most Read Latest News Blog Resources
Kapow automates website data retrieval
Kapow Technology's Web Data Server 7.0 can be used to create modules that navigate through...

COBOL’s future lies in the clouds
After 50 years of use in businesses, COBOL is still lingering around mainframes. But the s...

Oracle's Fusion 11g lays groundwork for ERP platform
Fusion's components are standards-based and integrated, but some abilities are lost if non...

Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter

Microsoft Inadvertently Ships Deleted Files


Disk image with evaluation software not properly wiped

By David Worthington
January 15, 2008 — 
New technology may not always carry the seeds of destruction, but the possibility for a good pantsing is always there.

Microsoft’s use of virtual machines to distribute evaluation versions of software saves the end user much of the pain of having to configure test systems. However, it also introduces a new quality control issue by exposing the full dimension of data that was on the system when the virtual machine’s disk image was created, and last month, that issue caught Microsoft off guard.

The company began making disk images, or Virtual Hard Drives (VHDs), with evaluation versions available on a limited basis in 2005 and more generally accessible through Microsoft TechNet in November 2006, and had provided a way for partners to build their own prepackaged software stacks, using the Virtual PC technology it acquired from the now-defunct Connectix in 2003.

SD Times in December learned that at least one of the machine images available for download at TechNet did not have its free space wiped, and files thought deleted proved recoverable from an evaluation copy of the Internet Explorer Application Compatibility VPC Image.

Although there didn’t appear to be anything sketchy in that disk image, SD Times did observe what appeared to be a deleted third-party boot-time defragmenter program.

It also appeared that a Windows XP (with Service Pack 2) CD had been copied to the virtual PC’s hard drive and deleted. If the person that made the image deleted the XP files as the last thing she did, it might be possible to recover the entire CD. But in this case, other files were presumably added to the image after the deletion, thus overwriting many files.

A Microsoft spokesperson was unavailable when asked if it had a policy on how to prepare a VHD for distribution.

Voke analyst and founder Theresa Lanowitz remarked that it appears as if Microsoft lacked proper quality control. “It speaks to the process being not clearly defined. There are so many instances of things like that in the past,” she said.

Lanowitz speculated about the consequences if Microsoft had left some sort of confidential or proprietary information on the VHD and it got out and was propagated across the Web. “If it was someone else’s source code, it would be a violation of IP at the point,” she said.

“Microsoft has been the quintessential software distributing company for decades. This is one of the things you would expect to see [with unsupervised rookie developers] but not from a company like Microsoft. It goes back to QC best practices; virtualization or not, there is always a security risk you’ve got to be able to manage.” She continued, “It is almost as if they didn’t know any better, but they certainly do.”

Lanowitz added that management and security are areas that have to be kept in mind as the industry moves down the virtualization path.


Share this link: http://www.sdtimes.com/link/31662
 

Add comment


Name*
Email*  
Country     


  • Comment
  • Preview
Loading