LOGIN | REGISTER NOW | SUBSCRIBE
 
print Printable version 
Most Read Latest News Blog Resources
Mono brings .NET to Android
At Microsoft MIX, Mono will unveil the ability to port .NET applications to the Android op...

Does Windows cost Microsoft opportunities?
Microsoft's decision to focus .NET on Windows is stifling innovation due to the specter of...

Scrum Planning Board adds automation to Axosoft OnTime
Illustrations are also included to assist Scrum-using developers a better view of what the...

Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter

Microsoft Inadvertently Ships Deleted Files


Disk image with evaluation software not properly wiped

By David Worthington
January 15, 2008 — 
New technology may not always carry the seeds of destruction, but the possibility for a good pantsing is always there.

Microsoft’s use of virtual machines to distribute evaluation versions of software saves the end user much of the pain of having to configure test systems. However, it also introduces a new quality control issue by exposing the full dimension of data that was on the system when the virtual machine’s disk image was created, and last month, that issue caught Microsoft off guard.

The company began making disk images, or Virtual Hard Drives (VHDs), with evaluation versions available on a limited basis in 2005 and more generally accessible through Microsoft TechNet in November 2006, and had provided a way for partners to build their own prepackaged software stacks, using the Virtual PC technology it acquired from the now-defunct Connectix in 2003.

SD Times in December learned that at least one of the machine images available for download at TechNet did not have its free space wiped, and files thought deleted proved recoverable from an evaluation copy of the Internet Explorer Application Compatibility VPC Image.

Although there didn’t appear to be anything sketchy in that disk image, SD Times did observe what appeared to be a deleted third-party boot-time defragmenter program.

It also appeared that a Windows XP (with Service Pack 2) CD had been copied to the virtual PC’s hard drive and deleted. If the person that made the image deleted the XP files as the last thing she did, it might be possible to recover the entire CD. But in this case, other files were presumably added to the image after the deletion, thus overwriting many files.

A Microsoft spokesperson was unavailable when asked if it had a policy on how to prepare a VHD for distribution.

Voke analyst and founder Theresa Lanowitz remarked that it appears as if Microsoft lacked proper quality control. “It speaks to the process being not clearly defined. There are so many instances of things like that in the past,” she said.

Lanowitz speculated about the consequences if Microsoft had left some sort of confidential or proprietary information on the VHD and it got out and was propagated across the Web. “If it was someone else’s source code, it would be a violation of IP at the point,” she said.

“Microsoft has been the quintessential software distributing company for decades. This is one of the things you would expect to see [with unsupervised rookie developers] but not from a company like Microsoft. It goes back to QC best practices; virtualization or not, there is always a security risk you’ve got to be able to manage.” She continued, “It is almost as if they didn’t know any better, but they certainly do.”

Lanowitz added that management and security are areas that have to be kept in mind as the industry moves down the virtualization path.


Share this link: http://www.sdtimes.com/link/31662
 

Add comment


Name*
Email*  
Country     


  • Comment
  • Preview
Loading



 
 
 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 
Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?


 
blogs tab
Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST

 

Events calendar tab
EclipseCon
3/22/2010 to 3/25/2010
Santa Clara, Calif.
The Eclipse Foundation

DevConnections
4/12/2010 to 4/14/2010
Las Vegas
Penton Media

MySQL Conf. and Expo
4/12/2010 to 4/15/2010
Santa Clara, Calif.
O'Reilly Media

High Performance Computing Linux Financial Markets
4/19/2010
New York City
Flagg Management

Informix User Conf.
4/25/2010 to 4/28/2010
Overland Park, Kans.
IIUG