Larry Seltzer

Microsoft has, for many years, licensed the source code for Windows to a variety of partners, large customers, educational institutions and others. But until now, the company would rather have incurred large fines, legal bills and distractions than make the code available to competitors. Microsoft execs must have thought that making the code available would […]

I remember sometime around 1996 or 1997 I was in a meeting with Bill Gates talking about the future of Windows. I dont recall the exact context, but he said that he thought eventually they would have to require device drivers to be digitally signed. They must take “eventually” seriously at Microsoft, even when the […]

I have a degree in public policy. After I graduated, I preferred a programming job to grad school in my field, but I did take some political science lessons with me into my actual career. One of my favorite books from public policy was “The Moon and the Ghetto” by Richard R. Nelson. Basically, it […]

When you first learn about rootkits its easy to see the sinister applications of them, and theyre pretty scary. A really well-written rootkit, if you can deliver it to the system, can be very difficult to detect while the software is running. Fortunately, the very best rootkits exist only in theory (Or do they? How […]

This time two weeks ago, the security community was panicking over the potential damage caused by the WMF vulnerability. You can argue, as I did, that the mitigating factors were strong and it wasnt as serious an issue as some argued, but clearly the watershed event in getting past it was Microsofts prompt release of […]

Inspired somewhat by the Department of Homeland Security Threat Advisory Level (or was it the other way around?), Symantec maintains a global threat level called ThreatCon, defined as “a measurement of the global threat exposure, delivered as part of Symantec DeepSight Threat Management System.” On Tuesday, Symantec elevated ThreatCon to a level 3 (out of […]

Depending on where you look, most people are either running in circles hysterically or ho-humming the Windows WMF vulnerability. It does have some of the earmarks of a nasty situation. For one thing, if youre running Windows—any version—youre vulnerable. Even the 1990 version of Windows 3.0 is vulnerable! While you were out partying this weekend […]

Anti-virus and intrusion protection firms are reacting quickly to a new zero-day exploit for Windows, and a workaround has been devised by an independent researcher. According to AV-Test, an anti-virus research firm, numerous anti-virus firms were detecting some of the four exploits for the vulnerability that they had at that point. AntiVir, Avast!, BitDefender, Ewido, […]

Days after the revelation of a flaw in Windows handling of WMF graphics files, dozens of exploits are being spread from thousands of adware sites. But good protection is available. At the same time, further testing confirms that a workaround issued by third parties and endorsed by Microsoft Corp. is effective in most regards, and […]

Microsoft really has improved the security of its code over the last few years. The fact that every now and then a bug like the new WMF bug still comes along just goes to show how careless the old code is. The problem with the WMF (Windows Metafile) file format turns out to be one […]