Microsoft Support & Discussions

There are lots of interesting features in Windows Home Server, but the storage advances are perhaps the most innovative, and should spread to other Microsoft products, including other client and server Windows versions. Read the Full Story

In Part 2 of my Microsoft Office 2010 review, I examine the various Office 2010 product suites and applications, and the major new features they provide. Should you upgrade? Check out my review to find out. Read the Full Story

They're two great tastes that go together: Windows 7 and Windows Live SkyDrive. Microsoft doesn't make it easy, but here's how you can get them connected for drag-and-drop file transfers between your PC and the cloud. Read the Full Story

In Windows 7, Windows Media Player picks up a ton of new features, including shell integration, new codec support, a Now Playing Mode, Play To, and Internet media sharing. Read the Full Story

In the latest episode of the Windows Weekly podcast, Leo and I discuss HP's blockbuster purchase of Palm, Windows Home Server "Vail," a preview of Windows Live Wave 4, Windows Embedded 7, Microsoft going after Android hardware makers, and more... Read the Full Story

One of our objectives with Internet Explorer 9 is taking full advantage of modern PC hardware to make the browser faster. We’re excited about hardware acceleration because it fundamentally improves the performance of websites. The websites that you use every day become faster and more responsive, and developers can create new classes of web applications through standards based markup that were previously not possible. In this post, we take a closer look at how hardware acceleration improves the performance of the Flying Images sample on the IE9 test drive site. When you run Flying Images across different browsers you’ll see that Internet Explorer 9 can handle h…

At MIX 10 we showed how we’re building on new Windows technologies like Direct2D, DirectWrite and XPS to enable Internet Explorer 9 to render all standards-based web content – text, images, video and SVG – using the power of the GPU. In this blog post we’ll review the major improvements for web developers and users that come from building on these Windows technologies. For more detailed information on Direct2D technologies, see this excellent PDC2008 talk. Performance, performance, performance The benefit of building on Direct2D technologies is that the browser makes the most of the underlying PC hardware that is optimized for rendering rich g…

I want to follow-up on comments from a previous post that asked questions about how many modes and rendering engines are in IE9. It’s worth noting that all browsers have multiple modes. This post is about the different modes in IE9 and the scenarios they accommodate. First, there is IE9’s Standards mode. It is IE9’s most standards-compliant, interoperable and fastest mode. It includes support for SVG, CSS3, DOM Level 3, and many other standards-based features. This is IE9’s default mode. We want site developers to use this mode as part of getting us all to the goal of running “same markupâ€. To see IE9’s Standards mode in action, check out the exampl…

I recently presented a session at MIX10 covering the topic of cross-browser best practices. The key focus of the session was not on a particular feature, but on how web developers can reliably write code that adapts to cross-browser differences. IE9 reduces these differences and enables developers to use the same markup across browsers. Enabling the same markup means supporting the right features to make the same HTML, JavaScript, and CSS "just work". Yet enabling the same markup on the web is an n-way street. Each browser must provide the right features, but developers also need to properly detect and use those features when they are available. With respe…

The IE team is active on several W3C working groups such as SVG and HTML. As one of our three regular CSS Working Group (CSSWG) representatives, I wanted to follow up on the latest face-to-face meeting the group held at Apple in Cupertino at the end of last month by sharing some of the work and progress being made. While it aims to be representative of the three-day meeting, the list below is not exhaustive. CSS2.1 and the CSS test suite: the working group discussed many of the remaining open issues. Elika Etemad (fantasai), a CSSWG Invited Expert who consults for Mozilla, is now also working with Microsoft on the completion of the CSS2.1 test suite. …

At MIX 10 we released the IE9 Platform Preview and showed some of the included developer tools. You can access these tools by pressing F12, or click Developer Tools on the Debug menu when you use the Platform Preview. The developer tools include some new capabilities and improvements over the tools in IE8: A new tab for inspecting network traffic. Improved performance working with large JavaScript files: think 70k+ lines of code (even if it’s all on one line!) Improved CSS view that lets you work with complex CSS. For example, better consistency when working with @ media rules. For this first blog post I’m going to talk about the…

On April 8, 2010, Mozilla, Opera and Microsoft submitted the WOFF File Format 1.0 specification to the W3C. The submission was published on Monday, April 19 at http://www.w3.org/Submission/2010/03/. Browser vendors and a growing number of type foundries now agree on a common encoding format for web fonts, thus closing an era of cross-browser incompatibility that began when IE4 and Netscape 4 first added support for downloadable fonts in 1997. At the time, both Microsoft and Netscape implemented incompatible proprietary solutions. Netscape supported and later dropped Bitstream’s Portable Font Resource (PFR) format. Internet Explorer’s Embedded Open Type …

Since the release of the IE9 Preview, we’ve gotten feedback on issues ranging from the tests we’ve submitted to the standards body to problems running particular sites. First – THANK YOU for the feedback. We updated the feedback system specifically for this purpose: to get and act on your feedback. This post offers a high level overview of the feedback overall, and a deeper look at a couple of specific issues that many people have reported. As of April 16th, people have logged 533 issues in Connect. We review each issue, and confirm we can reproduce the problem. If necessary, we ask the person who logged it for more information. We also consolidate duplicate…

Several people on the Windows Internet Explorer team have written blog posts about our feedback mechanisms (our use of automated telemetry in Windows, how to write a great bug, how to submit bugs, etc) for IE9. After looking at the many similarities and obvious differences between manual feedback systems and projects, we decided to use Microsoft Connect for IE9 and eliminate the invitation requirement for filing bugs. In this post, I want to take a step back and talk about how we made that decision. Every Internet Explorer user is a Windows customer. Listening to customer feedback is vital to the success of any business. As communication methods have evolved, h…

There’s been a lot of posting about video and video formats on the web recently. This is a good opportunity to talk about Microsoft’s point of view. The future of the web is HTML5. Microsoft is deeply engaged in the HTML5 process with the W3C. HTML5 will be very important in advancing rich, interactive web applications and site design. The HTML5 specification describes video support without specifying a particular video format. We think H.264 is an excellent format. In its HTML5 support, IE9 will support playback of H.264 video only. H.264 is an industry standard, with broad and strong hardware support. Because of this standardization, you can easily tak…

RSA was great last week - security was clearly top of mind for the attendees, and I fielded a number of different questions last week about how Microsoft protects our customers. Some are pretty straightforward around how the various Windows 7 security technologies work, but many have focused on how we actually deliver protection to customers on an ongoing basis. One question that comes up more than I would have ever expected is: Who gets security updates? There seems to be a myth that Microsoft limits security updates to genuine Windows users. Let me be clear: all security updates go to all users. Not only do all security updates go to all u…

We have been working in partnership with our independent software vendor (ISV) community to move the ecosystem to a set of new application programming interfaces (APIs) that many ISVs use to report status to Security Center (integrated within Action Center in Windows 7). The interfaces are used by many antivirus, antispyware, and firewall programs. Te interface changes were introduced in Windows Vista SP1. These new APIs supersede the ones originally shipped in Windows Vista. From the release of Vista SP1, we jointly established with the security ISVs an 18 month grace period where they could use both the old and the new interfaces. After the 18 month grace period …

User Account Control is one of those Windows features that evokes a number of different responses from folks. Most people appreciate the enhanced security UAC offers, but we did hear complaints about the high number of UAC prompts in Windows Vista. This led some customers to turn off UAC, which concerns us from a security perspective. So in Windows 7, we've given a great deal of thought to how we marry enhanced security with ease-of-use. We have written extensively about the changes in UAC for Windows 7 on the Engineering Windows 7 blog (Post 1, Post 2, Post 3, Post 4). Now, Technical Fellow Mark Russinovich weighs in on UAC with some great insight on the technolog…

Volume seven of the Microsoft Security Intelligence Report (SIRv7) - part of Microsoft's commitment to providing an unparalleled level of security intelligence to help keep individuals and organizations better informed and to maximize security investments - was released today and there are a couple of tidbits in the report that caught my attention that I thought I would pass on. As a reminder, the SIR is published by Microsoft twice per year and looks at the data and trends observed in the first and second halves of each calendar year. The first thing that struck me while reading through the report is that for the first time, the SIR shares some high-level securit…

Now that Windows 7 is available, a recent blog by Chester Wisnieski (who works at security vendor Sophos), entitled Windows 7 vulnerable to 8 out of 10 viruses, which has stirred some interest. Here's a quick summary for those who missed Chester's blog. During a test SophosLabs conducted, they subjected Windows 7 to "10 unique [malware] samples that arrived in the SophosLabs feed." They utilized a clean install of Windows 7, using default settings (including the UAC defaults), but did not install any anti-virus software. The end result was 8 of the 10 malware samples successfully ran and the blog proclaims that "Windows 7 disappointed just like earlier versions of …

Windows 7 is seeing success in the marketplace which I am very happy about from a security perspective. The Microsoft Security Intelligence Report has shown us again and again that the more up-to-date a PC is, the less likely it is to be infected by malware and other potentially dangerous software. So Windows 7 making strides is helpful to the ecosystem overall from a security standpoint. Success comes at a price though, through greater scrutiny and misinterpretation of some of the technologies. One of those technologies is BitLocker. I've seen numerous claims the past few weeks about weaknesses in BitLocker and even claims of commercial software that "breaks" BitL…

Last week at the Black Hat DC conference a presenter showed how one manufacturer's Trusted Platform Module (TPM) could be physically compromised to gain access to the secrets stored inside. Since that presentation, I have had plenty of questions from customers wanting to know how this might affect Windows. The answer? We believe that using a TPM is still an effective means to help protect sensitive information and accordingly take advantage of a TPM (if available) with our BitLocker Drive Encryption feature in Windows 7. The attack shown requires physical possession of the PC and requires someone with specialized equipment, intimate knowledge of semiconductor desi…

The RSA Security Conference is underway this week in San Francisco and Microsoft's own Scott Charney, Corporate Vice President Trustworthy Computing, delivered one of yesterday's keynote addresses: Creating a Safer, More Trusted Internet. The keynote centered on Microsoft's Trustworthy Computing initiative, our End to End Trust vision, and how we have been working to further protect the security and privacy of for all the users of the Internet. The End to End Trust vision has not changed over the last couple of years and we don't anticipate it changing for some time. We continue to make progress along this vision and Scott outlined many areas where we are actively …

Earlier today, Core Security Technologies issued a security advisory for our Virtual PC (VPC) software. The advisory calls out a proof of concept where the virtual machine monitor allows memory pages above the 2GB level to be read from or written to by user-space programs running within a guest operating system. The advisory explicitly calls into question the effectiveness of many of the security hardening features of Windows, including DEP, SafeSEH, and ASLR. Folks are already starting to ask questions about this advisory, so I thought it would be best to answer them here. First and foremost, customers should rest assured that this advisory does not affect the se…

Posted on half of Pete LePage on the Internet Explorer team. Protecting Windows customers is an absolute priority for the Internet Explorer engineering team. That's why we work hard to make sure our browser has some of the best safety and privacy features available today. We've spent a lot of time talking about some of the more visible safety and privacy features like our SmartScreen Filter, that protects users from socially engineered malware and phishing attacks or the InPrivate features that put you in control of how you share your information. But there are a number of other features that aren't as visible and help prevent vulnerabilities from being ex…