Feeds

How Allchin exposed video fiddle last Monday – but nobody noticed

He actually blurted it out a couple of seconds before Boies launched his attack

  • alert
  • submit to reddit

SANS - Survey on application security programs

MS on Trial When we reported the Microsoft video "fraud" last week (MS admits video wasn't real), we said we were sure we'd seen an earlier Microsoft admission that the performance testing of Felten's program had not been conducted over a live Internet connection. Our thanks are due to reader David Cardinal, who re-found it for us in Allchin's transcript. Oddly enough, what happened was that the video was exposed as a fraud a couple of seconds before government attorney David Boies launched into his murderous destruction it. But Allchin and Boies both seem to have been too busy on other things to notice. Try this: Boies: Now, one of the things that you said about professor Felten's program was that when you tried to do the Windows Update function, there was significant degradation of the performance of Windows. Do you recall that? Allchin: Yes, there was a statement about that. The test that we know shows performance has to be done in a controlled circumstance. You cannot prove the performance slowdown when you're connected to the Internet. You can only prove it in a controlled situation, which is how we test the performance degradation. Tape excerpt: It is taking a very long time, however - unusually long - to access that Web site. That's a result of the performance degradation that has occurred because of running the Felten program. So there you have it, immediately before Boies started freeze-framing, Allchin said that the performance tests hadn't been carried out on the Internet. Then the video clip voiceover showed what purported to be a performance test which was connected to the Internet. Later, Allchin says it again: " For performance, that is exactly what we did - for performance, without being connected to the Internet, machines side by side in a private network, testing specific tests that we knew we had run on the same system... What's on the screen is the truth..." Well no, not exactly - he's panicking, but he should be aware that it can only be an illustration of what he calls the truth. When Allchin attempted to repeat the video demonstration on Wednesday night, he didn't try to deal with the performance issue, because as he well knew comparable conditions couldn't be created via live Internet connections. But this isn't quite how Microsoft's spin doctors have been putting it. Although the video had been downgraded to an "illustration" by the end of the week, Microsoft's press releases from last week don't entirely reflect either this or the verifiable facts. "On Monday the testimony of a senior Microsoft executive, supported by a series of videotaped demonstrations..." (Our Italics) - press release of 1 February, released 2 February. And then in one dated 4 February: "In a live software demonstration last night... Wednesday night's live demonstration confirmed the accuracy of the earlier videotape..." By that stage, of course, Microsoft was only arguing that the video had been valid as far as the functionality Allchin covered in the second video was concerned. These protestations of "accuracy" were of course immediately undermined by Microsoft's admission that the video was merely an "illustration" of Allchin's points. Where this leaves Microsoft is open to question. The judge called counsel to his chambers after last week's sessions, and in open court had sounded somewhat ballistic when the not entirely valid nature of video number one was exposed. It's pretty clear that what Microsoft has been telling the public, via its press releases and courtroom step claims, has been somewhat inaccurate. But one wonders what the judge thinks about what Microsoft has been telling him? ® Complete Register trial coverage

Combat fraud and increase customer satisfaction

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.