Holey Black Tuesday, Batman (Preview)

Next Tuesday, October 13, Microsoft will release security patches for Windows and related software on its usual monthly cycle.  According to the Security Bulletin Advance Notification, Microsoft will issue 13 security bulletins next Tueday (a new record!) to address 34 different vulnerabilities.  All supported versions of Windows are affected by multiple Critical vulnerabilities; Microsoft Office software, SQL Server, and Silverlight are also affected, as shown in the table below:

Windows Version	Critical	Important	Moderate	Low
Windows 2000	4	6	–	–
Windows XP	6	5	–	–
Windows Vista	5	5	–	–
Windows Server 2003	4	6	1	–
Windows Server 2008	4	5	–	1
Windows 7	1	4	–	–
Microsoft Office	2	2	–	–

In addition, SQL Server and Silverlight each have one bulletin rated Critical. Consult the Advance Notification for more details.

It is a pleasure to welcome Windows 7 to this monthly ritual, even though it will not be officially released until October 22.

According to Microsoft, roughly half of these bulletins will definitely require a system re-boot after installation, and the remainder may require one.  (Based on past experience, most of those others probably will.)  You may want to factor this into your planning.  Please note that the severity ratings may change when the final bulletins are released.

As usual, I will post a note here with updated information once the bulletins are actually released next Tuesday.

Computerized Line-Ups

A frequent feature of police work, not only on TV but in real life, is the “Line-up” (or identity parade, as it is known in Britain), in which a witness is asked to pick an alleged criminal from a group of people, or from a group of photographs.  Since the witness is usually accompanied by a police officer, there is a real concern that the witness’s identification might be influenced by the officer’s knowledge of who the primary suspect is.

It is important to note that this is not about the completely rigged line-ups  like those that were sometimes a disgraceful feature of police work in the US South, in which one black suspect might be put in a line-up with five white individuals.  The concern here is with bias that might occur even when the police do their best to conduct the procedure fairly.  It is possible for the officer to give subtle cues about which is the “preferred” choice, without intending to do so, and thereby influence the witness.  (The case of “Clever Hans”, the horse that supposedly could do arithmetic, is instructive.  Careful experiments showed that Hans was responding to the behavior of his trainer, who — apparently quite unintentionally — was giving subtle behavioral cues when Hans had tapped out the right answer with his hoof.)

An article in the New Scientist talks about this potential bias, and about some new research that attempts to address the problem by using a computer-generated “virtual cop” in place of a human police officer.  There is evidence that the problem is a real one:

The problem was highlighted in 2003 when the Innocence Project in New York analysed the case histories of 130 wrongly imprisoned people later freed by DNA evidence. Mistaken eyewitness identification was a factor in 77 per cent of the cases examined.

The avatar, which incorporates voice recognition technology, was tested in a controlled setting against human guides who did not know about any “preferred” suspect.  The resulting identifications, as reported in an article in Police Quarterly,  were of equal reliability in both cases.  From the abstract:

The student investigators and virtual officer produced comparable identification performance and student reactions to the photoarray procedures. Results of this evaluation study are encouraging, and the authors recommend further laboratory and field testing of the virtual officer technology for conducting blind lineups.

(The full text of the article [PDF] can be downloaded from the abstract page.)

This is interesting research that might lead to a method of addressing a thorny problem.  Much of the criminal justice system relies on the testimony of witnesses (impressions from CSI notwithstanding).  Yet there is considerable evidence that people, as witnesses, are just not all that reliable, especially in high-stress situations.  Anything that can make the system fairer is a good thing.