The newest versions of the next Windows add graphics sizzle and more search features but lack visible productivity enhancements. Also, Microsoft is battling the perception that there’s little to get excited about in the long-awaited and much-ballyhooed Longhorn. Elsewhere, here is Longhorn’s lengthy security wish list.
Longhorn preview and more
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Windows Service Hardening would have prevented Blaster worm from spreading, according to Microsoft.
An properly configured firewall also.
Waiting for Beta 1 of this, I want to give Longhorn a spin. Does anyone know their actual Product name for this? Or are they sticking with “Windows Longhorn” for their final release name? Due to all the hype so far I think they should stick with the “Longhorn” brand.
yea..
An properly configured firewall also.
I’d go with system hardening (if done properly) over a firewall any day. (That said, I don’t know that Microsoft would provide the proper tools to determine all the holes. The current audit software they provide for 2K/XP/2003 is good but incomplete and requires additional assistance.)
A firewall only says “I don’t trust services that may or may not report themselves as available over the network — so I am actively blocking all ports except for a few by using a second tool”.
* Don’t use a firewall to do your work.
* Less is more; remove all that is not needed.
* Know what you’re running.
* Firewalls don’t block — they allow. Anything that is allowed is implicitly designated as secure by itself with no firewall. (If you wanted a complete block of all services, you could just turn off the network connection entirely.)
Windows is a PITA to lock down when compaired to most other operating systems (read: unix-like operating systems). Too much clutter and needless complexity.
The final name according to Winsupersite is Windows 2006.
I think a tear came down my eye looking at the visual goodness. My favorite besides the wobbly effect was the desktop switching where you can still see what’s going on in your other desktops, including watching a movie….sweet. This, my friends, is innovation.
That my friends is mouth-watering eye candy!
* Firewalls don’t block — they allow. Anything that is allowed is implicitly designated as secure by itself with no firewall. (If you wanted a complete block of all services, you could just turn off the network connection entirely.)
Interesting,that’s another way of looking at it.Only allowing http80/443,on the firewall is the same as no firewall and you (talking about clients) only browse the web.If anyone gets # because of a overflow the firewall has no purpose anymore.
(If you wanted a complete block of all services, you could just turn off the network connection entirely.)
Or,on most other operating systems (read:eg UNIX,..) it’s indeed easier to really harden the OS upto any desireable point.It’s trivial to disable all services so nmap or a netstat wouldn’t listen any open port.No service is no attack vector.r(s)bac,grsecurity,AppArmor,Grsecurity or SELinux alike system complete with a real stack,heap,etc protector and not the silly /GS compiler switch would be something good to start with.Even if you got some kind of infection the harm done to the system would be limited,no straight root give aways.
Too much clutter and needless complexity
Yes for the developers.There is simply not much developed in this referential fit.Real security tech hasn’t been high on the agenda in MS world.
build 5048? no thanx, gonna stick to build 5038
Of the above stated features are known at this point. Who’s to say they aren’t going to throw in way more in terms of security. I think having built in Anti-spyware tech is something that could be in there. So the instant soemthing gets on your system you get a message and get rid of it right there, or it’s done automatically in the BG.
MS has said that Beta 1 won’t have all the features that the final will, most if not all of them will show up in beta 2 as is always the case. Even looking at XP’s development, the RC’s looked nothing like the Beta’s, I expect the samething for longhorn.
People are also talking about MS pulling lots of stuff out of longhorn, aside from WinFS which will be in beta when longhorn client ships, and a free final download when longhorn server ships, no other BIG talked about features has been removed. You also have to keep in mind that WinFS will really shine when you have it on the Server AND Client systems, to give you all those network bits, like having a virtual folder with videos that shows you videos spread over pc’s on your whole network using the local server to keep track and share the LAN’s index data and so on. You can probably even control which info is shared from the server to WinFS clients.
This would basically get rid of something like the Network Naighborhood part of Windows, you can just pick what to share on each client and have it show up in all the clients relavint virtual folders like it was local.
Even though WinFS won’t be in the longhorn client though, that doesn’t mean complex and fast desktop search won’t be in there, it will, but with WinFS you can do way more.
I’m looking forward to trying this stuff out, and I think that if the security is nailed down right people will upgrade.
“Also, Microsoft is battling the perception that there’s little to get excited about in the long-awaited and much-ballyhooed Longhorn.”
One thing that I think is important is that Microsoft _is_ trying to innovate (yeah, often they just buy a small company and call it innovation, but in this case I think they are actually doing alot themselves) in the desktop arena.
The fact that there is little to get excited about is fine if the services that the OS provides allows 3rd party vendors to make the “stuff to get excited about”. I haven’t looked at it much, but Avalon looks to be a _very_ exciting API to code against. I’m not so pumped about Indigo, but that could be just because I haven’t looked at it much either.
FWIW, I’m still looking forward to Longhorn.
‘* Firewalls don’t block — they allow. Anything that is allowed is implicitly designated as secure by itself with no firewall. (If you wanted a complete block of all services, you could just turn off the network connection entirely.)’
Interesting,that’s another way of looking at it.Only allowing http80/443,on the firewall is the same as no firewall and you (talking about clients) only browse the web.If anyone gets # because of a overflow the firewall has no purpose anymore.
To be clear: I’m not talking about client systems specifically; all systems. This method is actually most helpful in locked down servers with a firewall at the boarders to handle rogue or uncontrolled systems.
In either case, if a service is exposed it must be trust-worthy … if it can’t be trusted, it should not be exposed or even running.
‘(If you wanted a complete block of all services, you could just turn off the network connection entirely.)’
Or,on most other operating systems (read:eg UNIX,..) it’s indeed easier to really harden the OS upto any desireable point.It’s trivial to disable all services so nmap or a netstat wouldn’t listen any open port.No service is no attack vector.r(s)bac,grsecurity,AppArmor,Grsecurity or SELinux alike system complete with a real stack,heap,etc protector and not the silly /GS compiler switch would be something good to start with.Even if you got some kind of infection the harm done to the system would be limited,no straight root give aways.
Yep. One of the major failings of Windows is that you can not easily disable or block some services — thus the another layer (the firewall) is necessary. I consider this designing by marketing and it is only a benifit to the marketers. Users and admins have been abused for years because of this arrogant attitude.
‘Too much clutter and needless complexity’
Yes for the developers.There is simply not much developed in this referential fit.Real security tech hasn’t been high on the agenda in MS world.
It’s amazing to me how unix-like Windows is becoming … though they are still a few years off and unfortunately still making the same mistakes of old.
I think having built in Anti-spyware tech is something that could be in there. So the instant soemthing gets on your system you get a message and get rid of it right there, or it’s done automatically in the BG.
Seems to be rather after the fact. Wouldn’t you want it to be damn near impossible to get on and — once on — impossible to run or cause dammage?
MS has said that Beta 1 won’t have all the features that the final will, most if not all of them will show up in beta 2 as is always the case. Even looking at XP’s development, the RC’s looked nothing like the Beta’s, I expect the samething for longhorn.
Betas are feature complete. If ‘beta 1’ doesn’t have all features, it’s an alpha release by another name.
People are also talking about MS pulling lots of stuff out of longhorn, aside from WinFS which will be in beta when longhorn client ships, and a free final download when longhorn server ships, no other BIG talked about features has been removed.
Are you sure about that?
You also have to keep in mind that WinFS will really shine when you have it on the Server AND Client systems, to give you all those network bits, like having a virtual folder with videos that shows you videos spread over pc’s on your whole network using the local server to keep track and share the LAN’s index data and so on. You can probably even control which info is shared from the server to WinFS clients.
How? Seems like speculation to me.
This would basically get rid of something like the Network Naighborhood part of Windows, you can just pick what to share on each client and have it show up in all the clients relavint virtual folders like it was local.
More speculation?
Even though WinFS won’t be in the longhorn client though, that doesn’t mean complex and fast desktop search won’t be in there, it will, but with WinFS you can do way more.
In what way?
I’m looking forward to trying this stuff out, and I think that if the security is nailed down right people will upgrade.
Security is a process not a product.
Security is a process not a product.
Security is a process not a product.
…
“That my friends is mouth-watering eye candy!”
Welcome to OS X apple’s been doing it for years…
also for funky v desktop changes.. yup there also a free prog of os x.
Must say though next generation Linux spx will rival longhorn. Im personally waiting for OS X 10.5….
While I agree that Apple has been doing great things for some time (like the cool user switching animation) it makes the technology much more cooler when you know that a few geeks coded up some great visual gooeyness themselves and you’ve seen it on some crappy projection screen in some computer cave videotaped by an equally crappy camcorder…there’s no other feeling like it.
in all its glory, is a waste of my hardwares time. if i want eye candy i will play ut2004 or nexuiz or something. for my desktop, utter lack of everything is perfectly fine.
Why not put that >$300GPU that is sitting idle to good use?
Everytime there’s a Linux/Apple story I see another Longhorn preview, which rehashes the same old information we’ve already heard for the 10th time this month. Let’s stop with the marketing and get with the programming.
Isn’t WinFS the same thing as Mac OSX’s Smart Folders?
* Don’t use a firewall to do your work.
Doesn’t it provide a useful added layer for a home user – for example, something like:
Drop all unsolicited incoming.
Drop all outbound except 25, 53, 80, 110, 443 etc ……
Wouldn’t having this be of some use ??
I still can’t see a good reason to upgrade from win2k to longhorn.
Yeah, those effects are all fancy and fun — but who the f*** would use them? The wobbly windows *slow you down*, and I’m sure they’d get mighty annoying after a while.
The aesthetic value of an OS is not in its fancy UI features, but in how it all blends together. OS X is excellent when it comes to this. KDE/GNOME under Linux are puke. There’s your difference. I don’t doubt MS will make Longhorn out to be the same way as OS X — integrated, smooth, and appealing. Linux’s disconnected nature will never allow for such a setup.
Welcome to 1995. You’ll be stuck there for another decade, no matter how many fancy window effects you can implement.
No the virtual folders are the same thing… I think.. WinFS was supposed to be teh uber filesystem theyve been promising for, like a decade.
‘* Don’t use a firewall to do your work.’
“Doesn’t it provide a useful added layer for a home user – for example, something like:
Drop all unsolicited incoming.
Drop all outbound except 25, 53, 80, 110, 443 etc ……
Wouldn’t having this be of some use ??”
Firewalls are misused as ‘security’. They aren’t. They are simply tools that may or may not make you more secure.
If you trust that the software on your systems is secure on an exposed port such as 80, … then the firewall adds no value for that software.
If you know what ports your software exposes to the rest of the world, you can examine it and either trust it (as you would have to do anyway) or disable it (as you should, since if it is not trust worthy it still has a chance of slipping in and using an alternate port such as 80).
So, the statement stands;
* Don’t use a firewall to do your work.
Does this mean “do not use a firewall”? No. That said, if you know what you are doing and have reasonable restrictions on the users of your systems — especially a home system — a firewall will probably not be required.
You are just talking nonsense or you don’t have a clue.
Just put Mandrake 9.0 or, worse, 8.2 on your computer and compare them with KDE 3.4, Gnome 2.10, Xfce4.2…
And all this work has been done in just a couple of years. WinXP in the meantime still looks (and behaves) absolutely the same (=rubbish IMO) (after 4 years)
Yeah, those effects are all fancy and fun — but who the f*** would use them? The wobbly windows *slow you down*, and I’m sure they’d get mighty annoying after a while.
Hi, you obviously don’t know what you’re talking about.
It’s been well stated that those videos are purely for *technical demonstration*. It’s to show what can be done, not will be done. I think we can trust the GNOME people to use the new effects in a smart way to help users.
KDE, on the other hand…
The aesthetic value of an OS is not in its fancy UI features, but in how it all blends together. OS X is excellent when it comes to this. KDE/GNOME under Linux are puke. There’s your difference. I don’t doubt MS will make Longhorn out to be the same way as OS X — integrated, smooth, and appealing. Linux’s disconnected nature will never allow for such a setup.
And you know this, how…? How about you come back in 2 years to discuss if Longhorn actually lived up to its hype. Some people make out like it’s already released and believe every PR that comes from Microsoft.
The Linux technologies are here today. Cairo, the Glitz backend, etc. and are slowly going to be integrated into the desktop.
I do hope laptop integrated vid cards can handle this..
The techs are here today? You mean I can download and install a mainstream distro and have Cairo + Glitz, fully supported, working, and stable?
Right, I thought so …
By the same logic, Aero and Avalon are here today. I can download + play with them, but by no means are they ready for main-stream consumption. Get a friggin’ clue.
I’ve never seen such a bad use of the word subsystem
[i]The techs are here today? You mean I can download and install a mainstream distro and have Cairo + Glitz, fully supported, working, and stable?[i]
Yes, there is a live cd you can download and test it.
I wouldn’t mind giving it a whirl, but I’m concerned with how tweaked-out it is at this point. How does it compare to XP in terms of speed (and stability for that matter)? I have a P4 3.4 w/GB RAM and an x850 XT PE, so I could probably “brute force” it even if it’s still slow as ass. Still, I’d rather not ham-string that system, just so I can give the latest builds a look.
Build 5048 was from March, released at WinHEC in April, and is quite old in the ms world of daily builds. It is specifically feature-stripped and intended as a platform 4 hw driver developers. It’s inappropriate to draw from it too many conclusions re the user environment.
Firewalls are misused as ‘security’. They aren’t. They are simply tools that may or may not make you more secure.
If you trust that the software on your systems is secure on an exposed port such as 80, … then the firewall adds no value for that software.
If you know what ports your software exposes to the rest of the world, you can examine it and either trust it (as you would have to do anyway) or disable it (as you should, since if it is not trust worthy it still has a chance of slipping in and using an alternate port such as 80).
What about grandma’ and grandpa’ using XP.
I understand your point of view from a Server’s Administrator’s point of view, running *NIX, Linux or *BSD. But what you are forgetting is that damn spyware and virii infecting your computer, setting up a backdoor that you don’t know about, on a port you don’t know about. How are you going to prevent that?
Obvious answer: A Firewall!
You’re right, with them making new builds each day, they’d have to be well into the 5100 builds by this point.
And as far as beta’s go, MS has officially said Beta 2 will have all the features, beta 1 won’t have all of them.
It could be a patent thing, like why they wanted screenshots of 5048 to be taken down from websites because they haven’t gotten the patents for a few things in that build. Or so they say.
Anyways, i’m still looking forward to longhorn personally.
I understand your point of view from a Server’s Administrator’s point of view, running *NIX, Linux or *BSD. But what you are forgetting is that damn spyware and virii infecting your computer, setting up a backdoor that you don’t know about, on a port you don’t know about. How are you going to prevent that?
Obvious answer: A Firewall!
If some rogue program can install on your computer and use some port as you said it means it has got admin rights and thus can also make firewall rules which then render your firewall useless.Never thought the firewall service itself could be attack vector?
As said many time before security is a process which may or may not involve the install of a firewall at some point.
What’s more important is making sure most services,apps are running with the least amount of credentials possible to begin with.Further steps should be made to harden, stop straight root giveaways.A tough rbac system should be installed which might help to limit the damage done to the system even if some (web-browser/server)-service could be exploited.
In Windows, that would mean accomodating a plethora of desktop FWs. The consequence would be a bloated piece of malware that becomes much easier to detect.
Don’t forget that AV factors into this too. AFAIK there isn’t a signgle trojan or whatever out there that can modify more than one or two FWs in the way you describe, and even those can’t get past a decent virus scanner.
It looks like OS X went out one night, got really drunk, and these screenshots are of the next morning.
Kinda like OS X, kinda good looking, but not really.
I do hope laptop integrated vid cards can handle this..
————–
You can always go to the classic grey or tone down the visual effects.
Don’t forget that AV factors into this too
Yep.
and even those can’t get past a decent virus scanner.
A virusscanner works with signatures mostly which have to updated constantly.Most average people mail and browse the web.A decent virusscanner could easily detect and prohibit malicious (javascript,..) from running.The browser could still have weak spots though which we notice once in a while when a new vulnerabillity report shows up.
With polymorphic techniques it’s quite easy to turn a known virus into a unknown virus and produce this way dozens of new ones.While the signatures can never be complete (every day dozens and more new ones show up) there have to be some victims first who before the signatures gets updated again.
The virus,worm can be most succesfull when desined for the greatest group of platforms as possible in order to spread.It also must contain one or more payloads that target critical weakspots.The zip bomb is a good example of a “legitimate” file at first impression that rendered some viruscanners useless,what would stop the second payload from doing harm?
A virusscanner is a good thing to have but why does it have such a great responsibillity alone?I think it’s moreoften a *single point of failure* as is the firewall.
Correct me if i’m wrong but i think it’s better to harden the whole codebase,not letting a viruscanner have to much rights.The current acl structure isn’t enough.A role based access control system with a separate security officer account would be more like it.
Some links of interesting technology that would be nice to see properly implemented:
http://www.rsbac.org/
http://www.grsecurity.net/
http://pax.grsecurity.net/
http://www.nsa.gov/selinux/
WinFS is basically the equivalent of Spotlight, which is Tiger’s system wide indexing service. Both offers smart folders and exposes API to 3rd party apps. Except one is a few years earlier than the other. By the time longhorn is released, we would be seeing the second generation Spotlight in Leopard.
Longhorn will have a Spotlight equivalent and a smart folder equivalent. It won’t have WinFS though. So no WinFS is more than spotlight.
i thought longhorn’s search thing will be more like the command locate, and less in searching meta data. Is that correct?
It looks like here is a high quality security discussion going on: From what I can see (and what also makes sense), the best thing to do is to have a highly trustable codebase, shielded by a firewall and a virus scanner.
None of the components should be used by too many people on the net, because that might give a virus a worthy attack vector.
Monocultures are a BAD THING. Writing a virus which can punch a hole in one Firewall is one thing, writing a virus which can punch a hole into 20 different firewalls who reside on 10 differently configured systems is 10 orders of magnitude more complex, so it cannot be done as easily as in the monocultural environment.
So all people who sometimes shout for a single “standard” distro and “standard” apps might now get a clue that this would not be a good Idea from a security point of view. You can make some systems secure at some time, but you cannot make all systems secure at all times, hence a “what if this type of machine fails” scenario should show a small impact on the whole of the internet.
(Please refer to some of the previous posts for details not repeated below. I think they all still apply.)
What about grandma’ and grandpa’ using XP.
So, is it OK to use personal references and anecdotes? I hope analogies are OK too…because I’m going to use some…
—
My parents are grandparents and they use XP, so I guess they qualify.
For them, I followed the methods I’ve outlined earlier. They run 1 firewall on the Linksys cable router and I consider that optional. When they travel, they have no firewalls enabled. They do not run anti-virus, though I did install 2 seperate spyware detection programs.
My older sister and brother-in-law have 3 kids. They have declined my suggestions. They have constant problems. They use the same spyware detection programs, plus a commercial firewall, plus a similar Linksys cable router with a firewall.
I understand your point of view from a Server’s Administrator’s point of view, running *NIX, Linux or *BSD. But what you are forgetting is that damn spyware and virii infecting your computer, setting up a backdoor that you don’t know about, on a port you don’t know about. How are you going to prevent that?
Obvious answer: A Firewall!
You’re perspective is like saying use blood thinners to protect your blood flow. I’m saying change your diet first.
Just as medicine is not always 100% harmless, firewalls aren’t impact-free. You don’t want to treat every case of sniffles with anti-biotics, or to use the anti-biotics improperly. You also don’t want to use firewalls to encourage the bad guys to just invent new ways to abuse port 80 and other open ports. It’s best to block them from abusing any port or system resource in the first place…then it doesn’t matter what the firewall (if any) manages as there are no weak parts to infect.
Keep in mind that it may be impractical to shelter your body from biological attacks, it is practical to shelter your computer from ‘viral’/’trojan’/’spyware’ attacks.
Preventitive steps eliminate the need for surgery — or reformatting in this case — later in the vast majority of cases.
(Ex: An ex-girlfriend who has a PHD in medicine (Nurse Practitioner) treats cancer patients. All but 1 in her whole 20 year career was a heavy smoker and/or heavy drinker. The exception? The wife of a heavy smoker.)
Unlike health, you can lock your systems down so that only the bits you want fiddled with get fiddled with.
Unfortunately, Microsoft’s default settings make it difficult to perform these steps. This does not mean that they should not be performed.
Who wants to put bets on in days that Longhorn will be cracked by a worm?, or even a sercurity patch!
Bets start as 3 days
I wounder if Longhorn will come close to the default theming of KDE and GNOME, tabbed filemanager browsing, image, text, PDF, office previewing, transparency and shadows without the need for the bloated WindowsFX. I bet Longhore will still be behind use KDE/GNOME users in Linux
Did I forget anything?, ahh yer loads more feature Linux desktop has.
No Search in Longhorn will work with meta data.
There is nothing spectacular about Spotlight. It is nicely implemented but nothing that grand.
WinFS provides far more than spotlight and is designed to address more than just single user desktop issues. It is also for the enterprise.
Read about WinFS here http://www.c-sharpcorner.com/Longhorn/WinFS/WinFSDataModel.asp.
WinFS changes the storage mechanism. Spotlight and Search just run on top of the storage mechanism.
Please note I am no MS fan. I use Windows at work and Tiger and Linux at home. But MS is doing some good stuff in Longhorn. Avalon will be a big step above anything Apple has to offer. It will finally offer resolution independent screen display technology. Sorry off topic.
“Firewalls don’t block — they allow.”
I don’t know what crappy firewall you’re using, but mine is set up so that EVERY event results in a popup box and waits until I either allow or deny. Sure I give “allow all” to certain programs like firefox, but very very few, and never on incoming, only on outgoing.
2nd, the firewall also contains a system security module which blocks every PID until I either allow or deny. No program starts without my permission, and doesn’t spawn any threads without my permission.
So, absolutely the firewall blocks, but I determine what is allowed.
It’s time to pull your head out of the sand, firewalls today do a hell of a lot more than they used to do.
Sure I give “allow all” to certain programs like firefox, but very very few, and never on incoming, only on outgoing.
Your firewall allows http traffic by any PID that says it’s firefox.Any firewall allows otherwise you won’t need a network connection.So you have in fact vowed to trust any http traffic that any PID that poses as being firefox makes.
Besides your firewall is software like any application on your system and can thus be exploited.People should,’t have to solely rely on only a firewall and virusscanner.
Who wants to put bets on in days that Longhorn will be cracked by a worm?, or even a sercurity patch!
Bets start as 3 days
I give it either -3 weeks (defect not fixed in shipping version requiring an immediate update) to 2 months after (though a very serious fault at the design level). .Net, though, will likely hold up to most security attacks.
I wounder if Longhorn will come close to the default theming of KDE and GNOME, tabbed filemanager browsing, image, text, PDF, office previewing, transparency and shadows without the need for the bloated WindowsFX. I bet Longhore will still be behind use KDE/GNOME users in Linux
PDF — Nope. They want Avalon to be used and MS doesn’t excel in PDF creation — Adobe does.
Tabbed everything — They will do it and act as if it was invented in Redmond.
General progress — I don’t see Longhorn becoming a full featured desktop OS like KDE or as simple as Gnome. MS is shooting for a “Do not panic the end user” target.
Did I forget anything?, ahh yer loads more feature Linux desktop has.
KIO and others are damn slick. I would like to see the integration that OS/2’s WPS had, though, between the command line/shell and the gui. None of the current major operating systems and environments seem to have that as a goal; not OSX, not KDE, not Gnome, and not (AFAICT) Microsoft’s next big one.
Netpython has a good reply. My comments will cover another angle.
“Firewalls don’t block — they allow.”
I don’t know what crappy firewall you’re using, but mine is set up so that EVERY event results in a popup box and waits until I either allow or deny. Sure I give “allow all” to certain programs like firefox, but very very few, and never on incoming, only on outgoing.
Sounds like a PITA. Why do you put up with it?
2nd, the firewall also contains a system security module which blocks every PID until I either allow or deny. No program starts without my permission, and doesn’t spawn any threads without my permission.
That’s not a firewall, that’s an app manager.
Other than you feeling like you have control, does it make your system more secure?
So, absolutely the firewall blocks, but I determine what is allowed.
It’s time to pull your head out of the sand, firewalls today do a hell of a lot more than they used to do.
With that set up, you are opening the ‘firewall’ tool to a social exploit. All the attacker needs to do is look reasonable, and you’re as safe as having no firewall at all.
* Lower the complexity of a system, and it will be more stable and more secure.
* Increase the complexity of a system, and you have to know all the parts…but are not necessarily more secure.
** Security is a process not a product. **
** Use tools to your benifit and eliminate them when they do not benifit you. **
Just put Mandrake 9.0 or, worse, 8.2 on your computer and compare them with KDE 3.4, Gnome 2.10, Xfce4.2…
An ironic comparison, given that I can get Mandrake 8.2 to install just fine on my Proliant 2500 while Mandrake 9.0 and later all fail with a kernel panic.
Not all old software is useless, and not all new software is “better” in all situations. I’d rather have a functional system than eye candy.
Sorry, misunderstanding. My only point was that Linux looks a lot better now than it did a couple of years ago, while WinXP still looks absolutely the same after 4 years (I was replying to somebody who said that linux looks puke)
the name.
Longhorn?
Not very sexy.
I think there is time to change it to “LongDong”
that should spark some interest from the desperate housewives.
LongDong available in both Silver and Gold Editions.
( http://www.gnome.org/~seth/blog//xshots )
The impressive thing about Luminocity is that it runs with little hardware acceleration. The site even says that only the wobbly windows needed accelerating, and even that ran on only a basic Intel video chip (and well).
Microsoft has been telling us that Longhorn, on the other hand, will require a fairly good video card to take advantage of the pretty effects. I suspect Avalon might be slower than Cairo on similiar hardware as well.
By the way, where is that livecd of cairo/glitz that the anonymous person spoke of?
Or luminocity. Or whatnot.
Hell no! It’s so ugly, it makes my eyes bleed. No seriously, how low can they go? It looks at best like a failed remix of fischer-price meet OSX but went color blind on the way.
What are M$ really selling that garbage to the customers. It’s looks just a XP+ variant. There are hardly anything new. All that eye candy well thats allready on a linux computer near you. Try suse. The search system. Taht already exists.
So why should anyone pay 300$ for a memory hungry slow OS. When you can have better for free.
“Your firewall allows http traffic by any PID that says it’s firefox.Any firewall allows otherwise you won’t need a network connection.So you have in fact vowed to trust any http traffic that any PID that poses as being firefox makes.”
WRONG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Forget the firewall for a moment, the system security module stops EVERY PID, no exceptions. There’s no such thing as some app masquarading as firefox, impossible, the executable is tied directly to the PID. An app would have to kill the firefox PID, copy itself to the same location on the harddrive, rename itself, and then start itself back up. The system security module prevents this at every step, no exceptions. I would have to give it explicit permission to launch another process, and explicit permission to start a PID….. which no app has by default… I must give manual authorization.
And as far as the firewall goes, it works hand with the integrated system security module, so it would fail there too. Plus I can always pop up the builtin monitor and see exactly what app is communicating in real time: internet, local lan, or system PIDs.
The firewall you describe is from what, 1995???? Time to upgrade, d3wd.
“”I don’t know what crappy firewall you’re using, but mine is set up so that EVERY event results in a popup box and waits until I either allow or deny. Sure I give “allow all” to certain programs like firefox, but very very few, and never on incoming, only on outgoing.””
“Sounds like a PITA. Why do you put up with it?”
You’re kidding, right? Just how many apps do you think I launch in a session, 1000? Nope, 5 or 6, maybe 10 tops. The only time it’s a PITA is when I set firefox to ask for permission on every outgoing connection… but that’s purely for diag only.
“”2nd, the firewall also contains a system security module which blocks every PID until I either allow or deny. No program starts without my permission, and doesn’t spawn any threads without my permission.””
“That’s not a firewall, that’s an app manager.
Other than you feeling like you have control, does it make your system more secure?”
D3wd, it’s 100% integrated into the firewall, so much so that it IS the firewall. And hell yeah, it makes my system damn secure.
“With that set up, you are opening the ‘firewall’ tool to a social exploit. All the attacker needs to do is look reasonable, and you’re as safe as having no firewall at all.”
Hey, I’m a programmer, not a fscking newbie, I’ve NEVER been fooled. Anything I’m uncertain about get run on a test machine…. with apps to trace ALL sytem changes, including files copies, etc, etc. You’re assumption is that everyone’s a damned idiot.
“* Lower the complexity of a system, and it will be more stable and more secure.
* Increase the complexity of a system, and you have to know all the parts…but are not necessarily more secure.
** Security is a process not a product. **
** Use tools to your benifit and eliminate them when they do not benifit you. **”
Wow, if it isn’t Jiminy Cricket with his “turn lemons into lemonade” platitudes. What website did you google those from? You certainly aren’t a networking expert, cos you sound like you’re Geraldo doing a tech report. Go back to the AOL chatrooms where your tripe isn’t so tranparent.