NeoSmart has published their Windows Vista RC1 Monster Review, which tries a kind of “thorough overview” of everything Vista will ship with this close to RTM. Especially interesting is the brief security run-down. And of course, there are screenshots as always.
Windows Vista RC1 Mega Review, Security, and More
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
http://www.theinquirer.net/default.aspx?article=34523
http://www.linux-watch.com/news/NS6131985793.html
http://www.eweek.com/article2/0,1895,2017620,00.asp
Oh well, at least there is this:
http://www.whylinuxisbetter.net/
You get modded down for posting links?
Perfectly factual links?
Whatever happened to freedom of speech?
Whatever happened to the public’s right to know?
Edited 2006-09-22 05:34
From the article:
– “Most other operating systems have an ancient networking stack that is constantly being updated with new components.”
I don’t get it, for example OS X has been supporting IPV6 for several years now.
– “It’s faster than the rest (including Linux and Mac OS X), but it’s not the most stable.”
Show me numbers, what exactly allows the author to say this. Any benchmark? If not, this statement is totally irrelevent.
-“At the end of the day, Windows’ DVD burning facilities don’t stand out too much, but they’re adquate for most purposes, and there really isn’t much room for criticism here.”
It just useless and poorly featured.
>I don’t get it, for example OS X has been supporting >IPV6 for several years now.
Yeah they ripped some networking stack code from FreeBSD and IPv6 is brand new to Windows. How many years have these “other” OSes had these.
Plus since their networking stack is new, they’ll have to deal with all new security holes and bugs that are only ironed out through age.
>”It’s faster than the rest (including Linux and Mac OS X), but it’s not the most stable.”
Windows XP is stable too but Vista is much less responsive than XP or openSUSE w/ XGL+Compiz on my machine. Linux is also stable except for X11 with the proprietary ATI drivers. It sometimes crashes when my computer returns from standby or when I switch users. The first is on ATI’s bug list but they havent fixed anything yet.
Any work arounds to these?
>”At the end of the day, Windows’ DVD burning >facilities don’t stand out too much, but they’re >adquate for most purposes, and there really isn’t much >room for criticism here.”
On Linux we have K3B, X-CD, GnomeBaker, etc.; along with the “cdrecord” command-line CD/DVD burner.
K3B being much like Nero IMHO but free. But Nero is availible on Linux for those who want or need it.
I haven’t looked at Vista’s burning features but Windows XP has a dung burner integrated in Windows Explorer, thats guaranteed to attract flies to your monitor.
It’s even better than Linux. I never thought I’d live to the day when I can honestly say “Windows security for user accounts is much better than that of Linux.” Scary? Unbelievable? It’s true. Linux has two types of accounts: Normal, and Super-User. That’s like having “Restricted User” and “Administrator” on Windows, with nothing in between. On Windows, there are a hundred different in-between accounts, and users can actually log on as Administrator for day-to-day activities. Even more so, on Linux when you request higher privileges
su –
You can then proceed and do whatever you like. On Windows, it’s a per-task deal. Both are secure, but, believe it or not, Windows is more secure – from that aspect anyway.
I heard something similar on windows XP, don’t know why its still not working…
Edited 2006-09-22 06:19
su –
You can then proceed and do whatever you like. On Windows, it’s a per-task deal. Both are secure, but, believe it or not, Windows is more secure – from that aspect anyway.
Also I think that they didn’t hear “sudo”
Edited 2006-09-22 06:41
> Also I think that they didn’t hear “sudo”
Or gksudo, kdesudo, gksu, kdesu, etc. I plan on setting up sudo and the front-ends; I hear its more secure than su alone.
I also have AppArmor and a good firewall (integrated in YaST) for MAC and Internet security. Mandriva uses have RSBAC + firewall and Fedora/RedHat users has SELinux + firewall.
Setting up user accounts and group rights is just as simple as Windows Vista with the GUI tools found in Gnome and KDE.
One; Linux (and BSD, I assume) have groups in order to restrict what users have access to (hence the groups permission part of the permissions string -rwxRWXrwx)- users won’t necessarily have access to the su (or sudo) command, for example. The list is in /etc/group. If I understand the file correctly, my particular account has membership in the ‘audio’ group (so processes I start can use sound), and shares membership of ‘cdrom’, ‘floppy’, and ‘plugdev’ with haldaemon (which I interpret to mean I’m allowed to mount devices, and so is the automounter)…
Two; Linux DOES have Access Control Lists via SELinux (and there may be other implimentations) for finer-grained control. I’ve never used it though, and I don’t know how many distros ship with it enabled.
Three; sudo is not entirely per-task, but it’s close; it’s only valid for the terminal it was invoked from, and (on Ubuntu, at least) for a limited time only. You can change the time limit to zero (or a really small number, if 0 counts as ‘off’) and get per-task authorization.
How do the Windows processes compare? They sound fairly similar, except for the part about Vista asking you first. One of these days I ought to get around to making rm an alias for rm -i.
I did find these points, in the security roundup, VERY interesting:
Internet Explorer is no longer integrated with Windows Explorer
…
New “Protected Mode”
The browser runs in a sandbox with even lower rights than a limited user account. As such, it can write to only the Temporary Internet Files folder and cannot install start-up programs or change any configuration of the operating system without communicating through a broker process.
Both seem like very good ideas. Heck, it might be a nice idea to make ALL browsers run as their own limited users. Yeah, now all you need to do is fool the broker process… but anyway. Actually, this might be why Microsoft invited the Firefox people over, to make sure Firefox will run well in an extremely limited mode.
Linux DOES have Access Control Lists via SELinux
Linux has access controll lists even without SELinux.They are called discretionary.SELinux provides an extra layer,mandatory access controll.
I’ve never used it though, and I don’t know how many distros ship with it enabled.
The 2.6 kernel has SELinux capability build-in just not every distro comes with a default policy.
On Windows, there are a hundred different in-between accounts,
Hundreds?! Having to remember *hundreds* of administrator account names and passwords is “better” than Linux?! Pure. Windows. Fanboyism.
and users can actually log on as Administrator for day-to-day activities.
Umm, yeah. You can do that in Linux, too. Fortunately even Linspire users aren’t that stupid these days, I hear.
How can one do a review of (in part) WMP 11 (from the original article)
http://neosmart.net/blog/archives/264/8/
and make a claim that “There really isn’t much to be said for WMP 11. It’s really good, it looks great, it doesn’t eat too much memory, it sounds great, it has excellent audio boosts, and it’s probably the very best player out there at the moment.”
… without mentioning that WMP 11 won’t let you backup licenses, (being embedded in the OS) it will place restrictions on files that you rip from your own legally purchased CDs – even if you use another media program to rip them, and it will kill your video recordings after 3 days.
http://www.theinquirer.net/default.aspx?article=34523
This is relevant, factual and on-topic for this article.
If this gets modded down again, we know that the operators of OSNews are trying to keep the truth from you.
Edited 2006-09-22 06:32
(WMP11) will place restrictions on files that you rip from your own legally purchased CDs – even if you use another media program to rip them
That is, copy-protected CDs – big difference. But my question is, how will you play any of this content on other operating system? Oh, you can’t? Then shut the f**k up already. At least with Vista, you have the option. And if you don’t want to pay for this content, nobody is gonna force you to do so at gunpoint. I promise you .. your mp3/ogg files are not going to stop working. Your traiditional CDs will still rip & burn just fine. The only difference here is that with Vista, you’ve got more options. Most of these options truly suck, but they are still options.
This is just like the whole HDCP argument .. “Oh, you’re gonna have to buy a new monitor to play this content!” Well, if you switch to another OS like Linux, you’re not gonna be playing shit either way until/unless DVD Jon or one of his ilk comes to your rescue. Hell, this technology wasn’t even invented by MS, but hey … everybody needs a scapegoat.
Edited 2006-09-22 06:43
// But my question is, how will you play any of this content on other operating system? Oh, you can’t? //
Why can’t I? If it is a CD, and I can play it in a standard player – then I can play it on a computer with a non-crippled OS.
//Your traiditional CDs will still rip & burn just fine.//
It doesn’t look like it. It looks as though Microsoft are reserving the “right” (through EULAs) to cripple your media files if they happen to get on to your system which is running WMP 11 – be it Vista or XP.
Edited 2006-09-22 06:52
You make it sound like WMP 11 is going to scan through your hard drive for any MP3 files and silently add DRM to everything it can find.
What I read even in the Inquirer article is that it’s a matter of content ripped/recorded with WMP11- unless you’re unable to avoid this, say, all ripping programs HAVE to, somehow, use WMP 11 as a backend… why not just use another program? The whole ‘turn off copy protect option’ argument only works if you assume everyone will only use WMP.
Which is unfortunately likely amongst the average public, but we can only do so much…
//You make it sound like WMP 11 is going to scan through your hard drive for any MP3 files and silently add DRM to everything it can find. //
No, I don’t believe so. It will however restrict what you can do with media files. Being part of the OS, it can act on media files “passing through” the OS even if it hasn’t been explicitly asked to play them. It will therefore (as an example) be able to prevent you from copying your .mp3 file onto your media player via USB.
That is not “adding DRM” to your .mp3 file. It is, however, still restricting what you can do with your computer.
Uhhmmmm….. Vista does not do this….. have you used Vista?
Uhhmmmm….. Vista does not do this….. have you used Vista?
Apparently not. I heard this same bullshit about XP when it came out as well.
// But my question is, how will you play any of this content on other operating system? Oh, you can’t? //
Why can’t I? If it is a CD, and I can play it in a standard player – then I can play it on a computer with a non-crippled OS.
I was referring to copy-protected CDs and HDCP content.
// But my question is, how will you play any of this content on other operating system? Oh, you can’t? //
Why can’t I? If it is a CD, and I can play it in a standard player – then I can play it on a computer with a non-crippled OS.
I was referring to copy-protected CDs and HDCP content.
For copy-protected CDs and for copy-protected DVDs, these must be compatible with literally billions of existing CD players and DVD players out there. If those standalone players can read the real content, then so can Linux. It would only be an OS complicit with the RIAA wishes that would be unable to read the real content and be limited instead to compressed protected data files.
As for HDCP content – what HDCP content?
//The only difference here is that with Vista, you’ve got more options. Most of these options truly suck, but they are still options.//
How do you get from “you are restricted with what you can do on your compuetr with this CD that plays in a standard player” to “with Vista, you’ve got more options”?
On what planet “being restricted” == “more options”?
Edited 2006-09-22 07:00
More ways (options) to be restricted? 🙂
Enjoy vista (when it finally comes out…)
On what planet “being restricted” == “more options”?
On the planet Windowsury? Microsofturn? Gatesballmeranus? Pratto? Oh, sorry; that’s not a planet; it’s a pratton.
How do you get from “you are restricted with what you can do on your compuetr with this CD that plays in a standard player” to “with Vista, you’ve got more options”?
If the CD is copy-protected and doesn’t work at all on Linux or Mac, then at least in Vista (and 2k/XP probably), you have the option of playing it. That’s one more option than you would’ve otherwise had.
//If the CD is copy-protected and doesn’t work at all on Linux or Mac//
What CD is this?
If such a CD were made, it would also not work on literally billions of standalone CD players. Who sells a CD like that?
How is it that you cannot understand that the so-called “copy protection” only works if the computer’s OS co-operates?
If the computers OS ignores all Windows (or Mac) data files and “autoplay”, and just reads the real full audio tracks as a standalone player does, then there is no copy protection.
Edited 2006-09-22 14:19
How is it that you cannot understand that the so-called “copy protection” only works if the computer’s OS co-operates?
If the computers OS ignores all Windows (or Mac) data files and “autoplay”, and just reads the real full audio tracks as a standalone player does, then there is no copy protection.
I could be wrong, but AFAIK .. the newer generation of copy-protected CDs no longer use autoplay to do their thing. Otherwise, you could boot up with Knoppix or any other distro and rip the CD that way. There has to be more to it than this. But again, I could be wrong?
//I could be wrong, but AFAIK .. the newer generation of copy-protected CDs no longer use autoplay to do their thing. Otherwise, you could boot up with Knoppix or any other distro and rip the CD that way. There has to be more to it than this. But again, I could be wrong?//
Seriuosly, if a CD works with existing standalone CD players, then Linux will be able to read it. (Hint: don’t throw away you current CD drives. Hang on to them for dear life, and don’t update any firmware.)
//Otherwise, you could boot up with Knoppix or any other distro and rip the CD that way.//
Precisely.
Don’t let the Joe Users know, hey! It will be our little secret.
Edited 2006-09-22 14:42
If the CD is copy-protected and doesn’t work at all on Linux or Mac, then at least in Vista (and 2k/XP probably), you have the option of playing it. That’s one more option than you would’ve otherwise had.
That’s quickly forgetting that if the copy-protected CD plays in a standard player (which was the premise) it will work on Linux. I can’t talk for the Mac. But still, your hypothese is pretty flawed from the start.
And how come you’re so sure it will play in Vista ?
The only difference here is that with Vista, you’ve got more options. Most of these options truly suck, but they are still options.
I haven’t checked out Windows Media Player 11 yet, but I’d assume that you have the choice not to use content protecion when ripping from cds, correct? if so, what the hell is everyone bitching about then?
//I haven’t checked out Windows Media Player 11 yet, but I’d assume that you have the choice not to use content protecion when ripping from cds, correct? if so, what the hell is everyone bitching about then?//
What would be the basis of this assumption? The whole OS is after all designed around restricting your rights in favour of big media companies.
Which hasn’ really addressed the quesiton; in Windows Media Player 11, can I via the options, under the rip tab, under rip settings, to allow me to rip content and save it in an unprotected format? thats a pretty simple yes or no question.
And you know, you *can* actually use other software besides that, its companies who CHOOSE to offer DRM in their products, if you don’t like the situation with DRM, blame the RIAA not Microsoft or Apple; they’re merely pawns in the media’s power trip.
//Which hasn’ really addressed the quesiton; in Windows Media Player 11, can I via the options, under the rip tab, under rip settings, to allow me to rip content and save it in an unprotected format? thats a pretty simple yes or no question. //
I don’t know for sure the answer, but it would appear that you can’t do this on Windows Vista.
//And you know, you *can* actually use other software besides//
I don’t believe so. This is the whole point of embedding the DRM and WMP 11 inextricably into the OS … so that one can’t get around whatever restrictions MS and the media companies try to impose … as long as one is using Vista.
//if you don’t like the situation with DRM, blame the RIAA not Microsoft or Apple; they’re merely pawns in the media’s power trip.//
I have a much better solution. I will just avoid using Vista and MacOSX. I will use Linux instead … which will happily ignore all of the superfluous “protection” files embedd on future CDs, and make like it is a generation 1 CD player … and happily get at the same content that normal CD players would use.
The whole point of all this is that, in order for DRM on computers to work, the OS providers have to work complicitly with the RIAA. Linux is an OS that is not complicit with the RIAA’s scheme. Therefore, even if you put in a Sony protected CD, with Linux you don’t get a rootkit. With Linux, it won’t restrict itself to wonky files on a data track, but it will go for the real CD audio tracks directly. The media companies can fluff and bluster as much as they want, as long as they produce stuff which remains compatible with all the satndalone CD players out there, the Linux will be able to read it, despite what “flags” and “autoplay” and whatever other nonsense they come up with to restrict Windows users.
I don’t believe so. This is the whole point of embedding the DRM and WMP 11 inextricably into the OS … so that one can’t get around whatever restrictions MS and the media companies try to impose … as long as one is using Vista.
As long as you do not have any source to back up the claim that all my .mp3s are automagically DRM’d when I install Vista, you are just playing ‘panic football’, as we Dutch say.
Resembles the stirr caused by Forbes a few days ago. It said that the Zune player would add DRM to your files… While in the end, that turned out to be a lie.
http://arstechnica.com/news.ars/post/20060920-7788.html
//As long as you do not have any source to back up the claim that all my .mp3s are automagically DRM’d when I install Vista, you are just playing ‘panic football’, as we Dutch say. //
What claim?
I didn’t say WMP11 would add DRM to your .mp3s. I didn’t say WMP11 would refuse to play your .mp3s.
What I do think is likely is that Vista will refuse to copy unprotected .mp3s to USB drives (ie media players), and it will refuse to expand them back to .wav, and refuse to allow you to burn them to CDR, and most importantly refuse to allow them to be shared by any P2P protocol over your internet connection.
This can only be done effectively if the code that makes these “refusals” is embedded into the OS. WMP11 (and its predecessors) is embedded inextricably into the OS. Microsoft are fighting tooth and nail against having to remove WMP from being embedded into the OS.
There is no reason to do this, other than making it so that the “refusal” bits of Windows in respect of actions a user might want to do with media files is an inextricable part of the OS …
Draw your own conclusions.
None of this “refusal” requires any DRM attributes to be added to your existing .mp3 files. It will refuse to copy them in certain ways, regardless.
Edited 2006-09-22 10:24
What I do think is likely is that Vista will refuse to copy unprotected .mp3s to USB drives (ie media players), and it will refuse to expand them back to .wav, and refuse to allow you to burn them to CDR, and most importantly refuse to allow them to be shared by any P2P protocol over your internet connection.
Whatever; irrelevant is what you claim; relevenat is, however, if you can back that claim up. Can you? If not, you are still playing a mighty fine game of panic football.
Whatever; irrelevant is what you claim; relevenat is, however, if you can back that claim up. Can you? If not, you are still playing a mighty fine game of panic football.
Interesting, got a mate running RC1; chatted to him about the mp3; his response, “I can still copy all my mp3s off limewire to my device, I can still share my mp3s via limewire; what is that guy getting at” when I pointed him to the forum post.
Thom, no use trying to understand some people here, they’re hell bent on spreading that Microsoft is the bitch of the RIAA, and doing everything possible to make life difficult for the ‘average joe’ never minding the more draconian measures that Apple takes on, or the fact that Linux users will be left out of the loop when it comes to the next generation of music and videos.
Linux users will be left out of the loop when it comes to the next generation of music and videos.
There are three unanswered points here.
The first is that there is absolutely no way to “cut Linux out of the loop” without also cutting out of the same loop billions of existing standalone DVD and Cd players.
The second point is that there is no point whatsoever to all this DRM nonsense if users can still rip, copy and share media files.
The third is that there is no point whatsoever to Microsoft revamping their Media Player, embedding it inextricably into the OS and making it updateable by force, and also re-writing the network stack … unless there was going to be an attempt made to frustrate sharing of “unprotected” media files via P2P.
I do take the point that there is no point in putting these restrictions in the pre-release betas. The restrictions will have to come later, in the first “security update”, after Vista has got a foothold.
Edited 2006-09-22 12:58
Oh..please…
You, Thom, link articles (claims of Vista being delayed) on the OSnews head page of people who claim Vista will be this or that , delayed etc. You think its newsworty. Now you burn this guy for claiming something and ask him to back that up, and i agree. So please back your claiming news stories up before publish them and save use some rubbish.
What I do think is likely is that Vista will refuse to copy unprotected .mp3s to USB drives (ie media players), and it will refuse to expand them back to .wav, and refuse to allow you to burn them to CDR, and most importantly refuse to allow them to be shared by any P2P protocol over your internet connection.
So what you’re saying is, that MS will not allow me to copy media files full stop?
So I will not be able to copy recordings from my lectures and meetings. I will not be able to move my voicemail to USB drives?
And that sounds ‘likely’ to you, does it?
Holy crap!
Read my other posts….
Where did you get the idea that you can’t turn off DRM in WMP11?
This is REDICULOUS.
Don’t make assumptions on something you haven’t even seen yet.
I will tell you right now, you most DEFINEATELY can turn it off. I will even post up a screenshot if you so desire.
Stop being such a…. I don’t even have a word for it, you just simply blow my mind away….. completely.
//I will tell you right now, you most DEFINEATELY can turn it off. I will even post up a screenshot if you so desire. //
I would be very interested.
There are media companies right now who will sell you a CD with normal audio tracks, and in addition protected compressed audio data files on the same CD. Also on the same CDs there is often “autoplay” which will typically install a crippled media system that restricts the use of the CD. This is not very effective, because users can turn off autoplay.
I would love to see how a Windows Vista user of the future can make Windows ignore the protected compressed audio data files and allow the user access to the unprotected and uncompressed CD audio data.
This ability would make the whole of Windows Vista a mind-bogglingly pointless exercise.
I would love to see how a Windows Vista user of the future can make Windows ignore the protected compressed audio data files and allow the user access to the unprotected and uncompressed CD audio data.
If this sort of copy-protection doesn’t depend on autoplay, I’d be interested to know how this works on Linux or Mac as well, if it does at all. If it doesn’t, then at least in Vista, you’ve got access to the protected compressed audio files. Sure, it ain’t a good thing that you’re restricted, but if you’re dumb enough to buy the CD in the first place, it’s better than nothing.
And for those of you who say that Vista won’t allow you to rip and burn standard (non copy-protected CDS), stop … just stop. As I mentioned before, people were spouting the same bullshit when XP came out .. “Oh, you’re not going to be able to play non-DRM’d mp3 files anymore!” Anybody remember that? It’s the same ‘gloom and doom’ senario all over again. And there ain’t a shred of truth to it.
//If this sort of copy-protection doesn’t depend on autoplay, I’d be interested to know how this works on Linux or Mac as well, if it does at all. If it doesn’t, then at least in Vista, you’ve got access to the protected compressed audio files. Sure, it ain’t a good thing that you’re restricted, but if you’re dumb enough to buy the CD in the first place, it’s better than nothing.//
You’ve missed the point.
The copy protection doesn’t depend on autoplay because it is already built in to WMP11.
Linux doesn’t have WMP11, so it just blithely ignores the artificial restrictions on the CD.
I don’t know what the story is for Macs. I suspect they would be complicit too, like Vista is.
//And for those of you who say that Vista won’t allow you to rip and burn standard (non copy-protected CDS), stop … just stop.//
Has anyone said that?
For non-copy protected CDs, I’m sure Microsoft will allow you to rip it to a protected (ie DRM’d) format. You can then play that on your PC, and possibly also on your trusted portable player device, to your hearts content.
The only thing that is likely to be refused is copying it to the world in general once you have ripped it.
//”Oh, you’re not going to be able to play non-DRM’d mp3 files anymore!”//
You will be able to play non-DRM’d mp3 files. You will probably be allowed to copy them to a “trusted” player device also. Just not to removable media, I would suspect, or to share across your internet connection.
Edited 2006-09-22 23:39
I said it before and I will say it again.
There is an option to turn off copy protection upon encoding ripped music (I actually think it is off by default, don’t quote me on that there).
You can even rip to mp3 at up to 320kpbs.
And the answer to that question is YES you can turn it off.
Apparently MS is bad. And I never got the memo! lol
Testing network stacks by looking at web page load times in browsers? You gotta be kidding me.
netpython: Testing network stacks by looking at web page load times in browsers? You gotta be kidding me
You can get the lowdown on the network stack here: http://channel9.msdn.com/Showpost.aspx?postid=116349
It is a good review, but it seems that the guy who wrote the review has completely lost the plot with the constant despraging remarks of ‘old code’ – need he be reminded that old code equals code which has gone through the war zone that is the ‘real world’.
What does the reviewer want? a completely re-written parts with possibilities of vulnerabiliies due to the new nature of it, or would he rather have code which has been audited, and based on time tested, stressed tested code.
//It is a good review, but it seems that the guy who wrote the review has completely lost the plot …//
It isn’t a good review. The reviewer is reviewing beta code, and claiming parts of it are “the best out there”, while at the same time utterly ignoring its inherent showstopper problems, such as DRM, WGA and yes (despite his deluisons), security.
I posted a link earlier to a new zero-day exploit for VRML, that applies to fully patched XP systems running IE6. (You will have to search for it, because the site moderators tried to filter it from view). Anyway, if it is a zero-day exploit, then it is highly likely that the nascent Vista code has exactly the same problem. So much for Vista “security”.
The review has absolutely no objectivity. It isn’t a good review. It is just a fanboy puff-piece.
Edited 2006-09-22 07:07
Vista is a new OS for a new era. Everything shipping out now is labeled “next-gen,” and indeed, Windows Vista is a next-gen OS for next-gen computers throughout the new generation.
Either this guy is joking or he’s smoking crack.
With Vista RC1, programs install and run faster. On Linux one must install all dependencies first, and with programs like Yum(ex) it isn’t hard, but it certainly is time-consuming.
On any OS, installing a program requires installing its depedndencies.
God, this article is full of crap. It is so biassed and so full of linux FUD that it isn’t even funny. The “User account protection” section is the worse of them all. We all know that whenever Microsoft releases a new version of Windows there are a lot of marketing parrots yapping about how most excellent the new Windows is and how it outshines every single competing product out there but this is ridiculous.
//God, this article is full of crap. It is so biassed and so full of linux FUD that it isn’t even funny. The “User account protection” section is the worse of them all. We all know that whenever Microsoft releases a new version of Windows there are a lot of marketing parrots yapping about how most excellent the new Windows is and how it outshines every single competing product out there but this is ridiculous.//
Exactly.
Your post is well worth repeating.
Even though the auther seams to be totally unaware of the security features available in Linux, I would agree with him. Vista seam to have better security than Linux.
Not in the sense that it is possible to configure a Vista box to be more secure than a Linux box, because that would be totally untrue. Vista has better security because its security is more accessible to the average user or sysadmin.
Whenever you speak about security you need to take the user into account, and most users and sysadmins are not security experts. They are better served by simple tools that give them some minimal level of security than by advanced tools they can’t handle.
My guess is that there is a better chance of having a majority of the future installed base of Vista boxes being mildly secure than having the majority of all Linux boxes being configured for military grade security.
Linux have a lot to offer. E.g. it would be totally possible to sandbox a web browser or a mail client, in fact in Linux you are not only limited to run it with limited permissions but also make sure that all files downloaded with that program also gets limited permissions unless the user changes his role and actively raise the permissions on them. However most of this stuff is too hard to do for the average sysadmin.
If Linux distros doesn’t get their act together and create more secure defaults, and/or creates easier to use tools to manage security, we could very well end up with a situation where Linux would seam less secure than Vista.
Even though the auther seams to be totally unaware of the security features available in Linux, I would agree with him. Vista seam to have better security than Linux
And I call BS every time people like you try to deny basic reality, and I’m sure I can, because you just can’t justify denying reality, so you’ll have a big flaw somewhere.
Not in the sense that it is possible to configure a Vista box to be more secure than a Linux box, because that would be totally untrue
So it’s not more secure after all.
Vista has better security because its security is more accessible to the average user or sysadmin
Here’s the big flaw. This is pure BS for a simple fact : Linux has better security because its security doesn’t even need to be accessible to the average user or sysadmin to be effective. For security to be accessible, you have to know what you are doing. Not having to deal with viruses (Linux) is FAR BETTER than to have an easy to use antivirus.
Not having to abuse your users to not open every attached piece in an email is FAR BETTER.
Whenever you speak about security you need to take the user into account, and most users and sysadmins are not security experts. They are better served by simple tools that give them some minimal level of security than by advanced tools they can’t handle
BS. Like I said, they are better served by default good security settings and design. Nothing guarantee you they will even touch your tool. FYI, in Windows, most don’t touch them.
My guess is that there is a better chance of having a majority of the future installed base of Vista boxes being mildly secure than having the majority of all Linux boxes being configured for military grade security
Worst BS ever ! Sorry to tell you that most distro automatically update the security of their OS on Linux since some time, and they are not military grade secured at all. Windows isn’t even rid of its virus problem yet.
And yet you dare talk about Windows being more secure in the future ?
Linux have a lot to offer. E.g. it would be totally possible to sandbox a web browser or a mail client, in fact in Linux you are not only limited to run it with limited permissions but also make sure that all files downloaded with that program also gets limited permissions unless the user changes his role and actively raise the permissions on them. However most of this stuff is too hard to do for the average sysadmin
Sandboxing a web browser or mail client is plain useless on Linux. The OS takes care of it already. Stop trying to put a poor patch for poor security of Windows like a necessary feature for Linux. All files downloaded on Linux automatically get limited permissions : what is too hard with “the admin has nothing to do” exactly ?
If Linux distros doesn’t get their act together and create more secure defaults, and/or creates easier to use tools to manage security, we could very well end up with a situation where Linux would seam less secure than Vista
What do you mean “get their act together” ? Reading what you say, we’d believe Linux have security problems. It doesn’t !
When you’re back in our world, you’ll learn that Windows has to get their act together. Linux is not the one with the zero-day exploit running right now.
This is unsubstantiated stupid FUD with shameless predictions for the future : wow !
/ What do you mean “get their act together” ? Reading what you say, we’d believe Linux have security problems. It doesn’t ! /
Um, yes it does. Check out the plethora of security patches released and their severity level. You may have an opinion it’s more stable, but please try to compare things on level playing fields.
Stack equal market shares of Windows against Linux and I’d suspect Linux would loose significant ground on the security arguement.
A great deal of “Linux security” has to do with its lack of market numbers. Security problems in Windows get slammed every month, yet every month Linux components have their share of vulnerabilities patched as well. It just doesn’t get splashed all over the news websites. Why? Because like it or not Linux just doesn’t have the relevence on the Desktop.
Security is not just about the number or severity of flaws as well – it’s about the impact. In fact, I’d argue that the net impact of the flaws is more important than the raw numbers. What do they mean to business continuity? THAT’S what’s important.
Edited 2006-09-22 12:38
//A great deal of “Linux security” has to do with its lack of market numbers.//
Unsupported, and unsupportable, assertion.
Just because you state something (or rather, just because you repeat a soundbite of Microsofts) does not make it so.
And neither is the suggestion that Linux is more stable, when comparing unequal situations.
Unsupported? I’d suggest it’s quite the opposite, depending on the website one chooses to ask the question.
//Unsupported? I’d suggest it’s quite the opposite, depending on the website one chooses to ask the question.//
Suggest away. Feel free. No harm there, I have done that quite a bit myself.
Proof … should be interesting. How do you propose to proove a negative?
“A great deal of “Linux security” has to do with its lack of market numbers.”
Completely ignores the fact that Linux has significant market share for servers, also. Still no malware to speak of.
Edited 2006-09-22 13:06
// Still no malware to speak of. //
Rootkits, and plenty of them.
//Rootkits, and plenty of them.//
No means to get installed, other than by direct physical intervention or via password cracking.
No self-propogating malware in the wild for Linux.
A (real biological) virus can be extremely lethal, but it is not a significant threat if it has no viable vector. This observation translates well into the realm of computer security.
Edited 2006-09-22 13:15
Yeah you just don’t want to compare on level playing fields do you?
OK, you win. I give up. Yay….
//I’d argue that the net impact of the flaws is more important than the raw numbers. What do they mean to business continuity? THAT’S what’s important. //
The net impact of flaws and malware attacks on Windows? Billions of dollars lost, billions of manhours spent trying to combat the malware, thousands of different malware items out there in the wild.
The net impact of flaws and malware attacks on Linux? What malware on Linux? Please show some.
Again, market numbers. You can kid yourself if you like.
//Again, market numbers. You can kid yourself if you like.//
Again, Linux has significant numbers in some markets. Still no malware.
You too can kid yourself if you like.
Um, yes it does. Check out the plethora of security patches released and their severity level. You may have an opinion it’s more stable, but please try to compare things on level playing fields
Which I do. You’re just not qualified to discuss this matter, especially when you can’t make the difference between a “security problem” and a “security patch”.
The zero-day flaw on Windows is a security problem (VERY BAD thing), a security patch is a good thing.
Once you’ll notice that the security flaws patched on Linux are not exploited before the patches, you’ll start to understand the difference.
Stack equal market shares of Windows against Linux and I’d suspect Linux would loose significant ground on the security arguement
Your suspecting is already debunked by reality, sorry. Loads of Linux appliances and Linux servers protect all those Windows as we speak.
A great deal of “Linux security” has to do with its lack of market numbers
Don’t confuse your cluelessness with “lack of market numbers”. The numbers are there, the number of Linux appliances alone is enough to counter your argument.
Security problems in Windows get slammed every month, yet every month Linux components have their share of vulnerabilities patched as well
Again, you have problem making the difference between security “problems” and “patches”. Funny that you still associate the problems with Windows and the patches with Linux, in your sentence.
It just doesn’t get splashed all over the news websites. Why? Because like it or not Linux just doesn’t have the relevence on the Desktop
Your straw man has been debunked several time already. Are you new or what ? I think you would love these mi2g reports.
Security is not just about the number or severity of flaws as well – it’s about the impact. In fact, I’d argue that the net impact of the flaws is more important than the raw numbers. What do they mean to business continuity? THAT’S what’s important
So you understand after all. How to contradict oneself in one post : why do you talk about “the plethora of security patches released and their severity level” in your post then ? Because the impact has been, errr, zero for Linux ! While the Windows zero-day flaw is devastating as we speak, and viruses are still mostly a Windows thing.
//While the Windows zero-day flaw is devastating as we speak, and viruses are still mostly a Windows thing.//
Which brings us back to …
http://www.linux-watch.com/news/NS6131985793.html
http://www.eweek.com/article2/0,1895,2017620,00.asp
http://www.eweek.com/article2/0,1895,2017407,00.asp
Dang it! I’m convinced!
Where do I sign up to converting to a purely Linux infrastruture?
To me you’re toying with words here. But yes, I’ll agree that it’s just my opinion that on level playing fields things would start to even themselves out.
I don’t think my straw has been debunked at all, just disected sentence by sentence and then taken completely out of the context in which they were intended. But sure, you can do that.
I’m NOT a Microsoft fanboi or something like that – do some quick research on what I’ve said about them in the past here. It’s purely untrue.
New? Hardly. Many years of experience in both SME and global corporates, working in some extremely controlled environments.
I do not see Linux as any more secure that Windows, or vice versa. Sure, that’s my opinon and you’re free to take swipes at me, without knowing me. You can do that, feel free. Tell you what, disect this entire post sentence by sentence… just for old times sake. It’ll make you feel superior.
//I do not see Linux as any more secure that Windows, or vice versa.//
Sigh!
The problem is multi-faceted, and I will try to point you in the general direction – but essentially it stems from one thing only: Windows paradign is the sale of binary-only copies of closed-source applications.
This paradign has a few side-effects: (1) subsequent versions of Windows have an imperative to be able to run binaries that were made originally for previous versions. If it were not so, few people would buy into an updated Windows OS because their old purchased programs would no longer run on their new OS.
(2) The binary backward-compatibility of Windows stretches back to the days of Windows 95, when Windows was a single-user non-networked OS.
(3) Because of its original design as a single-user non-networked OS, and because of the binary backward-compatibility of Windows stretching back to the days of Windows 95, Windows necessarily pays no heed to any equivalent of an “execute permission”. Windows will happily execute a file if it has an “.exe” extension (or any of several other extensions). There is no requirement for a local user to manually assign a particular file any “execute permission” … Windows will still happily execute it without having any idea at all where it came from or who owned the file.
Windows security is fundamentally borked, by design, due to the imperative of binary backward compatibility.
Linux has no such security design limitation, or imperative to remain insecure. Because of this one feature – Linux requires an “execute permission” to be explicitly manually set by a local user – there is no self-propogating malware for Linux in the wild.
Edited 2006-09-22 13:43
That’s also a primary reason why so many programs break on Linux with simple version upgrades to dependencies.
The customers demand this backward compatibility.
Edited 2006-09-22 13:47
At least it doesn’t take the whole system down.
My Computer(Not Responding..),and all that in fact happened whas the dvd drive couldn’t read the inserted media and i wanted to acess some files in the meantime via guess what My Computer.
//That’s also a primary reason why so many programs break on Linux with simple version upgrades to dependencies.//
A reasonable package manager application completely avoids this issue.
I have been installing and uninstalling and upgrading versions of a multitude of applications for many years now using package managers without once encountering a dependnecy problem that the package manager couldn’t automatically (and transparently) handle.
Its a breeze. You should try it.
http://zorked.net/smart/doc/README.html
Edited 2006-09-22 14:03
That’s also a primary reason why so many programs break on Linux with simple version upgrades to dependencies
They don’t. You’re just clueless, and hope to get away with it thanks to other Windows fanboys going to your help.
No Linux program break with simple version upgrade of dependancies, except some well known libraries like OpenSSL.
And I know first hand as I have a custom Linux OS made entirely from source. I sure enough don’t update all the programs dependants on some dependancy I updated.
This is just pure flamebait.
The customers demand this backward compatibility
Which is no problem on Linux. In case you didn’t notice, Linux distros are constantly updated without problem.
Finally, how come you have so much hard time understanding that you can’t say with a straight face that an OS (fully patched Windows XP SP2) that is currently under heavy attack through a zero-day flaw is more secure than another that have zero malware in the wild against it, and that is continuously patched before flaws are exploited. Not so long ago, there was another zero-day flaw on Windows, and Vista had the exact same flaw.
Edited 2006-09-22 14:16
Actually, your execute permissions and everything are backwards-compatible with UNIX, due to its original design as a UNIX clone for the commonly available (at the time) 386 IBM compatibles.
quote> To me you’re toying with words here. But yes, I’ll agree that it’s just my opinion that on level playing fields things would start to even themselves out.
You do know that Linux and Apache has had the highest marketshare of webservers for years and yet Windows and IIS have always had more problems?
Oooh. Now I’m going to wipe my hard disk of Linux and replace it with Windows! Not!!!
That anyone can keep a civilized discussion? there’s just too much FUD from both sides, just too much fanboism!
C’mon guys, we’ve already arrived to the point of asking “how do you know that Vista will be able to read XX protected CDs?”!
Now MS is going to ship its main flagship without CD support, and Linus Torvalds will quit Linux development to join Tenembaum’s MINIX3. Yeah, sure.
//C’mon guys, we’ve already arrived to the point of asking “how do you know that Vista will be able to read XX protected CDs?”!
Now MS is going to ship its main flagship without CD support, and Linus Torvalds will quit Linux development to join Tenembaum’s MINIX3. Yeah, sure.//
Vista will be able to read the protected compressed audio data files just fine. The CDs will play … you just won’t be able to rip any tracks or copy any files anywhere else … using Vista.
No-one said anything about “no CD support”.
//Vista will be able to read the protected compressed audio data files just fine. The CDs will play … you just won’t be able to rip any tracks or copy any files anywhere else … using Vista.//
I guess you mean “Using WMP11”, not Vista. And, last time I looked at WMP, there was a nice checkbox labeled as “Include copy-protection” in the ripper window. And there are plenty of other tools out there which can rip your cds.
Again, this all looks like plain FUD to me. But I guess that’s the way we all linux geeks should behave.
Edited 2006-09-22 15:06
//I guess you mean “Using WMP11”, not Vista.//
You guessed wrong. WMP11 is an inseperable part of Vista.
//And there are plenty of other tools out there who can rip your cds. //
They won’t work if they cannot read the CD audio data. The way to read CD data is … via the OS.
Bingo.
What you’re actually stating is that Vista will not allow you to make backups of those cds wich include anti-copy protection. Right. Now explain me: Who made those cds that way? Was it Microsoft? So, if the OS (I’ll avoid the word “Vista”) prevents you from copying something you’re *not supposed* to copy is a bad thing?
Please don’t get me wrong, I’m NOT pro-DRM. But I’m afraid you’re blaming the wrong persong here. IMHO, it’s a better idea not to buy those protected cds and make the music distributors get a clue about “we want our legally bought music to play it wherever we want” and not just blaming MS because they made their OS to respect those cd distribution rules.
Anyway, it’s nice to be able to discuss something with someone without having to read “MS suxx!!1 use linux har har! w3 1337 rulz lol!!1oneone” 😉
//What you’re actually stating is that Vista will not allow you to make backups of those cds wich include anti-copy protection. Right. Now explain me: Who made those cds that way? Was it Microsoft? So, if the OS (I’ll avoid the word “Vista”) prevents you from copying something you’re *not supposed* to copy is a bad thing? //
Who said I am *not supposed* to? I bought a CD. CD’s are for playing music. If I want to, I should be able to play that CD at full quality on my PC as well as on my standalone CD player. I should be able to compress the CD data and put it on my MP3 player, if I want to. I bought the CD, after all. I have paid for it.
//But I’m afraid you’re blaming the wrong persong here.//
I’m not “blaming” anyone. I’m just telling you like it is. The big media companies are making a play to grab your rights away from you, and Microsoft is being complicit in that.
And yes, if you want, you can avoid their joint attempt to take away your rights by using a non-complicit OS and relying on their greed to remain compatible with billions of standalone CD players and DVD players. That represent a huge market for media companies. Because they will cater to that market, you can retain your rights by not using Windows Vista.
That is all. That is the message. No mudslinging, no FUD, just “get the facts”.
Edited 2006-09-22 23:29
Windows Vista sucks, really. There’s no concept in the interface design!
See http://neosmart.net/blog/archives/264/6/#comment-6075
If we didn’t buy DRM-laden media, they wouldn’t sell it.
Conversely, if it’s ALL they sell, we have no choice but to buy it DRM’d. (or not buy it at all, yes)
————————
We’re running perilously close to #2 because of everyone’s ignorance of #1.
Richard M. Stallman is stirring the waters trying to prevent #1; while Linus Torvalds is worrying about the impact of #2 on Linux.
EDIT: Yes, I know this is off-topic, but since people are discussing DRM and complaining about it…
Edited 2006-09-22 21:28
Why don’t we as a groundswell do something else unique other than bash OS’s?
Try voting for non DRM systems and media content with your money. If there are groups with DRM CD’s, then boycot them and favour groups with non DRM CD’s.
This has a 2 fold effect.
1. You can do what you like with the media after you buy it and
2. You might get to experience fringe music that is actually artistically derived instead of the bland populous crap that poses as music and would be nothing without the over souped visual crap to help sell it.
DRM is mainly being brought in by the main media/entertainment production houses. These people are middle men in the industry that supress the arts sector with heavy handed marketing and distribution systems designed to limit consumer choice and make them money. Both the consumer and the artists suffer and it is time consumers woke up and realised this.
Most of us have in a for or other but winging about DRM instead of dealing with the assholes that induce this crap is the real problem.
United we stand/divided we fall. Which side do you want to be DRM or DRM-Free? Given the bland crap I see being pushed by the DRM players I certainly know where I want to be.
//winging about DRM instead of dealing with the assholes that induce this crap is the real problem. //
Not at all. Who is whinging about it? We have a solution – don’t use Windows, and in particular, don’t use Vista.
A perfectly good solution.