Microsoft announced the availability of Windows Vista, Office 2007 and Exchange 2007 for businesses on Nov. 30, an event company CEO Steve Ballmer said was the “biggest launch we’ve ever done.” After delivering a media address at the Nasdaq Stock Exchange in New York to celebrate the product availability, Ballmer sat down with eWEEK Senior Editor Peter Galli to talk about why he feels this is a new day for Microsoft, developers and its customers. CNet has more.
.
It’s such a big announcement I never heard it.
Microsoft is trying so hard to duplicate the lightning strike that occurred with Windows 95 (it ain’t gonna happen!)
The only way that would happen is if they released a new non desktop-metaphor operating system running on singularity. See you in 2020!
Nope! Don’t care!
Too weak to be interesting on their own, these products are announced together to create hype they do not deserve–pathetic.
Edited 2006-12-01 00:39
Funny … for products that you consider to be “too weak to be interesting on their own” and “pathetic”, you apparently thought it was important enough to comment on them. Why is that?
Funny … for products that you consider to be “too weak to be interesting on their own” and “pathetic”, you apparently thought it was important enough to comment on them. Why is that?
Funny … for products that you consider to be “too weak to be interesting on their own” and “pathetic”, you apparently thought it was important enough to comment on them. Why is that?
Funny … for products that you consider to be “too weak to be interesting on their own” and “pathetic”, you apparently thought it was important enough to comment on them. Why is that?
Funny … for products that you consider to be “too weak to be interesting on their own” and “pathetic”, you apparently thought it was important enough to comment on them. Why is that?
(burn your votes)
“Too weak to be interesting on their own, these products are announced together to create hype they do not deserve–pathetic.”
Vista on its own, perhaps…but Office 2007 and Exchange 2007 are major advances from a technology standpoint
They couldn’t have chosen a worse time… After the lines of nerds for the PS3 and the Wii, the Vista launch seems even more pathetic…
Ok they finally released it….nice…!
But where can i find some drivers for my graphics system…Nvidia has no RTM compatible drivers, and SLI is a feature which is still not supportet, i know that this is not the fault of MS, but i can’t remember the launch of a new windows version, without the availability of drivers from the bigger players like Nvidia and so on
So i have to stay on XP for a while..
Windows2000 had limited driver support when it was released, and the changes in Vista are so huge (as far as driver writing goes) that they have to start completely from scratch.
If you can’t remember a Windows launch without driver issues, then perhaps the only Windows launch you’ve seen is WindowsXP.
Also, the drivers built into the OS are “RTM compatable”, and there are also other drivers that have been released on guru3D. I am currently using 97.34
“Nvidia has no RTM compatible drivers”
Bear in mind that the consumer launch is still 2 months away…that’s plenty of time for nVidia to cook up some RTM drivers.
After the raving success of “the MP3 player that sells less than some vinyl record players on Amazon” and the fascinating “The OS that nobody wanted” don’t miss out on “the Office suite that nobody wants either”.
Software as popular as shit on a stick.
Edited 2006-12-01 01:49
Couple of things.
First, Zune has actually moved to #2 in the market, which isn’t saying much, especially when you look at iPod’s numbers, but still, you make it sound like they haven’t sold any units, meanwhile they have moved to #2 in just 2 weeks.
I don’t know about Vista (I am sure it will be a highly desired OS after drivers are available for it, and perhaps a SP or 2), but MANY people LOVE Office2007.
Zune is simply retarded. Talk about a Johnny Come Lately.
Office 2007? I’m sure those folks who loves shelling out bucks for the latest and greatest are happy to have something new to throw their money at, but what does it really get you? Just like all the other releases of office in the last 10 years, Microsoft believes that running all the menu items through a randomizer constitutes an upgrade.
In Office 2007, they’ve just altered the appearance of the menu/toolbar system. Big deal!
Sounds like you know nothing of the underlying changes of Office 2007. Google it, and you shall learn. Much like Vista: Its more than a simple GUI Change.
In Office 2007, they’ve just altered the appearance of the menu/toolbar system. Big deal!
It is sucha big deal, that it has turned Office from an annoying office suite into one of the best software products money can buy. The new ribbon interface is not just evolutionary, it is revolutionary. OOo already was a pile of crap compared to Office 2003, but when compared to 2007, it’s like comparing MacOS X Tiger to Windows 2.0.
But I guess you saw some screenshots, read some anti-MS posts, and made up your mind. Too bad that’s all it takes these days to reach +5.
@Thom_Holwerda
I disagree with your assessment of Office 2003 and OpenOffice. I have access to both and I prefer to use OpenOffice. Why? Because it fulfills my needs and works on all the operating systems I like to use. Office 2003 doesn’t.
I also disagree with your assessment of the ribbon. It might look nice, but when it comes down to it, it is just another means to access the same old menu items.
If Microsoft, or anybody else for that matter, really wanted to put out an exceptional office suite, it would include things like built-in OCR scanning support, better editing tools, and support an open document format. Not a “revolutionary” system for accessing common menu items.
Perhaps the reason that my comment was given a 5 is not so much a problem with me, but rather a problem with Microsoft, their products, and the public perception of them as a company.
I think people have finally had enough.
Edited 2006-12-01 09:39
…I also disagree with your assessment of the ribbon. It might look nice, but when it comes down to it, it is just another means to access the same old menu items…
sure you can do the same things with the ribbon and without the ribbon, but what Tom was talking about is UI. You can have a bad UI and a good UI with both allowing you to do the very same operations. The difference is HOW you do such things. I have briefly tried out Word 2007 and I have to say I was struck by the ribbon and how it avoids clutter in the UI by grouping similar operation. I am not an experienced Word user as I use Latex form my typesetting work and I found the ribbon quite beneficial.
I would like to mention for all those scientists who happen to hate Latex that Word 2007 features an Equation Editor rewritten from ground up. Finally there is the possibility to set an equation as “in-line” thus avoiding alteration of line spacing. En plus the Equation editor now supports the MathML format. This means that, for example, you can derive an equation in Mathematica, put in MathMLFrom and copy and paste it in Word and bingo! you get a nicely typesetted equation(they finally adopted Latex type fonts)
cheers
Andrea
Office does have built-in OCR support, as far as I know. It’s not especially good, but that’s what Microsoft Office Document Imaging does (it was one of the new features that came with Office XP or 2000).
“Too bad that’s all it takes these days to reach +5.”
Perhaps editors should recommend changing the voting method. Once someone gets +5, you cannot mod him down just because you don’t agree with him, according to the rules. So don’t complain.
And by “revolutionary” I suppose you mean “done by Sun in CDE in the early 1990s”?
// It is sucha big deal, that it has turned Office from an annoying office suite into one of the best software products money can buy. The new ribbon interface is not just evolutionary, it is revolutionary. //
Office 2007 is:
(1) Non-compliant with ISO/IEC standards,
(2) Available only from a single vendor,
(3) Available only for a single platform,
(4) Uses a format that no other current product uses,
(5) Lacks support for PDF,
(6) Lacks support for some web satndards such as SVG,
(7) In all likelihood, with its new GUI, is now unuseable by the disabled (the very criticism that Microsoft used against OpenOffice adoption),
(8) Is very expensive,
(9) Has a format that has (deliberate) dependencies on the Windows platform, making it unlikely that the format will ever be useable on other platforms, and
(10) Has a non-existant user base at this time.
“best software products” … I don’t think so. Not by a long, long way.
Edited 2006-12-02 10:03
They have since dropped off the charts.
> First, Zune has actually moved to #2 in the market,
> which isn’t saying much, especially when you look at
> iPod’s numbers, but still, you make it sound like they
> haven’t sold any units, meanwhile they have moved to #2
> in just 2 weeks.
If you take for example the Amazon Top bestsellers list in electronics, your #2 appears to be #76, and going down. Since the list contains only 100 places, you can expect Zune to get out of the Amazon charts in a day or two.
And what does Amazon.com have to do with actual numbers?
I mean, I really don’t care about where Zune’s market share is, but I have NO IDEA why you do as well.
My guess is you just want to see it fail, and if so, then get a freaking life.
Is it because the amazon charts are a chart listing on the numbers sold through the site ?
And, if so, by dropping down the chart, does this not mean that after the initial surge of early buyers, no-one else is interested in a zune ?
How does this translate as the guy wants the zune to fail ?
Well, I mean, saying that they were #2 in a short amount of time begs the questions “are they still #2?” and “for how long will they stay there?”. Someone observing that they no longer are there at a MAJOR sales site is a defensible measurement of that trend. Let’s face it, they’re blatantly copying what has been a HUGE success for someone else, not innovating or shaking up the market. It isn’t a dumb business move, but you beg for the black eye with the marketing hype. As for people wanting MicroSoft products to fail, the feeling is probably no stronger than MicroSoft’s attempt at ASSURING other products fail.
– edited for brain cramp on English 101
Edited 2006-12-02 02:18
Many people USE Office 2007 because they do at work.
Most people USE Windows x.x becuase it comes preinstalled on their computer
I’m not saying that some people don’t ‘LOVE’ Office/Windows but the majority probably over 90% people don’t care, as long as it works.
I invision a MS related post that doesn’t have un-needed bashing comments.
They released it to Businesses. Ok, grats MS.
Why waste time replying to it if you think its such a “shitty” product? Let those who use it, use it in peace. Be gone trolls.
Edit:
Interesting;y enough, it is the “biggest launch [they’ve] ever done.” since Windows 95. Why? Bill Gates: “We haven’t introduced a new Windows and Office generation at the same time since 1995.”
So, in that sense, yes, this a big launch for them.
Edited 2006-12-01 01:59
The trolls are pissed. Can you blame them? Their biggest bugaboo (security) is being addressed with Vista, so they won’t have as much to complain about. They’ll have to come up with all-new complaints.
All new complaints? Vista’s security isn’t proven yet. No need for new complaints yet. There’s a multi billion market for PCs in both Spyware and Security software; Vista is not going to cull that in one day.
LMFAO! Not proven yet? You actually think that malware writers haven’t tried to break Beta1, Beta2, RC1, and RC2? Get real.
“The trolls are pissed. Can you blame them? Their biggest bugaboo (security) is being addressed with Vista, so they won’t have as much to complain about. They’ll have to come up with all-new complaints.”
‘Adressed’ does not necessarily equal ‘solved’.
‘Adressed’ does not necessarily equal ‘solved’.
No more than have Linux and OS X “solved” security problems. Doubt it? Check out the endless stream of advisories. Anybody who tells you differently is full of cr*p.
“No more than have Linux and OS X “solved” security problems. Doubt it?”
I don’t doubt for a second that the security of Linux and OSX both offer a much more pleasant experience than the Windows-es already out there. I suspect the same will hold true for Vista, but I’m giving it the benefit of the doubt for now.
“Check out the endless stream of advisories. Anybody who tells you differently is full of cr*p.”
<sarcasm>Right. Instead of believing those people who usually back their arguments with data I should just blindly believe you I suppose. </sarcasm>
Edited 2006-12-01 19:05
I’d wait for the exploits to start rolling in (or not) before saying MS has addressed security. Their track record could barely be any worse.
I’d wait for the exploits to start rolling in (or not) before saying MS has addressed security. Their track record could barely be any worse.
No need to wait. The betas have been available for a long period of time. You mean to say that malware writers have been on vacation? LMFAO! Rrrrrrright.
“No need to wait. The betas have been available for a long period of time. You mean to say that malware writers have been on vacation? LMFAO! Rrrrrrright.”
Umm, more likely they’re simply waiting for an audience. Surely you’re not so naive as to believe that crap about Vista being secure do you? <hysterical laughter ensues>
Umm, more likely they’re simply waiting for an audience.
Most malware attacks have come through Internet Explorer. IE7 is available under XP *and* Vista. So, clearly, that attack vector is an appealing target because it kills two birds with one stone. Thanks for your “insightful” analysis, chief. Time to go back to the drawing board and think of another excuse.
Surely you’re not so naive as to believe that crap about Vista being secure do you? <hysterical laughter ensues>
The proof is in the pudding. Read it and weep:
http://secunia.com/product/12366/?task=advisories
IE 7 only has about 8.84 percent marketshare while IE6 has 70.91 percent.
We’ll see alot more bugs uncovered by the time IE7 reaches 70 percent usage.
Mark my words.
So far, you’re batting zero. IE7 is holding up against hackers.
Nope, they are not on vacation. But since malwarewriters are in the business for the money, they don’t waste time on a system that nobody uses.
AmigaOS is pretty safe from such attacks as well. The question is how the malwarewriters will attack Vista when it has been widely adopted.
It’s true WinXP was heavily targetted during beta-testing but back then it was more ideology than money that drove the “machine”. Things has changed, so today malwarewriters are concentrating on the most profitting target -> WinXP.
Linux is also under malwareattack due to its widespread adoption on servers, and has had its own share of trouble.
There can be no doubt that malwarewriters will attack Vista, but it is also without doubt that they are going to get a hard time due to the increased security in Vista. The absolutely weakest part will be the user. However, user stupidity is not something one can blame Microsoft for. At least, it would be most unreasonable.
//Linux is also under malwareattack due to its widespread adoption on servers, and has had its own share of trouble.//
Source?
Evidence?
Comparison of level of threat compared with six-figure and rising known malware for Windows?
Comparison of number of “Linux botnets” compared to “Windows botnets”?
This should be interesting. I wait with anticipation for a (fair and considered) reply. Something tells me I won’t be getting one.
Edited 2006-12-02 10:23
I’d wait for the exploits to start rolling in (or not) before saying MS has addressed security. Their track record could barely be any worse.
Linux Kernel has 100+ holes.
Firefox has 64 critical security holes this year
OS X has 110 critical security holes this year.
Apache 2.x has 30+ security holes
IIS6 has 3 minor security issues in 3 years.
SQL 2005 has none.
Yes, it could be worse. Vista could be open source.
Edited 2006-12-02 05:01
Just for fun
“Linux Kernel has 100+ holes.
Firefox has 64 critical security holes this year
OS X has 110 critical security holes this year.
Apache 2.x has 30+ security holes
IIS6 has 3 minor security issues in 3 years.
SQL 2005 has none.”
Eh?
Thats a mismatch of statistics if I have ever heard them. Mind you you seem to have missed out all say Microsofts Operating system, and the bundled applications like say IE6 and outlook and that messenger, or maybe a little office application which we know.
Comparisons are really difficult to do, and almost all contain bias, but your list is a bit…strange. Its like you have intentionally left out a few things.
Comparisons are really difficult to do, and almost all contain bias, but your list is a bit…strange. Its like you have intentionally left out a few things.
I stuck to products that used to have problems and then went through Microsofts Security Lifecycle process (SLC).
As did IE7 and Vista and Office 2007.
Linux Kernel has 100+ holes. from which only 2% have leaded to direct system access.
XP home edition has 133+ from which 17% is still unpatched and 51% give direct system acess.
http://secunia.com/product/16/?task=statistics
Firefox has 64 critical security holes this year
Internet explorer 6.x has 90 from which 35% give direct system access.
http://secunia.com/product/22/?task=statistics
Apache 2.x has 30+ security holes
since you ofcourse flattered your results by taking latest and greatest i’ll take apache 2.2.x here.
also 3 advisories of which none are remote.
http://secunia.com/product/22/?task=statistics
conclusion:Any software product has flaws,bugs,vulnerabillities,which we allready know yet a vulnerabillty on any windows platform tends to give more often direct system access.Not so curious if you take into account all the trouble MS has been going trough to harden it’s XP successor Vista.Though we’ll see how well they succeeded.
So software can have vulnerabilities Mr NotParker, tell us something new.
Edited 2006-12-02 07:04
XP home edition has 133+ from which 17% is still unpatched and 51% give direct system acess.
RedHat 4, only out for less than 2 years versus XP’s 5 years. 240 according to Secunia
http://secunia.com/product/4669/
Lots of critical ones here:
https://rhn.redhat.com/errata/rhel4as-errata-security.html
Internet explorer 6.x has 90 from which 35% give direct system access.
35% of 90 is still less than the 64 Firefox critical security holes this year.
since you ofcourse flattered your results by taking latest and greatest i’ll take apache 2.2.x here.
Of course you would. But it still has as many security holes in a couple of months as IIS6 has in 3 years … and 2.x has 33.
You left out OS X, another open source (mostly) project with 110 critical vulnerabilities this year alone.
conclusion:Any software product has flaws,bugs,vulnerabillities,which we allready know yet a vulnerabillty on any windows platform tends to give more often direct system access.
Not compared to Firefox (which is just one product).
I think Microsoft record in the last few years for the products that have gone through the SLC process are excellent and is much better than open source.
The Apache, Firefox and OS X teams could learn a lot about security fromt he SQL team and IIS team.
And since IE7 and Vista have gone through the same process, I think we’ll be laughing at Fireofx and Apache and OS X for years to come whil you’ll be pointing at the record of long out of date products.
I think Microsoft record in the last few years for the products that have gone through the SLC process are excellent and is much better than open source.
I don’t think 5 years is beneign.Must have been some SLC that took them more than 5years.We’ll see if Vista can hold up to the expectations.My educated guess is crackers&co have their weapons arsenal ready since the early beta days just waiting for the appropiate moment to release them.And then the whole circus is the same as XP only with more sophistication.
2 cents is certainly to much
RedHat 4, only out for less than 2 years versus XP’s 5 years. 240 according to Secunia
…of which a whopping 0% are unpatched!
Lots of critical ones here:
Did you even follow the link? The majority of those are not OS vulnerabilities, but application ones!
35% of 90 is still less than the 64 Firefox critical security holes this year.
Do you mind giving us a link for those alleged 64 “critical security holes”? Because Secunia has only 38 security advisories, of which only 4 have been left unpatched, and none of them is critical.
Meanwhile, IE7’s 3 security advisories are still unpatched (ranger from low to medium criticality).
Edited 2006-12-02 15:55
…of which a whopping 0% are unpatched!
But not a good record.
Did you even follow the link? The majority of those are not OS vulnerabilities, but application ones!
If the Linux server is running Apache or openSSh or openSSL and it is compromised does that matter?
Do you mind giving us a link for those alleged 64 “critical security holes”?
I apologize. I was mixing up security holes and critical ones.
It is 37 critical. Out of 64 this year.
ANd many of the 37 are multiple bugs.
Still, 37 this year is still more than all the critical ones on Secunia for IE6 for 3 years.
Not a good stat!
Meanwhile, IE7’s 3 security advisories are still unpatched (ranger from low to medium criticality).
True. But pretty trivial ones.
Edited 2006-12-02 16:46
I apologize. I was mixing up security holes and critical ones.
That’s okay, we all make mistakes, just like when I forgot to mention *average* when talking about the time it takes to hack an unpatched WinXP system connecting to the Internet.
It is 37 critical. Out of 64 this year.
You still haven’t provided the link. Personally, I see 12 advisories for 2006, 58% of which are “highly critical” (all of them patched), 17% which are “less critical”, and 25% which are “not critical”.
Still, 37 this year is still more than all the critical ones on Secunia for IE6 for 3 years.
As I said, ther are only 12 advisories, though these may have multiple vulnerabilities each (I couldn’t find an indication of this on Secunia’s page, however, which is why I’m asking you for a source).
http://secunia.com/product/4227/?task=statistics_2006
For IE6, I see 35 advisories for 2004 (Extreme 14%, High 25%, Moderate 20%, Less 14%, Not 26%).
http://secunia.com/product/11/?task=statistics_2004
There are 17 advisories for 2005 (Extreme 12%, High 35%, Moderate 18%, Less 18%, Not 18%).
http://secunia.com/product/11/?task=statistics_2005
There are 14 advisories for 2006 (Extreme 14%, High 50%, Moderate 7%, Less 21%, Not 7%).
http://secunia.com/product/11/?task=statistics_2006
In other words, there have been *more* advisories for IE6 in every one of the last three years taken separately than there have been for Firefox in 2006. Criticality levels have been comparable for 2004 and 2005, and higher for IE6 in 2006.
Of the advisories found for IE6 in 2006, 29% are still unpatched (vs. 17% for Firefox). Secunia rates a fully-patched IE6 as “Moderately Critical” and a fully-patched Firefox 1.x as “Less Critical”.
I’m sorry, but no matter how you look at these statistics, from a site *you* linked to, Firefox 1.x still comes out as more secure than IE6.
Faced with such hard numbers, there’s little else for you to do but admit that you were wrong, and that Firefox’s security record is better than IE6’s.
About IE7:
True. But pretty trivial ones.
Well, it’s 2 “Less Critical” and 1 “Moderately Critical.” I wouldn’t call that trivial.
Note that Firefox 2.x compares favorably here two, with a single advisory rated “Less Critical”.
Again, Firefox beats IE on security. Would you like some salt with that crow?
You still haven’t provided the link.
I have. Many times.
http://www.mozilla.org/projects/security/known-vulnerabilities.html
67 in 2006. 37 are critical. 7 high.
I believe Firefox in 2006 has more Critical/High than IE6 does in the last 3 years.
In other words, there have been *more* advisories for IE6 in every one of the last three years taken separately than there have been for Firefox in 2006.
Secunia tends to minimize OSS vulnerabilities. The Mozilla project themselves disagree with you.
Would you like some salt with that crow?
You are the one eating crow. You choose whether you want salt or not.
I believe Firefox in 2006 has more Critical/High than IE6 does in the last 3 years.
Well, do you have a similar page for IE6? Or are you comparing Mozilla’s page for Firefox (which lists individual vulnerabilities) with Secunia’s page (which lists advisories, and actually states that most of these advisories are for *multiple* vulnerabilities)?
Again, if you’re not comparing apples to apples, your comparison is invalid.
In fact, counting the actual number of vulnerabilities for IE6 in 2006 on Secunia, I arrive at 35, which is similar to Firefox. Of course, most serious IE6 bugs were discovered in the years prior to 2006.
A more telling example is to use the CVE (Common Vulnerability and Exposures) lists of vulnerabilities. Searching their list with “Internet Explorer” returns 478 results, while Firefox only returns 202. (Again, note that the comparison is made on the *same site* using the *same metrics*).
Secunia tends to minimize OSS vulnerabilities.
That is an unsubstantiated allegation. FUD, if you will. It’s quite typical: when presented with results you don’t like, you just try to discredit the source (never mind that you used that source yourself).
I’ll be waiting for your proof that Secunia is biased against Microsoft…
This reminds me of Stephen Colbert saying that “reality has a liberal bias”…
The Mozilla project themselves disagree with you.
No, they don’t, because: a) they list individual vulnerabilities fixed, not advisories, and b) they don’t give a similar list for IE6.
You are the one eating crow.
Ha ha, nice try. When you start giving honest comparisons, we’ll talk, but right now the only way you can fudge the number so that they support your claims is by comparing apples and oranges. That just won’t cut it, boy.
Well, do you have a similar page for IE6? Or are you comparing Mozilla’s page for Firefox (which lists individual vulnerabilities) with Secunia’s page (which lists advisories, and actually states that most of these advisories are for *multiple* vulnerabilities)?
http://www.frsirt.com/english/searchengine.php
Search for Critical “Internet Explorer 6*”
12 in 2006, 12 in 2005.
For Firefox on the same search if I click on the Mozilla one and count it equals 63 critical and then a lot more in 2005.
Look … Mozilla admits to a lot of critical holes.
More than IE 6 by far.
If the Linux server is running Apache or openSSh or openSSL and it is compromised does that matter?
It does matter when you’re counting OS vulnerabilities, which is what you were talking about. I can’t believe you’re even trying to argue this.
Let me try to put it as simply: if you’re going to compare OS vulnerabilities with OS vulnerabilities, and then you also count application vulnerabilities for one of the two, then your comparison is invalid (and you’re being dishonest).
Seriously, kid, you should find another hobby. You’re not that good at this one.
XP home edition has 133+ from which 17% is still unpatched and 51% give direct system acess.
Not only that, but there has *never* been a version of Linux that would get automatically hacked in 15 minutes when you connected it unprotected to the Internet, like WinXP SP1 did.
Ah, good times. As a local family/friend support technician, I’ve begun to tell people I will no longer help them fix their PCs if they still use pre-SP2 XP. You’d be surprised at the number of people who still use these highly insecure versions of the OS.
In all fairness, the security of MS products *is* improving…of course, they’re coming from so far down, they really didn’t have any way to go but up!
We’ll see how Vista fares. I also believe that it’s only a matter of time before *severe* vulnerabilities come up.
Not only that, but there has *never* been a version of Linux that would get automatically hacked in 15 minutes when you connected it unprotected to the Internet, like WinXP SP1 did.
“Between April and December 2000, seven default installations of Red Hat 6.2 servers were attacked within three days of connecting to the Internet. Based on this, we estimate the life expectancy of a default installation of Red Hat 6.2 server to be less then 72 hours. The last time we attempted to confirm this, the system was compromised in less than eight hours. The fastest time ever for a system to be compromised was 15 minutes. This means the system was scanned, probed, and exploited within 15 minutes of connecting to the Internet. Coincidentally, this was the first honeypot we ever setup, in March of 1999.”
http://www.honeynet.org/papers/stats/
Of course, I meant *on average*. If you’re going to compare “shortest times” with honeypots, then I’m afraid it looks even bleaker for Windows:
“The Windows honeypot is an unpatched version of Windows 2000 or Windows XP. This system is thus very vulnerable to attacks and normally it takes only a couple of minutes before it is successfully compromised. It is located within a dial-in network of a German ISP. On average, the expected lifespan of the honeypot is less than ten minutes. After this small amount of time, the honeypot is often successfully exploited by automated malware. The shortest compromise time was only a few seconds: Once we plugged the network cable in, an SDBot compromised the machine via an exploit against TCP port 135 and installed itself on the machine.”
According to the link you gave, one could imagine that the average time it takes to hack an uprotected an unpatched Red Hat 6.2 was at least a couple of hours…with an unpatched Windows 2000/XP, the average is less than 10 minutes.
PS: the Honeynet project is where I had gotten my original figure in the first place, but I have also seen it happen “live”…it’s quite scary, actually, and it’s still going on with millions of unpatched XP machines relaying tons of spam every day. Thanks, MS!
I forgot to give the link for that Honeynet article I cited:
http://www.honeynet.org/papers/bots/
Sorry about that.
The Windows honeypot is an unpatched version of Windows 2000 or Windows XP
Microsofts biggest mistake with XP is to not make patching automatic the default and not make the firewall on by default.
They corrected that with SP2.
Edited 2006-12-02 17:54
According to the link you gave, one could imagine that the average time it takes to hack an uprotected an unpatched Red Hat 6.2 was at least a couple of hours…with an unpatched Windows 2000/XP, the average is less than 10 minutes.
But you think Linix is way more secure because a RedHat server could last 15 minutes to a couple of hours on the internet?
The real difference, if you read the paper, is that scanning for Windows vulnerabilities occurred much more often. So the RedHat server only last a short time longer even with much fewer attacks against it.
I can’t find the article, but recently the HoneyPot project tried the same test with the Firewall’s on (default for XP SP2) and patching automatic.
I don’t remember any of those machines being compromised.
Remember, the default for XP SP2 is much more resilient than the default for XP vanilla and SP1.
Edited 2006-12-02 18:02
Remember, the default for XP SP2 is much more resilient than the default for XP vanilla and SP1.
I never claimed anything to the contrary. Of course XP SP2 is more secure, and it is a good example of MS doing something right. It’s too bad that the previous versions were *that* insecure, though, as many people – especially casual users and neophytes – still have unpatched versions of XP running (and then they call people like me to help them).
But you think Linix is way more secure because a RedHat server could last 15 minutes to a couple of hours on the internet?
I didn’t say “way more secure”, I said “more secure.” The answer to that latter question is yes, because the both the average time and the minimum time are larger for this (very) old version of RedHat by an order of magnitude.
I didn’t say “way more secure”, I said “more secure.” The answer to that latter question is yes, because the both the average time and the minimum time are larger for this (very) old version of RedHat by an order of magnitude.
15 minutes isn’t an order of magnitude difference.
But, as the paper says, mostly because the scanning is looking for Windows vulnerabilities.
If the scanning had been equal, the times would have been different.
15 minutes demonstrates what is possible.
15 minutes isn’t an order of magnitude difference.
Minimum time (RedHat vs. Windows):
15 minutes vs. “a few seconds”
Average time:
Presumably a few hours vs. 10 minutes.
Yeah, I’d say that qualifies as an “order of magnitude”. Perhaps not to someone as biased towards MS as you, but to the vast majority of people…
But, as the paper says, mostly because the scanning is looking for Windows vulnerabilities.
So you agree, then, that people who want a more secure OS should use Linux as long as it has a lower market share than Windows (because then it is less often the target of attacks)? And since, in your own words, Linux is doomed to have a small market share forever, then it will always be more secure than Windows?
I love it when anti-Linux posters bring out the “Windows is more vulnerable because it is more popular” argument, because it always gives me the opportunity to remind them this means that *right now* Linus is more secure, according to their own logic.
I should stop now before crows become an endangered species…
Minimum time (RedHat vs. Windows):
15 minutes vs. “a few seconds”
As I’ve said, an unpatched copy of Windows 2000 isn’t a good choice to be on the Internet.
On the other hand, I’ve referenced that default installs of XP SP2 tested more recently were never compromised.
So you agree, then, that people who want a more secure OS should use Linux as long as it has a lower market share than Windows (because then it is less often the target of attacks.
Except in the case of higher value targets.
As I’ve noted Debian’s servers have been hacked twice.
GNU’s Savannah server was compromized for a month before they noticed.
I think the lesson is: If no one knows about you and you are on DNS Linux might be more secure through obscurity (we know that isn’t the best choice).
The best choice would Windows with the firewall on and patching on automatic.
We know Xp SP2 was not compromized even when hammered on for 2 weeks.
But I bet that that Windows XP SP2 machine wasn’t running a web server as the GNU ans Savannah servers were. Or a CVS or an FTP/SCP server or…
But I bet that that Windows XP SP2 machine wasn’t running a web server as the GNU ans Savannah servers were. Or a CVS or an FTP/SCP server or…
Sure. But the point of XP SP2 was to keep a Windows users PC safe from being hacked even if that person doesn’t have “experts” like those securing GNU or Debian servers.
And that XP SP2 box survived 2 weeks of being hammered.
As I’ve noted Debian’s servers have been hacked twice.
GNU’s Savannah server was compromized for a month before they noticed.
I think the lesson is: If no one knows about you and you are on DNS Linux might be more secure through obscurity (we know that isn’t the best choice).
The best choice would Windows with the firewall on and patching on automatic.
Edited 2006-12-03 19:47
I think the lesson is: If no one knows about you and you are on DNS Linux might be more secure through obscurity (we know that isn’t the best choice).
The best choice would Windows with the firewall on and patching on automatic.
You obviously know little about security if you think the only way to be secure with Linux is to use DSL. I can bet you a Linux box with the firewall turned on would have been just as secure as XP SP2 (out of 19 Linux machines, only 2 got cracked through vulnerabilities as opposed to weak passwords, but none of them had a firewall up – hello, they’re honeypots!)
Again, you prove how dishonest you are by completely misrepresenting the work done at the Honeynet project.
You obviously know little about security if you think the only way to be secure with Linux is to use DSL.
DSL? No. The Honeypot paper mentioned that none of the computers were on DNS.
They were emphasizing that computers were being found by random scanning of IP ranges.
And most of the scanning was for Windows vulnerabilities. And still Linux machines were being compromised.
I can bet you a Linux box with the firewall turned on would have been just as secure as XP SP2
Thats possible. But for an average home user I believe the Security Center in XP SP2 would make it easier for the average person to secure.
(out of 19 Linux machines, only 2 got cracked through vulnerabilities as opposed to weak passwords, but none of them had a firewall up – hello, they’re honeypots!)
Again, you prove how dishonest you are by completely misrepresenting the work done at the Honeynet project.
Its very common among the FOSS faithful to accuse people who use and prefer Windows of being “dishonest”. Most of the time what it really means is the FOSS adherent has trouble convincing us to switch.
I have referenced the articles I’m quoting from. People can look it up themselves.
Just because I’ve come to that conclusion that Linux is no more secure than Windows, and Windows is easier to use than Linux for the average home user doesn’t mean I’m dishonest.
I think you are dishonest for accusing me of being dishonest for just having an opnion difference than yours. An opinion that I’ve formed over decades of being in this business.
You are a fanatic. And if an argument doesn’t go your way, you lash out. I’ve seen it over and over again.
Thats whay I use references whenever possible so people can make up their own minds. You don’t like people making up their own minds if the decision doesn’t go your way.
//Just because I’ve come to that conclusion that Linux is no more secure than Windows, and Windows is easier to use than Linux for the average home user doesn’t mean I’m dishonest.
I think you are dishonest for accusing me of being dishonest for just having an opnion difference than yours. An opinion that I’ve formed over decades of being in this business.//
There are a great many people who have been in this business as long or longer than you, and who reach a far more straightforward conclusion.
They look at the plain facts that there simply are literally hundreds of thousands of known malware for Windows, and literally millions and millions of compromised Windows machines in use, and that the corresponding figures for Linux are three or four orders of magnitude lower at least, and they don’t spin & contort around the facts and just take them as they stand. Linux is more secure than Windows … even from a purely theoretical standpoint this is clearly the case.
Linux is three or four orders of magnitude (at least) more secure than Windows from a practical, as-measured, real-world standpoint.
DSL? No. The Honeypot paper mentioned that none of the computers were on DNS.
Misread that. That makes your argument even less relevant however.
They were emphasizing that computers were being found by random scanning of IP ranges.
…which is how most worms and IP scanning tools work. What’s your point? Again, you show that you know very little about security to think this is relevant.
Thats possible. But for an average home user I believe the Security Center in XP SP2 would make it easier for the average person to secure.
That is a biased (and grammatically wrong) statement. You think that way because you are heavily biased towards Microsoft.
The fact is that, when neither of them are behind a firewall, Linux is *much* safer than WinXP. When behind a firewall, then it depends on the services running and the way the firewall is configured.
Of course, many people now have routers at home, so the point is moot. BTW, guess what OS these hardware routers usually run? Yeah…
Its very common among the FOSS faithful to accuse people who use and prefer Windows of being “dishonest”.
No, I accuse you of being dishonest because you a) don’t make fair comparisons, and b) willfully misinterpret independent reports to support your own conclusions.
I don’t care if you prefer Windows or Mac OS or Linux. Really, use what you like. What I *don’t* like is when people like you come on web sites to blatantly lie in order to push their agenda. That’s the reason I’m calling you dishonest: because you are.
I notice that you haven’t even try to defend yourself against me calling you on your misrepresentation. Instead of trying to argue, you tried to attack my credibility instead, by saying “it’s common among FOSS faithfuls blah blah blah”. If you had not been misrepresenting the contents of the Honeynet study, you’d have shown that I was wrong in claiming you are, but you didn’t even try! That’s another example of intellectual dishonesty.
I have referenced the articles I’m quoting from. People can look it up themselves.
You have given references, but you misrepresented the results. You claimed that XP SP2 is safer than Linux because *firewalled* XP SP2 machines weren’t comprimised, while 2 out of 19 *unfirewalled* Linux machines were compromised due to vulnerabilities.
It is precisely because you referenced the article that I was able to demonstrate that you were wrong. At least you’re making it easier for me.
Just because I’ve come to that conclusion that Linux is no more secure than Windows, and Windows is easier to use than Linux for the average home user doesn’t mean I’m dishonest.
No, the fact that you come to that conclusion doesn’t mean your dishonest. The fact that you misrepresent independent studies to come to that conclusion, however, *is* dishonest. The fact that you compare the number of Secunia advisories for IE to Mozilla’s internal list *is* dishonest. Every single one of your argument and comparisons on the subject has shown a heavy bias. That is why I say you are dishonest – and from the look of your trust rating, I’d say I’m far from being alone in thinking this.
I think you are dishonest for accusing me of being dishonest for just having an opnion difference than yours.
That’s not why I’m accusing you of being dishonest. I’ve made that quite clear, I believe. Claiming otherwise would be, well, dishonest.
Admit that your comparisons were skewed and that you misrepresented the results of the Honeynet studies and you’ll at least show that you can be honest about your own failings.
An opinion that I’ve formed over decades of being in this business.
The first computer I used was a Commodore PET, closely followed by the TRS-80 Model I. That’s 30 years of happy computing. My opinion is as valid as yours. But the thing is that we’re not discussing opinions. You can have the opinion you want. Not only do I respect that, but I will fight to preserve your right to have the opinion you want. Am I clear enough? I *don’t care* what your opinion is. I *do* care that you spread FUD about FOSS and insult those who care for it. I *do* care that you misrepresent independent studies to further your agenda. I *do* care that you lie in order to support your opinion.
You are a fanatic. And if an argument doesn’t go your way, you lash out.
You’re the one that keeps insulting people, and I’m the one who’s lashing out? Please, don’t be ridiculous.
I am not a fanatic, all I want is an honest, rational debate. You have proven incapable of this, and now *you* lash out against me for pointing it out, and have the gall to pretend that it’s the other way around!
I’ve seen it over and over again.
I know it’s not fun being proven wrong, but that’s what you get for spreading FUD and being intellectually dishonest. Stop doing these things, and I’ll stop calling you on them.
Thats whay I use references whenever possible so people can make up their own minds. You don’t like people making up their own minds if the decision doesn’t go your way.
For the last time, you don’t just use references: you cherry-pick items from those references, then misrepresent what these references say, and finish by insulting those who disagree with you.
The fact is that, when neither of them are behind a firewall, Linux is *much* safer than WinXP.
The evidence is that a default install of XP SP2 survived two weeks without scratch.
You can rant all you want, and call me names, and attack me for preferfing Window. Thats the usual modus operandi of the FOSS fanatic.
But I still think that an average home user would be able to setup and keep safe an XP SP2 install easier than they would Linux.
Nothing I’ve said is false. Nothing is misrepresented.
What you can’t stand is that I won’t be bullied by you and your fellow fanatics into lying about what I believe to be true.
I guess we’ll have to agree to disagree on whether or not you where honest in your presentation of the facts. I’ve stated my case, presented arguments, shown exactly where you were misrepresenting the truth, while you have avoided responding to my arguments, attacked my credibility instead of offering arguments of your own, and misrepresented my own position. I am still convinced that this misrepresentation was willful, and part of a FUD effort on your part.
Also note that I am NOT attacking you for prefering Windows. Stop lying by saying I did. I know what I know, and I’ve already told you this wasn’t the case, if you keep repeating it anyway I have no choice but to call you a liar.
If you consider presenting actual arguments to counter your lies as “bullying you”, and fail to see the problem with you insulting those you disagree with, then that’s your own problem. Since I can’t believe that someone who knows how to use the Internet can be that dense, the only alternative is to consider that you are being dishonest. I will continue to call you out as such whenever you decide to spread your lies on this forum.
People have a right to express their opinion.
And before quoting Gates (who is delusional anyway): he has some unique (read: false) idea about what “new generation” is. Win95 was really something new, no more DOS (they’ve hidden it..kinda), all everything in GUI, … That was a true next gen (for Microsoft). Nextgen usualy involves some evolution and since this is not 1980 anymore, changes done to Windows in last 6 years are way smaller than changes in competitive OSes in past 6 months …sure, they gave it a new GUI since this is the first thing users see + some “security” stuff they think we need, but this product is really poor quality (yes, I have tested it, also the final version) and has some major bugs still present, not to mention how customers will respond when they see most dialogs still EXACTLY (minut theme) the same as in XP, with all the options, annoyances and bugs. I wouldn’t call this a “new generation”. I’m pretty sure a same group of excellent coders working on Vista should be able to rewrite an OS from scratch in that period, especialy fulltime paid coders. So are we supposed to pay for same old shit, just painter differently? Be my guest.
My 5 cents.
Edited 2006-12-01 09:00
People want things to work well, and I don’t mean to be silly, but they want things to work well…Integrated can be modular or not, but if people do want things they want them to work together and to work together well.
The above is as far as I made it. WTF is he talking about? He doesn’t mean to be silly? Hell, he didn’t even make it past idiotic! The fascination he has for developers is almost perverted. I don’t mean to be hard on Monkey boy but if I worked for MS, I’d be a bit nervous about my leadership.
welcome windows with open arms, AND concealed daggers
let the virus writing begin, witness as the disease will ravage VISTA making it a vista never to forget.
with the LSB linux will be unified and companies like novell(damn novell)and Red Hat(damn red hat) and canonical (bless them) and oracle (keep them safe) will thrive, the tide is difficult, now we need java to kill .NET and SOLARIS to be GPL’ed and well well we have practically every company and industry backing FOSS, except of course the damn ATI and damn Nvidia. i hope INTEL kills those two, they are slow learners, everyone support FOSS and buy Intel graphics cards
Edited 2006-12-01 07:20
(…)and buy Intel graphics cards.
What intel graphic cards? Last time I checked they only supplied integrated solutions. And those (made by Intel) are worthless when it comes to any gaming or 3d productivity.
PS. Maybe things will change a bit with that new GMA X3000 – time will tell.
yeh sorry about that, i meant buy Intel integrated cards,
i like AMD but intel is open source, yeh they are a little under par, but please understand they are not worthless, they have comparable performance to an X300se radeon, and 98% per cent of users don’t even know what 3d productivity is. regardless i will still buy integrated Intel (sigh) because we really have little choice on Linux. soon enough though when Intel becomes a serious player among the vega card manufactures then it will force others to open their drivers. which is why i laugh when ATI or nVidia talk about trade secrets, well Intel fears nothing and for that i admire them. and yes hopefully intel will make more powerful vega cards.
Ultimatebadass i admire your tack, and you are quite right, but i beleive we have to do somethig if we are going to coerce manufactures into FOSS drivers and documentation
Yep, that’s a great way to convince people to use linux. – posting stupid “I hope Microsoft choke” messages full of acronyms and saying “spyware will get yoooou!”.
Oh, and Intel graphics chipsets are useless. Not just for gaming – even for general desktop use.
nVidia have pretty much done everything they can to make nvidia drivers easy to install whilst keeping them closed source. And with the amount they spend on R&D for their cards, are they really going to open source them and let their competitors steal their hard work? I think not.
And as an ex-Java programmer now using C#, let me tell you that java is evil. Pure evil.
Your comment appealed to me. I’m not sure why
“Yep, that’s a great way to convince people to use linux. – posting stupid “I hope Microsoft choke” messages full of acronyms and saying “spyware will get yoooou!”.
I agree, but this is not good comment to make about anything. To be fair Vista/Office come with spyware built in.
“Oh, and Intel graphics chipsets are useless. Not just for gaming – even for general desktop use.”
Having used an old chipset on linux for a couple of years. I can say this intel hardware used to be incredibly difficult to set up, and wasn’t very supported (read hell on earth)…and I used to use an onboard sis. In the past year, every release has been an improvement. They have done a wonderful job. It did everything flawlessly. I would have bought a low-mid range cards from them *if* one had been available. I bought a r300 card Ati recently and that was because beryl came out, as binary drivers are simply too much hassle for a part time gamer. I think what you have said is untrue.
There are lots of excuses floating around, about why nvidia and Ati mid-high end cards are binary only. To be fair If I was a serious gamer. There are a couple of really *interesting* consoles just out, that simply offer a better gaming experience for cheaper than a gaming PC.
“And as an ex-Java programmer now using C#, let me tell you that java is evil. Pure evil.”
I never liked Java, and it has started to have a bad reputation. What will be interesting is watching *what* happens now its open-sourced. I suspect whatever happens there will be big changes.
Hi
I haven’t touched Intel graphics chipsets since the intel 810 but that was enough to put me off for life. Even with GL support, it couldn’t handle the bouncing cow screensaver at above 2fps on an idle system, never mind TuxRacer
It was the same story on Windows.
As for Java, we may well see big changes, we’ll just have to wait and see what pans out
And with the amount they spend on R&D for their cards, are they really going to open source them and let their competitors steal their hard work?
I’m sorry, but I’m not convinced that publishing open-source drivers would allow any competitors to steal their hard work. It’s not as if ATI would changer the internal structure of their graphics chips overnight because they might get to copy one of Nvidia’s ideas…
I believe there are other issues at hand here, i.e. perhaps Nvidia uses licensed software in their drivers, and the owner doesn’t want to open-source that bit of software.
In any case, there are persistent rumors that ATI (now owned by AMD) will open-source its Linux drivers in the coming months.
In any case, there are persistent rumors that ATI (now owned by AMD) will open-source its Linux drivers in the coming months.
If that will come true and it will be implemented so every linux will support ATI graphics card out off the box so to speak i will be certainly willing to look at an ATI card first the next time i buy a graphics card.
Leaving aside the Ribbon for one moment, for me the one major enhancement in Office 2007 is to be found in Excel: support for 1 million rows by 16,000 columns. This alone could justify the cost for some businesses. Although for that kind of work, it’s likely to be only a few statisticians or data analysts using it, so I’m not sure that it would be purchased department-wide.
Looking at Access, I am rather underwhelmed. Prebuilt solutions? Useful for novice users but not a cost-justification in its own right. Not much new except for complex data types and better Sharepoint integration. Not earth-shattering. The rest of the new features seem minor refinements. Having said that, Access 2003 is already a fantastic product imo, so I’m not too worried. It is by far my favourite MS product, and I’ve been using it almost daily since v2.
I’ve not really looked much at Word or Powerpoint as I don’t use PP much and Word has been more than adequate for my needs since Word 2000. Maybe even Word 95 to be honest. What I have seen has again left me underwhelmed.
So, a new office suite for the ability to store vast datasets in Excel? I’m not convinced.
I’d be interested in hearing what others think, especially if you rely on a particular Office app (or more than one). Do the new features have a wow-factor for you?
If i just want to write a letter now and then would i need Office 2007 ?
“If i just want to write a letter now and then would i need Office 2007 ?”
🙂 I think you know the answer already!
———-
I forgot to say: I would love it if MS would port Access to OS X, but I don’t see that happening anytime soon.
Of course not. You’d be fine with WordPad or even Notepad, both of which are included in every version of Vista.
Naah… Wordpad should be sufficient, unless you want to make fancy looking letters. In that case any office suite from the last 10-15 years would do the trick
(I wouldn’t recommend using WP6, but it would do the job.)
http://www.vnunet.com/computing/news/2170058/vista-vulnerable
The article that you cite refers to three worms that infect systems by tricking third party email clients into running malware attachments. So what? Microsoft’s own email apps (Outlook and Vista’s bundled mail app) block those worms. And even the email clients that don’t block them won’t run the attachments with admin priveledges under Vista (unless the user is running as admin and turned off UAC), so it’s no less safe than any other OS. Sophos is rasing an alarm so people still buy their security stuff, but the flag that they’re rasing could just as easily apply to other OSes.
Edited 2006-12-01 18:35
I was under the impression the malware bypassed UAC and was caught by Windows Mail simply because the virus definiton file included all these. Perhaps it wouldn’t have found them if this were new malware that hadn’t already ravaged millions of XP systems.
I’m sure we’ll see UAC bypassed if this wasnt an indication already.
But like you say, Linux and other non-Windows OSes have the same security features that will further improve thanks to competiton from Windows Vista.
One thing you haven’t mentioned is the far smaller marketshare of these alternative operating systems.
They are further secure through obscurity. Plus the users who use these other OSes are often as smart or smarter than the people who write these viruses and malware. So they simply know how to deal with them even if malware did/could exist.
Edited 2006-12-01 19:30
I just read the descriptions on Sophos’ site. These so-called “worms” are pretty ridiculous and I don’t understand why they’re not called “trojans.” They send themselves out through mass emails and rely on a user to open some file to get infected. Sure, anti-virus is meant to stop this, but if you’re smart enough not to open files sent through mass emails then you won’t get hurt by this virus. There’s very little an OS can do to avoid this sort of attack: if the user manually runs an EXE and has the right to send emails, what can one do to stop the trojan from spreading?
This is truly comical. Anyone notice how Microsoft has changed the look and feel of Microsoft.com’s “ready for a new day” pages to shamelessly ape Ubuntu’s color schemes and overall look? See for yourself… http://www.microsoft.com/business/launch2007/default.mspx
Classic Microsoft at its best.
If by “shamelessly ape” you mean a brownish and orange and a brownish beige are in the same color family then yes, you are right. Otherwise there is little similarity. MS has 3 columns, Ubuntu has 2. Ubuntu has a summary box at the top MS does not. MS has menu on the left, Ubuntu has it on the right.
I think you’re really reaching on this one.
By “Shameless Ape,” he’s talking about Steve Ballmer.
Oh… I get it now. My apologies :p
“if i just want to write a quick letter to need office 2007”
Umm no… you need wordpad, or notepad or one of a billion free apps out their that are about 1meg… people that need to “write a quick letter” don’t buy suites…
thats like saying “i need to draw a circle do i need 3dstudio max 7?”
As for vista and security, i’ve been running vista since beta1, and all the versions between, i surf almost 20 hours a day cause i work for an internet company in the caribbean… i have yet to have 1 piece of spyware or virus infiltrate my system…
thats damn good in my view, will their eventually be viruses or spyware that bypass vista security, perhaps, will it be almots immediately patched by microsoft… yes…
“Sophos is rasing an alarm so people still buy their security stuff, but the flag that they’re rasing could just as easily apply to other OSes. ”
got to agree with you here… while yes i agree vista needs a virus scanner (either a cheap one or a free one just as even linux and other os’s should have)
The fact is people are trying to make vista seem less secure than it is… microsoft can only do so much before it comes down to COMMON SENSE, if an internet explorer window pops up with an image of a pictur thta says “you have xxxxx virus” and some idiots click it to download a “antivirus” thats not microsofts fault thats just stupidity.
“The fact is people are trying to make vista seem less secure than it is… microsoft can only do so much before it comes down to COMMON SENSE, if an internet explorer window pops up with an image of a pictur thta says “you have xxxxx virus” and some idiots click it to download a “antivirus” thats not microsofts fault thats just stupidity.”
I really am uncomfortable with both your perception of people and your misguided approach to security.
He is right, though. You cannot blame MS for user stupidity. “Common Sense” _is_ the best defense.
“Of course not. You’d be fine with WordPad or even Notepad, both of which are included in every version of Vista.”
Or you can download OpenOffice or Abiword for free and use one of those instead. They’re free and have much more features than Wordpad/Notepad anyway… Wordpad/Notepad are a bit limited for writing letters. They’re purpose is more like, short notes (hence NOTEpad), reminders, etc.
Edited 2006-12-01 18:58
I wonder why people have the dillusion, that as soon as a new OS comes out, it need’s to be 100% reliable, completly secure, able to run all the previous apps, etc-etc??
Seems to me, that most people commenting here have an IQ of less than a 100.
Every new released OS has issues. Every new OS has bugs in it, security holes, etc. Speaking in Windows terms, a Windows OS is never mature enough until a SP or two have been released. It has been like that since the beggining of time and will continue as so.
And it’s not like linux is all “god-like” as some here tend to suggest. For instance take Ubuntu, it has an issue X in version A. Version B comes out, and X is fixed, but then issue Y appears, which worked in version A. And so it keeps going round and round in every new version, lately…
Speaking of Vista security, then it will be hacked. No doubt about that. Only thing that matters is that it will be much harder compared to XP and mostly less destructive. Also, Vista does a much better job of keeping the avarage Joe safe than XP does.
And what about Office 2007? Well some people here are completly short-sighted and blind thinking that Office 2007 is just eyecandy (same holds true for Vista).
First off, Office isn’t ment for home users (they usually don’t have the money to buy it either). Home users only use like 5-10% of the Office suite features. You will never fully use all of the power Word has to offer by scribiling some little letter or an essay once in a while!
Office is for businesses!!!
Secondly, Office 2007 has more than just eyecandy in it. It has new features for showing information and data, new ways of interpreting them, new ways to use and share them, new ways to collaborate etc.
Excel and Powerpoint are the two that really stand out in Office 2007. Those two are perhaps the best sellers for Office 2007.
OpenOffice might be able to mach the Office 2003 feature set and in some areas even exceed them, but it most certanly lags behind in usability and data presentation.
Useful for simple home users, smaller offices and goverment organizations, but not for sales men or team workers or high-end thourgh use in corporations.
It all comes down to neccesity. Do you need this feature, do you want to pay for this, do you want things do look spicey or will simplicity be enough, etc…
If you’re a home user and only need to write some documents or keep a very simple tabel, then you probably don’t need to buy the pricey new Office suite. OpenOffice will be more than sufficient.
Same holds true for Vista. If you only surf a couple of web pages, read some e-mail and occasionaly watch a movie, then you don’t need the enormously costly Vista, a free linux distro will be more than sufficient.
I think that one of the biggest problems with people commenting here, is the fact that piracy has made Windows+Office walk in unison on most of the home and corporate PC-s. Thus making people really short-sighted and norrow-minded. All that in the sense of people being accustomed to a super rich set of features that they mostly don’t even use. So if Microsoft adds and improves features that they won’t ever use or see they go around ranting about “this is just eye-candy”, “I will never upgrade”, “don’t care”, all the cursing etc.
@markoweb I hate posts like your too much to reply to
“I wonder why people have the dillusion, that as soon as a new OS comes out, it need’s to be 100% reliable, completly secure, able to run all the previous apps, etc-etc??
Seems to me, that most people commenting here have an IQ of less than a 100. ”
Even with my IQ Microsoft will sell Vista under the banner that it will be reliable, secure, run previous apps.
I try to understand you home+office bit, but I don’t most people need the same software they use at work, and can use it etc etc.
… before?
Does anyone end up getting convinced by the other?
Is it such fun down there in the trenches?
If you want real security, you go for the OS with the blowfish.
Even if Vista would be the securest OS on the planet, a lot of people would simply never use it, given where it comes from. No big deal. For those that care, there is some choice today. But as weird as it sounds, security is not the only thing about an OS.
Discussions on Vista theoretically interest me, since it’s the most used OS and since I’m employed by a business that wants to do something about that. But this level is terrible.
In one test it was found:
“This means that an unpatched Linux system with commonly used configurations (such as server builds of RedHat 9.0 or Suse 6.2 ) have an online mean life expectancy of 3 months before being successfully compromised.”
3 months is good … unless you plan to run Linux for more than 3 months.
In another note that XP SP2 default config was not compromised.
“In the two-week test, marketing-communications firm AvanteGarde deployed half a dozen systems in “honeypot” style, using default security settings. The six machines were equipped with Microsoft Windows Small Business Server 2003, Microsoft Windows XP Service Pack 1 (SP1), Microsoft Windows XP SP1 with the free ZoneAlarm personal firewall, Microsoft Windows XP SP2, Macintosh OS X 10.3.5, and Linspire’s distribution of Linux.
Not surprisingly, Windows XP SP1 sans third-party firewall had the poorest showing. “In some instances, someone had taken complete control of the machine in as little as 30 seconds,” said Marcus Colombano, a partner with AvanteGarde. “The average was just four minutes.”
Windows XP SP1 with the for-free ZoneAlarm firewall, however, as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.
The most secure system during the experiment was the one running Linspire’s Linux. Out of the box, Linspire left only one open port. While it reacted to ping requests by automated attackers sniffing for victims, it experienced the fewest attacks of any of the six machines and was never compromised, since there were no exposed ports (and thus services) to exploit.
The Macintosh machine, on the other hand, was assaulted as often as the Windows XP SP1 box, but never was grabbed by a hacker, thanks to the tunnel vision that attackers have for Windows. “The automated bot/worm attackers were exclusively using Windows-based attacks,” said Colombano, so Mac and Linux machines are safe. For now. “[But] it would have been very vulnerable had code been written to compromise its system,” he added.”
http://connect.educause.edu/blog/sworona/winnie_the_pooh_security/5…
Edited 2006-12-02 18:15
3 months is good … unless you plan to run Linux for more than 3 months.
Of course but by correctly configuring the bundled software, 3 years is a more accurate figure.
it would have been very vulnerable had code been written to compromise its system
I would be very interested to know which holed ‘would have been’ compromised by these hackers.
I would be very interested to know which holed ‘would have been’ compromised by these hackers.
Ask the GNU/Savannha or Debian server administrators. They can tell you.
What would Savannah and Debian gurus have to do with Mac OS holes?
3 months is good … unless you plan to run Linux for more than 3 months.
In another note that XP SP2 default config was not compromised.
More dishonesty from you…the RedHat servers in the example you give were not protected by a firewall, andhad services running, while the XP SP2 default is protected by a firewall, and has no servers running.
You’re so predictable: every single comparison you make is between different setups. I understand that you resort to such dishonesty, as being honest would mean admitting that you were wrong…
More dishonesty from you…the RedHat servers in the example you give were not protected by a firewall, andhad services running, while the XP SP2 default is protected by a firewall, and has no servers running.
I noted that they were from two different tests.
I said “In one test …”
And then I said “In another … ”
The point I was trying to make is that Microsft has rectified many mistakes with XP SP2 by putting the firewall on by default and the default is automatic patching.
Look, I know you are feeling humiliated by some of the stuff I’ve posted. But I do post the references for you to read.
Note that in this test 4 Linux installs were compromised even when they were “not registered in DNS or any search engines, so the systems were
found by primarily random or automated
means.”.
You may take that as a vote of confidence in Linux.
On the other hand … if the attacks were focussed and not found at a random, but were targetted, how long would they last?
I believe a large portion of the attacks against Windows explain whey they get compromised so quickly.
If Linux servers are subject to as much scanning as Windows boxes, they would last much longer.
Don’t run without a firewall, no matter which OS you are using.
“These systems were targets of little perceived
value, often on small home or business
networks. They were not registered in DNS or
any search engines, so the systems were
found by primarily random or automated
means. Most were default Red Hat
installations. Specifically one was RH 7.2,
five RH 7.3, one RH 8.0, eight RH 9.0, and
two Fedora Core1 deployments. In addition,
there were one Suse 7.2, one Suse 6.3 Linux
distributions, two Solaris Sparc 8, two Solaris
Sparc 9, and one Free-BSD 4.4 system.
Of these, only four Linux honeypots (three RH
7.3 and one RH 9.0) and three Solaris
honeypots were compromised. Two of the
Linux systems were compromised by brute
password guessing and not a specific
vulnerability. Keep in mind, our data sets are
not based on targets of high value, or targets
that are well known. Linux systems that are of
high value (such as company webservers,
CVS repositories or research networks)
potentially have a shorter life expectancy.”
http://www.honeynet.org/papers/trends/life-linux.pdf
To keep things simple i could use windows 3.11 or w95 as honeypot and get a lot of “flattered” results.
Don’t run without a firewall, no matter which OS you are using.
That goes without saying: a system is only as secure as its admin makes it. Case in point, from your own example:
“Of these, only four Linux honeypots (three RH
7.3 and one RH 9.0) and three Solaris
honeypots were compromised. Two of the
Linux systems were compromised by brute
password guessing and not a specific
vulnerability.”
So, that means that only 2 out of 19 Linux machines were compromised due to actual vulnerabilities (and not weak passwords, as is the case for the other two). That is actually a pretty good record! Thanks for providing this example which showcases the good security of Linux machines (I guess you should have read it more carefully before posting it, huh?)
Linux systems that are of
high value (such as company webservers,
CVS repositories or research networks)
potentially have a shorter life expectancy.”
Not just linux but *any* system.
Not just linux but *any* system.
Yes. Which is why I said: “Don’t run without a firewall, no matter which OS you are using. “
Unless you are behind a router on a trusted network.
CEO Steve Ballmer said it was the “most useless launch we’ve ever done.”
😀