Microsoft’s Product Lifecycle Web site has the second XP service pack scheduled for 2004, a year later than previously expected. Analysts speculate that the long delay may be to integrate more functionality into the OS, such as the “PC Satisfaction package,” an enhanced firewall and virus detection package.
Does that mean there is a a free virus scanner? or is it limited in some way? Slap in the face to McAffee!
M$ will lost more billions !!
That’s actually an intresting concept. Instead of the next war being over Internet Browsers, it may be over Antivirus/Antispyware apps.
will execute this command
format c:/
Who the f…needs a virus scanner from M.S. It most likely will end up being exploited itself. It should concentrate on security. SP2 is far more important then some measly, half-baked virus scanner. Or maybe that is just a front and Microsoft is trying to find another way to stop SP2 to getting into the hands of pirated copies of XP.
1.) MS bundled an anti-virus tool in the past with DOS 6.22. Called MSAV which was a licensed version of Norton AntiVirus.
Since WinXP MS bundles a free personal firewall with Windows. Was anybody complainig? Is MS being sued because of this? No.
2.) There are already free AV tools available. Eg AntiVir from http://www.free-av.com/
3.) format c:/ will do nothing except for printing an error message.
LOL LOL LOL OLOL LLOLOLOLOLO LOLERZ!!
YOU = TEH COMEDIC GENIUS!
GeCad, a romanian software company who makes antivirus software for Linux and Windows has been purchased by MS in order to be integrated into the next Windows.
So MS is going to make a virus scanner better than symantec or Mcafee!! So MS has FINALLY made an OS that doesn’t display the blue screen more often than a 3 minute screensaver and now thinks they will display their advanced security skills by producing a new firewall and antivirus scanner. FOCUS ON SECURING YOUR OS!!! You know, just because MS warned everyone of the blaster vulnerability months ago only proves that major vulnerabilities still exist in the OS. Which means that SP2, which is probibly filled with major security patches needs to be release ASAP. Or are we going to wait until the next blaster blasts our computers?
On another note, antivirus software has been around for a long time. I wonder why it would take MS over a year to develope one for XP. Unless like the post above, it’s going to do a whole lot more behind the scenes that you won’t know about than just scan for viruses!
I now see the post above. I guess GeCad will add another $50.00 to the price of XP. I’ve read some about GeCad. Not much available. Not too bad though. I’m all for anybody helping MS secure their OS but is this really better than letting Norton Firewall and Antivirus protect your computer?
I just read what I think is the real reason MS bought GeCad. They are the major AV software producers for Linux and Novell Servers. Here is a quote from the article:
The sale came out of the blue for all GeCAD partners which, according to Routledge, was kept quiet because it would be obvious that it would drop its Linux and Novell product lines.
“There is no way Microsoft is going to develop products for the competition,” he said.
http://www.vnunet.com/News/1141750
I guess MS once again believes in trying to buy out the competition while trying to make Novell and Linux less secure! You see, GeCad was for Novell and Linux what Norton AV corporate edition was for windows. If MS really wanted to secure their OS, they should’ve dropped 5 billion on Symantec! Don’t think symantec would sell? They would for that amount, and windows would be much more secure than it is today. But hey, this way is cheaper and does more damage to the competition………..of course all at the expence of the customers of Linux and MS!!!
FOCUS ON SECURING YOUR OS!!!
ummm, like Linux? http://www.linuxsecurity.com/advisories/index.html
Repeat after me, Windows is JUST AS secure as Linux!!!
mmmm kay
If you look at recent incarnations of Windows, they’ve done pretty damn well security-wise.
Yes, they have security flaws, but the VAST MAJORITY of them come from things that are inherent in C/C++ programming: buffer overflows and double allocate/double free/etc. memory allocation errors.
Aside from doing a complete code audit (to my knowledge OpenBSD is the only OS that has done this) it is IMPOSSIBLE to prevent such errors without switching to a stricter language such as perl, python, or Java.
Linux, Novell, and FreeBSD are all protected by security by obscurity to a large extend. They just don’t have the hacker exposure that Windows boxes do.
Embedding a virus scanner in Windows is a great idea, and it certainly can’t hurt, a crummy virus scanner is better than none at all. This will also upset the Virus Scanner status quo a little, which definitely can’t hurt…what REAL advancements have we seen from McAfee and Symantec in the past 5 years? Just more needless interface bloat.
“Linux, Novell, and FreeBSD are all protected by security by obscurity to a large extend.”
This comment is about the most brainless thing that I’ve read all day…
Service Packs are just large packages of hotfixes, with a bit more testing done, and sometimes adds some features.
All in all, if you have the hotfixes coming, there isn’t a serious ‘need’ for a new service pack, as it contains nothing that isn’t on Winodws Update, though, that is not to say they aren’t nice to have.
I’m actually in the PC Satisfactional Trial beta, it’s a nice little app, been improved greatly since the first beta, but still needs some more work.
Listen, if Windows is just as secure, why are there SO MANY more viruses/worms (10,000 compared to Linux’s 5-10)?
Yes, obscurity IS a part of it. But remember, Linux/BSD are EXTREMELY popular server OSs (I believe some study showed Apache as the most popular server). And many (most) large corporations use it as an Operating System.
The big reason the free *nixs are more secure is:
1. MUCH MUCH better permissions system. In Windows, they enourage you to run as administrator. This means a virus can kill your whole system. Not to mention that the important system files aren’t protected in Windows.
2. Everything is open. When a problem is found, anyone on the planet can fix it. We dont rely on one company to do it for us.
Yes, any virus scanner is better than nothing, but they should make their OS less vulnerable to viruses (more robust permissions system).
This comment is about the most brainless thing that I’ve read all day…
Oh really now? You must’ve been reading Scientific American and the JAMA all day long then.
It’s true, look at the number of computers running Windows, versus the number running *nix of any flavor or NetWare.
You could argue, yeah but on the server Windows is a minority, however it is a plurality and thus, the single biggest target. Yes, several exploits will work across Linux distros, but there have been several exploits that only affect for example Red Hat’s kernel patches, or a version of software only deployed by Mandrake.
Also, there are dozens of FTP servers that ship with various Linux distros, and the “default FTP server” varies considerably by distro and even by version of distro.
So basically its a situation where Windows is the most common species out there, so if you want to do the most damage, you’ll tailor your virus/worm/rootkit towards that. It’s just easier to do lots of damage.
If you really wanna drill down on RedHat, Mandrake, Slackware, or Debian, I’m sure you’ll find just as many, if not more security vulnerabilities.
So yes, I stick with my original comment.
Care to explain why my comment was so brainless Kingston?
Because a server platform is a very popular target,so there should be more viruses/worms out there.
In fact, The US (and many other) governments and militaries use Linux, unless your saying that the government isn’t a popular target?
Yes, there are different distros with different problems, I consider that an ADVANTAGE. Even if Linux took 90% of the market, that market would be shared by different distros, and thats a good thing, Linux is open, so thats possible, unlike with MS.
contra: Not so, it is MUCH easier to infect a client system with a worm/virus turning into zombies in order to have them attack a certain server.
Having many different flavors could also be a disadvantage simply because it is so fragmented, you have many people working on many different projects, yet all these projects produce pretty much the same goal. Having everyone focused on one project for a certain goal could also be seen as an advantage, it just depends on how you look at it.
Irony is that GeCad’s RAV *nix versions was targeted mostly to Windows viruses. To protect your secure Windows when residing on such unsecure *nix, hehe.
“Linux, Novell, and FreeBSD are all protected by security by obscurity to a large extend [sic].”
Actually, in the case of Linux and FreeBSD, it has more to do with fixes coming in soon after flaws are discovered. Also, replacing a package with a security flaw with a fixed package is far less likely to hose a Linux/BSD system than applying a patch from Microsoft. So, in short, Linux and the *BSDs tend to be fixed more quickly and reliably.
Those writings are always stupid.
So I want to write a stupid thing too.
Maybe Outlook Express (for example) is sending macro viruses.
But sendmail is relaying them very fastly.
Problems aren’t in software, but in people.
Put in jails bad guys, and let us work with our computers, Linux or Windows or others!
1. MUCH MUCH better permissions system. In Windows, they enourage you to run as administrator.
No they don’t. I’ve read in most every book on serving with windows to create restricted user accounts.
Not to mention that the important system files aren’t protected in Windows.
FUD. Windows File Protection. Its on every version of windows since 2000. Try copying over a system DLL sometime.
Yes, any virus scanner is better than nothing, but they should make their OS less vulnerable to viruses (more robust permissions system).
Agreed.
Linux is great for a server. I like it.
You wouldn’t catch me running it on my desktop though.
Here what I’ve found on Microsoft’s website :
“A firewall is software that helps protect your computer from viruses”.
Well, if these guys can’t even read good books dedicated to firewalls, let alone understand what these are, I wonder what kind of protection they will offer their customers.
I didn’t mean books on administration, I meant the fact that MANY programs in Windows require you to be administrator to run.
And in XP Home, you have two choices, Limited and Administrator, I dont really call that a robust permissions system. In Linux, you can have different group settings, per file settings, etc.
byte256: I would have to agree with Kingston in that to say that Linux practices security through obscurity is absurd. Regardless of whether Linux is more or less secure you can’t argue that they are securing the platform by hiding weaknesses.
Also while files themselves can be secured in a modern Windows environment the issue at hand is the level of access processes need in order to perform their function. Many processes in windows run at the kernel level or at least as a priveledged user and any such process is a security risk. *nix has it’s share of processes that run as root, but they are generally much fewer than in Windows. The second issue is that it is generally easier to escalate a processes permissions in Windows than in *nix, though this is getting to be less true. As a general design principal Windows has always gone with the idea of speed and ease of use as a higher priority security and it comes back to haunt them.
kingston: these are not the olden days of Windows 95 anymore. a properly administered and patched Windows server can be reasonably secure. Perhaps not as secure as a Linux box but for all practical purposes it is. It is the unattentive masses that are the problem not the OS itself. If you set it up porperly and keep up with patches a windows 2000 server will hold up against all but a determined attacker.
On topic: OK so they are delaying the SP for a year, that is their perogative. If they take the time to integrate the hotfixes (some of which are a little flakey), provide better process level security, and perhaps some new features then I say the wait serves a purpose.
byte256: I would have to agree with Kingston in that to say that Linux practices security through obscurity is absurd. Regardless of whether Linux is more or less secure you can’t argue that they are securing the platform by hiding weaknesses.
Ummm, actually security by obscurity means that it’s more secure because its in less use and thus gets less hacker exposure.
Now personally, I’m a Linux user (and FreeBSD and OpenBSD) and I think what IS absurd is this myth that Linux is inherently more secure than Windows. Increased security is not in and of itself a reason to use Linux, anyone who thinks they can throw up a Linux box onto the open internet and leave it unpatched without any hackers attacking it is an utter fool.
It’s not the OS that’s insecure its the users that are. Microsoft puts patches up soon enough to keep Windows boxes secure. However lots of people just love to bash Microsoft because it’s the l337 and K001 thing to do. There are plenty of GOOD reasons to bash Microsoft, but security is NOT one of them.
Let me pose this question to you… how big of a target is http://www.microsoft.com? How often have you went to that site and seen “l337 PENGUINISTA 0wNz J00 M$” on their homepage?
That’s what I thought.
We basically agree with each other except on the definition of security by obscurity.
Ummm, actually security by obscurity means that it’s more secure because its in less use and thus gets less hacker exposure.
Where did you get that idea? Do a google search for security through obscurity and pick a link, or pick up a book about software security. The idea of security by obscurity has nothing to do with how much a product is used, it has to do with what information about the mechanics or installation of a program are available. Or in the words of random site #3
Security Through Obscurity (STO) is the belief that a system of any sort can be secure so long as nobody outside of its implementation group is allowed to find out anything about its internal mechanisms. Hiding account passwords in binary files or scripts with the presumption that “nobody will ever find it” is a prime case of STO.
*the face of embarassment*
I have to admit I’m wrong. My definition of STO (read it somewhere, wish I could remember where) is an incorrect one.
Please accept my appologies Mephisto, Kingston and others.
With this knowledge I’ll have to concede that my first statement was very retarded
Sorry everyone. Thanks Mephisto for setting me straight
“Let me pose this question to you… how big of a target is http://www.microsoft.com? How often have you went to that site and seen “l337 PENGUINISTA 0wNz J00 M$” on their homepage? ”
I have already thought about that myself; the microsoft homesite must be one of the much attacked in the world, and there are still not a lot of problems on it. Of course, one doesn’t know everything, but still…
No problem, can’t be right all the time (lord knows I’m not).
IRT hacking microsoft.com firewalls help a lot in attack prevention, even the least secured system is hard to attack if the only ports you can get to are 80 and 443. Also, as far as microsoft is concerned you would think they would be sure to patch thier own systems. Ironically a couple of MS’s ancilliary (sp?) sites have been hacked because they were not patched in a timely manner, though not the primary site AFAIK.
Actually that’s because in most cases they depened on another server by Akaima that uses Linux to serve as a two-way proxy for them so that they wont get knocked out. I think that they have learned this lesson a long time ago !
http://uptime.netcraft.com/up/graph/?host=www.microsoft.com
Whew that is a lot of RE’s, but RE: Anonymous does not say much. Akamai does nothing to stop attacks. You can still get the actual IP addresses that are served by Akamai. Just go for thier (MS’s) edgeservers and follow the IP trail.
Just uninstall Windows and install BSD or Linux
Yeah i know. SP<– service “PACK” is a collection of hot fixes. What i find stupid, correct me if I am wrong. But MS buying a company to have an AV is just lame. The built-in firewall is weak in comparsion to ipchains. You might say that IPCHAINS is not for the easy user but there are gui tools to aide you in this. People keep saying linux isn’t secure. It is as secure as the user and the only OS that i know that is inherently secure from boot is Gentoo Linux and Openbsd. From my knowledge, of course I tend to be wrong. But gentoo has no service installed, unless you emerge. Microshit just keeps add blowwear to everything else. It be nice to have third party vendors who have access to the MS source code to be able to create reliable firewalls. But in the real world, in a buisness market, you won’t be seeing a freaking windows box serving as a firewall. Most likely a cisco pix. It is funny that i bet MS doesn’t even run MSQL maybe oracle to maintain its database. As does apple.
“I meant the fact that MANY programs in Windows require you to be administrator to run. ”
Why would you say that?
It is like nobody is using old regmon anymore. My daughter has XP Pro installed. HD is divided on separate partitions: one for system/programs, one for swapfile one for temp and two for her stuff. The partition for system and programs is read only for user and she is loged as user. Each time when the program like Photoshop, Nero, even some MS products like Photo Editor and her games complains about rights I use regmon and mmc to resolves all problems. In consequence she can not install anything insluding viruses and worms.
I other words you dont need to be logged as admin ru run any program you want
Tony, it’s a basic firewall, it’s not meant to do anything but stealth your ports.
then why include it? more bloatware?
MP: The difference is that one Operating System (Windows)encourages you to be “root”. In Linux, if I try to run a P2P or IRC program, what warning comes up? “DONT RUN THIS AS ROOT”. Thats the difference.
CPUguy: Its an inferior basic firewall. It doesn’t block outgoing traffic?! So any trojan/worm has no problem spreading Chaos(like MSblast). I think it should have at least done that.
Like most functionality Microsoft provides within Windows that was once filled by third party apps – Microsoft’s solution would be basic at best. For example, skinning in Windows XP is completely unfunctional, and based on third-party Windows Blinds. Plus, i doubt McAfee’s high-rolling customers – big enterprises – would move to Microsoft’s solution. I mean, after all, McAfee knows more about Windows security than Microsoft.
And plus, Microsoft doesn’t want to get into more legal troubles with stupid laws (flame shield up – would not entertain stupid discussion of it merits, it exists and that’s all Microsoft should care about, and so should we) like antitrust. Not only in the US, with big players playing outside of US and many of them within Europe, EU’s threats is quite, ermm, serious.
Well, unless Redmond plans for a replay of the classic hit of DOJ vs. Microsoft Corp, I doubt that this would happen. Before Internet Explorer, Netscape was by it self a monopoly. There wasn’t much they could do with it, but legally speaking, a monopoly. There wasn’t any harsh rivalry, any cut-throat competition – nothing. Before Microsoft came in, that is. Other attempts, by for example Apple with Cyber Dog (IIRC), proved futile.
The antivirus/security segment of the market on the other hand is an extremely competitive market. One slight mistake for a company means big bucks for their competitors. Each solution is different by its own right, I hate Norton but adore Panda – but then again, there are those you dig Norton and despise Panda. They made little niches for themselves, barricaded them, etc.
Microsoft going to ruin them?
Unlikely.
Point to case: Windows Media Player/ NetShow. Intergrated sometime after IE started a browser blood bath into Windows. Detractors that time claim it would be as bad as with IE. Currently, Real is still the market leader, the only player significantly earning market power is Apple.
Why? NetShow entered a matured market. Not a brand new market.
But it does prevent the computer from being infected by MSBlast in the first place.
Plus the firwall in PC Satisfaction Trial is a lot more complex than what is available in WindowsXP.
Tony: So a stripped down firewall is bloatware? Get real. Either educate yourself or leave the forum.
But remember, Linux/BSD are EXTREMELY popular server OSs (I believe some study showed Apache as the most popular server).
Apache isn’t connected to Linux. You don’t need Linux to run Apache. You can run free/Net/OpenBSD. You can run it on HP/UX, or Tru64 or Solaris. You can run it on mac OS X, and heck, you can even run it on Windows NT.
besides, notice most of the viruses for Windows don’t concern servers, rather desktops? Notice also for those viruses for Windows that hit out on servers does it where Linux aren’t all that popular, namely database servers, file servers, print servers, stuff like that?
I agree with you that Windows permision system sucks, but most viruses don’t run using that. They use security holes that can be used anyway if the user wasn’t a Administrator. And the main reason why Administrator is encouraged is because most Windows 9x software require such permisions – and Microsoft won’t make money if those software don’t work.
The big reason the free *nixs are more secure is:
And then, see…
2. Everything is open. When a problem is found, anyone on the planet can fix it. We dont rely on one company to do it for us.
Most UNIXes aren’t open source. I mean those pass the alpha and beta stage and have a stable release.
What You said is right? But the fact remains that windows is still plagued by viruses, a fact that is undeniable. One more thing, Linux is still the best server os, so do UNIX.
I guess people are ignoring the fact that the most popular anti-virus software for windows actually has a built in administrator exploit. The simple fact of having some anti-virus software on your system means that people can potentially take complete control of your system.
Windows is not secure. Windows is not as secure as most Linux installations are. Windows can be made MORE secure, but it has a long ways to go to reach Unix/Linux level of “secure.”
People who determine an OS’s security just by counting the number of vulnerabilities are just ignorant. Windows is *not* just as secure as Linux!
Look at the link bytes256 provided. It lists several different distributions, heck even totally different operating systems like the *BSDs! What are you gonna do? Add up all those numbers and totally forget the fact that there may be duplicate entries?
But the most important thing people forget, is the importance of the bug! What bug do you think is worse: a vulnerability that’s only locally exploitable and can’t even get a root shell with it, or one that’s remotely exploitable and can get you a root shell with ease?
Linux *is* more secure than Windows for the following reasons:
– While SecurityFocus says Linux has more vulnerabilities *in numbers*, most of those vulnerabilies not severe: they’re only locally exploitable and you can’t get a root shell with them. All the really, really bad bugs are fixed in a matter of days. Most of the other bugs are already fixed or will be fixed soon.
– Windows on the other hand may have less bugs in numbers, but they’re a lot more severe: remotely exploitable and the ability to get a root shell. On top of that, MS is not only slow in fixing those bugs, their patches also tend to break a lot of other things. Plus they don’t provide all patches on Windows Update, while you can get all your Linux patches from a centralized place, depending on your distributor.
Linux is the best server OS? From my experience with FreeBSD and Debian, I would lean towards FreeBSD for webservers. Other distros like Mandrake and Red Hat makes the lean towards FreeBSD bigger. I can’t say for database server, I just have MySQL running on Windows XP, never tried it on either Linux or any other UNIX. Then there is file server – I had more problems with Linux, specifically Mandrake, than anything else I have tried (BeOS not included of course ;-).
“Best” is extremely relative. Is Linux’s security better than Windows? Sure, I’m not denying it. Does it make Linux the best? Hardly, my friend, hardly. I know many security experts that would swear that other UNIXes, especially OpenBSD, has better security than Linux.
Want to know the best security available on earth? Plug out that ethernet cable (or phone line) – viola, done. No security problems whatsoever, except physical threats.
The big question is that why would any sane corporation, from McAfee to Microsoft, would want to use a backdown to harm you. I mean, that’s the worst thing you’d could do – you hardly make anything, and your company would bankrupt anyway.
I’m certain that a competent systems administrator could lock down a Windows (2000/2003) server well enough to make it pretty secure. However, Microsoft’s patching history leaves something to be desired – service packs that break applications, patches that fix one thing and then break something else and patches that require reboots (downtime for machines is something you should avoid at all costs).
It’s no wonder some Windows sysadmins are very wary about patching their mission-critical Windows servers – even if they try it out on a test server first, I bet they’re still nervous about it when it comes for real. The *only* time you have to reboot Linux when patching is if you change the kernel – all other patches don’t require a reboot…
“these are not the olden days of Windows 95 anymore. a properly administered and patched Windows server can be reasonably secure.”
I haven’t said anything relating specifically to the security of Windows, and am well aware that it can be secured. I was only concerned with the “security by obscurity” comment relating to OSS. Reading bytes256’s follow-up posts I understand what it was that he or she meant, but the way it was presented in the original post was incorrect.
1) IIRC, SP2 was going to be the *BIG* update which will include a large number of changes that were bought about by the big code audit a few months ago.
2) I hear anti-Microsoft whining, how does this affect you? You don’t run Windows XP so why complain?
3) I hear Windows XP whiners, the people who run it but whine. If you hate it so much, don’t run it. Simple as that.
4) When I worked at an ISP, every customer who had a virus ran Outlook Express, had an anti-virus product installed but never updated it and never installed any system updates. These same people then complain about Microsofts product quality.
When Microsoft releases patches, install them instantly, don’t simply pick your ass deciding yes or no. What is Microsoft meant to do? raid peoples homes and hold the user at gun point till they update their software properly?
5) Backwards compatibility is no excuse for poor security. Security should *ALWAYS* come first before anything else.
6) MSBlast issue, why didn’t people install the patches/updates when they were made available? This file patch was made available almost over a month ago.
“I meant the fact that MANY programs in Windows require you to be administrator to run. ”
Why would you say that?
It is like nobody is using old regmon anymore. My daughter has XP Pro installed. HD is divided on separate partitions: one for system/programs, one for swapfile one for temp and two for her stuff. The partition for system and programs is read only for user and she is loged as user. Each time when the program like Photoshop, Nero, even some MS products like Photo Editor and her games complains about rights I use regmon and mmc to resolves all problems. In consequence she can not install anything insluding viruses and worms.
I other words you dont need to be logged as admin ru run any program you want
And how many end users are expected to know about regmon and mmc?
If a POS component such as a firewall and now a AV that are half-baked crap it becomes bloatware when it added to an OS to which there is software/hardware that can be purchased that can do the job. Plain and simple, it is bloatware because it isn’t a fully functional firewall nor is it a
“good” firewall. You have the tendency to be condescending..hehe kicking me ouf of the forums..=
“2) I hear anti-Microsoft whining, how does this affect you? You don’t run Windows XP so why complain?”
Do you really think all anti-MS people don’t run Windows? Fact: everybody is FORCED to use Windows for many thing. Want to play modern 3D games? Windows is the only option (no, Mac and Linux are not options until Ragnarok Online runs on those platforms).
“3) I hear Windows XP whiners, the people who run it but whine. If you hate it so much, don’t run it. Simple as that.”
See above. For some things you MUST use Windows, whether you like it or not.
“4) When I worked at an ISP, every customer who had a virus ran Outlook Express, had an anti-virus product installed but never updated it and never installed any system updates. These same people then complain about Microsofts product quality.”
And who do you think made it possible to directly run executable attachments anyway? Heck, even automatically run code embedded in HTML mail!
But that’s not the point. If all those customers don’t update their virusscanner then that means they aren’t technically literate enough to understand all this virus stuff. Since all those viruses are designed for Windows, and Windows is supposed to be a product for computer illiterates, and the fact that Windows has 95% market share, Microsoft should take responsibility. With great power comes great responsibility.
“When Microsoft releases patches, install them instantly, don’t simply pick your ass deciding yes or no. What is Microsoft meant to do? raid peoples homes and hold the user at gun point till they update their software properly?”
How about first making sure that their patches:
1) Actually fix the vulnerability and don’t create new ones.
2) Don’t break anything else.
“5) Backwards compatibility is no excuse for poor security. Security should *ALWAYS* come first before anything else.”
Yeah I can see tomorrow’s headline already: People massively dump Windows XP SP 1.5 because Microsoft broke compatibility with Photoshop, Flash and Kazaa in order to fix security flaws in the operating system’s design.
Sorry but security is, and will always be, a thing that only geeks and corporations care about. The average user won’t care.
My parents and their friends would rather call me to reinstall Windows than switching to OpenBSD or something.
“6) MSBlast issue, why didn’t people install the patches/updates when they were made available? This file patch was made available almost over a month ago.”
Because it’s not on Windows Update? Do you really expect average users to browse the huge and obscure MS website just to search for a fix to an exploit they didn’t even know about?
“And how many end users are expected to know about regmon and mmc?”
Well if one does not know the basics then should not complain if something will happen.
Contrasutra
I have seen people running linux or FBSD as a root. Only because it is more convenient and easier than dealing with user permissions. And this is the heritage of Windows.
Does one really needs warnings to think sane? Imagine that you setup mail server. Lets say postfix/cyrus (these are my favorite). There is no warning that one should secure server otherwise it become relay mail server. And as you maybe know there is a lot of relay servers out there. It is not about warnings but about education. And of course Windows is so “easy” that one dont need any education at all.
“And how many end users are expected to know about regmon and mmc?”
Those same people wouldn’t know wtf “do not run this program as root” means in linux either.
That means they don’t have enough man power or they want to insert some new trick (sniff).
I didn’t say that. 😉
You’re right, some distros have you run as root, and many users do run as root. That would make Linux/BSD just as insecure as Windows. Its a shame. But the fact is that MOST distros encourage you to run as a user. Yes, not everyone will listen, but I think its a better position that Microsoft.
Not to mention Pre Windows2000 (which most people are still running), you HAVE to run as administrator, theres really no other option.
“Not to mention Pre Windows2000 (which most people are still running), you HAVE to run as administrator, theres really no other option.”
As win98/95 are not multi user OS, this concept has no sense at all. There isn’t any access rights on files ( FAT Filesystem ).
The big security problem of windows is in outlook, active X, and the fact that it is virtually impossible to use it on a real multi user on a desktop. I really try hard on winXP Homr, but as I can’t create groups, handle files permissions, without speaking about my pda driver which does not want to recognize my palm when I am not root… This is practically impossible.
The more I use debian, the less I use windows XP home. Windows XP home is really a shame. Because you’re not in a corporation, you are not supposed to change files permissions…
If only I could buy some cheap win2000, this was a great MS OS.
“6) MSBlast issue, why didn’t people install the patches/updates when they were made available? This file patch was made available almost over a month ago.”
“Because it’s not on Windows Update? Do you really expect average users to browse the huge and obscure MS website just to search for a fix to an exploit they didn’t even know about?”
Sure it is. That’s how I patched all of my servers and workstations. Windows Update WAS unavailable due to the hoax however… but the patch WAS there (and IS there) over a month before this worm hit.
“Windows has 95% market share, Microsoft should take responsibility. With great power comes great responsibility.”
Sorry, I really must disagree with this statement. That’s like saying Ford or GM should take “great responsibility” in making sure that everyone should read the owner’s manual, or that they should be tested yearly to make sure they still have the mental capacity to drive.
Your license a product, use it as you please. If you don’t want to run Windows Update (which is explained in the product brief, in the help section AND during the installation) that is hardly MS’s fault.
Users who hook their systems up to broadband, add hundreds of names to their address books, and open EVERY SINGLE ATTACHMENT they receive should be the ones flexing their responsibility.
Just MHO.
“Then there is file server – I had more problems with Linux, specifically Mandrake, than anything else I have tried (BeOS not included of course ;-).”. — I’m using Mandrake 9.1 as a file server (NFS and Samba), and it’s been flawless. Automounting on my wife’s W2K box with Samba and automounting my home and music partitions on the server with NFS on my Mandrake 9.1 box has worked without incident for a couple of months now. I’m now thinking of changing the server OS to OpenBSD though (I just feel the need to play with stuff :-)).
I went to that LinuxSecurity.com website. Hilarious. Heck, many of the distros had more remote code vulnerabilities last month than Windows alone. I had no idea.
Makes anti-“M$” zealots look like asses, to be frank. Linux is not magically 100% secure, not by a long shot.
How quickly we forget. Take a look at the following Register article:
MS hacked! Russian mafia swipes WinME and XP source?
http://www.theregister.co.uk/content/4/14265.html
Meanwhile, the trolls around here talk about Windows security, which is a complete oxymoron. I mean, if the can’t protect, the “crown jewel” of the company, which is its source code, how can anyone expect them to produce secure code for the average user’s desktop?
Of course, there are many around here that want to rewrite history with a non-sensical slogan that goes something like this: “All Operating Systems have security bugs”. Yes, just about all of them do, but how quickly are they addressed and how does the architecture of the OS help you minimize damage when a hole is found, so that even in a worst-case scenario, the damage will not be as significant.
I have never had a box rooted in over five years that I have been running linux web servers, but I know of plenty of local companies that have lost plenty of sleep and confidential documents due to existing wholes in ISS.
What was it? Microsoft’s servers have never been compromised?
http://www.theregister.co.uk/content/archive/14492.html
YEah, right…
Clay: Ignoring the fact that admins are just as much to blame, let’s conveniently forget the fact that http://ftp.gnu.org just recently got hacked too, eh?
Sorry to burst your bubble, troll.
“2) I hear anti-Microsoft whining, how does this affect you? You don’t run Windows XP so why complain?”
Do you really think all anti-MS people don’t run Windows? Fact: everybody is FORCED to use Windows for many thing. Want to play modern 3D games? Windows is the only option (no, Mac and Linux are not options until Ragnarok Online runs on those platforms).
I am not *FORCED* to use Windows. I *CHOOSE* not to run Windows. I don’t feel the need to play 3D games with earth shattering base, I chose not to visit this thing called “Ragnarok Online”. People make choices, what ever they are. If they don’t like the choice they made, they only have themselves to blame
“3) I hear Windows XP whiners, the people who run it but whine. If you hate it so much, don’t run it. Simple as that.”
See above. For some things you MUST use Windows, whether you like it or not.
See above.
“4) When I worked at an ISP, every customer who had a virus ran Outlook Express, had an anti-virus product installed but never updated it and never installed any system updates. These same people then complain about Microsofts product quality.”
And who do you think made it possible to directly run executable attachments anyway? Heck, even automatically run code embedded in HTML mail!
Who said it required a rocket scientist to click on “Live Update”? I’ve taught many people to follow basic proceedures, and most actually *GET IT*. Most users I know ask, “why wasn’t there advice like this in the Windows XP manual”? good question, why isn’t there helpful advice like that?
But that’s not the point. If all those customers don’t update their virusscanner then that means they aren’t technically literate enough to understand all this virus stuff. Since all those viruses are designed for Windows, and Windows is supposed to be a product for computer illiterates, and the fact that Windows has 95% market share, Microsoft should take responsibility. With great power comes great responsibility.
Microsoft does take responsibility by releasesing patches in a timely manner. If people *CHOOSE* to ignore these releases, what can Microsoft do?
“When Microsoft releases patches, install them instantly, don’t simply pick your ass deciding yes or no. What is Microsoft meant to do? raid peoples homes and hold the user at gun point till they update their software properly?”
How about first making sure that their patches:
1) Actually fix the vulnerability and don’t create new ones.
2) Don’t break anything else.
I’ve never had Windows broken because of a patch from Micosoft. People who have problems are those install registry tweakers, have 10000s of pieces that load up in their startup folder, *STILL* use FAT32 instead NTFS.
“5) Backwards compatibility is no excuse for poor security. Security should *ALWAYS* come first before anything else.”
Yeah I can see tomorrow’s headline already: People massively dump Windows XP SP 1.5 because Microsoft broke compatibility with Photoshop, Flash and Kazaa in order to fix security flaws in the operating system’s design.
Photoshop would NEVER be affected because Adobe *STICK* to the recommended practices. If Microsoft says, “xyz call has now been depreciated due to security concerns”, Adobe will release a patch for their product. The only products affected by a slash ‘n burn will be shit-box applications developed by two-bit companies that do nothing productive. Microsoft DOES have a choice, they made it in Windows 2003, and there is nothing stopping them from making the decision again in regards to the consumer desktop.
Sorry but security is, and will always be, a thing that only geeks and corporations care about. The average user won’t care.
My parents and their friends would rather call me to reinstall Windows than switching to OpenBSD or something.
Explain why I keep getting users worried about virus’s and crap. Users don’t care about playing games, users care about security, stability and teh ability to work from home using the same applications they have at work. Most users I know of don’t allow them childrent to play games on the computer and as such, have a playstation for that sort of thing.
“6) MSBlast issue, why didn’t people install the patches/updates when they were made available? This file patch was made available almost over a month ago.”
Because it’s not on Windows Update? Do you really expect average users to browse the huge and obscure MS website just to search for a fix to an exploit they didn’t even know about?
Amazing that I was able to goto http://windowsupdate.microsoft.com and download the patch without any problems.
5) Backwards compatibility is no excuse for poor security. Security should *ALWAYS* come first before anything else.
Including business? Notice the amounts of whines when Windows 2003 came out? It wasn’t so bad, because it was a server, but it still created a small backlash because of some breakage in backward compatibility.
Security doesn’t earn Microsoft much money. backward compatibility does. Sure, the lack of good security is harming Microsoft, but if Microsoft lack good backward compatibility, they would be harmed more.
Do you really think all anti-MS people don’t run Windows? Fact: everybody is FORCED to use Windows for many thing. Want to play modern 3D games? Windows is the only option (no, Mac and Linux are not options until Ragnarok Online runs on those platforms).
Are you forced to play video games? Do you put food on the table with video games?
Nope.
See above. For some things you MUST use Windows, whether you like it or not.
And most of the time where they are forced to you it, it isn’t Microsoft’s fault that the software in use isn’t available for other platforms. Mac could have make it big, but because of poor handling, it is in its pathetic state. OS/2 gives a better example, where IBM could dominate, but with a sheer amount of short-sightedness, Microsoft became the victor.
And who do you think made it possible to directly run executable attachments anyway? Heck, even automatically run code embedded in HTML mail!
Read this: “had an anti-virus product installed but never updated it and never installed any system updates.”. My brother uses Outlook Express, no viruses so far. Panda AV caught a whole lot, but none infected this dear PC of mine.
If all those customers don’t update their virusscanner then that means they aren’t technically literate enough to understand all this virus stuff.
All the AVs I’ve used, they come up with a message after a while to the user to download updates. Some of them even do it automatically. But then when the subscription runs thin, they refuse to resubscribe. When ever their AV ask them to download new definations, they refuse (surely so, many use dial-ups).
It is not illiteracy.
And did you notice a whole lot of this virus infections happen in the workplace? What is the admin doing? Sleeping on the job? Or did they hire a computer illiterate for the job?
How about first making sure that their patches:
1) Actually fix the vulnerability and don’t create new ones.
2) Don’t break anything else.
The way Win32 is so f*cked up, that would be very hard indeed. But this only applies to the server, which my father’s workplace have many problems with patches. Here at home, I having no problems with the patches, except for a odd one or two (e.g. the most recent .NET CLI patch).
Because it’s not on Windows Update? Do you really expect average users to browse the huge and obscure MS website just to search for a fix to an exploit they didn’t even know about?
But then, would the virus spread so fast if servers weren’t infected themselves?
Automounts isn’t most important problem for me. I don’t really need it, all of my machines only go off like once a week, or when there’s a thunderstorm, and remounting would take me barely seconds, even less if I write a script to do it for me.
The big problem is the amount of bugs. Sometimes while moving files between computers, the transmition ends. Or something of that sort. I’ve been having a lot of problems with Mandrake 9.1, and if you look into their BugZilla, you’d find I’m not the only one. FreeBSD on the other hand worked without a problem, the only reason why I don’t use it is because I don’t have a spare machine to keep solely as a file server and to do nothing else (almost everything I do cannot be done on FreeBSD, except surfing and checking mail..)
http://www.eweek.com/article2/0,3959,1220830,00.asp
Yes, microsoft really needs to be lectured on security from the open source community. Same people who had world readable password files for 20 years. “Nobody would ever do a simple dictionary attack, nope! We know about security you can trust us!”
No offense, but every government computer I’ve been on runs Windows 2000.
Again, http://ftp.gnu.org was just recently hacked, and all their files were deleted. Why are Linux crunchies ignoring this? GNU itself was hacked! Talk about security concerns…
Give up. Your trolls are so bad that they don’t work
that Microsoft likes to integrate web browsers, email clients, chat programs, MSN, and media players into their OS to undercut their competition and now they find that they almost need to integrate a virus scanner to prevent their own systems from attacking their network and remain competitive with OSs developed with security in mind.
Same people who had world readable password files for 20 years.
Yeah? Well at least our passwords are salted.
Excuse me, but last I checked GNU’s ftp site was one server, and it doesn’t sit on my network or it wouldn’t have been hacked in the first place.
Microsoft’s system get hacked ALL THE TIME. Not just one server but every freakin client that is somehow attatched to the network and isn’t updated with the latest virus scanner.
Windows isn’t secure out of the box, it will get viruses. So for a secure version of Windows you have to pay for the cost of Windows plus the cost of good virus software, then keep that software patched and up-to-date.
*nix fixes these problems and moves on, with an occational unpatched system being exploited maliciously by a real attacker. At least *nix required human intervention to crack it. It has proven far more difficult to automate a worm across *nix systems, unless you’d like to explain how it can be done, bonch.