Microsoft CEO Steve Ballmer on Tuesday defended his company’s efforts to secure its software and fend off open-source rivals.
Ballmer: Raising Microsoft’s Security Game
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
What security game….?
MS needs to start doing something about security, like code it into windows.
The fellow sounded almost humble and reasonable for a change. I think he is starting to understand where Microsoft really stands in all of this. I think free and open source software might end up making Microsoft a better company in the end.
And yeah, it’s a bit of a straw man, saying that you can’t assume that Linux is automatically more secure. I don’t think that is a useful argument. No one is really saying that. The real issue isn’t whether Chinese insomniacs add to the integrity of the OS, either. Linux and FreeBSD are currently trustworthy because the spirit of openness and goodwill brings that along. Saying “We have to fix this!” instead of “We have to hide this!” is a powerful thing, and no, it isn’t automatically effective; you need smart people working together, but we generally have that.
Still, not bad PR for Mr. Ballmer, he remained calm and wasn’t too insulting.
Baller sez, “Why is its pedigree better than code done in a controlled fashion? I don’t get that.”
Steve, it’s about not having secrets. It’s about not leaving hacks that are so ugly and fragile in your code that your Windows Product Manager, Allchin, is afraid to let people look at the code. It’s about having people look at the code, whether you want them to or not, so that ugly, dangerous hacks like that are removed, and the poor design choices they implement are avoided. It’s about not sweeping that stuff under the rug, as your company has done for decades now.
Do you get that?
When will Ballmer realize that comparing Windows with other OS is not an option, not eaven an solution!
If Microsoft wants to make Windows more secure, then they should start doing it and stop comparing with OSS all the time!
I think the first day when I would start arguing like Ballmer infront of my customer, then this will be the last day I work for this customer! Ballmer sounds like an small kid and not like an CEO of an multi-national software company! Sorry to say/write that, but this was my impression when I readed the article.
Pointing at OSS and saying that OSS is not better, will NOT make Windows more secure or make Windows shine more than OSS!
When they anounced two years ago, that they will focus on more security, I was surpriced and skeptic. Today I know why! They have come an long way, but I think they still need to realize that security is not an task! It is an process! And security in software development is not an question of “the best tool” or “the best brains”! It is an management task to transform an security-unaware company-culture to an security-aware company-culture! No matter how much time and effort they spend into security: If security it is not an integrated part of the complete process, then they can double the amount of money and time and brains and what ever they want… their applications/products will NOT become more secure.
Anyway… if someone would tell me serval years ago, that Windows would be more secure (like it is today), then I would look at them and lought. I just wish Microsoft would focus on the path they have started to walk and stop wasting energy in stupid fights with OSS.
OSS is an diffrend animal and every attempt to compare it to CSS (in the way Ballmer is doing it in the article) will fail. Because you can not compare every aspect of OSS with CSS. It is not possible.
“The data doesn’t jibe with that. In the first 150 days after the release of Windows 2000, there were 17 critical vulnerabilities. For Windows Server 2003 there were four. For Red Hat (Linux) 6, they were five to ten times higher,” he said.”
Why is he comparing Redhat version “6” to windows 2003/win 2000. If he is using redhat 6, he should use windows 95/NT in the same breath. Thats very old. Lets compare latest to latest.
when it comes down to it windows and linux are both swiss cheese on security i heard there is new holes in linux ssh and ssl. when was the last time there was a hole in iis ssl? not ever, that i can remember. oh and hole in linux proftpd as well and other in sendmale these are standard services that most linux ship with especially redhat. linux apologist say “but linux is 2 million different distributions and they all do stuff differently” but i bet u that most ship with ssh and ftp on and possibly sendmale that is 3 security holes out of the box. suddenly windows doesn’t look so bad
the big difference is with windows u get windows update, which is point and click patching, and in linux u have to recompile source code. how is that any better? it lets u patch quickly i guess but it is big mess… no one has made cleaner patching system than windows update
“Should there be a reason to believe that code that comes from a variety of people around the world would be higher-quality than from people who do it professionally? Why is its pedigree better than code done in a controlled fashion? I don’t get that,”
Maybe, because they do it professionally too, ever thought of that.
“There is no road map for Linux, nobody who has his rear end on the line. We think it’s an advantage a commercial company can bring–we provide a road map, indemnify customers. They know where to send e-mail. None of that is true in the other world. So far, I think our model works pretty well,”
Map: Forward, to make it fast, more reliable, easier to use, more scaliable, “Add your own words here for making using a computer better” and that is what they will do.
Idemnify: Um, ok, so if my data gets stolen, you will pay, because it was a security flaw that you have really not be willing to patch, nore have you been any good at finding holes.
NO rear end on the line is good, its a total failure rather than one persons.
Oh, i know email, yeah! I got mail! I got mail!
Um, your model is ticking people off man, over 80% of company heads think you don’t want to play ball with anyone else but yourself, and thats not good for them, so they are going to start looking else where.
Have you used a modern Linux distribution such as Redhat 9, or mandrake??? Looking at your post it’s obvious you haven’t. Obtaining patches and updates with a modern Linux distribution is now childs play and has been for some time. Even Slackware users now have Swaret which is far more flexible than Windows update. I have XP pro and Slackware on machines in my network and XP by default has so many unnecessary services open by default that it’s really scary. In contrast Slackware, Mandrake, Redhat and others give the user the option during the install of what services they wish to have started before the first boot. An astute user would msake sure as much services as possible are turned off, install the OS and patch as needed then turning the needed services on. Does Windows allow this????
Yes there is no such thing as a 100% secure OS and given this fact what becomes more important is not necessarily what holes exist but the spped at which these holes are addressed. In this case Linux wins hands down. The SSH fix was issued the same day, for example, that the exploit was discovered and reported. The proftpd patch has also been available for a while by the way.
I have never had to recompile source code to apply a patch by the way. This is simply not true.
“The data doesn’t jibe with that. In the first 150 days after the release of Windows 2000, there were 17 critical vulnerabilities. For Windows Server 2003 there were four. For Red Hat (Linux) 6, they were five to ten times higher,” he said.”
Oh, no, not again ! This is an old trick …
Red Hat bundles far more software (PostgreSQL, MySQL, PHP, several window managers / desktop environments, CVS, GNU c/c++/java, OpenLDAP, OpenSSH, Apache, X-Windows, Samba, sendmail, …)
Counting security bugs of all those packages is not to be compared against Windows ‘xx
By the way, it’s Red Hat Linux 9 these days …
“Red Hat bundles far more software (PostgreSQL, MySQL, PHP, several window managers / desktop environments, CVS, GNU c/c++/java, OpenLDAP, OpenSSH, Apache, X-Windows, Samba, sendmail, …)”
It’s their choice to bundle it, that’s what distros are for. If they bundle it, they should support it, and the vulnerability of the typical install should be a factor in evaluating the security of the distribution.
“when was the last time there was a hole in iis ssl? not ever, that i can remember. oh and hole in linux proftpd as well and other in sendmale these are standard services that most linux ship with especially redhat. linux apologist say “but linux is 2 million different distributions and they all do stuff differently” but i bet u that most ship with ssh and ftp on and possibly sendmale that is 3 security holes out of the box”
All of these are security issues with the particular software you are talking about: ssh, sendmail, proftpd. Ssh is not Linux, Sendmail is not Linux and Proftpd is not Linux. If I’m not mistaken, Linux is the kernel, and together with GNU makes the OS. Knowing this, enumerate the security vulnerabilities of Linux.
A friend of mine bought a new computer 2 weeks ago with Windows XP Home Edition (with SP1).
10 Minutes after starting it up for the first time, he connected to the Internet, and 2 minutes later…. He got Blaster!!!!! What are the chances of that happening to Red Hat 6 I ask mister Ballmer?
Today that computer runs Suse Linux 8.2 and my friend is very happy with his new OpenOffice 1.1. As for the XP… well, I kept the CD for my collection of Uninstalled Windows. 🙂 Have a nice day mr Gates.
[i]It’s their choice to bundle it, that’s what distros are for. If they bundle it, they should support it, and the vulnerability of the typical install should be a factor in evaluating the security of the distribution.[i]
Damn, I should be blaming Toshiba for security since they bundle miscrosoft os, symantic, aol, etc… on their laptop.
Thank you, i will point my update to toshiba’s site for all patchs.
Ballmer sez, “Why is its pedigree better than code done in a controlled fashion? I don’t get that.”
Apparently you don’t GET a LOT of things Mr. Ballmer. When we dip a finger into boiling water and get burned we are smart enough to know not to do that again. The same is true about the lack of security in Windows. Windows make Swiss cheese seem solid and uncrushable.
This has nothing to do about pedigree. If it was you would never gotten the job you have now. It’s about results. Its about results that can be proven by fully independent testers and not some company that you’ve paid to make MS look good.
Nope. You don’t get most things.
“A friend of mine bought a new computer 2 weeks ago with Windows XP Home Edition (with SP1).
10 Minutes after starting it up for the first time, he connected to the Internet, and 2 minutes later…. He got Blaster!!!!! What are the chances of that happening to Red Hat 6 I ask mister Ballmer?”
If he was connected without a firewall, it wouldn’t matter if he was running Windows or Linux. Eventually, he’d likely be exploited. The user is also responsible for the security of their system.
RedHat does support the software they bundle. However, doing a bug count on what RedHat bundles vs what Microsoft bundles is stupid, because RedHat bundles more software. If you need that software, you use it. If you don’t, you don’t. You aren’t suddenly going to become vulnerable because of bugs in software that’s on your CD, but that you haven’t installed. If you want to do a fair comparison, you compare bugs in a given installation with the same functionality.
PS> Oh, and yes, IIS has had an SSL exploit: http://www.securityfocus.com/bid/521/discussion/
If he was connected without a firewall, it wouldn’t matter if he was running Windows or Linux. Eventually, he’d likely be exploited. The user is also responsible for the security of their system.
That is not necessarily true. If you don’t have any services running (which is default on many Linux distributions) then there is nothing for anybody to connect to, which makes your machine MUCH more difficult to attack.
Windows, on the other hand, has so many things enabled by default that you MUST have a firewall or you WILL get hit; as the previous poster demonstrated.
Bring back Bill! This guy is so down-home its not even funny! Who the hell says “the cat’s meow” anymore??? He is the CEO of a multi-billion dollar company — speak like one!
Anyway, the comments about nobody’s “rear end” being on the line are off-base. When you buy RedHat Linux AS, or SuSE or whatever, RedHat or SuSE will support it. If you buy the machine from Sun or Dell or SGI, they will support it. That’s their jobs. Unless you have evidence that Linux support vendors aren’t as good as Microsoft’s support team (good luck finding such evidence!) you don’t have a case.
If your friend got blaster he plugged his PC into the internet without first turning on the firewall that is provided with XP. If this happened two weeks ago, he should have known better.
No OS is moron proof.
“Apparently you don’t GET a LOT of things Mr. Ballmer.”
Absolutely. They’re acting like children about all of this. Close your eyes long enough and Linux will be gone. There’s no such thing as Penguins. Ignore it, and it will go away.
I mean, you would think that serious corporate executives would look at the big picture objectively, seeing which way the currents are flowing and get on for the ride. They could actually be making money off Linux instead of just hoping that if they discredit it enough, it will disappear. They’re what, about ten years too late for that strategy to work?
Microsoft firewall isn’t on by default.
“Damn, I should be blaming Toshiba for security since they bundle miscrosoft os, symantic, aol, etc… on their laptop.”
RedHat built their business around supporting the software in their distribution. People/businesses pay for this support. If you’re paying for support from RedHat for their distribution, you should be concerned about the level of support provided. Security is a part of this. It’s no different than a commercial vendor (In fact, they are a commercial vendor).
And, as far as evaluating the security of Toshiba’s computers, yes, the fact that they bundle a lot of software should be taken into account. The more software on the system, the more effort it takes to keep the system updated and secure. It may cost less upfront and/or in subsequent time spent securing a computer from another vendor that doesn’t bundle as much. The same cost issue applies to RedHat and others. Maybe I can save time/money and obtain a greater level of support and security by going with another vendor.
Look,
It’s a lost cause with these Microsoft execs.
Security is beyond their capacity to grasp.
Nor, will they spend the money necessary to do the work required.
But, you’re never going to convince them.
Linux and OS X, any Unix, are for those people who “Get It”.
There’s a level of Operating System for everyone.
Look at what we are dealing with.
– They don’t know what’s the current version of the competition,
they don’t know the patch policy, they don’t understand what can be done to design a real OS, they don’t understand speed of updating code,
they don’t understand Quality vs. “Microsoft Quality”.
They don’t understand the need for more than one month up time,
since you’re “going to have to patch once a month” anyway.
They don’t understand ratio’s, i.e. the all software has bugs BS.
Windows has never been the OS you go to for a Quality OS.
Let’s stop arguing with THEM. WE arn’t going to convince them.
They don’t want a Quality OS and we do.
If you take the time to stand back and look at the two OSs, you would see where the vulnerabilities lie.
When you say that there were 5 to 10 times more vulnerabilities in Linux than in Windows, are you speaking of Linux “The Kernel” or all the programs that make up a distro. Seeing the MS incorporates a lot of code into their kernel, it would seem to me that the actual vulnerabilities go way down for Linux.
How many holes does MS Office have? So because Linux ships with OpenOffice.org, that means if there were a problem there, that would count too? That is ridiculous. I would debate anyone who could tell men that Windows is safer/better/more secure than Linux, and not Linux the Distro, Linux the kernel.
“Microsoft firewall isn’t on by default.”
Read again I never said it was.
“If your friend got blaster he plugged his PC into the internet without first turning on the firewall…”
Now I know why alot of people use Linux to avoid getting Virii, etc. My question is how are they installing Linux, if they can’t read or turn on a firewall that merely has to be clicked to be turned on?
“RedHat does support the software they bundle. However, doing a bug count on what RedHat bundles vs what Microsoft bundles is stupid, because RedHat bundles more software. If you need that software, you use it. If you don’t, you don’t. You aren’t suddenly going to become vulnerable because of bugs in software that’s on your CD, but that you haven’t installed. If you want to do a fair comparison, you compare bugs in a given installation with the same functionality.”
This same argument can be made about Windows. It also includes software that isn’t part of the OS, isn’t installed by default, or can be removed after OS installation or not installed at all during OS installation, yet a vulnerability or bug in this software is often counted as a “Windows Bug” by MS competitors just as you’ve done now. IIS isn’t installed by default.
This is one reason why I said you should count the typical install as it is what the vendor recommends to the user as the default installation option and what the majority of users would use.
MS is a company that came when the market was ready. Even then, they had no idea what it would be like 20 years down the road. Back then they had enough foresight to see that people would be needing them, but not on the scale that we are at today. They sit in closed meetings with NDAs ready to plot their next war, and their software is only a cover for that. Unix/Linux Developers understand the concepts of computing, and they create software for the people, by the people. When I use Linux I know that the software I am using was developed by one or more people who had a need for this. There were no round table discussions on how to make the most money from it, it is done from the heart. That is how the Open Source community survives. They know and love what they do. That will be the make or break situation for companies like MS. The people may not care of the politics, but when something fits like a glove, people do notice.
>Now I know why alot of people use Linux to avoid getting
>Virii, etc. My question is how are they installing Linux, if
>they can’t read or turn on a firewall that merely has to be
>clicked to be turned on?
What [IP: —.phil.east.verizon.net] was trying to say, and clearly you did not get, was/is the fact that if you build an unsecure OS like Windows with ICT-brainless-users the least one can expect is that they turn on the firewall by default.
RedHat is doing that btw.
Windows is ment for pc dummies therefore you cannot expect the avarge Windows user to even know about a firewall.
Anyway i think it does not even make a difference, Windows is unsecure as heel with or without a firewall, worse a firewall build by Microsoft.
Yes all great inventions and ideas have come from the heart. The television was invented not to make money but by someone who just wanted to watch commercials and pay for cable.
The telephone was invented with the idea that everyone would be able to construct thier own from items found in any 1900’s era hardware store and connect it to the free phone network. The operators were all volunteers of course.
The autmobile was invented by just a bunch of free spirts that wanted everybody to able to jump out on to the road and stay in all those free hotels as they traveled from free gas station to free gas station.
No one should do antyhing for money. We should all just work for free because we want to provide all of human kind.
The title of his post was “Wrong Bill S.”
Maybe you believe Microsoft is wrong by not turning on the firewall (I totally agree that they should have the firewall turned on by default), but I was not wong in what I posted.
How is his friend going to manage a Linux box if he can’t turn a the firewall on XP? Even if he is using Linux he should have a hardware or some kind of dedicated firewall.
“”Should there be a reason to believe that code that comes from a variety of people around the world would be higher-quality than from people who do it professionally? Why is its pedigree better than code done in a controlled fashion? I don’t get that,” he said.”
Of course you shouldn’t take it for granted. If I write some crap code and release it under the GPL license, say, it doesn’t automatically become any good as a result of that. The only sure way to assess code quality is to take a look at the code in question for yourself, or at least have it made available so that anyone who wants to can do so. But oops – the only people who know what Microsoft’s highly-guarded code is like quality-wise are Microsoft employees, and somehow I don’t think their testimony would be terribly impartial if you were to ask them about it.
Additionally, as someone’s already mentioned, they admitted under oath in the antritrust hearings that their code is utter garbage security-wise. Quoting from http://www.eweek.com/article2/0,3959,5264,00.asp : “He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed.” And *then* (the icing on the cake) they disclosed it to various foreign governments regardless. Hmmm… charges of purgery and/or treason, anyone?
Ballmer’s whole argument just doesn’t wash.
My “translation” got moderated down. You all know that what I say is true, why do you deny it?
“There is no road map for Linux, nobody who has his rear end on the line.” LOL —
Mabe Ballmer hasent read the EULA to his own company’s product?
Ballmer, open eula.txt and search for “Death”. That will give you a good place to start reading about who has their ‘rear end on the line’.
All of these are security issues with the particular software you are talking about: ssh, sendmail, proftpd. Ssh is not Linux, Sendmail is not Linux and Proftpd is not Linux. If I’m not mistaken, Linux is the kernel, and together with GNU makes the OS. Knowing this, enumerate the security vulnerabilities of Linux.
Do the same with windows then. IIS is not windows, Outlook is not windows.
If you want to follow that route then windows is very secure, the kernel that is.
If you want to follow that route then windows is very secure, the kernel that is.
Except for this inherent flaw in the design of Win32 messaging system:
http://security.tombom.co.uk/shatter.html
In that article how could ballmer compare win2k/2k3 with aging RedHat 6? (He might think that RedHat 6 was the latest)
MS is a profit company and therefore i think they just can’t say the truth. Rather he has to say Windows is better, not to hurt MS by himeself.
Anyway.. Linux is not OSS itself but only the part of it. Let’s compare Windows, whatever the version is, with OpenBSD that has had only one remote hole in default install, in more than 7 years!
Can people still think Windows is more secure?
Of course, Microsoft tends to provide only one utility for each function, so if that application has a vulnerability, the vast majority of Windows users are likely to be susceptible (Outlook Express being the best example here). That’s one of the problems of a homogenous environment/software monoculture. By contrast, if you announce a vulnerability in Kmail, then people *might* be using that, *or* they might have opted for Evolution, Sylpheed, Pine, Mutt, Thunderbird… Which one do you count? You couldn’t reasonably count them *all*, since each person would probably just be settling for whichever *one* of the mail apps he liked best, and thus the aggregate figure would be meaningless.
Lather, rinse and repeat for web servers, ftp servers, web browsers, etc… Most distributions include a wide choice of applications on their CD/DVD set, many of which overlap/compete in terms of functionality, and any of which any given user might have installed (or not). If you did a comparison between your own Windows installation and your particular Linux configuration, it would be at least be more fair, but then the results would be different for each person, making broad comparisons between the operating systems somewhat pointless unless you were to focus in on specific applications or services.
Another complication is that a great deal of *nix software has either been ported to Windows or runs under Cygwin, which can also muddy the waters yet further.
“with OpenBSD that has had only one remote hole in default install, in more than 7 years!”
One must take into account OpenBSD’s definition of “hole”. They include under that term only vulnerabilities that were being actively exploited prior to the time of patching. A great deal of Linux security advisories tend to be pre-emptive fixes for what may or may *not* turn out to be exploitable vulnerabilities, as well as many things that would only be *locally* exploitable. If you were to ignore all of these issues in the vulnerability count as OpenBSD does re: its own track record, Linux wouldn’t look nearly so bad by way of comparison as it does if one is not mindful of this distinction. You have to make sure you’re comparing like with like.
Anyway.. Linux is not OSS itself but only the part of it. Let’s compare Windows, whatever the version is, with OpenBSD that has had only one remote hole in default install, in more than 7 years!
That claim is very dubious on the part of OpenBSD. The canonical interpretation, in my opinion, would be that if you installed an OpenBSD system any time in the past 7 years, it would only be vulnerable to a single, isolated security vulnerability.
However, OpenSSH has proven itself susceptible to at least two vulnerabilities since it was enabled per default on OpenBSD. Apparently a vulnerability must meet an unspoken minimum level of severity before OpenBSD is willing to update their counter.
For the record:
The most recent openssh vulnerability did not affect a default OpenBSD installation.
In the next few years, we will see a giant inflection point. The end of the PC as we know it. And the birth of many new computing platforms as many in the world decide not to sign up and pay the big dollars for Microsoft’s DPM (Digital Prison Management) PC (Personal Cell). Microsoft will tout all the new “security” features in DPM Windows to make people upgrade. Perhaps the USGOVT will even force people to upgrade to DPM Windows so you can get your Internet Usage License.
The most important piece of legislation to pass in years is quickly approaching… a couple key extracts —
http://theinquirer.net/?article=12219
A clause of the treaty will mean that non commercial infringers of peer to peer files will be sent to prison. The IP Justice report says that unless “the second clause to article 4.1 is deleted from the FTAA treaty, Internet music swapping will be a felony throughout the Western Hemisphere in 2005”.
…
“The US Constitution, says IP Justice, forbids companies to copyright facts and scientific data, but this will be overridden by the treaty.”
Get your data ready to migrate to other platforms. The Windows lockdown is coming sooner than you think.
Ignorance is Strength | War is Peace | Freedom is Slavery | Microsoft is Safety
1. MS Security is the topic.
2. MS says, again, that they are “getting” the security issue.
3. Windows supporters raise the same old arguments, even though MS itself is no longer publicly making those arguments.
4. Someone starts a mini-conflict on Linux vs. BSD.
Same old, same old.
Regards,
Mark Wilson
I’d love to know how many times Microsoft has actually said they are going to kick it up a notch with security. Too many to count. Almost always, another virus will come along destroying their creditablity.
I also love how it makes mention of “indemifying the customers.” It shows how there is some link between Microsoft and SCO, since that’s been what SCO has been preaching for quite some time. I don’t really see the point though, their not your customers so why do you care. More to sue if you win.
He also goes to mention the amount of patches in Red Hat. So, Red Hat actually makes very little of the packages in their distro. Atleast they are providing patches to fix them that actually FIX what they are ment too, and not break anything else, like some Microsoft patches have been known to do. On top of that, atleast they fix their bugs quickly.
He mentions that Linux users aren’t use to paying for software. Hey, I bought Savage when it came out. The company I work for also bought a Oracle license. My friend down the street paid for Maya. I’d gladly pay for Photoshop if it were natively ported to Linux(which it might be one day, because of the heavy use of Linux in Hollywood).
This article is just plain FUD to shoot up stock prices by those who read it.
I know (work at) a company that is going to convert over 3,000 PC’s to LINUX in the next 3 month.
Reason: worms and viruses. I watched the CIO blow up over the last round of worms.
Its over. Thank god for linux.
I know (work at) a company that is going to convert over 3,000 PC’s to LINUX in the next 3 month.
Reason: worms and viruses. I watched the CIO blow up over the last round of worms.
I guess the SysAdmins were too busy playing Quake rather than actually doing their jobs?
Seriously though, with the correct setup and maintenance Windows can be made just as secure as any other OS. Conversly, Linux can be just as insecure as Windows (aka Lindows)…
Anyway I take it the company IT dept is underfunded and undermanned, to why that happened? If that is correct, how will Linux fix things? Remember Linux is a tool, NOT a solution…
The differece is that in Linux you enable those few things you need, and in Windows you disable all the junk that is running by default. Since it is easier to list what you need rather then what you don’t, more time is required to secure the Windows machine.
Fixing this problem in Windows would be quite easy – just ship with a locked down configuration. Why, oh why does one need RPC service listening in XP Home?
Anonymous (IP: —.levtwn01.pa.comcast.net) – Posted on 2003-10-22 02:05:26
“I also love how it makes mention of “indemifying the customers.” It shows how there is some link between Microsoft and SCO, since that’s been what SCO has been preaching for quite some time. I don’t really see the point though, their not your customers so why do you care. More to sue if you win.”
The FUD is worse than that. MS, in fact, does not indemnify its customers for anything.
For example, see:
http://www.microsoft.com/windows98/downloads/contents/wurecommended…
Regards,
Mark Wilson
“What [IP: —.phil.east.verizon.net] was trying to say, and clearly you did not get, was/is the fact that if you build an unsecure OS like Windows with ICT-brainless-users the least one can expect is that they turn on the firewall by default.
RedHat is doing that btw.
Windows is ment for pc dummies therefore you cannot expect the avarge Windows user to even know about a firewall.
Anyway i think it does not even make a difference, Windows is unsecure as heel with or without a firewall, worse a firewall build by Microsoft.”
Indeed. And what left users stupid, non-learning? Windows. Windows takes the freedom of will away from the users by default. And in extreme, there’s not *that* much more freedom. There is no learning curve, there are childish animations with dogs and cats all over the OS.
MSDOS kept the morons away. Ofcourse BillG all saw this when he decided to go Windows (he has done marketing and economic studies on university, not ”programming” or so) and he did that very smart. Well, from some point of view… i feel for all the morons who can’t control their own computer.
The user is a normal home user.
Windows was attacked in 12 minutes.
Linux has been working for 2 weeks without any problems.
THIS is what an OS should offer. EVENTUALLY all will be attacked. But the frequency and volnerability differs. That is MY point. Not that the user “should” have opened his firewall. Thank you very much. I am a computer expert and have never been hit by a virus (I am also very lucky). But on Windows I have to get ready for them from the moment I turn on the machine. On Linux I just have to take care when I turn on a service.
“If my grandmother had weels she would be a car” Microsoft Windows XP.
On other news (Jan 2005): Microsoft has released a new patch to protect your self from “airborn” viruses. 🙂
Microsoft users beware. Wireless is coming soon…
And from the viewpoint of the “PC dummies”, it’s strange that we can have all these IT professionals and software engineers and yet some bald 18 year old loser can write a worm that outsmarts seemingly all of them and screws up half the country. And the IT response is patch, patch, patch. Not “we should have seen it coming” but “you got to keep patching”, except that average PC dummy has better things to do with their time than patch their version of Windows over and over again. They didn’t spend a bunch of money on a new computer only to be realize it will fritz out on them as soon as they go online. They don’t spend all their time studying computer manuals and fidgeting with their hardware, they actually have lives. It is not they who should be responsible for stopping some redneck teenager from Minnesota. That’s what we have software engineers for…because otherwise maybe we can just get Jeffrey Lee Parsons to write a new version of Windows for us…