Think Windows Firewall is tough enough to keep your system safe? Check FlexBeta’s review. Elsewhere, the Express Install for WinXP SP2 is now available (90 MB).
How Secure is Windows Firewall?
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
OK, so it replies stealth to ping, great news [/sarcasm]
Their TCP connect scan reports 135-139 in closed state. From the article: “When a port is reported as closed, this means that the port exists, therefore the system exist at that IP.”
So what was the point of MS blocking ping again? Now ping is no longer able to be used for valid causes but script kiddies have a workaround?
This is exactly what I said would happen.
Sure they stealth a lot of other ports but then again they didn’t even bother other ports which means that all a hacker has to do is to scan a little more.
the problem with MS developing better firewall is that then user won’t opt for third party firewall companies will have very heavy loses. if user get a good firewall free with OS then why to buy another one & waste 50$ or so?
so the trick which MS is doing here creat an avarage quality firewall so that it will be sufficient for joe user but not that good so that additional security concern ppl will need to buy one
isn’t it ironic that ppls find MS guilty of Antitrust case but still complain about firewall is not the best.
is it becoming a trend to bash MS for anything it does ????
the problem with MS developing better firewall is that then user won’t opt for third party firewall companies will have very heavy loses. if user get a good firewall free with OS then why to buy another one & waste 50$ or so?
And that’s exactly why those “Windows has lower TCO” studies are full of rubbish. Do they take into account the additional software people have to buy because Windows isn’t up to snuff?
so the trick which MS is doing here creat an avarage quality firewall so that it will be sufficient for joe user but not that good so that additional security concern ppl will need to buy one
isn’t it ironic that ppls find MS guilty of Antitrust case but still complain about firewall is not the best.
is it becoming a trend to bash MS for anything it does ????
What they’re doing is creating a market for very average, pointless software – on Windows. What people want is competition with Windows. They have deliberately made systems fairly unsecure and open to spamming abuse to continue to create markets for this and to push their own security agenda, which isn’t about security at all. I find that ironic.
From the article:
the fact that it does not monitor outgoing traffic and that it can be turned off easily by other applications really doesn’t make it a safe firewall in my opinion.
Name me a firewall that can not be turned off by a user who has administrator/root priviledges, then we can talk about safe firewalls.
If user can turn firewall off, so can piece of code running under user account.
You know, a firewall is like a door that locks your house. Ask yourself, why you do not need the key to open your door from inside.
Strangely enough, a house door that blocks inbound traffic but does not block outbound traffic is more than adequate for over 99% of households.
What they’re doing is creating a market for very average, pointless software – on Windows.
I love it. So, firewall is a pointless software now… That is so deep, man!
Stealthing ports is pointless. It provides no more security than closing ports. Stealthing ports is marketing hype, plain and simple. In fact, stealthing ports can generate access traffic and give attackers a notification that, yes, indeed the system does exist since stealthing firewalls break RFCs.
Article is full of misinformation. Ignore article.
I agree with you 100% If MS creates a secure OS with a very good firewall then here comes a tones of lawsuits from Symantec, McAfee etc blaming MS for unfair competition blah blah. MS is actually the vicum here! It’s like stepping on their own foot. It’s called business
But lets see what’s gonna happen. If MS loses the monopoly position due to lack of security, will they sue third pary security companies? Even if they do, they will most likely lose. BUT then again, some of the mistakes are pretty silly from MS side too such as leaving un-necessary ports open. Looks like the saying is right, with too much power, you can destroy yourself. Due to too much power, MS fears to create a solid firewall that will just work, if they do, they will hurt themselves with lawsuits. If they don’t, they hurt themselves anyway. So what do you do? Create an averagely good firewall like they just did with SP2 which in a way still hurt themselves but not as bad as the other two ways.
Since a number of the very worst Windows security problems of the last few years were all caused by malware launching denial
of service attacks over the Internet, it would make sense for
Microsoft to adopt a ZoneAlarm style ( assuming they were the
first to adopt this particular strategy) of having all
outbound ports closed but monitored and popping a warning to
the user – “Hey application $appname tried to make an
outbound connection – Do you wish to allow this? For this
session only? Always?”
How about rate-limiting outbound connections on a per application basis and notifying the user is the limit is exceeded.
So what was the point of MS blocking ping again? Now ping is no longer able to be used for valid causes but script kiddies have a workaround?
Um, you can easily configure the firewall to let through specific ICMP messages (including echo request aka “ping”).
Anyone have a direct link to the full 90Mb download as the 1.8Mb express download keeping telling me it can’t establish a connection and to retry.
“What people want is competition with Windows.”
There is competiton to Windows. The reason it isn’t viable competition on the desktop is exactly because poeple don’t want it.
Most home users are running no firewall at all, so something is better than nothing.
The next thing to be done is to start shipping wireless access points lcoked down by default and forcing poeple to secure them. There are way too many people running Linksys gear right out of the box.
The real solution to all of this is to start making people as responsible for thier computing habits as they are for thier driving habits. If we want the governments to stay out of this the ISP’s had better step up secure thier networks.
Defense in depth is one of the most important aspects of information security. People have to rely on AV to protect from the ridiculously simplified scenario presented in the article–another piece of software simply turning off the firewall. As another poster mentioned, name a single firewall that _can’t_ be disabled by a user w/admin privs.
Also, I can’t believe that the reviewer basically concludes that the XP firewall is useless and that you should remove it and install something better–based on just a few anecdotes and a short period of usage. That’s irresponsible, IMO. The firewall automatically blocks all potential incoming naughtyness which may be trying to exploit network-facing security vulns. Isn’t that the #1 vector for viri in the past two years?
If you want to be outraged at something, be outraged that now MS won’t have to work as quickly to repair these vulns due to the enormous number of firewalled windows machines which will exist after SP2 is deployed through windows update.
I think that the lastest SP2 is a step in the right direction for MS. I worked Internet tech support for a long time and the company I worked for offered free Firewall Software. It was unbeleivable the amount of people that cut off there own Interenet Access just because they would click no to a security pop-up requesting access to the Internet. It also makes me wonder how many people just opened up the whole deal just because the security questions were a little to inconvienent. The security pop-ups take 10 seconds to read, and a somewhat stupid monkey could easily understand the clear language in which most firewalls present them. Yet I was constantly amazed by the amount of people that couldn’t understand nor took the time to even read the notifications.
Therefore I think that MS has to cater to the lowest common denominator of it’s user base or else risk a flood of technical support responses from moromic users who have no concept of simple explanations. The firewall will signifigantly reduce the effectiveness of worms such as blaster and sasser.
On the other hand I think MS should take immediate action on the reason that trojans and spyware get installed on systems . The fact that the majority of joe users runs with admininistrative type privileges on a common desktop system. I think that making a user type a password and take some more definitive steps to install a program would be much more effective in stopping malicious software from using a computers network connection for malicous use. This by no means is a silver bullet and true security can only be enforced by educating a user, but nonetheless allowing executable E-mail attachments to have root access to system files is a horrendous security oversite IMHO.
So in conclusion I say Kudos to MS for setting up a system that will allow for increased overall network security while attempting to minimize the adverse effects for the most common of users. But I hope this is just a step towards a much more secure Windows system be it SP3 or longhorn.
I don’t know what everyone was complaining about. This article pointed out some weaknesses and oddities about MS firewall and suggested a better free alternative. IMO all of the issues were relative. Blocking responses to pings but sending “closed” responses for other ports is inconsistent and doesn’t make any sense. Yes these can be changed but most people won’t bother with it because its beyond their skill level. In the end it looks like MS did just enough to prevent TODAYS security problems and not bet sued by somebody like Symantec. Its nice that someone has examined this in detail and I agree with their recommendation. If you are serious about running a host-based firewall dump this one like a load of toxic waste and get a real one.
I think the author of the article may be missing the point just a tad. While it’s true that Microsoft would have helped many of its soccer mom consumers by prompting to block outbound connections, I’ve witnessed too many times the user just click “yes to all” or no or whatever without reading the dialogue. They don’t care. They find it intrusive. The only time they’ll care is when everything breaks.
So maybe Microsoft chose their course deliberitly. An inbound firewall does what most people need, protect them from inbound threats. Since I’m on a college network, thats pretty helpful. I now have two layers, router and SP2 firewall. Am I worried about outbound threats? Not really. In five years I’ve had one virus and that was self inflicted.
With good computing practices, properly applied patches and a bit of knowledge, the threat of outbound sources should be greatly reduced. So, what’s the greatest threat then? Inbound.
Microsoft might make some bad code at times but they aren’t entirely stupid.
When he says use Zone Alarm rather than the windows firewall. Yes, because zone alarm is the epitomy of security </sarcasm>. It may be fine for a home environment, but not for a corporate environment. Our old office stopped supporting machines with Zone Alarm because it created more issues than it solved. I like the idea of being able to centrally manage firewall settings like with SP2’s firewall. And to the poster that said that no firewall with root admin privileges could be turned off, what about a bridging IP-less firewall in a locked room? *grins*
“Name me a firewall that can not be turned off by a user who has administrator/root priviledges,
then we can talk about safe firewalls.
If user can turn firewall off, so can piece of code running under user account.”
OpenBSD does it rather easily. Setting the kernel security level to 2 has the effect of, according to the man page “pfctl(8) may no longer alter filter or nat rules”. Linux (with SE or grsecurity patches) and the other BSDs may have some equivalent.
Yes, MS is moving the right direction. But why did they take so long?
The Windows security problems were know for a very long time and with 90%+ market share, MS should have been more resposive much earlier.
I’m suprised more people aren’t sick and tired of all of this juvenile whining and complaining about Windows, especially at OSNews.
You bitched that Windows was unstable, millions (perhaps billions) were spent, they released a (far more) stable 2000 and then XP for desktop users, still not good enough for the *nix zealots and open source people.
You bitched that Windows included “too much software” and Microsoft used their “monopolistic” position in the market to abuse competitors. The nanny state was sicked on MS and they were abused by government until everyone was (somewhat) pleased. This rediculous pee-pee dance still continues today on a smaller scale. Still not good enough.
You bitched that Windows was insecure, and it was, but that isn’t exclusive of just the Windows OS. Microsoft created 2003 Server, a significant improvement over 2000 server and spent over a billion dollars to improve XP (free for Windows users, I might add) adding a firewall and other improvements to help w/ security. That’s right, still not good enough.
Microsoft is spending a vast amount of it’s fortune to appease customers, earn new customers, and continue to maintain it’s position in the marketplace, which it has every right to do in a “free” market.
AAAAGHHHH! I’m just sick of hearing this constant blather about big bad Microsoft. Use an alternative OS! Switch to Linux! Switch to Mac OS! Switch to any of the other operating systems available (which wouldn’t even be relevant, perhaps not even available, if MS were *really* a “monopoly”).
Microsoft is quite frankly, a very successful American business and has hurt no one. They have generated billions of dollars, created *who knows* how many jobs, 3rd party software businesses, and was a *major* contributor to the astronomical growth of the IT/IS/PC, etc. industries over the last couple of decades. They’ve donated billions of dollars and helped to “spread the wealth”, which they were not obligated to do, mind you. Even if this was purely for positive PR on MS’s behalf, isn’t this the beauty of an open, capitalist market? Doesn’t everybody win!? Unfortunately, I think most of this is lost on the anti-MS crowd, who obviously enjoys partaking in group-think more than forming their own conclusions.
As a contractor I use mostly Windows and Linux. I have several local clients who use either one or the other exclusively or both in a “heterogenous” environment. These people don’t care what they’re using as long as they can continue to offer products/services that are in demand and continue to make MONEY!
I’m done now, thanks! Feel free to retort but I almost never check back on these forums on the rare occasions I post something.
Also, a littled dated, but great! See:
http://www.lewrockwell.com/rockwell/trot1.html
Well, dude, amen. you hot the nail on the head.
But y’all’ll probably go all flame on him, too bad.
Wow, did you manage to post all that with a straight face?
I think that you must have mistyed the URL you wanted – trolling is welcome at Slashdot.
But, all that aside, I’ll take a shot at your points.
You bitched that Windows was unstable, millions (perhaps billions) were spent, they released a (far more) stable 2000 and then XP for desktop users, still not good enough for the *nix zealots and open source people
They didn’t do it because of the open source zealots. They did it because the PAYING customers demanded it. Also, they needed
a migration path away from the 3.1/95/98/ME platform as maintaining two such large codebases in the long-term is more hassle than even M$ can afford – and the problems with
that old DOS-based codebase are probably unfixable.
You bitched that Windows included “too much software” and Microsoft used their “monopolistic” position in the market to abuse competitors. The nanny state was sicked on MS and they were abused by government until everyone was (somewhat) pleased. This rediculous pee-pee dance still continues today on a smaller scale. Still not good enough.
As far as I can tell, the complaints about code bloat aren’t
really related to the inclusion of “too much software”. It’s more like “why is all this stuff needed just to get my computer working”. If anything, there’s a legit complaint about “too much software” THAT CAN’T (easily?) be REMOVED.
The “pee-pee dance” as you term it continues because the end result didn’t please anyone who had more than half a brain.
A long string of these pathetic half-measures to rein in M$
will only end when either they win outright ( entirely possible given their marketing savvy and muscle) or the sanctions ( and the enforcement of them ) actually have an impact.
You bitched that Windows was insecure, and it was, but that isn’t exclusive of just the Windows OS. Microsoft created 2003 Server, a significant improvement over 2000 server and spent over a billion dollars to improve XP (free for Windows users, I might add) adding a firewall and other improvements to help w/ security. That’s right, still not good enough.
Well, it still is. And, yes, other OSes have their problems but Windows, despite the multi-year focus on security still ranks well above its competitors in security flaws and, on the whole, releases fixes much more slowly.
Now, I haven’t seen too many people on this forum knocking Win 2003 server but perhaps I haven’t read the relevant posts. As far as the billion bucks to fix XP, well, the underlying security of the OS is their responsibility. And,
I wonder about that billon-dollar figure – I mean, consider the source.
By the way, do you have any dollar amounts for the costs of cleaning up virus infections, recovering from backups, and the lost income from these and other denial-of-service attacks? Nimda cost my former employer and their clients a
big chunk of change, let me tell you.
Microsoft is spending a vast amount of it’s fortune to appease customers, earn new customers, and continue to maintain it’s position in the marketplace, which it has every right to do in a “free” market.
Yes, it does. But, even a free market has rules and they appear to have broken more than a few for a very long time.
AAAAGHHHH! I’m just sick of hearing this constant blather about big bad Microsoft. Use an alternative OS! Switch to Linux! Switch to Mac OS! Switch to any of the other operating systems available (which wouldn’t even be relevant, perhaps not even available, if MS were *really* a “monopoly”).
As far as their illegal or questionable activities, if they keep on doing them, it’s perfectly all right to keep “blathering”. A lot of us have switched or dual-boot when we have no other choice. A monopoly doesn’t have to be 100% of the market but I think that you would have encountered a lot
fewer complaints were it not for the Microsoft “tax”.
Microsoft is quite frankly, a very successful American business and has hurt no one. They have generated billions of dollars, created *who knows* how many jobs, 3rd party software businesses, and was a *major* contributor to the astronomical growth of the IT/IS/PC, etc. industries over the last couple of decades.
Yes, they’re successful. Hurt no one? Do a little research, please. Generated billions? Well, they’ve earned billions for themselves , which is not the same thing.
Look they didn’t create the IT industry, they participated in it and were in the right place at the right time and were smart, tough, and resourceful. I don’t knock them for any of these things at all – it’s their unscrupulous activities that annoy me and their readiness to claim as their own things that were created by others.
[/i]They’ve donated billions of dollars and helped to “spread the wealth”, which they were not obligated to do, mind you. Even if this was purely for positive PR on MS’s behalf, isn’t this the beauty of an open, capitalist market? Doesn’t everybody win!? Unfortunately, I think most of this is lost on the anti-MS crowd, who obviously enjoys partaking in group-think more than forming their own conclusions.[/i]
Big points to them for philanthropy but that still doesn’t mean they’ve never done anything wrong. I don’t think that the “Robin Hood defense” carries much weight. Also, I think that Bill set up his foundation to honor a request from his dying mother that he’d give most of his fortune away.
Question: How much of their donations were cash and how much
was their own software donated at retail value?
Doesn’t everybody win!? Unfortunately, I think most of this is lost on the anti-MS crowd, who obviously enjoys partaking in group-think more than forming their own conclusions.
We can’t all win when the biggest player isn’t playing fair.
That’s my very own conclusion.
As a contractor I use mostly Windows and Linux. I have several local clients who use either one or the other exclusively or both in a “heterogenous” environment. These people don’t care what they’re using as long as they can continue to offer products/services that are in demand and continue to make MONEY!
How does using an alternative prevent them from making money? I’m not aware that anyone can be locked-in to Linux
but some of the other OS and enterprise-level vendors are notorious for that practice.
Google will quickly turn up lots of success stories of companies that have switched to Linux and saved lots of money in the process and have better or equal performance and reliability.
I’m done now, thanks! Feel free to retort but I almost never check back on these forums on the rare occasions I post something.
Probably a good sign that you’re incapable on seeing any merit in an opinion other than your own.
You included a link to an article that was little more than
trying to paint the Open Source movement with the brush of
socialism. Not much in the way of facts.
Try this one for a longer, much more fact-based rant. Sadly,
it supports a point of view OPPOSITE to your own.
http://www.euronet.nl/users/frankvw/index.html
My previous post should have italicized the following pargraph
They’ve donated billions of dollars and helped to “spread the wealth”, which they were not obligated to do, mind you. Even if this was purely for positive PR on MS’s behalf, isn’t this the beauty of an open, capitalist market? Doesn’t everybody win!? Unfortunately, I think most of this is lost on the anti-MS crowd, who obviously enjoys partaking in group-think more than forming their own conclusions.
Sorry about that, if that confused anyone
Well, you my “friend” is a fool…It’s incredible that ppl like you actually are a living creature..
go back kiss Mr. Gates in his *ss. and when you wake up, feel free to join the human race….
omg… he can’t be for real… I’m stunned…
and has hurt no one.
hahahahaha
http://www.euronet.nl/users/frankvw/rants/microsoft/IhateMS.html
*We can’t all win when the biggest player isn’t playing fair.
That’s my very own conclusion.*
Wow – you thought that up all by yourself? Best have a lie down, you must be tired.
You own a home right, or at least a computer? Well, I’m after your home and everyhting that’s in it. I know it’s yours, and you’ve spent lots of time and money decorting to your (very) in individual style (lots of picture of penguins and men with beards, maybe a lava lamp or two). You gonoing to defend it, or let me take your it and your belongings – play fair will you?
i dont know how you people use your computers, but i never have any problems with windows, spyware? virus? ha! funny stuff! And oh yeah, SP2 increase the performance of my machine, especially doom3 go figure..
You anology is very flawed. To say that a firewall is like you doors and windows is dumb. Why would a person want to be able to open you doors and windows in their house ? Well maybe they want to open a window to let some fresh air in or have the door open with a screen to do the same thing. Ever live in the hot South or South West in the US ?
Have YOU had a nap? Please take one soon as you’ve just shown your thinking powers are, well, non-existent.
Your analogy is way off the mark – I said nothing about M$ defending itself against piracy. In fact, piracy, while it may deprive M$ of money in the short term, it does hinder other OSes from gaining a foothold.
I’m willing to bet that, if a 100% foolproof method to shutdown all pirated copies of Windows and win32 applications were available tomorrow, that would do more to increase the market share of alternative platforms than all the of the work that’s gone into designing, improving and marketing them.
You bitched that Windows was insecure, and it was, but that isn’t exclusive of just the Windows OS. Microsoft created 2003 Server, a significant improvement over 2000 server and spent over a billion dollars to improve XP
Nice to know all those license fees are being used to improve things that should have been sewn up and working in the first place.
Now, I haven’t seen too many people on this forum knocking Win 2003 server but perhaps I haven’t read the relevant posts.
Probably because not many people actually use it.
You own a home right, or at least a computer? Well, I’m after your home and everyhting that’s in it. I know it’s yours, and you’ve spent lots of time and money decorting to your (very) in individual style (lots of picture of penguins and men with beards, maybe a lava lamp or two).
You’ve just described Microsoft’s business philosophy.
Now I hate to break it to them. But if it’s not easy to shut off your firewall once you have administrator access; your firewall controls you and it just shouldn’t be that way.
If your firewall blocks outside ports properly, and you don’t install crap on your machine on purpose; then you won’t have to worry about things going out. Besides, do you actually think you are stopping stuff with that? Or is it more likely you’re just saying yes a lot because those popups are rediculously annoying….
Lemme see if I remember how to shut my packet sniffer off… um:
iptables -F INPUT
And thank God it’s that easy!
I’m an alternative OS and browser advocate. And I know open source has really helped mozilla. But I agree with much of what Vincent wrote. Yes, microsoft is a monopoly. Is that a bad thing-something we need to send the government after? No. There is tremendous value in an OS monopoly. It means that developers only have to worry about their application running smoothly on one OS instead of having to port to 5 zillion other OS’s. It means write once run everywhere without java where you write once and run everywhere slowly. This is real value and something that open source/alternativeOS have to understand. if you want to get people to switch, you have to make something that’s not just a little worse than windows in every way, not something that’s a little better in every way, but it has to be way better in every way. And while SP2 won’t have perfect security, it’s going to make it much harder for other OS’s to replace Windows on the basis that it’s totally insecure.
Published standards and fully documented APIs go a long way to alleviating portability problems. And, I think a lot of programmers will take issue with your attitude towards Java’s performance. As I understand it, Java’s performance has come way up in the last few years.
As I don’t think that M$ being a monopoly was really the problem. It was abuse of their monopoly position that got a lot of shorts in a knot.
The firewall automatically blocks all potential incoming naughtyness which may be trying to exploit network-facing security vulns. Isn’t that the #1 vector for viri in the past two years?
No, that would be e-mail. And viri is not the plural form of virus.
Bill Sykes
There is competiton to Windows. The reason it isn’t viable competition on the desktop is exactly because poeple don’t want it.
Uh, no. But thanks for trying!
(Gee, the MS apologists are out in force tonite!)
You gonoing to defend it, or let me take your it and your belongings – play fair will you?
Yes, I would play fair and call the police, so laws can be applied. MS must abide by laws, and there are such things as laws against anti-competitive behaviour – just like there are against people who want to steal my lava lamp.
Seriously, do you realize how profoundly weak your argument is?
I’m an alternative OS and browser advocate.
No you’re not. You’re just saying that to give yourself some credibility.
Having an OS monopoly only makes sense if it is open and free (i.e. that it doesn’t belong to anyone in particular). A proprietary OS monopoly is bad economically and socially, as it will give too much power (and money, of course) to a single private entity. It is a form of feudalism, if you will.
Anyway, as the other poster said, portability of API and code can be greatly facilitated without having to resort to a monopoly, by adhering to open standards.
And please, stop posing as someone you’re not while thinking that it may somehow influence others. It is both immoral and uneffective. Thanks.
There is tremendous value in an OS monopoly. It means that developers only have to worry about their application running smoothly on one OS instead of having to port to 5 zillion other OS’s.
Obviously not a student of history or biology, or you would see the inherent dangers in an OS monopoly…corporate, open-source, whatever.
(1) History shows that in the case of ANY dominant power/empire a golden age can always be highlighted, and that the contemporaries of this time can point to many good things…eg. Greater artistic accomplishment, availability of work, generating wealth, and spreading influence. Unfortunately, the downside has ALWAYS been that there is only one apex for any given power, and that the results afterward are decline/decay, until another power steps in. Understanding this is important when looking at a monopoly, because while people may benefit for a short time under a dominant world power (revenue, jobs in the case of business) when the end comes for that power the suffering outweighs the good times. Again, in terms of business this can come down to lay-offs; outsourcing; and desperate attempts at regaining lost glory that only cost money, not make it. When the dominant power that falls has been allowed to get too big before it falls, then no-one is really left to step in. This has happened before…think of the “Dark Ages”, after the fall of the Roman Empire. Rome had swallowed its own would-be successors, so no-one could pick up the pieces. Historic analysis is not on your side.
(2) Biologically speaking diversity is a strength. If you eliminate the diversity of your crops as a farmer, and a blight hits your one crop, you stand to lose everything. Think of the effects of some of the stupid little scripted worms that have gone around the world in the last two years, and costs to everyone. Servers go down, costs of maintenance go up, layoffs ensue, or the cost gets passed on to consumers. Some companies never recover from their first data loss (especially if they don’t consistently backup their crucial data). Or on a much less devastating scale you simply can’t get online when you really want to. The end result is it hits everyone, even if a person as an individual never gets hit because they use good practices. If there is a greater diversity of OS’ in general use in the world then that means that even if a ‘techno-blight’ hits your network, not all your computers will be affected.
Finally, I suggest that Bannor99 made a very good point about Published standards and fully documented APIs going a long way to ease portability issues. Good programming practice should not lock one into one platform, or it’s like painting yourself into a corner.
Just my $.02
During the Blaster outbreak it was my firewall Zone Alarm that alerted me that msblast.exe wanted to access the internet. Not incorporating this feature into a firewall is another reason I am moving away from Microsoft products.
Mary
(Caught blaster in the first place because I had to temporarily turn off my firewall because of an MS Outlook issue. Turned it off as blaster was hitting the net. Timing is everything, they say!)
“”Bill Sykes
There is competiton to Windows. The reason it isn’t viable competition on the desktop is exactly because poeple don’t want it.””
” Uh, no. But thanks for trying!”
Wow now that ls a well thought out counterpoint. I bet you got an A in debate.
Moo some more.
David
And that’s exactly why those “Windows has lower TCO” studies are full of rubbish. Do they take into account the additional software people have to buy because Windows isn’t up to snuff?
I’m running the freeware versions of AVG Anti-virus and Sygate Firewall – both of them very capable for their purposes.
Russian Guy
Name me a firewall that can not be turned off by a user who has administrator/root priviledges, then we can talk about safe firewalls.
Actually, ZoneAlarm (and probably Sygate too) will send out a message to let you know when something has turned off the firewall.
Wow now that ls a well thought out counterpoint. I bet you got an A in debate.
I would have made a well thought out couterpoint if you had made a valid point in the first place, but since you were just trolling (as usual) I didn’t consider that it deserved an intelligent response.
If you can make an actual argument to support your troll I’ll be more than happy to demolish it.
Moo.
How about the fact that +90% of the people use an MS product for thier desktop OS. Of course I am sure you will say they have been duped and/or are being forced to use it and/or they are stupid and know no better etc etc.
In any case if you read what I said I merely stated the obvious fact that people are using what they want. There are alternatives, they don’t choose to use them. You can argue against that point all you want. In fact till the cows come home. It won’t change the reality of the situation.
The reality of the situation is that they’re using what they’ve been sold, plain and simple.
As someone who’s the painful task of doing end-user support
over the phone for several years, let me assure you that 80% of the 90%+ that use a Windows OS don’t really understand what’s different about one platform over the other. They just point and click and use the same 5 or 6 programs daily.
If you were to ask them what’s different between Windows and Macintosh, you’d probably get answers such as “well, Windows comes from Microsoft and Apple makes Macs” and “I think Macs are nice but I can’t afford one” or “I hear Macs are really liked by artists but I just want to get on the Web and send e-mail” or, far more commonly, “I don’t really know; I went to Future Shop/Best Buy/the local computer store and this is what they recommended”.
The VAST majority of computer users had about as much choice of computer platform they bought as they had about their mother tongue.
to the question ” Are you using Windows or Mac?”.
“No, I just got a new computer for Christmas and it’s a Compaq“
“And that’s exactly why those “Windows has lower TCO” studies are full of rubbish. Do they take into account the additional software people have to buy because Windows isn’t up to snuff?”
What about downloading free software? Zone Alarm offers a decent free firewall. For graphics, you can download Gimp. On the office side there is Open Office available. Incase you get a piece of spyware, you can use a free version of Adaware. There are also free virus scanners as well. Additional cost to the user: $0.
Actually, ZoneAlarm (and probably Sygate too) will send out a message to let you know when something has turned off the firewall.
That’s not the point. I am sure new MS Security Centre will do the same.
I am also sure an administrator (and his code:) can disable that warning too, by killing the service, or by doing firewall software uninstall, or by any other means available.
If hacker gets really bored, he or she can just program a worm to wipe out computer clean if worm is denied to open outbound connections by the firewall.
Repeat after me: a piece of code running under your account can do as much as you can, and more- considering how many priviledge escalation bugs had been found in OSes lately.
Which means: game over when worm is inside your computer. It won. You lost.
The VAST majority of computer users had about as much choice of computer platform they bought as they had about their mother tongue.
Bullshit. No-one has a “choice” for their mother tongue, they’re taught it before they are in a position to exercise choice at all.
Compare this to computers, that are mostly bought by adults or, at the very least, teenagers – well and truly old enough to be making a choice, even if they don’t bother doing it.
Please try to remember the distinction between not having choice because you’re 2 years old and not exercising choice that’s free and abundant.
In any case if you read what I said I merely stated the obvious fact that people are using what they want. There are alternatives, they don’t choose to use them. You can argue against that point all you want. In fact till the cows come home. It won’t change the reality of the situation.
Thanks for at least putting out an actual argument, however weak it may be. As promised, I will now demolish it.
First, there are lots of reasons why people don’t install Linux, and some really have nothing to do with choice. The first is that the vast majority of computer users don’t install OSes. They use what’s preinstalled on their machine – and it will stay that way. Blame inertia, fear of change or simply the comfort of not tinkering with something that’s already been setup. Changing OSes is not a small undertaking…
In fact, and this is the second reason, many people still don’t clearly understand what an OS is. That doesn’t make them stupid, mind you – you don’t have to understand what an OS is to use a computer. These people won’t even think of installing another OS, period (and might even still be using Windows 98, if that’s what was on their machine).
That leads us to our third point: many computer users do not know what Linux is nor what it does. Some may not have heard about it at all. If you don’t know about something, then you can’t be curious about it.
To claim that “the people have already made their choice” by looking at market number seems more like the wishful thinking of a MS fanboy than anything else. Who gave you the authority to speak on behalf of all computer users? I understand that being so presumptuous might be a way for you to compensate for the poor reasoning behind your statement, but really, that’s kind of lame.
In closing, let me say that the simple fact that Linux’s desktop share is increasing (however slightly) is proof that, in fact, people are choosing it. Growth is more important than market share, something even a WinTroll like you should understand.
Ok, back on topic (even though we all know you’re itching to turn this into a Linux/Windows flamewar): I think it’s safe to say that, with Microsoft’s dismal security record, the best be is to deactivate this firewall and use one from a third-party vendor, such as ZoneAlarm. That’s what I use when installing a Windows machine for someone.
But they do know they have choices. They just don’t CHOOSE to exercise that choice. If they don’t feel the need to educate themselves about the differences, people must be at least reasonably happy about their present choice.
If their is so much demand for an alternative desktop to XP why don’t some of the Linux propents her join together and start selling PC’s with a preinstalled Linux distro on it?
Put your money were your mouths are, so to speak.
I expect you would clean up, wouldn’t you? Help the poor ignorant end users out in the process too.
“The first is that the vast majority of computer users don’t install OSes.”
Well then preinstall it for them. Make a ton of money and help out users at the same time.
I am not a trolling either. But then you knew that.
Actually, ZoneAlarm (and probably Sygate too) will send out a message to let you know when something has turned off the firewall.
That’s not the point. I am sure new MS Security Centre will do the same.
I am also sure an administrator (and his code:) can disable that warning too, by killing the service, or by doing firewall software uninstall, or by any other means available.
Ummm .. if you were going to uninstall the program or patch the executable, you’d have to shut down the program first, thus triggering the message to the user. Even assuming you could shut down some service without triggering the message, you’d have to know ahead of time which firewall the user was running so you’d know which service to shut down, or else just try the service names for all firewalls.
Probably the best chance you would have is to write a program that simply removes the firewall from the startup group and puts the worm/trojan/whatever in its place. But there’s a little app called ‘Startup Monitor’ which would take care of that too
If hacker gets really bored, he or she can just program a worm to wipe out computer clean if worm is denied to open outbound connections by the firewall.
Assuming that didn’t get caught by the virus scanner, the worst that happens is you lose important data. If a worm like this got loose on Linux and could only and could only delete your /home directory, you’re still up the same creek without a paddle.
Well then preinstall it for them. Make a ton of money and help out users at the same time.
This is what some hardware vendors and distro makers are already doing (ex. the Wal-Mart Linspire PCs, the new HP Linux notebook).
I am not a trolling either. But then you knew that.
Actually, you’re more of a flame-baiter than a troll, but the two are so close that’s it’s hard to say exactly. I do know that you attack Linux (the OS) and defend Microsoft (the abusive monopoly) every chance you get…
“Actually, you’re more of a flame-baiter than a troll, but the two are so close that’s it’s hard to say exactly. I do know that you attack Linux (the OS) and defend Microsoft (the abusive monopoly) every chance you get…”
Oh and I am a flame baiter. A little self examination might be in order sir.
Oh and I am a flame baiter.
Indeed you are, sir – you make inflamattory (and off-topic) posts with the purpose of starting yet another flame-ware.
Meanwhile, I’m off-topic as well for responding to you, so I’ll stop right now.
Send your mother to the local computer shop and tell her to buy a new computer without a pre-installed OS. Let her know
that you have a great one for her that you can legally give her free of charge and you’ll install it for her.
And, of course, since she’ll be buying a new machine without and OS, would the store kindly deduct the cost of the OS from the selling price.
Let me know how that turns out.
Send your mother to the local computer shop and tell her to buy a new computer without a pre-installed OS.
Done.
Let her know that you have a great one for her that you can legally give her free of charge and you’ll install it for her.
But I don’t…
And, of course, since she’ll be buying a new machine without and OS, would the store kindly deduct the cost of the OS from the selling price.
The store never added it in the first place.
Wait, let me guess, you’re another one of these twits who think a machine without Windows should have its price reduced by $249.95 (or whatever the RRP is these days), right ?
Let me know how that turns out.
Last time I tried it (3 – 4 years ago), it worked fine. However, I was installing an “old” copy of NT4 (since upgraded to XP) on it, not Linux.
The next computer my mum gets is probably going to be a Mac (although the new G5 iMacs don’t appear to be particularly compelling, so I might just pass on my old PC).
Most of those free software packages that people are saying you can use to protect windows, have liscences that say they are for personal use only. When you go to deploy such software in a corporate enviroment you have to pay.
So the greater TCO argument for windows still stands.
And there is a way to shut Linux down so that only the packet filter is running. But I forget how because that was doable years ago.
As for Monopolies they are very dangerous from a software enviroment viewpoint at this stage. If Linux was currently on 95% of computers then that would be dangerous. If BeOS was 95% then that would be dangerous. Diversity is the key. If you don’t understand this go watch “I, Robot” and see what happens when things go wrong in a world with an almost 100% dependence on a particular vendor of technology.
If their is so much demand for an alternative desktop to XP why don’t some of the Linux propents her join together and start selling PC’s with a preinstalled Linux distro on it?
There may be some white box shops that do this, as does Lindows (or whatever Microsoft has forced them to change their name to this week), however none of the major players do for there desktop machines.
The reason for this is simple Microsoft would stop selling them Windows licences, as it threatened to do to the people wanting to sell machines that dual booted into BeOS. This is one of it’s documented illegal monopoly abuses. Since Microsoft got it’s wrist slap by the DOJ things are a little better, note the HP Linux notebook and many Linux servers.
Russian Guy wrote:
>Strangely enough, a house door that blocks inbound traffic but does not block outbound traffic is >more than adequate for over 99% of households.
Yes, but most problems in a house don’t come from outbound traffic
If you should somehow aquire a piece of spyware or a keystroke logger, Windows Firewall won’t prohibit its outbound traffic from reaching the internet. Moreover, it may not even tell you there is a problem. If you want a good firewall, try ZoneAlarm. It’s free for personal use.
You are incorrect that closing ports is as safe as stealthing them. If the firewall is well written then stealthed ports are blocked very early in the processing of the packet which reduces the risk of TCP layer attacks like the old teardrop attack. It has the additional affect of slowing down traditional port scanners like nmap as they cannot tell if the host is simply slow to respond. In fact a system with all ports stealthed can take as long as 36 hours to scan with nmap.
The store never added it in the first place.
Wait, let me guess, you’re another one of these twits who think a machine without Windows should have its price reduced by $249.95 (or whatever the RRP is these days), right ?
I’m no twit although I wonder about a lot of people on Internet forums. Did I say that they should deduct the retail cost of Windows from that of the system?
But, at the very least, they should deduct what a Windows license costs them.
“Compare this to computers, that are mostly bought by adults or, at the very least, teenagers – well and truly old enough to be making a choice, even if they don’t bother doing it.
Please try to remember the distinction between not having choice because you’re 2 years old and not exercising choice that’s free and abundant.”
This is the BS, right here. You must assume the average computer user has even heard of alternate OSes much less know where to get them, how to install them, what hardware they run on, the differences between them and Windows. As far as most of them know, they don’t have a choice. IF they’ve heard of Linux, that would be the extent of it. Just the name, not what Linux has to offer. Can the salesmen at Fry’s or some other electronics store answer extensive questioning about Linux, BSD, etc? Not likely. They barely know about Linux themselves. So when they get to the store (because trusting an internet retailer where you can even see what you’re buying other an 1 inch image and where you’ll be lucky to get a refund if the item damaged), they see the PCs and they see the Macs. Oh yes, way over in the corner there’s Frye’s own home built pc with the absolute cheapest parts installed and Linspire 4.5 on it. Some choice.
Most of those free software packages that people are saying you can use to protect windows, have liscences that say they are for personal use only. When you go to deploy such software in a corporate enviroment you have to pay.
So the greater TCO argument for windows still stands.
I love your logic:
“I think it’s impossible to run a Windows machine without third party software packages A, B and C. Therefore, anyone else running Windows systems must also use software packages A, B and C. I also don’t think TCO studies take these packages in to account. Therefore, these studies are wrong.”
Not everyone needs all that third party software to run their Windows machines. Even if they do, software is _cheap_, compared to people time.
And there is a way to shut Linux down so that only the packet filter is running. But I forget how because that was doable years ago.
So how is that relevant to a system that has to be used as a workstation ?
This is the BS, right here. You must assume the average computer user has even heard of alternate OSes much less know where to get them, how to install them, what hardware they run on, the differences between them and Windows. As far as most of them know, they don’t have a choice.
Which is _their_ fault.
Most people don’t know anything about the politicians outside their intended vote, either – whose fault is that ?
IF they’ve heard of Linux, that would be the extent of it. Just the name, not what Linux has to offer. Can the salesmen at Fry’s or some other electronics store answer extensive questioning about Linux, BSD, etc? Not likely. They barely know about Linux themselves. So when they get to the store (because trusting an internet retailer where you can even see what you’re buying other an 1 inch image and where you’ll be lucky to get a refund if the item damaged), they see the PCs and they see the Macs. Oh yes, way over in the corner there’s Frye’s own home built pc with the absolute cheapest parts installed and Linspire 4.5 on it. Some choice.
So what is your solution to this frightening problem of shops not stocking products only a few consumers are interested in ? Monthly sales quotas for non-Windows PCs ? Government-mandated minimum floor space %s for non-Windows PCs ? Which manipulation of the free market would you suggest ?
So what is your solution to this frightening problem of shops not stocking products only a few consumers are interested in ? Monthly sales quotas for non-Windows PCs ? Government-mandated minimum floor space %s for non-Windows PCs ? Which manipulation of the free market would you suggest ?
The point that many of the anti-MS crowd have been making is
that there HAS been manipulation of the free market by big software companies, and, in large measure, the remedies have been trifling and ineffectual.
So, if a little manipulation is required to balance things, I’m all for it.
“So what is your solution to this frightening problem of shops not stocking products only a few consumers are interested in ?”
Mac only has a 3% marketshare, but plenty of stores stock them. But that’s the not the issue, the issue was whether consumers really have much of a choice. You say they do. Quite a few of us don’t think so, and neither do a vast majority of the consumers themselves. It’s always this way with you, Smithy. Always you come out strong in favor of MS even though you might even know better. Do you work there? Are you a stockholder? What’s your interest in seeing Open Source fail (which always seems to be your message for us) and Microsoft maintain their control over the desktop?
I’m no twit although I wonder about a lot of people on Internet forums. Did I say that they should deduct the retail cost of Windows from that of the system?
That’s where most people are going when they start that line of reasoning – “I want a $400 Dell but without Windows, and since the retail price of Windows is ~$250, Dell should sell me the PC for $150 !”.
But, at the very least, they should deduct what a Windows license costs them.
Which is practically nothing, for a large scale OEM. Not to mention, what if producing (and supporting) the non-standard machine costs them as much (if not more) than the Windows license ?
Mac only has a 3% marketshare, but plenty of stores stock them.
Not outside of dedicated Apple stores they don’t. At least not here in Australia.
But that’s the not the issue, the issue was whether consumers really have much of a choice. You say they do.
No, obvious and demonstratable *facts* say they do.
All I’ve pointed out is that very few of them *exercise* that choice. You should keep in mind that computers are not anything special with regards to this aspect of human nature – very few people exercise all the choices they have in most parts of their lives.
Quite a few of us don’t think so, and neither do a vast majority of the consumers themselves.
Makes no difference to the fact 90% of them can probably walk into a whitebox reseller a short drive away and buy a computer without Windows.
It’s always this way with you, Smithy. Always you come out strong in favor of MS even though you might even know better.
If not being rabidly anti-Microsoft is being “strongly in favour” then yes, apparently I do.
Do you work there? Are you a stockholder?
Nope.
What’s your interest in seeing Open Source fail (which always seems to be your message for us) and Microsoft maintain their control over the desktop?
I have no interest whatsoever in seeing open source fail, given I rely on it for a great deal of my income.
I do have an interest in a balanced debate and asking people to actually think about what they’re saying, however. Something most of the “Microsoft is evil and responsible for all the world’s woes” crowd never seems to do (much like the bleeding heart anti-American crowd, or the anti-nuclear crowd, or the “save the children !” crowd, or any other number of similar crowds).
>>But, at the very least, they should deduct what a Windows license costs them.<<
Which is practically nothing, for a large scale OEM. Not to mention, what if producing (and supporting) the non-standard machine costs them as much (if not more) than the Windows license ?
I wasn’t really considering the big OEMs although I guess I should have. The REALLY big boys should be able to support whatever the hell they want. And, they’d probably just bundle a commercial Linux distro and split the support duties with whomever they choose be it Redhat, Mandrake, Xandros, Linspire or someone else.
At this point in Linux’s development, there are choices – you don’t have to do it all yourself if you’re not so inclined.
I was thinking more along the lines of a medium sized computer store that sells a couple hundred PCs a week. They don’t usually give training or phone support ( well not any that I’ve found in Toronto). If something’s wrong, you take the PC back and they’ll fix it, which works equally well for
Windows or Linux.
It would only cost them more if Linux turns out to be significantly less reliable than Windows.
The REALLY big boys should be able to support whatever the hell they want. And, they’d probably just bundle a commercial Linux distro and split the support duties with whomever they choose be it Redhat, Mandrake, Xandros, Linspire or someone else.
Untrue. If anything it’s even more of an issue because their margins are so slim and all their processes are based around “standard configurations”.
However, the first place people are going to call when they get a problem is wherever they bought it from. So, you need support staff to determine whether the problem is OS-related or hardware related, not to mention handling the people who bought the machine OS-less because their 12 year old nehpew told them to and have since installed a pirated copy of Windows.
Then you need to redo the production lines to start spitting out machines sans-OS or with a different OS *and be able to keep track of them*. You also need to add more hardware testing complexity to your hardware purchasing decisions and take into account a multiple OSes might limit the hardware choices for new products. Don’t forget you also need to write up loads more marketing material and on-line store help to tell your customers a) what exactly and OS is, b) that alternatives exist and c) what the differences are.
Et cetera. It’s *not* “easy” as some people seem to think it is.
However, it’s *much* easier for a small player to be agile and flexible with their products than it is for a corporation like Dell, Compaq or Microsoft. So if you want something “out of the ordinary” to become more available, you’re much better off encouraging small players than harassing big ones.
I was thinking more along the lines of a medium sized computer store that sells a couple hundred PCs a week. They don’t usually give training or phone support ( well not any that I’ve found in Toronto). If something’s wrong, you take the PC back and they’ll fix it, which works equally well for Windows or Linux.
It would only cost them more if Linux turns out to be significantly less reliable than Windows.
It would cost them more (at the very least initially) because they would probably need to hire more staff or teach their existing staff how to install and fix the different OS options (Because, again, the first place people are going to go when it breaks is the store they bought it from). Remember, the margins on selling PCs are razor thin – any increase in cost can very quickly be lethal to the company involved.
The big OEMs “standard configs” are not as homogeneous as you may think. My old Compaq Armada has a serial number that
identifies the processor type, speed, amount and type of DRAM, and factory-installed OS.
Don’t forget that, while the Dells of the world may only ship Windows, they’ve had to sell and support MULTIPLE versions of windows simultaneously.
At a former employer, we had PCs and laptops that were sold to us with Win 95, 98, NT and anyone of 3 versions for Windows 2000.
When we had to phone for support, we were asked for the serial number and that gave the tech all he needed to know for hardware and software support. He just had to make sure that we hadn’t added any hardware or changed the OS.
Factory-installing the OS? Shouldn’t be a problem since they’ve had to do this for several Windows version in the past and, for the time being, there are fewer Windows versions to pre-install.
So, most big OEMs already have multiple production lines.
The biggest issue would be support but I’m betting that there are enough Linux-savvy nerds in any decent-sized computer company to provide Linux support.
I did phone support for several years and we supported Win 3.1, 95/98, NT4 and MacOS 7.5-8.1 with only 3 queues since we continually cross-trained techs in the basics of troubleshooting a particular OS.
Had we had this discussion several years ago, I might be more inclined to agree with you but a lot has happened and the barriers to technical and logistic barriers to Linux are nowhere near as big as they used to be.
Really, weak margins are a much bigger obstacle than any of the other reasons you’v given.