Slashdot Mirror
Windows XP To Block Use Of "Troublesome" Drivers
The document details how XP will automatically download the latest drivers for your hardware from the windows update site, and more worringly, XP will reguarly update the list of blocked drivers from the site. Quote from the document:
   "On a related note, Windows XP provides the ability for Microsoft to receive crash dump data on specific drivers (i.e. when a user receives a blue screen, we upload that information for further analysis). When Microsoft reporting systems indicate crashes have exceeded a certain threshold, Microsoft will notify the Vendor that the device is being considered for the blocked driver list. If reports pass an even greater threshold, we will then flag that specific version of the driver as needing to be blocked."
Boy, The site that uploads that crash dump data (and whatever else it snags...) better have a lot of bandwidth... ;-) As The Register points out, this brings back memories of how Microsoft killed Caldera DR-DOS by deliberately crashing Windows 3.1 if you were running on DR-DOS -- for no reason other than forcing you to use MS-DOS."
Note: according to this article, the change does not prevent Black Ice or other programs from running per se -- but it does require them to use updated versions tailored for XP.
Hey, I used to write Linux kernel code for a living. I've seen a driver crash all over the place. Multiple times. And you know what? Linux kept on ticking. It's easy to handle a driver crash. Just write the oops to the log device and return from the driver as if nothing happened. Of course, you can't do that when your memory protection has failed (or is non-existient) and the bad driver just scribbled all over your stack...
A driver under Linux is a module. If the module fails, it fails; the scheduler continues to run, and therefore so does the rest of the system. It's not a very pretty way to handle a screwup, but a system complex enough to handle it prettily is gonna be such a resource hog I wouldn't want it. But it does get handled.
As for the wags that say Linux is not a desktop operating system, tell that to my wife, who's been running Red Hat and Mandrake for the last four years. Or better yet, tell it to the Germans, who just threw out Microsoft in favor of SuSE. (And then there's all the folks running OS X, which we all know is just BSD with a nice GUI... and looks a helluvalot like Solaris and CDE...)
Microsoft is simply doing what it has done for years: describe anybody who has a chance of competing with them, ususally due to a better product, as "troublesome" or "incompatable" or "unstable" and then rewriting critical parts of the operating system to, er... prove their point. I liked DR DOS, and still haven't forgiven M$ for their treatment of it back in the day.
political_news.c: warning: comparison is always true due to limited range of data type
Putting all the anti-Microsoft BS aside, this really is a pretty good idea - they just need an opt-out option. I wouldn't mind MS telling me that the driver I'm about to install has crashed 4 trillion machines - but I reserve the right to go ahead and install it anyway.
"We've been working closely with Microsoft - BlackIce is widely used inside Microsoft - in order to make sure it works well," Rob Graham, founder of NetworkIce told us.
Don't know about ZoneAlarm, but BlackIce isn't free. It costs $40.
Still no reason to buy Bill's Bogus Journey, though. Although the idea of using ZoneAlarm to prevent Microsoftware from phoning home every time I crashed it (by using java?) does have some appeal :)
political_news.c: warning: comparison is always true due to limited range of data type
After about the umpteenth million time that I've successfully used ZoneAlarm to block out some adware, or some s'kiddie trying to r00t my winbox, I'm what you'd call satisfied. Sure, That program causes some instability, but that's nothing compared to what would happen if my computer were a zombie. Presumably Microsoft expects me to trust their firewall to block out adware? Or to actually be secure? No thanks. XP is one "upgrade" this user won't be wasting time/money on.
political_news.c: warning: comparison is always true due to limited range of data type
Zone Alarm has ALREADY been updated to be XP compatible. BlackICE will be updated before the end of next week to be compatible.
This is a Good Thing(tm) for MS to do. If they KNOW that a certain driver is bad then why shouldn't they prevent you from making an obvious mistake. Why would you WANT to be able to add in a known bad driver? You actually fault MS for this? I applaud them - I say: FINALLY!!
If we trusted them this might not be so bad. They ARE trying to make the end user expereince better. they are trying to say that drivers that are certified to work will be allowed.
The problem is though...we really do not trust them. I like MS and I don't trust them.
On the bright side though, this seems more like a hardware issue. Except for mice/keyboards/joysticks there isn't a wholelot of hardware MS sells. Thats not to say though that they wouldn't blackball a competitor of a favored hardware manufacturer that pays them a little extra cash to get their hardware/driver certified.
It seems to me that if what it takes to pass the test is out in the open, and it really is in MS's best interest to do that, there shouldn't be a p[roblem. I have always said that the reason why MS seemed so unstable was because the device drivers and the devices really didn't play well with Windows despite the Windows certified logo.
I'm still working on a clever footer.
From the document:
One of the valuable prevention features that have been added to Windows XP is the ability to block users from installing a particular version of a driver. Since the release of Windows 2000, Windows has had the ability to block installation of a driver through a Setupapi.dll check of known problem drivers. Windows XP adds the capability to update the list of problem drivers from Windows Update. Windows Update, independent of the access mechanism described above, automatically downloads this information.
Read that...the list of drivers is controlled by a DLL that is updated by Microsoft. The information is automatically updated.
If a user with administrative privileges has the device installed (or plugs an external peripheral into the PC), they will receive a balloon popup in the taskbar indicating that the driver has known problems and will not be loaded. When a user clicks on the balloon or notification icon, Help and Support Services will provide information on where to get an updated driver if information is available. Driver blocking is independent of whether the device is signed or not (i.e. Microsoft will block signed drivers that are known to have problems).
So yes you are correct...it will be possible for 3rd parties to add in their own drivers...the catch being that Microsoft still retains control over them...even if they are signed (which most unofficial drivers aren't). All MS has to do is add the driver (probably DLL information?) to their list of "problem drivers" and they will be blocked.
I don't know bout you...but that sounds like a perfect setup for MS to break practically any application they want at will on millions of PCs in a heartbeat. Brrrr.
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
Are you incapable of thinking long-term? Just because something is voluntary now doens't mean it will always be. New Microsoft features are almost always voluntary - they're usually voluntary only until people have gotten used to the idea. Then either they become involuntary, or the process of opting out is made overly-complicated and obscure, so that most people just give in anyway. Think man.
Software vendors don't "access Windows internals" because programmers want to--it takes a lot of time to do so. They do it because Microsoft's APIs are insufficient and poorly thought out. Microsoft has profited handsomely from this because third parties have managed to figure out how to make that pitiful platform do things Microsoft never had the sense to design APIs for. Without third party vendors doing this, Windows would be nowhere. Now that Microsoft has finally copied enough from other vendors, their system doesn't quite need such enthusiastic third party software vendors anymore.
It's also a question of architecture: except for a very limited set of hardware drivers, there is no reason why the installation of anything should either be prohibited or cause instability. (Linux doesn't get this right either, but it is considerably better than Windows.)
The biggest problem with this is, though, that, whether it is sensible or not, Microsoft is driven by the profit motive, and for them to be able to exclude vendors from the market and force them to submit to certification procedures is a great way of controlling their market and increasing their profits. That is, even if there is some weak justification of this action in terms of profits, it is still highly suspect, and should be.
This isn't about being intrinsically "anti-Microsoft". The company has been found to be a monopolist, and it is rightfully subject to this kind of scrutiny and suspicion. Microsoft needs to tread extra careful in ways other companies don't have to, and instead the company is still giving consumers, software vendors, and regulators the finger.
(Incidentally, your characterization of blocking "only current versions of the drivers" is incorrect. I suggest you take the time and actually read the document at Microsoft's site describing their policies.)
According to the The NIST Reference on Constants, Units, and Uncertainty the correct terminology is derived from the International Electrotechnical Commission (IEC), Prefixes for binary multiples. So as you can see, the correct term would actually be one mebibyte (1 MiB = 220 B = 1 048 576 B). It is suggested that in English, the first syllable of the name of the binary-multiple prefix should be pronounced in the same way as the first syllable of the name of the corresponding SI prefix, and that the second syllable should be pronounced as "bee."
"Going to war without France is like going deer hunting without your accordion." - Jed Babbin
I want to know exactly how people know that "most of the instability I've had with windows was due to bad 3-rd party drivers."
--or--
"Most of the instability I've had with windows was due to windows."
Got friends?
I can imagine someone flooding Microsoft's 'Crash Dump Servers' with loads of fake dump info making Microsoft take action on disallowing that application to run!
First one to make Windows XP NOT ALLOW OFFICE XP TO RUN --->!!WINS!!
LFS. Have you built your system today?
Something tells me that this is the first step towards creating a 'closed shop', whereby NO software, not even application-level, can be installed or run unless it has M$'s approval.
Goodbye small independent software developers - if you can't afford the hassle and expense of MS$'s Certification Program, or if you don't toe the party line with MS$'s marketing agendas, then you'll find that your software is barred from Lose-dows XP.
Another possibility is that unknown software might be severely restricted in what XP allows it to do - for instance, non-certified programs may be strictly forbidden from all but the most basic access to the Internet.
And it's only a matter of a couple of years before you won't be able to buy a legal copy of Win2k, Win98 etc - it'll be WinXP or nothing.
Don't be surprised to see mandatory updates of XP which include blocked websites, blocked protocols etc.
I hope that the masses migrate to Linux, and that WinXP fails to recoup its development costs.
-- In the beginning was the WORD, and the WORD was UNSIGNED, and the main(){} was without form and void...
Ahh. It would be So Cool if microsoft actually blocked blackice and zonealarm. Preferrably blocked each new version, with each new update of windows.
.. well .. normal people with windows (or newser linux distros) really have their computers pretty damn closed down when they buy'em. If they open things up - they really don't need a firewall to "double-check" everything for them.
/sub7 victims, but only _after_ they've been stupid enough to run the fscking trojan in the first place. NOrmal rules of conduct on computers really says that they SHOULD NOT RUN PROGRAMS THEY DO NOT KNOW.
.. well .. I don't know why they do it -- either they are stupid or they are bought out by the "personal-fw-industry".
The "personal firewall" industry is a full-of-crap industry created by the media. There is absolutely NO NEED for a person to install a 'personal firewall'. There is a small set of rules he should follow to be safe from email-viruses, trojans and "crack attempts".
The firewalls prevents crack attempts, and preventes outgoing connections on non-allowed ports from non-allowed software. The first
The "firewall" may prevent them from becomming netbus/back orifice
The entire 'personal-firewall' industry is a mediahyped hystery that really shouldn't exist. Its an industry that is all about creating 'fear' in the normal citizens, and the SO CALLED "security consultants" that recomends that you should install personal firewalls
Personally I just shake my head when I hear about stupid lusers that has actually INSTALLED such things.
"Rune Kristian Viken" - http://www.nwo.no - arca
All they will do is drive people to dual boot their machines to Linux for those purposes. Anyone using "SMR, DivX ;-), 3ivx, M$MPEG-4" are probably good enough with computers to handle the dual boot. So just keep MS for the MS approved games, and start using Linux for everything else. Eventually the games will follow.
"Beware of he who would deny you access to information, for in his heart, he dreams himself your master."
I another thing I dunno is how to turn off this "feature" in windows....
Well, the thing is you can't turn this feature on or off... it's automatically running all the time in the back ground. And actually, it looks like it's geard to reducing the number of "unstable" drivers on your system. This may or may not be a good thing(tm), however, they did not mention in their reference document exactly how they are going to validate these "crash dumps" that will be sent back to them. They will need to validate these dumps somehow, or else you'll get a new kinda of DoS attack... one where a bunch of computers are crashed purposefully to generate dumps that seem to indicate that a particular driver is faulty. Then MicroSoft blocks this driver from ALL the installed XP user base and Wammo! Driver DoS :)
BTW, I copyright that idea.... erm, yeah, whatever. ;) Cheers!
-- Humans, because the hardware IS the software.
This is so typical of some Slashdot submitters. Any news about Microsoft is mangled into something bad about the company, regardless whether this really is the case or not.
/dev/ files changed between some version of Linux. Microsoft preventing this software from installing is like having different plugs for 220 V and 9 V devices so you won't plug your shaver directly into a high voltage outlet.
In this case, only CURRENT versions of these programs are blocked, because they access Windows internals which causes instability on XP. They just need to be adjusted to work with XP correctly. Just like some
People who badmounth a company (whether it be Microsoft or another) using information like this as an argument should either shut up or be sued and punished for spreading mis-information.
It's a perfect example of double standards: when Windows crashes this is always the fault of Microsoft, not of bad drivers or programs which access Windows internals, while in fact they often are (especially video drivers). When Microsoft tries to do something about it, it's suddenly only done for promotion of their own firewall software.
Make up your mind. If you are against Microsoft for monopoly reasons or anything else, that's your right. But mangling any piece of information to something negative only hurts the credibility of the anti-Microsoft camp.
Agreed. It has gotten to the point that I no longer trust their technology solutions, because of all of this enhancement in ther marketing and monopoly functionalities.
Let me repeat this. I do not trust their technology. I do not trust their marketing. There is the old joke revisted: How can you tell when an MS exec tells a lie? Answer: [fill in the blank]
Many MS geeks live inside a microsoft world depicted by microsoft marketing. Imagine the vaporware presentations they give the staff about the new technology coming out 5 to 10 years down the road! No wonder they go OOO and AHHH. But it is vaporware all the same. MS probably lies to thier staff as much as they lie to us. They got to keep the vision alive, sell the microserfs on the long term dream enough to get get 5 or 10 years of juicey code out of them before they burn out.
"It is a greater offense to steal men's labor, than their clothes"
The last thing that MS wants is for the user to see a bunch of pop-up warnings each time XP and MS servers talk to each other to validate/snitch registration information.
They stab it with their steely knives,
But they just can't kill the beast.
I mean. what is WinXP? it's taking a very good and successful product with good features, and put some "meat" around it to grab more marketshares. For most of us, everything new XP has to offer we know how to install the equivalent on win2k... switching from Win2k to winXP is simply an interface upgrade (which can be done also with windowsblind(?) or similar).
Question is, is there a good reason for a win2k user to upgrade (downgrade I should say) to XP? XP seems so much more restrictive WIHTOUT giving any new features that can't be match with 3rd parties software. It's not an OS for most of us who like to mess around with hardware or software and betas. It's meant for the home user that is running 98/ME and wants to upgrade, THAT guy is gonna see a shitload of improvements.
Yes there's a professionnal version as well... I know... do you really think it's gonna be a major seller? heck they didn't expect win2k to sell that much, why did it sell that much? Games support/directX, Stability, speed, dual processor support, etc... XP offers nothing new in any of these area, so the win2k userbase Won't upgrade unless they have money to burn.
Finally, that product activation thing is gonna be another major pain in the butt for them, most IT people won't tolerate that, and boycott it. (personnally I don't feel like wasting 10hrs a month waiting over the phone because something bad happened to my users and I have to reactivate each one of them one by one or for whatever other reasons).
--- Metamoderating abusive downgraders since my 300th post.
How can Microsoft stop people from sending in spoofed data? What will stop, for example, NVidia from sending in data that makes Matrox drivers look buggy as hell and getting them blocked?
Note: according to this article, the change does not prevent Black Ice or other programs from running per se -- but it does require them to use updated versions tailored for XP.
Hello??? Anybody home? Did it occur to anyone that maybe the reason why Microsoft is considering blocking old versions of ZoneAlarm and BlackIce is because they don't work on the new operating system? I'm sure by the time XP ships, there will be updated versions of ZoneAlarm and BlackIce available, and users will simply be required to upgrade them (for free I'm sure) before installing them on XP. If Microsoft didn't do this, some morons would try to install the same old version they used on Win98, and it would break things, and many of the users would blame XP.
Microsoft did something similar in WinME: the OS ships with a database of known-incompatible software, and if you try to run a known-incompatible program, it gives you a warning, with the option to cancel or run it anyway. An example of this is Enternet 100, a PPPoE client that Mindspring used to distribute for their ADSL service. Guess what? It actually doesn't work on WinME. Runs fine on Win95b, Win98, NT 4 and 2000, and I understand there's a way to hack it to make it work on ME, but according to the company that makes it, it's not compatible - you have to upgrade to a version of Enternet 300, or use a different PPPoE client. I did tech support for Earthlink after the Mindspring merger, and that feature that Microsoft put in actually saved us from some pretty annoyed customers, because it told them it wasn't going to work before they found out for themselves the hard way.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Is to do away with those pesky non-standard codecs like SMR, DivX ;-), 3ivx, M$MPEG-4 and so forth. Right now you get just a warning when you try to install those ACX/DLL files but come XP then that "Unable to find codec" message is all you are going to see.
Also you can say goodbye to those wonderful drivers that let you load a "sound card" to output the contents of the wave device to the hard drive of those "video cards" that let you screen capture ASF/RM player windows in an unencrypted format.
As soon as the encrypted video standards are rolled out you can bet that any kind of video output driver will be limited to VHS quality or the driver just simply won't be allowed.
Microsoft is smoking some serious crack if they think they can become the sole authoritative source for drivers on the Internet. Their WindowsUpdate driver server (if you go though the process of registering your hardware config with Microsoft) is worthless and do you think that companies are going to want to have to go through the hassle of signing very beta or unsupported driver they release?
Lesson from history folks...when the Amiga 4000 came out and told their customers that everything they had bought up to this point was no longer compatible Amiga went down the toilet. When Mom and Pop find their CD burner no longer works because their manufacturer hasn't gotten around to becoming "XP Ready" (even though the code base is no different than NT/2K) then I seriously doubt they'll be keeping it. Even though they can't return it. Shafted.
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
This is not about making things more stable. This is about squashing the competition by claiming that the product was defective. This is just a more brazen way of being anti-competition.
My guess is with this kind of press, Microsoft is going to make the decision to punish them a lot easier for the government. It's transparent and no one is going to be fooled by it. This cannot be helping their case.
"Beware of he who would deny you access to information, for in his heart, he dreams himself your master."
Active Directory is an LDAP interface, BIND is a DNS interface. Active Directory also provides DNS support but the underlying data model is LDAP and the probability that any BIND code would be useful is zero.
At the time IIS first appeared Apache did not exist, it was still the NCSA Web server with a bunch of third party patches. Thau was still doing major surgery on the first release of Apache while I was running IIS in the office across the hall from him. IIS could conceivably contain some of the CERN Libwww code, but that was put in the public domain, it is not open source restricted. The Microsoft lawyers called up to ask what the status of the CERN code was before MSFT downloaded it.
But still it is easier to make completely unsubstantiated allegations, admitting that you have no evidence apart from your belief that Microsoft >= absolute evil => If it is evil Microsoft must be doing it.
Since you appear to be a Newbie Microsoft-basher I will help you with some hints:
The Register article itself states that the blocking of the old incompatible application versions is taking place with the knowledge and co-operation of the companies themselves who are not complaining. Therefore Microsoft must bave blackmailed the companies into not complaining
The mechanism is a blacklist that lists bad programs that cannot be run. Therefore Microsoft csn stop you running your own software by not including it on the blacklist.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
This is just another method to determine what things are installed on your computer. They couldn't get away with HD scan uploads, so now they upload what's installed on your computer - but only when it crashes. On windows, that's more than early enough, my win2k box crashed twice today.
Do you have StarOffice installed? Well that's why you crashed.
Any sufficiently advanced technology is indistinguishable from a rigged demo.
When Mozilla receives n crash reports from a specific page, they don't block you from looking at the URL that crashed the browser. When Microsoft gets n crash reports from a certain program, they won't allow it to run. Of course, with Microsoft's dubious history, I'm *sure* that a perfectly good 3rd party application that works just fine won't be blocked ... rriiiiggghhttt....
Are you opposed to traditional firewalls as well? While a personal firewall can't compete with a dedicated firewall it will still provide far better protection than a bare connection.
While you can likely keep a machine free from trojans by beeing cautious of who you source your software from, there is still loads of spyware out there, some contained in quite useful apps.
While you can say (/shout) "SHOULD NOT RUN PROGRAMS THEY DO NOT KNOW". In practice noone can know all the software they run, as this entails reading and understanding all source, as well as building from the ground up all software you use. Some trust must be applied, and when you trust you may be mistaken.
A firewall app provedes an extra layer of security against your own erronous judgements (after all noone is perfect) as well an enable you to use and identify some spyware without sacrificing privacy (By blocking the spyware's channel to home)
Maybe someone can correct me here, but I don't think there are any desktop operating systems that can recover after an unhandler kernel-mode exception.
I would not say that adding a major feature that breaks competitors' software in the SECOND RELEASE CANDIDATE is kosher in ANY sense of the word. I mean, think of the implications JUST from the software development life cycle aspect. This addition will certainly have system-wide implications, and it's going into RC2? TWO??? Wouldn't that effectively nullify most of the beta testing that applied to RC1 and ALL previous builds? Isn't this just plain common sense?
And if you were a prosecutor, you'd look at the defendant's past history of proven, similar actions and call it damning. Just the things that we know for sure, coming largely from internal memos and emails that came out of the discovery process during the various legal actions, indicate that there is a predatory culture in Microsoft. Not that there isn't a similar culture in a lot of companies, but this one goes beyond the bounds of the law, common sense, and is certainly NOT in the interests of the comsumer. (And when I say comsumer, that's you 'n' me, chief!)
Furthermore, you saw fit to add your own conjecture. Frankly, if ZoneAlarm uses hacks to accomplish what it needs to do, I for one am entirely happy; and so are the millions of other people using it, who find that it causes no crashes whatsoever. I am hard-pressed, in fact, to think of a system utility that does its job so well, sitting in the background as unobtrusive as it can be. Especially something that has to intercept and examine every packet coming into a machine.
If you're going to accuse Slashdot submitters of faulty journalism, you can't interject your own bias as well and hope it all balances out...
Yes, despite what the most vocal MS critics say, NT is quite stable, third party drivers do kill it.
Linux doesn't have this problem because there aren't too many vendors writing kernel modules.
IMHO, it is a harsh solution for a bad problem. But I can't fault them -- I can't think of any other way of doing it... except maybe a "I forfeit support from MS, and accept the risks of running this driver" button.
Remember too that MS has been responding to industry requests for privacy and control over updates. I imagine this will be among those tools with an option to point towards a privately run server. If not, corporate customers would have a fit. Just imagine being an IT manager finding out that Windows XP purged the video drivers from half your users in North America.
On the other hand, the worse MS gets, the more sense Linux makes.
I would say, yes.
We HAD NT systems here that ran for almost 5 years, with reboots only for service packs and hotfixes.
(As a side note, after receiving nearly 35 letters from the BSA and Microsoft, sent to us because we were developers and resellers and customers, offering us a "truce" and calling us all manner of names, we have removed all Microsoft Server products from our organization, have replaced them with Linux or BSD based systems. MS, F*CK you and your BSA Cronies! I dont care if it was a form letter, we were a bit more than offended.)
----- LoboSoft specializes in Digital Language Lab
I've seen lots of comments about how Microsoft is evil and is trying to eliminate all their competitors in the personal firewal market and how they are going to spy on what the users have installed and how they will block web sites a programs too, along with the drivers, but nobody seems to have realized the true implications of this modification to Windows, instead of all the paranoid stupidity.
First of all, this provides another revenue stream for Microsoft. In order to get their the drivers marked as Windows XP Compatible (and the digital signature that goes along with this), hardware vendors will undoubtedly have to pay Microsoft some fee, whether it be for the signature itself or perhaps something slightly more useful (and less greedy), like paying Microsoft to do some testing on the drivers and then providing the certification.
This isn't particularly bad (although, Microsoft is once again abusing its monopoly power to gain money, who else are the hardware companies going to make hardware for?).
What does worry me is the fact that this provides an easy way for Microsoft to infulence hardware manufacturers. If they don'y follow Microsoft's "suggestions", the testing and certification could be "accidently" delayed, while all the hardware company's competitors deliver their products to market before them.
What will those suggestions be?
Probably something like "Hey, you know those weird communist hippy freaks who work on that evil anti-American OS called Linux? We want you to stop providing them with technical specifications and hardware drivers. Thanks, and have a nice day!"
"I want to KNOW what internet traffic is coming IN and OUT of my system. ZoneAlarm fulfills that need, for $0, and deserves praise."
Microsoft has a history of creating deliberate incompatibilities for competition, and it's no coincidence that ZoneAlarm and others find their software broken for no good reason in XP. It's happened before and it will happen again, and KEEP happening until developers learn that when they are playing M$'s game, the only winning move is NOT TO PLAY.
In the case of a firewall, or any other kind of security software, I have a LOT more faith in a third party than I do in MS's "security bug a week" laughable record.
I have no doubt that MS's so-called "firewall" in XP with Active Swiss Cheese (tm) technology will prove just as sucessful as their foray into bundling anti-virus software with DOS 6.x (horrible failure).
Bundling a swiss-cheese firewall with the OS is a BAD idea, as it will, like the MS Anti-Virus debacle, it will give a LOT of people a false sense of security, and cause the demise of third party security apps for `Doze (who will cease development because their air supply is cut off). Which will do NOTHING for MS's reputation as the least secure, MOST dangerous OS to let loose on the `net there is.
Aim down, FIRE, where did my foot go today?
=== The price of freedom is eternal vigilance
Yes, despite what the most vocal MS critics say, NT is quite stable, third party drivers do kill it.
Here's a fix for this problem: MS requires all vendors (except for itself, of course) to open-source their drivers. THAT would be ironic.