Slashdot Mirror
The Windows Security Nightmare
latif writes "Microsoft has set aside a $5 million fund for paying off informants on malware authors. In my opinion a good chunk of this money deserves to be paid to individuals who help catch the Microsoft employees behind the design of Windows Registry and Windows Update. As I found out, the two mis-features work together to deprive Windows users of all protection from malware. The details of my experience are in the article Why Windows is a Security Nightmare." In a related story, Anonymous Wussie writes "This guy had family with a problem: A Windows XP computer hit by worms that couldn't stay on-line long enough to get patched. His solution? A CD. This article describes the custom made CD he sent to his family member with patches, tools, and instructions to make a fresh install of Windows XP Home Internet safe. I know I'll be doing this in the future."
It has no virus scanner, and they have never contracted a virus. As long as you aren't a dumbass (open random exes and stuff off the web), don't use outlook/IE (they use firefox and thunderbird), and run Ad Aware once in a while you should be fine. Running windows update automatic updates has never been a problem.
A D-Link port-80-only firewall can be had at any number of electronics stores (heck, probably at Walgreen's too) for $79. It isn't a total solution, but it will protect a personal machine long enough to get the Windows Updates installed.
If the author is unaware of this, or not capable of installing such a device on his Internet connection, just how seriously can we take the rest of his essay?
sPh
This is a serious problem, actually. During the height of the worms last summer, we saw hundreds of machines that got infected while in the middle of downloading updates. It even got to the point that the WinXP "firewall" wasn't good enough, since it loaded *last* in the startup sequence, and there was a good 20 seconds to 2 minutes (depending on the speed of the machine) when the machine was on the net and unprotected, even if you had enabled the firewall settings.
It's the bigger problem of running services by default. The average user doesn't need half of the services that run. Linux figured that out years ago - most services are off these days, and those that are on are fairly secure (ie: sshd). Even if some of these services are required for system operation (like some folks have claimed), there's no reason for them to be listening on addresses other than 127.0.0.1.
There is no sig, there is only Zuul.
I cannot help but see the analogy here.
...etc.), and not the root cause (flawed security design, ...etc.).
Microsoft takes the approach of fighting the symptom (malware,
This is the same way many governments approach things like terrorism. They address it like a security problem only, that Intelligence Agencies and the Military/police handle. Why these ideologies developed, and what are the social, economic, and political reasons that lead to it is never even attempted.
And it is not only America, this has happened before in Ireland, Spain, Egypt and elsewhere.
Unless the root cause is studied, a correct diagnosis is made, and then remedial actions are taken, no amount of policing will fix the problem for good.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
This isn't anything new -- I've sent plenty of patch CD's with customized .bat/.cmd files along with stupid-easy instructions thanks to an autorun.inf that takes care of everything from hotfixes to updating DirectX and IE, even restarting the box when it's done..all without bothering the user with confusing dialog boxes. It helps quite a bit when your family has dial-up and can't even get to Windows Update before Sasser or equivalent hoses their machine.
But, then again, I've sent many times more Linux distro CD's to my friends.
He didn't actually say grandparents are incompetent, he just said grandmother is.
It's easy to be offended if you want to be.
If you're going to go after Windows employees, don't bother with the registry and update guys. Nail the guys who made ActiveX and Outlook.
There ya go, I'm an informant now. When can I expect my check? =)
Weaselmancer
Weaselmancer
rediculous.
considering there are 80MB and 100MB downloads...and apples download servers suck compared to microsofts.
"Why would you put *any* unpatched box online, whatever the OS"
Well, there's a reasonable answer to that question in the article itself. Trying to patch it requires that the user go online. Maybe he didn't want to wait the 2-4 weeks that microsoft states as the delivery time for the CD.
A better question may be why didn't he turn on the firewall?
Is it just me or did the article seem like a near-FUD rant?
Microsoft's Windows Security Update CD is great in theory, but almost worthless in practice. The lead time for delivery is so long, by the time you get the CD, another batch of viruses/worms are out exploiting newly discovered vulnerabilities.
Unfortunately, most people can't get away with that attitude, that's almost as bad as burning bridges. Someday your friend/family member will be asked if they know anyone who is willing to accept a high paying Windows admin job, and your friend/family member will say "No, the only person I know doesn't do windows". Instead, refer them to websites where they can download anti-spyware software, anti-virus software and such, you have nothing to lose, and while you give them this information, you can tell them there is not much else you can do, but at least you tried.
How about you wait until the firewall is loaded before plugging in the network cable?
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
that is why you leave your network cord unplugged untill windows is loaded.
Snowden and Manning are heroes.
But, if you don't believe me try this little test:
Take an iPOD, a Laptop with a wireless card in it, and a wireless access point to a retirement home. Place them on a table right next to an Internet connection of any kind. Now ask if any of the residents can get a song from the iTunes store onto the iPOD.
I'll put dollars to doughnuts you won't find a single resident who can do it. Not because they aren't capable of learning how, but because they really just don't care about that kind of thing anymore.
$.02
"I'm just here to regulate funkiness."
This article is the biggest piece of flamebait. Ever. It even tops some of the slashdot comments.
If the article had made an indepth study of the patching issues and what can be done about then, that'd have been great and we'd have learnt something new. Instead, he just goes on about how he was so stupid so as to not use his computer properly.
Windows registry is something that people love to rant about, but good grief, its a few megabytes (or hundreds) out of your multi-gigabyte system. Live with it. Don't worry about cleaning up your registry because you're never supposed to know it exists.
What's more - I can almost GUARANTEE that this guy was running everything as Admin. That is akin to running everything as root on linux. Wonderful. Now try writing an article about how you run everything as root on linux and you have security issues.
The author's slanted raving is over the top. I could just as easily read about some Linux newbie's nightmare experience trying to get all of his hardware to work or how they had to rebuild the kernel after applying some new module to their system.
My main gripe with how things are is that all new PC's should be delivered fully patched as of their configuration date. And since Microsoft has switched to their license subscription model they should ship out CD's to all licensed customers with all rollup security packs available. Just like a TechNet subscription operates for previewing beta products. I don't mean a user calls into Microsoft to request a CD. It's their place to send them out. Just like an auto company would mail out recall notices.
If the registry or the filesystem gets bloated because of malfunctioning application uninstallers, how is that MS' fault? Blame the nitwits who wrote the malfunctioning application.
Every OS has security patches available - if lack of patch has been exploited that exploit would apply to *any* OS - not just to Windows. If someone decided to write malware for Linux an unpatched machine would be just as vulnerable. Windows is a big target.
we see things not as as they are, but as we are.
-- anais nin
Since a few people have mentioned this: He was using Windows 2000. It doesn't have a firewall.
Igor Presnyakov stole my hat
Figuring out ideologies is a waste of time. During World War II, we didn't pick apart Nazism and Fascism, we left that for the endless documentaries on the History Channel. This is a war of cultures and should be handled like wars should be handled - brutally, or more precisely, Curtis LeMay style. The German and Japanese got really sick of war IIRC and have put it on the bottom of their priority list ever since. Sanatizing war and making guesses as to their Weltanshauung is best left for increasing tensions and threats of global annihilation back to cold war levels.
did you RTFA? author mentions this CD but also states that this is horrible out of date, takes 2-4 weeks to arive and will not ship to his country
That's the problem...Unless I boot linux and pull the internet from the back of the machine, her pc will never be secure...
Why would booting to Linux be any more secure, for that user?
She appears to be the problem, not the OS.
...and I don't believe obtaining a DHCP lease would be a problem through this.
Asking users to plug/unplug their network cable is just plain silly.
I have used Windows for a long long time and have never experienced any of the problems that the author claims. It seems like he has a beef with Windows and generalizes for all installations. For example:
A typical Windows system follows a simple lifecycle: it starts out with a clean Windows installation, which gradually deteriorates as programs are installed, and uninstalled. Eventually, the Windows registry accumulates so much crud that the user is forced to do a clean install. When a user does a clean install that user's system loses all the previously applied security updates, and becomes a sitting duck for worms and other malware.
A Windows system doesn't deterioriate if you know what you're doing. The author clearly assumes that the uninstallation packages actually work. This is a fatal mistake. I always manually look in the registry for left-overs when I do an uninstallation. I just uninstalled Mozilla? I find all Mozilla folders underneath HKLM/HKCU and delete them too. This tends to work well except when dealing with COM object registration (which is a nightmare).
Then he tries to run a registry cleaner on his system. You know those warnings that say "MAKE SURE YOU BACKUP YOUR REGISTRY"? Well they say that for a reason. Back it up. Then when the shit hits the fan like the author said, he can restore from a boot disc.
Yeah the registry is a pain sometimes, but combined with some experience and know-how, you can keep a system running without having to reinstall.
Seems a bit of browsing and some ActiveX funnies can get you that indeed and no firewall is really gonna help against it either, you'll still need virus/worm/malware scanner/remover software to keep the PC clean.
Its funny how MS is now going to include such stuff.. seems their innovation has other priorities then making their products usable most of the time...
This all should not be a problem initially however for installing a windows machine beind a firewall and trying to run update.. tho I rather prefer making an update CD for such cases (and use it untill the next worm or whatever that requires no user actions to become active)
Isn't it amazing how the solution to so many Windows problems is to jump through hoops, restrict what you can do, and generally make your life a hassle.
Your example is like telling someone in a crime-infested neighborhood that they just need to lock their doors instead of yelling at the city council and cops to clean up the streets.
You can tell a great deal about the character of a man by observing those who hate him.
I could never understand people's horror stories when they can't patch *after* they've been hit with a worm. "I couldn't stay on the internet long enough to download the patch!" Well, why did you wait to download it until after you had a problem?
I can understand system admins who have 5,000+ machines to update and one patch can single-handedly bring down an entire company when they use a proprietary app. I don't get, however, how the average user who downloads Kazaa and seemingly clicks OK on every dialog box on the internet (and now has a browser that's more toolbar than browser) refuses to go to the Windows Update site.
The best example I've seen yet was talking to one person who got messages in the lower right (Windows Update) that downloads had been made and they didn't click to install them. They're reason: "I thought it was a virus". I mean, I know Microsoft is somewhat to blame here (system tray notifications are used for everything from critical problems to the system blowing its nose), but COME ON people. Windows is sitting there, waving a flag in your face, and you're just ignoring it?
The only solution is to have the system update itself by default, silently, without any user interaction whatsoever. Allow it to be disabled for me and other nerds out there, but force updates on everyone else. This is getting out of hand.
It's a rational expectation that a brand new machine, or one restored to factory configuration, should have no fatal problems - we certainly expect that the wheels don't fall off our cars just after we drive off the new car lot. We shouldn't have to *know* that we have to tighten the lugnuts or get new tires because the ones I juts bought are about to explode, and I shouldn't have to immediately change the locks because everyone and their grandmother can pick the one I just bought with a toothpick.
Perhaps I'm taking the analogy too far, but can you name another product that is widely sold brand new with massive known defects?
No, my suggestion was not a "solution" to the general problem. It was an idea for the supposedly technical person trying to fix a b0rked windows box which they couldn't get to stay up long enough to patch. For that person, I would have thought that unplugging a cable would be both obvious and straightforward. Should regular users be disconnecting their boxes every time they reboot? Of course not.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
" i used to sell them around the time the blaster worm came out on the side of the streets outside best buy etc for $20 a piece."
See, that's the problem right there!
People are willing to buy a 'security CD' from some guy on a street corner???
Wow !
That Windows thing is really easy !
I could not help but find myself in quite a humorous state as I read that article. As a Support Analyst for a Fortune 50 company, I see many of the errors that the user was describing in the beginning of the article. Unforunately for him, he reinstalled the OS. All he needed to do was recreate his Windows profile.
The right click locking explorer and the functionality loss of Mozilla were most definely not caused by the Reg, but more likely caused by a corrupted NTUSER.Dat file in the profile folder of his machine.
Furthermore, if you are currently reading this article on your home PC and not sitting behind a firewall of some sort, please send an email to banme@slashdot.org with the attention line reading I am no longer worthy.....just kidding just kidding.
http://jayceecorder.blogspot.com
Isn't it amazing how the solution to so many Windows problems is to jump through hoops, restrict what you can do, and generally make your life a hassle.
Unlike in the Unix world, where you solve all these problems by simply not running as root.
Of course, to a Windows user, having to su every time you want to install software or change a configuration setting comes into the category of jumping through hoops, restricting what you can do, and generally making your life a hassle, but there's no pleasing some people...
The real problem with the story told in the article is that there was no firewall between the system and the Internet. It is simply no longer acceptable to connect Windows machines directly to the internet without a firewall.
That statement doesn't really change the conclusions in the article very much, but in the past I've reinstalled friends' windows machines and downloaded and installed all the updates without any trouble at all -- because I did it behind a firewall.
If you wouldn't leave your car parked unlocked with all the windows down in the middle of [bad part of town], then don't connect Windows machines up to the Internet without a firewall. The end.
No, even the best firewall software won't prevent all Windows holes. The solution is that a Windows box should NEVER, EVER be put on the live internet. Only behind some kind of NAT to keep the nasties out, be it a linux box or a $50 DSL router.
I have always believes that anyone with a slightest bit of technical knowledge who knowingly puts a Windows box on a world routable IP should be charged with criminal negligance.
And no, this is not flamebait, it's just the reality of Windows and it's security flaws.
windows was NEVER designed to be secure.
it was designed to be compatible..
easy to use and work.
Seriously,
why is every gaping hole in windows
frontpage news?
A typical Windows system follows a simple lifecycle: it starts out with a clean Windows installation, which gradually deteriorates as programs are installed, and uninstalled. Eventually, the Windows registry accumulates so much crud that the user is forced to do a clean install.
.conf files in /etc or old log files on your Linux box. Such files/registry entries are unlikely to interfere with anything, and when they do, it is far more efficient to handle individual cases rather than apply a blanket policy of erase and rebuild.
Half of the article seems like a rant against the Windows registry, and doesn't appear to even bring that point to a conclusion.
Sure, reinstalling can fix a lot of problems, but the machines I maintain (personal and work) do not get reinstalled unless there is a catastrophic failure. I know it's popular to believe Windows boxes need a reinstall every 6 months, but I have to question the "l33t skillz" of those particular users.
I've actually migrated installations from old hardware because I didn't want to reinstall my apps. Is there "cruft" in the registry on those system? Maybe, in the same sense that you have orphaned
I have to wonder if the author of the article is trying too hard to fix problems which aren't... registry "cruft" does not harm the computer. If there are lingering problems after software installs/uninstalls, it's due TO THAT SOFTWARE. Don't install it next time.
The company has to move away from its Windows roots in order to create a secure operating system environment.
Is this the article's conclusion? That Windows isn't secure? All this moaning about how hard it is to get Windows updates and the suggestion is to "move away from its Windows roots"? So the registry "cruft" is now a security issue because the "solution" to computer problems is reinstallation? That's quite a stretch...
I call FUD; I thought vague, unsupported claims were reserved for AdTI.
My brother had a car that he had like NO idea how to take care of man. and he like filled up the oil and didn't put the cap back on and ran the car for a few days and a week later or something the car like DIED man, SO DEAD. I mean it's totatlly lame to expect my brother to know that even if the oil light goes back off there's probably still a problem. I mean cars should totally just work. You shouldn't even have to know how to drive or anything, and if you run into phone poles by accident somebody should like fix it for free or it should be made of plastic or something.
Seriously people, If you want to cruise on the info superhighway learn how to drive(get a firewall, AV, know how to work your box). If you don't know that stuff and something breaks its not MS's or Linus'es or anybody elses fault, its yours
Asking users to plug/unplug their network cable is just plain silly.
I'd have to disagree. I think making someone work for something might make them a bit more appreciative of what needs to be done to maintain it.
I told my father to take his computer to a local shop to have it fixed rather than drive up to me. Once he learned how much it costs to have things fixed that can easily be avoided he seemed much more interested in learning how to take care of things than thinking "this thing should just do as I want it to" (and he stopped downloading stupid ass screensavers.
A little work goes a long way.
Worms have nothing to do with firewalls. Worms propagate due to stupid users who don't have the sense to stay away from porn web sites and who automatically accept any ActiveX or Java they run across and who open any executable e-mail attachment they get. People need to be fixed, not Windows.
I don't care how good XP SP2 is, I'm not letting it near my PC.
If all this should have a reason, we would be the last to know.
You see, it takes 20 seconds to 2 minutes from the network activation to the firewall start every time you turn on the PC, not just when you're getting the latest update. And if you think you only need a firewall when you're running Windows Update, then you're missing the whole point of having a firewall.
If all this should have a reason, we would be the last to know.
What vmware installs onto a system should not screw it up. This is just an incredibly lame attempt to blame the end user for someone else's engineering incompetence. AT WORST, vmware should only be able to hose your network connectivity.
A Pirate and a Puritan look the same on a balance sheet.
No offense intended, but you can't expect "normal"(dumbass) users to do what you do. Even though your solution may work well, they just won't do it.
I was going to post something less colourfully phrased if no one else had.
The author of the article is either inept or trolling. Unless you are doing something dumb like downloading tons of shareware apps, installing them briefly, then uninstalling them, the registry should be fine.
Of course, he *does* seem to be the kind of person that does exactly that, based on his "I downloaded a random 'registry cleaner' program and trusted it with my computer's stability, and now my PC doesn't work!" thing.
The hotfix issue is a legitimate complaint, but anyone who is running Windows 2000 (an enterprise operating system) at home should be comfortable with making slipstreamed install CDs - especially if the user is someone with dialup access who regularly formats and reinstalls their system.
I'm sure MS would be happy to provide physical CDs with the updates on them if more than a tiny fraction of users were willing to pay a small fee for the convenience. It's not like Linux users get magic free CDs mailed to them from the groups that package the distributions.
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
We should not just "figure out ideologies". We should figure out the REASONS these extreme ideologies develop.
...etc. So, it was easy to attack a well defined enemy, and have a declared state of war.
It is now a war for the US, but before that it was just extremist political dissent in other countries. Because it was not treated then by the societies that had it, it fled abroad and went out of control.
The analogy to Nazism and Fascism and wars against them is fallacious too. These were countries against countries, with defined armies, leaders, equipment, theaters of operations,
Terrorism is more amorphous, hidden, and clandestine. It does not have defined head quarters, nor armies, nor a theater of operation.
It is more like crime, than like war.
If it is to be defeated, it is by eliminating the cause(s) for it. Before these causes can be eliminated, they should be diagnosed and identified.
Oh, and I disagree this is a "war of culture", as much as the extremists (on both sides) want it to be.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
A hardware firewall is practically a requirement these days if you use your computer for anything proprietary and sensitive, at least in the eyes of management. For both my jobs, I've gotten direct requests for me to secure my home computers with a router, but oddly, they wouldn't buy me one. Well, thanks to slickdeals.net, I finally managed to grab an 802.11b wireless router for ten bucks. Security problems solved.
Just some thoughts.
The cesspool just got a check and balance.
You can throw AAW and NAV at the typical user and hope the computer will remain scumware free, but the best defense is the user learning to not trust any arbitrary website and download.
Calling atheism and agnosticism a religion is like calling bald a hair color.
Quoth the parent:
I read that and nearly spit coffee on my keyboard. OK, let's assume that the parent poster is being 100% honest, that he made "a few grand" selling home-burned CDs outside Best Buy at $20 a pop. That's, conservatively, 100 CDs!
In other words, at least one hundred people were perfectly willing to shell out money -- cash, presumably -- to some random guy in front of a store, then take this guy's CD home and blindly install whatever the hell he'd given them!
Folks, talk all the shit about Microsoft that you want, but there's your security problem! If this guy is on the level, we've just had a prime lesson in the reason why Blaster, et al spread like typhoid.
You know, don't you feel sorry for Microsoft, sometimes -- just a little bit? I mean, imagine you're a Microsoft engineer. You're hard-working. You really do try, given the massive user base you have to support and the cruft of legacy code you're stuck with. Reasonably fast patching for security holes, updates -- hell, they'll send you a damn CD of updates for free!
And then you read something like this. And request an immediate transfer to the Office development group...working with Clippy would seem like a joy.
And for all the linux advocates out there -- especially the zealots, the Stallman's Witnesses -- this is a cautionary tale. If and when linux starts to hit the desktops, you're going have this same problem. If 100 users are willing to take some guy's CDs and install them, no questions asked, they're not going to flinch when he says, "Oh, and it will prompt you for your administrator password. You'll need to enter that in order to make sure the system is scrubbed." Play out your own nightmare scenario, there. Linux is inherently more secure? Really?
Social engineering-based cracking can't be stopped. Not by Windows, not by Linux.
It's a rational expectation that a brand new machine, or one restored to factory configuration, should have no fatal problems - we certainly expect that the wheels don't fall off our cars just after we drive off the new car lot.
;), but basic security practices will rid someone of just about every problem they might encounter (i.e. using a hardware firewall and keeping software updated).
If you really want to make a fair comparison between a clean install of Windows, and a new car - A much better analogy would be someone using Windows on the Internet VS someone trying to drive a car without having a license (or knowing how to drive) and blaming their problems on the car. Its not like plugging in your Windows machine and turning it on will cause it to start crashing. I'm also not suggesting that everyone need a license to get on the Internet (although that would cool in some aspects
I can't think of an operating system that wouldn't survive an internet connection for long enough to download updates. I wouldn't have the slightest concern putting any 3 year old UNIX system of any flavor online to download its patches, or even an old-school Mac running that abomination known as Mac OS 9, or for that matter Windows for Workgroups or Windows 3.11...
The security design of Windows was hopelessly comrpomised when they merged the desktop and the browser, and nothing less than the complete reversal of that decision can restore it.
I am shocked, appalled, and dismayed! Actually I'm not, but I like the way it sounds.
:
"This guy had family with a problem: A Windows XP computer hit by worms that couldn't stay on-line long enough to get patched. His solution? A CD."
Reality check time. Which of the following are not required to get online via cablemodem
[ ] Computer
[ ] Monitor
[ ] Keyboard / mouse
[ ] Cablemodem
[ ] Assorted cables, and electricity
[ ] A fscking hardware router / firewall.
Guess what - a fscking hardware router / firewall isn't optional anymore. Linksys BEFSR41 - learn it, know it, live it. Less than $50 at Best Buy, if you actually help someone set up their computer and plug the NIC directly into the cablemodem - you aren't helping. Doesn't matter what OS, what hardware platform, etc.
Patches smatches. Software firewall flufferall. There is no substitute for a hardware firewall. Cheap, easy, effective - this is your one chance to get all three.
Glonoinha the MebiByte Slayer
Who keeps modding this nonsense up? The article nowhere mentions grandmothers, andy666 has added the same comment to various articels, it is doubtful that he is really a grandmother or french.
Great! for you maybe. in the home desktop scheme of things, QNX is irrelevant. Linux is hardly relevant, Linux has dreams of being relevant... and may be some day soon.
telling home desktop users to run QNX, sheesh. good luck on this one, pal.
The whole idea of Windows Update is a joke. Using an unreliable and insecure network as the primary means of distributing security updates is simply idiotic. This is like asking people to walk through a minefield to get to a shelter.
And yet, people still want Windows. I work in a high-tech call center, and people still look at me with blank stares when I tell them I don't use Windows at all at home.
Q "What do you run for anti-virus?"
A "Nothing. Linux isn't as succeptible to viruses"
Q "What about spyware?"
A "Same thing. I don't run anti-spyware either because I don't get it. Oh, and I can update my computer without rebooting too"
I've even had a laptop running nothing but Slackware, and technical people _not_ believing that Windows wasn't somehow still on the machine! People just don't see computers with anything other than Windows. If computers = Windows, then how can people get sick of Windows and not be sick of computers? The fact is, Microsoft has done a brilliant job of equating computers with Windows, to the point where even most technical people don't see any other option.
I think my job as an Open Source advocate is to just let people see Linux run on a computer, and let them follow the inevitable logical conclusion themselves.
Ruby on Rails Screencast
This guy's an idiot. He installs crap and unreliable third party applications and drivers on his system and then blames Microsoft! The article was a rant about security, so why the comments about the registry? It seems that was a dig based on some other personal dislike. He admits he placed his trust in some third party tool to clean his registry! Seems rather foolish.
/etc, /lib, rc scripts, etc. Just as time consuming and frustrating to fix. Just as painful for incompetent and computer illiterate people. Just as many people running with root level priviledges. Just as many boxes cracked automatically before security updates can be downloaded.
... oops!).
If Linux were as popular as Windows, there would just as much poor quality crap coming out for it trashing
I ran Windows 2000 for 3.5 years with the only problems coming from Creative Labs DXR3 and SoundBlaster Live! drivers, and Mozilla's graphics resource eating issues. I won't buy anything from Creative Labs again, and Mozilla have fixed their bugs. I only had to re-install Windows after I accidentally trashed the first part of its partition playing around under Linux (Grub, Lilo, dd
Doesn't this tell us something when linux doesn't even need a cd to install itself, but if you want to even get online with windows...you need a fucking cd to patch all the fuck ups they left in it? This whole problem would be solved if they would place the patches on the computers at the factories they make them in. Then when these idiots get their new gateway computers they don't help spread worms and virus's around the internet. But what does it matter, I am sure that microsoft will probably just create a new way for them to cause problems that they will get paid to "fix".
If carrots got you drunk, rabbits would be fucked up. - Comedian Mitch Hedberg R.I.P. 03/30/68-2/24/05
maybe by then windows will automagically have become secure/stable without all the bloat (no), but for the time being mac's unpopularity does have an advantage. as long as you don't need to play excessive games, macs can usually do anything pc's can (and in a lot of cases, better)
take it as a security advantage, not a hinderence.
apple also seems to put more effort into their os development then microsoft anyway; like linux, they improve upon code rather than adding patches just to fix errors, and newer operating systems tend to run faster than older ones with all the benefits (xp can't run on some older pcs now that aren't severly outdated, and longhorn is going to require a lot more)
i think even if mac were as popular as windows, with equal focus from the virii community, it would still be more secure
This is pretty typical of the FUD articles about Windows or Linux that /. has been publishing lately. Windows zealots send in articles written by MS puppet "research organizations" that belittle the OSS folks; then the Linux zealots respond in kind with this article.
It's really simple, people. Informed users will lock down their systems and know how to patch appropriately, regardless of their OS. Uninformed users will never lock down their systems or will get fooled into opening an exploit backdoor, regardless of their OS.
I like Macs as much as the next guy (probably more), but a function of popularity would be that there are a LOT of them. Walk into 100 random households in the United States, 60 Windows machines, 3 or 4 Macs would probably be a pretty good spread. MacOS may be pretty good, but it's definitely not widespread.
this sig limit is too small to put anything good h
While I run my own Linux box at home, I have several clients and relatives I support. Giving them a happy blue box that blinks and costs $50 trumps any ability to ssh into it and fix.
The Linksys doesn't generally need fixing. And if it does, unplug and plug it back in. They are happy. I am happy. And I'm not getting calls during the weekend when a power outage fries the hard drive and I have to rebuild the Linux partition.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Sorry, but Zone Alarm, Black Ice, etc. are all PIECES OF SHIT. You have no idea how many times I've been troubleshooting broken internet apps only to find out that Zone Alarm/Black Ice is installed. One of my first questions now is to find out if those things are installed. The sole purpose of those software packages is to annoy you every time it blocks a connection and try and convince you to pay money for the enhanced version of the nagware.
You declare that the SP2 firewall broke your ability to print, but you do not know why. You just take a reactive stance and jump back to what works now instead of finding the underlying problem and solving it. I'm sorry, but I just don't believe that the firewall broke your ability to print unless there was an underlying reason. Outbound connections are not blocked by the firewall. The same statement goes for seeing others on the network. Maybe you were just impatient and didn't wait for browsing to stabalize which takes up to something like 15 minutes in a single broadcast domain. If you're really that anxious to connect to another computer and can't wait for the browse list, do a start | run | \\COMPUTERNAME.
If you want the computer to be seen on the network, create an exception list in the firewall configuration! It already has a preset for file and print sharing one tab over from where you enabled the firewall for crying out loud!
God I hate seeing ignorant fucks blaming the software vendor for their own ignorance, then getting modded up for it. It's not Microsoft's fault that you don't RTFM or open your eyes to see that there's other configuration options when you use a feature. Blaming Microsoft may be fun, but it's not always the answer.
-Lucas
he's paying him back. He's showing him that it's much better to not get your computer hosed in the first place, so he IS paying his dad back for his education, in exact kind. Adults can be wrong, but there's no easy way to point this out to them, in a father/son situation. And it worked according to the post, when his father realised what a PITA it is, what it really costs,both in cash in what might be done to his machine or credit card or other personal info, or how he could be used by a malicious zombie-running blackhat, etc, and how easily preventable it was,so he learned something useful and practical.
I think a lot of people honestly do not know that the primary reason they might get hacked is not to get their personal information, but to use their machine to distribute hacked warez and spam email and kiddie porn. So, it's much better to do what it takes to help people understand the ramifications of their actions-or non actions, and to perhaps take a more critical look at the software they are running. To me, it's like a traffic ticket (paying to have your machine cleaned and fixed), you are SUPPOSED to learn something (stop being a no-nothing lamer) about your behavior driving your car (computer) on the public road (internet).
Once people are REALLY aware of it, then they have a chance to correct the problem. If you can't get their attention in the first place, they won't ever learn. Sometimes it takes a fine to do that.
I FULLY support ISPs or private network admins yanking access to the network from infected machines. They don't do it enough, IMO, and if it happens to me because my machine gets hosed and zombied and I don't deal with it in a timely manner, then too bad for me, too. I'd rather be told about it if I don't know myself, and losing your net access is both protecting the innocents, and getting your attention for a problem. And if THAT then kept being pushed back up the food chain to the vendors, where they had to code better, release less often, and be forced to offer products good enough they could be warrantied, then I'm all for that, too.
It shouldn't take 20 years to come up with a more secure out of the box operating system that is network capable, is the real bottom line, no matter which one you are talking about.
You'd see it get chaotic in meatspace if any manufacturer were allowed to sell "caveat emptor" products with no government required warranty, of course they would skip doing quality work then, because there would be very little risk to them. It's time software played by the rules every other manufactuer has to play by, especially if they demand IP ownership and patents and huge profits. They want it treated like a normal product, swell, but let the law treat THEM like any other product as well.
To most home users that makes about as much sense as:
"One safe option is to run DOS on the desktop. It comes with no inbound services enabled..."
There is a reason that a stereotype comes into being. Instead of getting offended, perhaps you should just be grateful you are an exception to the rule!
I am not an admin, I'm a tech... And even if I was, I'd still be at the mercy of the whims of the higher-ups. This University has decided they want to go Active Directory, so that's what we're doing. It doesn't help matters that they decided to centralize everything, and the techs don't have access to fix network problems, we aren't even allowed to open machines, unless it's to change a NIC. What can I say, it's not MY network.
Both comparisons are flawed. About the only close comparison I can think of would be a car with numerous defects that has been to the dealer for recall service and then losing all those recall repairs the next time you reinstall tires (and I certainly wouldn't want to visit that mechanic again). A fresh installation of MS Win32 will have all the flaws/exploits that have been discovered since your source disk was created.
Obviously a reinstall of an operating system will need to be repatched to obtain the updates unless you obtain a more recent version of the OS with patches included. I haven't noticed MS doing this but then my company rarely has something other than system restore media for MS Win32 systems (maybe Microsoft does this but I haven't seen it). For my Solaris systems, I can locate a newer media pack to get much closer to a patched environment.
Listen, normally I'm all about trashing windows for it's security. We all know what's wrong with it, no need to go into it again.
I also agree that the amount of reinstalls required is kinda ridiculous. Windows installations on a working PC run by a computer guy to deteriorate over time. I think this could be fixed by simplifying the registry somewhat.
However, this dude is blaming windows for things he should know better than to do. You went on the internet without a firewall? Why would you do that? What, exactly, did you expect to have happen? In XP you can enable the default firewall with a few clicks, so this issue has pretty much been fixed. Is it really productive to write a whiny article about an issue that Microsoft has already addressed, when there are so many more important security issues with the OS?
The other issue is, what OS is going to be secure upon reinstall??? I mean, you can trash windows for needing frequent reinstalls, but you can't blame it for being insecure upon installation. With OpenBSD I can do an FTP install of the latest release, which requires a large download, or with windows I can install from CD and install the latest SP, which requires a large download. Either way I'm going to be online with an insecure system...unless I have a brain and run a firewall, of course. Even if you have the latest release of your OS somewhere, chances are good that you're going to have to go online to download a few patches.
As far as the registry cleaner...I downloaded one of those too. I spent 3 seconds searching USENET and found an excellent one for free the first time. Do your homework = save yourself a headache.
The amount of reinstalls is ridiculous, no denying that. Simplification of the registry would absolutely be nice. However, the registry serves a purpose. Sure there are other ways of doing it, but it's obvious from the tone of the article that the author has never supported windows in an enterprise environment. There are more than a few times where the registry system has come in handy. With the amount of crappy software vendors writing crappy software that doesnt conform to any standard, I am overwhelmingly glad to have a more or less standardized place to store configuration information. As much as I hate to say it, Microsoft also does a great job updating the registry with information about their own installed products, which makes deploying apps which depend on those products far far FAR easier.
God...I can't beleive I'm even about to say this...but the author should also check out System restore, since he's oviously not that windows saavy. As much as I hate this feature, it does seem to work reasonably well in some cases. There are more advanced tools for backing up the registry as well. Rolling back a windows system is a reality and there are more than a few novice users who I support who have saved themselves this way.
I dunno...I mean the idea that you should have to reinstall so often is valid, and the idea that Windows should be more secure by default is more than valid, but this experience just seems like a really weak case for me. The idea that someone is going to avoid right clicking rather than reinstalling or put fucking VMWARE, of all things, on a system that is trashed to the point of not being able to right click just doesn't say much to me in terms of their qualification to write a technical article. I see the point the author is trying to make, but since XP has a firewall that is insanely simple to enable, I really don't see the point of whining about this.
The other thing is that, somehow, some way, I manage to avoid the problems he is talking about. I do the same kind of fiddling and BSing around, but somehow I have never had my right mouse button stop working or have a browser stop working despite reinstalls. If you're going to mess with the computer, have your shit together, have a firewall (or the latest service pack) on CD, and stop doing whatever you did to screw t
"And if you're on a wireless LAN?" Then you should be running a router that runs a firewall anyway.
I'm dismayed that any reference to Mac security usually gets smacked down in comments here, whenever the subject of Windows insecurity comes up. "Just wait til the worm and virus writers target Macs."
But here's an idea. Buy a used Older Mac for under $50 to download your Windows patches, then burn them to CD and transfer them to your PC. Doesn't hurt to have a backup plan.
My slashdot nightmare is a bunch of twits constantly using the word "boxen".
Oh, wait...
You mean the programs she likes, such as the cute little purple gorilla that walks around on the screen, and RealPlayer, and all those screen savers and random assorted games that her friends emailed to her and that she downloaded from questionable sources?
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
..to jam a penny into the keyboard such that it kept the return key held down, so that the key-repeat would dismiss the dialog box over & over again
Ever run fsck on a badly damaged fs? You might use the penny too. (Until you remember to just pipe "yes" output to it).
I've had enough abrasive sigs. Kittens are cute and fuzzy.
or just use the -y option
Time to lose some Karma
I have mod points and I am not afraid to use them
You can already get a CD from microsoft, free even! http://www.microsoft.com/security/protect/cd/order .asp
I am no MS advocate, but I am a tech support guy, and I have recommended this CD to people in the past.