Slashdot Mirror


The Windows Security Nightmare

latif writes "Microsoft has set aside a $5 million fund for paying off informants on malware authors. In my opinion a good chunk of this money deserves to be paid to individuals who help catch the Microsoft employees behind the design of Windows Registry and Windows Update. As I found out, the two mis-features work together to deprive Windows users of all protection from malware. The details of my experience are in the article Why Windows is a Security Nightmare." In a related story, Anonymous Wussie writes "This guy had family with a problem: A Windows XP computer hit by worms that couldn't stay on-line long enough to get patched. His solution? A CD. This article describes the custom made CD he sent to his family member with patches, tools, and instructions to make a fresh install of Windows XP Home Internet safe. I know I'll be doing this in the future."

40 of 969 comments (clear)

  1. Big problem by jdreed1024 · · Score: 4, Insightful
    A Windows XP computer hit by worms that couldn't stay on-line long enough to get patched.

    This is a serious problem, actually. During the height of the worms last summer, we saw hundreds of machines that got infected while in the middle of downloading updates. It even got to the point that the WinXP "firewall" wasn't good enough, since it loaded *last* in the startup sequence, and there was a good 20 seconds to 2 minutes (depending on the speed of the machine) when the machine was on the net and unprotected, even if you had enabled the firewall settings.

    It's the bigger problem of running services by default. The average user doesn't need half of the services that run. Linux figured that out years ago - most services are off these days, and those that are on are fairly secure (ie: sshd). Even if some of these services are required for system operation (like some folks have claimed), there's no reason for them to be listening on addresses other than 127.0.0.1.

    --
    There is no sig, there is only Zuul.
    1. Re:Big problem by jdreed1024 · · Score: 4, Insightful
      Am I the only one thinking:

      1) Switch on computer
      2) Login
      3) Wait until everything is loaded and the disk stops chunking
      4) Plug in network

      Is that really hard?

      Try telling that to an end user. They don't want to be bothered with that. And also, people forget to do things sometimes. And the one time you forget, you'll get infected.

      Yes, yes, we all know the most secure computer is the one that doesn't have a network connection. But really, providing firewall software, and loading it last in the startup sequence, instead of immediately following network device startup is sloppy and wrong.

      --
      There is no sig, there is only Zuul.
    2. Re:Big problem by kidgenius · · Score: 3, Insightful

      Right.....because you know that all of the people less techincally adept than you will make sure they do that.

  2. Ignoring the root cause and fighting the symptom by kbahey · · Score: 4, Insightful

    I cannot help but see the analogy here.

    Microsoft takes the approach of fighting the symptom (malware, ...etc.), and not the root cause (flawed security design, ...etc.).

    This is the same way many governments approach things like terrorism. They address it like a security problem only, that Intelligence Agencies and the Military/police handle. Why these ideologies developed, and what are the social, economic, and political reasons that lead to it is never even attempted.

    And it is not only America, this has happened before in Ireland, Spain, Egypt and elsewhere.

    Unless the root cause is studied, a correct diagnosis is made, and then remedial actions are taken, no amount of policing will fix the problem for good.

  3. Custom patch CD by prisen · · Score: 3, Insightful

    This isn't anything new -- I've sent plenty of patch CD's with customized .bat/.cmd files along with stupid-easy instructions thanks to an autorun.inf that takes care of everything from hotfixes to updating DirectX and IE, even restarting the box when it's done..all without bothering the user with confusing dialog boxes. It helps quite a bit when your family has dial-up and can't even get to Windows Update before Sasser or equivalent hoses their machine.

    But, then again, I've sent many times more Linux distro CD's to my friends.

  4. Re:Not so fast, sir by ivan256 · · Score: 4, Insightful

    So your solution is to spend $80 on hardware to workaround a defect in $100+ software? Does he have to carry this device around with his laptop everywhere? This is a joke, right?

  5. Registry and update? Nah. by Weaselmancer · · Score: 3, Insightful

    If you're going to go after Windows employees, don't bother with the registry and update guys. Nail the guys who made ActiveX and Outlook.

    There ya go, I'm an informant now. When can I expect my check? =)

    Weaselmancer

    --
    Weaselmancer
    rediculous.
  6. Re:its not that bad by Kenja · · Score: 4, Insightful
    "It has no virus scanner, and they have never contracted a virus."

    How do you know? If its not running a virus scanner how would you tell if it had a virus or not?

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  7. Re:its not that bad by blastedtokyo · · Score: 3, Insightful

    If it has no virus scanner, how do you know that it's never been infected?

  8. Re:Custom CD by Ann+Elk · · Score: 3, Insightful

    Microsoft's Windows Security Update CD is great in theory, but almost worthless in practice. The lead time for delivery is so long, by the time you get the CD, another batch of viruses/worms are out exploiting newly discovered vulnerabilities.

  9. Re:Use the Firewall by radish · · Score: 3, Insightful

    How about you wait until the firewall is loaded before plugging in the network cable?

    --

    ---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"

  10. Re:Not so fast, sir by sphealey · · Score: 3, Insightful
    So your solution is to spend $80 on hardware to workaround a defect in $100+ software?
    The value of a system isn't in the cash-and-carry price of the components; it is in the data and applications running on it, the time and effort to get it configured properly, and the opportunity cost of not having it in operation. $79 isn't much against those costs.
    Does he have to carry this device around with his laptop everywhere?
    Plenty of corporate travellers do just that, yes. But in the scenario presented he only needs it for freshly installed systems not yet fully configured. Assuming he trusts his WinXP configs to be secure.

    This is a joke, right?
    Um, no.

    sPh

  11. Whether you are offended by 2names · · Score: 4, Insightful
    or not is immaterial. The simple fact is that as one ages, one loses touch with new technology and advancements for many reasons, most of which have nothing to do with a person's abilities or intelligence. Mostly, people just stop caring about the latest gizmo and care more about things that are really important like family.

    But, if you don't believe me try this little test:

    Take an iPOD, a Laptop with a wireless card in it, and a wireless access point to a retirement home. Place them on a table right next to an Internet connection of any kind. Now ask if any of the residents can get a song from the iTunes store onto the iPOD.

    I'll put dollars to doughnuts you won't find a single resident who can do it. Not because they aren't capable of learning how, but because they really just don't care about that kind of thing anymore.

    $.02

    --
    "I'm just here to regulate funkiness."
    1. Re:Whether you are offended by bloxnet · · Score: 4, Insightful

      Ridiculous.

      My grandparents are in their 80s...and you are probably right, but the generation(s) in their 50s-60s are more likely to have been exposed to technology and it's increasing role in our day to day lives to completely invalidate your theory.

      Even more so, each year that passes you will have more grandparents who are moderately tech saavy...it's not in anyway a question of age, but experience. There are still quite a few people in their 20s, 30s, etc who would also not be able to pass your IPOD+ITunes test, because (brace yourself for the shock), they don't drool over tech items like the majority of slashdot readers do.

      It's just depressing to see that the rampant ageism that is applied to older people is still going strong in the tech industry...and does not seem to show signs of stopping.

      The original poster was offended because she was both a grandparent and a woman into technology, and admittedly, she is a rarity even now....but the real point is that the more time passes, it's more and more possible that this will not be an exception to the standard. And in the spirit of fairness, she was kind of silly to be up in arms about it anyhow...although her point *was* and *is* valid.

  12. What a bozo! by gregarican · · Score: 3, Insightful
    I can empathize with the author's issues and gripes, but a bit of enduser education could have prevented a decent amount of them. Here's a good document on how to survive your first day with Windows XP.

    The author's slanted raving is over the top. I could just as easily read about some Linux newbie's nightmare experience trying to get all of his hardware to work or how they had to rebuild the kernel after applying some new module to their system.

    My main gripe with how things are is that all new PC's should be delivered fully patched as of their configuration date. And since Microsoft has switched to their license subscription model they should ship out CD's to all licensed customers with all rollup security packs available. Just like a TechNet subscription operates for previewing beta products. I don't mean a user calls into Microsoft to request a CD. It's their place to send them out. Just like an auto company would mail out recall notices.

  13. Re:Use the Firewall by dylan_- · · Score: 4, Insightful

    Since a few people have mentioned this: He was using Windows 2000. It doesn't have a firewall.

    --
    Igor Presnyakov stole my hat
  14. Re:Not so fast, sir by jdreed1024 · · Score: 4, Insightful
    A D-Link port-80-only firewall can be had at any number of electronics stores (heck, probably at Walgreen's too) for $79. It isn't a total solution, but it will protect a personal machine long enough to get the Windows Updates installed.

    Wow. Think of what you're saying. You're telling users that they need to shell out almost a hundred bucks for a device that will allow them to safely download updates. Has Microsoft security gotten so bad that we're just going to accept that you need to buy a firewall just keep your OS up to date? Does anyone else see a problem with this?

    --
    There is no sig, there is only Zuul.
  15. Re:Not so fast, sir by 31415926535897 · · Score: 3, Insightful

    +5 insightful?

    The total cost of his solution was the cost of the CD--your solution costs $80, and it isn't even complete.

    He mentioned installing a firewall (such as ZoneAlarm) which is free and would do as effective a job as your $80 solution.

    Also, one of the other large problems today is spyware (or hijackware as it should really be called), and that comes over the browser on port 80. Your $80 firewall is not going to stop that. However, the author of that article offered several free (and wise) solutions to combat this problem.

    I know I'm not supposed to feed trolls, but common, at +5 I just had to respond.

    If you're really pushing this $80 solution over a perfectly reasonable free solution, then you either work for D-Link or you shouldn't be taken seriously.

  16. Re:Burn a cd? by moojuece · · Score: 3, Insightful

    did you RTFA? author mentions this CD but also states that this is horrible out of date, takes 2-4 weeks to arive and will not ship to his country

  17. Re:Update CDs for family by YrWrstNtmr · · Score: 3, Insightful

    That's the problem...Unless I boot linux and pull the internet from the back of the machine, her pc will never be secure...

    Why would booting to Linux be any more secure, for that user?
    She appears to be the problem, not the OS.

  18. Re:Use the Firewall by Marc+Desrochers · · Score: 5, Insightful
    How about Windows not enabling the network inteface before it has all of the network settings loaded for it.

    ...and I don't believe obtaining a DHCP lease would be a problem through this.

    Asking users to plug/unplug their network cable is just plain silly.

  19. Re:Use the Firewall by One+Louder · · Score: 5, Insightful
    Unfortunately, that assumes that one is familiar enough with Windows to know that's the order in which things load, that unplugging the network cable won't make the machine somehow think it's not *going* to be on a network.

    It's a rational expectation that a brand new machine, or one restored to factory configuration, should have no fatal problems - we certainly expect that the wheels don't fall off our cars just after we drive off the new car lot. We shouldn't have to *know* that we have to tighten the lugnuts or get new tires because the ones I juts bought are about to explode, and I shouldn't have to immediately change the locks because everyone and their grandmother can pick the one I just bought with a toothpick.

    Perhaps I'm taking the analogy too far, but can you name another product that is widely sold brand new with massive known defects?

  20. Re:Use the Firewall by radish · · Score: 4, Insightful

    No, my suggestion was not a "solution" to the general problem. It was an idea for the supposedly technical person trying to fix a b0rked windows box which they couldn't get to stay up long enough to patch. For that person, I would have thought that unplugging a cable would be both obvious and straightforward. Should regular users be disconnecting their boxes every time they reboot? Of course not.

    --

    ---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"

  21. I am asking for it but here goes.... by jwcorder · · Score: 4, Insightful

    I could not help but find myself in quite a humorous state as I read that article. As a Support Analyst for a Fortune 50 company, I see many of the errors that the user was describing in the beginning of the article. Unforunately for him, he reinstalled the OS. All he needed to do was recreate his Windows profile.

    The right click locking explorer and the functionality loss of Mozilla were most definely not caused by the Reg, but more likely caused by a corrupted NTUSER.Dat file in the profile folder of his machine.

    Furthermore, if you are currently reading this article on your home PC and not sitting behind a firewall of some sort, please send an email to banme@slashdot.org with the attention line reading I am no longer worthy.....just kidding just kidding.

    --
    http://jayceecorder.blogspot.com
  22. Re:Use the Firewall by needacoolnickname · · Score: 5, Insightful

    Asking users to plug/unplug their network cable is just plain silly.

    I'd have to disagree. I think making someone work for something might make them a bit more appreciative of what needs to be done to maintain it.

    I told my father to take his computer to a local shop to have it fixed rather than drive up to me. Once he learned how much it costs to have things fixed that can easily be avoided he seemed much more interested in learning how to take care of things than thinking "this thing should just do as I want it to" (and he stopped downloading stupid ass screensavers.

    A little work goes a long way.

  23. Re:Use the Firewall by Rick+the+Red · · Score: 3, Insightful
    No shit. When I turn on the Windows firewall I cannot see/be seen on my network. Zone Alarm has no problem letting me print to my network printer (on another PC), but with Windows firewall I don't even see it. Sorry, but I just don't have time to figure out the settings needed to fix this when Zone Alarm is the real fix.

    I don't care how good XP SP2 is, I'm not letting it near my PC.

    --
    If all this should have a reason, we would be the last to know.
  24. Re:Use the Firewall by Rick+the+Red · · Score: 5, Insightful
    Leave ethernet disconnected right up until the moment you're ready to hit Windows Update. You're already booted up with the firewall enabled. Connect cable, wait a few seconds for XP to notice it, hit update. Voila.
    Uh, huh. And then, the next day, you have to crawl under the desk and disconnect the NIC until you've booted up for the day, then plug it back in. And the day after that. And the day after that. And the day after that.

    You see, it takes 20 seconds to 2 minutes from the network activation to the firewall start every time you turn on the PC, not just when you're getting the latest update. And if you think you only need a firewall when you're running Windows Update, then you're missing the whole point of having a firewall.

    --
    If all this should have a reason, we would be the last to know.
  25. Re:Use the Firewall by yabos · · Score: 3, Insightful

    No offense intended, but you can't expect "normal"(dumbass) users to do what you do. Even though your solution may work well, they just won't do it.

  26. Re:This article is a disgrace to slashdot by blincoln · · Score: 4, Insightful

    I was going to post something less colourfully phrased if no one else had.

    The author of the article is either inept or trolling. Unless you are doing something dumb like downloading tons of shareware apps, installing them briefly, then uninstalling them, the registry should be fine.

    Of course, he *does* seem to be the kind of person that does exactly that, based on his "I downloaded a random 'registry cleaner' program and trusted it with my computer's stability, and now my PC doesn't work!" thing.

    The hotfix issue is a legitimate complaint, but anyone who is running Windows 2000 (an enterprise operating system) at home should be comfortable with making slipstreamed install CDs - especially if the user is someone with dialup access who regularly formats and reinstalls their system.

    I'm sure MS would be happy to provide physical CDs with the updates on them if more than a tiny fraction of users were willing to pay a small fee for the convenience. It's not like Linux users get magic free CDs mailed to them from the groups that package the distributions.

    --
    "...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
  27. Re:Not so fast, sir by kabocox · · Score: 3, Insightful

    You're telling users that they need to shell out almost a hundred bucks for a device that will allow them to safely download updates. Has Microsoft security gotten so bad that we're just going to accept that you need to buy a firewall just keep your OS up to date? Does anyone else see a problem with this?

    Our office lan has a hardware firewall and a network installed virsus scanner. I think every network should be secured.

    As a home user, do you trust Cable One, AOL, or a generic small time ISP to keep you safe? Are they responible for filtering all network traffic before it hits you? I'm going to say they should have hardware firewalls of there own.

    The /. crowd will never want filtered internet for themselves. But for your family? Wouldn't you want your mom on an AOL idiot proofed connection? If anything goes wrong, you could just tell her to call AOL and play dumb.

  28. Re:i use windows by ForemastJack · · Score: 5, Insightful

    Quoth the parent:

    i used to sell them around the time the blaster worm came out on the side of the streets outside best buy etc for $20 a piece. made a few grand off that.

    I read that and nearly spit coffee on my keyboard. OK, let's assume that the parent poster is being 100% honest, that he made "a few grand" selling home-burned CDs outside Best Buy at $20 a pop. That's, conservatively, 100 CDs!

    In other words, at least one hundred people were perfectly willing to shell out money -- cash, presumably -- to some random guy in front of a store, then take this guy's CD home and blindly install whatever the hell he'd given them!

    Folks, talk all the shit about Microsoft that you want, but there's your security problem! If this guy is on the level, we've just had a prime lesson in the reason why Blaster, et al spread like typhoid.

    You know, don't you feel sorry for Microsoft, sometimes -- just a little bit? I mean, imagine you're a Microsoft engineer. You're hard-working. You really do try, given the massive user base you have to support and the cruft of legacy code you're stuck with. Reasonably fast patching for security holes, updates -- hell, they'll send you a damn CD of updates for free!

    And then you read something like this. And request an immediate transfer to the Office development group...working with Clippy would seem like a joy.

    And for all the linux advocates out there -- especially the zealots, the Stallman's Witnesses -- this is a cautionary tale. If and when linux starts to hit the desktops, you're going have this same problem. If 100 users are willing to take some guy's CDs and install them, no questions asked, they're not going to flinch when he says, "Oh, and it will prompt you for your administrator password. You'll need to enter that in order to make sure the system is scrubbed." Play out your own nightmare scenario, there. Linux is inherently more secure? Really?

    Social engineering-based cracking can't be stopped. Not by Windows, not by Linux.

  29. Problems is Computers = Windows for most people by Ridgelift · · Score: 4, Insightful

    The whole idea of Windows Update is a joke. Using an unreliable and insecure network as the primary means of distributing security updates is simply idiotic. This is like asking people to walk through a minefield to get to a shelter.

    And yet, people still want Windows. I work in a high-tech call center, and people still look at me with blank stares when I tell them I don't use Windows at all at home.

    Q "What do you run for anti-virus?"
    A "Nothing. Linux isn't as succeptible to viruses"

    Q "What about spyware?"
    A "Same thing. I don't run anti-spyware either because I don't get it. Oh, and I can update my computer without rebooting too"

    I've even had a laptop running nothing but Slackware, and technical people _not_ believing that Windows wasn't somehow still on the machine! People just don't see computers with anything other than Windows. If computers = Windows, then how can people get sick of Windows and not be sick of computers? The fact is, Microsoft has done a brilliant job of equating computers with Windows, to the point where even most technical people don't see any other option.

    I think my job as an Open Source advocate is to just let people see Linux run on a computer, and let them follow the inevitable logical conclusion themselves.

  30. Not Windows, third party apps & drivers by Malc · · Score: 3, Insightful

    This guy's an idiot. He installs crap and unreliable third party applications and drivers on his system and then blames Microsoft! The article was a rant about security, so why the comments about the registry? It seems that was a dig based on some other personal dislike. He admits he placed his trust in some third party tool to clean his registry! Seems rather foolish.

    If Linux were as popular as Windows, there would just as much poor quality crap coming out for it trashing /etc, /lib, rc scripts, etc. Just as time consuming and frustrating to fix. Just as painful for incompetent and computer illiterate people. Just as many people running with root level priviledges. Just as many boxes cracked automatically before security updates can be downloaded.

    I ran Windows 2000 for 3.5 years with the only problems coming from Creative Labs DXR3 and SoundBlaster Live! drivers, and Mozilla's graphics resource eating issues. I won't buy anything from Creative Labs again, and Mozilla have fixed their bugs. I only had to re-install Windows after I accidentally trashed the first part of its partition playing around under Linux (Grub, Lilo, dd ... oops!).

    1. Re:Not Windows, third party apps & drivers by erik_norgaard · · Score: 3, Insightful

      First: You say don't install third party software, so you're really advocating for monopoly. Sure, there exists crap 3rd party software, but the OS should be able to protrect itself such that the system is not rendered unbootable.

      Second: His main 2nd point is still valid, regardless of what forced the reinstall. Inability to fetch updates fast enough to avoid being hit by a worm attack, the inability to resume fetch, the inability fetch a cd image, etc. all makes it a pain to get the system up to date. It is a huge problem to maintain and update a vulnerable system when securityexperts claim that an unprotected pc will by hit by Sasser within aproximately 10 minutes.

      Why is rpc on by default, on a stand alone machine? Ok, for interprocess communication - but only on the loopback interface!

      Microsoft has sold an 'insecure by default' product for years, while they should follow a 'secure by default' philosophy: Disable all services by default. The main reason that windows is so widespread (still) is that this is what the home user knows, and hence companies saves money on training. If MS wants to stay in Buisness they should protect the home user - and the home user does not need all the services enabled by default.

      Also, they would isolate kernel space and user space such that your system can boot and fetch updates, regardless of how many user space programs you install and deinstall. Only the OS should mess around in the kernel space.

      Again and again people loose data and time because they inadvertendly do something that appears inocent everyday action, but tampers their system and renders it unuseable.

      If you could at least get the system up to get backups - ofcourse it's always weeks ago - before you go on to reinstall, you might actually get as far as live (painfully) with the remaining problems.

      Maintaining Windows is a pain, in particular for the average Joe.

  31. It's not about your OS, it's about your attitude. by Etone · · Score: 3, Insightful

    This is pretty typical of the FUD articles about Windows or Linux that /. has been publishing lately. Windows zealots send in articles written by MS puppet "research organizations" that belittle the OSS folks; then the Linux zealots respond in kind with this article.

    It's really simple, people. Informed users will lock down their systems and know how to patch appropriately, regardless of their OS. Uninformed users will never lock down their systems or will get fooled into opening an exploit backdoor, regardless of their OS.

  32. Re:Use the Firewall by Nintendork · · Score: 4, Insightful
    "Sorry, but I just don't have time to figure out the settings needed to fix this when Zone Alarm is the real fix."

    Sorry, but Zone Alarm, Black Ice, etc. are all PIECES OF SHIT. You have no idea how many times I've been troubleshooting broken internet apps only to find out that Zone Alarm/Black Ice is installed. One of my first questions now is to find out if those things are installed. The sole purpose of those software packages is to annoy you every time it blocks a connection and try and convince you to pay money for the enhanced version of the nagware.

    You declare that the SP2 firewall broke your ability to print, but you do not know why. You just take a reactive stance and jump back to what works now instead of finding the underlying problem and solving it. I'm sorry, but I just don't believe that the firewall broke your ability to print unless there was an underlying reason. Outbound connections are not blocked by the firewall. The same statement goes for seeing others on the network. Maybe you were just impatient and didn't wait for browsing to stabalize which takes up to something like 15 minutes in a single broadcast domain. If you're really that anxious to connect to another computer and can't wait for the browse list, do a start | run | \\COMPUTERNAME.

    If you want the computer to be seen on the network, create an exception list in the firewall configuration! It already has a preset for file and print sharing one tab over from where you enabled the firewall for crying out loud!

    God I hate seeing ignorant fucks blaming the software vendor for their own ignorance, then getting modded up for it. It's not Microsoft's fault that you don't RTFM or open your eyes to see that there's other configuration options when you use a feature. Blaming Microsoft may be fun, but it's not always the answer.

    -Lucas

  33. the kid is educating his dad by zogger · · Score: 4, Insightful

    he's paying him back. He's showing him that it's much better to not get your computer hosed in the first place, so he IS paying his dad back for his education, in exact kind. Adults can be wrong, but there's no easy way to point this out to them, in a father/son situation. And it worked according to the post, when his father realised what a PITA it is, what it really costs,both in cash in what might be done to his machine or credit card or other personal info, or how he could be used by a malicious zombie-running blackhat, etc, and how easily preventable it was,so he learned something useful and practical.

    I think a lot of people honestly do not know that the primary reason they might get hacked is not to get their personal information, but to use their machine to distribute hacked warez and spam email and kiddie porn. So, it's much better to do what it takes to help people understand the ramifications of their actions-or non actions, and to perhaps take a more critical look at the software they are running. To me, it's like a traffic ticket (paying to have your machine cleaned and fixed), you are SUPPOSED to learn something (stop being a no-nothing lamer) about your behavior driving your car (computer) on the public road (internet).

    Once people are REALLY aware of it, then they have a chance to correct the problem. If you can't get their attention in the first place, they won't ever learn. Sometimes it takes a fine to do that.

    I FULLY support ISPs or private network admins yanking access to the network from infected machines. They don't do it enough, IMO, and if it happens to me because my machine gets hosed and zombied and I don't deal with it in a timely manner, then too bad for me, too. I'd rather be told about it if I don't know myself, and losing your net access is both protecting the innocents, and getting your attention for a problem. And if THAT then kept being pushed back up the food chain to the vendors, where they had to code better, release less often, and be forced to offer products good enough they could be warrantied, then I'm all for that, too.

    It shouldn't take 20 years to come up with a more secure out of the box operating system that is network capable, is the real bottom line, no matter which one you are talking about.

    You'd see it get chaotic in meatspace if any manufacturer were allowed to sell "caveat emptor" products with no government required warranty, of course they would skip doing quality work then, because there would be very little risk to them. It's time software played by the rules every other manufactuer has to play by, especially if they demand IP ownership and patents and huge profits. They want it treated like a normal product, swell, but let the law treat THEM like any other product as well.

  34. Re:Not so fast, sir by ivan256 · · Score: 3, Insightful

    Insightful? My ass.

    Do you people have this same level of expectations for other products you buy? If something, right out of the box, is shitty to the point where it's humorous, why is it so wrong to say so?

    You may not thing what you're saying is a joke, but it sure is damned funny. I wonder what other hoops we could get you to jump through.

    It's especially ironic that you recognize time and effort as part of the overall cost, but you still find your suggestion reasonable.

  35. Re:Use the Firewall by endus · · Score: 3, Insightful

    "And if you're on a wireless LAN?" Then you should be running a router that runs a firewall anyway.

  36. Re:Use the Firewall by nzkbuk · · Score: 4, Insightful

    or just use the -y option