WinXP SP2 Sacrifices Compatibility for Security

goldragon writes "TechRepublic is reporting that "Microsoft is pulling out all the stops to improve security. So much so, in fact, that it will cause many problems because SP2 will de-emphasize backward compatibility with legacy systems and code for the sake of security." One small step forward for Microsoft, one giant leap backwards for mankind?"

Surprise Surprise

[Ghost-in-the-shell]

Finally M$ catches on to what Telephony vendors and various other technology developers have been doing for years.

Had they started with a secure product, then being backwards compatible would not be that much of a problem. Hopefully the M$ code monkeys will not make more problems than they fix.

Sacrifice? Windows Users are used to it

[Gunfighter]

Aren't all Windows users already sacrificing security for compatibility just by using Windows? Perhaps this is just meant to level the playing field.

I'm sure Microsoft will be releasing an update full of application compatibility fixes shortly after the SP2 release. Even in vanilla XP, you can run applications in Win95/98 compatibility mode. I don't see any reason to change it now.

Seems deceptive

[stanmann]

The article indicates that most of the things being broken will be viruses and trojans.

And that the only other major change will be to Finally honor the NX(Non-executable) memory designation, IOW if you want self-modifying code, you can still have it, but you can't place a call to an area that has been marked as Data-only or NX.

Seems to be all good to me...

Re:Seems deceptive

[Defiler]

I'm running Visual Studio 6 and XP SP2 on the same machine. Works for me.

Compatibility is Overrated.

[PhxBlue]

It was overrated when Apple told its users, "deal with it." And it's overrated now. If you want backwards compatibility, use a Win2k emulator.

backward?

[Feyr]

this is a giant step FORWARD. if it can keep my network from being bombarded by all those damned windows viruses it's GOOD no matter what. and i don't even use windows.

i'd say this is the brightest idea microsoft had in the last decade (if they deliver that is)

Hotmail?

[thedillybar]

While installing SP2 (RC2) through Windows Update this morning, my firewall noticed it was trying to access hotmail.com.
'Generic Host Process for Win32 Services' from your computer wants to connect to law15-f93.law15.hotmail.com [64.4.23.93], port 80

Oh no, Microsoft isn't trying to integrate everything...they're not a monopoly...weirdos.

Re:Hotmail?

[Cereal+Box]

You have absolutely no evidence to support your claim that SP2 is causing your machine to access hotmail.com. In fact, it was probably a virus your machine got earlier that is making it act as an email relay. You're just aware of it now.

Interesting/Important blurb

[GillBates0]

at the bottom of the second page. Not sure how many people will RTFA till there, so here it is:

There's one item to highlight this week. Silicon.com and other sources are reporting that Apple's recent patch to fix a major threat in Mac OS X wasn't completely successful, and that a highly dangerous problem still exists in the operating system. The threat is especially noteworthy because it is the first important vulnerability discovered in the Mac OS X operating system that was not due to a flaw in the underlying FreeBSD UNIX on which Apple based OS X. This problem lies in the part of the code created by Apple, and it appears that it is quite difficult to repair. This is the first real challenge to Apple, and it will be interesting to see how the company responds to this critical threat. Previous patches were simply carried over from the Linux/UNIX community. Apple is on its own this time.

Progman

[mobets]

Does that mean they will finaly ditch program manager? I realy hope there isn't any one still using programs for win 3.1 that still require that. And if so, why are they running it on XP anyway...

Don't believe me, or just feeling nostalgic for windows 3.1, go to run, or a comand promt and execute progman.

So what?

[Supp0rtLinux]

The majority of XP users aren't using that many old apps anyway... the average XP user is just using XP, Office 2000+, IE6, and MSN. And the majority of 3rd party apps such as those from Adobe, Macromedia, etc will get free updates to be compatible. Its not such a big deal for the average user. I've often felt that M$ would be well served to release a new OS based on an entirely new codebase... get a group of developers that have never seen Windows source code, only the GUI and let them rewrite it without backwards. Then get the major vendors to release compatible versions of their software. Sure... things will lag for a bit, but Windows will get better and the app support will follow. Windows is still based on an almost 15 year old code base. Its time to rewrite it from the ground up. Screw the backwards compatibility. Move on.

Re:So what?

[Timesprout]

Brilliant idea. Why not piss off hundreds of millions of users by breaking all their apps, which they have paid for and making them wait for updates. Why not piss the vendors off because they now have no products because you have just removed the OS and the API's their products were based on. They have to build completely new products based on a new OS and API's (but thats just a bit of a lag to you). Why not piss the millions of windows developers off because their a big chunk of their skillset is now worthless. Truly you are a visionary thinker.

Re:So what?

[Sique]

You are just lighting the one side of the medal.

There is as always another side: There are real faults in the system, which can't be fixed, because the fix is equivalent to breaking an application, which was working around the fault in a murky way. There were design mistakes you can't fix, because there are applications which expect exactly this misdesigned behaviour. There were books out there talking about some "hidden features", which were never to be exposed to the developpers, but the developpers found out and some started coding with those "hidden features". Now you can't remove them anymore, even though they made only sense for a special environment present at the moment of their design, and they should have been hidden forever behind the official API.

There is only one way to get out of this mess: Start anew. Screw those people who were trying to be clever. Define a stable subset of used API routines you know are quite bug free, useful and abstract enough to live along some architectural changes. Tell everyone that outside this API nothing is supported. It may be time for Windows developpers to learn how to write portable code.

The world of the 8086 based PC as defined by IBM and evolved from there was always about being "more or less compatible". I remember the articles in the computer mags of the Mid-80ies being full of compatibility tests for the IBM clones and awarding points for supporting even obscure utilities and games.

It was always a balance between keeping to the official interfaces and produce slow, kludgy software, which was assured to run on the next generation of PCs too, and to use nonofficial but common features, which made the life easier, saved on processor cycles, allowed for elegant code, but broke with a slight change in the underlying architecture. Most programmers were even able to write kludgy, slow applications by using nonofficial features, and maybe it's time to have a more Darwinian rule around: Adapt or die. The environment is changing.

I know there are lots of people out there, who have invested huge sums of money or time or sweat in software, that is now about to break with the installation of SP2. I know that those people will be pissed of. But they can run their legacy application on their current system, and they are not forced to change it. They just have to make sure it has a welldefined and controlled interface to the world out there, maybe transferring data only via CD-ROM or having the access to the systems heavily guarded by firewalls or whatever. It's basicly the same that happens to the old database applications running on old S/370 somewhere.

But there are more people pissed of by the security lapses aboundant, by strange and illogical designs in the API, and by the loss of money if something breaks because of the faults. So who do you want to please? The people with the legacy applications, who can't or won't upgrade, or the people dealing everyday with the problems arising from old legacy bugs and holes, which can't be fixed?

Re:Compatibility Woes?

Windows XP already has a VDM (Virtual DOS Machine) in which you can run all your so-called "legacy" applications.

In the alpha-test version of Windows Longhorn that I received at the Windows Developer Conference last month in Kuala Lumpuur, there is a similar VM for "non-trusted applications." Trusted applications run in the core kernel memory space, completely isolated from applications that could potentially invade each other's memory and cause security lapses.

Re:Might this encourage

[Ignignot]

But then again, who knows, it might "accidentally" break Office 97 so people think they need to upgrade to Office 2003. Exactly. Microsoft's big problem is that their users stop upgrading and stop paying them money for each new operating system. If they can make the old ones less usable _now_ instead of when they are shipped then they don't have to innovate at all to get people to upgrade. They've pulled this kind of stunt before, and they will again.

Re:Compatibility Woes?

[Methuseus]

Yes, except be something that MS includes FOR FREE with their operating system to make people happy. And not charge extra for this capability either. That would up MS's reputation in my eye, however small of a jump that would be. This wouldn't make me want to use MS's products any more than I do now, though it would make a few things easier for people like my parents.

Re:Just introduces more dangerous issues

[nebaz]

Well then the area in memory where your virus is will be changed to NX and it won't be able to run.

Re:Compatibility Woes?

[WIAKywbfatw]

Let's say that you have incompatibility problems with some of your common office applications and the Microsoft solution to this situation is to upgrade your applications.

Now, would you be happy that to get a secure computing platform you have to spend hundreds of dollars/whatever per seat upgrading to the latest version of your commonly used apps? To get a properly working version of Windows XP should you be forced to abandon those applications that work for you?

Microsoft has used incompatibility problems to its own advantage time and time again. Indeed, breaking the compatibility of competitors' applications was one of the company's standard operating procedure for many years. WordPerfect, Lotus 1-2-3, DR-DOS, etc all were victims at one time or another. There was even a little saying that went round Microsoft during the time that one major version of DOS was being developed: "DOS isn't done until Lotus won't run".

When you look at this new story in that context it's hard not to be suspicious of Microsoft's motives and difficult to give them the benefit of the doubt.

Pirated Copies

[spartan_789]

"Another problem is the fact that Microsoft won't be offering this service patch to those who hold pirated copies of Windows XP, which is reasonable enough, but there are a lot of illegal copies out there, especially in the Far East where a lot of worms get a quick foothold in the Internet."

Might be a little off-topic, but does M$ not realize that it may be worth it to sacrifice what they consider $, for the safety of your O/S and reputation? Are the people that are using pirated copies really going to buy your O/S anyways? Probably not.

Samba woes to come?

[stevey]

Will this leave any issues with things like SMB?

Looking at the article it was mostly talking about default firewalling, NX bits, and disabling some services which have recently been abused.

Would they go so far as to disallow plaintext passwords for logins, or SMB sharing?

Other than that minor concern this is good news for all people who have to share a network with Windows users.

I run Linux at home, and am constantly hit by port 137/445 scans from Windows boxes on the same range as my cable modem. Sucks.

Re:Might this encourage

[DrEldarion]

Possibly, but it takes a lot of responsibility off of MS's shoulders.

"Hey, don't blame us for your security problems. We fixed them in SP2. What? Well it's not OUR fault you're running outdated software..."

Re:Funny how that works

[bmwm3nut]

You can still to this day run Win16 apps under windows and still print and save, as if it were no big deal. Thats just not possible with Linux. Try downloading or running a binary from 1994 that was compiled for linux and see if it works, im sure libc and glibc and aout and elf will make things fun.

that's a fair statement, but you also need to think that the majority of programs for windows are not open source. chances are i would still have (or could get) the source for that 1994 linux binary and compile it on my newest bleeding edge linux box and it should compile (of course after i go through dependency hell to get all the extra libraries it needs). for the most part, i should (with some work) be able to get all the source i need to build and run the old linux binary. however, i'd bet that the old win16 app was closed source and the company probably doesn't even exist anymore. with stuff like that backwards compatability is much more important, because you have no other way to run the code.

Re:What?

[Jim_Maryland]

You can't keep an API exactly the same forever.

True that at some point you have to obsolete it, but it should go through a phase out process. The security process would hopefully fix the underlying code of existing API's as well as documentation encouraging users to abandon the older versions over time. I haven't done enough research to say that MS has/hasn't done this so I appologize if I have MS wrong on this.

XP SP2 can be a great leap forward if enough of the vendors have verified their products against it. My only fear is that I'll be getting a lot of calls from family members asking why things don't work after applying XP SP2. The new defaults will secure the system, but if non-tech users find that installed applications start failing, they won't be happy. If enough users report not being happy with the upgrade, the lock down could scare users from installing it which could be worse for future critical patches.

RE: the average XP user

From which body cavity did you pull this - Interesting - statistical summary?

"the average XP user is just using XP, Office 2000+, IE6, and MSN"

Re:Compatibility Woes?

[BiggyP]

DOSEmu is fine(mostly), but WINE doesn't provide the same kind of protection, maybe Bochs/VMWare would be a better example.

it worries me that they're going to do something like prevent users from running code compiled with anything other than the latest Visual Studio, the compiler component of which, they now make available free of charge.

Re:Funny how that works

[Frit+Mock]

But with Linux Software you have the code and can compile it against the newer libraries.
Even if that fails, you (or someone else) have the possibility to fix it, because you have the source code and you are free to modify it.
There is absolutly no need, to run a 10 year old binary with Linux!

That's why there is no need, to always keep backwards compatibility in Linux ... except for 3rd party closed source binaries, but that again is a problem of closed source.

I don't want to damm MS for their decision to sacrifice compatibility, however, for their customers this is costly!
In larger companies one can't just try on error SP2, so they have to run tests in advance (and pay their IT personel for that time or even hire externals) ... and if the recognize some incompatibility, they have to pay for new software or upgrades, or in the worst case, if the vendor for that software does not exist anymore they have to develop that incompatible software from scratch ...

Well, at least this boosts economy a little... ;)

Re:Pah.

[MoonBuggy]

Spam zombie/pwned newbie machines will be running dog slow. The owners of said machines will either pay a techie to "fix AOL for them" at which point the techie removes viruses and spyware and installs the latest Windows updates (i.e. SP2) or the machines will simply be considered 'broken' by the owners (you'd be suprised how many people think they need to upgrade their hardware because they broke the software by installing crap) at which point Dell/PC World/Emachines will ship them a shiny new box complete with a patched up version of SP2. It might take a year or two, but assuming SP2 is as secure as MS is making out its proliferation will be very good for the internet at large.

Good Stuff

[geomon]

Microsoft should be applauded for taking such a bold step. This is definately the right move from a company who has always put usability at the top of the list for their programmers.

But I think that it will only be implemented by corporate users and tech-savy Windows users. I see a new generation of TweakUI-like applications on the horizion that will allow inexperienced users to defeat the controls that MS is building into this service pack.

Consider what will happen when someone wants to install an application that is not set up to override the port restrictions that are default in this SP. I can see a whole bunch of folks googling for hack-packs that will disable all of the port protection so that the app will run.

Keep in mind that not all software vendors are responsible corporations who have an image to protect. The smaller niche vendors may worry about their reputation, but they are more interested in making their product work despite what MS has done to the OS to provide better security.

As has been pointed out several times /., security is only as good as the vigilence of the system administrator. If users don't patch because it makes their machine 'hard' to operate, they will definately look for applications that will defeat security systems.

No offense intended, but when you make an OS so simple that a five-year-old can operate it, you should expect five-year-old reasoning from the system administrator.

Re:Might this encourage

[inquisitor]

RC2 is much more stable than RC1; I haven't seen any problems with RC2 at all, unlike with RC1.

Quite frankly, most software home user X is going to use will not have any problem whatsoever with SP2; it's only the same dodgy software that writes to its own directory instead of %appdata% or HKEY_CURRENT_USER (not restricted yet, unfortunately, but I'm hoping they'll do that for Longhorn), and/or uses all sorts of godawful hardware tricks that shouldn't have worked in the first place, and/or uses ActiveX on Internet Explorer as an execution mechanism (thanks to the new security controls in the Local Computer zone), that'll have problems with it.

In other words, most well-written Windows software won't have a problem, even with NX enabled (and it can be disabled.) The new Windows Firewall, unlike the old one, actually works. And the IE stuff can be got around on an issue-by-issue basis on the user's, not Gator's, command. SP2 is a gigantic improvement in all respects; and, since it's very much needed, we should be hoping people will take it up, no matter whether you're a Linux or Windows devotee - rooted boxes are a problem for the whole 'Net, not just for the guy behind the keyboard. It's not perfect by any means, but at least they're trying.

Open Door for Linux

[carrus85]

Well, you could always look at things in the greater light; if this SP2 really ends up nerfing so many applications, doesn't it stand to reason that it might be yet another reason in the OpenSource/Linux Movement's arsenal? I mean, what happens if a company that has spent millions on developing an application for windows finds out that their program is not going to function (is going to get "nerfed"). Maybe if someone could manage to quickly write a way to convert windows apps to linux (well, applications that use the current, windows XP SP1 version of windows), we could manage to grab another portion of the market by allowing these companies to easily migrate to linux?

Just a thought...

Re:Damned if you do, damned if you don't

[red+floyd]

It will break a lot of Broderbund programs. And about time.

The Sims, and Mavis Beacon Teaches Typing require Admin. There is NO F*CKING REASON that either of these should require it, except for sloppy/lazy coding on Broderbund's part (I suspect that they either write to HKLM or to the program directory). Maybe that would cause them to be fixed.

OT: I've read somewhere that MS is (finally!) discouraging putting all user settings into the Registry, but is recommending config files (human readability optonal) in C:\Documents and Settings\\Application Data. Once again, it's about time.

Hmm

[ajs318]

Part of the problem is that Windows has traditionally been so lax on security that programmers have got away with bodges that would be considered unforgivable on a system that had been designed with security in mind from the word go. At some stage, though, something has to give. If all this legacy software is depending for its very operation on the same things as the viruses, worms, adware and spyware -- and it is -- then that is the choice you have to make: whether to allow sloppily-written programmes to take advantage of the security holes but unavoidably also permit malware to use them; or to prevent malware taking a hold, but in the process, unavoidably break sloppily-written legacy software. The two are indistinguible.

Now, if SP2 breaks compatibility with so much legacy software, then surely this spoils one of the arguments against switching to an alternative operating system that also would break compatibility with legacy software?

On a slightly different topic, why is anti-virus and spyware removal software closed source? If I cannot view the source code of an anti-virus programme then how do I know it is not simply going to infect my system with a virus every so often just so it looks like it has done some good? How do I know it is not going to infect other people's systems with viruses just so they will buy their own copies of anti-virus software? How do I know it is not installing its own spyware? If the software is not a Trojan horse then why will the makers not just show me the source code?

Re:Bleh

[alvieboy]

> If you've studied WinAPI, you'll note that about half of the arguments and functions are never used, legacies of decisions made by Microsoft in the elder days.

Then just create new entries in the API and "deprecate" the oldest ones. They can give up on CreateWindow[Ex], mantaining the implementation but dissalowing its use on newer VC++ compilers , then create a new API function, like XPCreateWindow() or something.

Re:Compatibility Woes?

[EvilTwinSkippy]

damned if the do, damned if they don't

Well, when you try to be everything for everybody these things happen. Heck, if you try to be anything to anybody these things happen. It's just human nature methinks.

That said, M$ did walk right into this situation. In their effort to force everyone to buy new software every other year, they yanked (or tried to yank) support for older versions of the OS. There are many folks out there running specialized apps that were written for the older versions. To be able to drop support for 98 and NT/4 they had to have a way for 98 and NT/4 programs to run under XP.

Why? Because if someone's going to have to pay for an app to be ported to a new environment, they sure as hell aren't going to port it to vendor who just screwed them. A lot of embedded stuff would go Linux. A lot of graphics and CAD would go Mac. By chasing this software assurance scheme they HAD to make XP backward compadible, or people would leave en-masse.

Any other explanation is putting air fresheners up to block the smell of Microsoft having to sleep in a bed they soiled themselves.

Re: Is that quote accurate?

[King_TJ]

Just a few weeks ago, I heard it quoted that MS used to say "DOS isn't done until Novell won't run", not Lotus.

I have a feeling this one may just be another urban legend, like the "640K should be enough for anyone" quote.

In any case, I think you're *always* going to see a little bit of favoritism when a company builds both an OS and supplies commercial applications made to run on that OS. They may not want to out-and-out break the competitor's app, but they'd at least be willing to make tweaks to their OS code that makes their own apps look better (EG. undocumented API calls). I'm confident that Apple has done/still does this with their OS, just like Microsoft does. The "3rd. parties" are on their own to make their apps run well.

That's an innovation?

[Psymunn]

Fast user switching? Never used it
If Microsoft wants to radically improve their desktop why don't they just include multiple desktops or programming tabbing
Multiple desktops, for onething, are not a new thing by any means, and vastly improve useability and organisation.
And what's sexier then file tabbing?
Stopping a messenger program or the gimp from filling up my task bar and windows by having everything tabbed and/or in it's own desktop is great. And seeing as i'm doing all this in the wonderfully low level, bloat free, fluxbox, sticking these features into XP should not impose a huge preformance hit (multiple desktops might chew up a bit of ram, but not as much as, say, a GUI that needs 3D acceleration...)
Oh and XPs faster boot time... all they do is get your desktop image in the background faster. But XP still loads everything in the background. Personally, i'm far lest frustrated seeing a loading screen tehn when i try to open up my browser and end up opening 3 up out of frustration while waiting. And now i don't have anything opening up in my system tray other then my virus checker. I'd just like my booting to be honest..

Re:Compatibility Woes?

[lightspawn]

The only major thing in my experience with most Linux distros is that the X server keeps port 6000 open and waits for requests. However, that lil' nuance can be taken care of by changing a line in the appropriate config file. For Example; if you're running XFree86, find the file(s) "Xaccess" and change the "#*" and "#* CHOOSER BROADCAST" to "!*".

Sure... if you're running it. What about the people who don't know about it? You know, the non-technical people you claim Linux is good enough for?

Or maybe it's a case of "only people who are as smart as us and have as much free time as we do deserve to run linux"?

Systems should be secure out of the box.

Re:Typical /. hypocracy

It comes down to the act of treating a massive head wound with a band-aid. Granted this one's a bigger band-aid than the ones they've used before.

It's nice to hear they're chopping up some of the old API -- which is an indirect admission that "our old shtuff is too scary to run." On the other hand, they're still running on a fairly old codebase which could probably use an entire rewrite. Their marketeers, after all, criticized *nix for being old and outdated because the codebase came from the time of Moses.

You want me to applaud MS for this decision? Sure, why not. Anyone and everyone who uses their OS AND PATCHES will benefit. So will those who don't use their software but have to endure packet bombardment from those who do.

They're sticking their necks out, finally. They'll spin this with PR somehow, but in the end, this will produce enough headaches to be notable. Then they'll have to really eat the "lower TCO" BS, too, since someone has to pay for the havoc SP2 creates.

To more directly answer your post, bad programs not written by microsoft should not be able to do ugly things to the underlying operating system. Whatever MS does to ensure that is a much welcome thought.

Can't win for losing

[Java+Ape]

OK, I'm putting on my asbestos underwear, but just exactly SHOULD Microsoft do? They've admitted they have security problems, and had their noses rubbed in their failures. They tried to be easy to use by enabling EVERYTHING out of the box . . . bad idea. On the other hand, did anyone here ever install their beloved Red Hat 8.0 taking defaults for everything (like a dumb user) -- it installs services I've never heard of running on ports 1 through infinity. Sure, you can prune it back, but the same argument holds for Microsoft.

I've written a lot of code, including my share of system libraries. However, there comes a time when you just need to say "Enough. I've changed my mind, that didn't work as well as this will". Particularly with security issues, you sometimes need to just drop the old stuff to move forward, and if it breaks old software, too bad -- that's the POINT of removing insecure library functions.

I'm not a big fan of Microsoft, but I use it at work. The latest versions are no more bloated, clunky and unstable than the latest bloated Linux versions with KDE or Gnome in eye-candy mode. They acknowledged their security faults, and are dropping the old baggage required to address the problem. I fail to see what they've done wrong here. I seem to remember a number of open-source project that have mad API changes over the years to improve security, and we hail that as progressive, proactive, and intelligent design. Where's the foul?

Incompatibility

[ManoMarks]

When Win2K SP4 rolled out, our network provider decided to patch everyone's system at once. Almost every system in the agency went down. Turned out the for some reason SP4 was not compatible with our old network cards. We had to roll back the patch. On some systems, even that didn't work. We had to install new network cards. What I don't understand is if 10 year old DOS programs work, why my 4 year old network card didn't. I'm going to be very careful about allowing XPSP2 into our environment.

Re:XP vs 2000

[williamhooper]

How about:
1) I already own Win2k Pro.
2) I don't want to mess with product activation.

Re:Backwards?

to match Apple's nifty new compositing window system.

It isn't that new, MacOS X is an upgrade of NextSTEP which used Display Postscript. I wouldn't be suprised if Aqua is a derivated of Display Postscript. If you look at Adobe's PDF specs, it's basically Postscript with the scripting removed.

Well, today 99% of us are still using X, and it really hasn't changed significantly.

Again, not true. We have way better hardware support for advanced graphic cards, DRI, better input support, autodetection and many many more features. Just because it's called the same doesn't mean it doesn't change. As for the freedesktop stuff, it will come. There aren't a lot of developers working on those features and it does take some time to make something solid. You can always help out if you find things are going too slow. ;)

what? I still have to have a huge autoconf macro in order to find both the LDFLAGS and CFLAGS necessary to include library foo?).

You're forgetting autoconf purpose. Autoconf is made so that an application can compile on any platform, this means GNU/Linux in all it's flavors but also *BSD, Solaris, SunOS, IRIX, HP-UX, AIX, BeOS, MacOS X, NextSTEP, even SCO Unixware and many many other systems. It isolates the complicated part of making an application support multiple platforms. This is what makes autoconf so complicated but you don't need to care about that when you compile, it just works.

. Again, look towards OS X. Headers, libraries, resources, documentation, XML files with library metadata, everything associated with libfoo is contained in a single directory 'foo.framework', not scattered in /usr/include, /usr/lib, /usr/share.

It depends how you see things, I would not say that my librairies are scattered if there all in /usr/lib. I would say that they are scattered if my librairy files were in /Applications/Foo/Library, /Applications/Bar/Library, /Applications/Bing/Library, /Applications/Bong/Library, ... What happens when there are multiple versions of the same library in different locations, how does the system know which one to use?!?!

This conventional *nix approach practically requires a package manager to keep things straight.

That's true. Luckily there are pretty good solutions like stow. I agree with you that there are apps out there that are totally disrespectfull of standards. This is true for any platform and it is sad. I think this is mainly due to people who have little computer knowledge but just enough to program something.

Very good news!

[ThisIsFred]

Hope Microsoft keeps it up. And I hope it keeps GPL software authors on their toes as well. If MS keeps tweaking things, it will get painful for vendors of -pardon my expression- "shitty" software. It will raise the bar, so that those who don't properly design or maintain their software will end up without customers (because it just won't run).

If Outlook no longer uses the file types in the registry or the vanilla shell execute calls to handle e-mail attachments, then I'll know they're really serious.