Slashdot Mirror
Mad as Hell, Switching to Mac
justAMan writes "Security dude, Winn Schwartau, has posted an article on Network World about switching his company to Macs because he's fed up with the security issues plaguing Windows-based systems. He also offers his view on why Windows is inherently flawed and why it will eventually fail because of those reasons.
From the article, 'This is my first column written on a Mac - ever. Maybe I should have done it a long time ago, but I never said I was smart, just obstinate. I was a PC bigot.
But now, I've had it. I'm mad as hell and I'm not going to take it anymore.'"
Wowzers, every post on this topic is going to be modded flamebait...
Asbestos suits, anyone?
The NSA: The only part of the US government that actually listens.
I'm as mad as hell and I'm not going to take it anymore.
I read this yesterday and thought I was reading about my own experience. This is EXACTLY what I have been screaming about in our organization for 5 years. Finally this year, we went all Mac and now my job as IT director is managable rather than impossible.
Queue the "why not use Linux on the hardware you already have" brigade! Fire up the klaxons! Bwooop, bwooop, bwooop!
...I notice that Slashdot has banned itself from the Ask Slashdot RSS feed for downloading too often...
What I'm listening to now on Pandora...
There's no such thing as "first post" on Slashdot...the posts are routinely reordered depending on how much pixie dust has infiltrated the Slashdot servers...
The NSA: The only part of the US government that actually listens.
*ahem*
Join the club.
*Closes Window* I'm as mad as hell and I'm not going to take it anymore.
Actually, there was a operating system called Apple SOS. The initial S stood for Sophisticated, though. It ran on the Apple ///.
Apple "SOS". Cute, eh?
He is upset over the flaws in an Operating System so he switches architectures? He wasn't a PC bigot, he was a Windows bigot.
Everyone is entitled to their own opinion. It's just that yours is stupid.
What I consistently fail to understand is how self-professed experts, in the same breathless exposition of their love for a non-windows OS, can both admit to having suffered the actual symptoms of security problems on Windows and then claim to be an authority.
.ru/.cn pages was the RPC exploit and if you weren't running a firewall at that point, if for no other reason than preventing ... liberated ... apps phoning home, then there is no excuse.
Yes, there are security problems with windows, but no, you have to be a giant fucktard newbie to actually ever be affected by them. The only problem not requiring gross negligence or browsing the strangest, most dubious
If you are thinking of replying to this, and you've ever had a virus, spyware, a trojan, your browser hijacked (or been the victim of an exploit not DIRECTLY targeted at you), then please, save yourself the time and don't bother. Your opinion means nothing.
Ahhhh... Who doesn't like a cool, balanced opinion?
...must we post a story about every person who thinks that platform X is better than platform Y and is just plain "fed up"? Of course, as long as we include the statement "I used to be a platform X user ONLY, now I'm switching to Y," then it matters a whole lot more.
Some Windows software applications are well written; others take shortcuts. : How is this different from Mac software?
Memory Not all RAM is equal. Some works well. Cheap stuff doesn't. : Makes save you from this trouble by only allowing you to buy the expensive stuff
Hard disks. Same problem: cheap or reliable. Your call. : Again, solved by Apple by not allowing "cheap".
Windows is complex, trying to be everything to everyone. : Have you seen an Apple commercial recently? Or the "switch" ones?
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
I don't get it. Administering Windows XP in a corporate environment isn't that hard. There is no reason why a company that hires a competent sys admin (or multiple sys admins) cant configure and administer Windows XP so they are nearly virus-free, spyware-free and spam-free. Lock those machines down! Put in a good corporate firewall! Don't allow users to run as admin (never)! Don't allow users to install software, active-x or other junk. Use centrally maintained anti-virus and anti-spam. In a corporate environment there should be a limited list of authorized programs, nothing else should be permitted.
It isn't that hard. The permissions and controls on Windows are extremely fine grained. Learn about them and use them.
I think there are a lot of clueless or bad sys admin who use "everyone knows Windows" is insecure to cover their asses for doing a bad job. The same lousy sys admins could screw up Macs too.
Maybe we should forward the article straight to Microsoft?
You never know, he might win!
Security may just be the deciding factor
between OSS and non-OSS, in terms of
Total cost of ownership.
-my $.03 - inflation
i can do all the programming i need on it (even .NET), unix backend, awesome interface. iPod even helped get me in the store to play with them.
and I'm not going to take it ANYMORE!
This story reminds me of my dad and his peecee. It was a constant source of problems and taking it back to the computer shop. All the usual Microsoft virus and spyware nightmares.
He absolutely refused to consider anything else. He was not going to waste all the time he wasted already dealing with his Microsoft OS by switching to something that actually works. All those months and months for nothing. Switching to a non-broken platform would have made him feel like an idiot for wasting all that time.
Whatever dad.
it was gonna happen, blargh
> I have a 500$ emachine that does everything the he/I wants to do. I run windows update on a regular
> basis and have never had a problem. What a whiner. What do i care about different bios versions?
Have you ever tried managing 1000 machines with 1000 average users? Please folks, having a PC at home does not make you an IT specialist. Nor does running linux make you a unix admin.
jfs
The only thing worse than a Democrat is a Republican.
Yeah but try doing that on 500 machines. Then, to make matters worse, finding one has to deal with machines set up exactly the same no longer acting the same after an upgrade had been applied...
The NSA: The only part of the US government that actually listens.
http://www.internet-nexus.com/2005_05_22_archive.h tm#111706797008800101
He basicly points out that a lot of the things the guy says are not Windows spesific at all, such as RAM, BIOS versions, different hardware etc. It's worth noting that just becuase Apple brands a product identically and doesn't tell you what's in it it doesn't mean it's the same thing (Different mainboards for PowerMac systems etc)
My 3D Texturing Skinning work (under construction)
I stopped taking it up the ass from Bill Gates a loooooong time ago.
I've run OS X ony my home Macs for nearly 5 years now. (It was my great experience with NeXTSTEP back in '94 that let me know OS X is the only place I needed to be.) My XP box at work crashes hard or needs to be reset by me several times a month. Leaving it on at a stretch, I sometimes see unexplainable lags in responsiveness. It's a painful contrast.
Something that amuses me is the fact that OS X crashes out so infrequently (about once every 18 months) that when it does happen, I immediately assume I must have a hardware problem. That really is a testament to the solidity of an operating systemthat you might expect the hardware to go before the software crashes. And that's not to say I've had any hardware issues to speak of (outside of dropping an iBook onto a tile floor...)
Windows (and Linux) folks are really missing out, in my somewhat humble opinion. I'm most content with my G5, iBook, and new Mac mini.
blakespot
-- Heisenberg may have slept here.
iPod Hacks.com
The Appal has tight control over there hardware. Windows works on everything from "Alienware" ( from Aliens ??) to Ling-Tsing-Tsao Computer System. But the most important question is to ask is why is there such a need for auxillary programs like, Anti-Virus, firewall and spyware blocker. I mean the popularity of windows has caused all these exploits. But how do you know they won't happen under Mac OSX, Linux etc... is it because they are not as popular ? Or is it harder to write spyware/viruses for these systems ? Also I think all modern opertaing systems should come with a firewall, it took Microsoft years to come up with a firewall for their systems. This is unacceptable ..
I'm mad as hell and i'm not going to RTFA anymore.
... that it took 10 times more IT staff to look after windows machines
so there's a lesson to be learned here:
we should all move our offices to India, that'd work!
That cheap memory in a Mac will cause the same problems it does in a "Wintel" PC. Same goes for hard drives.
I suppose the type of work his company does not rely on software thats only available for Windows. Because a lot of us run Windows not because we want to, but because we have to.
Am I the only one who thinks knee-jerk, lets convert 100% right now, shoot first ask questions later, is a bad way to convert from Microsoft to Macs (or Linux, Sun, etc.)?
Screaming Is Not the anSwer. JusT use what you wAnt to use and don't Listen to every Lying damn person saying this is Better or that is better. Between the market hype, the falSified test results and Duplicitous bloggers, it's all a wash anyway. Apple, too, will have it's problems.
And, no, I'm not a script (aside from my DNA, of course.)
I can certainly see that the Mac, especially running the Unix-based System X, would be inherently more stable than a Wintel machine, but it is certainly true that there are viruses and trojans that affect Macintosh, and at least some of the relative paucity of malware on Macintosh is due to its lower market share.
Still, I haven't used a Mac regularly since System 7 was new, so maybe I need to buy a Mac mini and test this out for myself...
An aside, not totally off-topic.
Context sensitivity for ads on Slashdot are not the best. This ad for Visual Web Developer 2005 came up as I opened this.
Considering the article is oriented towards ditching Windows in favour of Macs, why advertise a Windows-based development tool?
At any rate, I went from Windows to Linux, so I didn't have to change hardware. I'm happy, and Windows is relegated to a virtual machine for a few games, which, IMHO, is about the security level its worth.
Linux - because it doesn't leave that Steve Ballmer aftertaste.
Okay the guy sounds pissed, but it doesn't make sense why you'd drop all your hardware at the same time as you'd drop XP. Any PC that can run XP can in all liklihood run Linux (or BSD) and benefit from security goodness too.
We've heard many of the other comments from disgruntled Windows users before, but one that bears repeating is that Windows does tend to try to be all things to all people. Sure, there's a Home version of Windows XP (it's missing, among other things, domain networking ability), but it still contains far too many propellerhead parts that gunk up the works.
I can't really say that alternatives such as Mac OS X and Linux aren't as full of similar unnecessary parts as Windows. By, IMHO, when using OS X, the extras seem less likely to be in your way. A lot of this involves the interface; a good desktop manager in Linux should keep things similarly simple.
Someone said it when they were using Word for Windows, flummoxed by the myriad of controls: "Good lord, I don't need to launch a Space Shuttle--I just want to write a letter!" No wonder some new computer users have the movie "WarGames" running through their head each time they touch their PC--it's complexity seems to guarantee that something new will happen each time you use it...and not a "good" kind of "new."
Vos teneo officium eram periculosus ut vos recipero is.
We were negotiating a deal with the pentagon and we had a blue screen of death. That was the last straw. When you're holding the moon for ransom, you value stability in an application. Linux gives us the power we need to crush those who oppose us. It's compatible with our orbiting brain lazers. I have a beowolf cluster of atomic supermen. I have more friends now. Genetically engineered cyber-goats, henchmen with bad teeth... georgous fembots with a penchant for evil. It just changed my love life... ya have to uh... config it, partition your drives, write some shell scripts, patch your kernel and update your version dependencies. Uh... better do that once or twice. It's just _SO_ easy, I just don't understand why everyone doesn't run Linux. Thank God they don't, or they'd all be super villians. I'm Steve... and I'm a super villian.
I love the mac about as much as the next guy, but do we really need these "x switches to Mac" threads posted on a daily basis? This practically begs to reduce slashdot to just another forum for mac vs pc flame wars.
I'd like to think we're past that stage.
8==8 Bones 8==8
You know, not that I'm saying windows is the best platform in the world... But considering the issues he outlined in this artical, I'd say he is dealing with the wrong vendor for his computing solutions... With a good vendor (Dell, HPaq...) you will get the same level of hardware/software compatibility you will find on a Mac platform. The author also isn't doing a good job of choosing software. Basically, it seems to me his basic problem is going research finding good hardware/software solutions. I bet he'll have many of the same problems on the Mac platform.
Thats great. I feel the same way. Windows XP is too slow on it (700mhz) and I can't get all the hardware running with Linux. I want something that just works -- I'll probably choose a mac next time. Its funny though, never thought someone would be that angry about it
Tired of Apathy? http://apathyonline.net
This just doesn't make sense. Why would you switch to the Mac right now as their hardware has obvious problems. Take, for example, their powerbooks. Slim, great quality screen, lightweight, and there are even rumors that all the pixels work out of the box! Why, Apple, WHY!
And those G5 machines. 64 bits and quite as can be. Optical audio jacks. Why not give out pirate CDs with those things. And what is that key on the keyboard? It looks like a little apple. Do I eat it? They're just too strange and confusing to effectively use.
-5 for obvious sarcasm and flame!
Give a man a fish and he'll eat for a day. Teach him to fish and he'll wipe out the species.
..and more than just 'i can't stand viruses/spamware/spyware' anymore. The Apple computing platform has to actually offer something more and better than Windows in the long term.
Currently, apart from a subjectively prettier GUI and case and lack of malware I'm not convinced it actually does.
Then you have the grave difference in hardware costs between the platforms and the far bigger software library on Wintel. Also games and 3d graphics in particular tend to perform much much better on Windows PC and you have to ask is it worth it ?
Personally as a die hard Mac user for many years I'm not sure it is anymore and have a strong feeling my next machine might actually be a Windows box.
the list of potential people who could meet Bill Gates...
I do use a 2003 Server at home and at work and I have yet to have a single virus or malware infection. I do apply patches, run a firewall etc.
Yes, it is possible to set it up such that you can execute remote content automatically and get infected. But it is also trivial, and now it is a default setting to configure it NOT to execute remote content. Since Mac can not run that content anyway - that will not be a loss of functionality compared to a Mac.
P.S. I do like Macs, especially their laptops. If I was back at university doing physics data analysis that would be my platform of choice nowdays instead of Linux. But I definitely do not feel a pressing need to switch from 2003.
<^>_<(ô ô)>_<^>
Step 1: Avoid Fishy Sites. :)
This is 90% of the problem people assume that the internet is safe, and routinely surf the web, allow ActiveX controls to run unfettered, install Gator because it allows them to remember all their passwords. The internet is not a safe place, whether you are on a Windows, Mac, or Linux. It is a safe place for BSD users, because BSD is dead, so no one writes anything for it.
Step 2: Get updates every couple of months
Windows update, and apt-get make this process easier. Even Linux when it's not updated can get compromised (though not as easily nor as quickly as Windows).
Step 3: Use a Firewall of some sort.
99% of exploits require direct access to the machine, even the most basic firewall will prevent that access.
These are very basic tips that I think even Joe Blow on the street can learn if he is willing to listen. Sometimes that listening takes 2-3 times of his machine getting compromised and reloaded at $105 a pop.
One thing that I've always admired about Apple is that (like Google) they seem to have a corporate culture which heavily encourages new features to be integrated ELEGANTLY into existing frameworks. They really seem to spend time, thought, money, and even passion on finding a "clean" way to do things.
My impression of Microsoft has been rather the opposite: when they've decided to add a new feature, just add a new "required" desktop item; toss it in the Start menu; add a fifteenth tab to the Options dialog; create a bazillionth DOS8CHAR.DLL in the Windows directory; and you're done! The corporate culture seems to encourage slap-dash engineering of a form that would be frankly chucked out at Apple, Google, and other "cultured" companies.
... in line with the article, this is my first post from my mac, it arrived yesterday, originally ordered with much of the same sentiment that is found in the article.
24 hours later I'm extatic about the purchase. Lets see what the next 24 moths hold.
Which is why I switched all my computers to Linux 5 years ago. Not looking back.
Meh.
99% of the problems my users have come from Comet, gator, Realplayer, pop ups telling my users that if they want to view content on a page that have to click yes, using Flash, going to sites that their friend sent in an email to see something funny, clicking on the .scr that they received after opening the zip file, AOL taking over their browser, Yahoo taking over their browser, Comcast taking over their browser, old computers running 98 with no updates with file sharing turned on and their mouse moving by itself sometimes, etc.
Why do Programs need to start when windows start.
I am a windows user and I have made various amounts of money correcting users PCs but I am feeling more and more like this guy every day and I am feeling the need to switch.
"Windows is complex, trying to be everything to everyone. This complexity comes at a terrible price: downtime, help desks, upgrades, patches and the inevitable failures."
So he doesn't think a large Mac deployment is going to require a helpdesk? What an idiot. Does he not think that the UNIX backend to OS X is complex? I personally don't find windows to be particularly complex, and certainly is nowhere near as complex to run as other OSes I have dealt with. There is certain baseline maintinance you have to do with windows, and precautions you have to take, and when you do that everything is fine. I haven't rebooted my work PC (XP) for weeks (months??) now and I don't get spyware. That's because I a.) Don't surf porn and pirate music at work, I let firefox block popups, and I run a decent AV program. I have anti-spyware programs installed, but rarely use them.
"When a new operating system or service pack is released, there are tons of changes to the functionality."
Uhhh...no, there's really not. Windows hasn't done anything revolutionary since Windows 95. My company only somewhat recently went from 95 to 2k (tens of thousands of machines) and the users really didn't have many problems with adjusting. Does he not think there are significant differences between OS X and System 9? Dumb.
"WinTel machines use different versions of BIOS. They are not all equal, nor do they all have the same level of compatibility."
Never had a problem.
"Some Windows software applications are well written; others take shortcuts. Shortcuts may work in some environments, but not all, and ultimately the consumer pays in lost time, availability and productivity."
Of all his "points" this is the dumbest one. He's blaming Windows for the work of app vendors. HA! I work in QA/App deployment so BELIEVE me I know how bad app vendors are, but that's not windows' problem.
I guess no one has mentioned the bug in Adobe's software under OS X that was causing it to take approximately 10 minutes to task between Illustrator and Photoshop.
"Hardware. There are hundreds of "WinTel-compatible" motherboards, each claiming to be better than the next. Whatever."
This is bad....why again? Here's a simple solution: buy ASUS.
"Memory. Not all RAM is equal. Some works well. Cheap stuff doesn't."
So don't buy the cheap stuff.
"Hard disks. Same problem: cheap or reliable. Your call. "
Never had a problem. Western Dig drives have been extremely reliable for me.
Listen, I'm no big fan of Windows, but these critisisms are just stupid and make no sense.
What's frustrating about this stuff is that 99% of these "no windows" rants that make it to slashdot are obviously due to incompetance on the part of the people maintaining the user's PC's. Yes, Windows certainly has it's gremlins, just like any OS, and you have to set your infrastructure up to deal with those gremlins. Is Windows the best OS for every application? Certainly not, but lobbing critisisms which are simply not that well thought out at it and then expecting OS X to wash your car and eliminate blackheads isn't going to help anyone.
Damn... I forgot to turn on sarcasm mode so the overly serious
The previous comment is purposely vague and generalized, but all of the facts are completely true.
That's right! They're gonna try and take our Windows away! And I, for one, am mad as hell!
...Oh, right, this is the meeting.
...Sharon, have you seen Dad?
*Everyone* Me too!
I'm sick of having my mental condition come into question!
So now, what are we gonna do about it?
Do about what?
They're gonna take our PCs away.
They are?? They can't do that!
That's right. So you know what I think we
should do? I think we should have a windows
users ' meeting! Get all the windows users
together at the community center and unite!
Great idea, Marvin!
Wait, ah I think we're having that meeting right now.
Right. To get those damn Mozilla users
to stop hitting on our websites!
Yeah! Yeah! That's right! Someone's gotta stop them!
He's not here, hun. He's having a meeting with all the Windows users in town at the community center.
Oh. [steps back out] Wait a minute. If all the windows users in town are at a meeting, that means that when the meeting gets out...
Every senior in town will be getting home and
turning on their PC... Oh My God!
Get off the net! Get off the net! Windows users' meeting getting out! Get off the net! [everyone closes their e-mail boxes in full blown panic]
*Suddenly, everyone's mail is deluged with
Spam from millions of Windows viruses noone
yet knew existed...
Well my work machine works just as well. I have had a blue screen perhaps twice since windows 2000 came out. They push updates to my machine once a month...
I could waste my time by going through every single point and showing that each problem applies to the mac as well, but I won't.
Please sign petition to restore sanity to our banking system!!!
http://financialpetition.org/
Only a fool (or a loony) can expect for high-end performance from low-end software running on low-end hardware.
I'm not insane. My mother had me tested.
This is a suprise to us how?
But I digress...
In the "bad old days" one had a terminal, and the main frame did the work. It had inherent advantages (centralization, easy enforcment of security in one place, etc) and disadvantages (When it went down, we all fell down). Then came the PC, and we all got a PC on our desk. It was nirvana the pundits said. Then we needed to communicate with on another. So we started building bridges between the islands of PCs, and then we started adding servers and then came the internet and the web browser and the always on 24/7 never stop (take a breath here) INTERNET economy. WHEW. Now look at the mess we're in.
Solution: Pick the best application for the job at hand.
1. Thin clients and web based apps for a majority of users. Don't install whats not needed.
2. No machine to machine sharing, you need something get it from the web portal.
3. Mix machines/OS/Installs based on the workers needs and requirements. Free ipod is not a business requirement.
Where does all this lead?
If you don't design your network, and train your employees, you OS choice doesn't matter. Windows has many inherent problems, but Mac can inherent some of those problems simply by becoming popular. Until we move away from the PC that "does it all" for the business user, and start looking at smart ways to LIMIT what a PC can and should do - the OS choice is a mute point, albeit it's a step in the right direction by selecting something that is more secure out of the box and works. It's also certainly valid to point out that it's easier to strip down a mac/linux/bsd install to bare minimums. Windows lite is still windows with holes big enough to "drive my hummer through" (as arnold said)
In the end take the best of the bad old mainframe days, and the good things about the PC ideal and put them together. Mac OSX is way more amendable to that concept by it's very nature.
cluge
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
I guess my worry is that he'll be evangelizing about the wrong things.
That being said, from the hardware front, when you buy Apple you almost always get much better craftsmanship. Open up any PowerMac tower and you'll be drooling, even if your a PC modder you'll be impressed. And the architecture synchronicity can be a huge breath of fresh air.
Luck favors the prepared, darling.
I whole heartedly agree that the mac is a better platform on many levels, however my Windows XP / RedHat Linux Domain Controller based network runs fine, the security holes are at least manageable. (I mandated T-Bird and Firefox on all user accounts) Being that we use AutoCAD Mac's aren't a good choice for us, however if managed correctly your windows network doesn't need to be such a menace.
Apple uses the same cheap RAM and Hard drives as other manufacturers do in PCs.
I have it's actually pretty easy with the right tools. Now the tools themselves, are a royal pain in the butt to setup correctly so they run well without any issues.
With the proper security policy, regular updates via SMS, and standarizing the hardware, most help desk calls are limited to people wanting to install Application X, or how do I get Powerpoint to do a swirl like Company X did in their presentation last week.
With roaming profiles desktop machines can be swapped out with ease. Now mobile laptop users are another story.
Still, I understand his griping. My machine is one I built myself and I have hardly any problems. Yet, countless people are schmucks and don't know how to use a computer and their stupdity causes other people headaches. I am switching too (not because of the article). I been sick of Wintel for awhile and I am ready for a change of pace.
HTF is this slashdot worthy news?
My friend was one of the biggest Windows power users you can imagine. He knew (well probably still does) his way around Windows far better than anyone else I knew. If I ever had a problem that I couldn't fix, and I was the person fixing other peoples' problems, then I would call him. In fact, before his current job as a security guy, he used to be a professional Windows admin.
About three months ago he bought a Mac, and insisted he was going to buy one for his mother (she had a very persistent virus he could not figure out how to get rid of, especially remotely), and then recommend Macs to everyone he knew. He's still a huge gamer, so he has PS2, Nintendo, Windows, and XBOX. He now commonly refers to his Windows machine as his "Wintendo".
I don't know what's going on, but I think we may seriously be at a tipping point. If you think about it, even though Macs might be more expensive than Intel (I don't buy the price comparisons), they are still much less expensive than a "computer" was several years ago. So, the same people that bought Wintel last time can afford the same cost, especially if it's perceived as necessary, and can skip one of the generation of price drops in order to buy a much nicer option.
Imagine choosing between a Ford Pinto, and a BMW 3 series, where the Ford Pinto had dropped in price to 10K and a BMW was 15K.
I have to reboot my Win2K machine at work once every two weeks because something, I'm not sure what, slowly starts grinding it to a halt. It doesn't BSOD, mind you, it just progressively slows down until it becomes almost unusable. I've been working with Windows since Windows 3.0 and to this day I still think it's a piece of shite.
Their hardware / gadget guy also goes to the Mac side, but he doesn't have as pleasant an experience:
5 backspin.html
http://www.networkworld.com/columnists/2005/05230
Come to the University of Mars! Classes starting soon!
The reasons he outlines for this transition are pathetic:
Windows is complex -- hmm.. so is Mac OS X and UNIX.. Computers are inherently multi-function devices and given the wide range of tasks, it makes them complex.
When a new operating system or service pack is released, there are tons of changes to the functionality. -- What? Of course a new OS will have tons of changes -- while I disagree with service packs having tons of critical changes, its more of a naming convention issue (service packs are generally more reliable, solid than the previous incarnation)
WinTel machines use different versions of BIOS. They are not all equal, nor do they all have the same level of compatibility. -- I have no idea what he is talking about. Anyone know?
Some Windows software applications are well written; others take shortcuts. -- same with Mac software, same with open source software, etc.. this is not platform dependant.
Hardware. There are hundreds of "WinTel-compatible" motherboards, each claiming to be better than the next. Whatever. -- Now he dislikes choice. Great! Why not just buy a highly rated, prebuilt desktop/laptop?
Memory. Not all RAM is equal. Some works well. Cheap stuff doesn't. -- Funny, that same RAM is used in Macs as well. Again, do your homework if your an IT guy.
Hard disks. Same problem: cheap or reliable. Your call. -- Same issue, this has NOTHING to do with Windows.
I could understand if he mentioned something like a lot of apps do not initially function properly under a standard user account or break in unexpected ways (I'm dealing with this right now).
Perhaps talk about how centralized application management is a joke on Windows (Microsoft recommends MSI but very little software is shipped as MSIs).
Or perhaps he could take the route of security issues -- Microsoft's idea of security is to pop up a little warning box or some other unnecessary dialog to annoy users instead of providing true security measures. Or even discuss how the registry is a joke where certain user configuration options are stored in system registry so regular user accounts cannot control their own environments (ie certain dialogs that pop up and have an option to "not display again" or the in-ability for a standard user account to set a default email client/browser.)
Winn Schwartau
;P
isn't he on the jedi council?
At the beginning of my career I only the option between unix and mac. We had a live production system running on mac which was developped using 4th dimension (the database) and a unix environment running cobol apps. I loved the graphical environment on the mac and the options you could use. The built in tv-in and -out converter gave us excellent opportunities to broadcast stats throughout the company. I still get homesick thinking of it.
But now, I've had it. I'm mad as hell and I'm not going to take it anymore.
Rawr.
Stop making that big face!
I HAVE actually managed a huge Windows-only network (50K Win2k machines, 100K users, 80 servers), and I tend to agree with the original poster.
I was at the "helm" as a consultant turned IT manager/overseer while a full nationwide exec search was conducted to permantely fill the position for just about 11 months. The previous exec literally dropped dead a few days before an entire network upgrade: all new workstations, servers, cabling, routing equipment, and software packages went into effect. Four full timers on IT, 5 half-timers (24 hrs a week) on help-desk, and me.
In my time, we never had (1) any problems with patching, (2) a single piece of spyware found on any machine, (3) a single virus or worm or other such outbreak of unauthorized software, (4) any data loss or corruption and (5) a single BSOD. I had a core group of 12 servers that were "mission critical", whose uptime from the day I started to the day my replacement came aboard was perfect.
The point being, that your mileage may vary. With everything in this industry, YMMV. It should be stamped. We did BIOS upgrades, we had hordes of clueless users, we had clueless employees - the same problems as anyone else had. But we never let MS or Dell or anyone be our scapegoats, and we ended up really really meeting our goals and exceeding what anyone thought was possible.
to discover the obvious. Every respectable CE/CS class should have a history lesson in computer architecture (or, to put it better, computer economy):
- why did the 8086 family prevail in a race where 68000 was way, way advanced? (for the blessed, who shall... : these are Intel vs. Motorola processors, back a couple of decades.)
- how did MS-DOS sneak into the market and leaked all over the place?
The WinTel alliance has really tried hard to keep their market share with playing the economy logic trump to compensate for their technical inferiority - I don't want to sound too judgemental, but from academic point of view, this was a typical battle of the bestselling vs. the best.
Sooner or later, it had to be told. When performance and quality matter, there is no way that Windows systems can compete with Macs, Unixes, Linuxes and God knows what else. A backlog of less-than-average solutions (in technical sense) which were all done in a rush to grab the market share before anyone else would has accumulated over the years. Things have to break at some point: Windows has become equally unmanageable for non-technical users as well as sysadm experts. It takes both the average John User as well as the master programmers less time to learn anything non-Windows and migrate entirely than trying to keep up with Windows of today trying to do the same jobs as yesterday in a tommorrow world.
Well, some of us have known for a long time what the facts are and have had the faith things will change accordingly. Now even the standard WinTel troops are jumping ship.
and representative of the mindset that would grab a quick 'MacSolution' rather than understand the problems associated with thoughtless operation of any compledx machine, Macs included.
It's a good article for getting some attention for ones blog though...
A good article would have addressed specific problems, the complexity of the solutions to those problems, and user responsibilities rather than railing against the fact of life that other than in the context of nookie, one size does not truly fit all.
At my last job we were hardly the poster children for best security practices, but we made a small effort to not wreck the network.
1) Reasonable firewalling -- keep out most network-level worms, and block their spread via unauthorized SMTP sending
2) Desktop AV -- the helpless desk always installed this with not-frequent enough updates, but it had to have helped.
3) SMTP filtering for viruses -- you can stop a lot of malware there
4) Mostly keep the users from being Administrator-equivilent on their machines.
5) Run some anti-spyware application. Halfway effective and admittedly a problem until MS Antispyware came out, which seems quite good.
6) Software Update Services. You don't get burned too bad if you stay patched.
None of this makes Windows "secure", but it avoids most problems. And in many cases switching a lot of organizations to all Macs "solves" the security/malware problem, but it creates a new set of problems for dealing with the rest of the world which is mostly Windows based.
The article and person referenced make it sound like there's nothing that can be done. I think even sloppy, half-efforts can be really successful.
Why do we keep seeing articles where the solution to Windows security woes is to throw money at a new computer, when there are already ways to solve these issues for free? Burn ZoneAlarm to CD and install it on a new Windows installation before you hit the net for the updates. Use Firefox instead of IE, and keep aware of security updates. Use Thunderbird instead of Outlook, and use its features to disable "unsafe" HTML tags and to disable viewing attachments inline.
All it takes is a little bit of intelligence on the part of the user, and Windows is just as safe as any other platform. If you're going to switch, switch because you like the functionality of Apple's product, not out of fear and laziness.
Wait? So anger is the way to escape the Dark Side? So confused...
One time I threw a brick at a duck.
The most sensible thing he seems to say is "I never said I was smart"
I can't possibly see where he will have any problem unless he happens to try to get some work accomplised on the Macs.
even symantec agrees that there are no known os x viruses (and trojans). sure, there may be one day etc.; and also, it is possible to construct malware (see apple's comments to their keynote security patch from yesterday - hello moderators?). with ms office and visual basic installed, one may get ms macro viruses, but hey should do not more than modifying ms office documents (i am actually not sure, if this is possible; it was in pre os x days...).
;-)
however, even mac users may distribute windows viruses - usually through an exchange server account
And lets not forget that the OS itself is only responsible for only so many vunerabilities. What office suite is he going to be using?
Magic Eight Ball: Outlook not so good., Hmmm, how about Excel and Word?
i don't get it- what's so hard about win 2k or xp that these morons have so much trouble? i've got a 2k box at home, and it runs great for days, weeks, months without needing a reboot. the only piece of software that ever crashes is firefox! i don't get spyware, or viruses...
what are these people doing wrong, and, whatever it is, what makes them think that it won't happen on a mac? are they just clueless idiots who click every "yes" button and download everything they see? maybe that's not windows' fault but theirs... using a mac because it's "immune" to most of the malware that people stupidly install themselves simply because macs make up a tiny percentage of the market is security by obscurity, plain and simple
also, i think a lot of the problem are these retarded apps that manufacturers and isp's install on users' machines. one of the first things i do with a new machine is clean off all that crap. half of the time it's that shit that screws everything up. if you run a clean version of windows and only use professionally written apps, you'll see that the problem is not windows
i realize windows has it's flaws, and has especially had flaws in the past, but it doesn't take a genius to keep an XP or 2000 machine safe and clean, and i'm tired of people blaming windows for their own stupid behavior.
Sure, he is going to change RIght now!!!!
It sounds more like just general "I am pissed at windows and going to choose Mac because I like the white plastic case".
The more use an operating system gets, the bigger target it becomes, period. Let us not forget the auto-installing widgets in OS 10.4
Also I would look into the Apple licensing rules as they are considerably more restrictive then Microsoft.
About Quality of hardware & Software: My XP machine at home runs for months without rebooting. I have wintel servers at work that hum along just fine. The only thing is you cannot buy a mac at Wal-Mart, but then again you shouldn't be buying a 300 pc at Wal-Mart seeing it crash because it's built with crap and shouting MS SUCKS!!!
Here's my answer to the WinTel problem: We need an open Simple Operating System (SOS) that meets the needs of the majority of people who buy PCs for everyday home and enterprise tasks. Get rid of the complexity and simplify the interface between SOS, BIOS and hardware. In other words, KISS. You know what it means. KISS SOS. I think it's called "The Linux Kernel".
autopr0n is like, down and stuff.
Everytime I finally think I've had it and am ready to make the switch something new that I need is Win PC only, Guild Wars ruined the switch this time, the upcoming Fable Lost Chapters for PC, and DVDshrink... there is just too many apps/games keeping me locked. It is such a catch 22, if more supported Mac/Linux then developers would port titles but I can't fully support it because key titles are missing... arrrgh!
http://teasphere.wordpress.com - A little spot of tea
Even if you want a nice, silent, powerful laptop for Linux, the Apple *books are your best bet. You can't beat their laptops. Small size, silent, rather powerful for the cost. And they are 100% Linux compatible, sans the wireless. I'm running Mandriva PPC Linux on my iBook- it's rock solid.
I have nothing against apple but, I have to question the rationality of switching like this. Securing windows hosts is NOT THAT HARD. Sounds fishy to me. I think he needs decaf.
...how stupid the authors of articles like this one really are. I run Windows XP Professional SP2, Outlook 2003, IE, MS AntiSpyware, and I run my own website on IIS 5 all behind an MN-700 Firewall/Router (Microsoft's firewall/router running a variation of Windows CE). I have never had a virus or spyware running on my system. I thought these apps wre all vectors for this type of stuff? I am by no means a computer guru, I'm just a graphic designer who's resigned to the fact that computers are a part of my life that I need to deal with. It can't really be that hard to do what I do and keep your system free from problems.
Here's my answer to the WinTel problem: We need an open Simple Operating System (SOS) that meets the needs of the majority of people who buy PCs for everyday home and enterprise tasks. Get rid of the complexity and simplify the interface between SOS, BIOS and hardware. In other words, KISS. You know what it means. KISS SOS.
I think it's called "The Linux Kernel".
autopr0n is like, down and stuff.
Perfect timing! I'm mad as hell with Microsoft security issues too, and yesterday was a perfect example (though not unique) of why. Yesterday I got bitten not only personally but professionally by Windows XP security activity. Bear with me.... it's almost hilarious, but it's a down right comi-tragedy at the same time.
Yesterday, our wireless network was pathologically gummed up. I discovered that when I got on the treadmill, queued up my music for my run (Loggins and Messina On Stage for any who care) and began. The music sputtered and skipped... no biggy, it's happened before, someone upstairs must be using the microwave briefly. But it didn't recover and less than five minutes into my run it aborted and I was left to finish my run in the Hell of boredom and silence.
Still no biggy... but checking wireless music device upstairs and finding the same stuttering behavior with it I started to be a little uneasy. What was jamming my network?
I was scheduled for a very important demo of my software (am selling to large corporations) and now felt more urgency to ensure I'd debugged and fixed my network problem before the big demo. Still no biggy.... I've been troubleshooting networks and computers for years... I'd have it cleaned up in no time. So, I began my standard (among other things) check list...
I ran out of time to narrow anything down, so in desperation I did the standard reboot of the XP boxes.... interestingly, there was a momentary blip of network nirvana... but once the XP boxes were back up, the network was molasses again.
But I had to do my demo.... and now I was worried, and it turned out with good reason. The party for whom I did the demo was unable to connect to my application... and I had to fall back on my backup plan, which was to walk through a printout and describe my application.... how fscked is that? All in all the demo ended up going well enough, but I was perturbed as hell about losing the network like that right at the most inopportune time.
I continued my debugging, now focusing on the bogon messages... and now zeroing in on the tivo boxen... and while doing so, suddenly the WAN again achieved nirvana! WTF? Happy the network was back, but dazed and confused about why. I went back upstairs for one more check of the upstairs machines... and there.... on the task bar...., in the system tray...., in a bubble..., above the Microsoft icon...., was the bubble..., "Updates have been downloaded and are ready to be installed....". $()*&($#(*&$#(*%&!!!!!!!!!!!!!!!
So, bottom line, because of a middle of the day Microsoft update download, I had a miserable workout (yawn, big deal, who cares...), and was unable to give a live demo of my product to a potential customer (which I think is really a big deal!)! WTF? I know I'll get flamed about having auto-update, blah, blah, blah.... but it seems so "can't win".... without auto-update, you run the risk of exposure inadvertently, with auto-update you're apparently at the mercy and whim of Microsoft as to if and when that crap comes down the pipe. Sigh....
I'm mad as hell and I'm not going to take it anymore.
It's a shame the quote is wasted because most of the readers have not seen the movie "Network"GETPKG - Package Management for Slackware
Switching to MAC for those reason is like saying i'm going homosexual because women have flaws!! Mac has flaws too i'm sure (no O.S is perfect)! the user are just blinded by all the pretty lights and colors of the desktop!
Hmm I think that you're wrong too, I could waste my time showing you why I think so, but I won't.
I'm learning python
I, too, have been through the frustration of "calling New Delli (sic) for tech support" and trying to convince (most often unsuccessfully) major vendors that it IS a HW problem and the reloading Windows is not gonna help a damned bit! Although this is not specifically a Windows problem, I think a lot of the blame can be laid at Microsoft's feet: their constant reliability and compatibility problems made reloading the OS such a common fix that it has become virtually the only fix.
As for the problems where the restore disk does not match the original OEM configuration, my biggest problem,s have happened when the OEM config DID atch the OEM config but DIDN'T match whatever Microsoft shipped! Example: 2 identical Dells, ordered two months apart, that would not bring up the video after registration! The common solution from "New Delli" involved using the restore disks to reinstall XP Pro and they worked exactly the same way! Both were solved by installing a clean corporate XP Pro and they worked flawlessly. Again, the problem can be laid at Microsoft's feet: they have made poor QA and low levels of testing such a norm that OEMs feel enabled to adopt the same techniques in their business.
I don't care whether you are a System Admin or clueless user; such problems make life hell for both!
EVERYONE can say something good and bad about their platforms.
My G4 suxx0red under OS X. Slow as hell and a lockup nuisance. My crap Dell GX-270 running XP Pro never did that -- I only rebooted when I needed to, and often put off patches simply because I had so much shit open it took me half an hour to quit all the applications.
My home machine (Asus P4P800E/P43.2/XP Pro) goes flakey with the network chipset and then reboots every two weeks. Nothing seems to help, not even Marvell's driver-of-the-week upgrade.
It seems the editor of NetworkWorld must have been asleep that day...Winn Schwartau isn't very well informed, nor do his points make much real sense:
Operating systems are complex... Patches sometimes install new functionality... some commercial software is badly written... expensive hardware is usually more reliable than cheap hardware.. Are any of these actually news to anyone?
My favourite of his issues is that not all Wintel machines have the same version of Bios. Wow. What a revelation. SO what? not all cars on the road are Ford Escorts either. The bottom line is most non-tech users never have a need to mess with the bios anyway.
The real indicator that he doesn't have a clue is that he could have saved $2000+ dollars by just installing Linux on his existing machine, rather than buying a new Mac.
Yes, even a Mac may fail!
extern warranty;
main()
{
(void)warranty;
}
Mad as Hell - Switching to Mac
What a great adversing slogan! Apple should start this campaign right away.
Ha, ha! Nobody ever says Italy.
it's not what you've got, it's what you do with it that counts. all else is fanboy.
How did you manage to keep the spyware out? Zero (or highly restricted) network access?
I can see a good combination of keeping on top of virus defs and keeping a tight firewall stopping most or all of the virii, but the spyware is such a constantly evolving battle waged by each of your 1000 users that invite it into their computer, I don't see how you could possibly have had even a couple PCs with browsing access and no spyware on them, for even a couple weeks let alone 11 months.
I work for the Department of Redundancy Department.
I have worked with Macs and PCs for a long time and it seems to me the difference is Mac has a vertical monopoly on the hardware. Start slapping 3rd party hardware into any Mac and you will see all kinds of unexpected crashes.
Don't have to just run os x on macs. PPC Linux development has taken off, and it quite good!
-A PPC Linux user
I'm too much of a retard to properly lock down my system, therefore, I will be taking the easy way out.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
ActiveX on PCs is a problem, and Java, and Javascript, and many port protocol exploits on MSWin, but trojans run by users willingly on any OS will outshine even those entry vectors, but for SERVERS, nothing is as secure as MacOS.
.mil
:
Despite many high profile web sites and servers using OS9 for many years, not one database entry in the large BugTraq database documents a remote explloit for Mac OS in the history of the internet.
Even the US Army used macs exclusively (mostly MacOS 9 until recently) after being rooted rouitinely using unix and MS Windows NT. For many many years www.army.mil has been run on macintoshes exclusively.
The same is true of many colleges that were rooted and defaced too often on Linux. They installed WebStar and OS 9 and never had to worry again.
http://uptime.netcraft.com/up/graph/?host=www.army
http://www.google.com/search?q=army+webstar+"os-9"
Check it out yourself. This entire post is full of factual citations and 100% facts.
No mac in the history of the internet hosting a web server has ever been rooted or defaced remotely.
Why?
Because not one version of Mac OS has ever had a single exploitable hole ever discovered. (classic mac os now up to version 9.2.2 on currenlty sold g4 towers). OpenBSD has had no less than 5 holes (not one) in the default install in the last two years. Mac OS has had ZERO in over 8 years, even when paired up with its preferred web server app.
In fact in the entire SecurityFocus (BugTraq) database history there has never been a Mac exploited over the internet remotely. Scan it yourself.
That is why the US Army gave up on MS IIS and got a Mac for a web serve. Currently it is a honeypot for OSX testing, and US Army use regular Mac OS on other internal servers
This post is not talking about FreeBSD derived MacOS X (which already had a more than a 50 exploits and potential exploits in BugTraq database, and in the news yesterday with Symantec claiming in March 2005 of OSX having remote exploits) I am talking about current Mac OS 9.x and earlier which are highly sophisticated abstract-OS models.
Why is is hack proof? These reasons
1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT. Apple uses an object model for procces to process communication that is heavily typed and "pipe-less"
2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidian's birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.
3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not. In case you are not aware of what a "pascal string" is, it usually has no null byte terminator. Additionally certain types of compilers can check range on assignments to prevent out of bounds. Furthermore many good programmers ensure that the bounds are not overwritten.
4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely. Apache as you know has had many problems in earlier years preventing w
So, a "security expert" switches to Mac because of security issues... and then lists a bunch of reasons why, but none of them have anything to do with security!
The most bizarre is blaming the BIOS - which is only used to boot Windows, and isn't used during runtime at all (and hasn't been for years). In fact you don't even need a BIOS to run Windows (take a look at any SGI box, for instance).
MAC vs. PC is Sooooo 1990's.
Today's war is PC vs. Linux, and Slashdot if the focal point for this cutting edge flame war.
VI vs. Emacs on the other hand... Let's just say some debates never go out of style.
"Live Free or Die." Don't like it? Then keep out of the USA
I know the article guy had PC laptops, but FWIW Apple *Books are fully supported in PPC Linux, except for the built in wireless. My iBook sleeps, sound is great, and has great 3D. PPC Linux support for mac laptops is excellent.
That's exactly what I have done. I bought a Mac Mini in order to check out OS X. I like a lot of things in OS X, but there are some flaws in OS X as well. The Finder is not quite as good as it could be.
For someone familiar with Linux and Windows, the OS X BSD core (Darwin) is pure heaven. You can get and compile almost any open source package that is also available on Linux. It is much less of a hassle than running the kludgy CygWin on Windows to get a simular functionality.
I am now running some services on the Mac Mini 24/7 because it is quiet and does not consume a lot of power.
But I am not going to give up Windows XP or Linux on my desktop computer and three company laptops. I am not going to throw out perfectly good hardware that just happens to be incapable of running Mac OS X.
And besides: Software on the Mac tends to be more stable in price than its Windows counterparts. Some games that you already find as bargains in the PC might have just been released for the Mac. And 2 years later, their price will remain high (~$50 for games)!
Overall I am having a good experience with my Mac Mini. I like it, but it's not going to change my view of the world - or computers in general.
--- Eat my sig.
If my count is correct, he's about the 122,675th guy working in the security field who said that windos is inherently flawed.
Now once management starts to listen to the advise of the people they hired because of their expert knowledge...
Assorted stuff I do sometimes: Lemuria.org
Once again you do not get it, you are an end user. You have no clue what it takes to keep a network of computers going. Even though you have not had any trouble, doesn't mean that Windows is not flawed when it comes to Security, or that most users get blue screens of death more often than any other platform. And me as a Mac user, I want to hear what points you have, so I can rebuttal. Otherwise all I can do is rant that you are wrong and not prove a point on anything.
-----BEGIN PGP SIGNATURE-----
12345
-----END PGP SIGNATURE-----
nt
The price is always right if someone else is paying.
I love how people love Macs because it's a very closed proprietary system that can then be controlled by a single entity. Isn't this what the /. crowd is supposed to be railing against?
.....
That being said I get my new mac on
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
If you'd bother to RTFA or article summary more closely, you'd see that the guy is switching his company over to Macs. So, it's not just a home user.
Business users probably don't have much use for 3D graphics and games. Lack of malware can save businesses some decent money.
Wow, I admire your bravery. I provide onsite support SMEs. That said, I am the last to contest that Windows is a secure environment. As much as I hate saying it, that insecure environment keeps me in business. However, switching to the MAC format in a business, now that is brave. Don't misunderstand, I like the MAC and look forward to learning the system thoroughly. However, I have business clients who have gone this route and found themselves buried in frustrations. Why, you ask? The world is building services and software for the most common system on the market. In the majority most cases, the less popular platforms, such as the MAC are left behind. I spent hours recently trying to figure out a JAVA issue for one of my business clients who switched to a MAC. The issue resides in the code on the website's end. A competent JAVA programmer could rectify this in about an hours troubleshooting. The proprietors of that website, however, refuse to update this code to work with the MAC JAVA application. If this were a small company, with a low exposure site, I could understand this. However, this particular website proprietor rhymes with Boverment. You'd think they'd want the millions of people who are the MAC users to have access to their services.?!>>!?? Forgive me, a bit of a vent there. To sum up, these issues will be a persistent part of the MAC users life. For a home user, although frustrating, I would consider it liveable. However, in a business, time is money and not be able to access the services and software that you need to do your job is a major expense that the MAC dealer always forgets to mention. Again, not holding this against the MAC, I'm holding it against the organizations who do not see fit to support this great platform. I look forward to reading about your progress. If I may make one suggestion, leave at least one PC in your office, even if you have it shut down most of the time. Alternately, pickup Virtual PC with a copy of XPSR2. Good luck!
Mac's might be great but they aren't competitive in several important fields.
1) Cost - A company can build 2-3 Windows/Linux PC's for every 1 MAC.
2) Compatibility - Though not a mac's fault, many software companies do not make mac versions or the support is extremely lacking. This is slowly changing though. I worked for Ubisoft (yes the game company) and our Mac support was 1 guy who barely new anything about Mac's.
3) Useability - Ever use a PC then try using a MAC. It's much more difficult and not as agile. I currently am a sysadmin/app dev/IT guy for a medium sized business. Trying to switch is just plain stupid. You have people who've used PC's all their life and have enough trouble as is. I've had a MUCH MUCH easier job insitituting Linux boxes in the office space. Many times those using them didn't realize it because they were always on machines.
4) Repairs - Again Mac's are expensive Hardwarewise. You can't just go down to the local hardware shop and pick up a modem card. PC's are MUCH more customizable and easier to maintain.
5) Customization and Software selection. PC's own the ever living crap out of MAC's in this area. there's not a damn one of you here who can tell me different. Linux is still needing in this area but it's catching up fast. The biggest thing is you can CHOOSE the OS you want on PC's. You can't on MAC's.
Now, don't get me wrong. Mac's aren't bad they just aren't competitive in an office environment. They cost a lot to fix, they cost a lot to maintain and purchase software for, and they are a bitch when something goes wrong.
My experience with MAc users has always been poor. They typically are very close minded and focus on only the "stability" of their computers. That's great... I'm glad it's stable but you can't run half the friggin software we use!!! Even worse you can't run older versions of stuff that IS MAC compatible... and we aren't talking several versions... we are talking like... 1.
Windows XP runs 90% of older software that I've run into. The only one it hasn't was a custom written piece that sucked anyway.
You drop mac prices, you make them more compatible and easier to maintain we'll talk. Until then I'm Windows/Linux.
But I've been hearing a lot of frustration with MSFT from my business customers. There's always been a certain amount of grumbling about security and license terms, but the tone has become noticably sharper of late. More actual experiments with alternative products, pilot projects being extended and expanded. More and more the talk is starting to translate into the walk.
Whether it's Linux or Mac I think the real interesting aspect of this article is that it was a business customer deciding to switch. Business customers and gamers. I pay more attention to those stories than a home user who finally gets a clue.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
I too was fed up with Windows. I had never used a Mac (ever) until I bought a new iBook from Apple. I liked it so much I sold it on eBay 6 months later and bought a 15-inch Powerbook.
:)
No more Windows for me. I'm done. And I don't miss it at all.
And I would like to formally aplogize for all the Mac jokes that I have made in the past.
Okay the guy sounds pissed, but it doesn't make sense why you'd drop all your hardware at the same time as you'd drop XP. Any PC that can run XP can in all liklihood run Linux (or BSD) and benefit from security goodness too.
Yes, and long term that would be wiser. My mom runs GNU/Linux and loves it. My sister, her husband, and their children likewise. However, my wife uses Mac OS X. Why? Because Microsoft used up all her tolerance of cantankerous technology, and while Linux is anything but cantakerous, it does have a learning curve that she simply wasn't willing to climb. Had I caught her before her experience with Dell and Microsoft, she probably would have been very willing to learn a new system (my mom and sister were delighted--but they hadn't lost entire weekends reinstalling bug-ridden, chronically unstable OSes).
I suspect this guy is in the same boat. He's worn out, and wants something that Just Works(tm) (this isn't Microsoft, regardless of what their deceptive advertising may say) with no learning required. Apple comes as close to fulfilling the "no learning required" aspect as anything.
Having said that, you're absolutely right and people really shoudln't kid themselves. Once Apple gets sufficient market-share it's going to be as ill-behavied as Microsoft is today. Granted, OS X will probably never be as insecure as Microsoft Windows--after all, its foundation is FreeBSD, which is very, very solid, while windows foundation is more akin to to quicksand--but if you think Bill Gates' customer lockin is bad (and it is), imagine what Steve Jobs is going to do once he's secured a big enough chunk of the market.
Don't believe me? Take a good, hard look at Apple's history. Apple has done it before--and drove a mass migration to IBM compatibles as a result. People forget that Microsoft initially emerged as the market leader because IBM clones emerged as the market leader, as a result of the hardware being open (despite IBM's efforts to the contrary) and competition making for a very robust marketplace, a lot of innovation, and (at the time) a lack of customer lockin. It was only later that Microsoft applied that customer lock-in at the software level...and Apple is almost certain to follow suit (repeating their old behavior) once their market share makes them feel confident enough to do so.
Long term, FreeBSD and GNU/Linux are the future for anyone who values their digital freedom in any form. But short term, Apple is a quick and painless way to get out from under the pile of Microsoft shit that includes, but is hardly limited to, endless spyware, endless viruses, endless worms, endless trojans, endless popup ads, endless crashes, endless security flaws crackers can drive a fleet of container trucks through, and endless demands for upgrades (and your hard earned dollars/euros/yen/what-have-you) that just give you more of the same.
Apple can give people breathing room, let them recuperate, and then, when Apple starts to get a little too big for its britches, people can look to making the move to a free foundation, such as Linux or FreeBSD. But until then, for those exhausted and traumatized by the Microsoft treadmill and the convicted monopolist's abuses, Apple offers a welcome, and easy, respite.
The Future of Human Evolution: Autonomy
He's upset at the lack of support that comes with having entirely different vendors supporting the hardware as opposed to the operating system.
From his blog:
"But, really, in the last few months, my frustration went over the top because I openly admit I am tough on laptops. I schlepp two of 'em everywhere 'round the world and I see no reason a $2000 box should not be able to take $2000 worth of airport abuse.
So, my beautiful new Sony 17" VAIO with 1920X1200 res (Freaking gorgeous) began to have mechanical problems. I can recognize a HW versus SW prob and this was hardware but the Sony folks, in an effort to save having to send a guy to me, tried to convince me "Reinstall Windows." NO! That is wrong! This is a HW problem."
While some might prefer to build, write, administer, and hold absolute control over their computer systems, most people just want to use them. They also want support on their computers to be as painless as possible.
That's one of the bigger advantages to a Mac over Windows or Linux: It's easy to find who to call when it breaks.
Not every argument requires reduction to absurdity.
Yes kiddies, I will take it more, but I will never pay for it. You might say I am rather anti-American in that sense.
It comes with online help, so you could always read that, or go read the apple website about it if you want a high level overview. You're more likely to need a book about the API you choose to target (cocoa for example) than the IDE, as once you get used to it the IDE will become quite transparent.
:
It's free, and much better than it used to be, but there are still some rough patches. In particular
The preferences are split between Targets and 'Build Styles' some of which override the others choices - this is a bit annoying if you're used to a simple Build Target x model and is not as elegant as it could be.
Sometimes it doesn't rebuild everything as it should when switching build styles and you have to say 'Clean Target'.
The build in editor is not great, and the menus are a confused mess (IMHO) but you can use external editors with it easily enough.
You managed 50,000 machines and 100,000 users with only 80 servers and 10 poeple 1/2 of which were help desk? and NO PROBLEMS! To me it sounds like you didn't provide Email or internet access on top of having compleatly locked down desktops. That's a nice but uncommon environment.
1. No users ran with admin privelages, ever. That is huge, huge, huge. Even when I was logged in to a dev box, I was was not an administrator of anything. We heavily used RunAs techniques for slightly privelaged operations.
2. We used group policies to specify exactly which binaries a specific user or group of users could run. This is also huge.
3. ActiveX completely disabled.
4. All web content went through our web proxy, which aggresively filtered out potential problems.
5. Aggressive use of known good machine images. Each machine was literally one of 3 templates. We could log a user off remotely, reboot the box from the network RIS server, reload his/her machine image template, boot back up, log the user back in, and they'd never know that their entire hard drive had been erased, the OS and apps recopied, and reset. That process was an extreme measure, but it took about 6 minutes, start to finish. It was like a slightly longer version of a reboot to users.
Finally, it's worth noting, we never had an anti-virus package on the workstations, only on the mail server to scan incoming and outgoing mail. We used no anti-spyware packages! We ran two eight-hour shifts (big servicing center for a major worldwide insurance company) each with about 50K users. The users had "unrestricted" in a technical sense internet access - outgoing ports were watched but not restricted (we let them have an IM package installed, for those lulls in the action), and everything went through a proxy server, but otherwise, there was nothing stopping them from trying to visit any old dark corner.
Seriously: good IT policy uniformly set across the network (no exceptions for VIPs, the CEO, or the CIO), quality standard hardware, the best software products, and a liberal amount of scripting, testing, and process management. That's all it takes.
As long as they unplug that broadband connection, then I completely agree with you! Otherwise, they are zombies that provide a platform for attacking or spamming my non-MS machine.
100K users, no spyware? yeah right. You are so full of shit.
This isn't _just_ a rant, it's a poorly articulated rant. Atleast come up with some verifiable facts about what you couldn't do in/on winttel, your hypothesis for how Apple will correct this, and then maybe we can see a valid 'switch' experiment take place.
As it stands now, it sounds like you had some things go really wrong in your wintel world and your blaming the OS/Architecture and running for another. Who's to say the problem won't follow you?
And what is with this:
If his browser is eating up all his memory, and he needs third-party tools to keep his PC alive, he has other issues. That or he's running WFWG 3.11 with IE 0.9b8
Am I the only one who's had little or no issues in the last four years or so with the windows platform. And by issues I mean 'out of memory' or random 'blue screens'
Maybe a lot of this is repressed anger from the mid to late 90s when running windows networks took a _lot_ of work (frickin WINS and NetBEUI). And blue screens were way to common (from such critical systems as RAID Drivers, SCSIS drivers and even some Intel chips had flaws that would BSOD certain motherboards).
I think pretty sunny days are here for wintel. I'm sure spend more time in the sun then working on sys-admin issues.
-Malakai
A Dragon Lives in my Garage
respond to these posts http://apple.slashdot.org/comments.pl?sid=150758&c id=12644021
http://apple.slashdot.org/comments.pl?sid=150758&c id=12644159
then stick a greased apple up your ass
Please sign petition to restore sanity to our banking system!!!
http://financialpetition.org/
a SysAdmin. He just wants to USE the technology.
While Linux(es) and BSD(s) can pretty much do everything the Mac does, the configuration of the software is dependent on the user knowing what all of the options are for.
The guy just wants to look at the screen, he doesn't wanna know or care about setting some register to affect the vertical refresh rate on the hardware.
Likewise, he doesn't know or care about hard disk sector interleaving and how, setting wrong can result in severe performance degradation depending on the interface card's buffer transfer speed.
Come to think of it, he doesn't want to bother with the constant upgrading, fetching, 'make'ing and compiling and trying to use the optional settings which reveal the same complexity that the hardware confront him with.
Windows is out because of its BSODs (soon to be joined by RSODs,) its worms, viri, Trojans and Spam, 'Social Engineering' and other psychopathic activities, and the rest of the creepy crawly menagery. Security and safety have become critica issues and Microsoft's Windows just ain't cutting it.
That leaves the Mac as the sole remaining mass market choice.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Bill Gates would be wise to make a point of talking to this guy after a few months of his using the Mac.
Granted, with 90-odd % of the market in his pocket, BillG likely doesn't care, but I've been looking lustily at the Mac Mini myself lately, and I know I'm for from alone.
Gates should really investigate the motives of people who are switching to Mac, and take detailed notes.
And, for that matter, so should all the people who want to push Linux to the desktops of those who don't care to spend their time tinkering with it.
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
I mean, c'mon...
Whats sad isnt that he found PCs so flawed, but that he was so bad at security that he had to change platforms because he couldn't handle it.
News flash, I suck at computers, and my PC works just fine. Not a virus, and never once had a problem with the reliability of xp.
We provided Internet access and e-mail. Users were allowed by policy to use the e-mail for personal purposes. We even provided webmail for outside the company access!
The desktops were completely locked down. Each one was one of three templates software wise. Weekly automated re-imaging (Saturday mornings, 2:00 am, machines in 250 count waves would begin reloading, taking about 6-7 minutes a piece to complete; all would be done in about 20 hrs).
Every user could run only pre-approved binaries enforced by group policy. No one, and absolutely no one, ran as administrator of anything (PC, domain, whatever).
It was a tight ship. All web content went through a proxy server and was aggressively filtered for nasty bits.
I use windows XP all day long...I'm hooked up on the internet and surf and download and blah blah blah all day long. Not once have I been hit with a virus or a trojan or an email attack. I've used computers since 1979 and have seen only a handfull of actual viruses. Meh...maybe I'm just lucky. And everyone I personally know is lucky also as they've had the same experience. The one time I came upon a major virus was...suprise suprise...on a Mac! Granted, it was running System 8 at the time. But it was the one that spread itself on Syquest disks and we had customers that would send us data on Syquest and it would infect the computer as soon as it was inserted. That as a pain to take care of.
Security problems? has this guy actually HAD security problems, or has he just read of the threat of problems and anecdotes of others that have had problems? I read them all the time too, but it's not enough for me to change OS AND hardware just because the press overplays this threat.
I run virus checkers, adware checking...am behind a hardware router/firewall. Basically the same thing I would be running on OSX also. I don't even think about it and just get on with my day.
He's created a strawman argument. It has no weight.
Windows is complex, trying to be everything to everyone. This complexity comes at a terrible price: downtime, help desks, upgrades, patches and the inevitable failures.
And OSX doesn't have any of this? Linux doesn't either? Sorry, you use a modern OS you'll have upgrades/patches/downtime from time to time.
When a new operating system or service pack is released, there are tons of changes to the functionality.
Read up on some problems people are having with Tiger and get back to us.
WinTel machines use different versions of BIOS. They are not all equal, nor do they all have the same level of compatibility.
Um...ok. What's your point?
Some Windows software applications are well written; others take shortcuts. Shortcuts may work in some environments, but not all, and ultimately the consumer pays in lost time, availability and productivity.
Again, this is a windows only problem?? It happens everywhere. But it would be nice if he were to cite examples...but he didn't have time to bring facts into the picture.
Hardware. There are hundreds of "WinTel-compatible" motherboards, each claiming to be better than the next. Whatever.
Some would call this choice. Also others would call it cheaper. Still others would call it the power to make what you want. Whatever.
Memory. Not all RAM is equal. Some works well. Cheap stuff doesn't.
Again...hello? RAM isn't equal on ANY platform! There is cheap stuff being sold and bought everyday on the Macs too you know. People don't want to overpay Apple for RAM, so they try to get something cheap and WHAM, they end up with problems.
Hard disks. Same problem: cheap or reliable. Your call.
Last I checked, Apple used the same type of Hard disks as everyone else out there. I could take a HD out of an Apple and put it in my PC and vice-versa. So how is this a "windows" problem?
Now, I'm NOT a Windows lover by any stretch of the imagination...but come on. If you're going to attack it, at least do it in an intellegent manner. This guy was just full of himself, gave no real facts or data and just spouted crap. I love Macs too, love them to death. Just wish I could actually afford a good one. One that would equal my desktop machine now. Yeah, I could afford a Mac Mini, but it's too underpowered for me. Maybe one day I'll save my pennies and get a Mac...but not because I'm "mad as hell". I don't choose something because something else sucks. I go with something because that something is right for me. It's like this last Presidential election. Many people voted for one candidate only because they didn't like the other one. They didn't vote for the person because they liked him or believed in him...only because they didn't like the other guy. WTF is that?
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
I figured I might as well raise a critique that isn't going to be very slashdot friendly; the reason that the Windows operating systems are so vulnerable to attack has nothing to do with the coding microsoft has done. Before the massive influx of "You're a fucking idiot" posts get thrown up here, let me at least explain my perspective...then you can tar and feather me. Also, I'm dealing with the existence of exploits only, not how the company chooses to handle it. I don't have enough information on the different patching models out there to launch a valid critique.
I can not seem to find a website that seems both credible and contains information regarding the current state of the OS marketshare wars so I won't even bother to throw a number out there; it's safe to say that more people use windows then everything else combined though. If I am up to some nefarious activities and I have a desire to spread some code through an exploit, where am I going to look? Am I going to spend days and days scouring OS X looking for vulnerabilities? Am I going to attempt to disect the Linux Kernal looking for the perfect place to get my stack-smashing on? Or am I going to look through the Windows operating systems because a majority of people use them and as such I get the most bang for my buck?
Personally, because of the nature of statistics and probability, I find it very difficult to believe that Unix/Linux etc are any less vulnerable then the Windows Operating System. There's just less incentive to attempt to exploit the system; it's economics. The supply of potentially exploitable machines is small thus demand can not exceed the supply and people turn to looking for exploits on Windows.
All critiques are very welcome...
I see this argument frequently, "If X were as popular as Windows, it would have just as many cracks."
Let's debunk that with one (not simple) phrase, "The API as a weapon in corporate warfare."
I warned you that the phrase wasn't simple. Now let's define it. Microsoft waged corporate warfare on its competitors with it's APIs. When someone broke new ground, and Microsoft felt the need to compete, or at least not be left behind, they announced a new set of APIs for Windows that would do the same thing. When someone began to clone or interoperate with Windows in a way Microsoft didn't like, here come some new APIs. For that matter, even within Microsoft, the Win95 and WinNT groups came up with different APIs to do the same job. The marketing people used APIs as a weapon, and the technical people had to try and implement them, and notice that security hasn't been mentioned in this paragraph, until now. For that matter, neither has clean design, consistency, or other nifty software terms.
Contrast that with Apple and Linux, to name two. Only with the latest release of OS/X have they "stabilized" part of the API, with full warning to developers. They now feel that they have it clean enough, complete enough, and well enough understood to call it stable. Take a look at the number of times Linus has refused some patch/feature, because it's "ugly." Just as often he says he wants the feature, but please do it differently, so it's cleaner/more maintainable/more orthogonal, etc.
THAT is what has been missing from Windows, at least so far. True design and architecture as opposed to implementation. Look at it as a misbalance in strategy vs tactics. The tactical design practices of Windows at the API level means that a lot of cruft under the hood is practically unavoidable, that code becomes moribund because it depends on other pieces of code, bugs and all. At this point, it becomes difficult to clean one module because its bugs have become requirements of some other module.
That is also why IMHO, even if Mac or Linux got much more popular, they probably would have more problems with virii and worms than they do today, but still far from the problems with Windows. The strategy vs tactics balance is different.
Oh, not to mention the culture. WinNT has admin/user separation every bit as good as Unix/Linux, at least at the OS level. But the Windows culture doesn't understand it, and much software can't work with it. Therefore most WinNT-family users end up being admin, making the separation useless.
The living have better things to do than to continue hating the dead.
I'm not going to even go into the debate of Mac vs. Wintel vs. Linux... which is more secure, reliable, useful, etc. The author's conclusion is that he really doesn't want anything on the market today, he wants a 'simple' computer. Let's analyze how ridiculous this request is... "Here's my answer to the WinTel problem: We need an open Simple Operating System (SOS) that meets the needs of the majority of people who buy PCs for everyday home and enterprise tasks" People always say they want something simple that works but if you actually satisfy ALL of their needs it is going to be complicated. Let's list the needs of the majority of people who buy PC's... * Browse the Web * Use E-mail * Download Music Just the fact that you are going to hook up to the internet means that you have to have a firewall and anti-virus scanning. Hell, Windows just recently started including a firewall. * Word processing for school/work Some would think that typing a report is fairly simple. People today expect much more than a wide variety of fonts. They want images, templates, hyperlinks. * Play games This is the real killer. Back in the day, I worked at Incredible Universe, the failed brain child of Radio Shack. Whenever someone came in to buy a PC I would ask them what they wanted it for. In all cases, they wanted to play the latest games. Other than that they just wanted something simple. Well guess what, games are complex and require complex powerful hardware.
-Andrew
From reading TFA and the blog. It appears that he is complaining about the low quality of components that dell and sony are putting in their computers. (I use dell and sony because they are the ones mentioned)
Now some people would disagree, but if you want to avoid hardware issuses, buy an IBM. Support is better, hardware is higher quality and of all the problems I have had to deal with that I can remember with IBM's only one could not be somehow attributed to user error/abuse.
As far as my G4 is concerned, it is off right now. I have not seen this many kernel panics and general freeze ups in a long time. (My 3 year old IBM has now been on continuously for a month or more and it only was rebooted cause we had a power shutdown) I blame apple actually, it never had a problem until I decided to install the new version of quicktime.
In short, nothing is perfect, don't get suckered in to a great deal on a computer, they probably cut corners. If you buy low quality hardware, expect to have low quality of results.
Supplies!
Windows is not the chief issue. USER STUPIDITY is and like hydrogen in the universe, we on Earth have an inexhaustible supply of it.
.pif, .exe, .scr, .bat, etc., file without even thinking about it and no antivirus package in the world can stop an executable program from running which is not coded like known viruses but nevertheless does bad things. It's trivial to write an app that wipes a hard drive and to the system, it looks like the user is installing just another program.
We in support know that the single biggest flaw on the Windows platform is that Outlook and Outlook Express display all messages in the preview pane by default and display all messages in full HTML with Javascript, Active X, etc. all ready to run.
We also know that should the malware pushers not be brilliant enough to code a web format e-mail that will do their dirty work automatically, all they need to do is craft the e-mail with just the slightest enticing subject and content and the avergage user will double-click the
We also know that the average user cannot resist going to places they shouldn't, and want everything for nothing. Pay porn sites are remarkably spyware free. Danni's Hard Drive doesn't hose your machine. You get decent content. You pay. But the average user wants their jollies for free and malware pushers know this all too well and so they craft ten million sites promising free nude shots of Brittney Spears and sure enough, machines are hosed.
On top of this users cannot seem to resist going to places they are pointedly told they should not, such as sites which are known and documented to be traps. Like the kids in House of a 1000 Corpses, they want to go see the dangerous evil spooky place and so off they surf to the wrong side of the Internet tracks.
As users adopt Macintosh OSX and varieties of Linux, there will be more malware and especially rootkits set out and about waiting for users to go after them and defeat any amount of inherent system stability and security.
The response of the anti-Microsoft camp has been that their OSes CANNOT run the malware code in the first place. Neither can their OSes run a lot of fun stuff at Yahoo and ten dozen game sites either without a lot of techie contortions.
Pathetic inability to do what Windows and Internet Explorer can do easily is not a security method any more than obscurity in documentation and coding is. The same vulnerabilities inherent in Windows that make these awful malware packages easy to get infested with also in the right hands allow great fun and games and web-based everything.
Notice I said "in the right hands". I administer my wife's machine very carefully. She's a Yahoo True Believer. She's also learning to be more careful in what she does because I am teaching her to. People who don't view their e-mails in glorious HTML everything, don't click attachments in their mail, don't download and install stuff from sites they don't know or trust, don't visit known malware sites or sites that should be assumed to be malware a priori are people with far fewer issues.
Firefox and Kubuntu is not a true solution. The true solution is user education, proper system administration, and a lack of laziness in action and thought. Of course, given how many people install Linux and always work on their machines as root, put their administrator account in the sudoer file right from go with zero restrictions, give privileged access to any and all apps from the word go, disable every security precaution every chance they get, etc.... well, it would seem laziness in thought and action isn't limited to the Windows world at all.
"Hey (insert user here), why not visit our repo site and get all the Linux hotness you can stand? We'll give you full directions on how to configure your system to use our repository to automatically get all the goodies you really want on Linux!" The day is coming, people.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
1) i manage a whole department of macs, the TCO is 1/2 what vanila PC's are
2) My department has never had a problem in finding the right software to do the job. most of those companies who dont support macs have crappy products to begin with.
3) i repair macs all the time, inside their the same as x86 PC's if you can repair a mca than you cant repair a PC
4) the Average PC lasts 3 years before it is too slow and wont run fast enough, the average mac gets 5 yrears of service life. in the long run this means a mac is cheaper than a pc because 2pc's = 1mac over the livetime of a company. as for the fact that you can buy 2 pc's for the price of 1 mac all i have to say is ( you get what you pay for idiot)
5) one person can manage a Mac department where it would take 2 people to manage a pc depertment.
6) "Useability - Ever use a PC then try using a MAC. It's much more difficult and not as agile. " WTF, what planet sis you come from. you are either a troll or a total fucking idiot. i can do more things on my mac than i could ever do on a PC, there are many things a mac can do that a PC can never do, in reality its the other way around MACs are more agile than pc's.
In reality i probably shouldnt respond to this post because you are an MS shill and a troll but i couldnt let you idiocy and disinformation stand unanswered.
what a fucking pussy
I've been using windows all my life (yes, I use linux on another box as well) and I don't have all these problems. Like most of the slashdot community I use my computer for far more things than just e-mail and web surfing. I have even setup medium sized networks and locked them up tight as well.
If you really need to switch to mac to avoid spyware and the like, you really shouldn't have a career in something to do with computers anyway.
big boys use windows
a man uses linux
There are as many Mac users now as there were windows users not that long ago. There were windows viruses way back when.
I'm a bit sick of human immune systems to computer security comparisons. They are far more different than they are similar.
LOL yeah, ok, whatever. What security issues? My box has been running like a champ since day 1.
Without free competition, there's no improvement. See how Firefox + Opera + Konqueror helped the upcoming IE 7 (which otherwise wouldn't exist -- and even as of now is still vaporware).
I am a Linux user, but I hope Apple gains more and more market share till Microsoft becomes a competitor again.
"Linux is free as in free competition".
Windows users are VICTIMS. Peoplke who ACTIVELY support Windows are Microsofts cheap ass whores. Stop blaming people who get sick of dealing with the fetid output of the crack smoking coders in Redmond. If any other product was this flawed, it would be forced off the market, and you'd be right there cirticizing it, but it's your precious geekgasm pile of shit, so here comes the double standard. Drop dead scumbag.
If anyone is going to take the desktop market from Microsoft its going to be Apple, no-one else comes close. Windows is popular because anyone can install just about anything in seconds, it might not be perfectly configured or even very secure, but it works. Same with OSX, you just drag an icon representing the application from the CD/image onto your computer and that's it, all the workings of the program are hidden and the whole thing is encapsulated in one object like it should be. I don't know how they handle various library/dependency issues but the user should not be involved.
This comment does not represent the views or opinions of the user.
I.e. linux users are missing out due to the OS not the stability.
You better watch out, there may be dogs about . .
I've been pleased overall with my switch from Windows to OS X, but sometimes I miss the ease with which the "look" of Windows could be modified. Changing the scrollbar, the menu fonts, that sort of thing.
OS 10.3 (and I assume, 10.4) really limits the amount of customization that can be done to the interface. I know that the interface can be changed with a little work, but it's admittedly very low on my list of priorities. My point is that out of the box, Apple doesn't let you change the "look" of OS X to any major extent by just pointing and clicking, unlike Windows.
I get the impression that this was a deliberate choice by Apple, in order to maintain a uniform user interface. I can understand that decision, even if I don't fully agree with it.
Anakin Simpson: If you're not with me, then you're my enemy--ooh, donuts!
I'm not an expert on Windows internals but I have long suspected that the two most troublesome aspects of Wintel are DLLs and the Registry.
(Of course Wintel has many other problems and fixing these two would be far from a panacea. But am I not right in believing that fixing them would go a long way towards stabilizing the platform?)
The logic behind DLLs is sound but it was implemented stupidly. And hasn't the time for DLLs past? Disk space is now cheap and plentiful.
Would the following idea help? If so, how hard would it be to implement it?
Upon installation check the CRCs of all the DLLs a program uses. If any of them are different copy your own versions of the DLLs you need to your own directory and use them instead.
And here's another idea:
Just say no to using the Registry! I have lots of little utilities that brag about a "clean install" that doesn't use the Registry. Just delete the folder to uninstall. Is there any reason a more sophisticated program (like word processor or browser) must use the Registry?
I'd love to hear comments from programmers on these two issues.
Insert witty sig here.
In my company, god forbid I try to stop some vp from installing barney's latest adventure for their five year old, next thing you know the ceo's asking my boss why I hate america so much.
Please don't haul me off to slashdotjail.
They have that!?
Holy crap, I'd better stop pointing out that Futurama and The Family Guy were never very funny.
(Pffft. -1 Flamebait indeed. It's like walking on eggshells with you people sometimes.)
You can't win, Darth. If you mod me down, I shall become more powerful than you can possibly imagine.
Burn, Karma Burn!
Information wants to be anthropomorphized.
The problem as I see it is that the OS itself is not modular enough and does not have any solid controls between modules.
For those of you who remember the entire security model for an OS, you have concentric rings with the kernel at the bottom and the userland applications on the outside. This is done because different levels of programs/libraries need different access.
The important thing is that when you go from one ring to the next, there needs to be an adequate set of controls to keep things from going haywire on you.
With windows, there are too many applications that go from the outside straight into the kernel without any controls. This is done because it's easier to program and faster to run. This is a conscious decision on behalf of the OS programmers.
Windows is designed to be a stand-alone workstation. Remember back in the "somewhat older days" when you had to get winsock in order to make a SLIP/PPP connection? When the computer isn't connected to anything, then security is no big deal because you're relying on physical separation to provide most of the security. Once you network the computer, then you open up a whole slew of problems.
Over time, Windows's security model is getting tighter, but it comes from practically nothing to something legitimate. They aren't going to do it in a couple OS revisions, nor do I feel that it can be done quickly given all the applications that rely on the broken functionality to work.
Yes, they will break programs to tighten the security model. But that should be expected. The MS security guys have their work cut out for them.
I do what the voices on my console tell me to do.
Look at it another way. Linux and Mac users brag about their systems being not as vulnerable. Wouldn't virus writes have taken up that challenge out of spite?
I am a Linux user since 10+ years. I would be happy to see a good Windows criticism but this guy does not know what he is talking about.
....
- Comparing the memory use of Internet Explorer and other browsers, I know that Internet Explorer is not using significantly more memory. However, feel free to use anything that, you think, uses less memory. Firefox anyone?
- From technical point of view, OSX is as complex as Windows. From the user interface point of view, complexity claim of Windows can not be objective.
- Ofcourse there will be tons of changes, the new versions and service packs are for that reason. Who can claim that upgrade to OSX 10.4 did not bring any functionality change.
- As soon as the OS (e.g. Windows or Linux) boots, BIOS has almost no effect on security. I have never heard about a BIOS vulnarability. If this is really a concern, then buy from Dell or HP, whichever you like, and stick with it. This is an absurd argument.
- Some Windows applications are not well written? Then, don't use them. With this mind you will also have problems with OSX.
- You want to standardize on hardware? Then buy Dell only, and do not read the other ads. This is even more absurd.
- The same for memory, buy Crucial and do not consider the others. This is included in the absurdity of previous one. Apple can also take a variety of memory brands.
- Apple uses the same harddisks that everyone in the PC industry use, and even cheaper ones. Checkout the specs of Macmini harddisk.
Whatever
Point 1: Windows is complex. Yup. That happens when one version of the OS does every-damn-thing. This point is right on the money. Of course MacOS X and Linux/BSD/Unix are complex as well...
Point 2: Not entirely true, but close enough I'll give it a pass.
Point 3: This is IBM's fault all those years ago...
Point 4: Third party developers are to blame, not the hardware (as point 3), or MS (point 1 and 2).
Point 5: Diversity is a problem now? Gee go figure. So by this logic, there should be only one hardware vendor for PCs, and I bet that would be someone other than Intel, right? Were there not more than one hardware developers we'd still be on the 8080 and Apple would not even be around.
Point 6 & 7: Buy piss poor, get piss poor. Caveat Emptor, brother. That's why you read up and buy with an intelligent decision. These are third party devices to the motherboard, RAM, and OS. Blaming "WinTel" when your PC might be AMD/Asus is flawed.
The argument has been done to death, and in the end it's a personal preference sort of thing. If Macs make his tail wag, right on; but if not, then what? Of all his points, 2 of the 7 he makes puts the ball in MS' court, the rest are hardware related save one which would bring a screeching halt to the diversity and development we've been enjoying for so long.
Sorry, I don't buy into his list fully. Is MS a problem child? Yes they are. Can they fix their shiznit and act straight? Yes they can (only time will tell if they do it). But to think switching to Mac (or anything else for that matter) will solve all the woes, he's sadly mistaken. Each platform has its own issues--trade one for another. "You makes your choices and you takes your chances," is the rule.
I've seen a few comments along the lines of, "who is this guy and why do we care that he switched from PCs to Macs?" While he may be to security what Alvin Toffler is to science, Schwartau has been in the info security business for long time and has a fair amount of credibility, at least at the boardroom and executive level. So, if /.ers are going to take potshots, let's at least know something about the guy before we shoot.
:)
(Of course, why should we change now?)
Here's some background on Winn Schwartau:
Founder and CEO GetInsightU, Inc., www.GetInsightU.Com
President and founder of Interpact, Inc., The Security Awareness Company. Interpact develops information security awareness programs for private, public and government organizations.
He is the author of "Internet and Computer Ethics for Kids (and Parents and Teachers Without a Clue)" (2001/2002).
In 2002, he was honored as a "Power Thinker" and one of the 50 most powerful people in networking by Network World.
Founder of the InfowarCon conference, www.infowarcon.com.
Has been referred to as "the civilian architect of information warfare," he coined the term "Electronic Pearl Harbor" and was the Project Lead of the Manhattan Cyber Project Information Warfare and Electronic Civil Defense Team.
Books include:
Pearl Harbor Dot Com (2002)
Terminal Compromise (1991)
Cybershock (2000, 2001)
Time Based Security (1999, 2001)
General Abdication (2003)
Information Warfare: Chaos on the Electronic Superhighway (1994, 1996, 1997)
Information Warfare: Cyberterrorism, Second Edition," (1997/1998)
He has called for the creation of a National Information Policy, a Constitution in Cyberspace and an Electronic Bill of Rights. He was a contributor to all three of AFCEA's Cyberwar Books (Ethical Conundra of Information Warfare, Something Other Than War and The Carbon Unit as Target) and several international works on CyberWar and Espionage. "The Complete Internet Business Toolkit" (1996) is one of the first books to ever be banned from export out of the United States. His other writings include "CyberChrist Meets Lady Luck" and "CyberChrist Bites the Big Apple," "The Toaster Rebellion of '08", "Firewalls 101" (DPI Press), Information Warfare, (Schaffer/Poeschel, Germany), "Introduction to Internet Security" (DGI/ MecklerMedia), and chapters for Internet and Internetworking Security Handbook (Auerbach). His writing, interviews and profiles have appeared in Orbis, Wired, NY Times, Information Week, Network World, ComputerWorld, Network Security, St. Petersburg Times, Internet World, Virus Bulletin, Security Management, Infoworld, PC Week, plus dozens of magazines around the world.
Although not a hacker, he has been the popular host of DefCon's Hacker Jeopardy for nine years.
- Adjunct Professor: Norwich University
- Board of Advisors: ISAW, Information Security Awareness Week
- Board of Advisors: St. Petersburg College
- Contributing Editor: Infosecurity Magazine
- Contributing Editor: Journal of Information Warfare
- Advisory Board Member: CipherTrust www.ciphertrust.com
- Advisory Board Member: SSI, www.SecureSoftSystems.com
- Editorial Board Advisor: Network Security Magazine, (Elsevier), U.K.
- Contributor and Columnist: Network World (1994 - present)
- Consulting Security Expert: Giga Information Group
- Advisory Board Member: Milcom Technologies
- Advisory Board Member: 1GlobalCity.Com, Inc
- Member, Editorial Board of Advisors: InfoSecurity News. 1990 - present
- Advisory Board Member: Click2Send
- Contributing Editor: CartaCapital, Brazil
- Contributing Editor: Availability.Com
- Publisher and Founder: Security Insider Report (1992 - sold 1997)
- Contributing Editor: Secure Computing Online http://www.secure-computing.com/
- Contributing Columnist: PlanetIT, CMP Publications
- Former Member, Board of Directors: Tritheum Technologies, (company sol
TLR
A man no more knows his destiny than a tea leaf knows the history of the East India Company
This clearly isn't the case - Apple have shipped not one but two remote code execution exploits through Safari, and there have been serious security bugs that remain unpatched for months at a time.
No software is going to be magically secure.
But the question is not one of security being perfect. It's what happends when security (for whatever reason) is less than perfect?
On the Mac a Safari security issue is a lot more serious since most Mac users probably use security - so right away you can essentially drop off service holes as not being meaningful for most users. If the target is too small no-one will bother to use it as a vecter since the payoff would be too low (unlike Windows services which have to run and are protected only as long as the firewall holds).
Now lets say a user does go to a site using Safari that has some malicious code to execute on the users computer. The user is STILL better off because the code cannot infect the system to the same depth a Windows virus can. Yes in Windows you CAN choose to not run as administrator, but for all practical purposes that's like claiming that ALL Mac users will run sshd - it's just not the reality of the situation.
A virus that's not able to get as far into the system is also not able to do as much harm and is easier to remove. If a virus gets into a Windows box are all users of that box affected? Probably. If a virus gets into a Mac box are all users on that box affected? Probably not.
What that means in practical terms is that I can have an acocunt for a child that they can use however they like on the same computer as my own - because even if they catch an UberVirus that destroys all data, it's not going to be able to hit MY data. It's just too hard and relies on too many windows of opportunity to exist so the odds are exceedingly low it can happen.
So while there are security holes for both Macs and PC's, the reality of the possible effects from a breach on either system is FAR better for common use cases on a Mac system. You can't go by counting security alerts alone, you have to come up with real use cases that illustrate real-world problems with how users use systems.
Note of course that everything I've said about the Mac applies equally well to Linux systems, though they tend to run more services by default.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
"Life is like a mop. Sometimes life gets full of dirt and crud and hairballs and things and you gotta clean it out. You gotta stick it in here and rinse it off and start all over again. And sometimes life sticks to the floor so much that a mop, a mop, it's not good enough. You gotta get down there with like a toothbrush, you know, and you gotta really scrub 'cause you gotta get it off. But if that doesn't work, you can't give up. You gotta stand right up. You gotta run to a window and say, "These floors are dirty as hell, and I'm not gonna take it any more."
Stanley Spadowski - UHF
In an engineering environment, that will result in armed insurrection, and the heads of the sysadmins on pikes out in front of the main entrance as a warning to their replacements.
As long as Mac's don't hit the mainstream big time, they are safe. That's the only thing what's keeping them away from viruses etc.
I remember DefCon V in 1997. Winn and I were drinking at the bar in the hotel's (the old Alladin) casino. I can confirm through first-hand conversation with him that a) he is not interested in anything remotely technical and b) his understanding of computer security related matters is pedestrian at best. He was definitely more interested in talking about the speculation that Martians/aliens/UFOs are a government conspiracy inteneded to delude the masses about the origins of its super-weapons.
Aliens and being pedestrian explains the Mac thing. (duck!)
But I had lost all respect for him before that, when his "expert" website infowar.com or whatever was nothing but a compilation of other stuff, and nothing original.
-- i drop mine in braille so you blind cats can read me
Once you go Mac, you never go back!
At least I think that's how it goes...
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
For those of you who don't recognize it, that's a direct quote from the US Declaration of Independence -- s/Government/System/g
That's so good, I put it on my second website
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
This article is spam. Congratulations, some newbie has woken up - who cares? not me!
In my company, god forbid I try to stop some vp from installing barney's latest adventure for their five year old, next thing you know the ceo's asking my boss why I hate america so much.
:-)
The thing is, I hear what you are saying. One thing I think that helped was the company had a very technically saavy CEO. As a privately held company, the company had started with a very minor IT position for its employees; terminal based computing running off an IBM mainframe. It was a great system, but finally, too much was required of it. They spent about $20M on their first 25 years of IT; so when business requirements finally forced a major upgrade in the way they operated it was a $50M dollar investment. That's so much money, nothing was left to chance. The rollout happened after 36 months of intense planning. Of that budget, 3% (2.5M) was laid out for pre-deployment testing and planning. They did a dry run in an offsite facility two weeks in a row before the deployment.
I know. It was the best IT environment I've had the pleasure to work in. Everyone was onboard. So much so we had MS bigwigs touring our facility 6 months after a deployment. We were featured on their website as a case study for a while, until they refuesed to upgrade to XP on MS's schedule, that is
This is a Winn-win situation.
Given one hour to live, the student replied: "I'd spend it with professor FP who can make an hour seem like a lifetime."
50K Windows machines and not a single BSOD? I find that incredibly unlikely. You didn't have a single PC with bad memory or flaky mother board or power supply? We have around 600 Dells, all certified for Windows with Dell's "Gold" level support, running 99% Microsoft apps, and still get an occasional BSOD, even if it is a hardware related problem.
It might have been a randomly generated ad, but i thought it was funny as hell that i'm reading an article about how windows security sucks and mac's is better and the middle of the article is pushed to the side to accomodate a good size ad saying : "find the tools and guidance you need for a well guarded network" with a microsoft logo in the top corner...
i don't care
I'm a Mac zealot and I hate Redmond crapware as much as anybody.
However, not adding features to useful, stable products is a trend that ought to be encouraged.
Microsoft takes a lot of flak for abominably bloated software filled with bells and whistles that nobody uses. Maybe we shouldn't criticize them for freezing the features and fixing the bugs.
-ccm
Too much Law; not enough Order.
Just receintly I decided I wanted to bring OSX back into my computing life, so I told the wife, "Honey, I'm buying another computer."
Needless to say she wasn't thrilled. She's not really comfortable with computers, and had finally gotten to the point where she was comfortable using Windows XP Pro and didn't have to ask me questions about how to check email, browse the web, type a letter, etc.
So the new 20" iMac G5 arrived and her only comment was, "Well it looks nicer than the other computer."
After about a week of using it (without any questions for me other than how the dock worked) she said to me, "You know, I really like that new computer. It makes a lot more sense!"
I am mad as hell. I had enough of slashdot.
That's it. I am finally switching browsers.
Comment removed based on user account deletion
1) Cost - A company can build 2-3 Windows/Linux PC's for every 1 MAC.
I don't know where YOU work, but every Windows-based client I have just buys machines from Dell or (much, much less frequently) HP. NOBODY has their IT guys build user workstations from scratch, it's a total waste of time. Nobody even buys whiteboxes from the local mom & pop anymore. It's all Dell. And yeah, Dells are cheaper, but they're also shit quality.
3) Useability - Ever use a PC then try using a MAC. It's much more difficult and not as agile.
Well sure, once you're used to the ass-backwards Windows way of doing things (e.g. Click "Start" to shut down). I've provided support for a lot of switchers, and the common thread among them is fear-- They are desperately afraid to try anything on the Mac because at some point in the past they seriously fucked up their PC by doing something they thought was innocuous. It takes a lot to get them to learn that the Mac won't let them do anything that screws up the computer (Terminal commands run as root notwithstanding, but we're talking about noobs here).
4) Repairs - Again Mac's are expensive Hardwarewise. You can't just go down to the local hardware shop and pick up a modem card. PC's are MUCH more customizable and easier to maintain.
Again, I don't know where you work, but all my clients who buy Dell have had plenty of support nightmares. Unless you get their top-level support option, you're stuck talking to Haji in Bangalore who insists you try all kinds of shit-- up to and including reinstalling Windows-- when you're telling him you're sitting there watching smoke pouring from your dead power supply, and it is a goddamned HARDWARE problem. Then you have to wait for Dell to send out a part and possibly a tech to actually do the repair. In any company not based in a garage or spare bedroom, it's not as simple as just running to your local Fry's and picking up a part-- except maybe a hard drive or something like that, and you can get those for Macs just as readily.
Now, don't get me wrong. Mac's aren't bad they just aren't competitive in an office environment. They cost a lot to fix, they cost a lot to maintain and purchase software for, and they are a bitch when something goes wrong.
Bullshit. At my last job I single-handedly supported over 100 Macs in ten companies spread across three locations, and I spent most of my day sitting in my office reading or browsing the web. Once in a while a machine would puke and need Norton run on it. Other than that, the call I most often got was when someone would have trouble with an e-mail attachment they received that was created on a Windows machine. We did have two failed hard drives in the 4 years I was there, though. That company later switched everyone but the graphic designers to Windows, and myself and two other people they had to hire for end-user support could barely keep up with all the problems-- except in the design studio, which didn't have any.
At my current job, I have clients that I see once a week just because they like me to spend a full day on-site-- most of the time I just hang out and flirt with the hotties there, they seldom have any trouble. I have others that I haven't seen in two months, because their Macs don't give them any trouble.
Even worse you can't run older versions of stuff that IS MAC compatible... and we aren't talking several versions... we are talking like... 1.
WTF are you talking about? I have clients running OS X and running a version of QuarkXPress that appeared in 1999! Nearly any older Mac app that is still worth running works fine in the Classic Environment.
You drop mac prices, you make them more compatible and easier to maintain we'll talk.
Drop prices: Mac mini, $500
More compatible: Macs can bind to an Active Directory domain without even needing a reboot afterwards-- show me a Windows box that can do that. And Mac servers can act as domain controllers. Throw an NTF
he/she deserves to be called that (that too with an experience of 22 years)
If he's a serious admin, I doubt if he'd be manually installing the os and all the apps needed on all the systems. You'd most probably be using systems with the same config. So get one installation done properly, ghost the image and use it for all the other systems. Install a firewall like kerio and opera/firefox and make it the default browser. These along with some anti-virus solution should be good enough to keep a system reasonably secure, unless your users are adamant about downloading viruses deliberately and running them.
Haven't used those features anytime but am quite sure that remote administration in windows 2000+ isn't that bad. For getting your systems regularly updated you can even have a local server that fetches updates from the windowsupdate site, and can push the pathces on to all your systems.
But however secure you make the systems to be, unless the users have an idea as to what minimal precautions to take to have a secure system you'd keep switching between different OSes. Something simple like not running any executables, opening documents received as attachments would take care of 80% of your problems.
I'd be in windows for atleast 12 hours a day, coding, browsing and playing and never have I had a problem because of some virus or spyware from the time I had started using windows about 6 years ago. I had survived only on linux for 2 years in between but I had never found my windows box to be lesser secure than my linux system. Why?! Have a good firewall, abandon ie/outlook and friends be a little careful about stuff you download from the net. and live happily for ever\
I found his blog a little interesting because his true irritation appears to be the low quality of WinTel pre-packaged hardware as opposed to Microsoft Windows.
And personally, I find THAT to be a little irritating. He states that I have decided to look at PC/WinTel Security from a Systems Engineering View (SEV) - the world and discipline I grew up in at the turn of the last century. But then, he sites a string of (admittedly unfortunate) anecdotes. How is that a systems view?
Winn Schwartau appears to be shilling for Apple. Seriously man, just show us the check Apple sent you so we can rest assured that you haven't gone all soft in the head. At least then we would know you're being rational and that, every time the syllables WinTel leaves your lips, that we should just stop listening.
I guess I'm irritated with his position because of its spectacularly uninformative stance. I thought I was going to hear about all the good reasons WinTel really did suck from a security standpoint (even despite Microsoft's recent considerable efforts to resolve this). Or maybe I was going to hear about how OS X really does rock from a security standpoint (aside from the vaguely true but unquantifiable "well, it's like Unix so it must be better"). But to get none of the above just so he can rant an opinion?
Phooey..
Please mod this post only if you think others should/n't read this. I have enough ego^H^H^Hkarma. Thanks!
What a idiot if he made a business decision while he was mad about something. Switching over in 2 days? I doubt it. (unless his business is under 5 people)
I guess nobody read the next article? "Shattered Mac illusions"...
Now, let's review: This was a brand-new machine, the system detected no problems and iPhoto hadn't been used before, but handling just less than 15,000 images made it blow up. And I thought Mac applications were generally considered to be better than Windows applications. Evidently this is not the case.
My server
That's pretty good advice, but I'm going to argue with you a bit on #2:
>>Step 2: Get updates **every couple of months**
Didn't you mean to write "every day"? Sure, the OS may only be patched every month or two, but you must also consider your hardware drivers, firewall firmware, virusscan signatures, malware/spyware detector(s), etc. After most OS patches, you'll need to do the patch/update/restart dance so you might as well do everything at once.
IMO, to keep a Windows box protected, a daily check for updates is necessary.
We have about ~300 systems-- >80% Linux, 5% Solaris, 5% Mac, 10% Windows. We have 2 people f/t in sysadmin and anoter guy who helps out when necessary. We spend well over 10% of our time on Windows issues. If we had a higher % of Windows systems, we'd spend an even higher % of our time realive to that on Windows issues.
Other than we do wholesale, massive upgrades to the OS we have very few Linux issues, just hardware issues we have with all architectures (albeit more with lower end PCs than anything else, regardless of what OS they run-- we're moving away from having any low end PCs).
Some Windows software applications are well written; others take shortcuts. : How is this different from Mac software?
The shortcuts programs can take are less likley to affect system stablity.
Memory Not all RAM is equal. Some works well. Cheap stuff doesn't. : Makes save you from this trouble by only allowing you to buy the expensive stuff...Hard disks. Same problem: cheap or reliable. Your call. : Again, solved by Apple by not allowing "cheap".
So a philisophical question - is it better for a company to use more expensive products they are sure will work for 99% of the userbase, or to use parts with an acceptable failure rate of 20% and just bake extra support costs (handled by India of course) into the equation? Is it better for most users to allow them an option of using cheap parts if they buy on thier own instead of forcing it on them in disguise as "bargain" systems?
Windows is complex, trying to be everything to everyone. : Have you seen an Apple commercial recently? Or the "switch" ones?
How are those related? In the first case you have an issue of functionality - in the second marketing. And we all know marketing != reality...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The switcher would be written up in the medical journals too:
1) Spontaneous rabies cure. (Mac fans are RABID!)
2) Survival by individual after being 'pithed'.
And, apart from AirPort topology problems and GUI handling issues, Apple has managed to not give me too many headaches.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
But you haven't provided any sort of evidence whatsoever to support the correctness of the popularity myth. So far as I am aware, no one has. Yet, many people accept it because it comforts them to think that their platform would be just a secure as the other guys if it weren't so darn popular.
Correlation does not necessarily imply causation-- just because it is popular and has the most vulnerabilities does NOT mean that those security lapses are BECAUSE it's popular.
God is imaginary
I was going to read the article, but then I scrolled down and read some of the comments which quoted bits from the article and instantly realised I'd get extremely annoyed at the inaccuracies if I did actually read it.
:)
I'm a Windows user, but I don't have anything against Macs. I'd buy one myself, except for one problem: they're still too expensive. The Mac Mini is a step in the right direction, but its underpowered Radeon 9200 graphics kind of let the side down when even the eMac is running a Radeon 9600 these days. Also there are potential spyware issues with Mac OS X now that Safari Tiger has a default option enabled for autoinstalling widgets. Mac zealots will probably say "oh, but you can just turn that off and it fixes it" without considering that the same is true of Windows and ActiveX: if you disable ActiveX in IE, a lot of spyware problems go away.
On a completely different subject, when did Slashdot start using captchas for posts? And, does anyone else find it interesting and amusing that the string I was given to type reads "ffapmsa"? Think they're trying to tell me something?
In my time, we never had (1) any problems with patching, (2) a single piece of spyware found on any machine, (3) a single virus or worm or other such outbreak of unauthorized software, (4) any data loss or corruption and (5) a single BSOD. I had a core group of 12 servers that were "mission critical", whose uptime from the day I started to the day my replacement came aboard was perfect.
OK. Either
a) Your machines and users are swamed with infections and you're just too self confident to see it.
or
b) Your network does not in fact have any access to the net(at all!)
You do realise that on most windows boxes a user so much as visiting a malicious site will infect the machine. This is not to mention the legions of suspect attachements they open everyday? Do you even run Spybot or equililents? Have you heard of USB drives? Do root kits ring a bell?
I'm not going to elaborate on all the things that can lead to infection on a windows box, or what an infection can result in. What I will say is that Anti-virus, firewalls and automatic updates cannot gaurantee security.
You've got users, on windows boxes. Face it. They will be infected within one week of clean install. There is nothing short of cutting your net connection and bolting shut media drives. Nothing.
You may feel you're still dealing with script kiddie written viruses and worms, written only for kicks. You're not. You're playing with the big boys now. Spammers and marketers whos 24/7 purpose in life is to get a hold of your machines and maintain that hold whether you like it or not.
May the Maths Be with you!
Seriously. Because it breaks so much, and is so support-intensive, I make a great living off of it. I am a Windows network admin for a network of 500+ workstations and 20+ servers... all MS Windows machines.
Because of the complexity and problematic nature of MS Windows, I have a steady job. A good-paying one at that.
Of course I run Linux at home for all the important-to-me computer stuff I do at home, only because I am too cheapskate to shell out thousands of dollars for a high-powered fully-loaded overpriced Mac. I run Windows at home only for gaming, and have a "disposeable" machine for that, which I always keep a Norton Ghost image of the hard drive on my Linux server so that I can rapidly restore the Windows box to a known-good, clean state whenever it gets infected or craps all over its own files.
Again, thank you Bill Gates for making such a craptastic operating system that the whole freakin' world is addicted to like crack cocaine. It has provided me with a good steady source of income. Keep it coming.
PS: I read a really insightful quip from a pro-Mac user on some blog site... It goes like this:
---
Two computer guys talking about their weekend one Monday morning...
Windows guy: I spent all weekend doing (fill in the blank) TO my computer.
Mac guy: I spent all weekend doing (fill in the blank) WITH my computer.
"Apple have shipped not one but two remote code execution exploits through Safari"
As opposed to the hundreds of remote exploits that have shipped in IE?
Dude, I use Windows computers, but the existence of two security holes versus the hundreds and thousands in Windows (ActiveX itself is a hole big enough to drive every Russian mobster through) doesn't make your point; it proves the opposite.
I can give you a ton of reasons to switch from MS Windows to Macintosh besides very good security but you're right. Years ago, starting with RedHat 7 I think, RH had a panel widget that would alert the user to a new security patch. Two clicks and the system was patched. Very sweet. Ubuntu started the same thing with Hedgehog. And of course the great security of BSD. It's MS Windows that can suck for security (part of the blame does fall on the user), not the whole x86 world.
IMO it seems short sited to switch to a Mac just for security reasons. Switch for iMovie (I love that app so much), GarageBand and iPhoto. If you're into high end video switch for Final Cut Pro and Soundtrack Pro. There are a ton of reasons to switch.
Let it be said that switching to Macs isn't perfect. You're basically a sharecropper living in a company town owned by Apple. If Jobs wants a feature or program dead (like accessing your iTunes library over the Internet, the Newton, OpenDoc or Hypercard) it dies. There is no appeal, it dies and stays dead. Hence the reason most of my work is on an Ubuntu box now with a Mac (for video) and XP Pro (for contract work) boxes on a kvm.
Switching to a Mac isn't good or bad. IMO it's much better than MS Windows but know the pitfalls.
"I hate to advocate drugs, alcohol, violence or insanity but they've always worked for me" - HST
Sure - they're pretty, hardware and software. BSD based UNIX boxes on steroids. But entrenching yourself into another set of licensing fees when you've already spent your ass on Microsoft.... ouch. This is not a flame post - it's just something that everyone who's got a budget and needs to deploy hardware and software for a group of employees should realize. Apples cost money - lots of it.
But the upgrade path for MacOS X is fast and consistent (for supposedly the most stable operating system in the world). And its patch set is like a service pack every other month.
Major upgrades cost more than $100 to obtain (and that's PER machine). It's great to see that the now-addicts of MacOS X are finally getting a taste of what Linux distribution advocates have known all along. Most distributions are designed for the stable at heart or for the bleeding-edge group. Linux has that type of flexibility.
He talks about computer crashes?? QUIT BUYING SHITTY HARDWARE. My Dell workstation has been powered on non-stop since it was purchased two and a half years ago. Not one stupid blue-screen. Not one crash. It reboots when it needs to apply a security update (yes, even Linux needs to reboot once in a while). But the power supply has been throwing the juice consistently. The secret? Quit installing every stupid piece of software in existence like dancing pets on the desktop, screensavers that play music when you're not at your desk, etc. What happened to function over form?
Luckily he's not looking at purchasing Apple's notebooks which appear to be fabricated by Indonesian children or prisoners in China (constantly riddled with recalls or faulty video gear, etc.). I can't help to imagine that this same type of lowest bidder technology is added to their PowerMac line. Reliable hardware - Apple? OXYMORON. Just Google for "faulty apple" and see what I mean. Apple is the exclusive HARDWARE and exclusive SOFTWARE vendor. Not competition in the segment. No price competition. You pay too much for hardware that just doesn't stack up against the modern Pentium 4 and Athlon64. For what? Pretty window decorations?
What about the transition (Windows to Mac)? We're not talking one for one here. Sure, he can run free office software and save a buck or two. He can get the plethora of browsers out there that his employees are familiar with in a Windows environment. He says they've made the switch in two days. Sounds to me a bunch of people just like click on the pretty icons with their one button mouse. *bleh*
Operating systems are meant to be functional. The fact alone they are pretty could mean absolutely jack and doodle to people who require function. Take spreadsheets for example - can you image putting border decoration like lights during Christmas time around each cell? Having nice window decorations, fading popup menus, etc. is eye-candy.
Pretty and/or functional - your choice. Cheap PCs - your choice. Linux - your choice. Tons of software - your choice. Tons of support - your choice. See the difference?
Ayup
Actually, there was an exploit, once.
It was some time ago, and I believe it was the result of a "hack the server, get a prize" type contest.
I'm too lazy to Google it right now but IIRC, the server that was hacked was running the classic Mac OS, WebSTAR, and Lasso, a tool that lets you webify FileMaker databases. There was a vulnerability in Lasso that was used to, per the contest rules, successfully alter the contents of a certain page on the WebSTAR-hosted site.
The prize was awarded, the vulnerability was quickly fixed, and that's the first, last and only time I have ever heard of any server on a classic Mac OS based machine getting hacked.
~Philly
The problem with your whole set of steps is that it works GREAT when you have one or two users.
But this guy is talking about a whole company. That means a lot of users, some of whome do not (and will never ever) know better than not to ever click on a phishy site.
Using Firefox helps but again, those wacky users will probably use something at some point that uses embedded IE and then you have trouble again.
That's why for families or companies, using Windows is simply not a good idea. It's just taking a while for the populace to catch on to the concept.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
As I tell my friends constantly, here is my perspective on the platforms:
...
Windows - Fix it for 4 hours to do a 10 minute job
or
Mac - Do your 10 minute job and take 4 hours off (or go do something else)
After I purchased an iBook, this is what my home technicial life consists of now
After installing the drivers (at least Windows would have recognized the hardware with Plug & Pray), I could actually use the (admittedly beautiful and stylish) new wireless keyboard & mouse.
Next step was setting up the network. After fumbling around for an hour trying to find out where to input my SSID and WEP passphrase (it doesn't actually say SSID - it says something like Network) that finally worked. I'm on the net, set up my e-mail account, and that worked great. I then proceeded to access my Windows machine where I keep my multi-media files, and begin importing them to the Mac.
Despite an 802.11g network, the thing was slow - probably about 54 KB/sec insteasd of 54MB. Took about an hour to import the first 50 songs of my 6000 song library. Went to bed exepcting a library full of songs.
Wake up the next morning, the network connection must have gone down for a time, but indeed all my songs are in the library. But for some strange reason, about 100 were duped. I delete the dupes, not realizing that the dupes were actually pointing to my shared folder. So now 100 songs are missing from my main iTunes library. Had to click on every single song to see which ones were missing, then copy them back to the PC. However every time I tried this, crash after about 2 min. and an error message. At this point I'm cursing Steve Jobs' very existence.
After searching countless sites for a lead on whether I've set up the network properly or not, turns out that Mac OSX is only supposed to be able to READ NTFS, and not write to it. So OK - I'll use my firewire portable hard drive, and copy the songs over that way. But of course, that means reformatting the portable drive as FAT32 first.
After finally copying everything to the portable drive, deleting everything from iTunes and basically starting over, I still have dupes. Some of the file names with weird characters have problems, so the Mac decides to make a second copy of the file when importing to iTunes. At least this time I had learned my lesson, and click on Get Info every time to make sure the path is the same on both files.
I just don't know what to expect the Mac to do - it seems to do everything on its own with no user input. Even the screen resolution - when I restart the machine, it starts on a different resolution than I last left off with, and has no apparant way to set a screen resolution as default.
I have to say that today I much prefer Windows XP - having spent many years with it, I know how to keep it virus and spyware free, and I'm willing to live with managing the security problems, since the user experience is so much more consistent and customizable. Maybe I'll feel different after using more of the toold in OSX.
I am the administrator of my own machine (the account I use to log in has admin access). I've never had any spyware, viruses, malware, trojans or any other problems what so ever - and I've been to quite a few seedy websites. I don't always use a firewall. My machine is actually a laptop and I am constantly changing networks and traveling around. I haven't disabled or changed any of the machine's settings. I'm using the default web browser. My machine hasn't been rebooted since April 29th when I installed a new OS. Before that it had been on for 3 months straight, previously rebooted for an OS update.
What am I using?
Tiger on a Powerbook.
I don't care what you do to a wintel laptop, you will not be able to abuse your machine the way I do and have this kind of reliability.
Kiteboarding Gear Mention slashdot and get 10% off!
b) Your network does not in fact have any access to the net(at all!)
Close, but no. They had full access that was heavily filtered through a proxy, and aggressively tracked for nasty things.
You do realise that on most windows boxes a user so much as visiting a malicious site will infect the machine. This is not to mention the legions of suspect attachements they open everyday? Do you even run Spybot or equililents? Have you heard of USB drives? Do root kits ring a bell?
Not true, my friend! Lock it down! Lock down the registry, disable ActiveX, filter out drive-by installs at the proxy. Run the user as a user, not an administrator. Attachments are scanned and filtered. Users are unable by permission to mount removable media.
I'm not going to elaborate on all the things that can lead to infection on a windows box, or what an infection can result in. What I will say is that Anti-virus, firewalls and automatic updates cannot gaurantee security.
I can guarantee that these boxes were infection free, and were very clean. We also didn't run client firewalls, anti-virus, or automatic updates!
You've got users, on windows boxes. Face it. They will be infected within one week of clean install. There is nothing short of cutting your net connection and bolting shut media drives. Nothing.
False! 100K users, 50k machines, no infections, no spyware, never, not once!
Here is how, it's easy: 1. Filtered Internet access. Easy.
2. Allowed programs only. Windows allows admins to specify which binaries are allowed to run via a group policy. Thats 99% of it right there.
3. Principle of least privelage. All users run the fewest permissions possible. Minimal local system privelages. The users could not even download to the desktop for lack of permissions. Locked down. Minimal ability to modify non visual aspects of the system. Remove profile storage, and re-imaging of the systems with available patches once a week.
Yu are buying into a victim culture of IT! Its too hard! MS ruins it for me! It's all those baddies against me!
Well, the tools are there. Testing, planning, written policy, technical policy. Scripting, automation, and restricted privelages.
It is possible! It takes hardwork and planning, but what doesn't?
Well, that's an extremely good question no matter how you try to belittle it. The only valid reason I can think of is the perception that it's safer (not security) and easier to use a Mac, which is likely true to a varing degree depending on implementation.
Actually, when you buy a mac, you get a box with everything you need, and all you have to do is plug it in and power it on.
Whereas I've watched a software engineer friend spend 3 days installing and configuring linux on his brand new box.
In fact, I have computer-newb friends who's crappy, buggy windows machines might benefit from a linux injection, but I don't want to have to find out which distro they need, how to install it, install it, fight with the various devices who want a driver, no not that driver, another driver, and then spend time re-teaching them the basics of using their machines.
So I just say "you know, the mac minis aren't too expensive, and they're tiny!".
You can't take the sky from me...
I don't care what you do to a wintel laptop, you will not be able to abuse your machine the way I do and have this kind of reliability.
I've got news for you chief, I am not arguing against Macs.
I think they are great, and great for you.
I am saying, however, that all these people that assume you can't secure a Windows network are wrong. I've done it, got the t-shirt, whatever you want to call it.
And, finally, by the way, I run a Windows XP desktop that has had similiar results: default browser (IE), mail client (well, Outlook 2003, but still) and a stock install. I've been all over the web, and never had a virus, trojan, or any problems whatsoever. You are not that unique! I beat on that box day and night, and I mean day and night, and it's always done what I want, how I want!
Same goes for my HP laptop.
You sir must have been extremely lucky. You must have had absolute unilateral control over everything computer related in your entire company. While what you describe is technically possible. Tight network control, automated software and patch rollout, tight and restrictive local security policies. Nobody running as administrator or even 'power user'. You also must have had some sort of 3rd party application to enhance local security and remote management.
Politically this is tricky. There's always a boss or exec (Or a friend thereof to go over your head) that wants to run some shitty screensaver or wants local admin access or want to come up with some other way to make your work life a living hell.
50K Windows machines and not a single BSOD? I find that incredibly unlikely. You didn't have a single PC with bad memory or flaky mother board or power supply? We have around 600 Dells, all certified for Windows with Dell's "Gold" level support, running 99% Microsoft apps, and still get an occasional BSOD, even if it is a hardware related problem.
Ohh I had plenty of hardware problems: machines that never came backup, etc. But, oddly, never a single BSOD. We had HDD's die, and they just froze the machine. We had memory go flaky, with the same result. But nope, we used central logging, and the only BSOD we ever had was the one you can cause yourself with a registry tweak and the scroll lock key (to test the logging, actually).
Granted, the hardware was brand - brand new - and we picked out the defective units before deployment thanks to a healthy burn in period.
OSX is UNIXy enough that I'm seriously considering making an Apple my next hardware purchase, too, and I've been running Linux since '95 and building my own computers since '89. I gotta admit that the Dual G5 with 30 inch flat screen gives me wood.
I've been trying to convince my parents and sister to go the Apple route with very little success, though. They refuse to so much as look at one in the store. They have a preconcieved idea about Apple and are probably worried about having to replace all those Windows 3.1 apps they've been carrying around since the mid-90's. I'll keep pushing it, though, whenever they ask me what they should get when upgrading. I think Apple really needs a killer app to convince those users to give it a try. I'm sure that once they took the system for a test drive they'd like it.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
User friendly? When I have to double click? Double clicking it hard. Hard in software (all the time outs must be just right so you get the double click vs. two single clicks in a row right), and hard on people. (Ever try to teach an old person to double click? Some of them can't move their fingers that fast)
OSX is nice, don't get me wrong. However it is not perfect. KDE works the way I want my OS to run, in part because it is configured to work the way I've been used to my interface working for years.
I'm not saying that you can't secure a windows network. We have a very secure windows network where I work.
All I'm saying is that it's A LOT harder.
If our network was comprised of all OSX machines we could fire at least one of our full time PC support specialists.
Kiteboarding Gear Mention slashdot and get 10% off!
It is possible! It takes hardwork and planning, but what doesn't?
A Mac network. Even one where all the users have admin access to their own computer, no proxy filter, no disabled whatever-services.
It's hard to take a "security expert" seriously when he says he uses an FTP client.
Microsoft Windows does the same thing - include all current drivers. However they do not do regular updates. Last time I installed Microsoft Windows 2000 on a "designed for Windows 2000" box it didn't have the drivers I needed, and I had to search for them. I'm geek enough to pry the heatsink off the northbridge and google the numbers found, I don't know what the average person would do.
Linux is updated often, so it is more likely to have drivers for new stuff in my experience.
And zealotry towards the merits of a single (non-Microsoft) company is different ... How... from what we have now?
Need I remind everyone of the recent lockin for the Apple Music store to only allow iPods and effectively dissalow other music players?
How about the fact that Apple has perfectly adapted to the ongoing change in the IT industry created in part by the presence of open-source software? Has anyone seen the Spotlight source code? Nope. They just appear to play nicely with other open-source projects so to be _everyone's_ platform of choice : Linux zealots and windows users fed up with fixing up their computers, without forgetting education.
Any company's goal is to grow. It is no different if it's called Apple, google, Microsoft or Shitforbrains ...
What is needed is balance so competition can effectively foster genuine innovation and progress towards a better information technology ecosystem.
The litmus test is simply: what hardware/software combination is the most appropriate for an inexperienced computer user?
My cash is on the Macs, and recommend it to everyone with non-specific needs.
You better watch out, there may be dogs about . .
Sheesh, it still hurts from the last time I said that Penny Arcade sucks and I like User Friendly better.
The scars! auuugh!
If you're going to set up a minimalist configuration that only allow specific programs, you might as well just run Linux.
The whole reason people run Windows is so they can install some little app that they have to have. If you're not allowing that, then what do you need windows for?
1. No users ran with admin privelages, ever. That is huge, huge, huge. Even when I was logged in to a dev box, I was was not an administrator of anything. We heavily used RunAs techniques for slightly privelaged operations.
...We used no anti-spyware packages!...
...outgoing ports were watched but not restricted (we let them have an IM package installed...
...there was nothing stopping them from trying to visit any old dark corner.
Users aren't admins you say? Tough luck sonny. It's called win32 API programming and it gets past all such restrictions. Malware will most likely run as admin whether your user is one or not. user mode will not save you.
2. We used group policies to specify exactly which binaries a specific user or group of users could run. This is also huge.
I hope iexplore.exe and outlook.exe were in there, cause if they wern't.... msnmessenger too.
3. ActiveX completely disabled.
Naturally. However a better step would be to ensure ActiveX is never used by switching to alternate browsers. Also, the users(malware) may, for whatever reason, find a way to turn ActiveX back on, or worse, request it! Getting rid of IE altogether is a better step.
4. All web content went through our web proxy, which aggresively filtered out potential problems.
Well i should hope it did go through a proxy, otherwise you'll have quite a large rental charge on your telephone bill. And your proxies "filtered" all web content? Are they supercomputers!?
5. Aggressive use of known good machine images. Each machine was literally one of 3 templates. We could log a user off remotely, reboot the box from the network RIS server, reload his/her machine image template, boot back up, log the user back in, and they'd never know that their entire hard drive had been erased, the OS and apps recopied, and reset. That process was an extreme measure, but it took about 6 minutes, start to finish. It was like a slightly longer version of a reboot to users.
So basically what you're saying is each boot was a throwaway OS image, which you simply wipe after each user logs off.
OK, I'm not even going to begin to describe how much hassle your solution is, especially when it comes to upgrade time. It's also most likely illegal and unsupported, as you aren't usually allowed to make such back ups of software. Good luck getting support.
On top of that, I patiently await the day one of your machines become infected at 09:05 and proceeds to infect the entire network. You'll have one hell of a day then. Do you expect to tell all 100K of your users to log off at the same time? Do you realise that the machines will be reinfected by those that wern't turned off? Even if you do get a company wide switch off, I doubt your servers will be able to handle the load. Good luck with that.
Your solution is extreme. If this is what it takes to run a windows network you should be asking yourself why you are running a windows network.
Finally, it's worth noting, we never had an anti-virus package on the workstations
Your network sir, is a disaster waiting to happen. The next sobig or sasser will cripple it quickly. I'd wager it is spending most of its life as a productive DDOS or spam botnet as we speak. it is a juicy plum, waiting to be picked by professional cracker gangs.
May the Maths Be with you!
Install XP, then get back to us. I don't think anyone has had too many problems with Win2k as a desktop OS. I know I haven't. And although XP doesn't crash, per se, it still needs to be rebooted often. I use it at work, and have a nice dual monitor setup. Lots of windows open. But it still needs to be rebooted often either because of security updates (don't you install those? They require a reboot) or because *something* causes it to just come to a crawl. I haven't figured it out yet, and it has happened to me in the past on other work computers too.
No BSOD does not necessarily mean "stable".
To speak to Macs, I just don't get it. I am not saying I don't recognize the quality of the whole package, it just isn't for me. It all doesn't make sense to me. I have a G5 with OSX sitting on my desk at work (for testing out stuff with Mac browsers) and I hate when I have to use it. I just don't like the way it feels and the way things happen on it. It just isn't for me. I can see why some people might like it, but not me.
Personally, I run Linux when I can. It makes sense to me. I know it, I like it, and I am used to it. I can see why everyone wouldn't though, and I am OK with that. I don't have much desire to force people to like what I like. I have no desire for Linux to take over the desktop. I just want to use it. As long as I can do that, everyone else can use what they want. My machine is usually up 24/7. Current uptime is only 9 days, I had a hard drive issue. But it has been has high as the 300s. I find that I usually only have problems upon rebooting, for some reason. But nothing that has happened, and things happen with computers, that makes me want to switch to something else. Linux has made me angry, Windows has infuriated me, and Macs make me feel kind of creepy.
My beliefs do not require that you agree with them.
FreeBSD could be an option, or eCS, or even BeOS in some cases.
These articles that equate x86 hardware to Windows and which present the Mac as the only alternative do little more than highlight the lack of knowledge on the part of the writer, IMO.
Mainframe/UNIX Bit Twiddler and long time Windows/Linux Hobbyist.
The Theorem Theorem: If If, Then Then.
As a person who depends on his laptop to do actual, revenue-generating work, I am acutely aware of how much easier your sys admin job would be if you locked down a single build, AND how fucking impossible it is to do my job on that crippled laptop.
If we have a memory problem on our Dells, ( and granted this is a pretty small number ) they have usually gone BSOD. Hard drives do just seem to quietly expire like you say.
/SQL stuff and Snare/syslog, but haven't done it yet.
How did you do your centralized logging? I have looked at using MS dumpel.exe
>>you have to be a giant fucktard newbie to actually ever be affected by them.
>>the number of people who understand how to secure a windows environment are few and far between.
Microsoft's gross failure is not that the OS cannot be made secure (it can), it's that they haven't tried to educate the average mom and pop user (via initial setup) on how to do it.
For example, I'd say about 90% of the average XP user's problems could be avoided if people used Limited accounts in XP for day-to-day needs, and only used Admin accounts when they needed to install something. Why doesn't Microsoft include/train people on this as an integrated part of XP setup?
On the positive side, you can applaud MS for turning on the firewall by default in XP SP2, automatic updates, and for the integrated Giant spyware stuff coming out.
Close, but no. They had full access that was heavily filtered through a proxy, and aggressively tracked for nasty things.
Filtering? 50K users? What's wrong with this picture? Is this proxy in the Top 10 supercomputer lists?
Not true, my friend! Lock it down! Lock down the registry, disable ActiveX, filter out drive-by installs at the proxy. Run the user as a user, not an administrator.
What about the win32 APIs. They allow admin privilages even if the user is running a reduced privilage.
Users are unable by permission to mount removable media.
So you have effectively banned removeable media. Actually, I agree with this, but your users a probobly p/o'ed
False! 100K users, 50k machines, no infections, no spyware, never, not once!
Now I know something is wrong with your network. I suggest you audit it, immediately.
Yu are buying into a victim culture of IT! Its too hard! MS ruins it for me! It's all those baddies against me!
The baddies are out there man. They are pros. Spammers, marketers, DDOSers who spend their days finding and exploiting holes in windows boxes. Malware doesn't happen by accident. it happens because very determined people want your boxen for their twisted money making schemes. People blame user stupidity and ignorence for malware issues, but in truth it is the cunning and ingenuity of ruthless crackers which is to blame.
May the Maths Be with you!
It's the cost factor.
/. I know), that means that if I switch Ill have to purchase Mac versions of same or switch to something else thats free. Neither the cost nor effort of switching seven or eight programs that I use on an everyday basis seems worth it at this point.
I have a significant "investment" in software for my Windows PC--several thousand dollars worth of money and several years worth of experience using and customizing software. This includes things like learning and/or customizing shortcuts, UI elements, etc. (As an aside, research shows that you remember the physical location of menu items, not their names or icons)
Since I dont believe in free downloads of FrameMaker, Photoshop, Office, etc. (heresy here on
I was very tempted by the Mini when it first came out. I even own several AirPort Xpresses (or whatever the plural of Express might be).
But for the moment, a switch would be too expensive.
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
Ok,
Not trying to be flame bait or a troll, but..
These stories are getting rather sad. Everytime someone says oh I'm going to switch from Windows to XY OS, it gets posted here. And then ppl start the MS bashing or XY OS comparision to Windows.
Is slashdot that desperate for material that topics that are basically duplicates of other content (with different ppl) get posted constantly.
This reminds me of the April Fool Days Overkill Stories..Not trying to be mean, but how about filtering out these duplicates?
And there hasn't been a true IIS exploit, code red expoited a ISAPI extension which would be like blaming apache for the PHP worm that went around.
Have you ever been to a turkish prison?
On a similar note, a state that would only allow drivers to get into their cars but not drive would not surprisingly have no car crashes.
Imagine that! Wow, golly, you've really convinced me.
I dunno I run Windows 2000 at work and it's perfectly stable. I also run Debian unstable which is also perfectly stable (heh heh).
Don't use WinXP.
Or maybe Macc...
After my wife updated to SP2, the HP7130 driver started crashing the explorer with every boot. Fresh reinstall worked until I downloaded and installed the latest HP driver. She had me working on it every night for a week before I finally broke down and fixed it for good.
By installing Fedora Core 3. For the first time in years, everything worked out of the box, and she discovered the miracle of Frozen Bubble and Scribus. Suddenly she became a certifiable Linux bigot. That is, until last week when my PowerMac arrived.
Mine, you hear! Now can I please use my computer again?
Liberty you never use is liberty you lose.
I just posted a longish rebuttal to the author's article. That's got to be the worst supporting evidence I've ever seen to a thesis in ages. He may know security, but he knows squat about hardware. Where does he get this idea of "cheap hard disks"? And feature changes during OS upgrades are bad? Oh brother...
I was hoping for an enlightening look at underlying security models from a security professional and what I got was bullet points my mother would have come up with. That's pathetic.
You don't use science to show that you're right, you use science to become right.
anyone who states that they were a "windows bigot" [or anything bigot/fanboi] displays that they do not have the analytical skills and emotional maturity to offer a qualified opinion on the subject under discussion.
all this looks like is a switch from wintel fanboism to apple fanboism on the part of the reporter, complete with ridiculous arguments/rationalization [eg "not all ram is created equal"].
now if he had looked at linux, enabling him to make the most of the existing hardware he already had, instead of just ordering all new macs...
sum.zero
Any evidence for that bold assertion?
Yes, a history of games and sharware that trashed Windows and a distinct lack of similar issues with OS X over a few years of use.
In more technical terms, a lot more Windows sharware or commercial apps seem to modify DLL's and settings other programs use. On the Mac generally apps have dependancies mostly self-contained.
Furthermore if an errant program trashes the registry a bit you are hosed. On OSX the wors that generally happens is one app trashes its own config file. This aspect alone is probably responsible for better system stability than anything else.
Is choice better than no choice? Yes, yes it is.
You miss the point. With the Mac I have just as much choice as with PC's really. But for a user who doesn't know as much it's a lot harder for them to make a QUESTIONABLE choice without first knowing what they are doing. Your assumption that Macs offer fewer choices than PC's hasn't been true for about ten years I think, apart from motherboards you have just as many choices for system components.
That this works is evidenced in the aura of Mac infallibiltiy compared to Windows flakyness. You and I know that both sides are to some extent a myth, but the way Apple does things it reinforces the likleyhood of a positive user experience for the most users.
In short Apple seems to care more that the user will have a good experience once the have the computer, whereas most PC makeras are focuses on maximizing perceived price benefit for the users while cutting corners on the experience of owning and operating the computers because support centers in India are cheap and a lot of people get help with PC's from friends and family. It's this network of enablers that really keeps the Windows dominance alive.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Good for you. Now how do we find people like you to supplement crappy software and hardware?
Any evidence for that bold assertion?
One otehr note on this - just look at one of todays stories, Netdscape 8.0 breaking IE's XML rendering. Funny it does not ALSO break Safari... Well not really, as I said it's simpyl far easier for Windows apps to tromp on each other and it happens as we see even today. Just try and find a similar story about one OS X app affecting another - it really doesn't happen.
Part of it is also the better dependancy managemnt system than DLL's that actually understands proper versioning.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Oodles of third-party software? I run McAfee, Auto Update and Firefox and haven't had any problems since I switched to that trio. No Spybot or Adaware, etc.
And how are they going to use this win32 API to gain admin priviledges? Will they write the binary code on a notepad and save it to a desktop to run it? Oops, can't save files.
If you can't get the expoiting code to run, things my become a bit more difficult.
Tho there are ways to make this heppen (running priviledge gaining code trought a exploit in web browser), he got lucky and didn't face any problems like that - because malware creators can almost rely on user running as administrator.
Actually, what he's most likely referring to is the stock hardware in Macs. You can put any manufacture of compatible RAM you like in your machine, and pretty much any ATA HD in, but the components that come by default installed in Macs tend to be high-quality. This is not as often true for x86 PCs, especially the cheaper ones.
By reading this you acknowledge that you have read it.
Part of the reason Macs are so secure is that Apple has designed the system such that it is extremely secure from the lowest level to the top. For example, OSX does not have a root account enabled by default. Everything lives in their own permission space and if you want to break out, you use sudo (and thusly have to enter your password).
Less commonly mentioned, however, is the way Apple encourages secure programming with Keychain and their authorization framework. The Keychain encrypts passwords and makes it very hard for an application to get passwords from other applications, meaning that in order to steal valuable information you'd first have to comprimise another application (which is actually quite tricky to do). Even if you do succeed in altering the application, the Keychain notices this and warns you, saying, "Hey, this application changed since it last used me, are you sure you want to allow it access?"
Add to that that Applications cannot alter themselves, and you have a pretty secure foundation for developers (which also, by the way, provides special UI for password entry that is highly resistant to keylogging).
At the lowest level, the PPC architecture is inherently harder to exploit with classic buffer overflows and printf exploits. The PPC system does not keep the current return address on the stack the way that x86 does. PPC chips have an explicit link register for this purpose.
What that means, in practice, is that in order for you to exploit a single function with a buffer overflow, you must inject your code, overwrite the previous function's (the caller of the current function) saved link register (on the stack, along with other saved registers), and then have both the current and previous function return without segfaulting or overwriting your exploit code.
While doable, this is a huge pain to get just right, and it means that the conditions where a buffer overflow can succeed are less prevalent. Add in the fact that instructions have fixed alignment (but data does not) and are of fixed width, and you have a significantly harder egg to write and deploy.
Don't get me wrong, I'm sure that virus writers can do this stuff. It's just that it's much harder and raises the entry bar.
Slashdot. It's Not For Common Sense
His point was that computers should be simple reliable things that you turn on and use then turn off. All of this crashing and being taken over and all that crap shouldn't happen. You don't have a corperate admin locking you out of your palm pilot do you?
Why should you be locked out of your Windows box unless Windows is just simply insecure.
set softtabstop=4 shiftwidth=4 expandtab nocp worlddomination
He is right, but for all the wrong reasons...
1. Windows is complex: Mac OS X is not?? I'd like to see a comparison of the number of code lines...
2. When a new operating system or service pack is released, there are tons of changes to the functionality isn't that the whole point of it? Doesn't every single OS do that?? I don't get his point here... please enlighten me (sounds like a non-issue!!)
3. WinTel machines use different versions of BIOS: WTF?! So what?? Does this mean that you believe that the iMacs, eMacs and PowerMacs all use the same version? we didn't have the same bios for all macs even in oldworld macs...
4. Some Windows software applications are well written; others take shortcuts: Please explain what you mean by "shortcuts". If you mean a shortcut as in "using a bit of undocumented API" - I agree, most microsoft programs are known to do so.
5. Hardware: there are many hardware combinations... so what? how is that bad? can't i choose what i want? How is that bad for windows stability? If a driver of board X is poorly written, you can exchange it for board Y - I still fail to see how this is a problem -- I thought having more choices was GOOD, not bad... and you can always get rid of your Windows and install a nice 2.6.x onto it...
6. Memory. Not all RAM is equal. Some works well. Cheap stuff doesn't. Hard disks. Same problem: cheap or reliable. Your call
Someone enlighten this guy - What stops me from exchanging my powermac G4's SODIMMs with cheapo memory modules? duh...
What a crappy article. He should have calmed down before writing it.
Wow. To think how much money your company could save by just switching to Linux or BSD instead of having to replaced all of those Wintel boxes with new hardware. I hope you enjoy paying for Mac OS 10.5 "Lemming" when it arrives too.
Hey, while you are at it, Sun makes a wonderful operating system that also runs on rebranded FOSS software, plus you can run it on the old Wintel boxes or new hardware available from them.
I was at the "helm" as a consultant turned IT manager/overseer while a full nationwide exec search was conducted to permantely fill the position for just about 11 months.
I had a core group of 12 servers that were "mission critical", whose uptime from the day I started to the day my replacement came aboard was perfect.
You didn't patch your servers for 11 months?
Im so tired and fed up on people saying "buhuu Windows and Internet Explorer is so insecure and bugged" Yes, the truth are that it is having issues, and it is annoying. But that is the price of being popular. OSX and MacOS has issues too, both issues discovered and fixed and prolly tons of issues not discovered yet. Problem is just that the consumer market is much smaller than a PC with Windows. From the attackers point of view, where is the chance of successful attack, the 1 guy with a Mac or the 10 other people with Windows? On the OS programmers (Microsoft) point of view, where is the biggest revenue, the 1 guy with a Mac or the 10 other people with a PC/Windows. And then there are consumers demanding newest technology and fixes. Since the Windows market is bigger than Mac and Linux, the voice of unsatisfaction is bigger there. And then my question. If he was so fed up about Windows, why not go Unix on the PC. After all the techies in that field says it is so much safer and better.
In the long run, you're going to find the same problems with Mac. Since their software/hardware is so tightly governed, eventually you will be their slave if you put all your trust there. Macs have great appeal because of their promise of a stable, market-friendly machine, but absolute control over their product will be their downfall. Mac has/will created a niche that is so opposite of natural, capitalistic competition, that it will eventually evolve itself out of existence. Sure, a few diehards will hang on until the end, but it's only a matter of time before the world catches on to the fact that Macs are mostly a brilliant marketing campaign designed to fool you..........and it worked.
Health Insurance Quotes
No, I'm not really a fan of MS at all.
I am a fan of personal responsibility, and I hate when people always need to blame others for their own ignorance.
See, you have to lock down ANY system whether you're using Linux, Windows, or anything else. That is a given. We all know this.
If you don't properly lock down your Linux box and someone jacks your shit up, is it the fault of Linux developers? No, it's the fault of the user for failing to understand what they need to do to avoid viruses, worms, and other malicious programs exist. It's the fault of the user for not setting up proper permissions or appropriate defenses (making sure updates are applied immediately, firewalls, etc)
If you don't know, then learn how. If you don't have the deisre to learn how, then deal with the consequences. Simple, really.
It's overkill to completely dump Windows and change to Mac just because this goon can't properly manage the machines on his network, let alone take the necessary precautions to ensure that nothing can get in that shouldn't. He's gonna spend much more money taking the easy way out then spending a FRACTION of the cost reading up on how to secure his shit.
So yes, it is his fault.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
I agree with everything else you wrote, but what's with the Scion-bashing? You're talking about Toyota's youth-branded line of cars, right? You know, the same Toyota that makes such notorious "POS" jalopies as, say, the Camry and Lexus SC470, for example?
In case my sarcasm isn't thick enough, let me put it this way: what leads you to believe Scions are prone to break downs within a year? Say what you will about their styling, but reliability is not an issue for which I'd expect a Toyota brand like Scion to be vulnerable.
I did work at NetworkWorld in the late 90's. One of the tasks I was involved in was replacing all their macs with Windows 95 machines (with the exception of some art folks). After that was accomplished they went to a publishing system based on NT and Word Macros.
This was right around the time when word macros were the rage. It was a nightmare. You'd get one macro virus, and in an hour the entire company would have it.
Are they all really switching back to macs? And if so, I am glad to hear they finally junked that crappy publishing system. I am sure the only reason they didn't kill that project on week 2 was because they would have to admit they threw hundreds of thousands of dollars into a bad product.
2 things that bugged me about this - 1 was he bought a sony vaio, then complained that it didn't work. duh. The other problem I have with this is that until Mac OS 10, securing a Mac network was a nightmare and seems to have been completely undocumented.
It sounds like this guy had an especially bad day at work--I don't see where he made his case for tossing out his PCs and switching to Mac. Let's take a closer look....
Windows is complex, trying to be everything to everyone.
True. Many mac apps, especially those from Apple, will sacrifice features to keep things simple. Other apps keep the complex stuff hidden behind the simple stuff.
When a new operating system or service pack is released, there are tons of changes to the functionality.
Yes, the updates I get from Apple seem to focus on bug fixes, while Microsoft seems to create these huge updates that add new features and often break old ones.
WinTel machines use different versions of BIOS. They are not all equal, nor do they all have the same level of compatibility.
Well, that's the price you pay for being able to buy PCs from a number of different manufacturers. Apple is the only source of macs, they control the BIOS and the quality. Sounds like a trade off.
Some Windows software applications are well written; others take shortcuts. Shortcuts may work in some environments, but not all, and ultimately the consumer pays in lost time, availability and productivity.
You could also say the same thing about Mac applications.
Hardware. There are hundreds of "WinTel-compatible" motherboards, each claiming to be better than the next. Whatever.
This is a reason to switch to macs?! He's complaining about security, then instead of going into more detail about that, he complains about hardware.
Memory. Not all RAM is equal. Some works well. Cheap stuff doesn't.
So buy better RAM! Jeez!
Hard disks. Same problem: cheap or reliable. Your call.
So buy a better hard disk! Why is this a reason to switch to Macs?
I'm very happy with my mac, and it's well designed and built (and I've added good quality RAM and a couple of Seagate hard drives), but this guy could have gotten accomplished his goals without taking the drastic step of switching to a Macintosh.
I am so smart!
I am so smart!
S-M-R-T!
I mean S-M-A-R-T!
Look at some of the examples he uses of why macs are better:
"When a new operating system or service pack is released, there are tons of changes to the functionality."
Apparently this guy never switched from MacOs 7.6 to MacOs 8.0 and had half his programs fail to work.
"Some Windows software applications are well written; others take shortcuts. "
This is true of any software platform... It's up to the developers to write good software, not Microsoft/Apple/Linus.
"Hardware. There are hundreds of "WinTel-compatible" motherboards, each claiming to be better than the next. Whatever. "
Yes, choice and competition in the marketplace are definitely terrible things.
"Memory. Not all RAM is equal. Some works well. Cheap stuff doesn't. "
Same for Mac. They don't use magic RAM. Sure, you can buy the horridly overpriced RAM from Apple if it makes you feel good, but smart people buy from cheaper sources.
"Hard disks. Same problem: cheap or reliable. Your call. "
Same for Macs. I've had 2 hard drives fail in my life. Both were IBM brand disks. One was the one that came installed in my PowerMac 9500/120, and the other was one I bought for my PC.
I'm a Windows user now, and have been for about 6 years now. Prior to that, I used the Mac for about 10 years. At the time of DOS, Mac was better. Nowadays I prefer the Windows interface and its access to software - something that the Mac is still sorely lacking.
it's a very closed proprietary system that can then be controlled by a single entity
/. crowd is not a mono-culture. Some of us actually believe that a company that consistently shows for the most part that they are interested in making products that excel in usability, interoperability, and security are OK to spend a penny on now and then. Because if we don't support those companies that do support open standards and practices and who decide occasionally to share their innovations in that medium, there's going to be nothing left but a incredible mess of crap.
The hardware? You mean because Apple takes a ton of commonly sold components and puts them together in their fancy boxes? Just like Dell and HP do? You mean because they've spearheaded most of the now commonly-used device interface standards?
The software? You mean because Apple puts a slick top on their completely open source, community-contributed Darwin OS? You mean because a fair number of their component technologies have been developed starting with existing open source projects? You mean because a fair number of their own in-house technology ideas have been opened either in source or in standard? You mean how there's only a few proprietary standards that they're using to store files, communicate on networks, or connect to devices?
There is a hell of a lot of difference between Apple and M$. You can argue about whether it's because of "who's on top" right now, but the stunning difference between even Mac OS 9 and Mac OS X and how the hardware has evolved in the same time wrt/ all the things I mentioned above suggests to me that someone (hopefully more than one) at Apple has a freakin' clue that's more than just trying to get on top.
And that being said, the
I've never had any real security problems with my windows boxen - of course, I have had minor hardware/software conflicts, but you'll get those with most anything - but I've begun to seriously long for FreeBSD - or similar - again, as I haven't run it in couple or years. I've also gotten to the point where I'm so fed up with having to take time out of my life to update my protection programs and repair minor glitches here and there, that it's really just not worth it to run windows any more...*nix may be a viable option for me, given my familiarity with it, but for the other people whose computers I manage (read: roommate, family, a few select friends), *nix is so foriegn a beast that it would be a bigger headache to introduce them to it than it would to just leave their boxes opened up and have to repair them all the time...
Which has led me to my current campaign to get as many of my loved ones switched over to Apple as possible...it started with iShuffles and iPods...now I've taken people around to the Apple store in the West Village here in Dallas...and soon, I'll be getting my 15" powerbook and parading that - and its ease of use - around in front of all those that I care for, and have to tend the computers of.
In my opinion, we're about to see a lot more of these switches taking place, and not just in the work environment, but also in the home and school environments...
"How like you to drag your keyboard to a gun fight." - Aaron Bedard (BANE)
If the difficulty of opening up MS Word, typing up your letter, and clicking on the 'print' button is analogous with a launching a shuttle, I give this society a maximum of 12 years before it self-destructs.
... and it was this "iPhoto was crashing when sorting only 18GB/15000 pictures and making thumbnails of them" experience, which shook the author to the bone ;-) Otherwise, he absolutely seems to love his Mac (have you RTFA?).
1. Switch all servers to Linux and BSD.
2. Switch all desktops to Apple or Linux (the latter for techies), with a few Wintels for people who use specific software.
3. Use OpenOffice for everyone, host databases on the Linux/BSD servers.
4. Profit! [well, less tech support nightmares]
-- Tigger warning: This post may contain tiggers! --
Windows is complex, trying to be everything to everyone. This complexity comes at a terrible price: downtime, help desks, upgrades, patches and the inevitable failures.
'cos OS X has no downtime, patches, upgrades, or failures, as all the users of 10.4 will testify.
When a new operating system or service pack is released, there are tons of changes to the functionality.
Right. Because vendors should be releasing new OSes which don't add any functionality. Just as 10.4 offered nothing over its predecessors.
WinTel machines use different versions of BIOS. They are not all equal, nor do they all have the same level of compatibility.
Right, right. What? BIOS? Clutch at straws much?
Some Windows software applications are well written; others take shortcuts. Shortcuts may work in some environments, but not all, and ultimately the consumer pays in lost time, availability and productivity.
Right, right, and no OS app ever does something it shouldn't. No OS X app ever breaks when you upgrade the OS. Just as the 10.4 users will tell us.
Hardware. There are hundreds of "WinTel-compatible" motherboards, each claiming to be better than the next. Whatever.
Indeed. What the fuck ever. Who gives a shit? Just buy your computer from Dell. They'll pick a motherboard (and a BIOS) for you, so you don't have to. Or is this schmuck disingenuously comparing self-builds (which you, you know, can't do with Macs) to off-the-shelf machines?
Memory. Not all RAM is equal. Some works well. Cheap stuff doesn't.
Right, right, because Macs are compatible with all memory, and Apple don't go round disabling cheap/incompatible memory with OS updates. Right.
Hard disks. Same problem: cheap or reliable. Your call.
And since Apple makes their own hard disks, the problem doesn't arise.
I switched to Opera and Thunderbird years ago and I haven't had any problems at *all* with viruses or spyware. While there is some malware running around that automatically infects PC's, I'd guess that 99% of the "infections" come from people going to sites that install spyware for them via IE.
Switching entire OS's and throwing out all your old software seems kind of drastic. Just switch your browser/email client...
as a rabid mac fanboy I have to say: Do us mac users a favour, stay with wintel. We mac users need a group with a larger market share so as to soak up the Malware and (virii?)(Viruses?)Our security through obscurity only works if we're obscure. So all of you, shut the hell up! You're blowing our cover! What your doing is paining a big target on our asses and saying "This is the next big thing". So STFU and let us have our own damn fun! You don't give the sniper team neon GITD jumpsuits!
first of all, i am not an ms fan.
50% uptime indicates one [or more] of several things, most attributable to decisions you or your girlfriend have made/make:
1 - poor quality hardware
2 - botched installation of os and/or apps
3 - user error [what's this osama.exe? let's click on it]
4 - bad power
5 - lack of virus protection
6 - lack of security on and/or around the system [eg firewall, acls, etc]
there are others, but you get the idea. i have windows and linux boxes that all have uptimes of "until i reboot them." that said, i have also used clarkconnect linux and there is a definitely a slow, but steady memory leak in that distro.
sum.zero
Do you really *care* about the popularity myth?
If OS X isn't popular enough to have viruses, but is popular enough to have a decent range of software and hardware available so you can get your work done, what do you care that it would have viruses if it were more popular?
What's the value of this hypothetical situation in which Mac security is really tested hard by a 90% market share? They don't have that market share. They won't for a long time, if ever. There are no viruses for OS X.
To put it in human terms, the way to stay healthy is not to develop an invincible shield against germs. You stay healthy by washing your hands and not hanging around infected people. If you use Windows, you are hanging around infected people, so you have to wash much more carefully.
You want to live where it's dirty or where it's clean? Your choice.
I must have done about 50 Linux installs and used Unix workstations in various forms intensively to get my Comp Sci Ph.D. But my notebook to go these days is a Mac - I did have Linux on a thinkpad before, it always had small niggling hardware issues eg. sound and suspend, and minor PCMCIA support issues that make life hell in practice.
The Powerbooks have all the nice integrated features that Linux on a notebook should have, if it were done right. Apple has done the job which a distribution of Linux should do, but they've done it right, so you don't have to spend months tinkering with the kernel.
It's not technological superiority - if Dell or HP had real laptop support for Linux then theirs would probably be great too.
This is not a signature.
In my personal experience, I agree with the substance of the article more than the style. We've had both Windows and Mac OS machines in our house for some time now - home-built Windows desktop for games, a Gateway laptop that I lug around, and an iBook that my wife uses heavily are the current lineup (PowerBook coming soon). I'm no slouch when it comes to administering and maintaining Windows machines, as I've been in the trenches of IT for about 8 years now at DEC/Compaq/HP, with a few side jobs here and there.
Aaaanyway - my Windows machines are patched regularly (just about every Tuesday), I run anti-virus, anti-spyware, and firewall software on both (the desktop runs consumer-level stuff, the notebook is used to connect to work, so it runs the corporate versions of same). I routinely run all the beloved "maintenance" tasks on both the Windows machines to keep 'em running normally. And you know what? I still have to reimage the Windows desktop machine every 6 months or so, 'cause things just stop working. The notebook needs a reimage about every 4 months or so.
I don't use Suspend or Hibernate on either machine - when I did, I had to fix things even more often. As a lark, I took a more hands-off approach to maintenance on the Windows machines for about 6 months just to see if my maintenance tasks were making things worse, and there was no change. Desktop Windows install failed within 6 months, laptop within 4.
By contrast, my wife's iBook, which also gets rather heavy usage, only had 1 problem - my wife left it in reach of our 2-year-old son when she got up to answer a phone call, and he pulled it off the desk and used it as something to stand on to reach the other fun stuff on the desk (didn't quite give him the height needed, but points for the effort). He got excited when our cat got up on the desk, and started jumping up and down... on the iBook. There were no native failures at all - especially in the OS or applications. Antivirus and firewall were installed more as a precaution than anything else, and there were 0 problems with spyware, etc. The iBook went to sleep when the lid was closed, and woke right up when it was opened. Effectively the only times we had to reboot the machine were after installing updates, and not always then. I recall maybe twice in 2 years did the some piece of software (or the OS) wedge itself so badly that a restart was required.
I'm not a zealot for either platform, and I have played reasonably extensively with Linux as well (it's got a long way to go before it will be a viable desktop OS for the casual user, in my opinion). When I was a bit younger (and didn't have kids), I would tear down and rebuild my computers regularly. My friends and I would get together and rebuild our computers. While I still appreciate the skill required to do it well, I don't have time or inclination anymore (I'm also looking to change careers to get out of IT, which may be related...) to tinker extensively. System maintenance is moving further and further away from being interesting or fun.
My wife's iBook and my Gateway laptop are used for substantially the same thing - word processing, spreadsheets, email, web browsing, etc. The usual productivity grind. The iBook does it with less fuss and bother, and doesn't require as much maintenace. As my priorities change, the Mac platform becomes more and more attractive. I do enough work at work - I don't want to do more of the same at home, and Windows on the home machines is becoming a bother.
In my own, purely anecdotal experience, the Mac is looking better and better. If they had a spreadsheet component of iWork, it would do literally everything I need, but Office for the Mac is no slouch. We'll probably always have at least one Windows box for games (and one of these days, I'll get smart and make a proper image so reinstalls don't take so long in case of failure), but we'll be moving more completely to Mac in our house.
We'll I would have to ask that myself. I think if all the clients are xp pro, you can push policy that the users can't install software period.
You forgot step 4, use antivirus software. I guess that's so automatic you don't think about it, except I don't use AV, not even on Windows before I switched, and I don't get infected.
1: avoid fishy sites? That means avoid all web forums, message boards, and anything else that can potentially contain an injection attack. That means don't use web-based mail readers. That means avoid sites that run banner ads, because they can be used for spyware injections as well. And for god's sake don't follow links from search engines.
2: get updates every couple of months? Try... weeks... but wait a while before you install big updates and service packs because sometimes they break stuff, and it can be a while before a fix for the stuff they break.
3: use a firewall of some sort. Don't worry about the viruses that disable security software... so far they seem to be sticking to turning off virus scans, they probably won't get around to firewalls for a while.
I got a better idea. Don't ask for an infection in the first place. It IS possible.
Let's go back to 1997 or so. Somewhere in there Microsoft made a change in Windows that changed it from something that your suggestions were good enough to stay clean on, into something where you could actually get a virus just by reading email.
I mean, there was a JOKE going around about a virus where you could get infected JUST BY READING A MESSAGE. It was a joke because NOBODY believe anyone would ever write a mail program that even had a mechanism to run a virus without downloading and unpacking it.
THEN, Microsoft integrated IE and the desktop and Outlook.
THEN, we got a huge flood of viruses.
For the division I worked for, well, we didn't get infected like the rest of the company. And we didn't even use antivirus for a couple more years. All we did was completely ban IE and Outlook and any other program that used the IE core... the MS HTML control... for untrusted documents.
That's all. That's the biggest thing you can do to stay virus free. Just stop using Microsoft's mail and web software. It works.
We have multiple labs with Windows machines here that are for students, who get no admin access. In the main labs there are around 30 apps, mostly specialized engineering apps isntalled. Now engineering apps are famously picky about running without admin. Some do without complaint, but many won't. They all do in our labs, however. Why? Well when we find an app that doesn't work, we investigate why, what it is trying to do that it doesn't have permission for, and then we give it permission for that.
Number one problem is apps that want to write to their own directory. Users don't have write access to the Program Files tree. No problem, give users write to that program directory. Means they can fuck up the app, but nothing else and we keeps logs so we'll know who did it. Next biggest problem is write access to a temp directory other than the one they are supposed to be using. Again, no problem. After that, it's modification of registry keys. Same fix as before, and so on.
That's what the grandparent means by a competent admin. Not that when something doesn't work you throw your hands up and say "Oh well, admin access for everyone" that you go and find what the problem is and fix it.
We go through similar shit with apps on the Solaris systems all the time. Most of them won't install right off. Their installer is proke, their documentation is poor, their license server conflicts with an existing one, etc. Well there again we can't just give up and not install it, we work out how to fix it, get the app installed and running.
That's our job.
So it's perfectly possible to lock a Windows system down to user mode in a setting where there are admin(s) managing it. Yes, it may take some work, but that's what you gt payed for. You can lock it down so that the most a user can do is to screw up individual programs. Well, you just make sure to log all that, and then you can have a little talk with them when it happens.
It's really not that hard.
Assuming that a commercial/corporate level of system support is required, and assuming that a typical employee only needs access to software such as:
* general office applications (word processing, spreadsheet, database, drawing),
* file sharing with the existing CIFS network,
* network client software (browser/e-mail/FTP),
then I will reassert that Linux, OS/2, and/or eCS would be viable solutions, and FreeBSD might be, though you might end up running a lot of Linux binaries on the latter.
If you add the additional requitement that any replacement environment be a drop-on replacement that doesn't change the look or feel of existing applications, however, then your options are far more limited.
I would argue that to be an arbitrary requirement, however, and that the continued use of software such as Outlook or Word presents as many potential security risks to the organization as it does mild benefits due to training issues.
I'd tend to lean more towards using an eCS desktop running OpenOffice or Lotus SmartSuite, Mozilla and friends, etc, since it would have support available directly from IBM, would have none of the UI or clipboard issues you speak or, would drop right into a Windows network, and would not require the type of large-scale hardware replacement that a movement to the Mac would require.
To each his/her own, however...
Mainframe/UNIX Bit Twiddler and long time Windows/Linux Hobbyist.
The Theorem Theorem: If If, Then Then.
I think the point the author's making here is that Macs are high retail, but if you want a reliable PC, you'll be spending comparable money. Bad security and mediocre robustness mean high retail Macs are a better deal. (I don't want to argue the truth of that, I just wanted to make the author's point--or at least elucidate a reasonable conclusion.)
all they need to do is craft the e-mail with just the slightest enticing subject and content and the avergage user will double-click the .pif, .exe, .scr, .bat, etc., file
I have yet to have a user come to me *twice* with the story that they downloaded and ran an attachment.
I have had them come to me mutiple times with the story that they'd clicked "OK" to a prompt and let a virus install itself that way.
There really is a difference between "download and run" and "click OK". It's like the difference between taking a package off a shelf at a grocery store and buying something because you rubbed your nose at the wrong time at an auction.
Education is not the solution, and just getting rid of apps with unfixable leaky sandboxes has a MUCH bigger effect.
I work in corporate IT.
Been using XP since it came out on a dozen boxes: a webserver, disk server, and interactive travelling employee computer (which means hundreds use it per month).
Never had a crash on any of 'em.
Repeat: NEVER HAD A CRASH.
Powerdown only for yearly site electrical service.
So if I could publish to a syndicated column and orate on a soapbox, I'd be just as meaningful is this dimwit.
Linux is written by programmers, for programmers.
MacOS is written by designers and programmers, for desktop users.
Linux was modeled after SunOS, which I believe is a server OS for IT professionals.
MacOS was modeled after rahsprody and Mac team's original designs, which was and still is aiming at the mass user market where people have various levels of computer skills.
Compare MacOS and Linux is like comparing apples with oranges (pun intended) you can eat the apple without peeling, but can't do the same with oranges, is that a reason to crown apple the superior fruit? Personally, I would rather configure and install hardware on my own rather than relying on one of those "Automatic detection" programs. if a person doesn't even want to bother learning how to configure and install linux, he/she has no business using linux at all. go back to windows or macOS, please! it would save all of us a lot of headache.
"Linux is a great server operating system." This is incorrect, depends on distributions, linux varies from a fair server OS to a bad server OS. If you really want to experience a great server OS, I suggest you to use OpenBSD before jump on the linux bandwagon.
Please stop bastardize linux further into being able to handle the average idiot. it is a lost cause and a waste of precious time, money, and resources. linux programmers should instead focuse on the three "s"es - speed, security, scalibility.
Users aren't admins you say? Tough luck sonny. It's called win32 API programming and it gets past all such restrictions. Malware will most likely run as admin whether your user is one or not. user mode will not save you.
That's utter bullocks. I should disregard the rest of your post, but you are entirely incorrect. Win32 API does not bypass file system permissions, registry permissions, etc. Yes, if there is an exploit/bug those restrictions *could* be bypassed.
I hope iexplore.exe and outlook.exe were in there, cause if they wern't.... msnmessenger too.
What do you mean? I dont follow your sarcasm I guess. Yes, outlook and ie were on there.
Naturally. However a better step would be to ensure ActiveX is never used by switching to alternate browsers. Also, the users(malware) may, for whatever reason, find a way to turn ActiveX back on, or worse, request it! Getting rid of IE altogether is a better step.
I agree, however, at the time, Firefox was very very young and the Netscape alternative was very nearly as bad as possible. If it were today, IE would be out and Firefox would be in.
So basically what you're saying is each boot was a throwaway OS image, which you simply wipe after each user logs off.
No. Not at all. If there was some type of problem we had a good baseline which we good always reset to without disrupting the user one wink. Great for troubleshooting.
OK, I'm not even going to begin to describe how much hassle your solution is, especially when it comes to upgrade time.
False. Very easy. Boot each image once a week on a test machine/VMware. Update all apps, the OS, anything else you want to do. Then that image is pushed out to the clients. Very, very efficent delivery method.
It's also most likely illegal and unsupported
No, actually it's neither. look a product like Symantec Ghost. It's explicitly supported. MS explicitly supports system imaging, and puts out a number of tools to help you with it. Not illegal, not unsupported.
On top of that, I patiently await the day one of your machines become infected at 09:05 and proceeds to infect the entire network.
The point is that when only trustd binaries run, all software is very much up to date, and incoming/outgoing traffic is closely managed, you have a very small risk vector for infection. We never got infected, even during the big name virus outbreaks. Vendors and outside sales guys would come in and plug their infected nasty laptops into my network, and nothing bad would happen. Why? Layers of security. IPSec, appropriate routing rules, the lack of a broadcast protocol being enabled, etc.
Even if you do get a company wide switch off, I doubt your servers will be able to handle the load. Good luck with that.
Of course all 50,000 machines couldn't resync at the same time. 250 was reasonable.
Your solution is extreme. If this is what it takes to run a windows network you should be asking yourself why you are running a windows network.
No, it's very workable, and a very small amount of ongoing work. Yes, some prep time, but on this network I could assure you 100% that everyone was running secure apps, the right versions, the correct software, etc. Without a doubt, it was effective and fast.
Your network sir, is a disaster waiting to happen. The next sobig or sasser will cripple it quickly. I'd wager it is spending most of its life as a productive DDOS or spam botnet as we speak. it is a juicy plum, waiting to be picked by professional cracker gangs.
Nope. We with stood both of attacks, handily. And even if something did get infected, that PC was effectively disabled. Heavy unusual traffic would cause a PC to get auto-null routed off the network.
You are wrong, just plain wrong. Good security is a matter of policy, technical and otherwise.
If you want to come to Maine, I can arrange a tour. It's a very secu
This was always a myth, but it was true that an untrained but intellegent monkey could get a computer running, and later on, a small network. The problem is that MS puts out all these TCO reports stating that Windows is still the cheapest solution. Certainly one can cheaply configure a malformed yet functional windows machines, but to do it right probably costs as much as any other platform.
So the problem is that a firm buys a window machine thinking that it is plug and play with current staff, or at most they might have to pull some random person out of the newpaper, when in fact to make any system function one needs a well trained administrator.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
That's great, but then the users are their own system administrators.
Things like software updates (think internal vertical apps), for example. How does that work in your example?
Let me just say. Macs are great. But 50,000 of any computers that are all different is a big freakin hassle for your help desk. A network that big would require a huge help desk with 50,000 user-admin'd Macs. It all adds up.
The network you describe would be cool if all the users were say graphics people who had macs at home. They could handle updates themselves, install their own apps, troubleshoot minor software questions, etc. In a more standard environment, it would be well, a challenging thing to manage.
Filtering? 50K users? What's wrong with this picture? Is this proxy in the Top 10 supercomputer lists?
.NET, C - all of it. Win32 API *is* Windows.
What are you talking about? It's not great feat. 12 machines, dual processor, with a 2GB of RAM. I think since it was a while back they were early generation XEONs.
Hardly a supercomputer!
What about the win32 APIs. They allow admin privilages even if the user is running a reduced privilage.
No, not actually. What are refering too? It's just not true! Everything compiles down to Win32 API on Windows -
Yo you have effectively banned removeable media. Actually, I agree with this, but your users a probobly p/o'ed
Absolutely. No new data/apps in without going through IT.
Now I know something is wrong with your network. I suggest you audit it, immediately.
Sorry, but, I dont work there anymore. But, let me clear. None. Ever. No infections. Think about. No untrusted binaries, machines up to date, network locked down multiple ways (IPSEC all machines, filtering, no broadcast protocols running, etc), users trained, IT staff trained, e-mail attachments virus scanned, etc.
It's not rocket science. If you don't control the binaries on your computer, it's not your computer.
The baddies are out there man. They are pros. Spammers, marketers, DDOSers who spend their days finding and exploiting holes in windows boxes. Malware doesn't happen by accident. it happens because very determined people want your boxen for their twisted money making schemes. People blame user stupidity and ignorence for malware issues, but in truth it is the cunning and ingenuity of ruthless crackers which is to blame.
And bad IT makes it easy. Good IT makes it impossible. We had layers of security, good technology, good people, and good policies. That's all it takes!
God, who cares. Everyone has their personal preferences. Windows has flaws, Linux has flaws, Mac OS has flaws, nothing is perfect. I work exclusively in Solaris for my job, because that's what I do...and it too has flaws. I have a Windows box at home to play games on because so far none of the alternatives can offer every game I want to play. I'm really getting sick of this whole, "My platform is better than yours." crap.
You don't like something? Then don't use it. But shut up with the whole "hitting everyone else over the head with it" attitude.
Not the 12.. they were up and are still up with no patches.. that's what restricted access, locking down unused services, and other similiar strategies can do to protect your systems. Just because a patch comes out doesn't mean it has to be installed the same day, uptime be damned!
"Enough of the MS bashing, it's old."
"Enough of that abestos fear mongering, it's old."
Your Slashdot Fortune of the Day:
Spoken like a true suit! You have a career in bending space and time to suit your whims.
wireless tech unreliable and spotty: film at 11
How did you do your centralized logging? I have looked at using MS dumpel.exe /SQL stuff and Snare/syslog, but haven't done it yet.
Nothing that fancy. I used a shell script that ran on the client machines periodically (I believe every 10 minutes), exported and then cleared individual machines logs, and copied the file to a shared folder on the "logging server". The logging server had a script that ran every 1 minute or some such small interval that took all the logs, parsed them and inserted the data into a database in the database cluster (we had two 8 machine SQL clusters onsite, so the load added was minimal). From there we had our "IT dashboard" app monitor for exceptions that we could watch, etc. On days when new software packages had been installed we'd setup a watch on any given message that would indicate a problem. It worked well. One time we had two apps that kept trying to install over each others shared DLLs they each had each improprely located in a system folder. Boy was that a mess. But it was easy to trace down.
OS X ships with the firewall "on" by default, and every Mac user I know uses a virus scanner. Are you saying Apple doesn't make safe software?
Agreed about the firewall, but every Mac user I know doesn't use a virus scanner. They're unnecessary.
I do tech support for products that are about 50% Mac/50% Windows. There are some software problems caused by Mac antivirus programs (Norton or Virex), so I always ask if the user has one, and after having talked to many hundreds of Mac users, I'd say no more than 10% say yes. I've never run into a Mac user who's had one of those products actually detect a Mac virus.
Windows 98? Computers are not sold with Windows 98 any more. Where is your boss getting these "PCs running Windows 98" for audio editing.
If you're *not* lying, then your boss is an absolute retard. At least use an NT based flavor of windows if you're going to do audio editing.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
"Operating systems are complex... Patches sometimes install new functionality... some commercial software is badly written... expensive hardware is usually more reliable than cheap hardware.. Are any of these actually news to anyone?"
Instead of bashing someone, accept the points. He is stating some of the problems with a platform (any platform). The OS should be resiliant enough not to crash due to a badly written program.
"My favourite of his issues is that not all Wintel machines have the same version of Bios. Wow. What a revelation. SO what? "
"And no piece of software written for Unix has ever had a single bug. Nope, not one. "
There is a different level of functionality that exists between windows and bios. Windows does not ignore bios after boot. How about searching for bios, windows, problem and see what comes up. It won't be changing to boot from CD to install windows.
"The real indicator that he doesn't have a clue is that he could have saved $2000+ dollars by just installing Linux on his existing machine, rather than buying a new Mac."
MS Office is available in Linux (except under wine or crossover). There is a certain level of compatiblity that just doesn't exit in OO.o. FYI: I haven't tried the 1.9 builds yet.
Consider the default security settings that exist in Windows. And no, I don't want to hear about SP2 for XP. SP2 is only a year old (approx) and is only for XP. The point is that there was no concern for security for the 20-30 years. There is no easy way to close all open ports on your system without jacking in the registy. Can it be done? Yes. But it is a major pain in the XXXX.
To paraphrase, it is crazy to have some many things installed on your PC just to keep it alive.
1) AntiVirus
2) Firewall (software). I prefer hardware but the software FW allow you to see an unauthorized communication between a program and a remote site.
3) Anti-Spyware: not one but several, because there is not a program with 100 percent detection rate.
Now what about basic system maintaince:
1) Defrag, other file systems are just a tad bit more resilant to NTFS when it comes to fragmentation. And if a partition becomes fragmented, move files to another partition, make a new file system, copy files back.
2) Clearing out temp files. The basic tools windows has are not enough to remove half the junk on the system. You wind up writing batch files to clean out temp folders.
3) Cleaning the registry of left over crap.
4) What about cleaning Virtual memeory? Yes, you can flush it on shutdown but how many users know about it (registry edit or via local security policy). Giving a good flush once a month or so greatly improves performance. What about the ever annoying growing and shrinking of swap?
Hell, no other platforms are plagued with these issues. Most windows users have grown accustomed to these problems and think its "normal". This is not normal buy any streatch of the imagination. People got use to system crashs and general system instability. No, no, no, this isn't normal. Granted w2k and xp have made tremendous strides in stability. The only time I have seen a crash is due to:
1) Hardware failure
2) Badly written driver
3) Someone with a badly infected system (spy/mal ware, virus), or someone who just general abuses the system.
So, MS gets a few points for there stability improvements. However, it doesn't exonerate them from the preceding page of junk that I type out.
On a side note, every notice that not all drivers get updated with windows update. Typically they would be drivers that use Ring 0.
The problems with MS OS':
1) Too much intergration
2) Feature bloat
3) DEFAULT SECURITY SETTINGS (my pet annoyance)
Enjoy,
Anonoymous Coward!!!!
It's so easy to have your Windows not get viruses that I'm sometimes amazed that people who are supposedly experts seem to have problems. It's been several years since I've had any viruses or problems with my windows computers. When I did have problems, it was before I had a firewall. I have 3 systems running non-stop with one of them acting as a net server. I regularly check them to make sure that they're clean, and they are.
No problem, the guy is not the best writer. Here's a usefull summary.
After 22 years in computer security and 7 advising normal users, "ma, pa and the corporate clueless," on Windows, Winn Schwartau has decided that Windows does not work. He was unable to secure it himself and realized that his clients are less able than himself. Because his Windows experience is so bad, he's unfairly blamed PC hardware and decided to leave all of it behind for the Mac world. The Mac world has been more pleasant than he, as a Windows user, could have imagined and he's started a blog to tell everyone about it. He admits to being "obstinate" and "a PC bigot" and that this contributed to his long suffering under Windoze.
While I'm glad the scales have fallen out of his eyes, it would be nice if he had given free software a chance to do something useful with his hardware. It is too bad that he did not pick up and try something like Knoppix or Mepis and realize there was nothing wrong with his BIOS, memory, motherboard or even the complexity he blames along with Microsoft for poor security. Still, it's not too late. He could easily set up his old computers for file storage and other useful services. It's good to hear yet another person escaping the Microsoft Mindwash.
Welcome back to reality, Mr. Schwartau. The recovery process takes a surprisingly long time. Fits of anger and other well earned emotional release up may occur at inappropriate times. You may even have nightmares years later. Things you have said and done under the influence my come back to haunt you. It's OK, we understand. There's no need to overcompensate now. In time, you will realize that the people who misslead and lied to you are also working hard to make avoiding their "products" impossible. This too will make you very angry, but you won't need to be. Evil things are best combated with the clear vision of a level head.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
you're an idiot - plain and simple
These rumors have been around since the dawn of mac. Take them worth a grain of salt.
887321 = 337*2633
I agree that OS X is a more secure system, and that Apple's hardware is better than average WinTel hardware, but that doesn't mean that any Apple is better than any Windows based system. Just buy quality X86 parts and keep your nose clean when using the internet. The biggest improvements you can make in Windows is not buying crappy computer parts and using Firefox instead of IE. Done. Windows doesn't suck anymore.
No sig for you. YOU GET NO SIG!
OS X rules because it is NeXT Step.
v iew.html
Does this finder look familiar folks?
http://www.paullynch.org/NeXTSTEP/NeXTSTEP.TechRe
(but with MS Office, Photoshop, and Mozilla ported to it)
I can recognize a HW versus SW prob and this was hardware but the Sony folks, in an effort to save having to send a guy to me, tried to convince me "Reinstall Windows." NO! That is wrong! This is a HW problem."
I have found that to be the case in any mixed vendor environment. If you call the SCSI RAID vendor he will tell you that nothing is wrong with the RAID that its a hardware problem with the SCSI card or a bug in the OS -- replace both of those and don't call us again.
Because they should not have to lock down the machine so that the user has no control! They should not have to disallow all programs but the whitelisted ones! What is the fucking point of having an operating system when you can only run half a dozen programs, anyway? The point of an operating system is that you can run anything you like and the computer will do it. If one program crashes, the rest keep going. I can write any random application I like, and the OS will load and run it.
Why the hell should the admins spend hundreds of hours locking down the machines just to prevent what the fucking OS never should have allowed in the first place? Why the fuck should the admins have to work their asses off to achieve nearly virus/spyware-free systems? I get completely virus/spyware-free systems with no work today using Mac OS X and GNU/Linux+X11. I view any random webpage with no fear. I open all my e-mails with impunity. When my co-workers are shut down by ravaging viruses, I laugh and go on with whatever I was doing. Keep your damn Windows. I would rather have something that works.
Try Ubuntu. It'll win. (The other distros will still exist, but this and redhat--maybe suse--will be far and away the leaders. Debian will probably be the leader for servers as Ubuntu will end up helping it out alot, what with it being built on Debian and all...)
That's utter bullocks. I should disregard the rest of your post, but you are entirely incorrect. Win32 API does not bypass file system permissions, registry permissions, etc. Yes, if there is an exploit/bug those restrictions *could* be bypassed.
I have personally witnessed a knowladgeable hacker use win32 API calls to gain admin privilages on a PC so he could install firefox on the PC. That said, your restriction to trusted binaries might cope with this, but exploits in trusted binaries are still a problem in this regard.
False. Very easy. Boot each image once a week on a test machine/VMware. Update all apps, the OS, anything else you want to do. Then that image is pushed out to the clients. Very, very efficent delivery method.
The lynchpin of your solution appears to be the OS reinstallation on login.
You have basically given up on any attempt to secure the OS itself and simply wipe it regardless. While some might regard this as an effective solution(and indeed it is the only solution when rootkits are the problem) it isn't really a security solution. It is a security workaround to the inherent insecurity of windows. A very extreme one at that. You admit it takes 6 minutes for each reinstallation on login. Think of the network traffic alone!
And the reinstallation is not a good solution. If so much as one vendor decides not to support it, or worse becomes belligerent enough to ask more money to give you the privilage of the extra copies this entails, your careful plan is blown sky high. Microsoft support it NOW. What about in the future? What about other vendors? What happens when the company's newly bought solution just won't play nice with this and the vendor just won't budge? Trouble. No wonder your not using AV software.
OS reinstallation on login is not a solution. At best, it's a declaration of the unmanagbility of windows. If this is what it takes to run a windows network, what the hell are you running a windows network for. With so many locked down apps and OS images, I doubt most of your clients are using custom built solutions or anything other than Office and web browsing, so OS migration should be a lot easier.
Though your tribulations in securing the network are impressive, your whole network is a prime example of the need to move off windows. It's a poster child for a switch, not a reason to stay. If this is the level of time and resources it takes to keep a windows network clean, I'm better off elsewhere.
You can throw any professional at it you want, the thing is tight. You don't think our IDS was going off with attempted crackings at all hours, practically every day? You don't think we didnt have malicious users trying to cause trouble?
How about I throw new company management at it(read Pointy-Haired Boss)? Management that's easily swayed by a slick vendor who's product won't fit into your model, and who persuades the boss that it's your model that's at fault. "Our app needs admin privilages", "We don't support imaging", "Imaging costs extra"
Your solution is working because you have an unusual amount of power for an IT director. You have enough control over the network to implement this. The arrival of a Pointy-Haired Boss will torpedo all your carefully laid plans and bring ruination to your boxen. Admittedly a PHB wouldn't look to kindly on a network of mac, bsd or linux boxen, but at least you could argue an OS migration would be too difficult.
Though valient, your efforts are all ultimately unnessesary. You have labouriously pounded out a windows shaped hole in the wall of secure networking, something that few other managers could ever dream of doing. A 50K user, unix based solution would be more efficient, more manageable and more flexible than what you've set up. Why didn't you take this option?
May the Maths Be with you!
Ok, explain to me how:
Buying all new computers
Making sure each component (RAM, Hard Drive, motherboard, cables, Processor, power center, graphics card, sound card, USB cards, Firewire cards, ethernet cards) is high quality
Making sure each component is comatible with one another
Making sure each component is compatible with windows XP
Making sure all the comps have the same BIOS
Securing Windows XP so it isn't a security mess
Buying and installing replacement applications to the ones he doesn't like
Transferring all data to to the new network and setting up your network...
is less drastic than:
Buying new macs
Getting the software that "just works" (which, like safari, many come pre-installed)
Transferring over the data and setting up your network.
you make switching to macs sound like he decided to lop his ear off.
I'll start with: this guy is an idiot. From reading this, I can tell that he read 3 articles from MacWorld and now he's a pro. If you can't figure out that spyware comes from the crappy little games people download for free, then you're dumber than you thought. Seriously I'm a bit tired of people saying they don't know where it came from. If someone walked up to you handed you something and said "Here this is free." You'd ask what the catch was. Those little free programs, there's a catch moron. I'm not advocating for Mac or Windows, I'm really tired of the Mac fanboys pretending they crap flowers. I see one-sided articles churned out day after day about how bad Windows is. Instead of paying an extra $1000 for a fast Mac, spend $50 on a hardware firewall, there your security problems are down to what you put on the machine, and you can play games. Ok, now here's why he's wrong: Expensive: Even the "cheap" Mac Mini starts with a crappy set of hardware and comes with no monitor. Dell will sell someone a PC that's actually under $500 with everything you need. If Mac users think a $500 CPU is cheap, then get pull your head out. Also, why would anyone looking to read email and surf the Internet spend an extra $200-$300 on a "pretty" computer? Viruses: Turn off all Windows computers for a month, and then tell me that Macs don't have viruses. Why would someone waste time writing a virus for a tiny percentage of computers? There's no glory there. Games: There are what, like 10 games for Mac that aren't Super Brickout? Parents rely on their teenager to fix the computer, or for information on what kind of computer to buy. I doubt any teenage kid will pick a Mac, they don't want to do work anyway. People are dumb: They don't understand computers or want to learn anything new. They use Windows at work so they'll use it at home. They've heard that this is easy or that is easier, give up. People are lazy and dumb. Hardware: I'll go ahead and say that there are people who want a good sound card, or care about the CAS latency of their RAM, or overclocking, or water cooling. These are not Mac people, and at the current rate, they never will be. They aren't faster: Take an Athlon 64 4000+ or a dual core Athlon 64, the Mac won't beat it except in the magical Apple test center where they guess at benchmark numbers. I've check tomshardware number against Mac numbers, don't trust Apple's marks more than you'd trust them from MS. The days of Apple people claiming that Photoshop or some other program few people use runs faster on a Mac are over. Video and audio editing are just as easy on both platforms, it just matters what program you're using to do it. Where did these amazing facts come from? WinTel machines use different versions of BIOS. They are not all equal, nor do they all have the same level of compatibility. Are you kidding? I've built and installed Windows on lots of computers in the last 10 years, and I can say that I've run into 1 occasion where I needed to update the BIOS. Some Windows software applications are well written; others take shortcuts. Shortcuts may work in some environments, but not all, and ultimately the consumer pays in lost time, availability and productivity. I don't like Microsoft, but why would I blame them for other companies screwing up? Hardware. There are hundreds of "WinTel-compatible" motherboards, each claiming to be better than the next. Whatever. Sorry, some of us like to upgrade parts at a time. We can't all afford to buy a new tower when we want a faster machine. If you think it doesn't matter, go to tomshardware.com. If you don't get it after that, shut your mouth because you won't ever get it. There are people who understand why you put racing shocks in a car, and there are some people who know why your motherboard chipset is important. Other will sit around and say "I don't get it." Memory. Not all RAM is equal. Some works well. Cheap stuff doesn't. How many people who don't know how to secure their computer (read: hardware firewall) know wha
MAC = Finite set of Proprietary hardware to program for.
MS = Nearly infinite combination of hardware to program for.
Ideally all hardware items of the same type should respond in a similar matter. But as that is just a theory... in practice it is hardly ever true.
I am not a big fan of MS business practices but they do a pretty good job allowing a OS to run on a very unpredictable set of hardware. It is far from perfect but it is next to impossible write dynamic software to handle the nearly infinite possible hardware configuration. Trying to write such software is bound to have unknown flaws.
MAC plays it safe by laying out to the user what they need and an OS that has been tested and runs on the specified hardware.
The closed proprietary system makes life a lot easier for the developer.
My Sig indicates the end of the comment I posted.
So many people on Slashdot are literally brainwashed by Apple, it makes me wonder how exactly did their marketing department pulled it off. No, I'm not saying that Macs suck. I think they are a bit better than PCs, but this difference does not come for free, you're _paying_ for it.
Does Mac hardware have open architecture? (I honestly don't know, but Apple clearly upper hand in that market area.)
Does OS X is open-source? Not entirely.
Are Macs so much faster than PCs? No. And do not give that gigahertz-do-not-count crap. I've seen Macs in action. They're ok, but they're definitely not as fast as Apple fans depict them. If I spend $1,499 on my PC, and then install FreeBSD, it will _fly_.
Linux companys should be reading articles like this to really find out where they should be heading. They don't know to be emulating Microsoft and competing for the lowest common denominator, instead, they should be trying to put out a good reliable products that "just work" on any hardware.
I don't care much for Redhat/Fedora Core for my own work, but I have to admit, it is simple and it works. This is how you compete. Come up with something different that means ALL of the needs of the customer.
The problem with Macs is that we aren't all yuppies who can afford the latest, and most expensive, hardware and software.
I think really it boils down to the experience. The average people don't want to know how the computer works or why it works or anything about it, they just want to use it to get info. They don't want to worry about virus scanners or pop-up blockers or spyware. You may not have any security problems, and your friends may not have had security problems, but there are hundreds of thousands of compromised Windows boxes out there filling up our spam boxes. I'm not anti-microsoft, I'm just an advocator of doing it right. In all honesty, I hope MS copies the hell out of Apple and does it right too, then we can all just sit and bitch about how things were copied instead of trying to say "My insecure OS is secure as hell, honestly! And stable too!"
The lynchpin of your solution appears to be the OS reinstallation on login.
No, not on login. Weekly, for updates.
You have basically given up on any attempt to secure the OS itself and simply wipe it regardless.
No, this is the method used to secure the OS. Instead of worrying about all myraid of patching methods for different apps and all that, just go low. Re-image the system once a week with all new updates.
And the reinstallation is not a good solution.
Sorry, I disagree. We supported 50k clients with less than half a dozen IT people. It's pretty good, thanks.
Though your tribulations in securing the network are impressive, your whole network is a prime example of the need to move off windows. It's a poster child for a switch, not a reason to stay. If this is the level of time and resources it takes to keep a windows network clean, I'm better off elsewhere.
Hey, actually, you are wrong. Find me another network run with fewer people or less resources. UNIX, Mac, or otherwise. You'll be hard pressed. It was an extremely efficent operation. 100K users, 50K workstations. For christsakes, we tested and updates 50,000 machines a week with less than 2 hrs of effort. Do you understand what a big deal that is? You really are daft thinking thats a lot of work. Startup each of the three images (basic, advanced, developer), update as needed, test with our regression suite, and that's it.
Funny that this came up. On Veronica Mars a few episodes ago, the geek-guy character was espousing the benefits of Ubuntu to the geek-girl character, who replied that she was happy with OS X.
Yeah I used Win NT, 2000 and XP and sure, I could get pretty good uptime and stability with any of them. But OS stability is a relative thing. How stable is it once all the spyware/adware, virii and poorly written shareware are thrown at it? Peeps say that Win is the victim of this because it is so prevalent. Bahhh! Sure there would be more of the same for Linux/BSD/Unix or whatever if there were more percentages of them in use but by design, those OSs are far less vulnerable and would not suffer the subsequent stability issues that Win does.
$ whatis msft msft: nothing appropriate
PC-bigot security dude...
JoloK
A few more follow up points, and then after this, you can take it off list to e-mail.
1. I was not imaginging at login. That was only in the case of a major problem for a user. A good troubleshooting procedure should always start with: "start at a known good point", we and had that capability. The machines got reimaged once a week, on weekend at night. This allowed us to maintain up to date machines - all of them - without using multiple deployment methods to update apps. It also means that we didnt have to have the machines themselves run things like Windows Update, or whatnot. Very, very efficent. We had three image templates in circulation, and every machine was one of those three templates.
2. The CEO of the privately held company helped design parts of the IT policy. A very, very saavy man. Him and the old CIO that I replaced (after he dropped dead) designed the IT policy from the ground up.
3. Contrary to your claims of the extremely time consuming nature of the process, it was only time consuming for the machines. As I mentioned, the IT department here was very small. Myself, four full timers, a handful of part timers on the help desk, and that's it. For managing 50,000 machines and 100,000 users, with 80 servers in the mix. Thats a good ratio, and depending on your industry, probably 5 times better than anyone else.
4. Imaging is supported, and legal, and that's not going to change. First off, there are no extra copies wasted as you suggest, excepting the one that is stored in each master image. We licensed appropriately for each app. There is no functional or legal difference from automatically installing software or doing it differently. You can never predict what a judge will rule, but imaging is safe. Also, we are explicitly allowed by law to make backups of installed software, so that is another avenue of protection.
5. Well I dont know how you doubt this, but the clients were all using a large number of highly customized applications, as well as office and web browising and web based applications. Additionally, many of the machines had peripherals to consider.
6. As far as some new vendor that's interesting. Sales people are sales people, and the burden is on them to make the sale, not the other way around. As I said before, the CEO was extremely tech saavy, and would have a lot to say about a pushy vendor demanding changes. No app would make it to the network without being friendly to admin, and frankly, with 50,000 licenses at stake, we never found a vendor who wouldn't work with us to fix their broken apps, or package it to do what is correct.
6. As far as effort, It's not that hard, and thousands of similiarly secure networks exist. It was very straightforward to do. Sure, it was hardwork. It's tempting to take shortcuts. But short isn't always the best way.
And the big whopper:
A 50K user, unix based solution would be more efficient, more manageable and more flexible than what you've set up. Why didn't you take this option?
How? See, we had dozens of you guys show up, take a tour, and tell us how linux would be much better! Save us a million bucks a year! It's like the long distance guy who calls up and says he can save me $50 a month on my phone bill, not knowing my phone bill is only $25 to start with.
How is it going to be more manageable? We had complete control of every workstation. We had neatly divided groups of policies that were handed out to users. Machines were evenly and routinely updated. Making large changes was as easy as small changes. We were able to quickly and easily deploy large changes as needed.
The fact is, you have no basis for your assertion. You assume that *nix would have been better, because you can't believe that a Windows network would work well. But I am telling you this: it did. You can disagree with me, you can call me a liar, but these are the facts as I saw them, as a first hand witness: we had no virus in
If you're going to set up a minimalist configuration that only allow specific programs, you might as well just run Linux. The whole reason people run Windows is so they can install some little app that they have to have. If you're not allowing that, then what do you need windows for?
We ran windows because app support was there, it was inexpensive, and it worked well. What other reasons could there be? I disagree with your question about why run Windows. We ran Windows because it made a lot of sense. Win2k is a good general business platform, and that's what we used.
You forfeited your rights to criticize anyone else's network when you give such a pie-in-the-sky view of your own.
is when you can read a whole thread and not see Mac spelled as MAC
Am I the only one to notice that TFA is bisected by a huge color ad for Dell computers with "Intel Inside"? Ah, the irony is enough to gag on.
I use Mac, Linux and Windows, and to be honest, the only reason I keep using Windows is... well.. Half Life 2. That's it. BTW, i ought to say that i do not use Antivirus programs, nor do i run a firewall, but i do update my computer regurlally. To any extend i have had some virus sometimes, but that would be about 3 or 4 times in 12 years of using windows? (not counting stupid viruses like stoned, natas, and the like) i grew used to the idea of knowing what the OS is doing and keeping an eye on it... but that is the windows story. Well, i do like mac, those are really fun, and way to gay (meaning that it is way too "nice looking", unlike a pc)... my bro owns one and it's funni to compare them, what is it that i don't like from a mac? wey to obscure for me, but then again, i haven't used them that much. My main computer is a unix one, and i hate to admit that i have to upgrade it almost every three days (software upgrades for suse... mostly) but i have no need on being so picky about what is running, what is it doing, what's comming in and out, etc, everything seems to be quite well unless i expresely ask for something else. One more thing about windows... if you have a computer as i have, configured et al, and someone else uses it, and then gives a wrong click to the explorer... darn! the full system will start acting strange, never mind having different accounts, the whole thing is wrong know,, solution? remove it if you can, or reformat, cause windows will never stand a removal (or was it a REMOVALL), i do love mac's for their simplicity, most things are where you expect them to be, and it also looks pretty good. Linux is fine to experiment as you have access to most things, has decent support and all. Well, my point is, you can use whatever you want... but which OS has keep me doing the most reboot-reinstall-try-repeat ? Windows, then Linux, then Mac... Nice choice if you like em, but i think i biased on what i use more. I like living my live without protection, however you have to be carefull nontheless. I love Mac OS Tiger and I love Linux. I have to say that from the Windows versions I do preffer XPSP2... as it is the most stable i have ever tried.. from the windows perspective... but i do hate microsoft OS's to some degree.
Who cares if you can specify what time it checks. Why does it not ask you? I really prfer how OS X asks you nicley if you'd like to install updates now - if so, then it goes and does its thing. If not you can activate it later or it will be back in a week to remind you. And making it go away for good is harder than simply installing the update so eventually most people will get the update installed.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
In his blog, he seems mainly mad about things that are the hardware vendor's fault. I know at my school, we have to fight very hard to standardize on good quality stable desktops (Dell Optiplex 208s currently) that we know inside and out and don't change every two days. I constantly have people bringing ads for $299 'specials' asking why we can't buy 2-3 of these instead of one of my standard machines @ $875. Because we'd spend more in support than we saved by 3-4 fold! I wish people would realize, to a large degree, you get what you pay for - cheap HDs and RAM will crash!
T.J. Schmitz - the man, the myth, the legend - o
Couldn't the same be said about internet browsers? I want a browser to do just that.... browse. I don't need it to fix my spelling, that's what my dictionary is for.
You are right - and that is why the Mac browser does NOT do that.
Instead it uses a standard system text box that supports the standard system spell checker. A Spell Checking framework is, I think, something that DOES belong in an OS because it's so useful to have it in every box you type in, not to mention that every use of it knows the same words I've told it to memorize. Yes I do like to be able to sue the same spell checker weitehr writing code comments or an email or long document.
That is how the Mac is not a loose collection of apps trying to be all things but a general amalgam of things that do a few things well, with other bits embedded to do what they do well. The whole omnipresnce of Applesrcipt on the computer lends further credence to this simple principal that has served UNIX so well for so long.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Steve Jobs wasn't the hero. Steve Wozniak was the hero. Steve Jobs was the marketing guy. Yeah, marketing is important for making money, but it adds nothing to the product itself.
.NET, Eclipse and Borland compilers instead of Dev Studio.
Also, the engineers at Xerox PARC were heros. They came up with the idea of graphical user interfaces, object-oriented programming, and ethernet.
Bottom line: the people who really deserve the credit rarely actually get the credit. Arogant liars and hot heads usually get all the glory because, for reasons I cannot fathom, most members of our species are actually more impressed with flash than substanence.
Also, remember that "PC" and "Windows" do not mean the same thing. I run Windows XP, but I use the bare minimum set of services and products from Microsoft. I use Firefox instead of IE, Java instead of
The great thing about PCs is that they were built open. The quality of the software on your PC is determined entirely by your ability to write quality software or your willingness to buy quality software.
You can have a fast and secure Windows system by removing the crap you don't use and adding good software written by yourself or other people.
I just wished people, especially managers, would realize that a good software developer is worth paying for. He creates weath in the form of intellectual capital goods which in turn allows society to build systems that even a generation ago were unimaginable. I don't remember George Jettson using the Internet.
When you control both the hardware and 99% of the software, you can integrate ELEGANTLY. When you have to run on any piece of crap that can be slapped together and runs its self-test, then you tend to get a lot less elegant.
This is another myth to try and offer some rationalization how other people can run rings around Microsfot in security and functionality.
The truth of the matter is that when you're the size of Microsoft, you really have little compatibility testing to worry about - because you define the API's that BIOS and motherboard makers BETTER conform to. Back when I used Windows each Windows release had a number of bioses that would not work with it until the BIOS MAKERS released updates.
Once off the motherboard, Apple has even more prohblems as far as system diversity goes because they have to work with about the ame number of USB/Firewire/PCI devices that Windows does. But not as many of those same makers are testing extensivley on the Mac as they do for Windows, so for some things Apple has to come half way and make sure the OS works with the most popualr set of third party hardwar ein a way Micrsoft does not.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
And this leaves users stranded when the godlike admins screw up something - you're human, and yes, you're going to botch something at some point.
My mom is an executive with a major pharmaceutical company that locks things down on much the manner you're suggesting. I can't count the number of times I've been talking to her and things are screwed up and we CAN'T FIX THEM, because Administrator is completely locked down. Hell, I can't so much as LOOK at half of her network settings, thanks to the proxies and authentication servers and god knows what else is in there. And support staff always takes *forever*, frequently resorting to blowing away the machine and in *many* cases wiping her (very critical) files. I thought your draconian bullshit was supposed to PREVENT that? Yeah, you sit there thinking it's all wonderful while your employees hate your guts and curse your very existance.
Meanwhile, the whole POINT of TFA was than on a Mac, almost none of that BS is needed. You can run as an administrator and still can't touch the base OS. You won't get attacked because by default NO services are running. Mail, Safari, et al won't run things automatically to "help" you. There are no viruses, worms, ActiveX, or any of that BS to worry about. Go ahead - plug a Mac into the raw, unfiltered internet, give a user admin rights, and they will in almost every case be FINE. Good luck lasting a few minutes on Windows.
It is not funny. It is true. Every time I have mentioned that Windows OS is actually quite functional and stable nowdays that post was moderated down.
Except this one of course, and twenty others just like it.
Yes, it is possible to set it up such that you can execute remote content automatically and get infected. But it is also trivial, and now it is a default setting to configure it NOT to execute remote content. Since Mac can not run that content anyway - that will not be a loss of functionality compared to a Mac.
So then why do SO MANY people still have SO MANY problems? If it's so trivial and so default then why is the gestalt saying "Spyware is annoying me".
That's the disconnect I see. I see a lot of people posting thet they run windows and never get viruses etc. Yet the general populace seems to have plenty of them. So something you are doing is not at all "trivial" or it would not be a general problem.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
You don't seem to understand that it's a problem to make the most popular operating system in the world secure for even the newest of newbie, without pissing off the experienced user.
It doesn't seem to be for Apple. The OS is plenty popular enough to have seen SOME issues by now. Yet not a peep.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Agreed. Using Windows is not insecure if your firewall in XP SP2 (or something else) is on. Spyware only comes if using IE. I have had zero problems with Windows security.
50K systems, with 100K users - so your users take turns playing solitare?
The hardware? You mean because Apple takes a ton of commonly sold components and puts them together in their fancy boxes? Just like Dell and HP do? You mean because they've spearheaded most of the now commonly-used device interface standards?
Ugh. What a complete red herring. Yes, a Mac is built from off-the-shelf components. What does that mean for me as a user? Suppose I like Mac OS X, but the hardware is too expensive for me, or doesn't meet my specific requirements, etc. Where can I go to get a competing piece of hardware to run my Mac applications on?
Likewise for the software. Sure, if your applications are all just pure console programs, you can typically run them on your favorite Unix clone. But the real value of Macs for many users lies in the graphical Mac-specific applications, and for those you are tied to the proprietary bits of Mac OS.
Truth is, with Windows you get software lock-in, but at least the hardware is an open market. With Macs, you get both software and hardware lock-in.
(And yes, I am a Mac user. But let's not pretend that the Apple world is so wonderfully open.)
You can tell all these nay-sayers haven't worked in tech support. Every solution to a majority of common problems is easier to guide a caller through on a Mac compared to a Wintel (even on old systems, OS 7.x, Win 3.11, etc).
:-) My job was off-shored.
Does Windows allow you to make network locations yet? That would probably make your job easier, wouldn't it? Being able to make a fresh location with fresh IP settings.
Here's a fun example: "Hi, my start button is on the top right, how do I fix it?" It's so obvious for all us geeks how to fix that. I had any number of callers who'd had their taskbars in places they didn't like them for months because they couldn't figure out how to move it back (or they'd accidentally resized it to be one pixel high). These are just boneheaded things in Windows; how hard would it be to put taskbar placement in the control panel (or a context menu for the grannies who've figured out when and where to use the right button)?
Ah tech support -- I don't miss you.
Read Heinlein's 1953 Revolt in 2100, now more than ever.
2. The CEO of the privately held company helped design parts of the IT policy. A very, very saavy man. Him and the old CIO that I replaced (after he dropped dead) designed the IT policy from the ground up.
As I said before, good management is probobly the only reason your solution has lasted this long. One quarter with a PHB type CEO and your solution will be biting the dust.
3. Contrary to your claims of the extremely time consuming nature of the process, it was only time consuming for the machines. As I mentioned, the IT department here was very small. Myself, four full timers, a handful of part timers on the help desk, and that's it. For managing 50,000 machines and 100,000 users, with 80 servers in the mix. Thats a good ratio, and depending on your industry, probably 5 times better than anyone else.
I cannot for the life of me see how a handful of IT staff handled 100,000 users. I worked in a company with 200 users and the five helpdesk personel spent most of their time running about, setting up email clients, installing new hardware and finding lost files. What are you doing to the clueless lusers who lose their files or forget their training? Who installs new PCs? Are you delegating duties? If you are then you need to revise your estimates of helpdesk personel.
How? See, we had dozens of you guys show up, take a tour, and tell us how linux would be much better! Save us a million bucks a year! It's like the long distance guy who calls up and says he can save me $50 a month on my phone bill, not knowing my phone bill is only $25 to start with.
How is it going to be more manageable? We had complete control of every workstation. We had neatly divided groups of policies that were handed out to users. Machines were evenly and routinely updated. Making large changes was as easy as small changes. We were able to quickly and easily deploy large changes as needed.
The fact is, you have no basis for your assertion. You assume that *nix would have been better, because you can't believe that a Windows network would work well. But I am telling you this: it did.
To begin. Windows licencing. I haven't looked at this in a long time, but I'm going to hazard a lowest possible estimate of $50 per machine, not user, per annum. Times 50,000 machines. Bang. $2.5 million big ones.
Are you using office? Lets pretend you've got the lisencing agreement of the century. $100, per user, per annum. Boom! $10 million dollars. Down the toilet. And I mean down the toilet. No organisation should be paying $10 million for office. No one.
Lets not even mention the servers. I shudder to think of the fodders of money you are forking over for the privilage of ADT and Exchange.
This is my basis for lower cost. Let the TCO waving legions come and get me. They are full of it. We are talking 50,000 machines here. User licencing costs are $0 total for linux. Zero dollars!
Server? There's always RedHat to buy from if you wanted to buy. That's expensive, but seriously, for a network this size, your server should be your own, rather than Redhat's.
How is it going to be more manageable? Where do I begin? For a start, do you even want PC's anymore? You could go for thin-clients on NX or the like and save yourself millions by the time the next upgrade cycle comes up.
Every single thing about Linux is customisable. Everything. There is nothing you cannot manage. Right down to chroot to keep clever users in check. You say you can manage windows. Not half so well as you could manage *nix.
Updating. Can you say auto-rpm. Every app updates itself. Every app, thousands of apps. Not that you need many apps anyway if your migrating from windows.
Everything that you have described doing in windows can be done in Linux, and I would imagine to a greater level of customisability.
At least you won't have to image anymore. Training is obviously an issue, but a lot of apps are similar to the MS apps anyway. Migration of custom solutions could give troub
May the Maths Be with you!
Because it's crap?
you had me at #!
Very often we sacrifice elegance for user-friendliness --- something which the Windows and Macs hordes will take lifetimes to grasp. (Not that they anyway.... as long as their boxes are purty)
RTFA and RTFB and you'll see that what pushed him over the top really is central to WinTel. It's the separation in responsibility between hardware and software vendor. His Sony laptop was on the fritz but his hardware vendor (Sony) blamed it on the software.
That cost him three months of constant annoyance before they'd admit it was a hardware problem.
"3 months into this, Sony says, "OK, it must be the HW."
The sheer amount of time I wasted was extraaordinary - to get a WinTel vendor to cop to the fact that HW does break, and all I needed was a HW fix - NOT reinstall XP Pro.
That was me. I like to think my time is valuable. So, if I spent 100 hours (conservatively) on this, how much is that worth? To me - I would have bought ANYTHING to make WinTel go away."
Apple isn't as likely to do this, so his switch is entirely rational.
Most people don't value their own time rationally - if they did WinTel would be in far bigger trouble. (Free software isn't time efficient either, unless you care about the "free" part - which is rational for at least some folks to care about)
.. after seeing the image of your massive two screen desktop and generally droolworthy gear setup.
;)
But then I noticed your Newton and heck I can't stay mad at a fellow Newton user
what a lamor, he should just face the fact that linux rocks, and these proprietary systems are all architecturally flawed to the point of FUBAR.
the only permanence in existence, is the impermanence of existence.
Which may or may not be in classic view?
Mod parent up into the high heavens.
I've been doing phone support for the past 5 years for various companies and will totally agree that windows XP is a lord of the dogs pain to actually support on the phone because things may or maybe there.
I have adapted by usually added inclusions to my speach:
"Ok click on start and look for settings? If you don't see it thats ok and then look for control panel. Ok once we are here I want to look in left hand top control panel and look for 'Switch to Classic View' and click it."
Don't get me started on how to describe how to accept all changes in Word 2003 since they removed it from the File, Edit, Format, Tools menu.
"Ok lets check to see if reviewing toolbar is on? Ok it's on? Now look for the check mark on the toolbar. 5th one over from the right. On the same toolbar that says Final Showing Markup. The other one!"
On a Mac at least it's easy to describe it over the phone with the system. Although MS Office on the mac is about the same in difficulty describing where the things are. Oh well.
I wish MS would just include a keyboard shortcut in order to describe things by words rather than Icons. And keep things universal on all platforms...
Make tech support a whole lot easier.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
So, he was a PC bigot, now he's a Mac bigot?
Seems like there's one word in common there....
You whining lazy fucktard. Being an admin is not always easy. But there are more tools at your disposal than you can shake a stick at to make it easier.
I'll come in to your obviously backwards organization and within a week or two have all your windows machines locked down, virus free, firewalled off, spyware free and user proof..
Just be a fucking admin for christs sake. Don't go and "upgrade" (ha). You obviously must be a business that doesn't really do much business stuff. Getting industrial grade business software on the mac is a joke.
Karma means nothing to me, so suck it...
This is THE biggest problem with Windows. Mentioning this is the way to make a Windows fan stop in their tracks. The fact that Multi-user stuff was bolted on later shows, and it is the reason I now use Linux.
Open Source Sushi
And there is NO antivirus included. Despite years of problems with Window's viruses. MS is trying, I'll give them that, but they still fall short.
Open Source Sushi
So Microsoft is guilty of bloating its apps, indeed, but it is at the same time guilty of feature hyping. Why? Because they keep releasing new versions! They dont go from Word 8 to Word 8.1, they go from 2000 to XP to 2003.
They are playing the game: they are making users think that all their software is a breakthrough. They are guilty.
O make me a mask
Most people expect a browser to display html, download files, handle multimedia content (flash at a minimum), make use of cookies and have the associated management tools for the cookies, have javascript support and associated management tools and options (e.g. disallow sites from opening popups, but have a little icon so you can enable for a certain site), have java support with associated options, have tabbed browsing with associated options for all links (e.g. open in new window vs open in new tab), etc, etc.
.exe files won't. No embedding executables into documents! Documents are not programs, and programs don't belong in document.
A browser is a platform upon which many types of applications can be built, that handles a variety of very different content and executable code. And it's all supposed to be so user-configurable that even if someone has cookies and javascript disabled, the application is supposed to be functional. And it's supposed to look good no matter what the font settings or resolution on the local system.
This is why web applications and web browsers are complicated. If you really want a browser to just "browse," get netscape 3 or lynx or something.
This is also why the WWW is such a huge mess today. It was designed to be a method of rendering hypertext markup over the Internet, and has slowly grown into this "platform" mess that it is today. If it had been approached from a "platform" standpoint in the first place, I imagine it would be structured a lot differently...
- The "browser" would be basically a network-aware file browser; quite a lot like Windows Explorer / Internet Explorer in that manner. This is one thing that I can honestly give MS some credit for; displaying (at least certain) documents inline, rather than always opening them in another program, is a Good Thing.
-The "browser" would make use of plug-in modules to display different kinds of content in-line (instead of double-clicking something in your file browser and having it open somewhere else, that something shows up *in* the browser). The OSX Finder works in a similar manner, though I don't believe it uses plugins to render the inline content, and it only does so in column mode, not just the content alone in a window.
- If some content (like HTML) has embedded content (like a JPEG), be able to call on another module to display that content inline as appropriate.
- If you point the browser at an executable, like a Java applet, then your computer will try to run that executable. If you've got a JVM module (wherein your Java setting would be kept), Java applets would run. If you're on a Mac,
- On the same note, Javascript as it is would not exist. You'd point your browser at, or be linked to, a *Javascript file*, which would execute via a Javascript interpreter module (wherein your Javascript settings would be kept), and probably pull up some HTML files and so on and so forth to give you your interactive "web application". Programs/scripts can call on and manipulate documents just fine, but documents running programs is where problematic things like ActiveX come from.
- The browser itself would be aware that some things in some content reference other content or programs, and have settings for what to do about tabs, new windows, etc.
In the end result you could have something that functions a lot like the web does today, but is implemented far more elegantly. A standard interface for such a variety of content and code over the Internet, implemented explicitly as a replacement for your file browser (like Konqueror or Explorer do), preferably keeping the old methods of browsing available too (in OSX, my OS of choice, I'd love to just see the icon view function as an inline "web" view using WebCore when pointed at something that's not a folder).
THAT would be a true "platform". What we have today is a loose amalgamation of standards half-cobbled together with no rhyme or reason, desperately trying to move forward while maintaining backward compatib
-Forrest Cameranesi, Geek of all Trades
"I am Sam. Sam I am. I do not like trolls, flames, or spam."
- Just do the legwork of downloading all the patches first and building a custom, patched windows install so it's patched before you connect it to the internet
- Buy some decent virus software and make sure it's up to date and hasn't been turned off by malware
- Download a couple of spyware checkers and make sure you run them regularly
- Go through your system and configure this and that. Turn off this. Firewall that
- Don't surf to any sites that might be "dodgy"
- Download and install Fire Fox and make sure you use it instead of IE
- Be carefull when checking email. Don't even open email if you aren't 110% sure of what it is. Just delete it, if it's important enough, they'll call you to make sure you got it OK and send it again
- Just buy and configure a big corporate firewall and install perimiter virus filters on all traffic
See, it's easy. You too can use Windows safely!Let me see, on OS X you...
- Turn it on
Seriously, I'm obviouly being a bit dramatic, but really. This guy needs his people to do some basic things with their computers. By moving to Macs he greatly simplifies "all the other stuff" that needs to be done to "just get work done".Besides, if I were going to outfit a firm I'd recommend Macs for almost all their clients anyway. Why?
- If there is a Mac-only program that does the job best, use it
- If there is a Windows-only program that does the job best, connect to the Windows 2k3 terminal server and run it
- If there is a Linux/Unix-only program that does the job best, X11 into the Linux/Unix Terminal Server and run it (or if you don't need the window manager, just run it through X11 locally)
There is no other client that can do all these things. Linux is close (it can run Linux and Windows (through rdesktop), but not OS X apps (APPLE, I WANT TIGER TERMINAL SERVER!!!!). Windows, OTOH, can only do windows (unless you do backflips with cygwin or purchase expensive X11 software) and it can't run Mac Apps either.Chances are, most users will be able to most, if not all their daily tasks on the Mac. Those that can't can connect to the resource they need with X11 or rdesktop and do what little they need to do that way. We are finding that ThinClients (netbooting to Linux ThinStation) rdesktop'ing to one or more Win2K3 Terminal servers allows a vast majority of our users to do everything they need to do. And I only have to patch, configure, update and monitor a few high-end servers. But even in this situation, having a Mac on the desktop would solve the same problem and give the added bonus of being able to choose best-of-breed software for ANY platform, including OS X.
My friends are always reminding me how easy it is to keep their systems running, you just have to follow these 25 simple rules twice a day and reboot every week with bi-monthly re-installs and your all set. I don't get it. I do some routine maintenance on my Mac at home, but my wife and kids don't. I never turn my machine off. I have virus software installed (clamAV) but I only use it to scan attachments that my friends send me ("I didn't dare open this, d'ya thinks it's a virus?").
Windows users have gotten so used to buying special software for protecting against that, downloading special software to protect against this and messing with all these settings and tweaking all these permissions, and... That they really don't know what to do with at system that just works securely out of the box.
Remember the commercial Apple had for the original iMacs where Jeff Goldblum said something like "Step one, plug in the power cord. Step two plug in the phone cord. Step three... there is no step three". Although not quite what we are talking about, I think it has the same ring to it.
"terrorism" and "pedophilia" are the root passwords to the Constitution
It's all about the software anyway, and if you just need a glass typewriter the software is on a lot of platforms, and the Mac Mini is fast enough for the job even with a laptop drive. If you are doing other stuff a cheap, nasty and faster wintel machine with a lot of stuffing around and a half decent OS is another option - which is what I've done.
Uhh... dude.
I said exactly that.
In order to get the machine to go to your inserted branch, you need to get the machine to call blr twice without a segfault or blasting your egg. This means, in general, you can't just smash the stack as freely as you can with an x86 box, you need to care about the saved register contents.
It also means that it's much harder to pull off when a function is called after the function you exploit. This is actually a common idiom too. You copy a buffer from a read, then call a function on it. Hope your egg is on the heap, and doesn't get blasted.
This is harder than on x86 architectures. It doesn't make it impossible.
Slashdot. It's Not For Common Sense
I don't know what people like this are complaining about? I have a router, I have software firewall/AV program and I update when I get notification. Dealing with SPAM takes far more effort than dealing with any kind of attacks if you take a few precautions and aren't naive.
I was kind of confused when I first saw the title: "Apple: Mad as Hell, Switching to Mac" Why would Apple be mad? And aren't they already with Mac?
Read my blog: HansMast.com
People who use this market share theory are engaging in logical falicy. I see it so often used that I am on a bit of a crusade to crush it.
The fact that Windows is attacked (and exploited) does not mean that it is as secure as Linux or Mac because they are not attacked. What it does prove is that Windows is insecure. It says nothing about Linux or Mac security and people who speculate about Linux or Mac exploits if these systems had a higher market share are just that, speculating. The Windows exploits do prove that Windows is insecure however.
Note what the other poster has mentioned about Windows being vunerable to whole classes of exploits that form a Universe unto themselves.
Kind Regards
"A few great minds are enough to endow humanity with monstrous power, but a few great hearts are not enough to make us w
Yeah, I've had similar thoughts. Suppose Windows was supplanted by competition, or forced by anti-trust laws. Well, if MIcrosoft just just get everything ported to .NET, then they just need to get the .NET platform ported to whatever major OS platforms there are out there. MONO is doing that for Linux already...
.NET implementations, and start selling Office on each of those platforms."
Justice Dept.: "Microsoft, stop making Windows a monopoly"
Microsoft to Justice Dept.: "OK, no problem."
Microsoft to Self: "Release the
The XP box, while it doesn't crash per se, completely forgets it has a network card about every 58-64 days or so, but a reboot fixes it.
So why blame Windows? Why not blame the network card driver?
First off - my wife knows not to open attachments and not to run wierd stuff, she's not a total dumbass but even though, every few months the amount of spyware on her machine would get so bad I'd have to spend several days hunting it all down.
Well last time she said "my computer keeps popping up windows all the time and it's slow again" I said fine, here's a new PC, the Mac Mini I bought and didn't really need so here you go.
Ya know what? It went real well, she's been able to "relearn" most of the stuff she does with little or no help from me, she's figured out most stuff right on her own, something she wasn't typically able to do on Windows. I'm extremely happy with how painless her transition to the world of Mac has been so far.
And now when she gets a link to something she's like "is it ok if I open this link?" I'm like "sure there's not THAT many viruses, etc for a Mac, so you're likely safe".
--- www.f-theocean.com
try limiting her account to a regular user's rights [or less] and you can help to limit her self-inflicted damage.
use windows fairly comprehensive, but unituitive file permissions as well [if you have't already, of course].
good luck =)
sum.zero
this is another example of someone who doesn't understand what the real problems are. BIOS? BIOS sucks, but not in a way that makes Windows bad. Even Windows no longer depends on BIOS to work anymore. Hardware? Sure, if you depend on Apple for all your hardware, there will be no compatibility issue. One of these days, everyone will agree on endianess, CISC versus RISC instruction sets, segmentation, etc. Until then, we'll have to make due with the Intel way and everyone else's, along with all those portability issues. Windows sucks because it comes up with dumb standards, breaks them with each new version, and emphasizes the interface over usability and functionality. However, on the last item, OS X has problems to overcome as well.
XP's firewall has been called by a number of people to be crap. Why? Because it isn't the greatest firewall in the world. Look up the differences between the Firewall in XP and a real NAT firewall.
need i say more?
I saw a few joecartoons and then (it was real funny and all ...but whatever. So I never bothered with it since I kept having to reinstall everytime mozilla had a new major release.
It really irritates me when I can't download drivers from some site because their main page is in flash though.
Just get OCSmart hacks. Haven't tried it on 10.4 but it used to work fine under 10.3
http://www.ocs.cz/OCSmartHacks/
There are two rules for success:
1. Never tell everything you know.
It is not fair to accuse Windows of being less safe then Mac, or to accuse them of needing too many patches. Seriously, if you were a hacker, bored 16 year old sweedish cyberpunk, whatever, and you want to create a big problem for someone else, so you can laugh at them, would you aim for A) the minority of computers, or B) the majority of users. Of course B, by aiming an attack at windows, you can mess with a zillion people at once. Multiply that by the fact that the majority of those cyberpunks have pc's to start with and you end up with lots and lots of security patches to keep ahead of the curve. Comparing the pc community to the mac community in terms of dog eat dog is like comparing the primordial oceans to a muddy puddle full of bacteria.
I think there are a few issues here that people are using unfairly to blame individuals or organsiations:
1. It is clear that the Winn has a problem with his Sony product and they are simply a torrid example of current PC manufacturers. They are a relatively new player and do not compete with experienced PC companies on the same level- they still treat PC hardware like fixing TVs [luxury items that the user can do without for 6 weeks whilst they figure out how to fix it (if at all)]. They are an enormous organisation and are not managed nimbly like newer PC companies. Their engineers have no idea about building or repairing a computer (although they bring to the party their Great Strength for making really sexy little devices extremely well). We've had 6 of their laptops over 5 models and can say that no-one should buy their product ever... not once have we been in any way happy with their 'assistance' or approach. They are simply unprofessional in the IT arena (and don't care that they are).
However Winn obviously has a wealth of PC experience and this is hardly the only reason he started this blog.
2. Many other PC hardware vendors commit terrible, dumb mistakes (remember the <a> http://www.theregister.co.uk/2003/10/22/fujitsu_hd d_fiasco_to_end/ </a>Fujitsu and <a> http://techreport.com/onearticle.x/6292 </a> IBM hard drive fiascos where millions of hard-drives were sold that they knew were faulty but did not admit it? Their refusal to admit this probably cost their customers more than the sum of the drive sales, production and enineering. THe cost of data loss and recovery, repairing machines... the lost reputations and business, literally no-end of trouble for people throughout the supply chain from end-users up.
As do driver issues, software and hardware incompatibilities and all the other things that go on every day in an IT person's world on any platform, though less so on Nix platforms (inc. OS-X) than WinTel. But so it should; WinTel provides more hardware and software choice and hence many more uses. It is everything to everyone but it is just so awfully very badly done. How lucky we are that the team at Apple have succeeded in raising the bar.
However so many of these problems come about as the environment we work in fosters them; indeed it is our business environment that has made these exact problems inevitable for any new product, including perhaps OS-X.
There is very little respect for engineering IT products and software properly, as the pressure is on to increase, release and produce. It is almost impossible to get it right when the average data product ships with such serious software flaws that make the claims on the packet look nothing short of deception.
Add to that the very short life-cycle of the products that we as consumers and consuming organisations cannot afford to follow and wait for normal replacement procedures. If a vendor sells it and it doesn't work, it's usually cheaper to landfill what you have and buy another one rather than figure out why (which the vendor often knows but but will not let on) and try to negotiate a solution from someone working on a 3% profit margin.
And don't forget to add that to the way we canibalise innovative companies at the drop of a hat in the stock exchanges, or create such enormous waste at so many other levels such as the production of plastic products and packaging (consider the widespread use of CD and DVD one-time use media as oppposed to CD and DVD-RWs) as well as our love of plastic computer and peripheral cases that have between 5 minutes and 2 years use in them. Let alone the duplication of unnecessary, out of date or misleading marketing; the production of upgrades and new models for marketing success rather than technical advancement; how inadequate products are taken to market and then dumped without support due to the manufacturer's total focus of meagre resources on the new model, etc.
Apple has come in on a niche market that
As I said before, good management is probobly the only reason your solution has lasted this long. One quarter with a PHB type CEO and your solution will be biting the dust.
Well, right. That's like saying "One quarter with Microsoft management at Apple and bam, Apple is Microsoft." Well duh. Obviously the management side of things is what makes the difference.
I cannot for the life of me see how a handful of IT staff handled 100,000 users. I worked in a company with 200 users and the five helpdesk personel spent most of their time running about, setting up email clients, installing new hardware and finding lost files. What are you doing to the clueless lusers who lose their files or forget their training? Who installs new PCs? Are you delegating duties? If you are then you need to revise your estimates of helpdesk personel.
That's the point I have been making! Users have one location to store their files - they have no write permissions to any folder except the one and their own subfolders. Users have the *same* e-mail client, with settings centrally administered, that they can't modify or "tweak". See what a difference that makes? There is no running about. When I was running things my IT guys and the helpdesk never had to visit a workstation except if it had hardware problems, like a bad motherboard or video card. And even then, it was just to drop in a replacement and boot it. Since everything is centrally managed there is no migration. Users could be moved from one workstation to another seamlessly.
To begin. Windows licencing. I haven't looked at this in a long time, but I'm going to hazard a lowest possible estimate of $50 per machine, not user, per annum. Times 50,000 machines. Bang. $2.5 million big ones.
First off, $50/each is high. We paid, I believe $88/machine for a full complement of MS software - Windows, Office, licenses for the backend tools, various odds and ends MS makes, etc. But $2.5M sounds like a lot to you, and in an abstract way it is, but whne you look at it as part of a $50M IT upgrade, it's only 5%. Let's say everything else was 100% equal with a Linux solution, and we went with a roll it your own solution instead of a pay per vendor like Novell or whomever. Let's say all of that is true. A 5% difference in cost between solutions is not huge! Especailly when you figure we figured the costs for a 7 year schedule. That's $350,000 a year for 7 years. Not chump change, but for a company with a payroll of $3 billion, it's not that big!
This is my basis for lower cost. Let the TCO waving legions come and get me. They are full of it. We are talking 50,000 machines here. User licencing costs are $0 total for linux. Zero dollars!
You are a fool! People don't run the "free" versions of Linux on a 50,000 station network. Maybe some of it, but not all of it. It's a lot of work, especially if customizations are made.
How is it going to be more manageable? Where do I begin? For a start, do you even want PC's anymore? You could go for thin-clients on NX or the like and save yourself millions by the time the next upgrade cycle comes up.
First, this was 2001, and let's remember where Linux was then. Four years is a long time. Look back at what REdHat and other vendors offered. RedHat 5.x was vogue. NX wasn't dreamt of. Secondly, thin client has it's own host of problems, and even with a generous allowance for the scalability of Linux, we'd be talking 1 server for ever 200 users, or 250 terminal servers, plus the 80 we already had for applications and the whatnot. That's an additional load for management to be sure on the server side, which is where 50% or more of the time went. And frankly, thin clients are not all that cheap or prone to resist upgrade costs. I looked at the option though the decision was made before I got there. An X or WinTerm is going to cost between $300 and $500 a seat, whereas we paid in the realm of $1K/seat for the workstations. If it were 10 times cheaper,
Your opinion is it's a lot harder. I am sayng in my experience, it's not. We spent about 4 hrs once a week keeping a 50,000 machine network secure once it was setup in a secure manner. I guess I am not following how it could be better. Are you saying with OSX it'd e 3.5 hrs, or 2 hrs, or what?
I can't speak for others. But I can speak for me. And that's all I've done.
Look, I am saying this. After setup, we spent about 4 hrs a week to update and keep secure 50,000 workstations with 100K users.
Could be done easier with Macs? I have no idea.
...Its protools problem, not Windows 98. Windows 98 is well over being fully mature in development.
/rant
On another note:
Protools is about as anal as Macintosh, you have to buy their hardware to run their under performing and over hyped software.
Macs are for the non-computer savvy, so its one less thing they have to worry about. Studios started adopting the system as a standard because of this reason. Recording engineers at the time of the digital transition age were computer illiterate. Also they adopted this as a standard so you could transfer projects from studio to studio with ease.
Though it's really gotten out of hand with arrogant musicians suggesting that a studio that does not have a protools rig is not "up to date". Bullshit I'd rather go to a studio running a PC DAW any day, chances are it shows that they are probably more computer savvy - translating into faster work methods and money saved.
You could buy a pos digi001 system w/ protools le and put it in the rack just to say you have protools to impress your clients and not even use it and they will be all like, "Yeah Protools, we's gonna sound likez rawk starz dawg!"
Though the standard Mac mouse is only one button, Macs can use multibutton mice. Apple even sales them. They also sale scrolling mice.
FalconShould there be a Law?
"Thank you Number One". I was a multi-platform user before it was "cool" (or even affordable... yay grants!), so I always had to deal with feeling like I was an endangered species. The debate about one OS over another would rage on Usenet and BBSs, often VERY immaturely. My point is, almost everyone had an incredibly strong opinion on which platform was better, and these arguments would get very base and inarticulate. That said, just reading things on /. such as "I don't care which platform you prefer" and "Each has it's own strong/weak points" is an incredible step forward compared to the dark ages where you had to hide your OS preference in mixed company for fear of igniting a riot.
Applying Moore's Law to OS Diversity Tolerance,
we can almost expect to see Lindows on the point of sale terminal at Jiffy Lube within 3 years.
You mean like Tiger?
Not much difference in the methodologies there, except Microsoft's incremental service packs and updates are free. I don't even know what he's saying here. Not every bios is exactly alike, but they all must conform to certain specifications if they're going to exist in the x86 platform. So long as that's true, any x86 OS is going to run just fine on it.
This is most definitely true.
It's also true no matter what hardware platform or operating system you choose to use. Why is this Intel/Microsoft's fault? Aw. Poor little IT supervisor couldn't be bothered to read up on the specs of his hardware, or navigate to a hardware site and read a review. "Whatever" indeed. True again! For any hardware you buy!
Did you know you can put shitty RAM in Macs too?! OMGWTFBBQ!!1! There's nothing wrong with simplifying a client network environment. It can be a big help. I would recommend using machines that all have the same hardware and software configurations as much as possible, that kind of thing greatly eases support and administration. Such a thing can be done on both x86 AND PowerPC architecture. True, Windows can be tougher to tighten up, security-wise. But with the right group policies in place, IE can be just as secure as Firefox or Safari. In OSX you don't really have viruses to deal with, but you could get the same result with Linux. The problem isn't that the OS is super-duper complex between the user and the BIOS, the main problem is that security hasn't been Microsoft's priority for the past decade. Again, if all he wants is a "simplified" OS, DOS runs fucking amazing on Pentium 4s. Every modern operating system has its complexities, and if you're going to properly administer one, you have to know its ins and outs, and you HAVE to be able to secure it. This goes for Windows, Linux, Novell AND MacOS. You can't just say "IT'S ALL APPLE K-I-S-S" as if it's a big band-aid for your ignorance of how to properly administer and secure a corporate network.
If you're productive enough in MSW2003, use it.
Just for a data point, though. My sister's iBook is hanging on a Comcast sharkfin, no firewall.
No problem.
I put it to you that you lied in your original post. You claimed to run a network of more than a thousand machines with not one of many things, including BSOD.
It is interesting to note that in your second post while explaining how you did it you mention having to reinstall the OS and software from an image. If there were no crashes etc. then you had no reason whatsoever to re image any machine.
It would be so nice if the Windows kiddies stopped lying.
Same ol Same ol, "because so many windows people are using it".
Yet as the old chestnut goes, Apache is immune. And if it were really a question fo numbers then there would be a small but somewhat equal percentage of OS X users with issues (instead of none).
And you seem ot have confused possible holes in some linux distros with actual exploits, which again were far fewer in terms of percentages of people using those systems. Come to think of it, there were some problems with earlier Linux distros even though that target to hit was far smaller than the installed Mac base. So then, I repeat - why are there NO problems for Mac users yet?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Hmm?
I tried using Norton, and it just sucked way too much power out of the box. So I shut off active protection, just used it to scan files from suspicious sources. Then I uninstalled it.
There was that AV done by the college professor, but he gave that up around system 8.1 or so. Disinfectant, it was called. Didn't expect to have time for it any more. But the flood never came.
During most the '90s, the most effective anti-virus for the Mac was a part-time project from a college professor and a few of his students.
And it was all that was necessary.
I too used to help a LOT of friends with PC issues. But you are right, that getting a Mac brings with it the bonus of peace - because my other Mac owning friends simply hardly ever need help.
I do take pity once in a whle on friends who had a chance to buy Mac laptops and decided to go with Toshiba or someone else... at least enough to point them to Linux boot distros with sense enough to tell them RAM was shipped bad from the factory.
No more is right! It will be interesting to see what the crumbling of this hidden support network will do to PC makers like Dell.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
To be honest with you, someone has at last made a TCO argument that makes sense to be. You have shown that considering that software was such a small percentage of your IT budget, savings to be made by using Linux were small in comparison to the project as a whole. You also appear to have gotton the bulk licencing deal of the century, which was probably a good incentive to go with windows.
I would agree, that in 2001 Linux was not a viable option for your network as it still too immature. Your point about Oracle is also significant as at the time again, no alternative existed. Also at the time, apps in Linux were lacking, so it would not have been a good idea to use it. By the time 2007/2008 comes around, then yes, naturally Linux will be on the list of alternatives. And I would say that even now, and certainly by 2007/8, it will be a significantly more inticing solution than an XP pro based network. I don't know why you dismiss the "free" distros on the workstations. I am aware of at least one medium sized (~150 PCs) network where this is the case.
Everything you are doing with windows is more doable now in Linux. It clearly wasn't in 2001. Also in 2001, all other *nix based solutions were probably more expensive than windows solutions, so your choice to go with windows in 2001, was probably a good one. And as I recall in 2001 the windows security situation had not become as outrageous as it is today. So your solution at that time, was both a fairly cost effective and secure one.
On the matter of your "zero" security problems. I would say your true rate is somewhat higher than this. Yes, a monday morning audit on the wiped machines will reveal "zero" problems, but I feel a friday evening audit would tell a different story. Again, the keystone of your security is the OS imaging and reinstallation on weekends. If you stopped reimaging, for whatever reason, would your network remain secure? Imaging OSes is a luxury a great many admins simply cannot afford. Is this really a solution, or a workaround? And is this what has to be put up with to run an efficient windows network.
May the Maths Be with you!
Yes, a monday morning audit on the wiped machines will reveal "zero" problems, but I feel a friday evening audit would tell a different story
That's an okay opinion to have, but it never happened that way. Maybe after all this time it's possible.
Imaging OSes is a luxury a great many admins simply cannot afford. Is this really a solution, or a workaround? And is this what has to be put up with to run an efficient windows network.
I guess this is were we disagree. I think the imaging solution is ideal, you think it sucks. I've found it's ideal because I can use one "package", one format, one method for all patches. I can roll a service pack the same way as an application update. RPM is very nice and nifty, but still limited. If I wanted to upgrade all my boxes from ext2 to ext3 there isn't an RPM for that, but if you were using an imaging solution for Linux you could in fact do it transparently to users as part of your regular maintainence!
Any manual intervention would be anathema to a network this big!
Do you remember the days when all it took was to drop two incompatible Extensions into the System folder was all it took to make your Mac unbootable?
Sorry buddy, I'm no rabid Mac fanatic from long ago. I remember far more than that - I remember endless boot sector viruses that would lay people low in no time at all. I remember horrible crap happening from the lack of real memory protection.
That in fact is exactly why I did not buy a Mac for my own use during the OS 7/8/9 days. Because then I far preferred Linux and the stablity and security it offered.
But those days you live in are past. Now OS X has been out for YEARS and also undergone about 20 Windows-years of refinenment (meaning it us undergone about as much change in the time it has been around as Windows did over the course of its lifespan).
So your cheap and desperate attempt at a goad falls far of the mark, and in the end you are left with - nothing.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
It can. The 'default' setting is off. If you enable it, then defaults to 'just do it' mode.
You can (as I said in my original comment):
Sorry, I did miss that last part.
However that's another thing that really bothers me about windows - you're always just one configuration step away from actually having it behave how you want. Funny the defaults seem to suit almost no-one...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I applaud your setup. Really. I admin a smaller heterogeneous network with about 20,000 users. We have Win 98,NT,XP,2k,2k3, OS2, Linux(several flavors), OS 7.6-9.2, OS X 10.1-Tiger. I really wish we had the amount of say over what our users ran on their systems that you do. It would be wonderful.
In our situation, all (new) systems receive some tweaking before being hammered on by the end user. But by far, the most locking down, adjusting, and configuring is done on the Windows Boxes (XP SP2 is much better in this respect). I always feel much more comfortable giving an OS X system to a clueless user to (try) to abuse and still allow it on our network than a Windows box. If nothing else fixing most problems on OS X is usually just a matter of trashing the user's "Library" folder; sometimes the user's folder itself. On windows, we almost always just re-image and pray the user has all their data backed up. It's just not worth the hassle to futz with it.
The problem is keeping all the images in order and up to date. we are much more likely to get boxes with the exact same hardware in them from Apple than we do from Dell. Dell isn't as bad as, say, Gateway in this respect, but the "same" machine purchased a few months apart might have different hardware in it. And God forbid if you try to do a clean install of a different OS without Dell's CD to kick it off with the right drivers. You'll spend all day searching for and downloading them and hope they work.
We just don't see that with the Apple's. End-to-end, they're just a lot less hassle and don't need all the third party software (Patchlink, AdAware, SpyBotSD, NortonAV, FireFox, etc.) to make them usable.
In a utopian environment like yours, PC's can be made to work just fine, but I'd argue that ANY OS could be made to work when you have an environment like yours. BOFHs, like me would love to have a setup like that :-) But it just isn't reality in most places and for a "small shop" like what the article was talking about, I can see where switching the entire infrastructure to Apple would make a huge difference. You could actually change your focus from locking the user down to helping them be more productive. It's would be a whole different mind-set.
"terrorism" and "pedophilia" are the root passwords to the Constitution
I'm not certain but I think kids might be hazardous in a lot of computing environments.
I got my daughter a Mac because I was tired of reinstalling her Windows box. She'd start having problems within a month of install, and 2 or 3 times a year I'd have to wipe it and start over. She had a few problems with her Mac at first, but a bit of training and they vanished.
But...
Six months later I went to do a software update on it and there wasn't room, and then I couldn't find half the programs I tried to use to figure out what was wrong. I think I may have even had to copy Terminal.app over from my Mac. I found that she had accidentally moved her iTunes music to the system partition (this was an older Mac with an 8G limit on the boot partition), ran out of room, and gone in to any folder on her system disk she could find and deleted stuff to make space. It's a good thing "/usr", "/etc", and so on were hidden from Finder... but she still managed a pretty impressive job on what she could find. After seeing this I'm amazed that her Windows system hadn't been in worse condition.
I moved her music back to the big partition, brought back some of the more critical apps and utilities, and ran Software Update. It was all still working fine when I upgraded her to a newer Mac a year later.
So kids can really abuse computers, but Mac OS X seems able to take kid-abuse a lot better than Windows can.
I had been using Windows my entire life, if not longer, and I just made the switch 2 weeks ago. I was tired of Windows' instability and security issues. I love the mac architecture and don't think I will go back to Windows any time soon.
Look at all the nay-saying posts that accumulate whenever something positive is said about Apple Computer. I'm not computer literate at all. I'm not interested about the hows and whys of how a computer works just as long as it works. Which is why I use a Mac. If I was into games I would probably buy a PC but I'm not. Yes I am your average clueless computer user that you IT people should be thankful for. I click on those links and open those attachments. You should be kissing our asses. We help keep you employed. If more people start getting 'mad as hell' then I think that most of you IT folk may end up waiting in the unemployment line. ....maybe that's why all the anti-switching nay-saying....hmmmmmm?
http://www.businessweek.com/bwdaily/dnflash/mar200 2/nf20020313_1562.htm
I used to be a contractor at a government lab. Around 2002 I ordered about 24 dell precision workstations running linux. These were high end machines, about half had dual processors, about half has 20" LCD screens ($4000 each). Every one had the video card fail. It was a german company's NVIDA card. They all failed the same way. Dell replaced them as they failed with refurburshied cards. About 50% failed more than once. We had a motherboard fail after about a year. I seem to recall one hard drive failed. We didn't have bluescreens as we were running linux. We did get compromised because the sysadmin didn't run a firewall but wanted to use tcp wrappers. I got a new sysadmin who put a firewall on each machine and there were no more problems. I would guess that 5% hardware failure rate per year is pretty common, based on my 24 dell high end machines.
I've been thinking about how one has to devote time to a Windows based machines versus a Mac. Prior to Microsoft's Monthly Update (where they release patches for vulnerabilities) it wasn't uncommon to find a new patch every few days or weeks. I've been on a Mac since September of 2004 and can count on my hands the number of patches that have been released to address vulnerabilities. The thing I've noticed is that Microsoft releases a patch after a vulnerability has been identified whereas Apple releases a patch well in advance of the public learning of the vulnerability. ... which in turn causes a site to go down. This is very serious when a customer's business relies on the uptime of their site. In addition, many customers decide to hold off on a patch until they can test it in a staging environment. As a result, some open themselves to the vulnerability and get exploited on their production systems.
... work, productivity, and uptime.
I have a background in Enterprise Hosting but on the UNIX side. I've seen so many examples where sites must go down in order to apply a patch to Windows and often, that can cause problems to an application and/or site. Futhermore, when a problem is faced a common workaround is to reboot the WinTel machine
The point I'd like to make is that Windows based systems require that you spend a lot of time and effort to keep them secure and operational.
On Macs, you spend your time working and find yourself productive. This is the case with UNIX based systems. Less time is spent securing and protecting the server, your time is focused on the issues that matter most
My hobbies include video and photo editing. I was so tired to be in the middle of editing a video sequence and then seeing the Blus Screen of Death on Windows. What angered me so much was that I would end up loosing the edits, the project would at time become corrupt, and the time I spent went down the tubes. That's when I decided to Switch.
Any thoughts or comments?
http://switchtoamac.blogspot.com/
In a utopian environment like yours, PC's can be made to work just fine, but I'd argue that ANY OS could be made to work when you have an environment like yours. BOFHs, like me would love to have a setup like that :-)
Utopian! I love it. It was far from Utopia.. but you are correct, our focus was more about helping the business than the nuts and bolts of crappy IT drudge work. We were able to spend time and money on projects that helped with the bottom line, with allt he details.
As a BOFH, I can tell you, it was a good network for really locking things down. Having just three images and a well define policy was huge.
If you are ever buying products from Dell in bulk, you have to get a custom service agreement (CSA) or whatever they call it now. We put in ours that parts against all machines must be identical brand, model and revision. No exceptions. One failing unit would invalidate the whole shipment. We also did some independent research into the failure rates on various models, so we could order enough extra at the original purchase time so that we wouldn't have to settle for slightly different models in 3 months, 1 year, or 5 years. We purchased the right number plus, I believe, 3.5% more units, for parts and extras and float and all that.
Made a big difference. To this day there are probably a few hundred unopened units sitting in cold storage. Maybe unncessary, but again, with a huge hardware contract already formed, it was minor to add that safety check in place.
Nothing, and I mean nothing, can beat really knowing what your machines are made of. From an admin standpoint, it was priceless. Our help desk and IT guys never, and I mean never, had to go to a remote workstation excepting to bring in a new box to swap. When hardware failures really happened the IT runner of the day would navigate the maze (50K cubicles is.. well.. it's a sight to behold.. think Matrix in the "fields", only more depressing) and drop in a machine with latest image already loaded. The whole thing took probably 20-30 minutes to get there, drop the machine in, do a little dust up cleaning, and be back to look at the defective machine.
Anyways, don't belittle your "little" network - 20,000 users is still massively huge by any reasonable standard. I can appreciate the opinion of an informed cohort more than a random small-time (no offense, truly) Linux guru.
XP's firewall is sufficent if you don't let any malicious stuff to install itself, via IE's exploits etc. Greatest vulnerability has been open ports by default, and there SP2 makes a difference. As I said, it's quite sufficent. And yes, I know.. it's not like I'm new at this stuff. ;)
<^>_<(ô ô)>_<^>
...Apple does not disclose, discuss or confirm security issues...
<^>_<(ô ô)>_<^>
I run my Windows legacy apps on it via Win4Lin on my Fedora Core 2 install and practically never have any trouble with it.
Tech Public Policy stuff
Yeah, but just type in Administrator with no password to compromise it. I call that a flaw, Microsoft says it is a feature.
Why would I do that? ;)
Gee whiz another dumbfuck is switching to Apple. How sensational.
/. and choke one's chicken and pick up on the latest switcher bitcher stories.
What a life: nothing better to do all day Sunday or Saturday or any day than sit around at Apple
But actually no thanks: haven't been around in a while and won't be back in a while either. Leave you jerk-offs to yourselves. You're witnessing the coming divestiture of a sub by Andover.
OK, that was a totally awesome example. It's only recently that I've switched from a Mac desktop to going pretty exclusively with Windows XP at home and at work, so I know exactly the kind of configuration loop-de-loops and rabbit hunts you're talking about. They seem to be everywhere in Windows, especially when you add additional layers like Media Center Edition (Nvidia driver configuration, anyone?)
But here's the thing: Say your car breaks down. When you call a mechanic, does he try to diagnose it on the phone? Does he have you go out to the driveway with your mobile phone, gun the engine and hold the phone up to the radiator grill, then tell you to slowly ease off the gas while you read numbers off the temperature gauge for him? No. The mechanic makes the diagnosis and does the repairs for you. That's his job.
A typical install of any of Windows, Mac OS X, or Linux arguably has more layers of complexity to it than even a modern passenger car. Why are we assuming that the user will know how to make repairs on it just based on a chat on the phone about it with a qualified "mechanic"? That's silly. You should have somebody to work on your computer for you, just like you'd expect a qualified professional to work on your car.
The real problem might be the number of times the computer breaks down, versus the number of times a car does. A car won't break down just because you parked it next to somebody else's car while you went shopping for groceries. A computer, on the other hand, could very easily "break down" because you plugged it into the wrong network. If you put the wrong gas into a car, it might not perform as well as it used to. But once you switch back to Premium, everything should be fine again. Install RealPlayer, on the other hand, and suddenly Windows Media Player might not launch when you double click on MP3s anymore. What happened? Where has it gone? How to get it back?
These things are what makes computing a real drag. But they're not always the fault of Windows. Succeptibility to viruses is one thing, but the Mac OS isn't immune from the other kind of "broken," which is arguably more common. Should operating systems not launch default applications when you double click on document icons, and should it not be possible to change those defaults? Kudos to Apple for helping to reduce the apparent complexity of its systems, but menus, buttons, and widgets aren't the only source of frustration for end users.
Really, the only thing that makes it possible for me to operate computers -- Mac, Windows, and Linux -- better than most of the people I know is years and years and years of experience and education. Reducing complexity is a worthwhile goal but I can't see it ever being the real "solution."
Breakfast served all day!