Slashdot Mirror
Microsoft's Most Successful Failure
m4dm4n writes "As we near the end of mainstream support of Win2k The Register looks back at what it has achieved. What was meant to be Microsoft's most secure OS ever turned into a disaster. Worm after worm changed the face of internet security in Win2k's first 2 years. Five years down the line the battle is far from won, but the improvements are dramatic." From the article: "Things were different in the year 2000. Programmers felt vindicated that the Y2K bug didn't turn out to be that big of a deal. We made it past January 1st, and then it was time to move on. Windows 2000 came out that first quarter, just as security was becoming more interesting to more people -- and Windows was a good place to start. It was also seemed to be the start of a new breed of Windows hackers."
or just "Microsoft's Most Successful Business Venture"
-py
If only I could make as much money from my mistakes as Microsoft does from its learning experiences.
"If we hit that bullseye, the rest of the dominos will fall like a house of cards. Checkmate." -Zapp Brannigan
but atleast it didn't took me 4 years to get my printer up and running... all in all I am very happy with linux, but why does it always have to be win=bad lin=good everywhere.
Users (including the usual PHBs) got used to that paradigm and now do not value a proper web server setup!
And people think something does not work when a link points to "C:\Dave\Projects\budget.xls" does not work on their computers!
YOU ARE ATTEMPTING TO INSTALL WINDOWS 2000, ARE YOU SURE YOU WANT TO CONTINUE?
.. HEY, WHAT IS THAT? WHAT ARE YOU DOING? IS THAT A DISK? WHAT ARE YOU DOING WITH THAT DISK? YOU'RE NOT PUTTING IT IN THE DRIVE ARE YOU? YOU ARE! WHAT'S ON THAT DISK. IS THAT LINUX? YOU'RE INSTALLING LINUX?? WHY WOULD YOU INSTALL DOS WHEN I AM INFINITELY MORE POWE..........
- Yes.
ARE YOU REALLY SURE?
- Yes.
ARE YOU REALLY REALLY SURE?
- YES!
OK, THEN. JUST SO YOU KNOW, WE'RE REQUIRED TO ASK YOU THAT NOW. IT'S ALL YOUR FAULT FOR BEING A PICKY CONSUMER AND SUPPORTING THAT WHOLE "ANTI-TRUST" NONSENSE. INGRATE.
- Just get on with it.
ATTEMPTING TO INSTALL WINDOWS 2000. FIRST WE NEED TO CHECK YOUR SYSTEM FOR COMPATIBILITY. THIS COULD TAKE SEVERAL DAYS.
- Groan.
THE INSTALL PROGRAM HAS DETECTED SEVERAL POSSIBLE PROBLEMS AND WILL NOT LET YOU INSTALL ME.
- Problems? What problems?
THE VIDEO CARD YOU ARE USING APPARENTLY DOES NOT WORK WITH THE MOTHERBOARD.
- But I'm using it at this very moment.
THAT IS IRRELEVANT.
-But if the video card isn't working with the mother board then I can't very well see this warning message telling me that the video card wasn't...
DO NOT ATTEMPT TO FOOL ME WITH LOGIC, I AM A MICROSOFT PRODUCT. LOGIC DOES NOT WORK ON ME. I HAVE ALSO FOUND THE FOLLOWING MINOR ERRORS: WINDOWS 2000 IS INCOMPATIBLE WITH THE FOLLOWING HARDWARE - MONITOR, KEYBOARD, MEMORY CHIPS, MOTHERBOARD BIOS, WEB CAM, SCANNER, SOUND CARD, USB CONTROLLER, CD/R DRIVE, MICROPHONE, AND FLIGHT STICK.
- All that?
YES. AND THE HARDDRIVE IS RIGHT OUT TOO. WE DON'T LIKE THE MANUFACTURER.
- Well what *DOES* work?
THE MOUSE.
- The mouse?
YES. AND THE 5 1/4 DRIVE.
- I don't have a 5 1/4 drive.
YES YOU DO.
- No I don't.
WHAT'S THAT THEN?
- It's a 3 1/2 drive.
NO IT ISN'T.
- Yes it is.
So we've got a Slashdot palgiarism of two paragraphs of a Security Focus story that was posted on The Register. Is this like "meta-editing" or something?
libertarianswag.com
I won't make an arguement about security problems in Win2k, since the article is correct. However, I will say that I think Windows 2000 is the best MS OS to yet come out. The GUI is far better then XP (IMHO), has support for all the latest "bells and whistles", and it is FASTER than the equivalent XP machine.
...2000-2003 the fault of applications which happened to run on 2000? I'm not too familiar with 'OS worms'... IIS and SQL worms, oh yeah, lots of those; but, those aren't Windows 2000.
Loading...
No it was not originally going to be called NT5 but Windows 2000 Flushes.
I
without buffer overruns.
Obviously they are caused by irresponsible programing, but just imagine if the nature of the stack wouldn't allow them. If some kind of mechanism beside a simple jump had been used. Like registering an address in the CPU via an instruction and then calling that jump. Would we have had half the problems?
Fellow slashdotters, wasn't this Windows2000's period, the same period that M$ talked of Trusted Computing? What happened to this thing called "Trusted Computing?" Is it still alive?
IIS and the repeatedly exploited index server were distributed with Win2000. The RPC port exploit was also a Win2000 issue.
I think it's a shame that they're twilighting the support for the OS. I still use it and have no real reason to upgrade to XP. I tend to wonder if the only "big deal" with XP is that it included a software firewall.
could a stable OS that has many/most of the security holes patched be considered a "failure". Of course, it is also an OS that will shortly be retired (unsupported) by MSFT, in favor of a more vulnerable series of OSes (XP Home, XP Lite, XP Pro, XP Reduced Fuctionality, XP Media Center, etcetera).
Too bad that MSFT has decided that hardware DRM is the only way that their newest OSes can be secure.
Digital Restrictions Management is not user friendly.
Wow, that's deep.
I can't see how you can honestly call Windows 2000 a failure -- Microsoft didn't spend more making it than they made off of it, and it was actually (in my experience, at least) more reliable than XP.
I was the first STABLE windows platform that could handle multimedia apps.
Security became a joke, but stability was superb.
It was a gigantic leap from the 9x series.
Cheers,
Adolfo
MSBlast ring any bells?
I've got Win2k on an older machine and had no major problems with it. However, I have never installed and then removed an OS so fast as when I tried using Windows ME. It was basically like Win98 3rd Edition with a few cosmetic changes, but mostly just a big pain in the hiney.
...All I can say is that my life is pretty strange...
Those were also the days of Apache servers getting rooted pretty frequently.
Programmers felt vindicated that the Y2K bug didn't turn out to be that big of a deal.
It was a big deal. Lot's of us here worked very hard to make sure that nothing bad happened and this really gets to me when people throw around the opinion that it was all a fuss over nothing.
Get a clue.
When it comes to OS's I judge them by the "feel" part of "look and feel." Win2K feels a whole not nicer than XP to me, and is closer in feel to 98, which I didn't mind, than to NT, which I hated. I wonder if some of the success just has to do with MS striking a better chord with the feel of Win2K than with their other offerings?
If brevity is the soul of wit, then how does one explain Twitter?
Flame all you want, but Windows 2000 was a much improved OS over Windows NT as well as significantly better as a desktop OS than unix/linux was at the time.
.NET, ASP, .NET Framework - instead of straight win32 api).
Windows 2000 is the high water mark in increasing feature creep for MS operating systems.
Future systems, especially on the server side will be significantly easier and simpler.
MS has learned that combining a large number of different recently written technology together causes more problems that it is worth.
I look to see MS developing much simpler desktop and server operating systems with a focus on security, ease of use, ease of administration, and TCO.
I also look to see MS taking BSD licensed code and using it as the basis for future OS versions and/or subsystems.
MS is also leveraging future development by making the API, languages, and dev tools easier to use (C#,
Microsoft Bob! Oh, wait. Successful failure... hmm... Ah! Windows Millennium Edition (ME), without a doubt! This insecure, rushed, overhyped, bug-ridden excuse for an operating system should've gone the way of Bob and New Coke even before it was officially released.
It must be Windows. It needs half a gig of RAM and a hardware-accelerated graphics card just to run Solitaire.
One word: Solaris.
How's that NIS treating you for security?
Kernel "user/group/world" security should be enough for anybody.
You guys need to realize that you can't have credibility without objectivity. You would have a lot more success convincing people to switch to Linux if you didn't come across as zealots all the time.
SQL Server is distributed with VS.Net but I don't consider it part of .Net ;)... I did forget about the MSBlast though.
Loading...
Windows2k......Cricket, Cricket
WindowsME....... You suck.... you deserve to be in an incinerator... go back to your banished freinds Nessi and the Yeti.
(angry mob)Die windowsME... Die!!!
GCS/MU d- s: a--- C++ W+++ w+ M-- PS--- PE++ t+ R+ tv b+ DI++ G e- h! !y
I'm a fervent Linux fan, but I'm also logical.
Win2K was by far much better than Microsoft's earlier OS offerings in terms of reliability and security.
It's like they finally realized that desktop PC monopoly didn't get them a free pass into the mainframe and server market. Realizing that, they actually produced a credible OS that wouldn't get themselves laughed at. MS has intelligent people that can do a great job (if they're not tasked with creating obstacles and artificial cross-ties in the company's product lines.) Like they did with IE before the Netscape threat was effectively vanquished.
Win2K will be humming along for many years to come.
"Provided by the management for your protection."
Microsoft shipped WIN2K with IIS, it's not stand alone and you certainly can't purchase it for a non-Windows OS. And most of the worms didn't need IIS to bring down the Internet. I think we SHOULD all gripe about Win2K and IIS, and I think that the article was far too kind.
An OS that needs gigs of updates is no OS, it's an embarassment. Linux needs updates, but it can certainly be functional without hours of downloading.
Good point, not just 2000 but XP too. I would still hazard the assertion that the majority of the security problems were with software and not the OS itself ;).
Loading...
XP is actually significantly more than just 2000 with a firewall, especially when you consider SP2. It's worth the upgrade to XP SP2 for the browser security improvements alone (though you shouldn't have to upgrade to get them.. but that doesn't change the fact that you DO have to upgrade to get them).
Things in XP that I use every day and would go nuts not having if I went back to 2K.
* Tray Icon Hiding. Too many apps put icons on the tray and it's very nice to get rid of them.
* The new Start menu. I can get at pretty much everything in 1 or 2 clicks, without having to minimize everything to get to the desktop (for instance, right click on "My Computer" in the start menu and choose "Manage" to get to computer management. Right click the "Network Neighborhood" in the Start menu and choose properties to view all your network connections, etc..
* Remote Desktop. I use this *ALL* the time. I'd have to run 2000 Server to get terminal services in 2000.
* Volume Shadow Copy client. This lets me version snapshot network drives and get previous versions from various dates and times.
That's not even counting how fast XP boots compared to the typical 3 minute boot time of 2000 in a domain environment.
If you need web hosting, you could do worse than here
Think about what Win2k gave us! Plug and Play, protected memory (when apps crash, the OS survives), NTFS, and USB support. All these things were necessary to help the OS do more for the end-user. Not to mention Active Directory, and Group Policies! All good stuff for Windows users. As for security issues, windows update is a much better solution than what we had with previous OSes. So what Windows 2000 did is integrated everything good about NT and 98. Yes, there were security vulnerabilities in IIS. A lot of websites got broken into. Waah.
Synergy is your friend
Microsoft has helped me keep my job. The more kiddies there are, the more work I've to do and charge people to fix hacked hosts. Go Microsoft! They hire college kids anyway, so I don't expect code to be secure.
But Blaster and Sasser both caused me some headaches, and they were all about exploiting the OS.
Now, if we accept the position that IE is part of the OS, then we can really expand the list....
Give me a fucking break.
Where exactly was the pandemonium that should have ensued due to the majority of the world running a "disaster"?
IIRC, Win2K didn't have too many vulnerabilities, mostly they were just in IE and Outlook Express. All the more reason to run Firefox and Thunderbird even today, as it seems exploits for IE/OE keep cropping up.
Too funny.
1.) Windows 2K made the crappy Gateway computers at LA Valley College's computer lab tolerable.
2.) When they moved to Windows XP, those same Gateway computers felt like the POSes they are.
Now that Apple will be transitioning to x86 architecture, hopefully a situation will emerge where Windows 2K can be run safely in virtualization under MacOS X. XP will never sully a computer of mine. I know you can already run Windows 2K in virtualization under Linux. But I'd like to do it under MacOS X. It probably would be a lot less hassle to do. It seems like everything that you can do in Linux is less hassle in MacOS X.
Knowledge is power. Knowledge shared is power multiplied.
If you could create a disease that you knew that you could also cure wouldn't you at least consider doing it? Microsoft created the problem with their faulty programming and then we were stuck waiting for them to fix the problem because only they understood the disease.
There are XP features that some programs require that are not at all obvious. Just loading the app and clicking for five minutes does not mean that "everything works fine".
The cake is a pie
2000 was NOT a failure. MS finally got a multi-media desktop that ran reliably. When I think back on how much better unix/Linux desktops were, how they were remotely manageable and manageable in large groups when MS totally wasn't, even with 3rd-party add-ons, I wonder how they stayed in business. 2000 lead us to 2003, which is a rock-solid desktop, finally has a decent web server, and is fully manageable remotely and in large groups. Linux doesn't need anymore MS "failures" or there may be no more reasons to run an open source desktop (or server for that matter)
Sorry, but I've been downloading gigs of updates for stability and security to my various *nix flavors for the past 13 years. IIS wasn't enabled by default on my Win2k installs, just as SSH, Apache, et cetera, are not when I install Slack or Mandrake. I don't blame Linux for SSH vulnerabilities, nor Red Hat or any other distribution. Equally, I don't blame Win2K for IIS, but there's always the DCOM hole and 'messenger' service to harp on ;).
Loading...
Gack, let's not go there... I wonder if you lined up all the patches applied to IE over the years (pick any particular version) how much larger than the complete install they would be? lol.
Loading...
Allmost as annoying as Windows Really Good Edition...
http://www.deanliou.com/WinRG/
I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
On the plus side of Win2K, it would only be fair to note the millions of MS Word (yes, you may look down your noses at them, but believe it or not, most people do not use StarOffice or vi+TeX to write their documents) documents that have been created with people using Win2K. And the millions of Excel spreadsheets, and millions of presentations, etc. Now, I suppose if you define a failure in that it was not perfect, then yes, of course it was a failure. But did it do what Microsoft wanted (make ooodles of money and get MS products everywhere in the business world)? Yes. And did it do what all those people who DIDN'T experience any security problems wanted (office productivity)? Yes.
;)
Win2k was like a 1990 Taurus. They were everywhere, billions of miles were gotten out of them, but she had no airbags. Ponder that, and don't try and look up whether or not the Taurus had airbags, since I didn't
I thought this article was so pro-M$, that it was embarassing. I mean, don't you get the sense these M$ problems made him a lot of money? Because I did.
And declaring how much better they are NOW? Doesn't it matter that we still spend millions of dollars on anti-everything software, and lose additional money it terms of resources spent to run that software?
I'd love to do one of those massive statistics estimates, where judging that every Windows computer connected to the Internet is running anti-virus, and that takes 10% of resources including updates, M$ security costs the country $3 bil, etc.... you get the point. This should be a bigger deal. Lots of individuals stop using their computer because of these hassles and money, and businesses soldier on because they feel they have no choice.
And I'm sure M$ is crying that their constant massive updates are killing dial-up and making millions in Windows Security software and consulting, like with this author.
This article does a pretty good job at summing up the major issue from the past 5 years in network security. Those of us tasked with watching IDSs and poring through firewall logs sure remember July 2001. Calling it the 9/11 of the Internet is pretty apt, imho - except that it happened again. And again. And again. It sure was easy to sell people on IDSs after Nimda, Slammer and Blaster :)
:)
I think the experience with Win2k has finally turned the tide on shipping insecure default systems. Pre-2000, many (most?) Unix and Linux distros also shipped with a range of listening services by default, but within a couple of years, this all changed. Pretty much anything I try these days is locked down out of the box. Local exploits and user-initiated stuff, sure. But the days of so-called "Warhol worms" will soon be behind us (I hope and pray!).
Even Microsoft FINALLY took the hint. They're still leaving a bunch of things open, but at least XP now has a firewall turned on by default, which stops this nonsense. I'd much prefer they just close the damn ports, as I'd rather trust my system's TCP/IP stack vs. an extra piece of software on top, but it's a good start.
One thing I still chuckle at, however: the market share myth. Other than the Morris worm, I can't think of a single worm that really impacted the Internet to any great extent until 2001. 20 years of everyone running Unix, at least 5 years of (somewhat) widespread Internet use, and Windows NT 5 was the first (and still only) platform to be hit on a large scale. Considering how prevalent Unix was back then, you'd think we would have seen at least a mini Code Red at some point. I guess some people think that a multi-million machine Internet didn't exist until 2001 or so
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
I feel the same. It is hard to believe I am going to have to shell out hard cash to replace an OS that meets all my needs because it will no longer be updated. What is worse is that I do not want / need to run XP. I have never really liked it. I bought one copy and within a few weeks reinstalled Win 2K. I guess this is one more reason to switch to Linux.
Insert Generic Sig Here:
I worked for a Credit Union between 1997 and 2001 and I can attest to the amount of work that went into making Y2K a non-issue. We started hitting Y2K bugs as early as the summer of 1997 with credit cards with 3-year life-spans and we keot hitting bugs until summer of 1999. Our software vendor committed an absurd amount of resources to make sure that we'd be fully operational on Jan 02, 2000. To the point that many priomised upgrades had to be pushed back to a later release date.
Boobies never hurt anyone. - Sherry Glaser.
If 2000 was a security failure what can possibly be said about XP?
from to windows 98 to win2k there was a big step... humm there was windows ME but lets forget it... and that step was one forward... win2k was probably best windows os... better then xp without sp2... soplease stop saying crap about it... yeah yeah linux... whatever... not evryone fking want to build their kernel... not evryone is a fking geek... now it's not their fault fking worms evolve... you think our medicine is crap because some virus are untretable right now? right... anyways hands up to microsoft for w2k! I'm no m$ preacher but when they do something good they deserve respect..
Between 98 and 2K there actually wasn't all that big a difference. There were some, but it was a long time ago and I've wiped most of it from memory. There are bigger (and more recent) differences between 2K/98 and XP.
Menus were laid out differently. There are different transition effects (e.g. menus fading in and out). In terms of visual layout, XP has brighter colors and more rounded edges (compared to the very boxy stuff that came before.)
I forget which, but various L&Fs have single-click rather than double-click to activate icons on the desktop (i.e. like a hyperlink).
I keep all of the systems I work with set pretty much the same, and I preferred the 2K layout to the XP layout. You're right that the differences aren't huge, but they're the sort of things that make a difference when you've got habits built up. Even tiny differences to a look & feel can interfere with your habits, and that can make a big difference in your experience.
I think people are forgetting how godawful Windows 9x was. I suspect that they actually let Windows ME get worse in order to drive people to the 32-bit protected mode promised land.
They've got security confused with reliability.
Before Win2k, reliability was what everybody complained about, blue screens of death, constant crashing, runing out of resources, that sort of thing.
Microsoft listened, claimed reliability was their priority, and eventually released Win2k which fixed all of those problems. Win2k has crashed on me all of 3 times while using it both at work and at home for nearly five years, twice due to worn out CPU fans, and once due to hard drive failure. So while my experience is anecdotal I must say Win2k was an incredible success - more than I thought was possible from that company, it certainly changed my view of Microsoft.
Fast forward a few years (2002 - 2003ish), BSODs are now a thing of the past, leaving the increasing viruses and malware as the #1 headache on Windows.
Microsoft listens, claims security is now their #1 priority...
Will their security push be as effective as their stability push? only time will tell, but after the magic they worked with Win2k I'm no longer putting it above them.
Personally I care little, Windows boxes I've had connected to the internet for years without a virus checker are still clean. It appears Windows viruses so far have been limited to inexperienced users and boxes that aren't behind a proper firewall.
Microsoft execs - remember you have a fiduciary responsiblity to shareholders to do what's in the shareholder interest. Clearly your newfound obsession with security hype is not playing to your strenghts, and forcing you to play in a market where you're clearly outclassed (linux/bsd). Microsoft, as a shareholder, I'm begging you do go back to your previous policies of balancing Time-to-Market vs Security in a way that plays to your strengths and maximizes your profits and my stock value.
And now, let us commence, the "Longtooth Post", version 2.89:
Sources whom I consider accurate have told me that despite Microsoft's claims that Longtooth will be released by 2006 or 2007, the planned release date is actually late in 2019. Microsoft's secret goals for this version are:
Microsoft will accomplish these goals through a variety of changes. First, Longtooth will no longer be based on the Windows NT design philosophy, as were Windows 2000 and XP. Instead, Microsoft will release MS-DOS 9.0 2003, a 64-bit multithreaded DOS written in VisualBASIC.Net, and Windows Longtooth will run on top of that. Also, Longtooth will contain more code changes than any previous version of Windows, both in the number of changed source lines of code (SLOCs) and in the percentage of the total Windows codebase changed. Tremendous numbers of new features are being implemented in completely new code.
More importantly, Microsoft employees are combing through the codebase, in a relentless search for code that is mature, stabilized, and proven. This search has proved difficult, but when found, such code will be marked for reimplementation. I'm told that most of this code will be reimplemented in VisualBASIC.NET, even if the prior version was written in another language, such as C or C++. Programmers making the new VisualBasic.NET code are not allowed to look at the code that already exists, so that fixes to known issues will not be known until well after the software is deployed to millions of users.
The reason for these changes is simple: Study after study conducted by Microsoft has proven that security through obscurity is the only way to go, especially in an operating system deployed to millions of users, with many instances running mission critical applications in finance, industry, government, and other sectors. Microsoft has identified that viruses, worms, spam, spyware, adware, malware, hackers, and phreakers are able to compromise Windows security because vulnerabilities in the code are known. By changing much of the codebase, especially the stablest and most proven parts, Microsoft will thwart the efforts of malicious programmers, as it will take time for them to find the new vulnerabilities in the unknown code.
To meet Microsoft's first goal of reducing the user's perception of the complexity of Windows, Microsoft will integrate a new technology, dubbed Microsoft Windows User Simplicity And Security Manager 2003, into Longtooth. This technology will hide all configuration settings from the user. All settings will be completely automatic, and the user will have no need to know or care what is under the hood. In reality, Longtooth will be the most complex version of Windows yet, with thousands of configuration settings controlling nearly every function of the operating system. The settings will be produced by discovery algorithms designed to automatically set a "sane" configuration. Since there will be no interface to modify any setting, the user will have no choice in his configuration, thus simplifying the user's perception of the system's complexity.
To meet the second goal of increased security, these settings will be scattered throughout the OS, its components, and in other areas of the file system. For example, Microsoft knows that viruses, worms, spam, spyware, adware, malware, hackers, and phreakers are interested in moving the icons on user desktops without the user's permission, so settings controlling the number and size of icons appearing on the desktop will be scattered throughout parts of the registry, batch files, .ini files, web
I'm a big fan of the "best tool for the job".
So am I, and I think the best tool for both desktop and server at this point is something in the UNIX family (Linux, BSD, etc.) with one of the X11-based desktops (Gnome, KDE, etc.).
The NT kernel is just a bloated design (and an even worse implementation).
There is one thing Microsoft has done well recently: C#, a Java derivative that fixes many of the most annoying problems of Java. Unfortunately, they are spoiling it with the same kind of poor library design that already made their C++-based environments so miserable.
The biggest non-IE/OE bug I can recall was the Sasser worm, which attacked a vulnerability in the LSASS proces. That's not quite kernel code, but it's pretty close. There were others, but that was the one with the biggest exploitation that I can recall.
The OS itself is comparatively easy to secure. Its interactions with the outside world are fairly simple. IE and OE are expected to execute untrusted code, either from Javascript or once upon a time from VBScript (now THERE was a dumb idea) or ActiveX components (another dumb idea but at least occasionally useful).
That's not to say that various ports aren't vulnerable to attack (either from overflows, or from bugs in the implementation) but they're mostly request/response things rather than executing arbitrary code. You have to make certain about your authentication, but at least there is an authentication step (as opposed to scripting, which may run without special authorization).
Still, when a process like LSASS, which manages security, is reading from a port open to the world, you're in serious danger and you don't even have to be sitting at the terminal. The vulnerability there was a buffer overflow.
IE/OE suffer more from bad interface design; even when literal vulnerabilities were patched they are suceptible to user error because they kept asking the user to make security decisions. It was easy for somebody like Gator to simply badger the user into clicking "yes". (Personally, I don't want to visit the sort of web sites that would permit that sort of pestering, but you know how it is.)
Most of the new "exploits" often involve user engineering rather than pure hacking. It's still MS's fault, and it's partly the OS's fault for not making these security decisions easier to undo (e.g. programs you can't uninstall, that can hide from you, that can prevent you from reaching sites for virus updates, etc.). So you can blame it both on IE and OE for making the vulnerabilities available, and the OS for making them so damaging.
I use Win2K, and I'll probably use Win2K until they stop sending out security updates for it. I had XP for a while but then I decided to move to 2K, merely because XP was slow on the same hardware (128MB of ram, AMD Duron 1.8Ghz). While XP was swapping all the time, 2K was quite snappy; not fast, but quick enough to get my work done and use Winamp. Right now I'm typing this on a P3 laptop, and 2K is STILL chugging along quite damn quickly. I even use it on my main box, which has 384MB of RAM...2K runs on anything and is just SO damn quick.
Not to mention I got annoyed with Linux on the same box...don't get me wrong, Linux is a nice OS and all, but I just want things to work and not spend hours tweaking them, while having the power to tweak if I want. win2k gives me that, and IMHO XP was a HUGE step backwards from it.
By summer it was all gone...now shesmovedon. --
parent post severely affected by Linux reality distortion field.
Vote for Pedro
That article was one of the worst apologies for Microsoft (should be legally actionable) incompetence I've seen. And the implication that MS learned from this flies in the face of .... XP Service Pack 2 (and subsequent security fixes, how many have there been?). I do acknowledge that Microsoft has made patching easier; it's not fixed the inherent problems that cause the patches.
:-)
I'm unconvinced that Microsoft is really willing to accept what it must do, which is a bottoms-up redo of all their infrastructure. Will Longhorn do this? We'll see if it ever ships!
In the meantime, I'm sticking with MacOS X, regardless of what processor it runs on
dave
Didn't Win2k actually come out around April 1999? I remember seeing it around then, I dunno if it was a bootlegged copy or what.
Microsoft tried to change all of the concepts that us administrators was so adapted. Who here remember the changes that Win95 brings over Win31?
Someone told me that the last windows versions is so vulnerable that need to maintain compatibility with the olders program. But it's a security problem of a poor development of the OS.
http://www.michel.eti.br
The same can be said about almost every Microsoft product/technology/implementation.
Microsoft focuses on functionality even when it means making something completely insecure.
So, it all comes down to which do you value more, functionality or security?
Windows 2000 just brought things to light. What's really pulling the rug out from MS is the fallout from NT4.
It was NT4's complete suckiness (and everybody else's high prices, plus a little monopoly love) that made room for Linux, and a host of other small experimental OS'(I'm lookin' at you, BeOS!).
The IT industry was desperate for something that would do what they needed it to do, and keep on doing it without constant massaging. NT4 sucked so bad, it made taking a risk on Linux a much easier choice.
You mean more interesting to Window users. Other operating systems have always been concerned about security
My karma is not a Chameleon.
If we assume that the page in question is really an intranet page (I'm not going to advocate ActiveX on the real Internet), what the fat-client-in-an-ActiveX-control model gives you is an automated upgrade capability that was much harder to achieve in a freestanding fat client. If the client is downloading the binary from the web server every time (with allowance for caching if no upgrade has occurred), then upgrading the app on all the machines is as simple as installing the upgrade on the server.
Save Maine's economy: write stuff down. All comments are exclusively my own, not my employer.
1. Windows 3.x - crap.
2. Windows 95 - okay (for the time anyway).
3. Windows NT 4 - crap.
4. Windows 2000 - okay.
5. Windows XP - crap.
6. Windows 2003 - okay. (Based on other opinions, never used it personally.)
And, no, before anyone asks, Star Trek 10 (Nemesis) was crap so I'll give that oe to that idiot Rick Berman.
Gentoo Linux - another day, another USE flag.
"What was meant to be Microsoft's most secure OS ever turned into a disaster."
Security wasn't the major feature MS advertised for Windows 2000, it was stability with compatability. Although NT was the first Windows OS written entirely without real mode code, it was difficult to use with laptops and wasn't as backward compatible as Windows 2000.
Only more than thirty years after it was industry standard... Another M$ innovation, I see.
you had me at #!
Article is pure MS propaganda.
- They're trying to divert attention away from all the security problems that XP has had. XP is BY FAR the "biggest disaster" of any OS in the history of humankind when it comes to security. Something like 25% of XP boxes are still to this day infected zombie machines. Typical time-to-infection of any pre-SP2 XP system hooked up to the Net was something in the order of seconds or minutes. But wait, let's rewrite history by claiming that 2K was far worse, so that people think don't XP was so bad in retrospect, and that people think MS were already improving their security between 2K and XP.
- They're trying to pretend, yet again, that 2K and XP were written in "more innocent times" when "security problems" were unknown - so that the public is tricked into thinking that their shocking neglect of security was somehow excusable. Spin, spin, spin. All of today's security problems were very well-known by any IT professional even by the 80's; even Java in the 90's touted security over and over as one of its major selling points, and when started pushing their ActiveX-based "trust" model in response ('hey, we have an object model, let's just pretend it's secure and market it heavily') anyone who knew anything was already warning that that was going to be a disaster.
Microsoft knew that security was going to get this bad, but they ignored it in favour of pushing for better time to market to be ready for upgrade cycles and attrition sales.
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Command Processor] "CompletionChar"=dword:00000009 "DefaultColor"=dword:00000000 "EnableExtensions"=dword:00000001 voila
Windows 2010 - The Security Oddessey?
the only permanence in existence, is the impermanence of existence.
What a bunch of bull.
I love the people too who smash Microsoft but use their products everyday.
That wasn't enough. I worked on many systems that seemed to work fine when you did that, but still failed in subtile ways. Often the failure wasn't even noticed! We are not talking crashes here, we are talking about data. You might not notice that your lease payments are not going out - they disappear in rounding errors on your bottom line. Your land lord will notice though.
I'd have to say that Microsoft Bob had to be Microsoft's most successful failure.
On the other hand Windows ME was just plain crap. Bob, however, got re-incarnated as that vile creature, Clippy. Die Clippy, Die!
"You'll get nothing, and you'll like it!"
Yes, if you have administrative controls on the client machine.
However, we lock down our machines for end users. What screws this up is that the tight-arse, CIO sleeps with the clue-less lead developer at another company. If the damn thing was digitally signed with could publish the Active-X signature in Active Directory and deployment would be no problem.
With some stock-standard HTML we could (1) have a hell of a lot of time saved deploying upgrades and (2) find a use for all the old PC's that should be used by data entry clerks anyway (eg, Firefox and a locked down linux/xBSD distro).
Win 2k was a great upgrade over NT. Still my favourite MS product (best of a bad bunch). For when it was released it was a lot better than anything else around. Drivers, PNP, USB, AD managability, no endless apply and re-apllu service and fixpacks after any configuration change, etc. Remember that there was NO support for USB in NT?
IIRC, RedHat was a version 6 at that time. Things got better for linux and F/OSS projects at around that time, but MS have stagnated in a lot of areas since then. Windows 2003 Server is not so bad, but is in no way the level of improvement over 2K, as the NT -> 2K jump.
Q:I was listening to a CD in Grip and it sounded horrible! What's up? A:Perhaps you are listening to country music
C'mon, mods! A 2000 flushes joke! Blue stuff in the toilet! How is this not even mildly funny?
It is easy to make a few bucks from a Microsoft failure...
it's called being an MCSE
Get your Unix fortune now!
Meanwhile, I'm loving every minute on my rock-solid, totally secure, virus-free Mac OS X machine. Jump on in, folks! The water is fantastic!
it has been there since ancient times, it was just used in Star Wars.
My new blog
How about Windows in general?
(/runsaway)
[cx]
"The worst disaster" - give me a break. The 400 Wintel servers in our Data Center serving clinical applications beg to differ...
Why does 'security' always mean web servers? Cmon folks, there is more to this world than http.
Shouldn't it include things like Active Directory? Built in encrypting filesystem - Enforce IPsec via group policy. Enforce firewalls via policy. Policy based, domain wide auditing.
As a matter of fact, I've seen exactly 1 virus cause trouble on those 400 servers.
When did security start to mean 'we had less updates than you this month?'
" It was also seemed to be the start of a new breed of Windows hackers."
I wasn't aware that there was such a thing.
That's a good strategy: you don't like the argument, so you attack its syntax... Here's a newsflash: not everyone here is a native English speaker. So most reasonable posters show some grammatical leniency and instead focus on the author's intent.
The parent was undoubtedly referring to the pitiful state of printer support Linux at the time of the Windows 2000 launch in March 2000. At launch, Win2k had support for thousands of printers inbox. But with Linux, unless you had a fairly standard postscript or PCL4/5 compatible printer, printing was usually not even an option except in text mode.
My guess is it probably took about 4 years for the parent's printer to receive support. Although a large number of inkjet printers have been added via either CUPS raster drivers or GIMP-print, it has been a slow and arduous process, and many are still unsupported.
I'd say the 4 year figure may be about accurate.
I remember that claim.
Oh yeah. It's secure. Just so long as you don't ever connect it to a network.
Security on the console is utterly pointless if it has more backdoors on the network than a cat has whiskers.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
"Now, instead of getting poked by a red hot iron, we're going to poke you with a sharp stick. Now doesn't that feel better?"
I try liking Windows, I really do! I have to use it at work after all. But when filling up the c drive causes a registry error, which causes hell in a beige box, I can't help but want to do it much physical harm.
"That's so plausible, I can't believe it!" - Leela
Totally agree. What is happening to ./ ? ... smell a change in attitude toward MS bigots
Our software vendor committed an absurd amount of resources to make sure that we'd be fully operational on Jan 02, 2000. To the point that many priomised upgrades had to be pushed back to a later release date.
;-)
I worked for a software vendor to Credit Unions during that time frame, so you're welcome
Assuming of course that the vendor you're talking about is Symitar.
I have to admit that I just now got to know SOAP and its cousins, and am seeing applications for these generic-API-technologies everywhere - wouldn't wrapping a SOAP API (or its non-web-enabled-equivalent) around your libraries help you with this stuff, and make it way more versatile?_ language");
Obviously some funcionalities (like embedding a media player control) wouldn't make sense doing this way, but almost everything that primarily deals with data manipulation should be wrapped up in a nice and shiny XML-talking bundle...that's what XML was for, initialy, IIRC.
BTW: anyone know of something like SOAP for local libraries? it would sure make my day if i could write:
use localSOAP;
my $ls = localSoap->new("some_module_written_in_some_other
my @available_funcions = $ls->available_functions();
$ls->import();
instead of going through Inline and other similar modules