Slashdot Mirror
Microsoft's Most Successful Failure
m4dm4n writes "As we near the end of mainstream support of Win2k The Register looks back at what it has achieved. What was meant to be Microsoft's most secure OS ever turned into a disaster. Worm after worm changed the face of internet security in Win2k's first 2 years. Five years down the line the battle is far from won, but the improvements are dramatic." From the article: "Things were different in the year 2000. Programmers felt vindicated that the Y2K bug didn't turn out to be that big of a deal. We made it past January 1st, and then it was time to move on. Windows 2000 came out that first quarter, just as security was becoming more interesting to more people -- and Windows was a good place to start. It was also seemed to be the start of a new breed of Windows hackers."
If only I could make as much money from my mistakes as Microsoft does from its learning experiences.
"If we hit that bullseye, the rest of the dominos will fall like a house of cards. Checkmate." -Zapp Brannigan
but atleast it didn't took me 4 years to get my printer up and running... all in all I am very happy with linux, but why does it always have to be win=bad lin=good everywhere.
Users (including the usual PHBs) got used to that paradigm and now do not value a proper web server setup!
And people think something does not work when a link points to "C:\Dave\Projects\budget.xls" does not work on their computers!
So we've got a Slashdot palgiarism of two paragraphs of a Security Focus story that was posted on The Register. Is this like "meta-editing" or something?
libertarianswag.com
I won't make an arguement about security problems in Win2k, since the article is correct. However, I will say that I think Windows 2000 is the best MS OS to yet come out. The GUI is far better then XP (IMHO), has support for all the latest "bells and whistles", and it is FASTER than the equivalent XP machine.
...2000-2003 the fault of applications which happened to run on 2000? I'm not too familiar with 'OS worms'... IIS and SQL worms, oh yeah, lots of those; but, those aren't Windows 2000.
Loading...
IIS and the repeatedly exploited index server were distributed with Win2000. The RPC port exploit was also a Win2000 issue.
I think it's a shame that they're twilighting the support for the OS. I still use it and have no real reason to upgrade to XP. I tend to wonder if the only "big deal" with XP is that it included a software firewall.
I can't see how you can honestly call Windows 2000 a failure -- Microsoft didn't spend more making it than they made off of it, and it was actually (in my experience, at least) more reliable than XP.
I was the first STABLE windows platform that could handle multimedia apps.
Security became a joke, but stability was superb.
It was a gigantic leap from the 9x series.
Cheers,
Adolfo
I've got Win2k on an older machine and had no major problems with it. However, I have never installed and then removed an OS so fast as when I tried using Windows ME. It was basically like Win98 3rd Edition with a few cosmetic changes, but mostly just a big pain in the hiney.
...All I can say is that my life is pretty strange...
Programmers felt vindicated that the Y2K bug didn't turn out to be that big of a deal.
It was a big deal. Lot's of us here worked very hard to make sure that nothing bad happened and this really gets to me when people throw around the opinion that it was all a fuss over nothing.
Get a clue.
When it comes to OS's I judge them by the "feel" part of "look and feel." Win2K feels a whole not nicer than XP to me, and is closer in feel to 98, which I didn't mind, than to NT, which I hated. I wonder if some of the success just has to do with MS striking a better chord with the feel of Win2K than with their other offerings?
If brevity is the soul of wit, then how does one explain Twitter?
Flame all you want, but Windows 2000 was a much improved OS over Windows NT as well as significantly better as a desktop OS than unix/linux was at the time.
.NET, ASP, .NET Framework - instead of straight win32 api).
Windows 2000 is the high water mark in increasing feature creep for MS operating systems.
Future systems, especially on the server side will be significantly easier and simpler.
MS has learned that combining a large number of different recently written technology together causes more problems that it is worth.
I look to see MS developing much simpler desktop and server operating systems with a focus on security, ease of use, ease of administration, and TCO.
I also look to see MS taking BSD licensed code and using it as the basis for future OS versions and/or subsystems.
MS is also leveraging future development by making the API, languages, and dev tools easier to use (C#,
Microsoft Bob! Oh, wait. Successful failure... hmm... Ah! Windows Millennium Edition (ME), without a doubt! This insecure, rushed, overhyped, bug-ridden excuse for an operating system should've gone the way of Bob and New Coke even before it was officially released.
It must be Windows. It needs half a gig of RAM and a hardware-accelerated graphics card just to run Solitaire.
One word: Solaris.
How's that NIS treating you for security?
Kernel "user/group/world" security should be enough for anybody.
You guys need to realize that you can't have credibility without objectivity. You would have a lot more success convincing people to switch to Linux if you didn't come across as zealots all the time.
I'm a fervent Linux fan, but I'm also logical.
Win2K was by far much better than Microsoft's earlier OS offerings in terms of reliability and security.
It's like they finally realized that desktop PC monopoly didn't get them a free pass into the mainframe and server market. Realizing that, they actually produced a credible OS that wouldn't get themselves laughed at. MS has intelligent people that can do a great job (if they're not tasked with creating obstacles and artificial cross-ties in the company's product lines.) Like they did with IE before the Netscape threat was effectively vanquished.
Win2K will be humming along for many years to come.
"Provided by the management for your protection."
Think about what Win2k gave us! Plug and Play, protected memory (when apps crash, the OS survives), NTFS, and USB support. All these things were necessary to help the OS do more for the end-user. Not to mention Active Directory, and Group Policies! All good stuff for Windows users. As for security issues, windows update is a much better solution than what we had with previous OSes. So what Windows 2000 did is integrated everything good about NT and 98. Yes, there were security vulnerabilities in IIS. A lot of websites got broken into. Waah.
Synergy is your friend
IIRC, Win2K didn't have too many vulnerabilities, mostly they were just in IE and Outlook Express. All the more reason to run Firefox and Thunderbird even today, as it seems exploits for IE/OE keep cropping up.
just imagine if the nature of the stack wouldn't allow [buffer overruns]. If some kind of mechanism beside a simple jump had been used. Like registering an address in the CPU via an instruction and then calling that jump.
Would it annoy you to no end if I explained that you've just described the segmented memory model that has been available on the 386 and up since 1986? It just so happens that today's "Modern OSes" (right load of bull that is) map only two memory segments, then completely ignore the GDT, LDT, and TSS after that? It is, of course, done all in the name of "Performance", the mini-god for which many a programmer has sacrificed his first born for, but has never actually managed to show that this "performance" was worth it.
<sarcasm>But wait, we must claim that Java is slow in order to appease this mini-god! </sarcasm>
Javascript + Nintendo DSi = DSiCade
Trustworthy Computing was the response to high-profile security failures like Sadmind and Code Red. And if you think Trustworthy Computing is dead, just compare Windows XP SP2 to an unpatched XP install.
This sig intentionally left blank.
An early version of the computer game "Axis and Allies" wouldn't install on a Windows 2k box of mine. Kept insisting that it worked only on NT5 or greator.
On the plus side of Win2K, it would only be fair to note the millions of MS Word (yes, you may look down your noses at them, but believe it or not, most people do not use StarOffice or vi+TeX to write their documents) documents that have been created with people using Win2K. And the millions of Excel spreadsheets, and millions of presentations, etc. Now, I suppose if you define a failure in that it was not perfect, then yes, of course it was a failure. But did it do what Microsoft wanted (make ooodles of money and get MS products everywhere in the business world)? Yes. And did it do what all those people who DIDN'T experience any security problems wanted (office productivity)? Yes.
;)
Win2k was like a 1990 Taurus. They were everywhere, billions of miles were gotten out of them, but she had no airbags. Ponder that, and don't try and look up whether or not the Taurus had airbags, since I didn't
If 2000 was a security failure what can possibly be said about XP?
from to windows 98 to win2k there was a big step... humm there was windows ME but lets forget it... and that step was one forward... win2k was probably best windows os... better then xp without sp2... soplease stop saying crap about it... yeah yeah linux... whatever... not evryone fking want to build their kernel... not evryone is a fking geek... now it's not their fault fking worms evolve... you think our medicine is crap because some virus are untretable right now? right... anyways hands up to microsoft for w2k! I'm no m$ preacher but when they do something good they deserve respect..
They've got security confused with reliability.
Before Win2k, reliability was what everybody complained about, blue screens of death, constant crashing, runing out of resources, that sort of thing.
Microsoft listened, claimed reliability was their priority, and eventually released Win2k which fixed all of those problems. Win2k has crashed on me all of 3 times while using it both at work and at home for nearly five years, twice due to worn out CPU fans, and once due to hard drive failure. So while my experience is anecdotal I must say Win2k was an incredible success - more than I thought was possible from that company, it certainly changed my view of Microsoft.
Fast forward a few years (2002 - 2003ish), BSODs are now a thing of the past, leaving the increasing viruses and malware as the #1 headache on Windows.
Microsoft listens, claims security is now their #1 priority...
Will their security push be as effective as their stability push? only time will tell, but after the magic they worked with Win2k I'm no longer putting it above them.
Personally I care little, Windows boxes I've had connected to the internet for years without a virus checker are still clean. It appears Windows viruses so far have been limited to inexperienced users and boxes that aren't behind a proper firewall.
Microsoft execs - remember you have a fiduciary responsiblity to shareholders to do what's in the shareholder interest. Clearly your newfound obsession with security hype is not playing to your strenghts, and forcing you to play in a market where you're clearly outclassed (linux/bsd). Microsoft, as a shareholder, I'm begging you do go back to your previous policies of balancing Time-to-Market vs Security in a way that plays to your strengths and maximizes your profits and my stock value.
I'm a big fan of the "best tool for the job".
So am I, and I think the best tool for both desktop and server at this point is something in the UNIX family (Linux, BSD, etc.) with one of the X11-based desktops (Gnome, KDE, etc.).
The NT kernel is just a bloated design (and an even worse implementation).
There is one thing Microsoft has done well recently: C#, a Java derivative that fixes many of the most annoying problems of Java. Unfortunately, they are spoiling it with the same kind of poor library design that already made their C++-based environments so miserable.
parent post severely affected by Linux reality distortion field.
Vote for Pedro
Do you know why? It's because segmented memory models SUCKED. Have you ever tried to program for a 80286? It was an incomprehensible nightmare. Few if any programming languages provide appropriate models for the non-uniform memory space introduced with segments. You're on your own handling the details of ugly, klunky pointer models. The paging features introduced with the 80386 made the segmented model unnecessary, and programmers woldwide dropped segments in a heartbeat.
All you need to do achieve the same security goal is make data pages non-executable. That's what's been done with the latest x86 CPUs (sure it should have been done back in 1986, but unfortunately we can't change the past). You don't need complex kludges like segmented memory.
The same can be said about almost every Microsoft product/technology/implementation.
Microsoft focuses on functionality even when it means making something completely insecure.
So, it all comes down to which do you value more, functionality or security?
You mean more interesting to Window users. Other operating systems have always been concerned about security
My karma is not a Chameleon.
1. Windows 3.x - crap.
2. Windows 95 - okay (for the time anyway).
3. Windows NT 4 - crap.
4. Windows 2000 - okay.
5. Windows XP - crap.
6. Windows 2003 - okay. (Based on other opinions, never used it personally.)
And, no, before anyone asks, Star Trek 10 (Nemesis) was crap so I'll give that oe to that idiot Rick Berman.
Gentoo Linux - another day, another USE flag.
Article is pure MS propaganda.
- They're trying to divert attention away from all the security problems that XP has had. XP is BY FAR the "biggest disaster" of any OS in the history of humankind when it comes to security. Something like 25% of XP boxes are still to this day infected zombie machines. Typical time-to-infection of any pre-SP2 XP system hooked up to the Net was something in the order of seconds or minutes. But wait, let's rewrite history by claiming that 2K was far worse, so that people think don't XP was so bad in retrospect, and that people think MS were already improving their security between 2K and XP.
- They're trying to pretend, yet again, that 2K and XP were written in "more innocent times" when "security problems" were unknown - so that the public is tricked into thinking that their shocking neglect of security was somehow excusable. Spin, spin, spin. All of today's security problems were very well-known by any IT professional even by the 80's; even Java in the 90's touted security over and over as one of its major selling points, and when started pushing their ActiveX-based "trust" model in response ('hey, we have an object model, let's just pretend it's secure and market it heavily') anyone who knew anything was already warning that that was going to be a disaster.
Microsoft knew that security was going to get this bad, but they ignored it in favour of pushing for better time to market to be ready for upgrade cycles and attrition sales.
That's a good strategy: you don't like the argument, so you attack its syntax... Here's a newsflash: not everyone here is a native English speaker. So most reasonable posters show some grammatical leniency and instead focus on the author's intent.
The parent was undoubtedly referring to the pitiful state of printer support Linux at the time of the Windows 2000 launch in March 2000. At launch, Win2k had support for thousands of printers inbox. But with Linux, unless you had a fairly standard postscript or PCL4/5 compatible printer, printing was usually not even an option except in text mode.
My guess is it probably took about 4 years for the parent's printer to receive support. Although a large number of inkjet printers have been added via either CUPS raster drivers or GIMP-print, it has been a slow and arduous process, and many are still unsupported.
I'd say the 4 year figure may be about accurate.