Slashdot Mirror
Buy Vista or Else
theodp writes "Upgrade or keep crashing was the tagline when Windows XP was introduced. So how will Windows Vista be marketed? 'I'd hate to see something bad happen to your PC,' seems to be one pitch. Even if new features won't get you to upgrade to Vista, you should buy Vista for the security, urged Windows Chief Jim Allchin. Are commercials featuring Tony Soprano next? Bada Bing!"
maybe they should say "upgrade to linux for the security" (or macOS X)... Vista seems to be offering very little in terms of features, and will offer little else in terms of security, partly people go for it because it's what most people use, and partly because M$ just doesn't take security seriously enough... they need to have a root and branch change of how the OS is designed to give a greater emphasis on security instead of useless visual tweaks.
*''I can't believe it's not a hyperlink.''
I'm all for upgrading things to newer versions to enhance security. Secure by design should be the default, and if someone fessed up and said, "Hey, we fucked up last time, but we got it right this time", and could be trusted, then it wouldn't be extortionist of them to try this.
But we've all seen how Trustworthy Computing didn't really change things. New products came through that obviously weren't vetted, and plenty of legacy problems remained. I don't know who's really going to buy Vista because they'll believe the security "threat" perpetuated by MS.
500GB of disk, 5TB of transfer, $5.95/mo
"Even if they are not into home entertainment or in any of the specialty areas, they are just going to feel safer and more secure by using it."
"...[Alchin] demonstrated a collaboration tool that uses a "People Near Me" feature, which searches over a Wi-Fi connection for other Vista users nearby and then sets up a peer-to-peer network with them."
Your computer must be more secure -- it can automatically network wirelessly with other computers to share your files.
$nice = $webHosting + $domainNames + $sslCerts
I would say if the codebase is entirely new, the chances of making the same mistakes again would be lower.
What worries me more about rebuilding any codebase is the possibility of introducing whole new categories of bugs.
liqbase
Start shipping installs secured from the start. Require an admin/install user account for new system wide applications, sandbox user installed software in their home directory/profile. Users then don't trash everything when they fubar their profile or homedir. Windows has all the necessary features to do it, It's had them since the first versions of NT.
Microsoft frankly can't be arsed and there's no profit in a secured system when they can instead continually be selling you upgrades as security fixes.
It isn't rocket science, it's just segregation of responsibility. Unix has been doing it for 30 years. No wait, it must be closer to 35 now.
Deleted
Of what I have read, there will be, at least, one thing that could improve Vista's security. Also, several people have commented on it without having read anything about Vista. Users will login to a limited access user account, rather then an administrator account as the default.
Unfortunately, there are several bad points with Vista that will make me hesitate on upgrading:
"Be particularly skeptical when presented with evidence confirming what you already believe." -
You misunderstand, sorry my wording was ambiguous. OpenBSD and OSX have the same roots, XP and Vista have the same roots, was my point. The point that the article was trying to get across is that these two systems with the same roots have different characteristics in terms of security, which is also the case with OSX and OpenBSD. Of course, I'm not saying that OSX is as insecure as XP, however.
OpenBSD is a great system for secretaries and people in a finance department, for instance.
I worked at one firm that was having problems with the computer systems their secretaries and finance department were using. Many of the workers would play games, or worse, they'd manage to infect the existing Windows XP systems with spyware.
Considering they were doing basic word processing, spreadsheet and web-based data entry tasks, we decided that Windows XP was excessive. OpenBSD, OpenOffice, and Konqueror would be sufficient.
The main benefit was that the systems just plain didn't get infected with viruses, spyware, and some such software. The price was a big benefit, too. And the ignorance of the general staff towards OpenBSD, and UNIX in general, helped. Instead of playing games and chatting, the employees had little to do but work. Productivity rose significantly within the weeks after switching over to OpenBSD.
Cyric Zndovzny at your service.
Hm. Let's see... installing my Hauppauge card and Sage TV took approximately two hours on Windows, and that includes all the time I spent setting preferences. Oh, and it all worked on the first try.
I spent over 16 hours *attempting* to install IVTV (the "official" Linux drivers for the Hauppauge capture cards) before giving up.
During this period of time, I had help from two Linux experts. The best output I ever got from the cat was a postage-stamp-size mpeg2 movie with no sound and no way to change the channel. (Needless to say, the GUI TV viewer apps didn't work at all, and didn't give any clues as to why they wouldn't work.) That was on Ubuntu.
Then I looked at other Linux distributions, and noticed that SUSE claims to support Hauppauge hardware out of the box. So I spend the hours downloaded 5 freakin' CDs worth of CRAP so I do a single task (not counted in the 16 hours) and install SUSE with default settings to my PC. During the install, it gives me an encouraging message, reading something like: "We've detected a video capture card in your computer, so you should install these TV viewer applications." I hit yes, install. Get a working, booting system, open the TV viewer app and... nothing! No error message, it just froze.
Now, given, this was on Linux. But I can't imagine how it could be any easier on BSD.
Comment of the year
KDE can be easily configured to be quite Windows-like. Many people didn't even notice, to be quite honest. We did our best to make the transition as seamless as possible, and we managed to do that well.
We labelled the OpenOffice Writer icon as "Microsoft Word", for instance, and people didn't know the difference.
We imported the Word templates and Excel spreadsheets they were using, tested them out with the OpenOffice equivalents, and for the most part they worked. The one problem we ran into was the font on the standard company letterhead was a bit too large under OpenOffice. That took about a second or so to remedy, of course.
When they asked about the games and MSN, they were simply told that they were deleted.
A little bit of preparation, forethought, and the use of quality software lead to a transition that went very well.
Cyric Zndovzny at your service.
The saddest aspect of Vista's arrival, as far as I'm concerned, is that XP technology has been no improvement over Win2k Pro or Win2k Server in our company. And now we get another scary OS release from MS as the end-of-life date for 2000 products draws near. After SP4 came out for the 2000 products, the only real annoyance was the constant stream of critical updates, some of which unleashed mayhem on our network until we got a handle on update management. Otherwise, the Windows 2000 servers have been rock solid. Meanwhile, XP and Server 2003 have been insufferable turkeys, making me regret every installation. The memory leaks that have plagued Server 2003 should be getting a lot more attention than they've been getting in the tech press. I suspect Microsoft would say that hardware vendors have delivered faulty drivers, but we never saw the random crashes and reboots in Windows 2000 Server that we see in our 2003 servers. I can't trust the 2003 platform anymore - - we moved everything of importance back to Win2k. Service Pack 1 for 2003 Server was about as helpful as a broken ankle. I understand we might see SP2 in 2007. Wow, that's encouraging. Who here wants to dive for Vista? Thank the gods for Linux, Apache, and MySQL . . . .
It's only funny until someone gets hurt. Then, it's hilarious.
I know that the Slashdot crowd has mixed feelings about VMware, but honestly, I am a huge fan of it. VMware is what allowed me to switch from Windows to Linux, while keeping the programs that I need for school, and keep my wife happy. Further, I can run a different Windows for whatever the different need may be. For example, I have one Windows for personal use, work, school, security/spyware/malware research, Windows Server 2003, Windows 98, an Oracle enviroment, FreeBSD, and several different Linux bases installed. Before I made the leap, I tried VMware in Windows, and decided that it was a viable alternative and then made the conversion to Linux. The great thing about running Windows under Linux is that I have not had any spyware problems since converting, nor virus problems -- probably because I surf the internet and do email under Linux as opposed to Windows. The downside to this approach is that it 1) Expensive, VMware cost $189 for Linux, but they do give you a 30-day license; 2.) You have to have a lot of memory in order to get the full benefit. 3.) You still need a license for Windows. However, I get better performance for my Windows installations under Linux than I did with a native Windows installation. And then you can do snapshots and other features. Even if you manage to hose your Linux installation, short of deleting your virtual machine files, your virtual machines are safe.
Anyhow, the point of the post, is that if you seriously would like to be able to migrate away from Windows, and need to be able to maintain compatablilty, then look at VMware. Unlike some of the other virtualization solutions, VMware is extremely professional, polished, and does a slick job. I am the president of a Linux and Unix User group and we distribute VMware disk images for use in VMPlayer (which is free) to help people get farmiliar with Linux. The quaility of VMware is such that after using a beta release for two months I couldn't help but buy it after the beta expired -- their beta was so professional, I was really impressed.
And no, I don't work for VMware.
The views expressed are mine own and do not express the views of my employer.
Is security a binary thing? Is something secure or insecure ?
I don't think so.
I think "security" is a blend of many things.. the _correctness_ of non-security features, the selection and depth of security-focused features, the process around resolving defects (because there will be defects), and the conditions under which a user can use the machine.
Even if Microsoft had done everything they knew how to do to make XP "secure" when they had made it, would it be secure today? No. Because today new threats are understood and being used that weren't in existance when XP was designed and shipped. Is XP retroactively insecure? Or it just less secure than something newer, all things otherwise equal, that was developed with the context of the threats that have emerged since XP was released?
In the specific case of Vista vs XP, some of the things that are "better" this time around are
- more credible run-as-non-admin story
- better sandboxing and least-priviledge stuff, even within a normal user account (i.e. its not necessarily true that IE running as you can do anything you can)
The run-as-non-admin thing "worked" in XP, but with enough caveats that it was hard to credibly say "everyone, do it that way". The POR for XP was to ship with non-admin-by-default until very, very late in the ship cycle, where there was just too much stuff that didn't work as non-admin. They made the hard decisino to make users=admin by default, and nobody was happy about it. This is a problem that Microsoft has been chipping away at for a while now, because the goal is "let everyone run with as few permissions as possible" and it often conflicts with the other goal of "20 year old software written by 3rd party people needs to keep running"
I have no problem buying that Vista has more security-focused features than XP. I have no problem buying that Vista has better code correctness in non-security features than XP. I don't think the security response process will be any worse in vista, infact, i know of at least one technology that makes it better (but im not sure if its public yet?).
Will Vista be "more secure" than XP? I think so. Will it be "as secure" as OpenBSD? Probably not. Will it do more things that more users want than OpenBSD? Definiately. Will Vista have a better intersection of practical security vs functionality than OpenBSD?
Microsoft thinks so, and I think I agree with them.
My opinions are my own, and do not necessarily represent those of my employer.
You get stuff like this on both sides. Here's mine.
I built 2 64bit AMD boxes, and purchased WinXP X64 for both. I figured one would be a Win box for my wife, the other would be dual boot, Win for games, Fedora Core 4 for development.
I spent about 2 weeks finding and downloading drivers for the Windows installs. Everything on the motherboard (including 1Gb network card), the DVD RW, video card...
I was ALMOST afraid of putting Fedora Core 4 64bit on it, but figured I could get it working with some work. So installing Fedora was a much, different experience. Put in the DVD and follow the install screens. No drivers to find and everything worked out of the box.
So in MY case, Windows took days, Linux was less than an hour.