Slashdot Mirror


Microsoft Says Recovery From Malware Becoming Impossible

An anonymous reader wrote to mention an eWeek Story about Microsoft's assertion that PCs may no longer be able to recover from the most aggressive Malware. From the article: "[Danseglio] cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. 'In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,'."

32 of 631 comments (clear)

  1. It's time.... by BWJones · · Score: 5, Interesting

    'In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,'."

    Ummmmm, how about switching? :-)

    Seriously though, NeXTstep certainly has a long history in certain TLA government agencies and OS X is beginning to make significant inroads there as well. In addition the timing is right for many businesses as the infrastructure costs to maintaining Windows are simply becoming too high.

    And calling these recent instances is a joke. I was having to perform complete system wipes and reconstructions due to malware years ago which is why we have essentially completed a migration to OS X. We do have some windows systems still around, but they are hidden behind OS X machines and are run headless and without connection to the Internet. In fact, it's been interesting that those companies that deliver microscopes (electron, confocal and light) and such that are currently driven by Windows are asking their customers to simply not plug them into networks or the Internet, severely limiting their use. They of course have been suggesting sneakernet to move files and data around, but my solution is to network them all with a dedicated backbone behind a Mac mini that is now shipping with Gigabit Ethernet on board.

    --
    Visit Jonesblog and say hello.
    1. Re:It's time.... by truthsearch · · Score: 2, Interesting

      Can't because someone at the top says you can't or can't because your apps are too dependant on XP? I guess I'm asking if it's a technical issue or a bureaucratic issue.

    2. Re:It's time.... by da · · Score: 3, Interesting

      [Speaking from no direct experience of the U.S. military, but...], it's probably staffed by (some) very competant people, it'll be managed by complete morons...

      --
      I reserve the right to be wrong.
    3. Re:It's time.... by networkBoy · · Score: 2, Interesting

      "good" malware will transfer themselves to your servers.
      Comment below:
      or you could just use linux

      Server is Linux (SOL 18) Since all data is stored as non active files, critical data in encrypted volumes accesses and unlocked only when needed, then locked when the volume is dismounted, the isses with this problem are minimal. In fact I have never had an outbreak re-infection (and this is with me looking for malware troubles). While I will admit that my system has flaws, they are very minor and not the target of any malware I have yet to come across. I also realise that many small businesses have no resources for this work, but a 2000 client network is not small business and has no excuse for basic protection levels like this.
      -nB

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    4. Re:It's time.... by kimvette · · Score: 3, Interesting

      Aside from idiots who chmod -R 777 /, OS X would remain relatively easy to recover from malware were it to become widespread. YOu might have to delete $home in some cases but being basically a Unix variant, the system itself should be relatively immune from a system-wide infection.

      This presumes of course you don't log into OS X as admin or root on a regular basis, but only for *gasp* administrative tasks.

      I know of one company which continually gets rooted, but they INSIST on running as admin all the time, AND chmod -R 777 / -- why? because they don't LIKE security. They dislike the inconvenience of not sharing out / and having to drop files only in certain folders. *knock knock* McFly, anyone home? THey don't want their machines rooted, they're tired of seeing the mouse cursors move and applications being used if they happen to be there off-hours, and yet they refuse to take most basic precautions and take advantage of OS X's security architecture - instead they work to defeat it, intentionally so, and then blame IT folks because they can't solve the problem. They've gotten to the point where no mac-savvy people will do work for them, and if I know them well, it'd take a reformat/reinstall of EVERY box at this point to get their network cleaned up again.

      --
      The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
    5. Re:It's time.... by Dare+nMc · · Score: 2, Interesting

      >if your servers are always online for data retrieval, they can copy themselves over there. There is no panacea no matter how hard you try.

      I use for my PC, and all users PC's at my work:

      http://backuppc.sourceforge.net/
      daily images of all on your harddisk, just a click on the log will show the day all your exe files changed, take the files from the day before, clean what else you need from the latest...

      >That's good, but "good" malware will...
      well bad malware would be similar to bad drm, it would go right to the boot sector... thats what I assumed the article meant, until I RTFA, their just worried about difficulty of installing windows, apps, etc. Even my solution isn't so good at that, we got apps that generated some magical PC-ID, that is tied to gosh knows what, and that just doesn't come back without pain.

      boot sector malware is where I think the $100 PC may take over in corporate, throw out the crap to some school/police/investigators/etc, and just buy a standard installed hardware/software package avaliable from multiple vendors for less than a 1/2 day of MIS time, click on my backuppc data files from a good date, gives a zip file, done.

    6. Re:It's time.... by Technician · · Score: 2, Interesting

      Personally, I'd love to migrate us to Linux, but until I can replace CAD/CAM systems, accounting packages, design software, drawing packages, etc... that's simply not going to happen, and until it does happen I'm faced with the job of keeping our MS systems secure.


      I solved that problem. I have job specific machines. The days of a general purpose computer used for everything under the sun is over. Sure I have a machine for Turbo Tax, and other Windows specific applications.

      My web browsing machine is a Ubuntu machine, not the Windows sitting duck. I use a NAS drive that is common to all machines. All shares are password protected. Some shares are read only (MP3's etc.).

      The Windows machine is not used for general internet browsing. The Internet machine does not have permissions to install malware.

      --
      The truth shall set you free!
  2. Kernel hooks? by tedhiltonhead · · Score: 4, Interesting

    because they often use kernel hooks to avoid detection

    Um, how about making it possible to DISABLE ADDING KERNEL HOOKS? There should at least be a reliable way to get a list of all currently-running kernel hooks, if there's not already.

  3. Fools... by chazzf · · Score: 2, Interesting

    I see the first few comments suggesting a switch to Linux or Macintosh. At least where I work, in the educational sector, that's impossible. The time spent retraining faculty and staff alone would outweigh the security benefits, especially when you consider all the specialized software floating around that hasn't been ported (curse you, Department of Education).

    That being said, we haven't had much trouble with malware, and we're mainly an XP Pro/2K shop. We don't allow our users to run as administrators--period. That includes techs. Those who need the ability to install stuff have a local account which is prohibited from actually logging into the computer and has no rights to the domain. Ever since we implemented that things have been pretty quiet. In the rare case when somebody's machine does go down we can take a ghost image for backup purposes (if they aren't storing stuff on the network), and then re-ghost with a clean image. Average turnaround time: two hours.

    --
    No statement is true, not even this one.
    1. Re:Fools... by Syberghost · · Score: 4, Interesting

      I see the first few comments suggesting a switch to Linux or Macintosh. At least where I work, in the educational sector, that's impossible.

      Wouldn't matter anyway. Best practices for recovering from UNIX intrusion have always been to wipe the disks, reinstall the OS, and recover the last known-good backup. Nothing has changed here but Microsoft's attitude; they're starting to grow up a little.

      (sniff). I remember when they were knee-high.

  4. So they just lick their wounds and move on? by gcauthon · · Score: 5, Interesting

    Why is there never any retaliation against the companies that produce this software? If someone overseas comes up with a way to play a DVD on his own computer then he's pursued endlessly. If someone puts out a warning about how Adobe's encryption is not so secure then they're drug over to the US for trial. But if someone writes malware that destroys thousands of computers, including government property, then absolutely nothing is done. It just seems a little odd to me.

    1. Re:So they just lick their wounds and move on? by aussersterne · · Score: 3, Interesting

      Artifacts of modernity/capitalism. Institutions and corporations are more human than are their human constituents. Inter-institutional and inter-corporate grappling is seen in a darwinistic way -- nature dictates that they "survive" or "compete" on the open market and this is seen as ultimately most beneficial for society. Once the dogma begins to flow its banks, however, any contradiction or interference in the macro-ecosystem of political economics by individuals humans begins to be seen as parasitic, something "unnatural" to the process that interferes in the evolutionary process that governs institutions and corporations.

      Don't ever let yourself think that it isn't purely ideological because it is, it's the same philosophy that guides the IMF and Bush's conquest of the Middle East.

      One more result is the belief that malware from companies/organizations = marketplace should decide, and that's good, while malware from individuals = individual must be punished for causing (seen to be parasitic) difficulties for aforementioned companies/organizations.

      --
      STOP . AMERICA . NOW
    2. Re:So they just lick their wounds and move on? by borderpatrol · · Score: 2, Interesting
      From TFA:
      Danseglio said malicious hackers are conducting targeted attacks that are "stealthy and effective" and warned that the for-profit motive is much more serious than even the destructive network worms of the past. "In 2006, the attackers want to pay the rent. They don't want to write a worm that destroys your hardware. They want to assimilate your computers and use them to make money.

      And therein lies the problem. I've said time and again that you can forget about viruses and worms in the sense of traditional mail mailing worms and the likes. The "antivirus" market has for the most part finally gotten through to consumers and they've been educated enough to contain virus outbreaks to small flareups, but not major outbreaks.

      But when you've got a multi-million dollar company, permission based marketing, and some unscruplious hackers with ties to the russian mafia, the spy/adware outbreak is causing far more havok and is going pretty much unnoticed.

      When I do virus/spyware removal at my job (I work for a service center at a retail electronics chain, so I deal with "average customers", not IT staff) it always comes to removing 100 pieces of spyware. The consumers all seem to just think that it's just the system getting old. When I tell them they're infected with spyware, most of their responses are to simply by a new PC (and get infected once more). I can tell you hundreds of horror stories, like the system I did last week that was turned into a server, uploading over 14k files to the Kazaa network, or the customer's system that was so badly infected it would cause all network traffic to halt on her home network because the system was sending out so much data traffic.

      It's alot harder to bury a company like 180 solutions, Aluria, and the like when they've got million in revenue, backing of big companies like Ford and eBay using their advertising, and being able to hide in the EULA of some screensaver program.

      The age of the half-hacker virus writer is dead. It's gotten much more organized once the money started coming in.

      Suggested Reading: Sunbelt Blog

      --
      Yeah I've been starving them, teasing them, singing off key. Me may mah mo, me mo ma me.
    3. Re:So they just lick their wounds and move on? by Rick.C · · Score: 2, Interesting
      Why is there never any retaliation against the companies that produce this software?

      Years ago a friend was following another car down the interstate at a high rate of speed. A cop pulled up behind them and turned on his flashers. My buddy hit the brakes; the other guy hit the gas. The cop pulled my buddy over and wrote him a ticket. Buddy asked cop why he didn't go after the other guy, who was obviously avoiding arrest. Cop's reply: I was only going to be able to get one of you and you were the easiest.

      Law enforcement is always going to go after the low-hanging fruit first. That means the "DVD Jons" and the Dmitry Sklyarovs - the little guys of the world - not the corporations, not organized crime, not even the savvy spammers who are able to do a fair job of covering their tracks.

      As the old joke goes, when the bear is chasing the two of us, I don't have to outrun the bear, I only have to outrun ~you~.

      --
      You were 80% angel, 10% demon. The rest was hard to explain. - Over The Rhine
      "Math in a song is good."-Linford
  5. MMSF (more Microsoft FUD)(TM) by zappepcs · · Score: 4, Interesting

    This is just one more attempt to soften up the consumer marketplace, tenderize it like a NY strip steak, so that joe average will be ready to buy a new PC, capable of running Vista so they don't have to worry about malware anymore, thanks to those really nice folks at Microsoft. The longer that MS has to soften the marketplace with FUD and 'smoke and mirrors' about how they are going to eliminate malware etc. with Vista, the more likely that people will 'wait for' Vista to ship rather than switch to before 2010, when Vista actually does ship SP2 so that it works. MS always makes more money by selling an OS license with new hardware then they ever did selling just the OS. We all know how that works.. so look forward to more of this MMSF in the coming months from the superheros in Redmond....

  6. PC vs. Windows by WindBourne · · Score: 4, Interesting

    I wish that the industry would say this proper. A PC is a personal computer. That includes apple and most linux boxes. OTH, the PCs that are having problems are Windows based PCs. Basically, the press should be saying that it impossible to remove malware from windows.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  7. Obvious by John+the+Kiwi · · Score: 2, Interesting

    For some time it has been easier to wipe and reinstall rather than repair an infection, of course this is dependant on knowing where your data is to begin with - hint: this is why we have servers. A reinstall (automated of course) will take less than 2 hours and everything is guaranteed to be working properly afterward. Properly eradicating most spyware takes a lot longer than this and doesn't guarantee that you or the program/s you use have gotten everything. Why even take the risk of repairing a spyware infection?

    On Windows boxes I still see many spyware infections on computers where the users don't even have administrative access. This includes the adding and changing of system services that users don't (read as shouldn't) have access to change as well as totally screwing over the Windows system restore which I might add helps malicious software coders than the users actually trying to restore system files. All this from surfing a malicious site in IE.

    It really is impossible to trust an infected machine even after every effort has been made to remove the spyware. This is something every Microsoft admin I know has known for some time, this should be a non story except that it's about a government branch that had 2000 spyware infected client machines and no disaster recovery plan - heads should be rolling.

    1. Re:Obvious by dodongo · · Score: 2, Interesting

      You know, every damn time I sit down to fix a nice, rich malware infestation anymore, I think to myself "Should I just suggest we wipe the drive and move along?"...

      And the answer is really simple: Windows simply refuses to make it easy to partition a drive so that data is over THERE ---> and only the OS is on this parition. Yes, I know you can do it. But you try explaining to home users who are terrified of any sort of change on their computer that their documents are on the D: drive. And no, they don't have a new hard drive. And yes, it's a Good Thing to have it that way. Grrrar.

      Perhaps the simplest (to implement on their end) improvement MS could make to Vista is just to have it ask if you want user files and OS files on the same paritition or different ones.

      Then the easy-to-use, always answer for "can you remove this spyware" is "Yes, and I can do it cheap if you're willing to reinstall your software CDs yourself."

  8. Re:Format C: = The Matrix by From+A+Far+Away+Land · · Score: 4, Interesting

    Formating doesn't come close to elimination real malware though. The boot sector isn't overwritten first of all unless you specify /s
    Additionally, the malware could have virtualized your PC and whatever changes you make are to the virtual computer you are running on while the virus has real run of your hardware and resources. Even if that doesn't exist yet, one day it will because it is possible using software that is even freely available today, with some tweaks that bad people would only be too eager to implement.
    Talk about the mother of all rootkits eh? Your computer would be like The Matrix, a virtual world where you think you are in charge but are really running a pawn cause you're pwn3d.

  9. Heads SHOULD roll by laplandsix · · Score: 2, Interesting

    I take care of a couple hundred machines and the FIRST thing I did when I was hired was to set up an automatic install. It's a pretty tiny investment when you think about it. I didn't even do the standard hard drive cloning, I did it the HARD way and scripted a full XP install, which then hooks into automatic application install after XP is done. This is BASIC stuff. I can't believe the outright negligence of an IT department that doesn't have some sort of restore process.

    --
    Free The Lapland Six!!!
    http://www.whatiwore.com
    What I wore, now with 100% more pool project!
  10. Its official by hackstraw · · Score: 2, Interesting

    Microsoft has screwed up for so long, in such a bad way, that now they can't even recommend using their operating system anymore?

    Yes, I know I'm borderline troll, here, but lets look at the progress over the years here with Microsoft OSes:

    1) DOS

    Not much of an operating system. In fact, it does not meet my definition of an operating system. It started out as a purchased in house rip off of CPM or whatever, and IBM was conned into bundling it with their monopoly PC biz at the time. It took years to add features like memory management, disk caching, multi-tasking was a joke. Reliability was abysmal. Yuck. How did a company start from that?

    2) Windows 1.0 - 3.x where x 1

    Junk. Nobody used it, except towards the 3.x days, and even then people dropped to DOS much of the time.

    3) Windows 3.1 and 3.11. Yes, this was the first viable product from the company, but barely. This came out in 1993. Yes, 1993. And it only then almost had the functionality of a Xerox Star from 1981.

    4) NT 3.51. The first time I sat behind one of these, I was amazed. This was the first solid 32bit offering I used and it just felt solid and real. Same ugly interface for 3.1x, but this was a real operating system.

    5) Windows 95. Its claim to fame was that Mac people called it MacOS from 1984. Honestly, it was their greatest achievement to date after conning their way with IBM. I was pleased when it came out. It had issues, but was OK for the time.

    6) NT 4.0. Late to market, but OK. basically 3.51 with 95 UI and some other enhancements. decent for a small company or workstation I guess at the time.

    7) Win 98. Better than 95, especially with OSR2 or whatever it was called. Introduced USB and plug and play, but neither worked well.

    8) Win ME. No comment besides this was the alpha quality OS that was the beginning of the merge between DOS/Win to NT. Everybody knows this was junk.

    9) Win2k Added stability for the first time to their systems. This is where they took a bad UI and started making it worse. Slow as a dog.

    10) XP. Never really used it, but again, more stability, aside from the fact that the legacy support from bullet #1 is now an infectious target for malware, viruses, spyware, worms, trojans, you name it, if you don't want it, it will be on your newly installed computer in seconds without a firewall. Sometime after XP came out, MS took a week or two off of writing cutting edge code to get their security in gear. We all appreciate that, right?

    11) Vista. Looks like a revamping of Win2k. Bad UI made worse, and will be slow as a dog. Nothing to see here, please move along.

    What I noticed in typing this, is that MS is _always_ about 10 years behind where the progress should be. Its now 2006, and XP is a clowny looking thing from the mid 90s. I will say that they sure know how to sell stuff to people. They get an A++ for that, but innovation and quality have never been their forte.

  11. What does a home/home office do? by hoggoth · · Score: 3, Interesting

    How does the ordinary user do this?

    I didn't have the foresight to make a Ghost image of my system from the factory. It's a DELL and the restore-to-factory-from-secret-hidden-partition doesn't work once I added a new partition to the drive (with Partition Magic).
    So now it looks like I have to:
    1. Make sure I have up to date backups of my data (always a good idea)
    2. Purchase another copy of Windows even though I already paid for one
    3. Dig through my records collecting all the keys to all my applications
    4. Spend an entire day reinstalling Windows and all my applications. Anyone who says it only takes an hour to reinstall Windows must have a secret version I don't have access to. I have to babysit the install through ten reboots and many hours.

    Is this the best way?!

    What about after that? I can Ghost the Windows partition, but I'd still have to reinstall any applications installed after the Ghost was made. And it's no use putting the applications in another partition because the applications depend on cruft in the registry.

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
  12. Viruses will corrupt data at some point ... by mgkimsal2 · · Score: 2, Interesting

    making relying on backups far less useful (pointless, perhaps?). I've talked with people before about having Windows viruses that don't sap resources (at first) or kill the machine, but which quietly change data in files. Modify a "3" to a "7" in a few Excel files. Change meeting times in Outlook by 10 minutes here or there. Eventually, get more malicious and start changing other bits of data in files (mainly MS Office files for maximum compatibility/reach).

    A good virus won't be found out for awhile, and without knowing when it infected the system, you won't easily be able to tell how far back to go in the backups to pull 'clean' files.

    This would have a devastating effect on the trust people have in any part of the system. What good is 'rebuilding' the system if you can't trust the data backups either?

  13. Missing the point by Gorimek · · Score: 2, Interesting

    The original point is that this causes genuine harm to every computer owner, including large wealthy corporations, as well as the government itself.

    Most computers are actually used in a workplace, rather than at home.

  14. Why would Micro$oft say something like that? by rssrss · · Score: 2, Interesting

    Q: Why would Micro$oft say something like that?

    A: Because they are about to release a new OS that will "solve" the problem.

    Nah, they wouldn't do something like that.

    --
    In the land of the blind, the one-eyed man is king.
  15. Re:Unrecoverable? by RetroGeek · · Score: 3, Interesting

    In the days before multi-sync monitors, you had to carefully match the refresh frequency of the video card to the refresh frequency of the monitor.

    There was a virus that did change the refresh frequency and that caused the monitor to fail, sometimes with smoke.

    --

    - - - - - - - - - - -
    I am a programmer. I am paid to produce syntax not grammar. Deal with it.
  16. Re:I don't get it.... by pandrijeczko · · Score: 2, Interesting
    I have seen what some peoples machines look like, completely crippled and unusable with Malware... What the hell are these people doing?

    My missus and I both have an XP desktop each (amongst a few Linux boxes of mine). She's pretty regular with virus-scanning and spyware checkers, I'm totally paranoid and do regular checks on everything (Linux and Windows). Suffice it to say, going through this process one or twice a week, I never really find any problems - occasional suspect registry keys, odd dodgy cookie but probably put those down to over-zealous spyware programs.

    Cue the visit from my sister one weekend, along with 13-year old niece and 11-year old nephew. Naturally, they navigate themselves to the XP desktops after asking for (and getting) permission from the missus to do so.

    They're messing about on the PCs most of the day (cold Winter's day in England) and I occasionally look in on them - chatting with friends on MSN, playing the odd Flash game, looking at music sites (niece) and soccer and WWF wrestling sites (nephew). They seem to spend a lot of time in a chat site called something like "The Doll Palace" where they pick avatar characters and drag them to different rooms of the palace to chat - keeping an eye on them, just a lot of kids going "Cool", "Wow" and nattering about music, nothing suspect.

    After they've gone home, I check the machines just to check they've been doing nothing suspect - nope, just kids being kids. Then I virus/spyware check both machines - three viruses (2 on one machine, 1 on the other) and about two dozen suspect spyware bits and pieces - I couldn't believe it, especially as one of the viruses needed a safe reboot of the PC, deleting a registry entry and then a couple of files.

    God knows where they came from but I suspect a lot of this stuff is attached to seemingly innocent sites where kids flock to - "The Doll Palace" is definitely one I'd like to know more about...

    --
    Gentoo Linux - another day, another USE flag.
  17. Re:It's not common sense. It's wrong. by Suidae · · Score: 2, Interesting

    I believe security will be a huge problem for the industry for years and years and years

    I think thats a pretty reasonable statement. Computer systems are very complex and subject to economic and human considerations. Mistakes will happen and compromises will be made in the interest of time and cost.

    Lots of smart, clever and motivated people will be looking for mistakes and oversights in this system. They'll find ways to exploit it.

    A lot of things, including a very secure operating system, are possible and even desirable. That doesn't mean that they are the solution that will be chosen in the kind of environment that we have. The solution that appears will probably be a sub-optimal but fairly effective use of the available resources.

  18. Speaking from experience. by gregarican · · Score: 2, Interesting

    At my workplace sometimes folks bring in their home PC's for me to clean off on my lunch break. A quick job pays a 6-pack of Mickey's. A longer job pays a 6-pack of Guinness. From those cleanup jobs I can vouch that the typical home user with an always-on DSL/cable Internet connection is in a world of hurt. I try to show folks how to Ghost their hard drive onto a DVD-R so that they can restore their system to a usable state rather than search through the haystack for all of the malware needles.

    For example, the most recent cleanup I did entailed a laptop that had no antivirus software running on it. They did have a bundled AOL spyware app installed, but as far as I could tell it had never been run. I installed Avast! and Ad-aware from CD and ran full scans on the system. The result was over 300 virus and over 3,000 malware captures. Amazing that the computer could even launch an initial Windows Explorer session at all.

    If things continue their downward spiral (i.e. - Microsoft dominance, widespread Internet exploits, monetary incentive for malware deployment, and foreign government turning a deaf ear on abuse reports) I would require that anyone with a Windows-based Internet-exposed PC have to earn an operator license. Much like someone would have to do to operate an automobile, motorcycle, ham radio, etc. This would include mandatory security training. And for God's sake, a brief explanation of imaging and recovering their hard drive in case they get hit with something later.

    Seriously though, this scenario isn't viable. But perhaps virtualization technology offer a safe haven. Folks could just reboot their virtual image if they get slammed with something and get back to square one. Until the malware authors get one step ahead of that at least there would be some breathing room...

  19. Re:It's not common sense. It's wrong. by Stephen+Samuel · · Score: 2, Interesting
    Yep. It's a backhanded sales tactic for Vista.

    Microsoft's monopoly makes it pretty much the only company that can actually plan on getting away with selling a new product by saying:

    Our current product is so slime-infested that, if you don't buy our new product (next year, or so), you'll never be able to get any usefull work done!
    Of course, you can also switch over to Linux today, which has enough of a separation between user and admin that rootkits are nontrivial to install, but we won't talk about that...
    ____

    Microsoft and Brazilian bikinis are about the only two products where you can get away with charging people hundreds of dollars for almost nothing -- Of course, I know which one I'd rather see my girlfriend use...

    --
    Free Software: Like love, it grows best when given away.
  20. Re:admin privs by pandrijeczko · · Score: 2, Interesting
    Microsoft REALLY should have worked on making guest accounts more manageable.

    The whole account/priveliges issue on Windows is so convoluted as to be totally incomprehensible to the UNIX mind - I can't understand how the damn thing works!

    "Me", "All My Mates", "Everyone Else In The World" and "If you're really good I'll let you run this as 'root'" is all I've ever needed to cover all the account bases...

    --
    Gentoo Linux - another day, another USE flag.
  21. Re:It's not common sense. It's wrong. by Keeper · · Score: 2, Interesting

    The problem with stupid people is the first thing they do is turn off the safety. The safety is there to prevent accidental discharge of the weapon. Stupid people thing to themselves "if I need to shoot something, this is only just going to get in my way" and proceed to turn it off.

    You would be surprised at the number of people who end up shooting themselves with their own gun every year ...