Slashdot Mirror
NYT Security Tip - Choose Non-Microsoft Products
Giorgio Maone writes "The New York Times article 'Tips for Protecting the Home Computer' follows a story we recently discussed about the proliferation of botnets, and contains some statements which may sound quite unusual from mainstream press, especially if targeted to home users: 'Using a non-Windows-based PC may be one defense against these programs, known as malware ... Alternative browsers, like Firefox and Opera, may insulate users ... NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC'."
Using a non-Windows-based PC may be one defense against these programs, known as malware
The old "security through obscurity" solution rears its head yet again...
Push Button, Receive Bacon
I must admit that initially I was a bit humored by the idea that a New York Times author had a right to caution me about computer usage. But when I looked up his credentials, he seems to be a qualified and experienced tech writer who probably has good advice for the general public. Granted, his last recommendation: "Don't click if someone offers you something too good to be true. It is." worries me that people may be wary of certain open source projects but in the end, I'd agree that I'd tell my sister and friends just not to install anything and to ask me for specific links to programs that solve problems or fill needs.
In the end, it's a very short article and doesn't provide a very comprehensive picture of security for a home user. You may think its news that Mr. Markoff decided to push people away from Microsoft but he's only telling you the facts about the numbers. You won't have as many problems with Linux but there's no way your daughter's iPod will work with iTunes Music Store on your computer anymore. If he wanted to make this a notable article, he should have delved into trade offs and better coverage of issues.
So Markoff doesn't like the benefits of running Microsoft software. So what?
My work here is dung.
The only usable way to control Javascript is site by site, and turning it off by default slashes a whole army of exploits out of your life. Every browser should have this functionality built in.
Does this mean the main stream is finally (slowly) catching on to the reality of choices? It would make my day if the world would wake up and realize that they have options when they sit down in front of a computer.
We hear this suggestion all the time, but the reality is that the reason Firefox and Opera are "more secure" is that there are less people using them. Their market share isn't worthwhile to the commercial malware authors.
/GS and /NXCOMPAT.
Every "dot" release of Firefox you'll see 5 more bugs colored red, indicating an exploitable bug. Opera fixes them in secret, but it still has them. All the browsers have security problems, and it's mostly due to the complexity of all the features that have to be supported.
I hope Firefox is at least compiled with
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Not use Microsoft? That's unpossible! They must be Mac or Linux users and are completely out of touch because they don't have the problems in the first place.
Seriously, it's good to see the message getting out. Another widely read, "mainstream" source, the BBC, has said the same thing already, like this. Of course, everyone without a vested interest in M$'s welfare has been saying enjoying the same for years. Sooner or later, despite billions of advertising dollars and bullshit studies, people are going to get it and real OS choice will happen. Seeing this in the NYT makes me think this is sooner than later.
Friends don't help friends install M$ junk.
Is probibly the best advice one can ever get.
I hear Steve Ballmer got the news while visiting a chair factory. Remember to duck and cover!
NoScript is nice, but it could use a large default whitelist, something like the AdBlock Plus subscription options. It gets pretty tedious to allow every site manually, especially when some only break in subtle ways.
LOAD "SIG",8,1
.... This advice seems sound, the reality is that EVERYTHING is exploitable. OSX for example hasn't got a lot of exploits, but you can be assured that they are coming. FireFox has exploits (or at least bugs that are exploitable) and as their user base increases, exploits will appear. All that using non-M$ products gains you is time until exploits appear in the products you choose.
Perhaps the thinking should change to using products that are reasonably secure (regardless of vendor) and using some common sense? That may be much more effective.
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
The article contains advices such as "use firewall", "use antivirus", "update your OS", "don't buy stuff from spam mails"...
Why is this on Slashdot? Is this the sort of information we need to be fed? What's next, an article describing in detail how to turn on our computers?
I keep a patched 2003 desktop, and I use Opera for browsing quite nicely. I confine my web surfing to a known list mainly. If I'm really worried, I surf from a copy of Opera running inside a snapshotted VMware instance. Occasionally I get my A/V program deleting an infected file in my Opera cache. I'm sure IE would have allowed a code execute in the same instance. I noticed a recent story that indicated a lack of full disclosure on Opera's part, but I've found it a usable alternative with enough of a niche that it doesn't seem attacked. Plus its a partitioned app, it doesn't have tendrils running everywhere in the OS like IE.
The most secure product EVER is the product that nobody uses. OK, follow the so called "expert's" advice. If everybody follows them, MS will be the most secure in the world.
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
May be? MAY be? MAY BE?
<SARCASM>Sure, I have to worry about my Mac getting co-opted into a botnet 24/7, because we all know how many active threats there are to Macs! </SARCASM>
Man, talk about "understating the case."
The honest way to put it is that running Windows is the #1 way to get yourself into trouble. Adware, outright co-opting of your resources, virus problems... Windows boxes are insecure and risky, more so than any other machine, right out of the packaging.
You want security and simplicity of use? Mac isn't just "an" answer, it is the *only* answer. You want security and not too worried about simplicity? Linux or a Mac. You willing to re-work of all Microsoft's incorrect settings, patch all the browser vulnerabilities, play the target role in the hacker version of whack-a-mole, reboot your PC every few days because MS has discovered another severe vulnerability in their spaghetti code? Buy a Windows PC. Endless entertainment for puzzle solvers who don't care about their data security or computer availability. Been there, done that, found the solution, not going back.
I've fallen off your lawn, and I can't get up.
There's only been 9 comments on this story at the time of this writing, and yet the following tags are already up: "flamebait, nytfud, troll". These guys work fast, don't they? What's flamebait, trolling, or FUD about this article? Avoiding Microsoft products is a perfectly prudent move, if you can. Is it untrue to say that Mac and Linux users are safer on the internet than Windows users, or that Opera or Firefox users are safer on the internet than Internet Explorer users? Far from it. It's demonstrable fact.
Viper is the preferred editor of the Emacs operating system.
Our school installed Deep Freeze and all the virus/malware problems just went away. Basically, users can't install programs. If they try, the programs go away when the computer is rebooted. All the computers reboot themselves at midnight. So, a virus might last a few hours but it's gone the next day. A couple of years ago the network was down for a few days while the IT guys eradicated a virus. Since Deep Freeze there have been no such problems. I'm surprised that more people don't use it.
The essentials, with emphasis added:
Botnet programs and other malicious software largely take aim at PCs running the Microsoft Windows operating system, because Windows' ubiquity makes it fertile ground for network-based attacks.
Using a non-Windows-based PC may be one defense against these programs, known as malware; in addition, anti-malware programs and antivirus utilities for the PC are available from several vendors. Windows users should use the Windows Update feature.
Microsoft itself entered the computer-security business last year and now offers a free malware-removal tool for download from its Web site. The company says the program removes about two million pieces of malware each month, of which 200,000, or about 10 percent, are botnet infections.
Like Windows, Microsoft's Internet Explorer browser is also a large, convenient target for code-writing vandals. Alternative browsers, like Firefox and Opera, may insulate users. Microsoft's most recent browser release, Internet Explorer 7, is said to offer significantly improved defenses.
Adding software to your browser like Noscript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC.
Microsoft wants to empower its users, and everyone else, for that matter. Don't you see how convenient it is that MS products execute treat every piece of data they ever come into contact with, no matter where it's from or whether it's a video, sound file, Office document, image-- whatever!-- as an executable? It's just like how you pick up every piece of garbage you see and put it in your mouth because it might be food. That's the taste of Freedom!
Windows XP systems, yes. Not Win9x.
It's been proven that Microsoft has dominated the market not by creating a superior product, but by superior (often times unethical) business practices. Their goal is to do whatever it takes to dominate the market and this is a result of that. The fact of the matter is that many Microsoft products are infact lacking in areas that they didn't need to focus on in order to gain market superiority. Competitors then need to target a different market and create a superior product in order to attempt to compete with Microsoft products. Do OS X and Linux, firefox and Opera seem to have less faults than they actually do because less people use them? Yes. Is that the only reason? No. Don't simply dismiss non-microsoft products based on the fact that they don't control the majority of the market.
Gentlemen, you can't fight in here! This is the War Room. ~President Merkin Muffley
Maybe use a whitelist that's already out there? McAfee SiteAdvisor?
[using anything but M$] is a steep learning curve, and a lot of people think why bothered [sic].
So M$ shoved IE 7 down their throats as a forced update. Borat voice, "Is nice!" If you want a consistent interface instead of, "change for change's sake" use free software.
Back in the real world, my five year old girl is happy with Firefox. I like that her system does not have to be replaced every two years and that it does not catch porn spam or American Express pop ups. Mepis took me all of 20 minutes to install and it works with all of her favorite PBS toy sites, and many more demanding A/V playthings. I'm sure, in time, she will master other tools and that they will be nice free ones that don't change all the time.
Friends don't help friends install M$ junk.
The first part is simply google for crackers interviews and see what they say. They will always tell you that they go for what is easy. Why? Because a number of them are there to make money and time is money. If the systems were equally easy to attack, then yes, go after the most numerous. But when one has so many easy points, then you persue it rather than the ones that are difficult.
The 2'nd part is compare bank robberies to 7-11 robberies. Back in the 60's, banks were robbed. BWhy? because they were easy and had lots of money. But then in the 70',s the banks took actions and made it difficult. They still had the money, but it became very difficult to rob them. So the robbers turned to convinence stores who had say a thousand dollars (acceptable), and were easy. At first 7/11 ignored it, but then their ppl were being killed. So they made it very hard for robberies to get a thing. Now, banks and 711 are == difficult, so the robbers are back after banks. WHy? Because if you are going to risk it, then go for the big score. Interestingly, the banks now limit how much money is available to the tellers as well as every teller has a loaded stash.
So what does that mean for Windows vs. OSS. While Windows is easy to crack, everybody will hit it. If ever it becomes >= to *nix in terms of security, then *nix will be hit, because overall, there is much more money on the *nix systems. And if *nix and Windows become better than mainframes, then they will turn to there because there is REAL money.
I prefer the "u" in honour as it seems to be missing these days.
bring your own OS I do, be3ause
Closing unnecessary open ports, turning off javascript, using a firewall, running windows update and keeping your virus definitions current, running some anti-spyware software once in a while, not downloading anything from anywhere of the net and running it on your computer willy nilly, not clicking links in emails from sexylaura123@ebay.securelogin.com or the like that remind you of the great time you had last Saturday and most of all not running in a fucking administrator account will do wonders at securing windows. Frankly I think telling users to do that, rather than tell them to switch to Non-MS software which they often can't and probably won't do anyway is a little more useful.
Reality must take precedence over public relations, for nature cannot be fooled.
The old "security through obscurity" solution rears its head yet again..
Sounds like you bought the popularity lie.
Friends don't help friends install M$ junk.
Windows lets you create normal user accounts with limited privileges. The installation requires that you create one administrative account and then as many limited user accounts as you desire. The only incorrect settings are those you ignorantly apply yourself.
How is this different than any other browser (or any other application, for that matter)? All applications have defects, such as Firefox, Quicktime, Opera, and OS X. These defects need to be patched (or perhaps I should assume that you don't patch vulnerabilities in software you use- including those in OS X- because you feel there's no threat).
Are you serious? Every few days? Considering "Patch Tuesday" occurs once a month, you would be required to, at most, reboot your machine once a month. The reboot is only required in certain circumstances because Windows won't let you update a file that's currently in use. *nix systems allow modifications to active files, but active processes still only are able to use the previous version, which can be a nightmare when applying patches. While it's a matter of preference, I know many administrators that would rather reboot a machine to ensure that all processes are using the updated library than being forced to make this determination manually.
This doesn't say much for your technical abilities. I have been highly successful in educating the least knowledgeable computer users (read: home users) in basic security practices. It's quite simple- don't run as an administrator.
once again the solution is to drop everything and either rebuy hardware or hope that linsux supports your current hardware.
whatever happened to simple security solutions that made sense that people could do today without added expense? i've never had a virus/malware. i keep my computers behind a firewalled router (with very little configuration work), i keep them updated and i run AVG.
damn, that was hard.
I use NoScript but my wife found it very annoying that all the sites she wanted to visit would not work without having to allow them first. I don't think recommending it to the average home PC user is very helpful because they will just think that it broke Firefox.
:(){
This is where the animated characters take on faces like donkeys and go "well, DUH!!!!!!!"
On fark, They'd be paging Rick Romero...
I don't know the meaning of the word 'don't' - J
.... probably 80%-90% of the websites I visit REQUIRE me to enable scripting before I can use things like navigation elements, which are a little crucial. Some of the more lame ones (like http://www.channelgo.com.au/) actually successfully load all the content, then it detects I don't have Javascript, and redirects me to a page telling me I need to reenable Javascript!
I like the extra feeling of security I get using NoScript, but I'm pretty close to ditching it because the pain of having to enable and reload every website I visit just to do something like be able to click on an 'about' or 'FAQ' link is too much.
Gotta love Slashdot. The grandparent makes ridiculous claims about the indescribable complexity of the Windows security model and alleges that constant reboots are required, yet is modded Insightful. When someone presents evidence to the contrary, however, that post is modded as Flamebait. Goooooooooooooooooo fanboys!
benefits of being most people into a goals. It's when server crashes sWe strongly urge she had no fear simple solution Sales and so on, I burnt out. I
I confine my web surfing to a known list mainly.
That's just sad. And to think for every person like the poster, there's 1000's who feel the same - who are actually confine themselves to a known list of sites they are not afraid to browse.
For the technically savvy, it's probably a good tip. However, do you expect the same people who constantly get infected with the malware-of-the-day on Windows to be able to properly administer Linux / OSX / BSD / whatever else? They won't lock it down, get security updates, or do anything else. It is possible to operate Windows securely (though it would probably be safer just to forget Internet Explorer even exists). If there are millions of Linux computers out there and nobody is securing them or updating them (as is the current situation with Windows), how long do you think it would take for these scumbags to redirect their efforts? The only real defense is education, but we all know that is totally doomed to failure.
I see you are having reading comprehension problems. Read again. Slowly. You may be able to determine that those are two different statements, with two different sets of requirements.
You know what? I don't have to "educate" users I point at Macs, because Macs work and are secure out of the box. Also, I don't mind in the least being characterized as a fan of systems that work. Don't worry too much about my technical abilities; I've been writing code and designing computer hardware since the early 1970's. One of the consequences of that is I am quite familiar with Windows, *nix, old Apple systems, OSX, and a bunch of earlier operating systems as well. And if there's one constant that's been the same since day one, it is that the less the user needs to know to use the computer safely, the better off they are.
You like Windows? Fine and dandy. I don't. I won't recommend the OS as a primary operating environment any longer under any circumstances. Virtualized in a sandbox, yes - when you need a particular application. Otherwise, no.
I've fallen off your lawn, and I can't get up.
We hear this suggestion all the time, but the reality is that the reason Firefox and Opera are "more secure" is that there are less people using them. Their market share isn't worthwhile to the commercial malware authors.
Why not move to the zero cost option that works better, if that's true?
It's not true, of course. Just three days ago, you might have read this about IE being naked for more than 200 days last year where Firefox was only exploitable for nine days. You might also have read about exploits for Vista being for sale before it's available, while the market share is next to zero.
The next M$ line of defense is to blame the users. Mac, Linux, even Firefox users are "savvy" and M$ users, "the masses" are somehow stupid they will tell you. Somehow, ease of use, means ease of abuse to them. This really just tells you that M$ thinks you are stupid. Mac specifically markets itself to people who are computer phobic and want nothing to do with computers. Oh but now we are back to popularity and it never ends because it's a lie.
Free software is both easy to use and more secure and the two are not exclusive.
Friends don't help friends install M$ junk.
...when you consider that Linux is compromised more often than any Windows based OS. http://www.zdnet.com.au/news/software/soa/Linux_ha cked_more_often_than_Windows/0,130061733,139116229 ,00.htm
The only usable way to control Javascript is site by site, and turning it off by default slashes a whole army of exploits out of your life. Every browser should have this functionality built in.
Amen to that. I use noscript and I have lost count of how many sites fail completely or outright refuse to load if JS is disabled. The number of sites which degrade gracefully is sadly quite small. If every browser had this, maybe web developers would finally get it through their thick skulls that JavaScript is best utilized to enhance the user's experience. Obviously, there are some exceptions, like AJAX applications and the like. It bugs me so much that I have never developed a site that did not degrade gracefully in the absence of JS. In fact, the only way the user would notice something was different was if they had first seen the site with JS and then later without or vice versa. Some of the worst offenders are the "major" tech companies. Try logging into Yahoo webmail with JS turned off to see what I mean.
I think your argument of "It's so simple a 5 year old can do it" is flawed for one big reason: The five year old isn't used to using IE.
You must have missed this article
, complete with screen shots about how inconsistent the M$ GUI has become. Just look at this screenshot. I thought the differences between KDE, Gnome and other toolkits was bad but that's way off, M$ has no excuse for the fundamental differences seen in their own tools. Why would you ever throw a new user into that mess? The worst part is how frequently they change the interface, No one else does it more.I'll conclude with
Friends don't help friends install M$ junk.
http://www.mysecureisp.com/
Funny, Opera has the ability to turn off javascript in its quick menu. Lemme check;
F12 -> Enable Javascript (unchecked!)
Yep! Every browser SHOULD have this functionality built in; too bad only Opera does at the moment.
As far as I can tell, the computer science types and the IT types avoid each other like the plague. Also afaict, the computer science types have their own hardware separate from the main network.
Given the above, I don't see what having or not having a computer science department has to do with it.
Yes, it is possible to operate Windows securely, unless you don't install and use cycle-sucking anti-malware software, don't watch your step on the internets, and indiscriminately double-click on every attachment that appears in your inbox. Since we can't break non-geeks of any of those bad habits, the logical alternative is for them to use OSes that are less susceptible to the behavior of uninformed users. OS X is the only other mainstream OS, 'mainstream' meaning you can walk into a store and walk out with a computer that is ready to run it out of the box. Thankfully, average computer users are finally starting to get fed up with all of the problems that plague Windows and are buying Macs in droves to avoid them.
And don't tell me that as soon as Macs get popular enough, they'll have the same problems as Windows. BlackICE defender was a software firewall with a user base of around 50,000 installations. When a hole was discovered in the software, someone went out of their way to create a worm that would break into all BlackICE firewalls that could be found on the Internet. They did this "just for fun". For a mere 50,000 installations. OS X has a userbase a hell of a lot larger than 50,000, and there are plenty of Apple haters who would love to make a name for themselves by being the first to create an OS X virus and take all those smug Apple users down a peg. Well, it's been almost six years-- so where's the OS X virus?
but I've never had malware attack (trojan, virii, worm, spyware, etc.) that I have not done myself (and I've been using Windows OS computers since 1991). My computer has never been owned or any other stupid idiotic nonsense. Perhaps I know not to open unsolicited emails or go to websites I am not sure of... perhaps its just plain common sense.
In otherwords, my question becomes where the hell do you (you being the individuals who've had these issues) go to get these problems? I want to actually see one for once, because I personally believe that its either a bunch of "bravo sierra" or the users truly have no clue on what to do (or not do) on a computer.
I'm not saying Windows is necessarly better, as for my own personal knowledge, I'm cutting my teeth on Fedora Core 6, and hating positively HATING the fact I've had to do 4 installs (1 initial and 3 re-installs) just to get it up and running, but I'll try it because I always like being fair) but having said that I do not see really any viable alterative software that Linux provides that 1) looks as nice as Windows, 2) operates in a relatively simple manner -- this can be chalked up to my not knowing the system however, and 3) not having to touch the command line or reworking source code. EVER.
In the end while I believe the author is well intentioned, for individuals who just want the computer to work (with a minimal learning curve), Windows is still the champ in that area (even though, some individuals / groups claim it makes it easier for malware authors to operate as well).
Regards,
MBC1977,
Apparently resolving this isn't that simple. Otherwise, ad-aware (not to mention its innumerable brethren) wouldn't be one of the single-most downloaded applications for Windows, now would it? Norton and all the other "security vendors" wouldn't have anything to do either, would they? Do you see tons of users running for adware prevention or virus checkers or third party firewall software on the Mac/OSX the first day they get it? Or later? No - you don't. And why? Because it isn't needed. Those who have opted for the very few programs in those categories on the Mac have been scammed: because there is no such set of problems. Those problems are Windows problems.
And that is why that today, at least, OSX is better for the vast majority of end users. Not because it is better looking, though it certainly is. Not because it is easier to use, though it is that, too. Not because the hardware always works, though it does, and without any fussing around, too. But because it is easy, reliable, and doesn't continually force the user into a state of pissed-off fugue.
It used to be that because some applications were only developed for windows, that the Mac was accurately seen as a poor choice for some based on app availability. Today, with Parallels running exquisite sandboxed virtualizations on totally kick-ass hardware, you can run the serious windows apps you have to and then kill windows, tossing the OS state completely, keeping only user filesystem data and chopping off most Windows security problems at the neck while muttering, "Die, you #$%^er!" There's never been a better time to go OSX and say goodbye to the black hat hacker community.
I've fallen off your lawn, and I can't get up.
Windows really should have put out a new build of XP before releasing Vista. Just SP2 with a new installer that mimics Windows server 2003. If you've ever installed Windows Server 2003 it can be quite secure. It turns off all inbound connections until you can install patches. It turns off IE so you can't surf anything without explicity telling it you are ready to. Server 2003 was going down the right path, I'm not sure why they never ported some of these basics to a new XP back in 2004. I guess it's too late now.
The last big Windows worm was quite a while ago. They are still alive thanks to the unaware. Windows has a lot of ports open compared to other machines mostly because it was designed to operate in a operate in an Active directory enviornment...and because RPC is overally relied upon. Yes you can get a virus delivered by email, but this is true of any OS where the user is running as root ( admin ( if the os even supports it ) ) and opens up an attachment. Windows users are bombared with viruses that Mac users get and can safely ignore...heck if you tried to run the exe it would just fail. Mail virsuses are getting less and less as well as email providers and spam firewalls are blocking them. A properly written virus ran on Linux or Mac OSx can get thru the protection. Linux and Mac OSx have had plenty of exploits to get a file install things.
While other OSes interact with each other, they don't quite do it with the built in way MS does. This is good for the end user and bad for security. SMB setup has gotten a heck of lot easier on Linux in the last few years, but compared to Windows it'll never be quite as easy. There are products out there like Groupware, but Active Directory is by far the simplest and most useful for setting up a small to massive network. Thousands of companies use it every day to share files and get work done. Install a printer from the active directory isn't super easy, but I ca'tn see a Linux product comparing.
Mac interaction with AD isn't that bad. I wish it had an Active Directory client from the get go, but my Mac users can print, share files, and a few other things okay. Nobody likes to mention that Windows file security is far more advanced then Linux's will be for quite sometime. The ability to permission a file to individual users at varying levels is absolutely crucial. It is a pain for my Mac users to have to remember their NT passwords and visit a NT machine to reset it every once in a while, but it is good enough so they can run Photoshop...with the Mac keyboard.
I won't be suprised to see a mac mode in Vista sometime soon. It wouldn't really be that hard for Windows to stick the file menu up on the top of the screen when a Window takes focus.
The fact of the matter that no ones wants to talk about is MS is becoming fairly secure if installed with it's patches and stuck behind a firewall. This is true of practically all OSes. The big problem MS has it that it doesn't update it's install disks and most of it's vendors don't update their freaking images. If I get a new Dell I would expect not to have to install a single patch that was over two months old, but alas they don't do that for you. Imagie you installed Redhat 3.0 and then put yourself on the network. I'm sure someone out there could right a worm for Redhat 3.0 right? There isn't one port in the default install with a buffer overflow issue? It be an interesting expierement to write worms for older versions of OSs and see how they take. My guess is that there are more Windows 98 boxes running today then RedHat 3.0 boxes ever ran.
The point is OSx or Linux get the marketshare that Windows has you'll see 1000's of older versions of the OS. As it sicks MAC users generally upgrade fast, and Linux users are practically religous about it outside of the server scope. And on the server side it is likely the machines are protected via firewalls.
The browser hole is getting plugged as we speak. Firefox, Opera, and IE are all plugging away. The big issues is that HTML and Javascript t
I "operate Windows securely" without cycle-sucking anti-malware software and usually aren't watching where I'm stepping.
Might be a problem with the users. I don't use an administrator account.
If computer systems were diverse, that means every time I used a computer, it would work and act differently. Software that ran on one system wouldn't work on another, or would work subtly differently.
It would be like dealing with people. The training manual for one doesn't work with another. Drugs made for one don't work the same for everyone. Diversity is a killer, I tell you. Clones all around!
As a long time Linux user I have to say...
Honestly, what does he think he's doing giving people dangerous, top-secret information like this? Alternative operating systems should be kept secret from the standard computer user! The less people that know about Linux the better - that way my computer will not be targeted!
Seriously though, while Linux and Mac OS X are inherently more secure, they have their fair share of (in some cases rather bad) exploits. So recommending this to people seems like it will only ever be useful in the short term. Firefox is a great product, and while I recommend it to most people, I'm very wary when I tell them it is more secure. I'm no expert on the statistics, but it's market share is certainly growing. As more people use it, it becomes a more viable target.
It seems like a paradox to me. It's secure partly because less people use it. Security is desirable, so more people use it. It becomes no longer as secure.
Whilst I love to spread the Tux joy, I very occasionally find myself hoping the software I use never becomes too mainstream - it's a purely selfish desire to have an easy worm-free computer life! It's security through obscurity, but at the moment it's working...
I suppose if there's one thing going for the Windows security model, it's that most people are aware that malware is all to easy to pick up; at least they're aware of the security problem. If people switch to something else and think that they're safe, that attitude may undo any good from them using a more secure system.
"Waiter, waiter! There's Linux on my PC!"
"Quiet sir, or everyone will install it."
Good point. This weekend's anecdote - you would think a current model Microsoft webcam would install easily on a up to date Microsoft Windows XP - I did and was wrong. Admittedly all it took in the end was a download of another version of directx instead of the one on the CD - but that took several hours on dial up on that computer. Installing stuff really is a puzzle sometimes - I have many examples but things are getting better as a rule.
Most people get somebody else to solve the puzzle for them - so they think the Microsoft software is simple and are blissfully unaware of the registry. What really appalls me is how people have got used to running compromised machines - they trust that whatever crim is putting adware on their machine or using it as a spambot is not getting their financial information from the PC or putting other nasties the current antispyware doesn't know about on there.
I completely agree. If the number of Firefox and IE users were switched, there would probably be a few more Firefox exploits exposed, that doesn't mean Firefox is more secure solely because it's not as common of a web browser, as many people seem to think.
Who else makes a calculator that goes to infinity...or has somebody found the limit yet? If nobody has, then let's set up a "calculator@home" to see if there is one.
What?
I'll pass them along to my parents and my grandmother and her friends. They should have no trouble understanding them until they get to "ports".
In other words, get real. What percentage of general users do you think are capable of doing all the stuff you mention--or maybe ANY of it? Security shouldn't have to be a full-time job. And with a well-designed system, it isn't.
Hmm... according to Secunia...
OS X has 9 unpatched vulnerabilities of 87 listed, plus 1 partial fix. Oldest unpatched is Nov-2006.
Win2K Pro has 24 unpatched vulnerabilities of 145 listed, plus 3 partial fixes. Oldest unpatched is Oct-2002.
WinXP Home has 29 unpatched vulnerabilities of 154 listed, plus 3 partial fixes. Oldest unpatched is Sep-2002.
WinXP Pro has 32 unpatched vulnerabilities of 169 listed, plus 2 partial fixes. Oldest unpatched is Dec-2002.
Linux 2.6.1 kernel has 19 unpatched vulnerabilities of 107 listed, plus 9 partial fixes. Oldest unpatched is May-2004.
My interpretation is that based on these numbers, OS X looks pretty good! Of course, this month of Apple bugs might see the numbers rise somewhat.
Don't you recognize his reasoning? It's not based on facts, it's based on the theory that both programs have bugs, therefore they must be just about as secure as the other.
:]
Never mind the recent story that Firefox was vulnerable to a critical (one where "visit bad web page" == pwn3d), unpatched, published exploit for all of 9 days last year (IE was vulnerable for 9 months). This is called a "vulnerability window" and is an important part of any security assessment attempting to measure how secure bits of software are without having to rely on vendor claims. Obviously, that's too quantifiable for use with such a reasoning process. Then we have to reason about all the exploits that aren't public, as if people can silently exploit computers en masse with private exploits and no one will notice. Sure, if they're not interested in a botnet of random computers, they'll stick to targeting specific people and keep their exploits quiet, but that doesn't really impact the security of the population in general. It's also funny that people have this perception sometimes that they only visit "safe" sites. Even assuming they're not one of the porn viewing public, and that they never install smilies or screen savers (great way to get infected) or other such crap, that ignores that we've seen major advertising networks get compromised and serve up exploits. Not to mention the shady ad networks that do that deliberately...
Ironically, when it comes to open vs. closed source, it's usually argued that open source helps make the vulnerabilities more public, so that puts things even more in Firefox's favor. So to argue that IE is even as secure as Firefox requires you to use ridiculous metrics touted only by PR departments in media releases.
So yes, it's true--Firefox does have bugs. There were even 9 days last year when you could've been 0wn3d by an unpatched exploit (assuming you haven't learned to use the noscript extension). But there's no way to hide the sheer magnitude of the difference: 9 days vs. 9 months. Yeah, they can improve. Maybe they'll even manage to do things a lot better. And maybe you can find a few things to quibble with in that story. But the fact is that Microsoft has a terrible security record. Period. No one else is perfect, sure, but let's call a spade a spade here instead of being distracted by a dirty hoe
The person above has an agenda to push as seen by username and URL and turned the Mac comment into a linux one to push this agenda - as well as an accusation of your incompetance because you expressed a different view. I wouldn't worry about it a great deal - they will get bored and go away eventually if the content looks too technical for them.
- CookieSafe
- Adblock Plus
- Flashblock
- httpOnly
- SafeHistory
- SafeCache
- IDND
- Link Alert
- BlockSite
- Master Password Timeout
- no-referrer0
- NoScript
Other useful support Add-Ons are:- SwitchProxy Tool
- User Agent Switcher
- Adblock Filterset.G Updater
For Linux users, I also have this useful add-on:I don't use an administrator account.
XP still sets up the default account to be an administrator, Few n00bs are going to know to create and use a non-admin account. And even if they do, there is still a shamefully large number of applications that expect to be installed and/or run using an administrator account, and which barf if you try to do either while logged in as a non-admin.
I have tried to run Windows at home as a non-admin, and it was a fucking exercise in frustration that lasted less than a weekend.
Your firewall won't help you at all if you're running an unpatched IE and allowing all outgoing traffic on port 80. The unpatched IE can be exploited, and the malware can connect to its owner though port 80.
I've seen a lot of comments sugest the WIndows is easier to target because it has a larger marketshare.
This is a BS argument. Here is one example of a program with larger marketshare but fewer cracks, both attempts and percentage successes:
Apache
IIS
Just because it's a bigger target doesn't mean it's a better target. Windows is a good target because it's big AND because it has a shit-ton of security flaws. You need to be a security expert to properly safeguard Windows, and most people don't have enough security expertise.
Weylin
67.5% Slashdot Pure I guess I need to work on that....
Vista is here and cheap (well at least at night in mexico)...see link
http://www.plocp.com/images/vista_MG_3800.jpg
But what do I know, I've been MS free for 5 years now and still surviving..
As do theregister, theregister, attrition.org, attrition.org, grok.org.uk,
Even mi2g's own research FTA:
Wow. That is a lot of money per Windows box, per year. To do as badly in sum, every linux box on the interweb would pretty much have to commit fusion.
Of course, none of those programs run on OSX or linux.
Well at least they got something right.Don't you MS bloggers have anything better to do? Could you maybe have a look at that virgin Vista IP stack for us? We're a little worried you guys were trolling slashdot and not FIXING THE DAMNED BUGS.
Help stamp out iliturcy.
how much you want to bet the nyt will have to pay double for their windows licences next time they upgrade.
Windows XP systems, yes. Not Win9x.
A pertinent fact, because it supports the argument that an Operating System's security (from a design and implementation perspective) and its "security record" do not necessarily share a causative relationship.
You're quite correct that Firefox has security holes aplenty. Seems like the fix more and more holes each month. But IE is the main target for malware.
Microsoft should take the easy way out and just drop IE and bundle Firefox. Overnight, Firefox would become the prime target. Then it will be put to the test as to just how secure it is. If it is security as its advocates claim, then it's good for everyone, including Microsoft (since they no longer have to worry about browser security, and this scenario would actually eliminate one of the reasons people would have to move to a different OS). But if Firefox isn't all it's cracked up to be (and I don't assume that Firefox devs are any smarter than anyone else, and we *know* that the browser has security problems through empirical evidence of the frequent security patches), then it's still good for Microsoft, as they still don't have to worry about it as it wouldn't be their problem. They would just continue on their merry way while the press bashes Firefox instead of Microsoft.
Microsoft could instead drop IE for Opera; same thing. Except there's every possibility that Opera has more holes than IE and FF put together. Opera's user share is so tiny (Opera's share is ~0.9%) that it hasn't been put to the test at all by the bad guys. There's no way to tell how secure it is or not; it's simply not used enough (and Opera's fixing security flaws in secret doesn't help their credibility regarding their "perfect" security record).
-- "I never gave these stories much credence." - HAL 9000
I installed NoScript and after several weeks of pain and suffering I finally just gave up on it. It broke many sites in completely surprising and evil ways (I know it's the fault of the site owner, but I'm not into Don Quixote wars). The most detrimental effect is that web-shopping is well nigh impossible while NoScript is running, because even if you remember to enable scripts for the parent site, the payment site will have to be enabled separately, and by the time you figure out what the payment site is, it's already too late and your purchase has just gone completely haywire. Usually you could go back to the parent site and figure out what happened, but when real money is at stake I don't want to take any chances.
So IMHO NoScript is an interesting concept but it has impacts that will suprise and mess up even a skilled user and will definitely drive the average computer owner to a blind rage. I think recommending it to the general public will just persuade all those grandmas and grandpas out there who actually try to follow this advice that they need to stick to MS&IE, or else their computers will start behaving funny.
An analysis of hacker attacks on online servers
Please don't compare Windows XP boxes online as servers and Linux boxes online as servers.
The topic is Desktop machines. Care to compare the number of XP boxes and Linux boxes in any Botnet?
The truth shall set you free!
Install a printer from the active directory isn't super easy, but I ca'tn see a Linux product comparing.
Hint, Hawking Tech print server. Install as IPP port. Simple in my SOHO network for both a HP Laser and an Inkjet.
Everyting can print to the printers from the Ubuntu box to the Windows boxes of all flavors from 98, ME, 2K and XP. Only the older verions of Windows that don't support IPP need the driver provided by Hawking.
The truth shall set you free!
Microsoft isn't "ALLOWED" to act the way it does. It has already been bitch slapped a number of times for breaking antitrust laws. Its actions are ILLEGAL.
Eventually and hopefully soon it will be dragged back into court and ordered to be broken apart into at least three separate companies for its flagrant disregard and violations of the law. (You dumb idiot.)
The race isn't always to the swift... but that's the way to bet!
Their campaign contributions... Cough** Cough**
The race isn't always to the swift... but that's the way to bet!
"Um, they have such a large market share because people *want* Windows.."
Um... no, they have such a market because they know how to play very, very dirty and soon they'll start to pay for it.
The race isn't always to the swift... but that's the way to bet!
My biggest annoyance though on 'limited user' accounts, was always having to create a control panel folder, and create a bunch of shortcuts that run 'control.exe something.cpl', with the 'run as a different user' option enabled in the shortcut properties. Software rarely gave me trouble.
Change is certain; progress is not obligatory.
... just declare Javascript and Flash too insecure, and remove them from the internet altogether (this is a too-hopeful thought, but still, is this not too late to be known?) Obviously we see that now the trend is moving from Microsoft and heading towards other software plugin makers. How many JS bugs/exploits have we found in the past few months? Yea, I thought so. LOADS of them. BAN JAVASCRIPT AND FLASH. MAKE THE NET A SAFER PLACE. PURE HTML and *EDUCATE* the users! FFS if you don't educate these people, stupid shit will continue to happen (I won't go on the tirade about a laptop sent in for repair to my job by Halliburton, where NOTHING was wrong with the laptop, just a spyware infection thanks to IE, the porn-obsessed idiots.)
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
> Nobody likes to mention that Windows file security is far more advanced then Linux's will be for quite sometime. The ability to permission a file to individual users at varying levels is absolutely crucial.
Apparently you've never used standard POSIX ACLs, which have been in Linux for many years now (this is entirely different from the legacy user-group-other UNIX permissions you're thinking of). ACLs are easily editable from the file properties tab in KDE or GNOME - no need for the command line. SELinux (also standard) lets you do mandatory access control ACLs and auditing if you want that too. It may be true that Windows NT had this support earlier than Linux, but the rest of your statement is false.
I wonder whether Firefox's RefreshBlocker add-on would prevent this annoyance? I haven't often run into the problem myself, so I can't say I've tried it.
Gee, if you want a Linux that *just works*, try Linux Mint I'm using it right now on a 5 year old IBM netvista, works a treat and easy as piss to use...
Plus supports pretty much everything out of the box.
It's pretty much a distribution that just works and would be ideal for that relative/friend who is sick to death of Windows trojan/virii...
Wherever you go There you are
Whenever I'm unable to purchase something from a web store because their website requires Javascript, I always make it a point to send the sales department or webmaster for that company an email explaining that I was unable to purchase from their website because of the Javascript requirement and/or because their web site is incompatible with my FireFox web browser. I hope everyone else also does this, because although news websites probably don't really care much whether you visit their site or not, merchants probably care a great deal when they start loosing sales because of web browser incompatibility.
9/11 Eyewitnesses to Explosive WTC Demolition 1 of 2
As you point out, I have no way to profit from my post. So, what is the point of posting personal insults?
That is only true as long as you stay on the upgrade treadmill. How much hardware or software is Windows98 compatible? SE? ME?
When Vista is out properly. how much new hardware will be Vista only? How much of your current hardware will not have Vista drivers?
So you need to buy new hardware and new software to be able to enjoy waltsing in to Walmart and pick up some hardware or software and know that it works. Even then, you will get *some* older stuff that won't work on your new OS so you can still get bitten. Why else do they ask you when you exit "have you checked it for compatability?"
but not necessarily hacked more. I get attacked by bots looking for cmd.exe. So, that is an attack. It's unsuccessful because I don't *have* cmd.exe. So it isn't hacked.
You need to explain that visiting an unknown site with javascript (or any scripting) turned on is one of the most dangerous thing you can do with a browser. It's an open invitation for sites to run their software on your machine. Yes, it's a hassle. But dealing with a computer that has been taken over by nasty stuff is a much bigger hassle, for you and for everyone else.
If it were possible to enforce laws on the Internet, one law should be that no software should ever execute downloaded code without explicit permission from the human in charge. Software that runs code from another site without very clearly asking permission should be grounds for a serious fine imposed on the software's vendor and/or author.
Too bad there's no way to enforce such a rule.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
- Most OEM installations of Windows will have administrator as the default user, not requiring any logon at startup. In most Linux distros, you are disuaded or even cannot do this (e.g. Ubuntu), instead you work as a non-root user and sudo to do admin tasks.
- Even with SP2 Windows XP enabled the infamous NetBIOS file and print services, just for one example. Nice summary of this and other "features" here
- A Windows user can readily execute an EXE or VB script etc, e.g. a dodgy email attachment or download from a shady website, simply by double-clicking it from Explorer. Depending on the level of access to resources (see 1) the system may be totally compromised. In Linux by contrast, executing anything beyond what can safely be installed through the software repository requires knowledge of setting file permissions (and often how to build and install from source).
- Similarly for ActiveX, given the user confirms they want to run it, the system is left totally open to abuse.
Small wonder all the spambots, key loggers, spyware and viruses out there in the real world live in Windows, right? Its not simply because of Windows' popularity, doesn't the Mac have 5-10% market share?"Windows has a lot of ports open compared to other machines mostly because it was designed to operate in a operate in an Active directory enviornment...and because RPC is overally relied upon"
Is it possible to design a directory service and still be secure. For instance where are all the in-the-wild exploits for Novell eDirectory.
"Yes you can get a virus delivered by email, but this is true of any OS where the user is running as root ( admin ( if the os even supports it ) ) and opens up an attachment
The typos are a nice touch. Opening an attachment in Linux or OS X is not the dangourious activity it is on Windows as open does not equate to execute. Even running as root, which you don't have to do, unlike Windows where running as non-admin makes the machine unusable.
"Nobody likes to mention that Windows file security is far more advanced then Linux's will be for quite sometime"
The reason 'nobody likes to mention' it is that it isn't even true. 'User Account Control' was know as SUDO on Linux long before it put in an appearance in Vista. The rest of the Vista 'security' features are not even needed under Linux.
"I won't be suprised to see a mac mode in Vista sometime soon. It wouldn't really be that hard for Windows to stick the file menu up on the top of the screen when a Window takes focus"
The Linux Mac lookalike desktop is called Xfce and has been out for years. What is it with this computer innovation begins and ends with Vista.
"The fact of the matter that no ones wants to talk about is MS is becoming fairly secure if installed with it's patches and stuck behind a firewall"
Who are these people who don't want to talk about MS becoming fairly secure and why would this be deemed worthy of mention.
"Imagie you installed Redhat 3.0 and then put yourself on the network. I'm sure someone out there could right a worm for Redhat 3.0 right?"
ROFL
"ActiveX has as well which was a stupid idea to compete with Java which was poorly executed"
It's Javas' fault that ActiveX is so insecure
"The NYT guy could say Mac OSx and Linux have less threats so switching to them is a solution, but getting yourself a firewall is the best. Go to Bestbuy and pay the whatever fee for the geek squad to come install it.
I don't know what he could have said only what he actually said:
And with dot.NET and it's JIT compiler and COM over HTML, a firewall isn't going to be of much use.
was: MS Should have put out Windows XP Second Edition (Score:5, Excuses)
davecb5620@gmail.com
Diskless workstations or partition restored from hidden image.
was: Deep Freeze (Score:5, Advert)
davecb5620@gmail.com
Yes, and in contrast to pink unicorns tailing your mouse pointer, you really miss AJAX when it's disabled.
How difficult can it be to allow for a DOM element to be the target of a link? In other words, AJAX without the J, as part of a future version of HTML. This would make it possible to switch off javascript without losing a lot of functionality, except for sites that are so javascript-centric that they break instead of degrading (read: sites that are already broken).
Plus, by standardizing the functionality of AJAX, it would become safer and browser-customizable - think of visual hints as a browser feature: when you click on an asynchronous link, first you see a spinner hovering over the link, then (when loaded) the new content pops out of it and expands into its target space. Or browsers implementing some kind of history, resuscitating the back button.
All serious scripting should be done on the server anyway. Never trust the client.
Microsoft Products:
for children 3 and under
Mmmmmm DIRT!
>Been there, done that, found the solution, not going back.
Thought you were going to say, "Been there, done that, found the solution, bought a Mac."
B-)
A friend will come and bail you out of jail, a true friend will be sitting next to you saying, "damn that was fun!"