Slashdot Mirror
NYT Security Tip - Choose Non-Microsoft Products
Giorgio Maone writes "The New York Times article 'Tips for Protecting the Home Computer' follows a story we recently discussed about the proliferation of botnets, and contains some statements which may sound quite unusual from mainstream press, especially if targeted to home users: 'Using a non-Windows-based PC may be one defense against these programs, known as malware ... Alternative browsers, like Firefox and Opera, may insulate users ... NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC'."
I must admit that initially I was a bit humored by the idea that a New York Times author had a right to caution me about computer usage. But when I looked up his credentials, he seems to be a qualified and experienced tech writer who probably has good advice for the general public. Granted, his last recommendation: "Don't click if someone offers you something too good to be true. It is." worries me that people may be wary of certain open source projects but in the end, I'd agree that I'd tell my sister and friends just not to install anything and to ask me for specific links to programs that solve problems or fill needs.
In the end, it's a very short article and doesn't provide a very comprehensive picture of security for a home user. You may think its news that Mr. Markoff decided to push people away from Microsoft but he's only telling you the facts about the numbers. You won't have as many problems with Linux but there's no way your daughter's iPod will work with iTunes Music Store on your computer anymore. If he wanted to make this a notable article, he should have delved into trade offs and better coverage of issues.
So Markoff doesn't like the benefits of running Microsoft software. So what?
My work here is dung.
The only usable way to control Javascript is site by site, and turning it off by default slashes a whole army of exploits out of your life. Every browser should have this functionality built in.
Funny, where I come from, we call that the "don't use insecure products" solution.
Not use Microsoft? That's unpossible! They must be Mac or Linux users and are completely out of touch because they don't have the problems in the first place.
Seriously, it's good to see the message getting out. Another widely read, "mainstream" source, the BBC, has said the same thing already, like this. Of course, everyone without a vested interest in M$'s welfare has been saying enjoying the same for years. Sooner or later, despite billions of advertising dollars and bullshit studies, people are going to get it and real OS choice will happen. Seeing this in the NYT makes me think this is sooner than later.
Friends don't help friends install M$ junk.
Does this mean the main stream is finally (slowly) catching on to the reality of choices? It would make my day if the world would wake up and realize that they have options when they sit down in front of a computer.
Users don't like having to make choices about the innards of their computer; they just want shit to work.
I hear Steve Ballmer got the news while visiting a chair factory. Remember to duck and cover!
This isn't security through obscurity. Security through obscurity would be saying "I'm safe because I run Windows and it's closed source". This is the claim that uncommon software is more secure because there are less exploits. While untrue mathematically, the reality is that you are still currently less likely to be exploited when running Mac OS X or Linux since script kiddies don't really care about you so much (for the same reason game developers don't, incidentally).
Same is true for biological systems - diversity is a good thing as it is less likely to be infected with a disease. Genetic diversity implies a more robust "operating system" species that's harder to destroy. Remember all the hell around the blaster worm. Imagine that MS, Apple, RedHat, Ubuntu... only had 10% marketshare each... it'd be bad, but not nearly as bad as it was.
If you're talking about a focussed professional attack on a specific system: to be honest, the OS you're running is probably pretty insignificant; the chances are there's a simple admin error somewhere along the line.
NoScript is nice, but it could use a large default whitelist, something like the AdBlock Plus subscription options. It gets pretty tedious to allow every site manually, especially when some only break in subtle ways.
LOAD "SIG",8,1
I think it is more the monoculture angle then it is security through obscurity. Any slight change from the default and you may not become a victim.
Bad boys rape our young girls but Violet gives willingly.
May be? MAY be? MAY BE?
<SARCASM>Sure, I have to worry about my Mac getting co-opted into a botnet 24/7, because we all know how many active threats there are to Macs! </SARCASM>
Man, talk about "understating the case."
The honest way to put it is that running Windows is the #1 way to get yourself into trouble. Adware, outright co-opting of your resources, virus problems... Windows boxes are insecure and risky, more so than any other machine, right out of the packaging.
You want security and simplicity of use? Mac isn't just "an" answer, it is the *only* answer. You want security and not too worried about simplicity? Linux or a Mac. You willing to re-work of all Microsoft's incorrect settings, patch all the browser vulnerabilities, play the target role in the hacker version of whack-a-mole, reboot your PC every few days because MS has discovered another severe vulnerability in their spaghetti code? Buy a Windows PC. Endless entertainment for puzzle solvers who don't care about their data security or computer availability. Been there, done that, found the solution, not going back.
I've fallen off your lawn, and I can't get up.
Is this really true? Anecdotal pronouncements like this never seem to come with any references. Everyone says the sky is firmly in place, but how many have looked up recently? It's falling at an amazing speed!
If you want news from today, you have to come back tomorrow.
There's only been 9 comments on this story at the time of this writing, and yet the following tags are already up: "flamebait, nytfud, troll". These guys work fast, don't they? What's flamebait, trolling, or FUD about this article? Avoiding Microsoft products is a perfectly prudent move, if you can. Is it untrue to say that Mac and Linux users are safer on the internet than Windows users, or that Opera or Firefox users are safer on the internet than Internet Explorer users? Far from it. It's demonstrable fact.
Viper is the preferred editor of the Emacs operating system.
Sure, everything is exploitable, but some things are a lot harder to exploit than others, and both linux and OSX are poster children for this. To imply that OSX is, or ever will be, as vulnerable to hacks as Windows is puts you well into the "disingenuous" category, I'm afraid.
Microsoft would love everyone to think that OSX is just as vulnerable as Windows is, but the fact is, it isn't. It's a lot better organized operating system code-wise, and patches come swiftly and surely from Apple whenever anyone finds anything. Which is quite a contrast to Microsoft's approach, even if they do have a harder time patching Windows.
I've fallen off your lawn, and I can't get up.
This is on /. not because of the that info... this is on /. because NYT is writing "MS products sucks ! don't use them.".
Actually, it's more than just "security through obscurity". There are some nasty things that Microsoft products do that tend to get them into trouble (executing '.exe' files, ActiveX, etc) and makes their products more vulnerable.
Also "security through obscurity" is a valid practice, but it is not sufficient for good security. I don't tell strangers my computer's IP address (although, I'm pretty certain it would be useless to them and there are many ways to figure it out). The problem is when people are suckered into thinking that if they can't see something, nobody else can. Obscurity can be pretty effective when defending agains automated attacks too.
Our school installed Deep Freeze and all the virus/malware problems just went away. Basically, users can't install programs. If they try, the programs go away when the computer is rebooted. All the computers reboot themselves at midnight. So, a virus might last a few hours but it's gone the next day. A couple of years ago the network was down for a few days while the IT guys eradicated a virus. Since Deep Freeze there have been no such problems. I'm surprised that more people don't use it.
It's all about diversity! If everyone has the same exact program running under the same exact OS with the same exact security flaw one blackhat can ruin millions of people's day with one little hack. Nature knows how important diversity is, hell, economic systems are supposed to know it too. It's unfortunate that Microsoft continues to be allowed to operate as an illegal monopoly based in the United States.
Haiku for you!
Microsoft wants to empower its users, and everyone else, for that matter. Don't you see how convenient it is that MS products execute treat every piece of data they ever come into contact with, no matter where it's from or whether it's a video, sound file, Office document, image-- whatever!-- as an executable? It's just like how you pick up every piece of garbage you see and put it in your mouth because it might be food. That's the taste of Freedom!
> Users don't like having to make choices about the innards of their computer; they just want shit to work
Most users never really even wanted a computer as they were sufficiently happy with snail mail and sticky notes. Wall Street in the early nineties was pretty dull and the politicians of the day really wanted something to spark up life (and profits) so the computer industry went from the realm of scientists, mathemeticians, and hobbyists to a consumer necessity nearly overnight--and not because the population (as a whole) really wanted computers. If one thinks back to the dawn of the home computing windfall, at least from what I saw, it really was a case of nothing else being hyped as much as the computer was. From a business perspective I can see ulterior motives behind this and how those motives have played out over the years. Maybe you can as well.
Once people had computers (and had sunk the $1500 into their first home system), well, now it's just a necessary evil that played better solitaire than the kitchen table.
"Honey! We paid $1500 for that thing and it's too heavy to just throw away!"
So, yes, it follows logically that people don't really want to know about the innards of their computer because, truthfully, most people never really wanted the computer to begin with. Now they're like kudzu--they're everywhere, and they're not going away, and there's so much money in the infrastructure around them that we have to take care of them.
the NPG electrode was replaced with carbon blac
..the main stream is finally (slowly) catching on to the reality of choices?Consumers are relatively stupid that way, but I think it's true that consumers in general are creating a change in the wind. Ever notice how all the consumers demand "choices" in the market, yet whenever there are multiple competitors, consumers do their best to kill off all except one and accidentally create stagnating monopolies? (see 8-track/Cassette, VHS/Beta, PC/Mac etc). Very few people will embrace more than one technology (obviously) but everyone tries to convince everyone they know to also choose the same thing they've chosen. Funny, though.
Most of the stuff on
No, the reality is most non-MS products are more secure by design.
The fact is that years ago MS adopted an insecure architecture, at the time was roundly criticized for this, and has spent the years since being every malware's convenient bitch.
It's not "'cause that is where the money is", it's "'cause the front door is open".
Furthermore playing the numbers games is a fool's contest: MS doesn't publish their problems. Other folks have partial lists (we can assume MS knows of more) and every so often MS deigns to fix some of their problems and release patches, but that in no way is equivalent of maintaining a public bug tracker. Oh, and don't for a moment delude yourself MS's public documentation covers a tenth of their errata, not even MS pretends that.
So please, next time you post, let it not be burping up this old, well debunked, trope yet again. As sad has /. has gotten recently the standard still remains well above the old smaller-target argument.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
[using anything but M$] is a steep learning curve, and a lot of people think why bothered [sic].
So M$ shoved IE 7 down their throats as a forced update. Borat voice, "Is nice!" If you want a consistent interface instead of, "change for change's sake" use free software.
Back in the real world, my five year old girl is happy with Firefox. I like that her system does not have to be replaced every two years and that it does not catch porn spam or American Express pop ups. Mepis took me all of 20 minutes to install and it works with all of her favorite PBS toy sites, and many more demanding A/V playthings. I'm sure, in time, she will master other tools and that they will be nice free ones that don't change all the time.
Friends don't help friends install M$ junk.
The first part is simply google for crackers interviews and see what they say. They will always tell you that they go for what is easy. Why? Because a number of them are there to make money and time is money. If the systems were equally easy to attack, then yes, go after the most numerous. But when one has so many easy points, then you persue it rather than the ones that are difficult.
The 2'nd part is compare bank robberies to 7-11 robberies. Back in the 60's, banks were robbed. BWhy? because they were easy and had lots of money. But then in the 70',s the banks took actions and made it difficult. They still had the money, but it became very difficult to rob them. So the robbers turned to convinence stores who had say a thousand dollars (acceptable), and were easy. At first 7/11 ignored it, but then their ppl were being killed. So they made it very hard for robberies to get a thing. Now, banks and 711 are == difficult, so the robbers are back after banks. WHy? Because if you are going to risk it, then go for the big score. Interestingly, the banks now limit how much money is available to the tellers as well as every teller has a loaded stash.
So what does that mean for Windows vs. OSS. While Windows is easy to crack, everybody will hit it. If ever it becomes >= to *nix in terms of security, then *nix will be hit, because overall, there is much more money on the *nix systems. And if *nix and Windows become better than mainframes, then they will turn to there because there is REAL money.
I prefer the "u" in honour as it seems to be missing these days.
The reason Firefox is more secure is because when an exploit is found it's fixed, with IE it takes a long time. Last year Firefox was vulnerable to exploits for 9 days while "Internet Explorer Unsafe for 284 Days in 2006." They also have a nice chart showing this: http://www.washingtonpost.com/wp-srv/technology/da ily/graphics/index20070104.html
The old "security through obscurity" solution rears its head yet again..
Sounds like you bought the popularity lie.
Friends don't help friends install M$ junk.
Well, I'm quite open to everyone about my computer's IP address: it's 127.0.0.1
The Tao of math: The numbers you can count are not the real numbers.
I use NoScript but my wife found it very annoying that all the sites she wanted to visit would not work without having to allow them first. I don't think recommending it to the average home PC user is very helpful because they will just think that it broke Firefox.
:(){
This claim that security holes are strictly an effect of popularity is blatantly wrong.
It's true that more security holes are exposed in popular software, but some software just has less security holes to be exposed. Building secure unix-like operating systems is a topic that a lot of people have put quite a bit of effort in to - for much longer than Windows has even existed. Both GNU/Linux and Mac OS X can take full advantage of that work, since they're Unix-like systems. Windows cannot.
-- The act of censorship is always worse than whatever is being censored. Always.
This is where the animated characters take on faces like donkeys and go "well, DUH!!!!!!!"
On fark, They'd be paging Rick Romero...
I don't know the meaning of the word 'don't' - J
.... probably 80%-90% of the websites I visit REQUIRE me to enable scripting before I can use things like navigation elements, which are a little crucial. Some of the more lame ones (like http://www.channelgo.com.au/) actually successfully load all the content, then it detects I don't have Javascript, and redirects me to a page telling me I need to reenable Javascript!
I like the extra feeling of security I get using NoScript, but I'm pretty close to ditching it because the pain of having to enable and reload every website I visit just to do something like be able to click on an 'about' or 'FAQ' link is too much.
I see you are having reading comprehension problems. Read again. Slowly. You may be able to determine that those are two different statements, with two different sets of requirements.
You know what? I don't have to "educate" users I point at Macs, because Macs work and are secure out of the box. Also, I don't mind in the least being characterized as a fan of systems that work. Don't worry too much about my technical abilities; I've been writing code and designing computer hardware since the early 1970's. One of the consequences of that is I am quite familiar with Windows, *nix, old Apple systems, OSX, and a bunch of earlier operating systems as well. And if there's one constant that's been the same since day one, it is that the less the user needs to know to use the computer safely, the better off they are.
You like Windows? Fine and dandy. I don't. I won't recommend the OS as a primary operating environment any longer under any circumstances. Virtualized in a sandbox, yes - when you need a particular application. Otherwise, no.
I've fallen off your lawn, and I can't get up.
Then why isn't the world using a Mac?
They're slowly catching on but consumer's brains don't move as fast as the market. They still think Macs are stupendously expensive (they aren't) and they think Macs aren't "compatible" (whatever that means) and they think they'll be viewed as an alien outsider (which is happening less and less) and they think there's no software for the Mac (yeah, right!) and they don't think they can learn a Mac (it takes 10 minutes) and they don't think there's an alternative to the PC (stupid consumers).
I know several of people who have told me these excuses recently and they won't even (literally) walk across the street to the Apple Store to see for themselves. They don't want to know. On the other hand, after introducing a few dozen Macs to my workplace of 80 people a few years ago, about half the company has drop kicked their home PCs and bought Macs for themselves. We have more Mac owners now than PC owners in the company and most had never touched a Mac before. The only element that will actually change people's minds is experience with the product and you can watch all the old excuses quickly disappear from their comments. The number one reason they switched to Macs turns out to be "it just works".
For the ones that yell "but you can't play games", I tell them "fine, then use a PC or buy fucking Xbox - see if I care". They're the ones who criticize my preference for a Mac while I'm helping them fix their PC.
Most of the stuff on
Most likely because people are cheap? Macs are prohibitively expensive in comparison to an equivilent PC (equivilent according to the enduser walking down the aisles of your local FutureShop).
Your average user doesn't know what they need a computer for, they just know they need it. So they'll just look at what the salesmen point them at, try to find something cheaper, and get it. They won't care whether or not it runs Windows or Mac (though if they think they're savvy they might swing towards one or the other).
I have dispatched a trojan to your computer, and it is deleting your hard drive as I speak. Wow, my hard drive is certainly working hard. That's funny.
>>This isn't security through obscurity. Security through obscurity would be saying "I'm safe because I run Windows and it's closed source". This is the claim that uncommon software is more secure because there are less exploits. While untrue mathematically, the reality is that you are still currently less likely to be exploited when running Mac OS X or Linux since script kiddies don't really care about you so much (for the same reason game developers don't, incidentally).
I don't agree: I run Gentoo; since every app I run is compiled from source for the processor architecture I am running, some classes of exploits cannot target me because even if they knew which version of a given app I am running, they can't know precisely the layout of the binary because of the personalized compilation flags I use.
It doesn't rule out exploits, but it does make it a bit harder on them.
With Windows, most of the code you have running is the exact same binary for every x86 machine.
I guess that that is a situation where LINUX is making use of "security through obscurity" and Windows is incapable of doing the same.
Ironic, isn't it?
I don't know the meaning of the word 'don't' - J
The product is only as secure as its users. If the mainstream Windows userbase switched to Linux, they'd take their bad habits (neglecting security hole patches, installing supposedly-required software to view web pages, logging in as root by default, etc.) with them. Linux would be the new hot target for malware. The same goes for OSX or any other operating system. Sure, there would be fewer holes, assuming that people made sure to apply the appropriate security patches, but we're assuming again that they wouldn't take their bad habits with them again, aren't we?
These are the people who click OK just to get the box to go away. No operating system is going to save them from themselves without removing the luxury of convenience they insist on keeping.
The only usable way to control Javascript is site by site, and turning it off by default slashes a whole army of exploits out of your life. Every browser should have this functionality built in.
Amen to that. I use noscript and I have lost count of how many sites fail completely or outright refuse to load if JS is disabled. The number of sites which degrade gracefully is sadly quite small. If every browser had this, maybe web developers would finally get it through their thick skulls that JavaScript is best utilized to enhance the user's experience. Obviously, there are some exceptions, like AJAX applications and the like. It bugs me so much that I have never developed a site that did not degrade gracefully in the absence of JS. In fact, the only way the user would notice something was different was if they had first seen the site with JS and then later without or vice versa. Some of the worst offenders are the "major" tech companies. Try logging into Yahoo webmail with JS turned off to see what I mean.
I think your argument of "It's so simple a 5 year old can do it" is flawed for one big reason: The five year old isn't used to using IE.
You must have missed this article
, complete with screen shots about how inconsistent the M$ GUI has become. Just look at this screenshot. I thought the differences between KDE, Gnome and other toolkits was bad but that's way off, M$ has no excuse for the fundamental differences seen in their own tools. Why would you ever throw a new user into that mess? The worst part is how frequently they change the interface, No one else does it more.I'll conclude with
Friends don't help friends install M$ junk.
I don't think this is obfuscation. For the black hatters, it is more like the economics of mining precious metal. If you had several ore loads to choose from, and limited resources to mine them with, you choose the ore load with the richest deposits of gold. It doesn't mean the gold in either deposit is worth any less per ounce, it is just the economy of scale dictates that all other things being equal, you go where the most gold is. Why spend the time and effort to hack an OS that doesn't have 90% of the market share when there is such an OS?
I am sure that if enough people used Linux or OS X or brand X, and it became worth the effort, those OSs would be attacked for more. And Linux et al apps do have flaws that can be exposed (to say they don't would be very arrogant) and are routinely patched (how many megs per yum update if you wait a couple weeks?). And yes I know, in many cases the patching is faster, but the openings are still there, and more will be found if more black hatters start looking as much as they do with MS right now.
And by the way, obfuscation is a useful and valid tool when used with other security precautions. For example, a good firewall set up doesn't just block incoming connections to ports you want closed against port scanning, it will also drop the messages silently so that the sender doesn't have an indication that they actually reached something at that IP address. (TCP/IP allows the option to firewalls et al to tell the sender that the connection was refused. And some firewalls allow you the option to configure this.) A good firewall protects you by actively blocking packets and obscuring your computer. Much better than blocking and letting the sender know it was blocked. In that case the sender would have an IP address it knows for sure has something on the other end to work on. There are likely dozens of good uses of obfuscation (how about not letting others see your PIN when you use the bank machine? Even though you have the only valid card and are taking it with you, you still shouldn't show your PIN).
-- I ignore anonymous replies to my comments and postings.
As a matter of fact, I've probably spent more time looking at Windows source than most people outside of Microsoft. I'm the developer of a major Windows application, easily in the top 1% in terms of complexity and sophistication and 100% compatible through considerable effort across the various large scale Windows platforms, not just the ones you're probably familiar with, but also including all three of the RISC Windows versions, PPC, MIPS and Alpha. Apple's source has been comparatively easily available, and of course, linux source is 100% in our faces all the time. I've spent tons of time in all of them. We've successfully ported to all three operating systems - OSX/intel, OSX/ppc and linux - from Windows, and each time, we had to get a decent grasp on some fairly complex issues that required hundreds of hours of study of the OS code. As well as deal with Windows various problems. These range from various incarnations of Windows graphics UI's working backwards from one another across concurrently available versions to memory leaks and Microsoft's multi-year long failure to institute a check bounds on such prosaic items as the bloody system file dialog multiple-select results despite being told repeatedly about the problems. All of which nastiness we managed to navigate, and fix for them, since they couldn't get their act together enough to act responsibly. So yes, I have some vague idea what is going on inside these operating systems, thanks for asking.
Also, because of developing an application of such size and broad incarnation OS-wise, I have experience with a wide range of users. And that is what leads me to advise against Windows if at all possible. Users don't need extra problems. Computers are complex enough, and the idea that a user wants to tussle with OS design shortcomings has been false from the beginning. The subset of technical people who want to do that isn't even all that large, and in the application end-user space, they're just about non-existant. The absolute best answer at the present time is OSX. Buy the computer, turn it on, answer a few reasonable questions (like, What Is Your Name?) and you're running. Safely. Reliably. Enjoyably.
Are there more complex, more functional security models than *nix? Sure. Do we need them? Now that is another matter. When (actually if, because it hasn't been demonstrated yet) OSX is getting multiple disastrous hacks a day as is Windows, when Apple machines are being pwned right and left, Apple demonstrates it can't keep up a 'la Microsoft, and the *nix security model itself is shown to be insufficient to the task of keeping the user safe, then we can have a productive conversation about the security model perhaps needing a good thrashing. Until then, to drag out a really tired one, OSX apparently isn't broken and there's no indication it needs fixing.
I've fallen off your lawn, and I can't get up.
I beg to differ. The product is only as secure as its default settings. Windows XP, pre-SP2 had some very insecure default settings, allowing for these botnets to proliferate. SP2 addresses this issue to some extent, and Vista goes further. You'll find that a lot of compromised machines were hacked because they're running pre-SP2 Windows XP.
We all know what to do, but we don't know how to get re-elected once we have done it
I disagree completely.
Windows makes it easy to practice these bad habits... default Administrator login, programs that don't work correctly when run without Admin access, ActiveX, etc. Contrast this with, say, Ubuntu... an excellent Linux distro even for newbies: by default the root account is disabled, when you want to do something system-alterating (e.g. temporarily gain root access), you have to put in your PASSWORD, not just click "Okay". The whole thing is so well-integrated that these password prompts aren't annoying or confusing. The system in general tries to explain to you what you're doing when it's something unusual.
Furthermore, most Linux distros are based on a central software repository which is supported, or at least approved, by the distro's developers. When you install open-source software from this repository, you can have confidence that you're not going to get spyware... and if you're running the stable distribution you can be pretty sure that you're installing software that has been thoroughly debugged as well--as opposed to some IE toolbar crap rushed out the door after a week's dev time.
I also think that Firefox 2.0 is far superior to IE 6 (haven't used 7 yet) in terms of alerting the user to potentially dangerous actions. When you install extensions, Firefox adds a 5-second time delay before you can click on "OK" to force you to actually read those stupid pop-up boxes. It detects suspicious obfuscated URLs, won't run downloaded executables without additional intervention, and checks HTTPS sites that improperly mix secure and non-secure content.
So I *do* think that PC security would improve substantially if the Windows userbase switched en masse to Linux. Granted, there'd be some of the problems with people doing stupid things and not reading warnings, but I don't think it'd just be same-old-same-old...
My bicyles
but I've never had malware attack (trojan, virii, worm, spyware, etc.) that I have not done myself (and I've been using Windows OS computers since 1991). My computer has never been owned or any other stupid idiotic nonsense. Perhaps I know not to open unsolicited emails or go to websites I am not sure of... perhaps its just plain common sense.
In otherwords, my question becomes where the hell do you (you being the individuals who've had these issues) go to get these problems? I want to actually see one for once, because I personally believe that its either a bunch of "bravo sierra" or the users truly have no clue on what to do (or not do) on a computer.
I'm not saying Windows is necessarly better, as for my own personal knowledge, I'm cutting my teeth on Fedora Core 6, and hating positively HATING the fact I've had to do 4 installs (1 initial and 3 re-installs) just to get it up and running, but I'll try it because I always like being fair) but having said that I do not see really any viable alterative software that Linux provides that 1) looks as nice as Windows, 2) operates in a relatively simple manner -- this can be chalked up to my not knowing the system however, and 3) not having to touch the command line or reworking source code. EVER.
In the end while I believe the author is well intentioned, for individuals who just want the computer to work (with a minimal learning curve), Windows is still the champ in that area (even though, some individuals / groups claim it makes it easier for malware authors to operate as well).
Regards,
MBC1977,
Apparently resolving this isn't that simple. Otherwise, ad-aware (not to mention its innumerable brethren) wouldn't be one of the single-most downloaded applications for Windows, now would it? Norton and all the other "security vendors" wouldn't have anything to do either, would they? Do you see tons of users running for adware prevention or virus checkers or third party firewall software on the Mac/OSX the first day they get it? Or later? No - you don't. And why? Because it isn't needed. Those who have opted for the very few programs in those categories on the Mac have been scammed: because there is no such set of problems. Those problems are Windows problems.
And that is why that today, at least, OSX is better for the vast majority of end users. Not because it is better looking, though it certainly is. Not because it is easier to use, though it is that, too. Not because the hardware always works, though it does, and without any fussing around, too. But because it is easy, reliable, and doesn't continually force the user into a state of pissed-off fugue.
It used to be that because some applications were only developed for windows, that the Mac was accurately seen as a poor choice for some based on app availability. Today, with Parallels running exquisite sandboxed virtualizations on totally kick-ass hardware, you can run the serious windows apps you have to and then kill windows, tossing the OS state completely, keeping only user filesystem data and chopping off most Windows security problems at the neck while muttering, "Die, you #$%^er!" There's never been a better time to go OSX and say goodbye to the black hat hacker community.
I've fallen off your lawn, and I can't get up.
Windows really should have put out a new build of XP before releasing Vista. Just SP2 with a new installer that mimics Windows server 2003. If you've ever installed Windows Server 2003 it can be quite secure. It turns off all inbound connections until you can install patches. It turns off IE so you can't surf anything without explicity telling it you are ready to. Server 2003 was going down the right path, I'm not sure why they never ported some of these basics to a new XP back in 2004. I guess it's too late now.
The last big Windows worm was quite a while ago. They are still alive thanks to the unaware. Windows has a lot of ports open compared to other machines mostly because it was designed to operate in a operate in an Active directory enviornment...and because RPC is overally relied upon. Yes you can get a virus delivered by email, but this is true of any OS where the user is running as root ( admin ( if the os even supports it ) ) and opens up an attachment. Windows users are bombared with viruses that Mac users get and can safely ignore...heck if you tried to run the exe it would just fail. Mail virsuses are getting less and less as well as email providers and spam firewalls are blocking them. A properly written virus ran on Linux or Mac OSx can get thru the protection. Linux and Mac OSx have had plenty of exploits to get a file install things.
While other OSes interact with each other, they don't quite do it with the built in way MS does. This is good for the end user and bad for security. SMB setup has gotten a heck of lot easier on Linux in the last few years, but compared to Windows it'll never be quite as easy. There are products out there like Groupware, but Active Directory is by far the simplest and most useful for setting up a small to massive network. Thousands of companies use it every day to share files and get work done. Install a printer from the active directory isn't super easy, but I ca'tn see a Linux product comparing.
Mac interaction with AD isn't that bad. I wish it had an Active Directory client from the get go, but my Mac users can print, share files, and a few other things okay. Nobody likes to mention that Windows file security is far more advanced then Linux's will be for quite sometime. The ability to permission a file to individual users at varying levels is absolutely crucial. It is a pain for my Mac users to have to remember their NT passwords and visit a NT machine to reset it every once in a while, but it is good enough so they can run Photoshop...with the Mac keyboard.
I won't be suprised to see a mac mode in Vista sometime soon. It wouldn't really be that hard for Windows to stick the file menu up on the top of the screen when a Window takes focus.
The fact of the matter that no ones wants to talk about is MS is becoming fairly secure if installed with it's patches and stuck behind a firewall. This is true of practically all OSes. The big problem MS has it that it doesn't update it's install disks and most of it's vendors don't update their freaking images. If I get a new Dell I would expect not to have to install a single patch that was over two months old, but alas they don't do that for you. Imagie you installed Redhat 3.0 and then put yourself on the network. I'm sure someone out there could right a worm for Redhat 3.0 right? There isn't one port in the default install with a buffer overflow issue? It be an interesting expierement to write worms for older versions of OSs and see how they take. My guess is that there are more Windows 98 boxes running today then RedHat 3.0 boxes ever ran.
The point is OSx or Linux get the marketshare that Windows has you'll see 1000's of older versions of the OS. As it sicks MAC users generally upgrade fast, and Linux users are practically religous about it outside of the server scope. And on the server side it is likely the machines are protected via firewalls.
The browser hole is getting plugged as we speak. Firefox, Opera, and IE are all plugging away. The big issues is that HTML and Javascript t
Hmm... according to Secunia...
OS X has 9 unpatched vulnerabilities of 87 listed, plus 1 partial fix. Oldest unpatched is Nov-2006.
Win2K Pro has 24 unpatched vulnerabilities of 145 listed, plus 3 partial fixes. Oldest unpatched is Oct-2002.
WinXP Home has 29 unpatched vulnerabilities of 154 listed, plus 3 partial fixes. Oldest unpatched is Sep-2002.
WinXP Pro has 32 unpatched vulnerabilities of 169 listed, plus 2 partial fixes. Oldest unpatched is Dec-2002.
Linux 2.6.1 kernel has 19 unpatched vulnerabilities of 107 listed, plus 9 partial fixes. Oldest unpatched is May-2004.
My interpretation is that based on these numbers, OS X looks pretty good! Of course, this month of Apple bugs might see the numbers rise somewhat.
Don't you recognize his reasoning? It's not based on facts, it's based on the theory that both programs have bugs, therefore they must be just about as secure as the other.
:]
Never mind the recent story that Firefox was vulnerable to a critical (one where "visit bad web page" == pwn3d), unpatched, published exploit for all of 9 days last year (IE was vulnerable for 9 months). This is called a "vulnerability window" and is an important part of any security assessment attempting to measure how secure bits of software are without having to rely on vendor claims. Obviously, that's too quantifiable for use with such a reasoning process. Then we have to reason about all the exploits that aren't public, as if people can silently exploit computers en masse with private exploits and no one will notice. Sure, if they're not interested in a botnet of random computers, they'll stick to targeting specific people and keep their exploits quiet, but that doesn't really impact the security of the population in general. It's also funny that people have this perception sometimes that they only visit "safe" sites. Even assuming they're not one of the porn viewing public, and that they never install smilies or screen savers (great way to get infected) or other such crap, that ignores that we've seen major advertising networks get compromised and serve up exploits. Not to mention the shady ad networks that do that deliberately...
Ironically, when it comes to open vs. closed source, it's usually argued that open source helps make the vulnerabilities more public, so that puts things even more in Firefox's favor. So to argue that IE is even as secure as Firefox requires you to use ridiculous metrics touted only by PR departments in media releases.
So yes, it's true--Firefox does have bugs. There were even 9 days last year when you could've been 0wn3d by an unpatched exploit (assuming you haven't learned to use the noscript extension). But there's no way to hide the sheer magnitude of the difference: 9 days vs. 9 months. Yeah, they can improve. Maybe they'll even manage to do things a lot better. And maybe you can find a few things to quibble with in that story. But the fact is that Microsoft has a terrible security record. Period. No one else is perfect, sure, but let's call a spade a spade here instead of being distracted by a dirty hoe
- CookieSafe
- Adblock Plus
- Flashblock
- httpOnly
- SafeHistory
- SafeCache
- IDND
- Link Alert
- BlockSite
- Master Password Timeout
- no-referrer0
- NoScript
Other useful support Add-Ons are:- SwitchProxy Tool
- User Agent Switcher
- Adblock Filterset.G Updater
For Linux users, I also have this useful add-on:I'm a firm believer in the theory that regular users need System Administrators. Maybe home users do too. If I could come up with a business model for a company that provided System Administrator services to home computer users i'd be rich!
If you must!
I've seen a lot of comments sugest the WIndows is easier to target because it has a larger marketshare.
This is a BS argument. Here is one example of a program with larger marketshare but fewer cracks, both attempts and percentage successes:
Apache
IIS
Just because it's a bigger target doesn't mean it's a better target. Windows is a good target because it's big AND because it has a shit-ton of security flaws. You need to be a security expert to properly safeguard Windows, and most people don't have enough security expertise.
Weylin
67.5% Slashdot Pure I guess I need to work on that....
Is not even supported by the article you have quoted. It is claiming that 57% of server hackings are on Linux boxes, but Linux servers were cruising around 75% of all servers & M$ around 21% (according to netcraft) back in 2004 when this article was excreted so adjusting for % active servers hacked... Linux still wins. Great way to prove your point. Also from the article:-
Well, they would wouldn't they given the comparative vulnerabilities of the two O/Ss to worms... Thus invalidating anything they try to claim. Also they give no indication of the "market share" breakdown of the subset of servers they examined. It could be 10,000 Linux Servers vs 10 IIS servers for all we know.
Another B/S M$ funded story that's over two years out of date to boot.
What are you listening to? (http://megamanic.blogetery.com/)
The IBM PC-Compatible of the 80's got the job done quickly and cheaply when the Mac was the high-priced spread.
Windows 95 swept in on the perfect storm. It ran on entry-level hardware. It arrived at a time when services like AOL were driving towards mass-market acceptance.
The Mac is typically available only in a half dozen or so standard configurations while the Windows PC can be customized endlessly for every environment from the auto body shop to your kid's basement playroom.
The Mac holds the same niche markets it claimed in 1984, both sustained and burdened by its identification with an upscale urban lifestyle.
Windows remains solidly middle class. The gamer's PC. The office workhorse.
once again the solution is to drop everything and either rebuy hardware or hope that linsux supports your current hardware.
Thanks for the FUD that your hardware might not work. Take the time to run a live CD to see what doesn't work. My machine had everything work except a HP flatbed scanner I bought at Goodwill. Big deal. I replaced an under $10 scanner with another under $10 scanner. The Cannon scanner works fine.
Everything worked without downloading drivers unlike a Windows install. Even my HP printers on Hawking printservers worked fine with no need for installing software. The printer servers installed as IPP printer ports. (Internet Printing Protocol)
The truth shall set you free!
That's why I dumped windows for Linux ages ago...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Whenever I'm unable to purchase something from a web store because their website requires Javascript, I always make it a point to send the sales department or webmaster for that company an email explaining that I was unable to purchase from their website because of the Javascript requirement and/or because their web site is incompatible with my FireFox web browser. I hope everyone else also does this, because although news websites probably don't really care much whether you visit their site or not, merchants probably care a great deal when they start loosing sales because of web browser incompatibility.
9/11 Eyewitnesses to Explosive WTC Demolition 1 of 2
- Most OEM installations of Windows will have administrator as the default user, not requiring any logon at startup. In most Linux distros, you are disuaded or even cannot do this (e.g. Ubuntu), instead you work as a non-root user and sudo to do admin tasks.
- Even with SP2 Windows XP enabled the infamous NetBIOS file and print services, just for one example. Nice summary of this and other "features" here
- A Windows user can readily execute an EXE or VB script etc, e.g. a dodgy email attachment or download from a shady website, simply by double-clicking it from Explorer. Depending on the level of access to resources (see 1) the system may be totally compromised. In Linux by contrast, executing anything beyond what can safely be installed through the software repository requires knowledge of setting file permissions (and often how to build and install from source).
- Similarly for ActiveX, given the user confirms they want to run it, the system is left totally open to abuse.
Small wonder all the spambots, key loggers, spyware and viruses out there in the real world live in Windows, right? Its not simply because of Windows' popularity, doesn't the Mac have 5-10% market share?