Slashdot Mirror
Vista Security Claims Debunked
An anonymous reader writes "Apparently Microsoft still hasn't learned that counting vendor acknowledged vulnerabilities isn't a good way to establish the security of an OS. As an analysis of Microsoft's claims on Full Disclosure shows, we see that the methodology used was badly flawed. A bug in Firefox (not to mention emacs), counts as a flaw for Linux, while IE bugs get ignored on Vista's chart. Then we see that vulnerabilities aren't vulnerabilities when they're security-challenged features such as Vista's Teredo. Also, there's far too little consideration given to severity, given that it stoops to counting even extra access restrictions on a file in OSX to have something to show. In short, the original Microsoft analysis was good PR and poor research."
In other news, scientists have confirmed that water is, in fact, wet.
Well... no shit...
I am totally shocked. I just bought 10 licences too and threw away all my Linux computers!
Pulp Audio Weekly - Geek News and Reviews
These aren't the droids you're looking for.
A-Bomb
Never believe anything MS says, they are untrustworthy.
Given the previous FUD Microsoft has put out about Linux (235 patents? Which patents?), I'm not really surprised to see this.
Of course, if anyone should be counting browser flaws as OS flaws, it's MS. MS makes the case that they can't remove IE from the OS since it is integral to it working properly, yet doesn't count them on the vulnerability list.
Meanwhile, FF doesn't even have to come with a Linux distro, and a bug that compromises FF as an app is much less likely to compromise the OS as a whole.
Looks like more FUD to scare non technical people from "illegal" and "unsafe" Linux.
with the non-Core Linux components no longer listed because of based on the feedback.
This just debunks the first report.
Bears are Catholic. The Pope shits in the woods.
Please, for the good of Humanity, vote Obama.
Does that sound like a people_ready business to you?
The rest of the complaints aside it may have very well been appropriate not to count Teredo as a vulnerability. Here's why: assume that windows was technologically backwards and couln't get on the internet. Would you then agree that Linux was less secure, because the possibility exists to hack it over the internet while that possibility does not exist for windows? No, that wouldn't be an appropriate assesment of security. To evaluate security we need to in a sense "divide by" the ability of the system to access other things. Teredo gives Vista the ability to get to ipv6 from behind a NAT, so vista has the ability to access more things (in this one limited way). Thus it should not be counted as a vulnerability unless Linux has a way to do the same thing, in which case we can compare the security implications of Linux's method versus Vista's method. But until then Terendo should be set asside when doing a security comparison (vesus an independant vulnerability assesment).
Philosophy.
what ges me is that very few security researchers ever get the chance to examine MS code like Linux allows, who knows how much code is a security risk, millions of lines of code that only its creators can really examine. there also exists the problem that in addition to security flaws in the code its self, there is the fact that most of MS users dont really take care of their OS like they should. very few people avoid IE, update their software, have a firewall or any security smarts [ie cant resist the free wallpapers/ringtones/random spyware infestations] It is better to have a good user on a flawed system than PEBKAC on a good system.
Sigs are too short to say anything truly profound so read the above post instead.
Most Microsoft customers will take the "research" at face value.
I work in a Microsoft shop. And while I have a great boss, (really, no kidding) the company is Microsoft all the way. There is zero logic at play.
But that's the way it goes. I'm old enough to remember when "Made in Japan" was the cultural equivalent of today's "Made in China." That had little basis in reality then, just like Microsoft customers today just aren't ready to comprehend **buying** something other than a Windows box and just take Microsoft's ridiculousness as fact. In time though, I think that can change. Just like the Japanese and their cars.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Why wasn't my tag "getthefacts" selected? Honestly, that's all this is - a continuation of the "Get The Facts" campaign.
You mean to tell me, counting all the vulnerabilities for anything that runs on Linux (Including software that is not developed by Linux), and then only counting the vulnerabilities that live in the core of Windows Vista doesn't make a fair and accurate comparison?
You mean Microsoft misrepresented the facts? I just wont believe it.
Seriously though. If not actually providing security, I'm glad that they're at least worried about it. There should be about 500 posts to follow arguing the virtues and failures of Vista related to security and performance. Microsoft, Joe Average, and Grandma will read 0 of these. They'll still have the computing world by the balls tomorrow because they're the status quo and have the (second?) best marketing, a near lock on hardware vendors, and all the PC games.
Joe Average got the fake stats without hearing any dissenting opinion, because he doesn't really care and it gave him warm fuzzies over that wad of cash he dropped. Also "Linux is hard/You get what you pay for" and "Macs are for sissies/Ignore that get what you pay for thing." Meanwhile his social security number just got a new loan and he's the spam king of the neighborhood by accident...but damn that was a good porn site.
Nothing short of Microsoft's own (in?)actions will bring that beast down in the near term. Luckily they're doing a decent job of it. It seems like a few are trying to apply the brakes, and it may pay off. Hopefully the consumer can stop getting reamed sometime soon.
riding a flying pig on my way to get a sweater at the store 'cause I heard Hell had frozen over. At the gamestop next to the sweater store, some kid was playing Duke Nukem Forever, which I thought was an amazing game. ...so what do you mean the report isn't true?
Okay while no one on Slashdot feels this is news and the debunking was completely expected, it's useful for the "linux representatives" that many of us inevitably become in casual conversation with our Windows-evangelizing peers. Typical situation:
In this narrative, Josh is the typical One-Trick-Pony, Microsoft MC## who blesses Microsoft every day for making his income so easy to come by and truly believes that Microsoft is the hammer and everything looks like a nail. Gunter is an all-around generalist who is unafraid of anything "computer" and knows enough to work on routers, networks, servers and workstations of just about all varieties which happens to include Linux among others.
Josh: "Hey, just read this security assessment comparing Vista and Linux... Vista won by a mile."
Gunter: "Yeah, I saw that... I also saw -->this-- article exposing the flaws and inconsistencies in their comparisons."
The point here is that being readily armed with a rebuttal is handy.
It doesn't matter if the vulnerability counts are vendor acknowledged or third party. Vulnerability counts only tell you how many flaws were found and fixed. There is no particular reason to belive this correlates to how many were found and exploited by 'the bad guys'.
It's flimsy but I suppose you could say that recognizing reported flaws and patching them quickly shows a project or vendor takes security seriously but that is all these vulnerability reports are good for. You could say that more reported vulnerabilities means that a program became that much more secure but even that is dubious. And of course it goes without saying that claiming a program is more secure because it had fewer vulnerabilities reported defies all logic.
Actually, it would be appropriate.
If you can remove an avenue of attack, you have increased the security of your system.
Now, by removing it from the Internet you have also reduced the FUNCTIONALITY of your system.
So you end up with a less functional, more secure system.
Security is all about evaluating the possible threats and reducing their effectiveness.
No. If it is an avenue for attack, it is an avenue for attack.
If it is vulnerable, it is vulnerable.
We've been over this before with Firefox's avoidance of ActiveX. Sometimes, increasing your security simply means NOT including some functionality.
That was a sloppy report on Microsoft's part, no doubt, but the Slashdot title is misleading too. It is still helpful to remember that there has been only one exploitable vulnerability discovered on Vista in the past six months, compared to several a month on XP. Vista's OS-level security features (NX, ASLR) do in fact perform as advertised. Vista is immeasurably more secure than OSX (with only one security feature to speak of) -- not a single application security expert has made a claim to the contrary. Noticed all those OSX advisories coming out lately? That's because we appsec people are as tired as the rest of you of Apple and smug Mac assholes.
If you mod me down, I will become more powerful than you can imagine....
MOD PARENT UP!
Quote from the Slashdot story: "In short, the original Microsoft analysis was good PR and poor research." It amazes me how easily people accept abuse, and give excuses for being abused. It was not "good PR". My best understanding is that Microsoft's analysis was an intentional lie.
My rule number one in dealing with Microsoft: Unless forced by circumstances, never upgrade to a new version of Windows until the second service pack is released. Let other people have the grief. The huge number of bugs in Windows XP before SP2 was very expensive for us. If I remember correctly, SP2 fixed more than 630 bugs, and some of the fixes were not documented. It is not only the vulnerabilities that are expensive.
Quote from the link in the Slashdot story: "Also, the entire networking stack was rewritten for Vista, and that means lots of new bugs are present. I have already spoken to other researchers who have not disclosed such flaws publicly. However, a good start for learning about some is the Symantec paper that analyzed Vista during the BETA phases and revealed numerous issues."
Microsoft has, in my opinion, a long, long history of not allowing their programmers to finish their jobs. There were even security vulnerabilities in the Microsoft Help protocols!
This isn't a debunking.
I feel Jeff really needs to perform another less exaggerated analysis.It's an armchair critique of someone else's work.
[...] a good start for learning about [Vista flaws] is the Symantec paper that analyzed Vista during the BETA phases and revealed numerous issues.A competitor (see Live OneCare) wrote an article about an early BETA of a new OS saying is had some issues? Shocking!
Even though OS X claims to be secure, researchers have obviously shown that Apple will have flaws too. This is nature of software, and it affects all code.What are you saying here, Kristian? Bugs are inevitable, so we should just give Apple a free pass on their share of problems because, well, it affects all software?
Ok, that's enough of that.
I feel Kristian really needs to perform his own research and analysis, and draw his own conclusions.
PS: Don't mod this as flamebait until you read Kristian's entire post. Really.
Error:
More to the point, and as you alluded to, security is all about balancing safety (or security, if you will) and functionality. In this case, I believe that not including Teredo on by default as a security hole is a fallacy. Sure, it adds functionality, but at the same time, creates significant security problems without notifying or asking the user. And grandparent, know what you're talking about. A Hexago tunnel is easy enough to come by on Linux, and very little work to set up (literally cut and paste). Teredo can be run on Linux too, though I cannot recall how.
Basically, it comes down to this: Microsoft sacrificed what could potentially be a significant amount of security for a feature that is meaningless, and for that matter useless, to the majority of users (at least for now, and Microsoft has a tolerable patch system, so...). And that feature is on by default, without asking the user. So, yeah, I'd call that a security hole.
There's an old saying that says pretty much whatever you want it to.
"Thus it should not be counted as a vulnerability unless Linux has a way to do the same thing..."
So the vulnerabilities in ActiveX and COM shouldn't be counted either since Linux doesn't use those... Or vulnerabilities in DirectX shouldn't count because Linux doesn't use it?? That just isn't logical.
Anything that can be used as a vector to successfully compromise a computer should be counted as a vulnerability because that's what it is.
The race isn't always to the swift... but that's the way to bet!
Any observer from a tech background would know that this would turn his results to shit, but he is;
- A Microsoft Employee
- A Blogger
so that never mattered anyway.No users = no vulnerability reports.
"I need a submit macro"
You mean like the "Preview" button right next to the "Submit" one?
"I like systems, their application excepted", George Sand (French)
Unfortunately they seem to be so obsessed with winning by FUDing and spinning that they end up making crap. This is a great disservice to the whole computer industry.
Engineering is the art of compromise.
After extensive research we found that having the computer powered up was the source of all the security flaws. Don't blame MS - they don't make the power cords!
Engineering is the art of compromise.
With due respect, I have to disagree. If a project or vendor takes security seriously, they'll design the software so that it has zero security bugs.
Almost nobody delivers this for popular commercial software like Windows, Office, etc, but that's more because the people paying for such software seem to not care about security at all, or value new features, convenience, and speed much more than they do security or reliability.
However, people designing control systems for airplanes, hospital medical equipment used in lifesaving situations, and so forth, actually do a fair job of delivering software which has zero security issues. This level of quality isn't undoable for more widely used general-purpose software-- some of DJB's software has close to a perfect security record, for example, but it is rare to find software which was designed from the start with the assumption that no security holes are acceptable.
Especially in the PC world, it's common to find software which is significantly broken in the initial release and needs to be patched before it is even feature-complete, much less close to being "bug free" or "secure"....
"The human race's favorite method for being in control of the facts is to ignore them." -Celia Green
Hard is what makes crackers salivate.
qz
I haven't seen Cisco jump to run Vista on their Firewall Machines. So, maybe, just maybe, they had a reason to stick to *nix.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Marketing is cheaper than R&D.
> This just debunks the first report.
Yeah, so did he address all the other serious flaws? Such as the whole "number of vendor acknowledged issues" != "useful security metric"? Because unless he did something radically different, his whole methodology was wrong.
You can't just subtract a few worthless bugs from the charts and turn that into a useful security metric. It just doesn't work that way. For an example of something that would be more useful, you could find all the bugs that lead to remote compromise and count the number of days it was widely known before it was patched for some definition of "widely known."
But then you end up with things like that story saying that IE 6 had critical flaws for about 9 months out of last year. Yeah, IE7 is better (hard not to be!) but still.
How are they obscure? You can't know much about security at all without knowing about people like insecure.org, SecuriTeam, or the Full-Disclosure mailing list. Or maybe you meant the author, Kristian Hermansen? They're a security researcher at Cisco, FYI. But even then, what does obscurity matter if their criticisms are valid? You could be an anonymous coward and make a valid point, after all (alas, that's merely a hypothetical because you do not).
Then you claim that the second report addressed all those issues. That's not at all true. Sure, it doesn't count Firefox bugs any more, but that's not the real problem with the study. The real problem is that counting vendor-acknowledged bugs isn't a security metric at all! That's right, it's not the least bit useful for giving either an academic or real-world measure of security. You can't rescue the original study from that flaw without redoing it and abandoning the original premise.
But I guess you wouldn't know that, because you don't know these "obscure" sites that people who know about computer security do. I mean, next thing you know, people will be citing virtual unknowns like Bruce Schneier as if they knew anything about security! Or maybe Fyodor, I bet he doesn't know a damn thing about networking. What did he ever do? Make up that silly fake application they used as a "hacking" tool in the Matrix movies? [/sarcasm]
I read the article pretty carefully. I don't see any actual numbers to back up this "debunking".
If you're going to bash Microsoft for using fuzzy math, at least have the courtesy of supplying some of your own.
Also, can somebody explain the issues with Teredo? Sorry, but simply declaring that there are lots of bugs in Microsoft's new TCP/IP implementation with absolutely no evidence to back this up doesn't help your argument.
It's not "good PR and poor research". It's lying.
If that's all they want to do, they sure don't need Vista to do it. Linux will do just fine.
I think I'd choose functionality over security, if it was some function I like.
I mean, in their entire history, when has Microsoft ever done ANYTHING untrustworthy?
Like literally copying/stealing other people's code line for line and putting it in their OS? (Stacker)
Like putting in software hooks to see if competing office products were running and then crash them or make them run slow? (WordPerfect)
Like swapping code in an OS and a browser to make it appear that the browser was integral to the OS to weasel out of antitrust issues? (Win98 / Explorer)
Naw... I just can't believe that MicroSoft would stoop so low as to try to promote its "ground-up" new OS (that amazingly has many of the exact same vulnerabilities as XP) as being hardened and more secure than Linux and OSX>
They wouldn't do anything like that, would they?
This means simply that Microsoft will generally pour just enough resources into a product to beat the competition and dominate the marketplace. We saw that with the browser war. When it had to overtake Netscape it came up with a good product. After it killed Netscape, and there was practically no other comparable browser, resources were taken off the browser product because it was good enough and there was no sense whatsoever in improving it.
We saw it with the IDE's. When Microsoft had to compete with Borland {Borland Pascal; Borland C/C++} it came up with the 'Visual' IDE. Visual C, Visual Fortran. It was a good IDE, and it won against Borland. After that ... it languished. Now ... now that we're seeing the Eclipse IDE and SUN's IDE ... suddenly Microsoft floors the accelerator again.
The same holds for the Operating System itself. Windows was systematically tailored to capture the eye of consumers and businesses, which it did very well. Never mind that the internals were {and still are} cludgy. What the user sees is the user-interface; that's what sells. Security flaws? Well ... as long as there is no competitor to which people can switch while retaining their investment in software and training ... security flaws aren't a show-stopper. Getting their own stuff to work was {previous Windows version have so many tightly coupled components that you never knew what would break next when you changed or added anything}, and that's why Jim Allchin very sensibly steered towards a properly engineered Windows. Vista in other words.
Given that we're seeing Linux, OS-X, and Open Solaris competing in more or less the same market we also saw an increased effort from Microsoft to tart up the user interface. Those transparant windows thingies.
This is something fundamental you have to understand about Microsoft. They are calculating folk, and never ever were trailblazers. Tail-light chasers, yes, but never trailblazers. 'Good Enough' is their goal, and their yardstick is ... the competition. Why? Because to Microsoft 'Good Enough' means 'Good enough to win in the marketplace and bring in revenue'. That's how Microsoft became so rich.
Definitely no surprise here. Stupid Mircrosuck.
You have a point. However, take a look at all the zombie Windows machines out there. How many of these are "Mom & Pop" PCs used only for browsing and emails? The reality is that Windows will be the dominant home computer OS for 10 years. Anything that can reduce the zombie pc count is great in my book.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
I wish there were a "+10, ridiculously insightful" rating.
/.
This comment is the most insightful thing I've seen on
in over a month. And me without mod points, so I'm
posting.
Maybe not, but it would be more honourable to not say anything than to tell outright lies. (PR is supposed to be about mis-direction, not blithely lying. Never is though.)
Semi-automatic amateur armchair Australian philosopher; conjecture ready at any moment...
do you people not understand what you're doing? No, I'm not concerned about Microsoft. I don't care about Microsoft.
But... think of twitter. This can't be good for his health.
oh, wait. Right. Keep posting these "M$" articles, then.
...Proved to be inaccurate. Video at 11.
Behold! Uh, what was I going to say?
But I've been allowing full access to my Vista machine in which I store text files containing my bank account, social security and blood type! Whatever will I do?!
*barf*
brian botkiller "Condensing fact from the vapor of nuance" - Neal Stephenson, Snow Crash
"the communication of a statement that makes a false claim, expressly stated or implied to be factual, that may harm the reputation of an individual, business, product, group, government or nation."
Stuff like this seems very close to being Slander and Libel. I'm sure a more informed reader will know why it isn't, but even then, it just seems quite close to being so. There are many organizations and individuals with an invested interest in the promotion and sale of Linux.
Brandon Petersen
all users is directly comparable to /etc/skel /etc/skel is only copied over once, while the "all users" directory structure is merged with "current user"
except that
Linux Zealots: Smarter than Mac Zealots, but still zealots.
Any bad data (e.g. using Firefox bugs but not IE bugs) is the least of it. The real problem with his research is the notion that counting vendor-acknowledged bug reports is any measure of security at all. Maybe if he'd done something like an analysis of exposure windows for critical bugs in a default install he could get somewhere, but no. We have yet another worthless bug count.
You don't need to invalidate the data if the methodology is wrong! And if the methodology is wrong, you don't need any numbers to prove it. That's the case here, but you and so many others are hung up on the bug count. Oh, he did address some of the claims and fixed the bug count. But if you'd read the title of the rebuttal on Full-Disclosure, you'd know that the problem was that he tried to measure security by counting bugs to begin with!
They didn't say WHICH people.
Visual Studio vs Borland: VS was never better than Borland on a level playing field. MS only completed by being a bully.
My main point is that MS don't get their products Good Enough. MS get there by putting their effort into attacking the competition rather than by developing (or even offering) good products.
I think MS marketing is more Mafia tactics than anything technical.
Engineering is the art of compromise.
go to http://www.us-cert.gov/
type in "windows"
Results for: windows Document count: windows (2543)
then,
type in "linux"
Results for: linux Document count: linux (2301)
well, no news is good news!
A differential of 242 reports is not that much! And I'm even a Linux admin!
this doesn't account for severity either, but it just goes to show you, don't trust security reports in any form.
They're using their grammar skills there.
x86 made only incremental gains from the 486 to the Pentium IV. Suddenly, wham! AMD comes out with the 64-bit Opteron and Athlon 64 and they kick the crap out of Intel on price, performance, and power consumption for a year or so.
Now we've seen a ferocious flurry of innovation from Intel, which has suddenly been pouring money into R&D and taking advantage of its superior manufacturing processes. We've got Intel vs. AMD to thank for quad-core, low-power, hardware virtualization... and best of all, $59 dual-core 64-bit processors from Newegg
Now AMD is falling behind fairly rapidly, and we can expect Intel to slack off its R&D correspondingly. But in a year or five, AMD or someone else (VIA? IBM? MIPS?) will be back with something new and send Intel scrambling again.
My bicyles
R&D is cheaper than bad publicity or customer support for a shoddy product, I'd wager. But they wouldn't teach that in a marketing class, would they? ;-)
You haven't read an annual company report recently, or ever for that matter?
Even in sdoftware - or pharmaceutical companies where one would assume that a lot is spent for research the R&D budget is usual ~18% (which varies, of course) while sales and marketing usually eats away approx. half of the costs.
Sales, marketing and distribution is horrendously expensive and gets a far bigger chunk of the budget then R&D.
This is a generalisation, of course, but true for the vast majority of companies.
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
Yes, I know it's good for your karma to rehash the same "Windows BSODs" crap, but I'll call bull.
1. I've had that disabled for years, and I've had exactly one instance of BSOD-ing so far. (The reason was a crappy driver. Yeah, that's so MS's fault. A Linux user would be _so_ able to continue using their KDE programs if the video drivers crashed. Not.)
2. You would still notice it if your computer was restarting all the time. So, you know, it would be exactly the same amount of tech support calls whether it's "I've got a BSOD" or "this damn computer keeps restarting".
3. It wouldn't be that well hidden anyway, because it does briefly show a BSOD before restarting.
4. And if ad-absurdum they actually managed to hide it that well that you don't even notice, then why would it matter?
So, you know, propaganda tends to work better if it doesn't amount to telling people "your Windows BSOD's all the time!... even though you've probably never seen it actually doing it." It tends to be kinda like me telling you that you have to move because there's an elephant in your bathroom, even though you probably don't see it.
A polar bear is a cartesian bear after a coordinate transform.
The point is simply that number of disclosed bugs is not a valid comparison. It matters not if he "did his best".
"The numbers" would certainly look very different if Microsoft adopted the methodology used by most open source projects of fully disclosing every bug. Or if open source projects mirrored Microsoft's practices. It is very well known that Microsoft does NOT fully disclose all bugs and many cumulative patches silently fix MANY problems. The severity of bugs is also classified very differently.
You are right about one thing, it is all a numbers game. But you are WRONG that it means anything, even that Microsoft is improving. It means NOTHING. Nothing at all. It's only a numbers game. Even if someone else games the numbers differently and Linux-based systems look better, it still means nothing to compare numbers of bugs when very different philosophies and practices govern which bugs are fully disclosed and how their severities are rated.
PJRC: Electronic Projects, 8051 Microcontroller Tools
Even if the functionality is of no use to you?
...was well counted, after all, it's a nice OS with a poor text editor.
:(){
It's not cheaper (quite the contrary), but the effects of marketing are much more immediate than the effects of research. And it's the quarterly report that counts, not how the company is doing in three years.
x86 made only incremental gains from the 486 to the Pentium IV. Suddenly, wham! AMD comes out with the 64-bit Opteron and Athlon 64 and they kick the crap out of Intel on price, performance, and power consumption for a year or so.
I think you need to seriously revise your x86 history.
That is not to say that x86_64 wasn't a significant improvement, but to basically suggest the Pentium, Pentium Pro/II/III and Pentium 4 were just faster 486s is ludicrous. Each of those CPU families represents a serious increase in the design and capabilities of the x86 platform and they all came from Intel. Indeed, one of the main reasons x86_64 was so significant was because it repesents one of the few times AMD has been the leader, not the follower, in the last few decades.
Oh please.
Let's be honest here. No matter what study was produced using no matter what methodology, if it showed that Microsoft was improving you guys would rush to debunk the study or dig up some site that does the debunking for you. RMS himself could declare that Microsoft was improving security, and you guys would rip him to shreds. The point of the OP of this subthread is that the debunking report is just as biased as the MS report, and I've seen zero evidence that that isn't the case. I'll go further: the comments to this entire thread are 100x more biased than the MS reports. It's not like you guys are being objective with your analyses either, so get off your high horse.
-- "I never gave these stories much credence." - HAL 9000
Shit, that was so biting I thought my eyes were going to pop.
The original "research" and the so-called "debunking" are total crap, to say the least. What the "research" shows is "Linux guys fixed more bugs than Microsoft's, and that means Vista security is good". Some kind of reverse Microsoft logic, or what? Given that Vista is closed source and Linux is open and considering the means for finding holes in proprietary software the number of vulnerabilities found should be at least tripled.
Now the "debunking". Just vague declarations. Only propositions like "they rewrote all the code so there MUST be more bugs". Well, maybe, but it's not a fact. Also the "debunking" really doesn't have ane figures. The microsoft guy at least shown some numbers on which he or we may base our conclusions. But debunking... It's not a debunking. We need an independent research like the MS guy did but we need to do it right. So that match is drawn at 1:1, but the time hasn't run out yet.
Micrososft are merely playing the same game OpenBSD have been playing for all these years... Apply the loosest standard to yourself, and the strictest to your competitors, and you're bound to come out smelling of roses.
Was that a whiff of manure in the background?
>> Sales, marketing and distribution is horrendously expensive and gets a far bigger chunk of the budget then R&D.
Newsflash!
Distribution is in FACT part of marketing.
And Marketing also touches R&D, giving it input in for of assumed/collected/calculated requirements.
It gives you a chance to atleast do a controlled restart including a sync. You also have a chance of debugging what went wrong if you are inclined to that.
Arguing that a system that gives you a chance to figure out what went wrong and recover gracefully from it is somehow equal to a system that simply hides everything ugly, booting in mid-whatever is simply absurd.
Your logic eludes me. Why do you need a second computer to simply boot your first? And exactly what does a firewall have to do with graphic driver instability?
And exactly at which point in time did it become "true" that Joe Sixpack can successfully configure and run e.g. a firewall, but completely impossible for him to learn "a bunch of command-line stuff"? Why is it that the stuff (firewalls, anti-virus, anti-malware, corrupted registries ) that Microsoft imposes on the end-user is "normal", while an optional feature in Linux renders that system completely unusable to anyone else but raving nerds?
I wouldn't call the P4 a serious increase in capabilities - Netburst was pretty awful. There was a reason they completely dropped Netburst and went back to P6 when they designed the Core architecture. Netburst-based processors were faster than the P3 line, but not quite as capable of delivering performance.
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
The piece of shit Taurus I also have has no leak therefore it must be a better car than my old Porsche. And it's true that if every car in the world were my old Porsche then all the cars in the world would have that same annoying leak. Ergo the world is a better place for all the piece of shit Taurus's on the road.
/. put down the fucking cheetos and hammered out code it still wouldn't make any difference because that train's already left the station.
See it's not about theory, fanboys. It's about practical outcomes. Per person per unit per second per whatever the practical outcomes of MS 'security' are disaster and failure compared to everything else. Period full stop. And if all the fanboys in the world, got off
You can wave your MS flag in my face all.fucking.day. telling me about the theoretical import of security gaps in some other widget and it won't amount to anything because the effect of these gaps is maybe 0.0001% of the effect of yours.
So suck it up, my pimpled minions - your God is a cardboard God.
- 486 SX 66Mhz machine running Windows 3.1
- In Dick Cheney's Bunker
- No Modem
- No Token Ring
- No Banyan VINES
- No Ethernet or IPX
- No TCP/IP winsock implementation.
Most Secure Windows Ever!In MS case, they also have a well funded research department that seems to do pure research and not research for their products. Some of the research may make into their products but it may be years or decades down the line. This skews the budget a little. We don't really know if in fact they spend more to market their products are opposed to developing them.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Here's an actual example - the faculty head of a university department is conducting a corridor tour of your department with some visitors. One student has a poster presentation in the open common area with a couple of relevant textbooks on the table. Another student is out of sight in a research lab working on his/her research project. Who is the faculty head and the visitors going to consider to be the expert on their subject?
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
Which is perfectly fair enough. If you design a house with lots of windows (not the O/S for once) then each window is potentially a point of entry. You can use toughened glass, non-opening windows, but it still won't be as secure as an unterrupted wall would have been. So you would be compromising security for features - in this case natural light.
The problem only starts if you then claim that the security of your design is in no way compromised by the windows. Or that it's unfair to compare it against the security of houses with no windows, since those houses have no natural light.
Don't let THEM immanentize the Eschaton!
He was wrong in some details, but correct on the basic point. Intel's real failing point was after Pentium-III. At that point, 2 things happened. First, the marketers gained too much power, and pushed the "market metric," clock speed, with the resulting NetBurst architecture of the Pentium4, which has been abandoned. Second, Intel pursued the IA-64, which was really a combination of an academic nifty idea with marketers' desires to be clone-proof, but with the consequence of leaving delivering value to the customer a lower priority.
In other words in the Pentium-4 generation, Intel delivered a marketer-driven (marketer, not market driven) architecture with sub-par engineering, and was distracted by the internal desires for IA-64.
The living have better things to do than to continue hating the dead.
What all these "Marketing is cheaper than" comments seem to miss is that Testing is cheaper when the public will do it for free. It's a common mantra, and one not even remotely limited to MicroSoft.
A positive attitude may not solve all your problems, but it will annoy enough people to make it worth the effort.
Just, you know, because it's so evil to buy a $25 firewall for your Windows box, but it's cool to buy a whole second computer for your Linux box.
...) computer free. They come from Windows-using friends whose machines are no longer powerful enough for the current upgrades, and have to buy a new PC to get a decent response back. Their linux-using friends generously offer to carry the old one off and dispose of it properly. They do this by setting it on a shelf for use when they want a second (or third or ...) machine for testing network stuff.
Buy??? Most linux users that I know get their second (and third and
There are lots of 10-year-old PC around running linux just fine. I have a couple of castoffs like this that my wife had "because she needed them for work" (unlike the Mac that she likes better, but isn't used at work). They come in handy when I want to experiment with installing things that I think might crash my main machine, or at least take it offline for a few hours. Since it's running our firewall and web and email servers, I'd rather not do something that interrupts it for more than a short time. So I play around with dubious new releases on the "trash" machines. And I can use them to test for networking problems, too. It's easy enough to set up one or two machines on a temporary "outside" network, ssh in, and then shut them down to save electricity when I'm done with the task.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
What does, "Microsoft is about making money ... not product," even mean? You're saying that Microsoft is attempting to accomplish an end instead of a mean... that seems reasonable. After all, why would Microsoft make products? To sell them? For money, perhaps? Show me a business that is not about making money. Then show me that business in 5 years and see if it still exists. The closest example I could think of would be an independent artist who is creating for personal reasons rather than commercial. But businesses ARE commercial. Thats what makes them businesses and not artists, hobbyists, or clubs.
As both firefox and emacs runs on windows (via cygwin) bugs in both programs should be counted as windows bugs.
:)
But as MSIE does not run on Linux it should not be counted as a Linux bugs.
In fact I could write a small visual basic program here now in the comment, with a serious bug, and you can count that to.
Anyway, I don't know why I'm writing this. After several hundred comments, few people will ever read this, and the people who is counting will live in ignorance forever...
I wouldn't call the P4 a serious increase in capabilities - Netburst was pretty awful.
Untrue. It started off poorly, but quickly ramped up. Despite the arguments of fanbois, P4s were quite competitive in absolute terms, just not on a per-Mhz basis. There was also hyperthreading.
Further, the knowledge gained by Intel with the P4 has allowed them to very quickly take the Core architecture to 3Ghz (and it clearly has a lot of headroom yet), while AMD is languishing at lower clock speeds.
There was a reason they completely dropped Netburst and went back to P6 when they designed the Core architecture. Netburst-based processors were faster than the P3 line, but not quite as capable of delivering performance.
But they were, they just needed high clock speeds. Netburst was "dropped" (not completely accurate) because it hit clock speed ceilings, not because it delivered no value.
JADBP
At that point, 2 things happened. First, the marketers gained too much power, and pushed the "market metric," clock speed, with the resulting NetBurst architecture of the Pentium4, which has been abandoned.
This argument gets floated regularly, but it is nonsensical. There is nothing wrong, from an engineering perspective, of choosing to pursue performance increases by improving clock speed instead of IPC. Indeed, one of the big promises from RISC was that its simpler design would allow quick and easy ramping of clock speeds at the sake of IPC. I don't seem to recall DEC getting the same criticism for the Alpha, that Intel did with the P4, despite both essentially "playing the Mhz game". Indeed, the Alpha seems to be treated by many as God's gift to CPUs.
Ironic that it took an ostensibly CISC CPU to deliver the benefits of RISC.
Second, Intel pursued the IA-64, which was really a combination of an academic nifty idea with marketers' desires to be clone-proof, but with the consequence of leaving delivering value to the customer a lower priority.
The ia64 eventually delivered fairly good performance, it just didn't feature at the low end. Itanic machines were quite competitive for high-end computing needs.
In other words in the Pentium-4 generation, Intel delivered a marketer-driven (marketer, not market driven) architecture with sub-par engineering, and was distracted by the internal desires for IA-64.
No, they simply chose to pursue an engineering path focusing on clock rate instead of IPC. There is nothing inherently wrong with this approach, and the subsequent benefits are clear when one reads about Core 2 CPUs being overclocked to 3.5+ GHz.
AMD provide solid competition, and the k8 was unquestionably a great CPU (sadly - like many AMD CPUs - let down by poor supporting hardware) in the x86 arena, but to suggest Intel haven't been the source of solid engineering throughout the lifetime of the platform - more so than AMD -just doesn't stand up to any sort of analysis.
Perhaps I don't want to sit in on a 45 minute file system check.
Perhaps I want to do a proper shutdown on my development database.
Perhaps I want to do lots of things that your little brain can't comprehend right now.
All the same I was pointing out advantages and you haven't disproved anything with your pointless rant.
What did that rant have to do with anything anyway? The fact remains that I *can* do a certain thing on Linux and I can't do it on Windows.
Get over it.
News about the Kettle Open Source project: on my blog
Type in "apple".
Wow, only 1476!
Hmm, let's try "bsd".
Wow, only 145.
"unix"
862
"buzz word"
No results were found for your search.
Okay. What do these numbers prove again?
Microsoft is bad, mmkay?
PEBCAK (#1 Issue Regarding Any version of Windows) P - Problem E - Exists B - Between C - Chair A - And K - Keyboard ID10T error. BSOD STOP 0x4d534655 KERNEL_REALLY_SUCKS_WE_KNOW_N_WILL_PATCH_LATER ==> (MSFU)
By the time of IE5 and Netscape 4 Communicator was "aging," it's true that Communicator was less capable and more buggy than IE. By that point, the damage had already been done. Netscape's funding model had been destroyed and without cash, they could not possibly compete *in that marketplace at that time.*
Much has changed since then, and I'm posting this from Firefox 2 today. Let me point out that today's market is not the same market as 1998.
I think that what you've said is true, but it does not paint an accurate picture of why Netscape was falling behind. It seems akin to suggest that a person died of natural causes (when they had been shot by an assailant an hour before) because it's natural to bleed to death when you have that many bullet holes!
Netscape could not fight Microsoft in 1998 because the shooting started in 1996.
But Herr Heisenberg, how does the electron know when I'm looking?
Looks like two people failed :P, R&D research has an 'effective upper bound', basically your return on investment drops significantly above a certain percentage. Why throw away money.
GPLv2: I want my rights, I want my phone call! DRM: What use is a phone call, if you are unable to speak?
I don't think the argument "Vista is less secure than Linux only because it contains insecure packages that Linux does not..." will fly very far.
In the end people who have their systems compromised will not think kindly of that logic.
The race isn't always to the swift... but that's the way to bet!
(IANAL)
Heh, you've never used any *nix before, except as a toy. There's a fucking mountain of difference. Does your box run any services for the network? Does it share any printers or disks? Does it have any other users logged into it? Does it run any scheduled tasks or background jobs? If you're doing *any* of these things, then there's no way in hell you want the system to reboot. If you're not doing any of these things, you're not running Linux, you're running a bloody X-terminal.
I think the point, while this may not been GP's intention, is that marketing can bring profits this quarter. R&D cannot do that.
Atlas Shrugged : Thematic Story
Marketing has a much higher ROI potential than actual R&D, which may not even pan out. If it does, well, marketing is still more profitable in most cases. People will buy stupid shit if you market it properly. Particularly when it comes to computers or any other sort of information technology, which most people view the way the monkeys viewed the black monolith, as a mysterious object to be feared.
Two prime examples from my line of work of people buying into marketing hype with zero understanding of the technology.
1. The vast majority of our clients are small businesses. I'm talking 5 to 10 employees, which are primarily "the people who do some work, and one or two administrative assistants". Zero tech staff whatsoever. I cannot even begin to count the number of these small business owners that call me whining that their VoIP service "doesn't work" and it turns out it's because they bought some insanely expensive Cisco firewall (or some other firewall "appliance"). They have only the foggiest notion of what a firewall does, they have zero idea how to set one up, configure it, or maintain it, but some doofus salesman somewhere told them how important firewalls are and how they have to have one, so they forked over hundreds of dollars for a box they can barely identify.
2. To diagnose VoIP problems I also frequently need to ask what sort of internet connection the client has. Most of them give a totally inane response like "it's the fastest one they offer" or "business-class". In other words, they have no idea what they're paying for every month, but they can recite the bullshit marketing terms all day long.
People have no idea what the hell they're buying. Companies routinely offer crap and doll it up with important-sounding fluff, and people buy it, having no understanding of what they're purchasing or how to compare a good product from bad. It doesn't take long for bean-counters to realize that they can cut back on making an actual reliable product, and divert the savings into marketing, at which point people will start handing over cash.
mirrorshades radio -- darkwave, industrial, futurepop, ebm.
Obviously performance can be bought with clock speed, IPC, or a combination of both. Pentium-4 was an extreme exercise in clock speed, and usually extremes wind up having problems of one sort or another. Pentium-4 had 2 problems - the "peaky" performance was handled by better compilers and by ramping the clock speed up enough so the valleys were fast enough. But the thermal problems were its downfall.
IA64 eventually did deliver decent performance. But the cost was incredible. Had Intel been simply going after that level of performance, they could have done it much more cheaply, quickly, and effectively. But you only have to look at the IP shell games they and HP played to realize that being clone-proof was the primary drive, not performance. That also meant that the architecture had to be sufficiently different that they could keep it completely fenced in.
EVERY company in a market dominating spot like Intel eventually gets tied up in self-absorbed internal goals that don't necessarily mesh with the marketplace. That says nothing bad about their engineering teams at all - it just says that when a company is far enough ahead of the competition that the competition isn't really pushing it any more, internal pressures come to bear that can produce odd-looking results. This tendency usually gets corrected, as it has in Intel's case. But there's no guarantee that it won't happen again.
One could argue that some of the same is happening with Microsoft, because their prime competitor has become their own install base. They have to keep persuading people to buy something new to replace something that they've already got that still works. Then they have to make the new product different enough to the customer feels that they're getting something for their money, but the more different, the more disruptive, etc.
The living have better things to do than to continue hating the dead.
So, here I am, running a small network (10+ computers) in a home business environment.
I do have 2 instances of Windows 98SE and 1 instance of Windows XP SP2 deployed (the Windows 98SE for desktop activity and XP for some testing and support roles). I presume that because network access is proxied, cleansed, firewalled and NAT'd, that things are fairly secure.
And, they are. I cannot allow the XP machine directly onto the internet, due to regulatory security concerns (and my business does involve other peoples codebases).
I am thinking of deploying Vista; indeed I almost have (one client wanted some Vista work done). And now, BANG!, I learn that Vista will convert my carefully proxied, cleansed, firewalled and NAT'd system into Swiss cheese, by default...
Thanks, Microsoft. I sure hope that you had the best security people in the business pore over that feature. But still, no warantee -- so I guess any Vista installation will have to be COMPLETELY off-net for a while.
But, that can't be done, because it needs to validate. I guess I would need to turn OFF my network, let Vista validate, and then take it off-net... But that won't work (it does for XP, thank heavens); as I understand it, Vista will need revalidation every 6 months or so...
So, what I need to know is -- how do I safely and prudently deploy Vista, with the assumption that it is a hostile component? Or, can I disable Teredo completely? And, are there other components in Vista that are equally bizarre?
My clients are going to start demanding Vista work any day now...
Just another "Cubible(sic) Joe" 2 17 3061
While Intel did reach higher clock speeds with Netburst, I don't think they couldn't have done the same with P6 - after all, they did.
I will grant you the Hyperthreading point, though. That did come first on Netburst.
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
That's usually a result of business consultants telling execs that marketing is cheaper than R&D, therefore they should spend more on marketing/sales/distribution than R&D.
Hence, crummy product, lots of FUD.
"We are Microsoft. You shall be assimilated. Competition is futile."
And this is precisely why *nix will always kick the crap out of Windows as a server platform. The whole GUI paradigm makes for lazy admins who don't know and don't give a damn about what's going on, and pick up delightful habits like "press the on/off button for nine second..."
The world's burning. Moped Jesus spotted on I50. Details at 11.
Untrue. It started off poorly, but quickly ramped up. Despite the arguments of fanbois, P4s were quite competitive in absolute terms, just not on a per-Mhz basis. There was also hyperthreading.
Further, the knowledge gained by Intel with the P4 has allowed them to very quickly take the Core architecture to 3Ghz (and it clearly has a lot of headroom yet), while AMD is languishing at lower clock speeds.
There was a reason they completely dropped Netburst and went back to P6 when they designed the Core architecture. Netburst-based processors were faster than the P3 line, but not quite as capable of delivering performance.
But they were, they just needed high clock speeds. Netburst was "dropped" (not completely accurate) because it hit clock speed ceilings, not because it delivered no value. I'm not going to go into great detail here since this whole thread is offtopic anyway. Suffice it to say, you clearly don't have much of a concept of how poorly the Netburst architecture really performed. (For example, the first several P4 parts released were actually out-performed by their older and slower cousin, the P3 1.0GHz.) Throughout the whole netburst generation the Intel CPUs were outperformed by AMD CPUs running at lower clock speeds -- in some cases by AMD CPUs running a mere 50% the speed of a netburst CPU. And you have a really nice contradiction there at the end. If they "dropped" the netburst because it hit a clock speed ceiling, then clearly the one "missing element" (in your words, high clock speeds) that was needed to make it capable of performance was impossible -- which obviously leads to the logical conclusion that the Netburst was not as capable of performance as the previous technology, just as the GP stated.
No I'm not an AMD fanboi. I'll buy whichever delivers the best performance at the price that suits my budget. That hasn't been Intel for going on 7 years now. When they can deliver a price/performance ratio that tops AMD in my price range, I'll buy Intel again.
There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
I call BS. IBM had Dual core and then Quad core processors before Intel/AMD. Given the partitioning and vitualisation in the AIX Pseries these days (you want to split your machine along 1/10 of a processor boundaries, go ahead, you want to put one network adapter in the machine and share it amongst multiple partitions... Sure...) I don't think that Intel is the true innovator here.
I will give you the price point... I can't purchase an IBM processor for $59.
Z.
-- Under/Overrated is meta-moderation, and therefore is Redundant.
I have three letters for you:
NPO.
There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
when your xserver crashes , you just get the command line . from there you can simply restart with 'startx'
no need to restart the system , and the xserver definitely loads faster than Windows . ( i just tried : about 10 seconds ) .
Slipping shoelaces ?
says the guy who obviously never owned a Linux PC and barely ever logged onto an unix machine.
I can completely appreciate this, and one of the reasons I dislike buying many heavily hyped commercial products is because I resent paying mostly for a company to tell me how good something is.
One thing about marketing, though, it that it's probably far more predictible than research in many cases. It's easy to blow lots of money on research and come out with nothing, especially since it typically requires some very specialised skills that are often hard to find. Marketing results are a bit easier to predict, though.
Well, aren't you a bossy fella?
Not that I disagree with you or anything :).
Back when windows 95 shipped it was head and shoulders technically better than the other operating systems targeting average everyday folks.
Let's look at some examples, shall we? Apple's offering in `95 was System 7.5.2. Not Mac OS's finest moment ever, as System 7.5.2 was terribly unstable, but it was still pretty solid compared to Win95.
NeXT Computer's NeXTSTEP was available. . .Win95 was nowhere close to NeXTSTEP.
AmigaOS 3.1 was contemporary with Win95 but still far better than Microsoft's best efforts.
Acorn Computer's RISC OS (version 3.60 was available when Win95 was released) is arguably Win95's equal.
Atari release MultiTOS in 1993 and then the company died (for all intents and purposes). . .bad management can do that to any company. But was Windows 95 superior to MultiTOS? That is debatable.
Linux kernel 1.2 was available in 1995. You could argue that this wasn't an "operating systems targeting average everyday folks" because it was a beast to install and configure, but, honestly, how many "average everyday folks" could successfully install Win95 back in those days? Most people who used Win95 bought computers with it preinstalled. This was particularly the case with "average everyday folks".
And then there was IBM's OS/2. It was superior to Windows 95 in every way. In some ways, OS/2 is still technically superior to Microsoft's latest efforts, despite OS/2's development having been slowed to a crawl for most of the last decade.
Face it, Windows 95 was garbage. Microsoft has, twelve years on, yet to deliver on many of the marketing promises made about 'Chicago'. "Don't commit to OS/2 because 'Chicago' will be sooo much better!" Later, when the snake oil salesmen had finished fleecing the credulous, the suckers became vocal supporters of Microsoft in the hopes of burying their shame at being swindled and made fools of in a chorus of praise. "Oooh! Such high performance!" and "It is sooo stable! I don't HAVE to reboot it three times a day, I just like that sound it makes when it starts!" and "It is sooo easy to use!".
In any case, the faithful have been strung along for so long now that they will desperately defend any nonsense that Microsoft generates. As a famous idiot once said "Fool me once, shame on you. Fool me twice. . .can't get fooled again!" But when one is fooled many times in series (how many times is it now? Win95, Win98, WinME. Win2000, WinXP, etc), brand loyalty takes on religious characteristics. "When Jesus comes back. . .I mean, when Microsoft finally gets it right, you're gonna be so sorry for making fun of me!" Pointing out the obvious disconnects between reality and Microsoft's sermons to the flock only strengthens their resolve to maintain the faith. With this in mind, it is easy to see why some people would make ludicrous claims about Windows 95. Since Microsoft's vendor lock in has this psychological aspect in addition to the technical and economic ones, debunking Microsoft's claims only serves to allow those of us who have not yet been assimilated to feel smug about having successfully resisted the BS for so long. This debunking can not influence individuals with significant portions of their credibility tied to the myth of Windows superiority. . .individuals like Ziff-Davis columnists and execs who pushed through transitioning corporate assets to Microsoft infrastructure.
What I mean with this title is that you cannot understand Microsoft's actions by looking at it from the perspective of someone who wants to produce good products. As in someone who wants to truly push the state of the art as a goal in itself. Someone who wants to 'innovate' to use that bumf-laden word. Microsoft prefers to let start-ups do that for them, select the promising ideas, and then *buy* or *copy* the technology. Which incidentally is why Microsoft is so hostile to the GPL. If any innovative code is GPL'ed, then Microsoft cannot secure an exclusive hold on it, so they cannot use it to shore up their market dominance by creating imperfect competition or their pricing power {see http://financial-dictionary.thefreedictionary.com/ Pricing+Power for a definition of pricing power}.
For background reading, see: http://ocw.mit.edu/NR/rdonlyres/A82DB83B-1F43-4EEB -8311-CC93A1B0245C/0/deltamodel.pdf for a description of the "Delta model" of strategic positioning, and note the position of Intel and Microsoft in the graph on page 3.
Rational actors versus emotional ones
Hackers and geeks {a sizeable proportion of Slashdot's readership} cannot understand Microsoft's actions because they are driven by emotion {love of tinkering, thinking source code is interesting and attractive, idealism} rather than rational thought. You can understand Microsoft's actions if you look at it from the point of view of a rational actor that tries to {mathematically speaking} maximise revenue, and to obtain that revenue, to either build or maintain sufficient dominance of the market to have that holy grail of marketing: 'pricing power'. You can understand them if you consider them from a marketing point of view. Implicit in which is that you *really* don't care what you sell, as long as it makes a profit. Some people {Slashdotters for example} need to have that, and its implications, explained to them - in small and easy steps... Hence my choice of title.
A marketing point of view
See e.g. http://ocw.mit.edu/OcwWeb/Sloan-School-of-Manageme nt/15-810Spring-2005/CourseHome/index.htm for introductory background material on marketing.
The notion of Marketing is crucial because it explains another of Microsoft's strategic constraints. Microsoft cannot afford a truly level playing field in the markets in which it operates because in such markets it wouldn't have the dominance and the lock-in that would allow it to exercise pricing power. It would slide from the top of the Delta pyramid to the right-hand side. Bye-bye profit margins.
Implications of marketing considerations for Microsoft actions
People have to realise that Microsoft truly does not care about *what* it ships ... as long as it maintains Microsoft's position in the Delta model ... which in turn determines it's ability to generate revenue.
Good enough ... for Microsoft
Now ... as I did not make explicit, but which several posters pointed out, Microsoft's 'Good Enough' means 'Good Enough to allow Microsoft to win in the marketplace while leveraging every other advantage they have'.
What other advantage? Well ... control of the PC platform for one thing. MS-Windows is the standard ... and largely because it becomes pre-loaded. As in "Hey ... it's included, right, so why look further?".
Why does it become pre-loaded? Because people are used to MS Windows, so that pre-loading MS-Windows opens the mass-market. If you doubt the sensitivity and importance of having MS W