MS Suggests Using Shims For XP-To-Win7 Transition

eldavojohn writes "Windows XP (and a lot of MS OS code before that) had a fundamental security flaw whereby the default setting made the ordinary user run as the superuser. Vista & Windows 7 have fixed that and implemented The Correct Paradigm. But what about the pre-Vista applications written to utilize superuser privileges? How do you migrate them forward? Well, running a virtualized instance of XP in Windows 7 is an option we've talked about. But Microsoft is pushing the idea of using 'shims,' which are a way to bypass or trick the code into thinking it's still running as user/superuser mode in Windows XP. This is an old trick that Microsoft has often employed, and it has brought the Windows kernel a long ways, in a duct-tape sort of fashion. At the TechEd conference in LA, Microsoft associate software architect Chris Jackson joked, 'If you walk too loudly down the hall near the [Windows] kernel developers, you'll break 20 to 30 apps.' So for you enterprise developers fretting about transitioning to Windows 7, shims are your suggested solution."

An alternate solution?

I thought it said "shivs". I guess that would be another way to coerce people into giving up their precious XP.

Re:An alternate solution?

[CarpetShark]

I thought it said "shivs".

It said "shills".

I know you slashdotters hate to hear it

But MS's support for backwards compatibility is THE REASON they own the desktop.

You can slam all you want, but they will continue to own the desktop because they run all the apps you want.

Re:I know you slashdotters hate to hear it

[RichardJenkins]

Yep he's right.

Not aggressive marketing or flagrant violation of antitrust laws. Certainly not stability of security. Inovation? Forget it.

It's backwards compatibility for the win, ever since version 1.

Re:I know you slashdotters hate to hear it

[x2A]

"It's backwards compatibility for the win, ever since version 1"

Except version one wasn't exactly a 'win'... or two... three was where it really started taking off.

Of course the fact that you could still run your old DOS programs was quite the benefit as people had a lot of them... oh no, there goes your argument!

"or flagrant violation of antitrust laws"

hint: they had to become a monopoly power first!

Re:I know you slashdotters hate to hear it

[AmiMoJo]

Vista has had these "shims" all along too. The filesystem and registry are virtualised, so any stupid program that tries to write to $PROGDIR or do anything else stupid has the changes re-directed to somewhere safe.

Re:I know you slashdotters hate to hear it

[x2A]

Haha, for me, the best bit was where you said

"its not due to MS backwords compatibility"

and then followed it up by listing a bunch of arguments showing why it is due to backward compatibility! That totally caught me by surprise! But yeah, you're right, if they dumped compatibility people would get pissed off, because they do want backward compatibility!

"All the app makers target Windows because thats what 90% of desktop users use"

Do you think Windows would ever've gotten so popular if it didn't allow people to run their old DOS programs? Course not. It's called 'transition', and it's much less disruptive, esp to businesses, than quantum leaps.

Re:I know you slashdotters hate to hear it

[je+ne+sais+quoi]

I don't dispute that most apps designed for older versions of windows run okay on newer versions, but you haven't given any evidence at all as to why this might be true. Just to play devil's advocate, linux runs any X11 app and that goes back decades and decades (e.g., nethack is from 1985). Also, often apps that runs on OS X can run on any version of OS X but there were some changes between point releases but I don't know of an app that fails to run on new versions. Also, the X11 server lets you run any linux or unix program that uses that as well. If you have an app that runs on OS 9, you can run that in classic mode (which I believe they stopped including for leopard, but I'm not sure), and that takes us back to 1999. Finally, I have all kinds of DOS or windows 3.11 apps that don't run well or at all on windows any more, even in emulation mode. We also used to have some kind of VB app that only ran on windows 95 and refused to run on anything else. Most of these are scientific software packages for driving instruments or interfacing with specific hardware, but not always.

I know you windows fanboys hate to hear it, but contrary to being perfect, windows does break backwards compatibility sometimes with new releases, AND there are other operating systems that achieve similar or greater (in the case of linux) backwards compatibility to their predecessors.

Re:I know you slashdotters hate to hear it

[SBrach]

You say:

The minute WINE works 100%

Then you say:

without any sort of shims or other garbage

Wine is the definition of using hacks to get an app to run on an OS. If it is ok for Wine, why is it not ok for Win7?

Re:I know you slashdotters hate to hear it

[just_another_sean]

Agree and one can also not discount the WIN32 API and Visual Basic either. I loath them both at this stage in my career but they are what I and many others started on and there are thousands, if not more then a million, internal business apps running on both these technologies. The lure of easy was just too hard to resist, not to mention marketed brilliantly, (criminally even!) by MS.

You're right, ./ers hate to hear it, I hate to hear it or say it, but your right.

Re:I know you slashdotters hate to hear it

[multipartmixed]

It's certainly not the ONLY reason.

Solaris has great backwards compatibility. Better than Windows, even, and not by a small margin, either. I am running a copy of xemacs today I compiled in 1997 or 1998... 5 major OS revisions back. You can even run third-part device drivers meant for 2.4 on 10 with a reasonable expectation that they will work, and work well. You can even run applications built for SunOS 4 and expect many to work. And SunOS 4 -> Solaris 2 was a major leap. About the same sized leap as MacOS 9 -> X.... in Sun's case they changed from BSD to SVR4 underpinnings.

We all know that Solaris doesn't own the desktop. Hell, I'm a Solaris fan as AFAIC they don't even HAVE a desktop.

BTW, Solaris accomplishes this mostly with "shims", in the form of a well-thought-out dynamic linker with built-in versioning.

Re:I know you slashdotters hate to hear it

[WMD_88]

Just to play devil's advocate, linux runs any X11 app and that goes back decades and decades (e.g., nethack is from 1985).

Nethack may be old, but the binary you use on Linux was compiled recently. Set up an old Linux system (RH 6.2, to throw something out there), run Nethack on it, and then try to run the same binary on a new system. It won't work.

Having the software be open-source alleviates most of this, but closed-source will never work too well on Linux unless they stop breaking everything all the time.

Re:I know you slashdotters hate to hear it

[Volante3192]

It's not 'lazy to learn' a new set of apps, it's 'utter panic and fear at having to move years and years of vital company data from one business application to another.'

I know companies that still use applications that are little more than absurdly complex DOS .BAT files because that's where all their data is.

Learning a new system is child's play compared to migrating all the data, ensuring nothing is lost, getting everything to work (laser printers, faxes, god forbid there's any dot matrix or thermal printers...)

Re:I know you slashdotters hate to hear it

Is that a whoosh I hear?

Re:I know you slashdotters hate to hear it

[jimicus]

"or flagrant violation of antitrust laws"

hint: they had to become a monopoly power first!

Microsoft were competing unfairly long before they became a monopoly, and this is also illegal.

Competing unfairly in ways like only offering discounts to companies that don't stock competing products - discounts so large that anyone who wanted to stock a competing product basically could not hope to sell anything by Microsoft at a competitive price.

Re:I know you slashdotters hate to hear it

[RichardJenkins]

The argument is that it's ridiculous to suggest that backwards compatibility is "THE REASON" for MS's success - particularly without presenting evidence of competitors who losing market share due to poor performance in this area.

Backwards compatibility isn't even that strong for MS. Windows XP broke plenty of apps (do a few searches the 'Why Applications Break' section of http://books.google.co.uk/books?id=HFd8VyyU0e0C&pg=PA272&lpg=PA272&dq=%22windows+xp+breaks+apps%22&source=bl&ots=17EPij89Oa&sig=w9JKvyFhrcftGtww5SSha3qGyi8&hl=en&ei=qd8WSs2jMs-MjAfwppTwDA&sa=X&oi=book_result&ct=result&resnum=4 is a good place to start). Ditto Vista. Windows 7 is so bad at it they're suggesting you continue to run some apps in Windows XP. Would that be two VM's for Windows 8? What a mess.

Lot's of things go into making MS and Windows in particular a successful platform.

Re:I know you slashdotters hate to hear it

[Applekid]

Wine is the definition of using hacks to get an app to run on an OS. If it is ok for Wine, why is it not ok for Win7?

Because this whole article is FUD.

I don't even know why shims are a problem. It's not like the API consumer needs to know they exist. Even more so, just use the API correctly and you'll never have compatibility issues in your app. The Microsoft philosophy is to let people to the wrong thing and let it work out right. I don't agree with that, but, hey, it doesn't really matter WHAT Microsoft does with Windows, really.

Shim for XP compatibility = LOL, Microsoft sux!
No-shims and screw XP = LOL, Microsoft sux!

Re:I know you slashdotters hate to hear it

[mea37]

"Microsoft were competing unfairly long before they became a monopoly, and this is also illegal"

Citation needed.

The example you gave is not illegal unless you wield undue market clout (such as that held by a monopoly). That is the case with any "unfair competition" law I've heard of - it's only unfair if competition in your market is limited (e.g. because you're a monopoly or because you and a few other players collude to maintain a collective strangle-hold on the market).

Re:I know you slashdotters hate to hear it

[BrokenHalo]

Microsoft were competing unfairly long before they became a monopoly, and this is also illegal.

This is true, but Microsoft had very good mentors. IBM was hardly a stranger to the notion of abuse of power. But even so, the world might have been a different place if IBM hadn't allowed Microsoft to pull out the rug from underneath it, and from that point we might ponder what would have happened if IBM hadn't subsequently ploughed so much money and resources into Linux.

I can see this might end up hijacking the thread, which wasn't really my intention, but I think it's interesting...

Re:I know you slashdotters hate to hear it

[Thornburg]

Because this whole article is FUD.

I don't even know why shims are a problem. It's not like the API consumer needs to know they exist. Even more so, just use the API correctly and you'll never have compatibility issues in your app. The Microsoft philosophy is to let people to the wrong thing and let it work out right. I don't agree with that, but, hey, it doesn't really matter WHAT Microsoft does with Windows, really.

Did you actually read the document? Do you know what shims are?

The whole reason shims exist is because the APIs change over time, so what was correct usage in Win2000 or WinXP might not be correct in Vista or 7. Shims let applications written for older versions of the API work on the current OS without the current OS having to have all the different API versions simultaneously active*.

*Wow, would that be one heck of a mess.

Re:I know you slashdotters hate to hear it

[x2A]

"The argument is that it's ridiculous to suggest that backwards compatibility is "THE REASON" for MS's success"

I don't think the word 'the' was meant to be taken as a literal definite article, sometimes people exagerate to demonstrate their point as a shorthand way of explaining that the actual extent of their point is large enough to warrent exageration. It's something I personally prefer to not do, but I don't think it's too much of a problem when people do.

I don't think anyone's going to suggest that MS OS's are perfectly backward compatible; sometimes things do need to change, and sometimes things rely on bugs that shouldn't be left open, but in all my own personal experience, they do win hands down next to Linux and Apple (I can't comment outside the scope of those three). Say what you want about "having the source code", but when things need certain versions of libraries for certain APIs, or relied on the way a particular version of GCC compiled their code that's now no longer the case, things don't stay so black and white. Yes I've been able to update a lot of old code myself to reflect changes and get it to compile, but there's still an awful lot I can't.

Re:I know you slashdotters hate to hear it

[Thornburg]

We all know that Solaris doesn't own the desktop. Hell, I'm a Solaris fan as AFAIC they don't even HAVE a desktop.

Just FYI, they _do_ have a desktop--at least, OpenSolaris does.

I really liked what I saw when I tried out the OpenSolaris livecd, but I don't have a valid reason to run it anywhere, so I can't comment on the long-term quality/usability.

Re:I know you slashdotters hate to hear it

[Z00L00K]

And it's also the reason why we are going to hear about security issues with Windows even in the future.

I certainly miss some of the abilities that *nix offers like chroot, setuid etc. that makes it easy to do things in a controlled manner.

Re:I know you slashdotters hate to hear it

[je+ne+sais+quoi]

And one more thing, saying that linux sucks for backwards compability unless you use open source software is the equivalent of saying that windows sucks for games unless you use directX. While technically true, you're negating the best, best feature of the OS in that arena. In any case, it's still not true for linux, as I point out above because you can use whatever libraries you wish using modules.

Re:I know you slashdotters hate to hear it

[VGPowerlord]

As I recall, "somewhere safe" is %APPDATA%\VirtualStore\Program Files\ etc or something that looks a lot like that. I can't check here because I'm at work and we use XP here.

Re:I know you slashdotters hate to hear it

[BrokenHalo]

But yeah, you're right, if they dumped compatibility people would get pissed off, because they do want backward compatibility!

Indeed. That's why MSOffice is always backwards-compatible with earlier versions.

Oh wait...

Re:I know you slashdotters hate to hear it

[Late+Adopter]

Wine is the definition of using hacks to get an app to run on an OS.

Wine is an (unofficial) implementation of the Win32 API. How is writing a library a hack? Because the official documentation is inconsistent and occasionally incorrect? That just makes it hard.

Re:I know you slashdotters hate to hear it

[x2A]

Well just to play penguins advocate (what, you're a bsd buff?) but one app doesn't exactly give a whole picture. I'm a Linux From Scratch guy, so I know how much of a pain it can be to get old stuff to run even with the source code. Often I can fix it up (like where the code's broken due to changes in gcc, which are usually fairly easy to fix) but often enough I've had to just drop the idea of getting certain things running unfortunately time isn't supply on demand.

What about if you want to use your hardware, like say, your nvidia graphics card? Sure you can argue that nvidia should open source their drivers, or you can tell people to wait for nouveux, but they won't, and they won't!

Please note before you argue back cases for windows non-backward-compatibility examples, these are not intended to be counter arguments to your statements about windows, just your statements about linux.

Re:I know you slashdotters hate to hear it

[charlieman]

Yeah of course, but in GNU/Linux mostly you don't need to pay to upgrade so you barely need backwards compatibility.

Also, is this some sort of privileges sandbox?

Re:I know you slashdotters hate to hear it

[Score+Whore]

Just to play devil's advocate, linux runs any X11 app

This is plainly not true. The various releases of X11 are incompatible at the protocol level and the API level. Not only did you have to fix up your code to compile against the new Xlib, your old binaries wouldn't work on the new server either. There are also plenty of extensions that applications depend on that aren't necessarily present in every X11 server. More or less exactly what you'd find throughout the various versions of Windows: some libraries and technologies get old and wither.

Re:I know you slashdotters hate to hear it

[mazarin5]

Indeed. That's why MSOffice is always backwards-compatible with earlier versions.

In general it is compatible - but only in one direction. You can load MSOffice n documents in MSOffice n+1 but not the other way around.

So, you don't lose any of your own data, and your information sources are still valid. Unfortunately, companies who rely on your data now need to upgrade or find another provider. Their backwards compatibility is like a checkvalve, forcing every customer in one direction if they want to stay in the game.

Re:I know you slashdotters hate to hear it

[TemporalBeing]

"or flagrant violation of antitrust laws"

hint: they had to become a monopoly power first!

Microsoft were competing unfairly long before they became a monopoly, and this is also illegal.

IANAL, but...

It depends on what they did to "compete unfairly". For example, it is not illegal for a vendor to have a contract with an OEM that the OEM could not buy a competitor's products if the vendor is not in a market monopoly position.

On the other hand, it is illegal for them to bribe, blackmail, or threaten someone to sign the contract.

To summarize - my point (and the GP's point) is the antitrust laws define a monopoly, and unless the entity falls into that definition there is a lot they can do that they couldn't do otherwise. Anti-trust laws only limit what a monopoly can do - not everyone else.

Re:I know you slashdotters hate to hear it

[Late+Adopter]

I'm a big fan of this feature, and indeed it's what allows me to play my old Loki games on my laptop, but it does have a downside over a fixed ABI: you have to use old versions of libraries, missing out on whatever security- and bug-fixes haven't been backported.

The source for the libraries is all there, sure, but having two parallel branches of the same code is usually wasteful.

Re:I know you slashdotters hate to hear it

[EvanED]

The whole reason shims exist is because the APIs change over time, so what was correct usage in Win2000 or WinXP might not be correct in Vista or 7.

Well, depending on how you interpret that statement, that's only part of the reason, because MS rarely breaks an API in a backwards-incompatible way.

There are basically two reasons why software stops working on windows:

1.) It makes assumptions that are at a higher level than what the API does. For instance, that the user is running as administrator. At least on the NT line, it has never been the case that the API has "allowed" a program to assume that a requested access to HKEY_LOCAL_MACHINE will succeed, or that it can write to Program Files. (Starcraft crashes at the end of a game when run as a limited user under XP -- presumably because it tries to write LastReplay to Program Files.) Even if the API can theoretically return an 'access denied' error, the programmer assumes that it won't actually arise in practice.

Another example of this is DOS programs that assume they can access the hardware directly and stuff like that, which "of course" doesn't work under NT.

2.) It makes assumptions that are not part of the API proper, but just artifacts of the implementation. For instance, assuming HANDLEs (which the API says should be opaque) are pointers which can be directly accessed (which is true in version A but not true in version B). One good example of how subtle this can be is a shell namespace extension that implemented a function signature wrong by giving the wrong number of arguments. This creates the strong potential for stack corruption. On Windows 95 and NT 4, it worked because Windows was compiled with frame pointers, which left it robust to that error. With Windows 2000, Windows was compiled with the frame pointer optimization, which meant that program crashed Explorer. At no point was "Windows will be compiled with frame pointers" part of the API.

(Then there are higher level problems of a similar nature. There are programs that will open up the display properties dialog then send tab messages or otherwise enumerate the controls present, then change, say, the fifth control so it has the setting they want. What if MS changes the tab order or adds a new control? Boom.)

So if you say that "the APIs change over time" means that their defined behavior changes, this is the decidedly minor aspect of compatibility problems. It's only if you allow implementation-specific details to creep in (which I don't consider part of the API) that your statement is true.

Re:I know you slashdotters hate to hear it

[EvanED]

Wine is an (unofficial) implementation of the Win32 API.

So are the shims.

Re:I know you slashdotters hate to hear it

[x2A]

I believe your reasoning is a little off... I think there are many reasons why breaks in compatibility can occur, I really don't think that it's because people being pissed off with breaks in compatiblity shows that they want backward compatiblity. That's just not how motivation in people works.

Re:I know you slashdotters hate to hear it

[EvanED]

Just to play devil's advocate, linux runs any X11 app and that goes back decades and decades (e.g., nethack is from 1985).

If you recompile it. I would be astounded if you could take a nethack binary from before Linux was invented and run it on Linux.

By contrast, there are DOS programs older than Nethack that still run under 32-bit Vista. Binaries.

Also, often apps that runs on OS X can run on any version of OS X but there were some changes between point releases but I don't know of an app that fails to run on new versions.

How 'bout pre OS X? I mean, OS X is only, what, 10 years old? That's less

Re:I know you slashdotters hate to hear it

[x2A]

I dunno, does your computer play 'whoosh' sounds at you when you scroll down or anything? If it's confusing you, you should turn that off.

Re:I know you slashdotters hate to hear it

[wlt]

I've been told by a friend that this is also one of the reasons why Sun was losing customers - they EOL-ed Solaris 8, and (Sun's forwards-binary-compatibility-guarantee notwithstanding) the customers decided if they weren't going to be able to just "keep the old stuff going" (what with new SPARC hardware not being able to run older versions of Solaris), and were going to have to move off Solaris 8 (or even 7), they may as well move to linux/windows/anything-other-than-Solaris.

this makes a big difference because of the number of Sun customers during the Solaris 7-8 days...

Re:I know you slashdotters hate to hear it

[EvanED]

(Damn it, this firefox extension I have will occasionally cause focus to jump around, and it just happened to jump to the submit button before I was done. Advice: if you use Hit-A-Hint or its successor, LOL -- otherwise awesome BTW -- don't set 'space' to be one of the magic keys.)

Anyway:

How 'bout pre OS X? I mean, OS X is only, what, 10 years old? That's less than half the age of many programs that will still run.

Finally, I have all kinds of DOS or windows 3.11 apps that don't run well or at all on windows any more, even in emulation mode.

There are plenty of ones that don't run, but there are plenty that do, and "runs some" is better than almost any other platform's binary compatibility if you look at the time frame of the early 90s.

(Though if you want to see serious backwards compatibility, IBM's highest-end mainframes, the zSeries, still run System/370 binaries from the early 70s.)

Re:I know you slashdotters hate to hear it

[wlt]

Just to play devil's advocate, linux runs any X11 app and that goes back decades and decades ... there are other operating systems that achieve similar or greater (in the case of linux) backwards compatibility to their predecessors.

in my experience it's not quite that straightforward, in that even if you want to run older apps, you can run into all sorts of library/dependency issues. it wouldn't be a problem if that app was the ONLY thing you wanted to run, but it's a real bitch if an old app wants a particular library version while a newer app that you want to live on the same machine, doesn't

there are often little inconsistencies between behaviour of different versions...

Re:I know you slashdotters hate to hear it

[wlt]

The reason for that is that Sun had? has? an explicit "binary forwards compatibility" guarantee in that the binary you have now is supposed to run on the next/future versions of Solaris. This doesn't always work out 100% (there are always changes in things that will cause issues for any non-trivial app).

Re:I know you slashdotters hate to hear it

[EchaniDrgn]

It's called 'transition', and it's much less disruptive, esp to businesses, than quantum leaps.

Yeah, besides, do you remember how long it took Ziggy to figure anything out? Like half an hour on a good day. If all my applications ran like that I'd be pissed too.

Re:I know you slashdotters hate to hear it

[jonbryce]

You can load Office 2007/8 documents in Office 2003 with a free downloadable addon.

Re:I know you slashdotters hate to hear it

[Joe+U]

Funny, Apple was able to make the transition from insecure, single-user based OS to more secure, multi-user OS without too much trouble and keeping a compatibility layer for older apps. Why can't Microsoft do the same?

When you only have about 20 apps for the platform, it's easy.

Re:I know you slashdotters hate to hear it

[Joe+U]

Never underestimate programmers using undocumented API calls as well.

(Yeah, I used one, a while ago in MFC, but it was a really useful function that I didn't want to spend time to rewrite)

Re:I know you slashdotters hate to hear it

[amRadioHed]

That doesn't make any sense to me. Why would a business switch to a platform they have no experience with instead of just making the much simpler transition to Solaris 9?

Re:I know you slashdotters hate to hear it

[hairyfeet]

Oh please! Look up the dirt on Commodore, or any of the other players then. They were ALL screwing somebody over. Remember this "Greed is good. Greed works" Wall Street? That was the whole culture then. It was Reagan and trickle upon you economics. Then are plenty of stories of Commodore screwing vendors and suppliers and anybody else that would give their company an advantage.

Face it-They all did it, Bill Gates was just meaner. But don't worry, I predict that MSFT will just keep slowly sinking year after year, and OS after OS. Because the Ballmer monkey will find a way to fuck up everything they do. He is just too much of a marketing drone addicted to buzzword bingo. MSFT without Gates is like Apple without Jobs-It just don't work. Gates may be a bastard, but he was a bastard that could put out a good business OS. All Ballmer does is bungle from one bad idea to the next. Kinda like when the Pepsi guy nearly bankrupted Apple. Of course MSFT has more money, so it'll take Ballmer longer than the Pepsi guy, but don't worry, just give him time.

The whole "Sell Starter in the USA so you can "monetize the IP" and create "upsell potential" to "maximize shareholder value" BS shows that he is on the right track. The way MSFT has been raising capital lately I bet Ballmer is planning a REALLY expensive dumbass purchase, which will help him get closer to the Pepsi guy's schedule. Just give him time.

Re:I know you slashdotters hate to hear it

[Sparks23]

I'd agree that the backwards compatibility has been a huge factor in their dominance, especially in enterprise installs. But I would also say that the same backwards compatibility has been a curse as well as a blessing in some ways.

A blessing, in that you could with a reasonable degree of certitude run custom in-house apps dating from the Win 3.1 era on later versions of the OS. This meant companies were free to upgrade to later versions of Windows without having to rewrite all their in-house code. This meant they'd stick with Windows; if you have to rewrite your code for a newer OS, you're free to examine other options ("Would Linux serve us better? A Mac? Sun boxes?") you would not otherwise look into. By ensuring the enterprise users didn't have to do that, Microsoft kept them on Windows.

But this is also a curse, however, inasmuch as they now have to maintain that backwards compatibility or risk losing that same market. And that means you have to strike a careful balance; improve your security model, remove old and insecure APIs (or change them to be more secure) and you run the risk of breaking all of that software. Microsoft wants/needs to move forward, modernize the OS. But in order to do so, they likely will break older things. When even /rumors/ of incompatibility with Vista hit, you notice many companies didn't bother to test whether or not their stuff would run. They simply assumed that it would not, and did not upgrade.

So the backwards compatibility that helped them capture and hold the desktop market is *also* what drags them down a bit and prevents them from moving forward as much as they would like.

I think in some ways this makes the biggest competitor to Vista (and presumably Windows 7) not Mac OS X or Linux, but Windows XP. Simply because of that same 'backwards compatibility is important to the market' factor.

That's my $0.02 + state sales tax, anyway.

Re:I know you slashdotters hate to hear it

[icannotthinkofaname]

Competing unfairly in ways like only offering discounts to companies that don't stock competing products - discounts so large that anyone who wanted to stock a competing product basically could not hope to sell anything by Microsoft at a competitive price.

That, I say, was a lucky gamble on Microsoft's part. If there had been a viable alternative that didn't cost anything, it would have been naturally cheaper than Microsoft Windows on the same hardware, and I imagine that Microsoft wouldn't have risen to the imperial power that it is today if it had had to deal with that kind of competition. Maybe Microsoft would still be a competitor, if this alternate universe had happened, but for that to be true, Microsoftware would have to have been a lot more focused on stability.

Given that Windows 3.0 was 1990 and Windows 3.1 was 1992, Linux was just a little late to the party. MS was just in the right place at the right time. And people are now so ingrained in Windows that viruses, license costs, IE, and daily application crashing are simply realities of computers, rather than shortcomings of Microsoft; these users who refuse to search for other options or learn different systems are the only reason that Microsoft still holds its power today. If the market were still a competition, instead of just ignorant users listening for a select few words, there would be a lot more pressure on Microsoft to deliver stable Microsoftware.

What part of history am I missing here? I'm sure that companies tried to compete with Microsoft back in the late '80s and early '90s, but what went wrong? Why was Microsoft, specifically, so appealing to sell?

Re:I know you slashdotters hate to hear it

[nxtw]

If you have an app that runs on OS 9, you can run that in classic mode (which I believe they stopped including for leopard, but I'm not sure), and that takes us back to 1999.

Classic was dropped in 10.5 and only works on PowerPC, anyway. So, as long as you have a 3+ year old Mac and are running an older version of the operating system...

Of course, if you stick with 10.4, you won't be able to run lots of newer programs... which commonly require 10.5.

Just to play devil's advocate, linux runs any X11 app and that goes back decades and decades (e.g., nethack is from 1985).

And if a program from the 80s can be compiled on a modern GNU/Linux system, it can be compiled for many systems - Windows (with SFU/SUA or Cygwin), OS X, BSD, Solaris... And X servers are available for all of those operating systems as well.

Re:I know you slashdotters hate to hear it

[SBrach]

You don't get it, this is /., if there is an article about Microsoft being told to not bundle a browser with Windows and someone says they think Apple should have to ditch Safari the answer is "Apple is not a monopoly and is not subject to anti-trust laws". However, if you bring up Microsoft adding a clock to windows 1.0 before they were a monopoly the response is, "OMFG, ANTITRUST!!!111!!!"

Try a little harder to follow the /. posting guidelines next time, ok?

Re:I know you slashdotters hate to hear it

[mzs]

That's so backwards though. There are some posts here about how amazingly good Solaris is about backwards compatibility. I can confirm that with my experiences as well. That is the right way, to think about backwards compatibility by emphasizing a stable and backwards compat symbols in libraries, sycall numbers, C++ library binary interface, /proc, /dev, args to binaries in /*/*bin and /*bin, and ELF relocation types. Then you can rely on the dynamic linker and versioned dynamic libraries where needed. With this approach you yo don't have the issue of all the old bugs and good luck when the args to tail change in a program that uses system() for it or /proc/foo changes its format.

Also the kernel api has stay very backwards compatible even from the move from SunOS to Solaris. Old kernel modules tend to just continue working though I have run into cases where they did not often due to a bug in the module itself not exposed in an older, slower, or with fewer cpus system.

Re:I know you slashdotters hate to hear it

[Chmcginn]

1.) The data migration & re-training had to take place anyway.

2.)Some degree of loss of trust - they assumed that some other vendor would be less likely to force them to upgrade OS at some point in the future.

Re:I know you slashdotters hate to hear it

[Acer500]

god forbid there's any dot matrix or thermal printers...)

Almost every business over here (Uruguay, South America) still relies on dot matrix printers for billing.

Small wonder that those businesses that do purchase Windows don't migrate, most of them since Windows 2000 or before, those set up after stay at XP and won't touch Vista with a ten foot pole.

not to mention the Microsoft tax is VERY expensive, after we got pricing from Microsoft of Server 2008 and the CALs the department head was joking about migrating to Linux - not that it is likely to happen, with our core business app being windows-only.

Re:I know you slashdotters hate to hear it

[Kral_Blbec]

what part of the backwards compatible didnt you catch as meaning only in one direction? If you really want forward compatability that either means absolutely no new features in any program anywhere...ever, or a crystal ball to see what programmers in the future are going to do.

Re:I know you slashdotters hate to hear it

[jonbryce]

c:\users\jonathan\AppData\Local\VirtualStore\Program Files (x86)\ in my case.

Re:I know you slashdotters hate to hear it

[gilesjuk]

Which is why Windows is a 32 bit extension to a 16 bit user interface for an 8 bit operating system based on a 4 bit architecture from a 2 bit company that can't stand 1 bit of competition.

Re:I know you slashdotters hate to hear it

[amRadioHed]

Still doesn't make sense. The transition from Sol8 to Sol9 was not that huge, not like the transition to Sol10 and certainly the training is nothing compared to migrating to Windows.

And what OS vendor doesn't EOL their products? Certainly not MS.

And BTW, Solaris 8 is still supported and will be for another 3 years.

Re:I know you slashdotters hate to hear it

[Dr_Barnowl]

Hence the use of .... shims. Things like the nvidia graphics driver have shims that get compiled to make the driver compatible with the kernel.

Having the source for your app is much better though, as you just so ably demonstrated.

Re:I know you slashdotters hate to hear it

[selven]

I never understood this whole "backward compatibility is bad" thing anyway.

Re:I know you slashdotters hate to hear it

[x2A]

The browser thing is so hypocritical it's almost beyond belief. MS were bundling IE with Windows right back to Win95 with IE2 IIRC. At the time, Netscape was closed source, paid for software, often licensed by ISPs to give out to their customers. We used it because it was what came with our ISP package and knew no different. I discovered IE when I double clicked on a .htm file on the harddisk once and wondered what it was. No one complained, because Netscape had pole position of mindshare and possibly (I'm guessing but cannot confirm) was better anyway. Then... IE started actually getting good, and there was competition, and all of a sudden it was "unfair that they're bundling a browser", even though it wasn't "unfair" for years before that. Now we have a range of open source, free browsers. We would still be buying them if IE wasn't given away with Windows. If you think that's unfair, then you can donate to your favourite browser team.

I liked that IE was integrated into the OS! Just as how I like that KDE does (or did, I've not used KDE4 to know if it's changed). But now, because other people weren't choosing to use other browsers, I now can't choose what I wanted. The whole things stinks of hypocrisy. But yes... this is slashdot huh. Oh well... I'm sure no one else will read this now anyway!

Re:I know you slashdotters hate to hear it

[x2A]

"What part of history am I missing here? I'm sure that companies tried to compete with Microsoft back in the late '80s"

T'is true. First PC I got my hands on (an old 8086) came with MS-DOS 3.2 and err... was either PC-DOS or DR-DOS. So that would be... choice... not bad businesses practices or enforced monopoly. We didn't know anything before that, I'd not even heard 'Microsoft', so I played with both (and the gui, Gem, which was cool!)... I carried on using MS. The other eventually became unrunable as the discs weren't looked after and got trashed... cuz we never used it. Was a big step up from CPM I'd been in contact with before that. I guess we just liked MS's software better.

Re:I know you slashdotters hate to hear it

[BikeHelmet]

I discovered IE when I double clicked on a .htm file on the harddisk once and wondered what it was.

I think you just proved the opposite point you intended.

Even back then, Microsoft/IE was stealing file associations! Multiple times in the past an update has set it IE(rather than the default browser) to be the default browser; the most recent time was an IE8 update.

If it isn't antitrust to claim control of a computer from another browser, it sure is shady to ignore what the user selects, so at the best IE/Microsoft are shady. :/

This is just like when an upgrade from IE6 to IE7 reset my Google search to MSN/"Live" search, and I had to change it back - and yet on another computer it left Yahoo search as the default. They seem to specifically target competitors; shady!

Re:I know you slashdotters hate to hear it

[x2A]

*lol* no it wasn't, this was pre windows update, netscape never had the file association, but i'd never noticed it before because to get on the internet, the first part of he process was to open up netscape. Everything was done from within there then. The idea of saving a page to harddisk and opening it from there quite simply hadn't cropped up until obviously the first time it did.

Re:I know you slashdotters hate to hear it

[BikeHelmet]

What!? You're giving the big evil corporation the benefit of the doubt!?

Well... fine. :P

But the stealing the default browser thing still applies. Microsoft has done that at least twice with IE.

Re:I know you slashdotters hate to hear it

[sjames]

That's why I refuse to get one of those newfangled autoMObiles until it knows what Giddap and Woah mean. I tried on once, but no matter how much I yelled or whipped it, it just wouldn't move.

Re:I know you slashdotters hate to hear it

[x2A]

"You're giving the big evil corporation the benefit of the doubt!?"

Doubt? No, there's no doubt in there at all, I'm saying quite categorically that whatever it was that was saved to disk that I opened was something netscape had never taken file association for; the browser was used in a way that file associations in the rest of the system were completely irrelevant to it, therefore the first time I did something that did use the file association system, it opened up IE; the version that came with the very first version of Win95. I seem to recall it was some time before I realised/understood that it was actually a different browser, rather than that I'd just found out some way of making netscape load up faster in some weird compact mode... which is why I'd been using it... it didn't take so long to start up.

And yeah, but who hasn't 'stolen' file associations? These days things seem to be better at giving you choice of what filetypes to associate with, but that's not always been the case. Might not excuse it, but MS doesn't really stand out from the crowd on that point... the negative feedback received over it would be why it doesn't happen so much now... all part of the process of progression.

Re:I know you slashdotters hate to hear it

[darkpixel2k]

But MS's support for backwards compatibility is THE REASON they own the desktop.

You can slam all you want, but they will continue to own the desktop because they run all the apps you want.

STFU! I haven't had any backwards compatibility issues with vi and xterm...ever!

And I'm betting the next 20 years of Linux won't see vi breaking backwards compatibility.

Re:I know you slashdotters hate to hear it

[navyjeff]

Even when you have a million apps, it's not that hard.

You know times are tough when one gets modded "troll" for speaking the truth.

Re:I know you slashdotters hate to hear it

[mobets]

I believe I am now running a 64 bit extension to a 32 bit extension to a 16 bit user interface for an 8 bit operating system based on a 4 bit architecture from a 2 bit company that can't stand 1 bit of competition.

Re:I know you slashdotters hate to hear it

[Late+Adopter]

From TFA, it sounds as if the shims are more of an "alternative" implementation for certain functions (providing expected behavior and necessary privileges). Which means doing some loader tricks (akin to setting LD_PRELOAD in Linux).

I don't want to belittle what they're doing, as it's a clever hack, and probably the best way to handle the situation, but it's not a full Win32 implementation linked normally, the way Wine and older Windows is.

Re:I know you slashdotters hate to hear it

[FooRat]

That's hilarious, of course, but a huge part of the reason is actually that the APIs are *better designed*. Well designed and implemented APIs have much fewer such problems.

Re:I know you slashdotters hate to hear it

[Joe+U]

That's hilarious, of course, but a huge part of the reason is actually that the APIs are *better designed*. Well designed and implemented APIs have much fewer such problems.

Please, feel free to go into detail on how the Win32 API is poorly designed over the Apple API (pre OSX), since that's what you're comparing. Specific details please.

Re:I know you slashdotters hate to hear it

[WMD_88]

And one more thing, saying that linux sucks for backwards compability unless you use open source software is the equivalent of saying that windows sucks for games unless you use directX. While technically true, you're negating the best, best feature of the OS in that arena.

That's fair; however, it's one feature that, I think, we're being too idealistic about. As much as I would like to see more commercial open-source software, the kinds of software that are probably needed for a real upsurge in Linux's popularity are not going to be written as open-source. The makers of such software aren't going to want to recompile for every Linux distro release when Windows (and heck, other *nixes) allow the same software to run for years, sometimes even decades, on the same binaries.

As for Modules...I looked at that homepage, and it sounds like something that could get very messy, with all those libraries installed and the user environment being changed all the time. Does it?

Re:I know you slashdotters hate to hear it

[ShakaUVM]

>>You can slam all you want, but they will continue to own the desktop because they run all the apps you want.

Sure, like how Vista can run MATLAB 2007 oh wait.

(And the code we licensed ONLY runs on MATLAB 2007... grr.)

Re:I know you slashdotters hate to hear it

[ShakaUVM]

>>MS were bundling IE with Windows right back to Win95 with IE2 IIRC.
>>No one complained

What???

You obviously weren't reading /. back then. Microsoft's dirty tricks with IE was huge news, even in the mainstream media.

Re:I know you slashdotters hate to hear it

[atraintocry]

Eh, we use both dot matrix (invoices) and thermal printers (shipping and receiving labels).

Migration is indeed hard but as you said the hard part is getting the data to match on both sides. Printing reports correctly doesn't seem like such a big deal...at worst you swap out your printer for one that speaks the right PCL or PS version, and if you can't do that then you hire a PCL or a PS guy for a weekend. Going from dot matrix to laser is a matter of coming up with a PCL header that will allow print the same number of columns you were going to send to the dot matrix, since everything's guaranteed to be fixed-width.

Of course, doing it all by yourself is difficult, and I do know the pain of being knee deep in PCL commands trying to get something to print correctly. (Because of course whoever supplies the software is not going to learn how to send the document to a host-based driver. That'd be unthinkable. No, let's pretend like it's still 1995.)

I agree that learning to use a new system is not a huge deal compared to being tasked with the migration, even if you have a very strong connection to the old system. But your users don't know that, and trust me they will regularly bring up the old, crappy system for 5 years like it was made of rainbows and unicorn poop, and they bring it up once every couple weeks for another 5.

Re:I know you slashdotters hate to hear it

[atraintocry]

Our business runs on something called BASIS and everything is stored in flat files. BASIS in turn runs on an old version of SCO OpenServer.

"oh look at me I'm stuck on FoxPro my object templates aren't hypermorphic" SCREW YOU AC

*sobs*

if youve got to go through a bunch of hacks

[wjh31]

just to get the software to work properly, you may as well just move to linux

Re:if youve got to go through a bunch of hacks

[Z_A_Commando]

Apparently not. According to Microsoft partners (i.e. consultants), a team of 2 or 3 consultants can teach a team of 3 or 4 internal people to shim applications in a hands-on fashion. The majority of this training centers around teaching what the shims are and what they do, not actually fixing software. That's reserved for the last 2 days of the 5 day session. During that time the consultant claimed they would shim a minimum of 25 apps to provide a broad understanding for the internal people

Something the article doesn't mention is how the shimming actually works, unless you read the linked Microsoft document. Essentially you use ACT to scour your intranet for software. You can't just look in Add/Remove programs since enterprises are notorious for not actually "installing" apps. The program creates a database of all applications that don't work with Vista/7 and why not. Then you go through and apply shims to the database. Now whenever a program starts up it looks at its internal DB or the external DB (depending on if it's been started before) to see if there are any necessary shims. If there are, it uses them and the user shouldn't notice any issues.

To your point that it's a lot of work, 25 apps shimmed in 2 days by 3 people who are learning to do it is pretty quick. You can always hire the consultants to do it all for you anyway. Plus moving to *nix would definitely require a bunch of hacks on your current system (read a complete rewrite)

Re:if youve got to go through a bunch of hacks

[Wrath0fb0b]

just to get the software to work properly, you may as well just move to linux

Option #1: Refactor the application to use a totally different set of OS APIs, display libraries and system calls.

Option #2: Refactor the application, removing all of a subset of "offending" API calls or wrapping them in a UAC-subroutine call.

Option #3: Provide a thin application compatibility layer that emulates the "offending" API calls in a non-offensive way.

I think that's in order from hardest to easiest, since you only have to do it once. Incidentally, given how well WoW64 works (and the answer is flawlessly), I don't see how they can't pull this off fairly well.

Re:if youve got to go through a bunch of hacks

[DarkOx]

By that logic WINE is just as good an option. Its transparent to the application and provides compatibility prior versions of Windows. If you have load additional software on windows or develop compatibility layers on your own then there is no value in the backward compatibility any longer. You might as well pour the same efforts into getting your app running on WINE.

Re:if youve got to go through a bunch of hacks

[eclectro]

you may as well just move to linux

Sounds great, does Linux support shims yet?

Re:if youve got to go through a bunch of hacks

[RiotingPacifist]

selinux, apparmor type security allowing it to run AS root while being locked down?
or chroot allowing it to think its root, while its really in a fakeroot?

nah i don't think anybody has been doing that for years on linux, nope not at all!

Re:if youve got to go through a bunch of hacks

[BarryJacobsen]

you may as well just move to linux

Sounds great, does Linux support shims yet?

Why yes, but they call it "wine" instead of "shim".

Re:if youve got to go through a bunch of hacks

[skiflyer]

That's not quite true, while there's backwards compatibility issues, there're also forward compatibility issues.

I need the shim so I can keep running ProgramX 2005 on my new Win7 box, but when ProgramX is upgraded using the latest and greatest, I also want to keep running it.

WINE programs tend to fail here for obvious reasons. I remember this hit me hard with Quickbooks... got it running under WINE, was thrilled, and then QB switched to .NET and wouldn't run under WINE anymore. I'm sure the WINE or Mono folks figured it out in the course of a few weeks or months, but I wasn't going to take my books offline while I waited for them.

And, no, I couldn't switch to LinuxAccountingPackageOfAwesomeness because I have to supply files of a certain format to an accounting professional. For us small guys, he only accepts Quickbooks.

Re:if youve got to go through a bunch of hacks

[ais523]

Not to mention, you can get exactly the same effect by messing with LD_PRELOAD, if you really want to do it the same way as Windows rather than one of the other ways that work for Linux.

If your going to virtualize XP on 7

You might as well virtualize XP on Linux.

Re:If your going to virtualize XP on 7

[x2A]

Why? API redirection is like a zillion times faster than virtualisation.

Re:If your going to virtualize XP on 7

[Sir_Lewk]

Because I could probably virtualize a zillion instances of XP under Linux on a machine that could just barely run Vista. Duh.

Re:If your going to virtualize XP on 7

[x2A]

Err... but that already exists (duh right back at ya), as does windows on window, which is what this is actually about. That being so, full virtualisation isn't needed and so would be total overkill.

This is so people can run their pre-vista software on vista. If your machine can only just barely run vista, then don't install vista, and you won't have these problems to begin with. Duh. It's not very complicated to, ya know, not do something. You don't even have to do anything to not do it. That's how I've managed to not be running vista.

Re:If your going to virtualize XP on 7

[Sir_Lewk]

You've been trolled son. Duh

Re:If your going to virtualize XP on 7

[x2A]

What kind of a defense is that?

Re:If your going to virtualize XP on 7

[Sir_Lewk]

You do know what a troll is right?...

Re:Mike

[lorenlal]

This is not a new solution at all. At my company, we had to employ a shim to make one of our "in house" developed apps work in XP even...

Please save any comments about "forcing our developers to fix their code." I mentioned it, and I might as well have suggested we invade Russia by land. Unfortunately, we got it to work, and the appropriate funding to make the software better never materialized since there was "no need to fix it anymore."

HA HA

[scribblej]

At the TechEd conference in LA, Microsoft associate software architect Chris Jackson joked, 'If you walk too loudly down the hall near the [Windows] kernel developers, you'll break 20 to 30 apps.'

Yeah, real funny. Our software is fragile as fuck, HA-ha

Who's laughing at that goddamn joke? Oh, right, Microsoft is -- all the way to the bank.

Re:HA HA

[x2A]

"Yeah, real funny"

It's slightly funnier if you don't think of jokes as being accurate representations of fact.

But I guess once you're angry, you're angry.

Re:HA HA

[MyLongNickName]

Ummmm. yea. You try writing an operating system in such a way that it can run applications that were designed for an older version of the operation system. Then throw in apps that don't bother with standard application programming guidelines. I have seen so many commercial pieces of software that write user config files to the program files directory or do something else equally stupid. Then Windows actually makes some gains in security and these apps break. Then it is Windows' fault.

Re:HA HA

[Migala77]

The 20 to 30 apps you'll be breaking are not MS apps, but are (usually misbehaving) third party apps. Read the SimCity example from Joel.

It will be a long time before Wine will have this level of compatibility.

Re:HA HA

[nametaken]

I think what he was saying is that the kernel developers are extremely careful about backward compatibility for the benefit of all the cheap, lazy companies out there that want to run some crapware legacy app from Windows 9x on Windows 7.

What he did was complement them and the insane requirements they work under.

Re:HA HA

[scribblej]

I dunno if I should bother to respond to this, but you and a bunch of other people all responded to me in a similar fashion, so I suppose it deserves addressing, if only for the people reading along.

I read that SimCity story years ago. You can take whatever lesson you want from it, but I personally took away from it "no /wonder/ the software in the Microsoft world is so fragile."

Seriously, folks, I understand the engineering concerns they are trying to address (I am a developer) but it goes without saying I think they're doing it wrong, or I would use their platform instead of the alternatives I rely on.

I couldn't care less about whether Wine can manage to keep up with their output of cruft. It's like saying "it'll be forever until you can shit out a turd as big as mine." Personally, I don't want your turd OR the imitation turd. Thanks.

There's a lot of support in this thread for the general application of shims. But traditional software development doesn't call them "shims" -- it calls them "edge cases" and they are to be avoided like the plague!

Re:HA HA

[Blakey+Rat]

The thing you miss is that all this cruft does exist in Windows-- and yet Windows is still JUST AS GOOD as all the competing OSes. (Worse in some areas, and better in others.)

In short, if the shims don't affect featureset or performance, why the hell should I, as a consumer, give a flying fuck whether it's "less crufty" without them?

if i were a microsoft public relations flak

[circletimessquare]

i would downplay this notion of shims, and ballyhoo this notion of duct tape

shims just sound like a lame hack. using a shim means you've given up on elegance and respectability

but duct tape is awesome! if you use duct tape to solve a problem you are a manly mcgyveresque resourceful type

windows 7: the duct tape os, is a mark of pride dude!

Re:if i were a microsoft public relations flak

[Daltorak]

shims just sound like a lame hack. using a shim means you've given up on elegance and respectability

Shims allow Microsoft to fix bugs in Windows without affecting applications. Changing how any API call works, even to fix something that is clearly wrong, can cause major problems, because there could very well be applications out there that rely on the broken behaviour.

I'll give you a practical example. In Windows 7, they fixed the CreateFileEx() API call, which is used to create and open files. Pretty much every application out there uses this API, so changing how it works would be about as dangerous as changing how a core CLI utility on Unix like "sed" or "grep" works and then rolling out the change to production systems around the world.

The bug in Vista (but has existed in Windows for quite some time) is that if you were you request exclusive read access on a file that you do not have full access to, Windows would silently change your lock on that file to "shared read" access. Which is, of course, not what you asked for. There are plenty of other cases in CreateFileEx() where the API call will fail if you ask it to do something your user account doesn't have permission to do. They fixed this in Windows 7, but this is obviously a case where fixing a bug in Windows will cause many applications to crash or not function properly.

In order to provide this bug fix, and therefore make Windows better, they've added in a new (optional) application compatibility manifest that new applications can use that says, "hey, I want the Windows 7 behaviour!", and this CreateFileEx() fix -- as well as a number of other bug fixes -- will be in place for your application. Microsoft is saying that they will also maintain that defined compatibility level through future versions of Windows, too, i.e. on Windows 8, you'll get the Windows 7 API behaviour.

Sure beats having to keep up with KDE's world-breaking changes every few years, don't you think?

There really is no other good way of going about this. An "elegant and respectable" solution would probably involve every software company, ever, fixing every bug in their software, ever, that prevents their application from being compatible with Windows 7. What do you suppose the chances of that happening are? You might as well be a seven-year-old girl asking for a live unicorn for your birthday... you just might have better luck! A lot of software that needs to run on Windows is in-house jobbies written years ago by people who'd just learned the difference between "If" and "While" BASIC statements. It would likely cost a lot of money to scour the whole code-base and fix it... and that's if they even still have the code and can find someone to do the work! (What if the contractor ran off with it and is holding it for random? I've got a friend who's dealing with that very issue right now!!)

Microsoft's solution to this problem is to give IT people the ability to analyze the software they have to run and to apply shims to make it work. Microsoft will even help companies with this, often for no cost at all.

Elegance is nice, but it can be prohibitively expensive. Shims are for the real world.

Re:if i were a microsoft public relations flak

[EvanED]

Shims allow Microsoft to fix bugs in Windows without affecting applications.

The other (and probably bigger) thing they allow MS to do is fix bugs in other applications they don't have source code to without affecting Windows.

Tons of programs out there make unwarranted assumptions about how functions will behave -- that handles are actually pointers, that a function treats an unused out parameter in a specific way, even that programs or dialogs have controls laid out in a specific way. Shims allow MS to change the implementation of the functions without changing the contract.

(This is distinguished from your example because, in your example, the CreateFileEx contract is actually changing, and the old API spec and/or Windows is buggy. In my example, the contract remains the same, and the program is buggy.)

Re:if i were a microsoft public relations flak

[Ash+Vince]

This is one of the most insightful comments I have read in this discussion but the mods have done their usual thing.

This is really a reply to the people who moderated this comment down. One day you will all get a job and will start to realise that sometimes commercial pressures (ie - your company paying your wages at the end of the month instead of going under) dictate that software has to be released before it is perfect.

Nobody likes having to rush things out the door before they are ready, but sometimes it is forced on you. Sometimes the management team set a ridiculous deadline. Sometimes the technical leads misjudge how complicated a job will be. Everybody makes mistakes and sometimes they backfire. Sometimes what is supposed to be a short term, short lived project (ie - MS-DOS and the first IBM PC) takes off in a big way and far outlives its expectations. As a company you can hardly then go to the market and say you released a lemon to get some desperately needed cash in, not if you want to stay in business.

Re:if i were a microsoft public relations flak

[x2A]

Wow didn't even realise it'd been modded down so heavily, thanks for bringing it to my attention! *lol* but yes, reminders that there are reasonable and experiences people on here too is what keeps me coming back. The signal to noise ratio is horrendous, it seems full of people emoting uncontrollably and unreasonably, but I figure that just means the rest of us have to speak up more often, cuz we are what make it! Take it easy dude :-)

Re:Mike

[TheRealMindChild]

How did you create said shim?

Meh, this isn't the issue 90% of the time...

[TrisexualPuppy]

When my company eventually switched over to Vista, the software just took a few tweaks here and there, e.g, what can be found here. So far in our tests on the RC, we haven't *had* to run anything as a SU, and everything has been "curable" with little hacks here and there.

If you are smart, you are usually on software support anyway, and your publisher can help you out. When we tried AutoCAD Inventor in Vista/Seven, it was just a quick call to AutoDesk to get it working. My thoughts on legacy software? Stay away from it!!!

Re:Meh, this isn't the issue 90% of the time...

[MrNaz]

You can't always stay away from legacy apps. Legacy apps are made to fill a need that a particular company has in a particular situation. This usually means that when their app is finally put up against the wall, their choices are either stick with the entire old ecosystem, OS and all, or rewrite from scratch.

Given finite budgets and a culture that values returns *this* quarter at the expense of every future quarter, guess which option gets picked most often.

Re:Meh, this isn't the issue 90% of the time...

[Tanktalus]

I'm just curious ... what's the difference between having to shim ENTERPRISE CLASS SOFTWARE and, oh, say, just switching to Linux? Seriously, is this less work?

Re:Meh, this isn't the issue 90% of the time...

[skiflyer]

Yes, training is almost always more expensive than the change.

Let's take a small company using enterprise class software... say 15,000 employees. And let's pretend you pay them squat, $10/hr. Means it costs you $15/hr at least to have them.

So every hour you spend training costs $225,000 ... windows -> linux would likely be a 4 hour afternoon session, so you're knocking at a million dollars just for your employees time. You haven't even paid the trainers yet, and this won't be one massive webinar, you're doing at least a dozen or two sessions.

Tack on the ramped up support costs at the start of the deployment cycle, and the fact that skilled linux personnel command a higher salary than skilled windows personnel.

Then add in the fact that you bought the enterprise class software in the first place because it does what you want. Odds are OS was a minor concern when you purchased it to start.

So yes, it's a big difference.

Re:Meh, this isn't the issue 90% of the time...

[xenolion]

I can give you a quick example of why they don't change to Linux. Time equals money. Teaching employees to use new OS stops them from working so you lose time working on work. Also paying someone to teach your employees to use the software cost extra cash. So its a loss to a company they will stick with what is the same.

Re:Meh, this isn't the issue 90% of the time...

[Tanktalus]

I get time is money. Which is why I'm curious. Is it really less expensive to teach employees to shim applications (and deal with any fallout from where shimming doesn't work) vs just teaching them an operating system that works? Both involve up-front costs. Both hit your IT department. Both hit your users (mostly in a "shut up and use it" kind of way). But the question is: how much do you trust shimming to work vs just getting out of the cycle altogether? Is the risk of shimming considered when discussing the costs, or is it just the up-front costs that CFOs are looking at?

Re:Meh, this isn't the issue 90% of the time...

[xenolion]

I've been in those meeting where you have to convince a board that moving to a different OS would be better for the company, cost up front would have to be 60% of the hold back, 15% training people the last 25% is the people on the board fear change so much they think anything different is going to take their job away. I don't know what you do as a job or your education but I'm betting that you have seen this your self and 90% of the fellow slashdoter's have been there too and can add to this. To a techie change is welcomed to a average board member change is not coming near them.

Re:Meh, this isn't the issue 90% of the time...

[PitaBred]

Sure, it costs money to switch. The problem is that MBA's don't understand (or don't care) how much just supporting the current system costs. How much do you spend on Windows licenses? How much on individual software licenses? Software maintenance and ongoing training (every time a virus hits...)? Doing one side of the costs of switching is necessary, but don't forget to calculate the costs of NOT switching.

Re:Meh, this isn't the issue 90% of the time...

[cbreaker]

That often depends on the culture of the particular organization. I've worked for and done work for a lot of companies, and sometimes the users are flexible and sometimes they are rigid.

It almost always depends on how much upper management stands by IT. If a secretary can tell the CEO that she doesn't like the new Icon for Outlook and you're forced to change it, chances are good that you'll NEVER be able to make a major change. But, if management is on the side of IT and trusts the IT department to make the right decisions, the users will be more likely to adapt and take it in stride.

Re:Meh, this isn't the issue 90% of the time...

[cbreaker]

Since when does a small company have 15,000 employees?

Re:Meh, this isn't the issue 90% of the time...

[skiflyer]

That's not just people being stupid. The assumption is the cost to support one is close enough to the cost of supporting the other to disregard any differences.

The obvious issue bandied about for Linux - additional support cost (pricier personnel, fewer contracts/vendors, etc.) vs. the MS licensing cost.

Mind you I'm not agreeing or disagreeing on this particular example, but there is a why.

Re:Meh, this isn't the issue 90% of the time...

[ta+bu+shi+da+yu]

The obvious issue bandied about for Linux - additional support cost (pricier personnel, fewer contracts/vendors, etc.) vs. the MS licensing cost.

I don't think it's obvious at all. To get proper support from Microsoft (or any other vendor) you need to purchase a support or maintenance contract. I'm not sure how this is any different to buying a support contract with SuSE, RedHat or Ubuntu.

Re:Meh, this isn't the issue 90% of the time...

[FooRat]

Wow, talk about short-sighted:

"So every hour you spend training costs $225,000 ... windows -> linux would likely be a 4 hour afternoon session, so you're knocking at a million dollars just for your employees time."

Now let's say that you saved $100 for each of those users in Microsoft and anti-virus software licensing fees, and that the extra robustness and security on Linux saved each of those employees 16 man-hours per year, plus you can let five of your IT admins go because there are fewer spyware infections etc. At what point have you broken even? What is your ROI over 1 year? Training *is* an investment cost, but the key word is 'investment'.

Oh gawd

[Niris]

So maybe it's just in my area, but I always heard the word Shim as a reference to a shemale (she-him). Helping with Windows transitions... hrm.

Re:Mike

[dave562]

On one hand you didn't get the money to fix your code. On the other hand, Microsoft stepped up to the plate to "protect your investment in your legacy solution". The only cost to your organization was the time spent sorting out the shims. You mentioned you had to shim an app to get it work on XP. How old was it? Did it run on 2000? Was it developed for 2000 or NT? At the risk of comparing apples and oranges here, how many nearly ten year old Linux apps can you run on the current kernel without a recompile or rewrite?

One of my biggest gripes with MS has been needing "administrator" rights to run seemingly standard applications. Nine times out of ten the requirement comes from poor coding practice on the part of the developers. It is good to see Microsoft finally stepping up and providing a work around instead of forcing everyone else to wait for some developers who might not ever get around to fixing their apps.

I'm reading the documentation right now, but I'm curious if it resolves the security problems. I'm guessing that a shimmed app is running in a sandbox? Or is the shimmed app given fully elevated privileges so that if gets compromised, the exploit code can still own the system?

Re:Mike

[lorenlal]

Fortunately, I didn't have to. It happened before I started here. But I'm going to go out on a limb and guess that it was applied when the software was packaged into an MSI format.

We = company in this case. I should have specified.

The suggestions I made came long after the fact. I was informed by my leadership that they had already lost that fight, and that I shouldn't bother pursuing it any further.

Re:Mike

[antifoidulus]

Are you sure it was the application writer's bad practices that forced many apps to require admin privileges? Because the phenomenon of having to run most day to day apps as an admin seems to be limited to Windows. We run an all Mac/Linux shop with 100+ workstations and dozens of servers and we do some pretty complex stuff and NONE of our users has to be an admin to get their job done. That is just unheard of in the Windows world, but has been the norm in the *nix world for the past 2 decades.....

love or hate it.

[DRAGONWEEZEL]

Shims work.

It reminds me of the part in "Zen & the Art of Motorcycle Maintenance" where he suggests to John that beer can aluminum would be the perfect shim to keep his handlebars from slipping. John rejects the idea of using a beercan on his beemer, and so goes to buy "quality shimstock" which is probably made from beercans.

We shim many things, and I had no clue till I took off the siding of my house, and redid a few doors. Shims are how we make construction look good, and still get it done in a timely manner.

Surely it applies to programming as well?

Re:love or hate it.

[ausekilis]

Shims work.

Surely it applies to programming as well?

They do... They're called "hacks", and often come from a poor design decision and result in uglier code that's more difficult to maintain.

Re:love or hate it.

[BobMcD]

I for one detest ugly hacks like shims and sudo... ...oh, wait.

Re:love or hate it.

[phantomfive]

I really like your comment, it's well written and interesting. The thing here is, Microsoft has no clear direction with their OS. Since win2k, they should have cleared up their security model, made everything clean, etc. But they didn't: alright, so sometimes mistakes happen. Fair enough.

Windows Vista was supposed to be their complete rewrite that broke backwards compatibility. That's where they should have put the shims in. Windows 7 was just supposed to be putting a new skin on the top, removing Vista's bad image. But no, they are putting more shims in, they are still deciding what they want to do with their OS. It makes them look like incompetent buffoons.

Actually that's not even accurate: Windows XP service pack 2 was supposed to clean up their security problems. And yet, here we are, several years later, STILL cleaning up security problems.

Re:love or hate it.

[Blakey+Rat]

Vista *does* have these shims in-place, and a huge database of applications that require them to work. The point of this article is that they're telling network administrators how to identify which applications (that Microsoft probably doesn't already know about) require the use of the shims, and how to set policies to tell Windows to "shim them." (Or whatever term they use.)

So congratulations, your post is not only factually wrong, but completely misses the point of the topic we're talking about.

Re:love or hate it.

[phantomfive]

Good point, thanks for the info.

Lexmark is a horrible offender.

[pecosdave]

Try getting a Lexmark all in one device to work while NOT admin - ain gonna happen. If you call up Lexmark to ask why their shits broke, they pawn it off on Microsoft. I spent quite a bit of time figuring out folders to change ownership permissions on to make that bastard work without giving admin to everyone.

Re:Mike

[lorenlal]

It was written in the 90s, in VB. That's about all I know. From what I understand, it did run properly in NT 4 SP6, but it was never tried on 2000.

Really, the point of the comment is that this is reuse of an old solution. Even during the attempt at migrating to Vista, shims were a suggested solution for applications that didn't work.

Re:Mike

[afidel]

Yeah but how many of those apps are SUDO or SUID? Oh and we run all but one of our apps on locked down Citrix servers where they users are just that users with fairly severe restrictions beyond even MS standard user rights, you just need an admin that knows what they are doing. (The one app isn't run on Citrix because of a graphics library problem not a permissions one, it doesn't run correctly on widescreen aspect systems either!)

Well

[AdmV0rl0n]

If you were really shafted, then the shims is worth a go.

In many many cases, applications can be fixed to run without admin rights. By checking using regmon, filemon, and similar, you can get a handle on what an app is opening and where the permissions issue lies.

This is a bit time consuming, and its a negative, but it is do-able.

There are four things that proceed the problem.
Lazy users
Very lazy developers. -- The prime cause of security failures in Windows.
People only too happy to simply run as admin -- Bad practice
MS setting users as admin to fit point 1,2,3

Windows is not insecure, not any level worse than anything else, but developers, users, and vendor run it insecurely, and worse, have an encouraging attitude for doing so.

MS have gone about the UAC thing very badly, but overall the step and move towards a UAC alike structure is long overdue, and is badly needed.

Re:Well

[LordKaT]

Everyone always cites lazy developers ... but I have to ask, is it really the programmers fault?

Assume that some database program will only run as an administrator. Is this because the developer couldn't be assed to write proper code, or is it the result of a very tight schedule imposed by management, who needs to ship their product before Q4 so they can meet their debt obligations, thus forcing the programmer is take the quick and dirty route for this bug so he can focus on show-stopping bugs?

Really, I think that this practice is a symptom of a much larger problem.

Re:Well

[AdmV0rl0n]

Yes, in respect to building the windows application it is always, always the developers fault.

And I mean - Always.
Devs have no business writing code that accesses the wrong part of the Registry hive, and they have no business for example, storing settings or program configs in a none user area, and thus forcing the user to run as admin when using the program.

The windows system, contrary to what some people peddle, is not so hard to handle or understand from a Dev point of view.

And I'll go even so far as to say it is not a vendor issue. A vendor whom employs a 'windows developer' as cited on a dev's CD should rightly expect a developer to produce code in a sensible way, along the lines of the well read and understood system.

If you or anyone reading this classes themselves as a windows dev, and you or they do not understand and know how to make a program run and work happily as a none admin user POST installation, you are not a dev, you are an only an amataur pertaining to be one, and you or they have some study and reading to do..

Re:Well

[AdmV0rl0n]

well, instead of "lazy developer" he should have written "lazy software vendor".

The vendors do not write the applications, the developers do. They are employed by the vendors, and writing the apps wrongly now costs their employers time and effort for their idiocy.

Re:Well

[Blakey+Rat]

How about "lazy development organization." But I think in the vast majority of cases, it's the lazy developers and not their managers at fault. Either way, it doesn't change the thrust of the argument.

Re:Well

[clodney]

Everyone always cites lazy developers ... but I have to ask, is it really the programmers fault?

It is not just laziness, the rules have changed over the years. A long time ago, in a galaxy far, far away, I wrote some software that controlled a device.

The PC could have multiple users, but only one of these devices. So I put the device settings in HKEY_LOCAL_MACHINE, and per user settings in HKEY_CURRENT_USER. I think this was all the way back in Windows 3.0, but maybe it was Win 95. Point is, at that point we had the concept of multiple users, but all the users were local - we thought in terms of a day shift and night shift worker sharing a machine. Most of these boxes didn't have network connections, let alone internet connections, so to the extent we worried about security, we were concerned with boot sector viruses.

Many years later, HKLM is locked down and everything should be in HKCU. But fixing it right will take a few days, and tweaking the installer to alter the registry permissions only takes a few hours. And marketing has other concerns with higher priority, and in many cases rightly so.

So was I lazy, when I wrote the code, or was marketing lazy when they decided to take the cheap fix and focus on adding new features to an app that has 20 years worth of cruft like that waiting to be fixed? Or maybe did we all make the right choice at the right time?

Re:Well

[NemoinSpace]

Here is an easy litmus test for any programmer that has ever written 1000 lines of code. Take any two programs one as an example how to do it right, and another how to do it wrong. Which one looks more like your code?

Taking shortcuts and writing other "novel" hacks isn't being lazy. It's more of being stupid becuase you haven't practiced enough doing it the right way to be good and quick at it.

Finally, Programmers, engineers and manufactures should be forced to use their own products, like a slumlord who is forced to live in one of their own apartments.

Re:Well

[Froobly]

You're trolling, aren't you.

In most companies, insubordination is a fireable offense. If your manager tells you to implement a feature, you either do it, or provide a good reason not to. Either way, at the end of the day, it's your manager's call.

If you're writing code for the first time, sure, get it right. If you've already got code, and it works, it's going to be a really hard sell to change it just because Microsoft published a memo.

Re:Well

[AdmV0rl0n]

You're trolling, aren't you.

In most companies, insubordination is a fireable offense. If your manager tells you to implement a feature, you either do it, or provide a good reason not to. Either way, at the end of the day, it's your manager's call.

If you're writing code for the first time, sure, get it right. If you've already got code, and it works, it's going to be a really hard sell to change it just because Microsoft published a memo.

He's trolling?
Are you kidding?
A good reason not to would be that its not along correct lines for the tool, it would end up having to be run as an admin, and is by connection, a security threat to the customer.

If you don't think this is a "good reason not to", that's your lookout.

And its not a memo. Don't let your lame anti MS rhetoric fool you into thinking that just cos its MS, its ok for you or anyone else to screw security, or good practice.

Re:Well

[Froobly]

Look, I've been on that end of the argument before. Yes, I do think it's important to follow security guidelines, but it's still difficult to convince management of this, and they're the ones paying the bills.

Unless a customer specifically says, "we need to be able to run as a Limited User," proper security compliance is going to fall into one of those "nice to have" areas. If it works as Administrator, and the customer is fine with that, then the company is going to want you to work on something else.

I didn't mean to come off as anti-Microsoft. I'm just saying from the company's perspective, this really looks like Microsoft is coming down from on high to unilaterally tell everyone to change their software that was written 10 years ago, and worked perfectly well back then.

And I'm accusing the parent of trolling because this is the exact situation the GP was talking about, which he completely ignored in favor of name calling. Just because somebody's on the opposing side of the argument does not make it okay to reply without reading his post. Even if it is Slashdot.

Re:Mike

[Nick+Ives]

I'm reading the documentation right now, but I'm curious if it resolves the security problems. I'm guessing that a shimmed app is running in a sandbox? Or is the shimmed app given fully elevated privileges so that if gets compromised, the exploit code can still own the system?

Neither. The shim code just lies to the app and says it has admin rights, it's just like fakeroot in Unix.

You then write code in the shim to intercept any calls that really require admin rights and deal with them appropriately. If it's something dumb like wanting to write to something in the Programme Files directory you can redirect it to the users home dir. If it's something that really requires admin then you can ask for it and the user gets a UAC prompt.

pointless

[Lord+Ender]

For a single-user system (the majority of Windows desktops), it doesn't matter whether or not the user is an Administrator, at least from a security perspective. What threats are you protecting against by subjecting users to extra authentication buttons when installing apps? The only thing the single user really cares about is his own data! Malware running with his (non-administratior) access can destroy his data just as well as malware running as administrator. With either permission, the malware can spread via sockets, file infections, or web access.

This obsession with UAC on single-user desktop systems is simply misguided. Yes, some existing malware may break if it runs with non-admin privileges. But once non-admin becomes common, malware authors will just stop presupposing admin access when coding.

Re:pointless

[MozeeToby]

What threats are you protecting against by subjecting users to extra authentication buttons when installing apps?

If something wants to install or edit system files or even view some important system information, you get a warning about it and explicitly have to ok the event. If someone clicks what they think is movie download (but is actually a malware installer) then clicks run without looking closely, UAC will pop up and ask if you really want to let that program edit system files.

Considering that the vast majority of malware is still caused by user initiated actions, that is a non-trivial piece of security.

Re:pointless

[Lord+Ender]

Did you read all the way to the end of my post? Because most machines do not use this "feature," it can screw up much existing malware. But as soon as the feature becomes standard, it will be a worthless expense. The mistake you are making is that you are forgetting that the data, not the system files, is all that matters to the end user.

Re:pointless

[MozeeToby]

Maybe I don't get what you're saying here so let me summarize my argument for why UAC makes sense...

UAC makes it much, much more difficult to install a program without the user's knowledge. UAC makes it much, much more difficult to make software run automatically on start up without the user's knowledge. UAC gives users more control over what is and isn't on their systems.

You seem to be making the argument that UAC is about protecting my data from someone else who uses my computer. That's not what UAC is meant to do.

Re:pointless

[RiotingPacifist]

erm
1) its easier to remove non-root malware
2) there are still many exploits for many programs, reducing the effect of these is still a good thing.
3) not all problems are malicious, buggy programs as root can cause much more trouble than the same program in a jail/chroot

Re:pointless

[Lord+Ender]

You overgeneralized about UAC, and you completely misstated my comments.

UAC is intended to prevent malware from harming the user. The idea is that malware running as a normal user (not as an administrator) can't harm the user or spread to other users. That's an absolutely false assumption--one which has its roots in the multi-user servers of yore, not the single-user desktops of today.

Today, malware running as a normal user can both spread and destroy all data on a system which the user values. When UAC deployment is common, malware authors will simply adjust their software so that it doesn't trigger UAC. No significant security benefit; large associated cost.

Re:pointless

[MozeeToby]

The idea is that malware running as a normal user...

That isn't the idea at all. The idea is to prevent the malware running at all. Yes, there is nothing stopping malware from destroying your files or spreading once it is being run, but UAC puts a significant obstacle (a big scary warning requiring user interaction) before malware is installed.

Re:pointless

[AdmV0rl0n]

erm
1) its easier to remove non-root malware
2) there are still many exploits for many programs, reducing the effect of these is still a good thing.
3) not all problems are malicious, buggy programs as root can cause much more trouble than the same program in a jail/chroot

Its very much harder for alien, malware, spyware code to run under a user than as admin, and still retain the hard to see, hard to kill, hard to remove, harder to embed on startup locations basis that much of it has today. Oh, it can still run, and cause a headache, but the context is important.

Exploits are a different animal, and in many cases are not reliant on the user run level, which is unfortunate, but a harsh reality. In this level, hoping for good vendor action in closing holes, and keeping systems updated, patched, or for example, blocked by security (firewalls or similar) is required. If a vendor becomes very poor in this area (Hello Adobe circa 2009) its worth throwing them out.

And you are correct, not running as admin limits damage made by simple user error or mistake.

Its accepted in the unix world that running as root is a bad idea. In the windows world, that is a battle still being fought.

And one I have to fight every single day.

*And no, running as admin, but having some security products on your box won't save you, won't protect you (the readers if applicable), please stop being dumb.

Re:pointless

[Lord+Ender]

The idea is to prevent the malware running at all.

No, it isn't. UAC puts a big scary warning before malware uses administrator privileges. It does not warn about or prevent malware from executing with the privileges of a normal user.

Re:pointless

[nicodoggie]

But really, when did such buttons ever convince most users to consider what they're doing? I remember reading an installation guide somewhere, a long time ago which said "Just press the 'Next' button until the 'Finish' button appears, and then press 'Finish'"

This was the root of most problems during the early ActiveX era, and as far as I can tell, still is today. I doubt UAC would stop anyone from being click happy.

For some reason, I'm beginning to think that the mouse is the single biggest security risk on a computer.

Re:pointless

[Lord+Ender]

You are right. Sudo doesn't help much at all on a single-user linux desktop, either. You could still accidentally wipe all your data. You could still execute destructive viral malware, all without using sudo. The system files protected by UAC and the sudo security model are the least important files on the machine.

Re:pointless

[rdebath]

No, No, No.

If the OS could be trusted things like "System Restore" and "Previous versions" could be useful and even worthwhile. With a solid user vs. admin boundary the system could backup data reliably before any malware gets to it. If the malware or a broken application tries to delete or corrupt anything the "previous versions" are there to be recovered without the user having to remember to do real backups every hour.

So if admin could be trusted, giving over the admin password would be giving access to your onsite backups (and direct hardware access). Something that a user application really doesn't need.

And finally, if Admin works you can give an unknown application access only to the files for itself and check that when the application has terminated it's all gone, there's nothing left running (like a spambot). As it happens I actually run firefox(shiretoko) like this, with no access to write outside it's own little world.

All these possibilities come directly from having a reliable Admin mode.

Re:pointless

[Rockoon]

I am a Windows programmer. C/C++, ASM, and even VB.

None of these languages inherently produces binaries which trigger UAC prompts. Not a single one.

One of your mistakes is the presumption that the concept of an installation procedure, known as the "installer," is something mandatory.

That in fact, none of these languages inherently produce installers, that the production of an installer is an additional development step that a programmer goes through. He does this when it is advantageous to do so, and that is only when his program has many dependencies, letting the installer navigate the minefield known as "DLL HELL" for him.

Walware does not have DLL HELL style dependencies, instead leveraging only what is considered the standard WIN32 API. You can drop an executable file in a folder (such as My Documents) and execute it, and as long as that executable does not do anything above the privileges of the user running it there will be absolutely no UAC prompt period and end of story.

As a point of fact, Windows now prevents the standard API's from being deleted/overwritten, so a malware author can now depend on them being there.

UAC protects the system from some malware, expecialy rootkits, but as the poster rightly pointed out.. malware authors will adapt and simply (it really is!) avoid triggering UAC prompts. That UAC is actualy determintal to the do-it-yourselfers who would go to great lengths to protect their own system, by protecting standard API's, is just more mud on the face of your arguement.

Re:pointless

[AdmV0rl0n]

For a single-user system (the majority of Windows desktops), it doesn't matter whether or not the user is an Administrator, at least from a security perspective. What threats are you protecting against by subjecting users to extra authentication buttons when installing apps? The only thing the single user really cares about is his own data! Malware running with his (non-administratior) access can destroy his data just as well as malware running as administrator. With either permission, the malware can spread via sockets, file infections, or web access.

This obsession with UAC on single-user desktop systems is simply misguided. Yes, some existing malware may break if it runs with non-admin privileges. But once non-admin becomes common, malware authors will just stop presupposing admin access when coding.

Who the hell deemed this posting insightful.
The writer, and those who dared to write 'insightful' on this are idiots. And I mean idiots of the highest caliber.

The 'at least from the security perspective' comment is a classic. So the fact you run your box as an admin, open yourself to all the securiity problems that brings, and make it exceptionally easy to infect yourself, means it makes no sense to you to run as a user instead. That's just marvellous.

Just so you know, after you're stupendously cretinously, ill educated behaviour infects your own machine, your stupidity costs everyone else.

When you idiocy leaves your bot netted machine infested and causing others problems, it actually goes to show that idiots like you should be banned from use until you actually get a clue.

Re:pointless

[AdmV0rl0n]

Did you read all the way to the end of my post? Because most machines do not use this "feature," it can screw up much existing malware. But as soon as the feature becomes standard, it will be a worthless expense. The mistake you are making is that you are forgetting that the data, not the system files, is all that matters to the end user.

You are the one making repeated mistakes.
The data resides within the system.

Your car stereo or home computer reside within your car and house respectively. You have keys for a reason, try using them. Or aternatively, leave all the doors open.

How you got a score of 2 for your incredible stupidity is a slur on Slashdot.

Re:pointless

[AdmV0rl0n]

You overgeneralized about UAC, and you completely misstated my comments.

UAC is intended to prevent malware from harming the user. The idea is that malware running as a normal user (not as an administrator) can't harm the user or spread to other users. That's an absolutely false assumption--one which has its roots in the multi-user servers of yore, not the single-user desktops of today.

Today, malware running as a normal user can both spread and destroy all data on a system which the user values. When UAC deployment is common, malware authors will simply adjust their software so that it doesn't trigger UAC. No significant security benefit; large associated cost.

It can't spread beyond the user, and it has far more trouble getting in. The fact you don't understand this means you have no idea at all about the shit you are shovelling.

Re:pointless

[AdmV0rl0n]

And the normal user is a restricted account.
99% of malware does not try to delete your fucking data shithead, it tries to insert itself into the system, so it runs for all users, and so it runs at start up, and so it can try to key log you or take your credit card details, or pour spam out from your badly run system.

Re:pointless

[AdmV0rl0n]

I am a Windows programmer. C/C++, ASM, and even VB.

None of these languages inherently produces binaries which trigger UAC prompts. Not a single one.

One of your mistakes is the presumption that the concept of an installation procedure, known as the "installer," is something mandatory.

That in fact, none of these languages inherently produce installers, that the production of an installer is an additional development step that a programmer goes through. He does this when it is advantageous to do so, and that is only when his program has many dependencies, letting the installer navigate the minefield known as "DLL HELL" for him.

Walware does not have DLL HELL style dependencies, instead leveraging only what is considered the standard WIN32 API. You can drop an executable file in a folder (such as My Documents) and execute it, and as long as that executable does not do anything above the privileges of the user running it there will be absolutely no UAC prompt period and end of story.

As a point of fact, Windows now prevents the standard API's from being deleted/overwritten, so a malware author can now depend on them being there.

UAC protects the system from some malware, expecialy rootkits, but as the poster rightly pointed out.. malware authors will adapt and simply (it really is!) avoid triggering UAC prompts. That UAC is actualy determintal to the do-it-yourselfers who would go to great lengths to protect their own system, by protecting standard API's, is just more mud on the face of your arguement.

OK, I challenge you. Drop an Exe in my documents, and then find a way that it autostarts on machine start up.

Now, extend this so that I, as the user lose control over your exe, and its hidden from the system.

You get no access apart from my own user hive, you can't reach windows or system 32, you can't change or affect program files.

Calling yourself a Windows programmer, let me correct you. You're an idiot.

Re:pointless

[AdmV0rl0n]

You'll also be able to go after it, find it, and kill it.

Re:pointless

[AdmV0rl0n]

You are right. Sudo doesn't help much at all on a single-user linux desktop, either. You could still accidentally wipe all your data. You could still execute destructive viral malware, all without using sudo. The system files protected by UAC and the sudo security model are the least important files on the machine.

No. The least privilage model, and the Sudo, UAC, and other things stop malware from becoming part of *the system*.

Your data resides in that system, and yes, the fact you could be a click happy fool along side being a fucking idiot in general can't be helpful.

Now, your data can't be protected from you, or your idiocy. And it really never will be. Anything you happen to agree to run is your own fault. The fact you think that because anything you run might cause you a problem = you should run as an admin anyway.

Re:pointless

[Lord+Ender]

Your post was mostly incoherent. Please proofread so we can understand you.

I think you might have called me (personally?) a "fucking idiot." If that is the case, I respect a man who is willing to hide behind his computer and call people names. That takes real strength.

You didn't do ANYTHING to refute anything I said, however.

Re:pointless

[Lord+Ender]

Wow, you replied to me three times, ferociously called names, and stated absolutely nothing to support your points in any post. That's probably the saddest thing I've ever seen. Reading your other comments, it seems you have severe anger issues and a serious lack of understanding of operating systems.

Re:pointless

[Lord+Ender]

If a user runs an application as that user (not admin), the app can destroy all the user's data and spread to other systems. The same is true for malware running as administrator.

You seem to think an administrator account on a PC should also have admin privileges to a backup system? That's just a bad idea, whether the user of the PC runs as admin or not.

Re:pointless

[Lord+Ender]

Sounds like you don't know how malware is spread.

Hint: The top methods are by sending email or IMs, infecting files on fileshares, or making connections to other computers on the network. Do you need admin access for any of that? Noop.

Thanks for sharing your uninformed opinion, though. Try to be informed before you speak up next time, though.

Re:pointless

[Rockoon]

Calling yourself a Windows programmer, let me correct you. You're an idiot.

Ah, you have an intelligent logical arguement there. Hard to refute such logic.

you can't change or affect program files.

As if everything ever installed is under the directories you list...

Just looking at my fresh install of windows 7 RC, I see that NVIDIA was kind enough to create an /NVIDIA/ directory right off of the root directory... and Authenticated Users have Modify, Read & Execute, Read, and Write permissions. Gee, I wonder what I could do when my malware asks them to update their video card drivers.. just about fucking anything, right?

Now its time to one-up you. You are a FUCKING idiot.

Re:pointless

[AdmV0rl0n]

What you mean is that when you ran the installer, you gave it rights to do so, and you did not bother to see if there was an option of where to store the files.

Nvidia did not create this, you ran a process and the process did this. Maybe you should think differently, you were kind enough to let Nvidia make that directory.

Lastly, to confirm that you are not a windows programmer, certainly not a good one, guess where the driver actually lives.
Hint: Its not in c:\nvidia

So, to confirm, you're an idiot.

Re:pointless

[AdmV0rl0n]

None of your supposed methods are the top methods.

Thanks for confirming how big an idiot you are though.

Re:pointless

[AdmV0rl0n]

You've gone public and stated that you purport that running as an admin is no worse than running as a user.

And you're offended that someone called you an idiot, and a fucking idiot, because you were dumb enough to actually claim your theory as a good one.

Poor you. Maybe you should keep your idiocy and stupidity out of the public domain.

I could not care less about you. What is bad, is that some fools not knowing any better might choose to follow your dumbfuckness and pay the price for your cretinous stupidity.

Re:pointless

[Rockoon]

Which part of 'fresh install' are you too stiupid to understand?

I didnt download and run an installer for nvidia drivers and I didn't choose where that installer will be dropped. Windows Update made those choices for me using its default settings (which are to automatically download and install critical updates, such as critical changes to nvidia drivers.)

You need to get your facts straight.

Malware tells user to update nvidia drivers. User heads off to windows update... which drops setup.exe in c:/nvidia/, malware instantly (thanks microsoft for providing file creation events) replaces it... windows update then executes infected setup.exe.

(you should have read what I said)

..and THIS is just a variation on a theme. Many programs are available, and even HIGHLY RECOMMENDED, which DO NOT include installers but instead just come as ZIP files. The default location for downloads is C:/users/account/downloads/* which has the same permissions as before. The default location for the extraction of said archive is C:/users/account/downloads/archivename/* which has the same permissions as before.

Now let me repeat: You need to get your facts straight, you FUCKING idiot.

Re:pointless

[Lord+Ender]

You're an interesting guy. Every post calls names. None contain information. How old are you, kid?

Re:pointless

[Lord+Ender]

No, that's not what I said. My point was that once UAC is ubiquitous, it won't prevent malware from destroying data or from spreading.

You're one of the least skilled trolls I've seen on slashdot, by the way. But you put a lot of effort into it! Keep going.

Re:pointless

[AdmV0rl0n]

Your point had little to do with UAC, the bulk of it was admin/user.

But tell you what, I'll be a troll if you'll continue to be the king sized idiot.

Re:pointless

[Lord+Ender]

You amuse me. I bet everyone loves you, as easily as you call names. Buzz off, kid.

Re:Mike

[dave562]

Since at least Windows 2000, Microsoft has provided guidelines about how to write code so the applications do not require administrative privileges. Most developers have either been ignorant of the practices, don't care about the practices, or don't know how to implement the practices. A lot of it has to do with where the DLL files get stored, and where the application writes its files to. In the *nix world, everything is pretty self contained within its own directory. For the most part, all of the files that an application needs are right there with the application. If they aren't in the same directory, symbolic links (something that Windows lacks) provides the application access to the necessary libraries.

I think you're blowing things out of proportion to say that it is unheard of it in the Windows world for users to be able to run as a something less than a super user. At my current job, we only have one app on the network that requires admin privileges. When I was consulting, most of our clients were all running as regular users.

The "problem" with Microsoft is that they have always catered to the lowest common denominator. When it comes to developers, they provide the developers with a powerful IDE and don't encourage them to think about how it works behind the scenes. That ease of use has come at the cost of security. Sure, devs have been able to come up with the applications that they need to meet the business requirements laid out for them. Unfortunately, those applications often times aren't properly hardened and crack when put on hostile networks.

I see the computer world working from two different ends. The Microsoft part of the world has provided the functionality and is backing into security. The *nix world has provided the security and the stable foundation, and now they are building the functionality.

Re:Mike

[GIL_Dude]

It's fairly easy to do this; you don't generally go build a shim - as unless you are completely hacking the system - the shims already need to be known.

You simply download the Application Compatibility Toolkit from the MS web site and apply the required shim(s) to your app (stores the required config in a .sdb file). You deploy the .sdb along with your application.

There are also tools to help you determine what shims your applications needs. Once you get started with this, it is pretty easy to do.

Re:Mike

[iluvcapra]

Yeah but how many of those apps are SUDO or SUID

Considering, under both systems, they won't sudo without getting a sudoer's password, probably not many. No Mac OS X Cocoa application runs as sudo or setuid, and you can't escalate on Mac OS X or any BSD without having a password. I can't speak for Linux programs.

The whole problem from the beginning was MS-DOS and friends presuming from power on that you wanted to be running as admin.

If you're a stump, maybe...

[djupedal]

> they will continue to own the desktop because they run all the apps you want.

Yeah, how's that iPhone dev work going for you? Xcode and the simulator working smooth, eh?

Talk about termites stuck in amber...

Re:Mike

[dave562]

What should Microsoft be doing? The community is up in arms over their less than stellar security record. They introduce progressively better security with each iteration of the OS, but often times those security improvements crap all over previously accepted programming practices. What do they do? Pull an Apple and tell everyone to go out and buy the newest version of all of the software that was working just fine on the previous version of the OS? It seems to me like shims are a good solution. Older shops get to continue extracting value from their legacy code without having to invest money in rewriting the apps.

Re:Security flaw?

[x2A]

I suppose you check the design schematics for your car and watched your house being built to make sure there're no bugs planted in the wall...

You have to draw the trust line somewhere. So a business wants to check the code's all alrighty, they have to pay someone to do it... except then you're relying on the trustworthiness and skill of that person. They may as well just be paying MS.

Don't get me wrong, my line of work's all open source stuff, and where people require windows servers they always go in a virtual machine, never on bare metal. But I'm not everyone, other people and other businesses have other priorities. Ignoring that helps no one.

Does this really work?

[Animats]

This seems to be aimed at applications which insist on running with administrator rights but don't actually use them. If the app actually tries to do something that needs administrator rights, it's going to fail anyway.

If applications without administrator rights can put files in administrator directories, especially ones that have OS components, then turning off administrator privileges is sort of pointless.

Re:Does this really work?

[typobox43]

The shim wouldn't actually grant any additional privileges to the app, of course. Look at what Vista already does - if a program attempts to write to the Program Files directory, the write gets redirected to an area in the user's profile folder. For non-filesystem calls, I'd imagine that the shim would request elevation through the usual means - i.e., UAC.

Re:Security flaw?

[Jamie's+Nightmare]

Next you'll be telling me you can't switch to another virtual console if your GUI crashes

If your GUI is crashing, you should consider using a different OS entirely. GUI crashes seem to be an acceptable event among Linux users, but most other users would not tolerate such occurrences. In Windows, there is a chance the "explorer" file manager might crash. For example, due to a 3rd party extension behaving badly. However, since XP and onward, a crashed explorer will restart automatically. Since explorer is only part of the GUI, none of your applications are disturbed.

Crashes of the underlying GUI are almost unheard of unless there is a serious flaw with the graphics driver. Since Vista and onward, the WDDM (Windows Display Driver Model) can restart the graphics system if such a problem should occur.

or review the OS code to satisfy yourself it's not malicious.

I would suggest that if you are paranoid enough to warrant reviewing the entire source code to the OS you wish to choose, you should probably consider some type of therapy. Using computers will only exacerbate your underlying problems.

Re:Mike

[dave562]

Thanks for the information. If you have to write code in the shim, how is that better than just rewriting the application? I guess it's less resource intensive, and helpful in situations where you might not have access to the original code.

It's not the MS software that is fragile

[YesIAmAScript]

Well, maybe it is. But it's the large number of other apps that are at risk of breaking. Even if every one were written correctly, it'd be tough to maintain 100% compatibility. Add in the fact that many are written massively incorrectly (i.e. fragile) and you have a really tough road ahead of you.

Also, breaking 30 apps is peanuts, there has to be well over a million apps for Windows.

Re:It's not the MS software that is fragile

[FooRat]

If you designed your APIs properly, then it wouldn't be the case that a kernel developer breathing funny on some piece of code would 'break 20 or 30 apps'. This kind of fragility happens primarily on really bad APIs.

Try chroot on Linux

[mangu]

To your point that it's a lot of work, 25 apps shimmed in 2 days by 3 people who are learning to do it is pretty quick.

Well, since what you described looks something like what chroot+setuid do on a Unix system, 25 apps in 2 days by 3 people is *extremely* slow.

Re:Try chroot on Linux

[RiotingPacifist]

in fairness
1) its a chroot with a custom set of requirements
2) your dealing with windows admins

Re:Mike

[Nick+Ives]

Those are exactly the reasons why you'd want to write a shim. Often it's just easier found out the part of a PE that's causing a problem and then write a hack for it. MS does exactly that for massive numbers of popular applications, it's how the Windows Application Compatibility Layer works.

That might sound crazy but it's actually the least bad choice. It means they can keep compatibility cruft out of mainline development meaning apps written and tested for Vista / Win7 will work because they're written The Right Way.

Let us do some study on this .. ..

[Ozric]

If it is not broken, don't fix it.

If it is broken, and can not be fixed, provide a workaround.

If after the workaround it is still broken, shim it.

The shim is therefore the workaround for the workaround.

Now then, if we Vertulize the Shim, and put it in the forest where no one can hear it crash, does the problem realy exist?

Sounds like a great way to get to five 9's to me.

YMMV

But who has source code?!?

[vinn]

This requires Windows source code so that you can hook the API's. Who the heck has that for any applications they run? Instead, this is a fix being presented to ISV's... however, if an ISV hasn't fixed their code yet, they probably aren't going to bother now.

Re:But who has source code?!?

[Blakey+Rat]

ISVs can create a "manifest" with their application telling Windows which shims need to be in-place to run the application correctly, without changing their code and without having access to the Windows source code. That's the point.

Microsoft already ships a compatibility checker utility: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=24da89e9-b581-47b0-b45e-492dd6da2971

But they can't force ISVs to run it, and they can't force ISVs to fix the problems it finds. What they can do is say, "hey, this shim is an easier fix than the compatibility checker you're already too fucking lazy to run" and hope that sticks.

Re:Security flaw?

[RichardJenkins]

You have to draw the trust line somewhere.

Yes - I think it's better to draw that line outside the company who makes a product.

I've never looked at a line of the linux kernel source, but I believe if someone slipped malicious code in there there is a pretty good chance someone would notice it and raise a storm. If malicious code were slipped into windows it'd be much less likely to get spotted.

I'm probably less trusting than most people, but the idea of anyone trusting a company that has been convicted of criminal charges to run you computer with an OS that no one can scrutinise without that company's say-so? No thanks.

Re:Mike

[phantomfive]

What should Microsoft be doing?

Oh, this is easy. Are you kidding? This is slashdot. Even I know the answer to this one. Microsoft should be rolling their own linux distro, complete with wine. See? Simple as pie.

Re:Mike

[Amouth]

"symbolic links (something that Windows lacks)"

It always pissed me off that MS never bothered to implement a simple way for people to use them.

Most people don't realize that NTFS has support for Sym links (vista & server08) and and also Junction points (limied Sym links) sence NTFS's first inception in NT

http://en.wikipedia.org/wiki/NTFS_symbolic_link

they have it.. it's been there. and you can use it - i've used junction points for a long time..

people just don't realize they exist in Windows.

Just re-write your poorly deisgned app to work...

Its these crap-tastic applications that caused problems in XP let alone the horrendous issues they will cause in Vista\7. To this day it baffles me that Developers assume end users are administrators of their computers, despite countless security experts explaining this is a bad idea. Aside from a few small (5-10 users) companies, no one gives administrator rights to their end users unless they are completely incompetent or just overburdened by political nonsense then it just creates more issues down the line. So just write it correctly the first time and your shims will vanish!

Re:Try chroot on Linux... Fast, then slow? I'm

[davidsyes]

confused...

I was looking around to insert, or shim, the conversation with my own thoughts about the shim-job. I was thinking that ms' shims were analogous to replacing leaky sphinctres with grommets and shims, but the code being dry stuffing. Or, the code is like glass fed to the machine, which... Oh, shim me... i need to shim my shim comment... my vision must be shimmery...

Anyway, it looks like either ms needs to provide virtualization to contain these bad apps, or just stop providing infrastructure support. Any 3rd-party devs who shim or bypass the non-support should (or could?) be blacklisted and clients warned their bad/leaky shims will not be plugged/supported.

Re:Security flaw?

[RichardJenkins]

I was thinking more before explorer starts.

There's plenty of times when the login screen hangs after typing my credentials (usually because of Active Directory problems). Can't cancel and log on as a local user, just got to wait/reboot.

Less often explorer just doesn't seem to start, or takes ages to start. I suspect this happens when Windows installs updates, but I'm not certain. Anyway, it would be much easier to switch to another interface and check what's going on.

Re:Mike

[dave562]

I completely agree with you. The properly written apps will run better because they aren't depending on DLLs that are having to check for code that nobody has been using for ten years, but has been left in there for those random "just in case" scenarios. It probably slims down the core DLLs a lot because they can offload all of that to the shims.

Sure,

[DRAGONWEEZEL]

but you can't retroactively design something.

Just as the beemer should have had a smaller space for the handlebars, what do you do when the product is already adopted?

Re:Mike

[JStegmaier]

Pull an Apple and tell everyone to go out and buy the newest version of all of the software that was working just fine on the previous version of the OS?

That seems to have worked pretty well for Apple.

Re:Mike

[dave562]

Oh yeah. As you can see by my UID, I'm new here. ;)

Photoshop on the Mac

[wandazulu]

Case in point against OS backwards compatibility: I use Photoshop on the Mac, and have done so since 1992, from the 68040 under System 7 to the PowerPC on OS9 to OS X on Intel. For all this time it's been the same program that has moved along with the times, as they were going to anyway to keep the product alive and relevant. I can't run PS 2.5 unless I use an emulator, find some System 7/8 disks, etc. But the bigger point is, except for retro-purposes, why would I want to?

I'm beginning to wonder how much software is in existence that is still running that requires some long, long, depreciated API. The typical examples are the home-grown accounting system, the weird shareware program that does this *one* thing we need, etc. How much of this software is *really*, and I mean *really* out there, that exists in this form and this form only.

To this point, I know someone who has a Mac running OS 8 because he runs an accounting package that was written just for him by a long-gone programmer who's last message was "no, it won't work on OS 9". Instead of feeling the pressure to upgrade his system, he just keeps it running on his original Mac Centris something-or-other while he does all his other work on his Mac Pro.

Re:Photoshop on the Mac

[abigor]

We aren't talking about home users here. We're talking about businesses, some very large, that have custom apps that they have no reason to rewrite. There are many of them - I'd guess in the tens of thousands.

Re:Photoshop on the Mac

[wandazulu]

Right, I wasn't talking about home users, more like small-business users who have more reason to hold onto their one-of-a-kind apps. The guy running the accounting package on the OS 8 machine has a small business with 10 people; it prints the checks and handles invoices, etc.

My point here is that he handles Apple's lack of backwards compatibility by simply side-stepping it; if you don't need to upgrade, then don't.

Re:Photoshop on the Mac

[Kral_Blbec]

If they dont work with modern hardware/os, then I think they DO have a reason to rewrite them. A lot has changed in the past few years and if they would upgrade they could probably find a way to do it faster, easier, and cheaper in the long run.

Re:Photoshop on the Mac

[hurfy]

One of our Medicare billing programs was originally installed on 2 DOS 386 machines linked with Novell. I don't think anything has been changed to keep it running, altho we are a little scared to try and go past XP :)
Oddly enough it runs a LITTLE faster than originally but somehow a ton of power gets eaten up running the old stuff. 2800MHz is not exactly a LITTLE bump from 25MHz.

I use a PC-File database program that actually works BETTER on my 386** than on my Pentium Duo :(

Re:Mike

[antifoidulus]

0 run with escalated privileges because the users aren't admins, and they don't need "admin rights" to certain programs. The Microsoft model is, and always has been, severely flawed. I couldn't believe the hoops we had to go through just to get a scanner working on a windows box. We had to grant the users groups admin privileges on the app that ran the scanner, which of course increases the chances of getting owned significantly.

In the OS X world, other than perhaps needing an admin to install the software, the users have no problem using peripherals and don't need us to grant the programs that use said devices extra privileges. That is just fundamentally insecure. Granting admin rights to a program instead of user is unheard of in the land of real operating systems.

Re:Security flaw?

[Blakey+Rat]

Next you'll be telling me you can't switch to another virtual console if your GUI crashes,

Your GUI crashes? Seriously?

If that *ever* happens, you should just pack up and move OSes. Not acceptable.

Re:Mike

[VGPowerlord]

In the *nix world, everything is pretty self contained within its own directory.

You must be talking about some crazy, bizarro *nix world, as the one in this world tends to split directories up by what the files are for, not by application.

For example, /etc has configuration files, /usr/bin and /usr/local/bin tend to have executables, /var/log has log files... I could go on.

Very infrequently, apps will install their entire directory structure into something like /opt, but that's very, VERY rare.

Shins?

[spungebob]

I lost mine in WW2, you insensitive clods!

No wait... you said shims?!?!

Nevermind.

Re:Win kernel devs + loud noises = broken apps

[VGPowerlord]

Why "Woooooooohoooooooo!?" He could just as easily run around shouting "Developers, developers, developers, developers!"

The "Correct" Paradigm

[citylivin]

Maybe running as a normal user is the "correct" way of doing it (gotta love the arrogance there...) but I personally will never run that way.

I have heard all the arguments, from the fact that its easy to type rm -rf /, to the fact that viruses auto install with an IE misclick. The problem with the "correct" way of doing things is that it is very annoying to be typing in passwords all the time! Just try and use a apple mac computer. It asks you to authenticate the keychain consistently. Especially, when as a technician, you are making lots of changes to the OS. I would hate for windows to go this direction. Personally, I believe that it desensitizes people into typing their password into any box that asks.

I will submit that in all the years I have been logging in as root on linux, and administrator on windows, I have NEVER mis typed a file system altering command, deleted my hard drive, or had any other negative experiences running as super users. I also turn off the delete confirmation on my recycle bin. Does this make me a dangerous user? I doubt it.

I just really resent the arrogance of the summary basically stating that super user logins are a design faux pas and should be eliminated anywhere and everywhere. Does my argument have merit? does no one else constantly run as root/admin?

/end rant

Re:The "Correct" Paradigm

[johannesg]

Absolutely right. And all that security is protecting the wrong thing: the operating system, which is easy to reinstall anyway. On my computers, the only thing that has value is my data: my source code, my letters, my pr0n, my email. By running as one user, one malicious application can still wipe everything out. Why doesn't the operating system treat each application as unsafe and run it in a sandbox by default unless I specifically mark it as trusted?

"Correct paradigm" indeed - but the UNIX paradigm is just as badly broken as the Windows one...

Re:The "Correct" Paradigm

[AdmV0rl0n]

Maybe running as a normal user is the "correct" way of doing it (gotta love the arrogance there...) but I personally will never run that way.

I have heard all the arguments, from the fact that its easy to type rm -rf /, to the fact that viruses auto install with an IE misclick. The problem with the "correct" way of doing things is that it is very annoying to be typing in passwords all the time! Just try and use a apple mac computer. It asks you to authenticate the keychain consistently. Especially, when as a technician, you are making lots of changes to the OS. I would hate for windows to go this direction. Personally, I believe that it desensitizes people into typing their password into any box that asks.

I will submit that in all the years I have been logging in as root on linux, and administrator on windows, I have NEVER mis typed a file system altering command, deleted my hard drive, or had any other negative experiences running as super users. I also turn off the delete confirmation on my recycle bin. Does this make me a dangerous user? I doubt it.

I just really resent the arrogance of the summary basically stating that super user logins are a design faux pas and should be eliminated anywhere and everywhere. Does my argument have merit? does no one else constantly run as root/admin?

/end rant

You're not an admin, you only think you are. You are unfit to be an admin, and in fact, you are an idiot.

Re:The "Correct" Paradigm

[AdmV0rl0n]

Absolutely right. And all that security is protecting the wrong thing: the operating system, which is easy to reinstall anyway. On my computers, the only thing that has value is my data: my source code, my letters, my pr0n, my email. By running as one user, one malicious application can still wipe everything out. Why doesn't the operating system treat each application as unsafe and run it in a sandbox by default unless I specifically mark it as trusted?

"Correct paradigm" indeed - but the UNIX paradigm is just as badly broken as the Windows one...

Ahhh, another brilliant idiot.
If you have a backup, you do have backuyps of 'data' - right? If a user piece of malware gets in, and you have to recover, you have a better chance of recovery.

And recovery to a solid clean system is simple.

My vote... screw backward compatibility!

[jhfry]

The future is the Virtual Machine.

Imagine for a moment, that every application included it's own OS. Of course that OS would be a very dumbed down sort of thing, but it would be entirely independent of the host OS except for some standard inter-vm communication requirements for clipboards, file management, etc.

Your host OS would be responsible for managing the file system, display, and networking, all of which it would provide access to via some standard protocols. The applications would support those protocols and contain their own OS and drivers tailored to those standards. The applications could be built in a NTVM, LinuxVM, BSDVM, SolarisVM, etc as long as it was just complete enough to support the application.

Imagine it like a typical virtual machine, but even less dependent upon the host OS. Sure the applications would be larger, but that's rarely a problem anymore.

Oblivion/Fallout mod manager

[doug141]

Those two programs handle vista really well. If you launch either with insufficient permissions for it to do its work, it'll tell you. If Vista moved some files into whatever safe zone Vista sometimes moves things, the mod manager will tell you and offer to move them back. The author "timeslip" did a great job.

Re:Mike

[afidel]

Hahaha, yeah ok whatever. There are plenty of Unix/Linux daemons that only work if setuid/setgid, if there weren't the feature wouldn't be there. Oh and here's a quick example of how setuid bit early Mac OSX, that particular problem might now be fixed but don't act like Unix is some magic security land.

Re:Security flaw?

[xant]

> They may as well just be paying MS.

Except that's where you're wrong. The last person you trust is the person who made the software, or the car, or the drug. They have, shall we say, an incentive to be dishonest? The concept of independent third party is important, no less in software than anywhere else. The problem is that in software, the independent third-party is crippled, whereas car schematics and even drug formulations are published and reviewable by people who are both qualified and uninvolved.

The fact is that I do trust software makers, even Microsoft, to do their best to write high-quality software, but with the qualification that they have only a limited budget. The goal of high-quality is always in conflict with the goal of high-profit. Therefore, you need someone looking at it who doesn't have a profit motivation, either to promote or to skewer Microsoft for their software.

SysInternals BGInfo for the win

[Lookin4Trouble]

I probably won't get modded at all thanks to catching this discussion so late in the game, but I managed to get an insider poke at SysInternals, hard enough that they updated their BGInfo application to fix just this problem (for a test-lab Win7 machine no less). Difference is, I routed it through a guy at Microsoft who actually lives and breathes this stuff - Aaron Margosis. Check out his blog on application compatibility and least user access, he's been working through it since XP came out, and has really helped my company make strides towards a solid-performing (more) secure desktop for my users. http://blogs.msdn.com/aaron_margosis/

Re:SysInternals BGInfo for the win

Wow, what a great guy... I bet he's a really nice Santa Claus too... Oh wow... Is he for hire? Does he have a beard? He'll hafta bring his own fake beard if not... Oh, you sound like a nice guy too... I bet you'd like to sit on his lap... Do you wanta sit on santa's lap? I'll take a piiicture... Smile... Margosis... Sounds like osmosis... Did he work as a chemist? I bet he had some supplies for you! Wow... what a great guy...

Re:Mike

[antifoidulus]

Um, the daemons don't run under the user's UID, so if the user's account becomes compromised, the attacker cannot escalate privileges unless he also figures out a way to hijack the daemon. That is what I was talking about, not saying that no processes run under admin privileges. So I guess you are the one that should be mocked.

I AM the goddam superuser.

[EWAdams]

It's my machine. Nobody uses it but me. Why the hell would I ever run it in crippled mode? Freedom requires responsibility: fine. I'll take responsibility for what I install. I don't install dodgy software or software with viruses.

Quit treating the users like five-year-olds and let them do what they want with their own damn machines.

Re:I AM the goddam superuser.

[iris-n]

Okay, you know what you're doing, so you must be able to change the settings and put your user as superuser.

The problem is when the default is superuser, so granny has to find out how to degrade her powers to avoid infecting the machine with her cool email attachments. Face, the great majority of user are five-year-olds when it comes to computer literacy. A app who requires these users to be root is just criminal.

Ubuntu does it the right way. root is disabled by default, and only the first user is automatically added to sudoers. Those who know what they are doing can enable root in a couple of seconds.

Re:I AM the goddam superuser.

[AdmV0rl0n]

It's my machine. Nobody uses it but me. Why the hell would I ever run it in crippled mode? Freedom requires responsibility: fine. I'll take responsibility for what I install. I don't install dodgy software or software with viruses.

Quit treating the users like five-year-olds and let them do what they want with their own damn machines.

If you have XP, you lose nothing by running as a limited user. Yes, that is right, nothing. And the right click 'run as' option exists for a fucking reason.

Re:Security flaw?

[x2A]

"The last person you trust is the person who made the software"

I wouldn't be running software written by anyone who I distrusted that much.

"you need someone looking at it who doesn't have a profit motivation"

If they're doing it for a living, they have a profit motivation. Plus, you don't think that if MS were up to the naughties they couldn't corrupt the parties that are charged with auditing the code? Maybe not everyone, but then maybe not everyone who would see the code actually inside microsoft would keep as quiet about it as ms'd prefer.

It I guess does just come down to where you draw the line. I'm perfectly happy trusting that my copy of 2003 is perfectly fine for me to run and that ms haven't shipped it with malicious code that they're gonna use against me... and it's not blind faith, I don't think it would do their business any good, especially if word ever got out, and word would get out.

shim?

[thedudethedude]

Big whoop... I've been using shims to space my HTML for years...

Re:Mike

[EvanED]

Are you sure it was the application writer's bad practices that forced many apps to require admin privileges? Because the phenomenon of having to run most day to day apps as an admin seems to be limited to Windows.

It's a mix of blame. On one hand, there are (and have been) plenty of programs out there that don't require admin rights, and there have been for a long time. We used several on NT 4 boxes back when I was in school. So it's not like MS has made it impossible to develop them, or even much harder than it would be to develop a non-root program on Unix.

The part that MS does have some blame for is the long history of not even trying to encourage the practice. 95 didn't really have any security to speak of, and a lot of programs just targeted that platform. (Games come to mind here.) Even on NT, by default I think users had admin rights. Because almost everyone ran as admin anyway, there was little need to write your program to support limited users, which meant that app developers didn't do it.

Re:Mike

[EvanED]

There is a Linux distribution called GoboLinux that makes this the norm. Installing a program puts it into its own directory but also sets up some symlinks and such in /bin so that you can still call it.

It's actually quite a spiffy idea, though I haven't actually tried it. (A friend did try the package manager on another system since we wanted a package manager that doesn't require root (*remarkably* hard to find actually -- all of the major ones seem to require it; being able to install programs as non-root is one place where Windows actually wins quit a bit at, since it's usually possible, while on Linux you're thrown back into the days before package managers when you had to go through the bitch of resolving dependencies manually) without much luck, but that might have just been the weird quirks of what we were trying to do instead of anything in GoboLinux itself.)

Re:Mike

[mzs]

Mostly yes, but some no: /etc used to be for everything else. In fact init was in there. To this day rc scripts live under there. /sbin used to be for static binaries and that has fallen out of fashion for reasons I never understood.

Re:Security flaw?

[nxtw]

That being said...while linux boxes and their GUI/Windowing systems can crash like any program can, it usually doesn't rile up the Linux users as badly as the MS Windows user, since on Linux, the Windowing system is running on top of and separate from the OS really. On linux, if your Xwindows or windows managers crashes, no big deal, you usually don't have to bring the whole system down to get it back up and started.

Many of the X.org/XFree86 crashes I've experienced have resulted in the entire system locking up (mainly with Intel and ATI GPUs.)

I've had quite a few graphics driver crashes in Windows as well, once again with Intel and ATI, but very few that crashed the entire system in Windows Vista. Instead, Vista restarts the driver and the session keeps on going. I've had one situation where the ATI driver caused the entire system to crash - when I was using hardware decoding to play back a corrupted H.264 video stream.

Windows Vista also has the ability to change/upgrade the display driver without losing the session - this is how Remote Desktop works.

As for OS X... I have had a few kernel panics caused by the ATI driver.

Re:Security flaw?

[cayenne8]

Well, that may be part of my anecdotal experience. I've never used ATI stuff...always went with NVIDIA...so, like I posted above, never really had many problems at all with graphics on linux, nor them taking the whole system down if there was a problem.

Re: re-directed to somewhere safe

[Rob+Y.]

...any stupid program that tries to write to $PROGDIR or do anything else stupid has the changes re-directed to somewhere safe.

When Vista first came out, and I was asked to test my WIN32 app to make sure it still worked, I was pleasantly surprised to find that all my ...PrivateProfile code that uses the default location no longer required me to grant global access to an .ini file in the Windows directory. They seem to make a copy under 'application data' and use that. A very simple and elegant solution that fixes a nasty problem for apps that want to just work on all WIN32 platforms.

Of course, I could've changed the app to explicitly copy the .ini files someplace writeable, but then I'd have to pick different places depending on what version of Windows I was running under. Having a default location that actually works is a much better solution. So, I cancelled my plans to code an app-specified location, figuring Vista would just solve the problem for me. But then again, Vista was Vista, so the problem never got solved. I sure wish they would've just installed this particular shim into XP. But then again, Microsoft is Microsoft, so...

Privilege Manager from Beyond Trust Corp

[gemada]

is designed for these sort of situations. http://www.beyondtrust.com/

Re:Mike

[icannotthinkofaname]

What do they do? Pull an Apple and tell everyone to go out and buy the newest version of all of the software that was working just fine on the previous version of the OS?

If it's accompanied by a drastic price drop (like, 55%-75% price cut) and 99%-100% malware incompatibility, then yes.

I figure a price drop that big should be more than enough to convince a lot of users to purchase Windows, instead of pirating it and searching for cracks.

Re: re-directed to somewhere safe

[AmiMoJo]

The registry was supposed to replace .ini files. Of course now everyone is going back to text config files to make their apps portable.

More on the Shim Database...

[Alex_Ionescu]

A bit of a shameless plug, but if you'd like more information on these "shims", I've started a series of articles on the technology (still hoping to complete it shortly) on my blog at http://www.alex-ionescu.com/?p=39. FYI, there's over 8000 of them in Windows today, and each time you launch an app, these checks are made.

Re:Not entirely sure

[Kral_Blbec]

Well put. +1 if I had it

Re:Mike

[iluvcapra]

In the first place...

sonypictures$ ping localhost >/dev/null &
[1] 436
sonypictures$ ps -O ruid -O uid -O user 436
PID RUID TT STAT TIME UID USER COMMAND
436 501 p1 S 0:00.01 501 sonypict ping localhost

In the second place, I think you're missing the main point of setuid. An executable can't be setuid unless the owner actually sets it setuid, or an installer program sets it setuid, which it can only do if it has inherited or received the privilege from the user that ran the installer. An executable under Unix can setuid, but only if that user has actually put in their password at some point in the past to permit it. You can't just drop an executable on a Unix filesystem and run it as root without first (1) making the executable's owner root, which requires the root password and (2) chmoding the executable, which also requires the root password.

Under windows before the modern user privileges, the application could escalate itself, with the owner of the system at no time authorizing it, through an installation process or any other means. You could drop an executable onto the filesystem from anywhere, double click on it, and it would run as admin based on a function call or a (world-settable) reg entry.

Nothing really that new here...

[cbreaker]

This type of thing has been used in Windows terminal servers for awhile. Microsoft uses certain workarounds to allow more applications to run in a terminal environment with less privileges than one might have on a full workstation. Yea, not every app works in Terminal Server but most do.

In my opinion, most of this is blown way out of proportion. Most applications run fine in Vista, and Windows 7 is even better when it comes to its compatibility mode. Sure, drivers are a little point of contention but even in 64-bit Vista/W7 the support from vendors has become really good.

There's always going to be some old legacy applications that won't work right, but they're the exception, not the rule. Workarounds will be required for these applications but they're just not a prevalent as people seem to make them out to be.

Time to rewrite the fscking apps

[Gothmolly]

You know, nobody bought Vista anyways, and if this new debacle isn't proof enough, maybe its time for MS to let "legacy" compatibility go the way of the dodo.

Re:Security flaw?

[maztuhblastah]

If your GUI is crashing, you should consider using a different OS entirely. GUI crashes seem to be an acceptable event among Linux users, but most other users would not tolerate such occurrences.

No, they're definitely not acceptable amongst *nix users. The difference is, when X11 or your WM dies (rare, but it does happen) you can just restart it without taking down the whole OS. Up until Vista, that wasn't the case with Windows.

In Windows, there is a chance the "explorer" file manager might crash. For example, due to a 3rd party extension behaving badly. However, since XP and onward, a crashed explorer will restart automatically. Since explorer is only part of the GUI, none of your applications are disturbed.

Indeed. This is no different than gnome-panel or nautilus dying (for example.) Rare, but crashes do happen.

Crashes of the underlying GUI are almost unheard of unless there is a serious flaw with the graphics driver. Since Vista and onward, the WDDM (Windows Display Driver Model) can restart the graphics system if such a problem should occur.

Yes. With Windows, MS has finally caught up such that the Windows GUI is now as flexible in this regard as X has been for... err... a really long time.

Re: re-directed to somewhere safe

[BBTaeKwonDo]

a nasty problem for apps that want to just work on all WIN32 platforms.

Do you need your program to work on Windows 3.1? The Windows Registry has been the preferred location for storing program data since Windows 95. I think the problem here is that you need to get with the mid-90s and rid of your calls to *PrivateProfile* APIs.

Re:Security flaw?

[selven]

I would suggest that if you are paranoid enough to warrant reviewing the entire source code to the OS you wish to choose, you should probably consider some type of therapy. Using computers will only exacerbate your underlying problems.

If you're the military, and you DON'T review every line of code in the software you use, you should seek therapy.

Citation Provided

> It depends on what they did to "compete unfairly". For example, it is not illegal for a vendor to have a contract with an OEM that the OEM could not buy a competitor's products if the vendor is not in a market monopoly position.

IIRC, they broke contracts, screwed over partners, and out-and-out stole other people's code and products. They lost several lawsuits over this, but the fines were small enough that they came out ahead. Wikipedia doesn't have as many details as I remember, but some of how they bent over Stac Electronics should give you an idea of the kind of games they played. There are also more recent things like this and this.

They've never been a nice company. They screw over their 'partners' more than anyone.

Re:Security flaw?

[tknd]

On linux, if your Xwindows or windows managers crashes, no big deal, you usually don't have to bring the whole system down to get it back up and started.

On vista, if the display driver crashes it is restarted and none of the applications are affected. For example you could have an MP3 player in the background and if your display driver crashed, the screen would freeze for a second, and then black out, and come back while your MP3 continues to play perfectly. The user then gets a little popup notification in the system tray area stating that the display driver crashed and has been restarted.

I used to have a certain version of the ati driver that would often crash and the only time the system became unusable was during the display driver crash and if the driver crashed repetitively. But Vista makes it pretty clear to the user that the culprit is the display driver, and not the OS.

On something like linux, you'd have to have the command line skills to survive a driver or X crash. When the screen freezes, most users aren't going to do ctrl+alt+F1 get to a terminal, and restart X or unload and reload their display driver module. The fact that Microsoft attempts to do that entire process for you automatically (restart crashed driver or explorer) is what earns them the profits.

Re:Security flaw?

[Anpheus]

Even if the window manager crashes, the fallback non-composite manager takes over. If the shell crashes, it restarts and redraws everything. If explorer.exe crashes, ctrl-alt-delete still works, is still captured, and can be used to start task manager which can run explorer.exe.

All of those are much, much better than kicking me back to a command line.

Re:Security flaw?

[jawtheshark]

When the screen freezes, most users aren't going to do ctrl+alt+F1 get to a terminal, and restart X or unload and reload their display driver module.

Ctrl-Alt-Backspace

No command line involved.

Did anyone here...

[Hurricane78]

...not immediately thing of "chroot" when he heard this?

Time for a new term, Shim Hell

[Douglas+Goodall]

Like DLL Hell, getting the correct collection of shims to run multiple legacy apps sounds just like the situation we call DLL Hell.

Re:Unix backwards compat

[WMD_88]

I know that other Unixes do better in this regard. My comment was in reply to Linux being specifically mentioned.

Re:Mike

[paulgrant]

how about a link to those guidelines? mea culpa I am ignorant. Then again I haven't written a win32 desktop app since 1995 ;)

Still I'm curious ;)