Slashdot Mirror
Windows 7 Memory Usage Critic Outed As Fraud
A few days ago, we ran word of a report alleging that Windows 7 consumed more memory than it should, based on a report from Devil Mountain Software; a followup post linked to Ars Technica's robust deconstruction of that claim. Now the story gets weird: Fred Flowers writes The original story quoted the company's CTO, Craig Barth on the issue. Now, InfoWorld editor in chief Eric Knorr has still more to add. From Knorr's blog at InfoWorld.com: 'On Friday, Feb. 19, we discovered that one of our contributors, Randall C. Kennedy, had been misrepresenting himself to other media organizations as Craig Barth, CTO of Devil Mountain Software (aka exo.performance.network), in interviews for a number of stories regarding Windows and other Microsoft software topics. ... There is no Craig Barth.' Knorr's post goes on to say that Kennedy has been fired from his blogging gig at InfoWorld over this 'serious breach of trust,' and that his blog will be removed."
See http://talkback.zdnet.com/5208-10532-0.html?forumID=1&threadID=75498&messageID=1468379 for what he claims he is and does.
---- Teach Peace. It's Cheaper Than War.
I like UAC, and I'm kind of an MS fanboy, but that's just wrong. There are solutions like gksudo that work much like UAC, including a user-friendly GUI and caching of credentials. Not to mention PolicyKit and other capability-based security mechanisms. Every major distro (e.g. Ubuntu, Fedora, etc.) has these features by default.
We used to use him to cobble up sales plans. He'd do some performance reports under a pseudonym, quote these fake 3rd parties in a report, then we'd produce a whole range of sales materials quoting all these 'different' sources and the roll up.
Took the analysts about a year to figure out that it was just one guy. Which was fine because the guy was hard to handle. He was like a teenager. When we fired him, he turned into a big problem.
I wonder if Slashdot will follow up on the anti-adobe fake-flash-developer cant-handle-mobile-development-becuase-there-are-no-roll-overs troll that's further down? Yeah unlikely.
meep
InfoWorld's editor in chief, Eric Knorr, should be commended for dealing this matter quickly and decisively when he discovered Mr. Kennedy's deception. At the same time, he should think very carefully about the series of decisions that led to this outcome.
Wrong, looks like he knew all along.
From http://talkback.zdnet.com/5208-10532-0.html?forumID=1&threadID=75498&messageID=1468379 [zdnet.com]
IDG knew. Galen Gruman, Executive Editor of InfoWorld knew. As
did Eric Knorr. And several others. But poor Gregg Keizer - hey,
the man was looking for an anti-Microsoft angle at every turn, and
he let his zeal get the best of him. I honestly never meant any
harm, especially to Gregg.
Slashdot should ban all articles from InfoWorld. After all, most of the anti-Vista fud articles posted here were written by Randall Kennedy.
One example among the many: Windows 7 Benchmarks Show Little Improvement On Vista http://tech.slashdot.org/article.pl?sid=08/11/11/0110251
This space for rent.
First, let me say that SELinux is an enormously complex system that has the potential to provide huge security benefits for administrators, and that it is the bar by which other OS security infrastructure should be measured against.
With that out of the way, you're comparing apples to orange-seeds here. UAC is merely a component of the overall security model, and should most directly be compared to gksudo, sudo and su and other methods of user-initiated rights elevation. Additionally, the Windows security model does support some really fine-grained stuff now with mandatory access controls, support for signing trusted executables and all sorts of other complexity that the IT administrator can get into if they want. It's not as easy as SELinux yet, I don't think, but it's not far away either. It's not vetted by the NSA either, so I suppose that'd be a minus.
That guy was behind a lot of anti-Vista FUD, especially stuff that was reported here on Slashdot.
Some samples here:
http://tech.slashdot.org/article.pl?sid=07/11/23/1710245
Researchers Sour on Vista Service Pack 1 Performance
Researchers from the Devil Mountain Software group is claiming that a series of in-house benchmark tests showed that users hoping to receive a speed boost from the update will be disappointed.
"Devil Mountain ran its DMS Clarity Studio framework on a laptop Barth described as a "barn burner" -- dual-core processor, dedicated graphics, and either 1GB or 2GB of memory -- to compare performance of the SP1 release candidate that Microsoft released last week with the RTM version that hit general distribution last January. The Vista RTM was not updated with any of the bug fixes, patches or performance packs that Microsoft has pushed through Windows Update since the operating system's debut. 'One gigabyte, 2GB [of memory], it didn't make a difference,' said [CTO Craig] Barth. 'SP1 was never more than 1% or 2% faster.'"
http://tech.slashdot.org/tech/08/08/18/2016228.shtml
One Third of New PCs Downgraded To XP?
"More than one in every three new PCs is downgraded from Windows Vista to Windows XP, either at the factory or by the buyer, said performance and metrics researcher Devil Mountain Software, which operates a community-based testing network. 'The 35% is only an estimate, but it shows a trend within our own user base,' Craig Barth, the company's CTO, said. 'People are taking advantage of Vista's downgrade rights.' Last year, Devil Mountain benchmarked Vista and XP performance using other performance-testing tools and concluded that XP was much faster. Barth said things haven't changed since then. 'Everything I've seen clearly shows me that Vista is an OS that should never have left the barn.'"
http://tech.slashdot.org/article.pl?sid=08/09/02/1418252
IE8 Beta 2 Fatter Than Firefox and XP
"Consuming twice as much RAM as Firefox and saturating the CPU with nearly six times as many execution threads, Microsoft's latest beta release of Internet Explorer 8 is in fact more demanding on your PC than Windows XP itself, research firm Devil Mountain Software found in performance tests. According to the firm, which operates a community-based testing network, IE8 Beta 2 consumed 380MB of RAM and spawned 171 concurrent threads during a multi-tab browsing test of popular Web destinations. InfoWorld's Randall Kennedy speculates that Microsoft may be designing IE8 for the multicore future. But until your machine sports four or eight discrete processing cores, IE8 will remain 'porcine,' Devil Mountain's Craig Barth says."
This space for rent.
Depends what you mean by "vetted"; the NSA created SELinux, so nothing really compares to that, but they've regularly put out security guides in conjunction with Microsoft for every major Windows release (as well as for other operating systems). They're always comprehensive and a very solid resource on hardening Windows systems to varying extents, not to mention good learning material. Just don't get too overboard, a lot of the suggestions take security to extremes, to the extent that you'll definitely break a large number of programs by removing permissions and modifying defaults that they'd never expect to encounter (I say this from experience). They definitely don't get the attention they deserve:
Windows 7 Security Compliance Management Toolkit
Back in Win 95 days, Microsoft could have required all 3rd party software to use .ini files located in that software's main directory, or they could have required them to all use the registry, and use it in specified ways. Microsoft could have told every 3rd party company wanting that valuable Windows compatible logo on their box to use some method that would have directly helped MS's security and/or indirectly helped intelligent users who were concerned enough about security to want policy level control even then, and even then MS had enough market share to make it stick. Instead, they definitely let some companies ignore the usual rules and apparently relaxed them further whenever MS's marketing wanted to brag about how much software was windows compatible. (The first is something some of Microsoft's key people have admitted to, the second is an outsider's inference, and I'm sure there are people who would disagree with me on it.)
I'm hoping Microsoft has actually made all 3rd party sources write to some standards this time, and true support for multiple users under Microsoft's long standing model dictates, as you imply, that this should be under the user profile rather than in the install directory. What worries me is that Microsoft may still give some companies, such as Norton, favored status at bending the rules. I'm waiting to adopt 7 in part because I don't know how firm Microsoft has been on security. Microsoft had certainly transitioned from the Win 95-98 first ed. days of having a big market share but with room to grow, to one that had 95% of the market and no place to go but stagnate, well before Vista came out, but they didn't seem to have learned the lesson at all by then, which may be why I doubt they have fully learned it just yet.
Who is John Cabal?
If you actually read the story in question on Slashdot, you'll see everyone point out what an idiot whoever put the story up is and explain that the whole point of memory is that you use close to 100% of it since every byte you use makes things go faster. It's been this way for years. kdawson et al's anti-MS biases get on the front page, and everyone kicks them down (unless they're justified).
First of all, that's not Microsoft's fault, that's the fault of that installer. I'm not sure exactly what would cause that, but I'd wager that it could happen if the installer runs a bunch of different programs to take care of sub-tasks-- usually Windows handles this seamlessly, though, which means that it must be doing it in a funky way.
If the software follows Microsoft's best practices for security by installing itself in the proper directories, there is no UAC interaction at all. None. I've installed a number of programs like this. If a piece of software insists on installing itself in protected directories, or insists on running with administrative privileges, you may want to think twice about running it. Those are the kinds of software that open gaping holes in your PC's security.
I'd wager the GP's software was attempting to do something it really had no business doing, and every time the installer did something unsafe, UAC double checked with the user first. It's annoying, yes, but only when you install shitty software, and it's really exactly the type of behavior you should want out of your security system.
If the software really did need all that access to do something legitimate, and if they publisher had bothered to test it with Windows 7 and discovered the problem, Microsoft would have added an exception specifically for their software to group all the UAC requests into a single request to streamline the process. They do that kind of backwards compatability stuff all the time.*
*They actually tried not to do this with Vista even though they did it for every previous version of Windows. That was part of the reason there were so many incompatibilities between XP and Vista, and it bit them in the ass. They reverted back to their old policy for Windows 7, and even put a seemless XP VM in the business and ultimate editions.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
Some of that "poorly written software" was window's own control panel. In a number of cases there was very poor separation between user customisation and administration of system settings.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
I don't think you've got this UAC thing straight yet.
I've never seen an app manifested as require-admin that didn't really need admin. If an app is not manifested then it runs virtualized and accesses to restricted areas get redirected to the virtual store. I think that most slashdotters see more UAC than more typical users because they are called in to do system maintenance.
My wife got a Vista laptop around 9 months ago. A few months after she first got it I asked her what she thought about UAC. She replied, "What's UAC?" When I showed her she said that she'd seen that watching me using my machine, but never on her own machine.
There's a heck load of software which doesn't follow even the basic instructions found in MSDN. Also there is many programmers who doesn't even know that MSDN has these instructions. There is even programmers who don't know what MSDN is!
You do know that you shouldn't trust current working directory, don't you? There's this thing that even if application is installed in the folder X it can be started from folder Y and now your current workind directory points to Y. What's the problem in asking the Operating System where %APPDATA% is?
And they all can be found via environment settings.
No they weren't. User let them by running them with administrator privileges.
You don't know what you don't know.