Slashdot Mirror
Windows 7 Memory Usage Critic Outed As Fraud
A few days ago, we ran word of a report alleging that Windows 7 consumed more memory than it should, based on a report from Devil Mountain Software; a followup post linked to Ars Technica's robust deconstruction of that claim. Now the story gets weird: Fred Flowers writes The original story quoted the company's CTO, Craig Barth on the issue. Now, InfoWorld editor in chief Eric Knorr has still more to add. From Knorr's blog at InfoWorld.com: 'On Friday, Feb. 19, we discovered that one of our contributors, Randall C. Kennedy, had been misrepresenting himself to other media organizations as Craig Barth, CTO of Devil Mountain Software (aka exo.performance.network), in interviews for a number of stories regarding Windows and other Microsoft software topics. ... There is no Craig Barth.' Knorr's post goes on to say that Kennedy has been fired from his blogging gig at InfoWorld over this 'serious breach of trust,' and that his blog will be removed."
Vista was mostly looked badly because they introduced new security features. Features that linux zealots always yell about, like proper admin/multiple user control, securing files and directories and so on.
The fact is, people had got used to everything being simple. When MS did add these new security features (as needed now a days), they got called about. I already see the replies mentioning how the UAC is bad and nuisance for user, so i preemptively answer here - It's a lot better than Linux's su and sudo alternatives. With su you give full control over the root account, with sudo you need to write it every time you require root account. UAC is actually a lot better than what there is available for linux, in desktop use (in command line/server use it pwns).
Win7 is more popular now because people have got used to these features. Stupid sheep is, well, stupid and have to take generation to get used to it.
ZDNet, an InfoWorld competitor, was about to go public with an exposé on Randall C. Kennedy and Devil Mountain Software, but InfoWorld actually beat it to the punch by disclosing the matter itself.
InfoWorld's editor in chief, Eric Knorr, should be commended for dealing this matter quickly and decisively when he discovered Mr. Kennedy's deception. At the same time, he should think very carefully about the series of decisions that led to this outcome.
Randall C. Kennedy was an InfoWorld blogger known for his outrageous, inflammatory posts. Often these posts appeared to disregard the facts, overinflate the issues, or otherwise ignore the tenets of basic journalism in favor of sensationalism and manufactured furor. Doubtless InfoWorld appreciated the traffic such posts drove to its site. What it should have realized, however, was that beyond contributing to InfoWorld's success, Mr. Kennedy had a personal incentive for generating that traffic: promoting his own company, Devil Mountain Software. With that as his motive, he had far less incentive to consider InfoWorld's journalistic integrity when crafting his blog posts. Preserving that integrity was the job of InfoWorld's editorial staff. They failed to do so.
Compounding the issue is InfoWorld's decision to partner with Mr. Kennedy on the "Windows Sentinel" project, InfoWorld's in-house branded version of Devil Mountain Software's exo.performance.network Windows monitoring product. The original post announcing Windows Sentinel is currently hidden behind a password, but the Google cache clearly shows that InfoWorld was aware that Mr. Kennedy was behind Devil Mountain Software all along:
Today, I'm happy to announce the beta version of InfoWorld Windows Sentinel, a joint project with the exo.performance.network founded by InfoWorld Contributing Editor Randall C. Kennedy. ... According to Randall, the main point is "to develop a more concise picture of the Windows computing landscape.
InfoWorld's editorial staff should have seen that allowing a contributor to use InfoWorld's brand to promote his own company's products and/or services constituted a conflict of interest at best, and at worst, a serious breach of InfoWorld's responsibility to provide truthful, unbiased reporting to its readers.
InfoWorld needs to think very carefully about how to proceed in future if it hopes to recover its integrity after this incident. In an age where publications are under increasing pressure to demonstrate their power to drive revenue, it is more important than ever that editors take a stand for the paramount importance of high-quality, thorough, accurate reporting and editorials, untainted by financial interests or the pursuit of personal gain. InfoWorld stumbled by continuing to support Randall C. Kennedy when it should have, at the very least, questioned his judgment. It can and must do better.
According to the linked reports (both those in the summary and this one at ZDNet- http://blogs.zdnet.com/BTL/?p=31024) the only reporter for InfoWorld who "Barth" was quoted by was Gregg Keizer. This raises a question: Did Keizer know about this deception? And if not, how did he get contacted by Barth initially? It is possible the Keizer was deceived but some sort of answer would be nice.
However it's interesting to note that Randall Kennedy was one of the standard bearers in the public campaign against Vista. If you go through the most egregious condemnations of Vista posted to /., you'll find that a disproportionate number were sourced to Randall Kennedy at Infoworld. Many of which were about as truthful as the Windows 7 memory article.
Kennedy has been an extraordinarily biased source about Microsoft for a long time, and over the past few years I've lost a lot of karma pointing this out. For me this feels like vindication.
The UAC, in Vista, nagged constantly early on because of poorly written software. The UAC prompting means a program at launch either via code or manifest, or certain other compatibility-conditions (like being an installer) needs access to the user's administrative token, rather than the default neutered token. Typically that means its doing something it shouldn't have been doing, such as writing files into the installation directory rather than the user's profile (and thus needing administrative rights) or, for example, writing runtime settings into the local machine's registry rather than the user's registry.
The UAC prompts became far less common as time went on because publishers fixed their software that was doing things that even in XP they shouldn't have been doing (and getting more secure in the process).
They're reduced in Windows 7 primarily because a request for privilege escalation that is a direct result of a user action (based on a bunch of criteria, including a valid digital signature on the application, and I believe on the MSI that installed it) gets escalated automatically.
You *really* should almost never see a UAC prompt. Now, if you're a developer and are doing things that need to be escalated all the time, then no shit you're going to see it a lot. But a normal end user should virtually never see one on up-to-date versions of software on Vista or Windows 7. If you are, you should contact whoever publishes the software in question and tell them to fix it.
Were you needing that memory for something else and when you did, did Windows 7 not give it up immediately?
I see these sorts of posts all the time and wonder what exactly it is that all these people want unused RAM for. I payed for it. I want it in use dammit! And unless you're on a notebook there is no reason to not have 4-8GB of RAM. Even DDR3 RAM is now less than $20 a gig. So what you're saying is no OS should use more than $5 of RAM?
That's all fine and dandy, but the GP, or GGP, or whoever, wasn't talking about SELinux, they were talking about sudo specifically and UAC specifically, and between the two frameworks each of these items resides in the Windows framework is far more granular and robust.
Windows 7 isn't billed as a hardened OS, just a secure OS, and it indeed fits that description very well.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
UAC is quite different from su / sudo.
Windows NT has always supports the notion of "root" level (aka "Administrator") accounts and standard or limited user accounts. It has also long supported "runas" - the equivalent of sudo. The purpose of that is to allow a standard user to run a program in the context of another user, generally an Administrator, on the same desktop.
UAC, on the other hand, could be called the opposite of "sudo." Instead of running specific processes as a more privileged user, it allows an Administrator to run processes as a LESS privileged user, with varying privilege levels. Technically, Windows has also supported something like this in the past via Discretionary Access Control mechanisms and custom security tokens. UAC brings several additional pieces to the table such as: Mandatory Access Control, more direct user/system control over this behavior, and various bits of supporting infrastructure to make it both more secure (i.e. UIPI) and more compatible with existing programs (File System and Registry virtualization, for example).
UAC also allows programs such as IE and Chrome to run at below-standard privilege levels ("protected mode" or "sandbox" mode), enables secure consent prompts for elevation (more convenient and often more secure versus credential prompts which are vulnerable to spoofing attacks), and more.
So no, UAC is not a ripoff of sudo.