Slashdot Mirror
NSA Advises Upgrade To Windows 7
An anonymous reader writes "In a document available from the NSA (warning, PDF file), that organisation advises users to upgrade to Windows 7 as part of their Best Practice for Securing a Home Network. No mention of BSD or Linux so I guess the Slashdot crowd will just have to bite the bullet and change operating systems if they want to be really secure."
this means that there's an even better backdoor for the NSA in Win7?
"National Security is the chief cause of national insecurity." - Celine's First Law
This sounds unreasonable. It sounds exactly like something one would expect to hear from someone who wants access to your computer.
And it's not unreasonable to expect that Microsoft would cooperate with Federal Agencies to manage intentional vulnerabilities on the OS.
way to be a teenage provocative troll
The NSA is tired of dealing with multiple backdoors and wants everyone to use a single OS.
This is talking to your average home user, and guess what, Linux is not exactly a popular desktop OS. It certainly has it's draw, but switching over to it just is a non-starter for most people. You'll also note they talked about Mac OS upgrades too, not just windows 7. Windows 7 upgrade was mentioned specifically if they were already using a windows OS.
The article suggests that, if your are running Windows, that you upgrade to Windows 7 or Vista.
It also has advice for MAC users.
Just because it has no advice for Linux or BSD users doesn't mean that the article suggests that Linux or BSD users should switch to Windows.
[But you all knew that -- whenever are /. summaries accurate?]
The real "Libtards" are the Libertarians!
Not the 1% who use LINUX desktops. Spare me the trolling. I like Ubuntu a lot, but I'm a tech person. Most people aren't, get over it.
The NSA have an excellent guide for securing Linux systems (particularly Redhat, but much is applicable to all distros), so they're hardly Windows-centric.
how did the NSA recommending that WINDOWS USERS upgrade to the latest version of WINDOWS. turn into a linux story?
portfolio
The Limit Use of the Administrator Account seems part seems to be a mix of the old windows XP and the new windows 7 systems.
The Default windows 7 mode with UAP popups seems to work well and not brake lot's of apps. But lots of home users have old windows 9X / XP based apps that will not work if the system was more locked down and a long password will just make people want to trun it off vs just asking cancel or allow with no need to enter a password.
So this announcement from the government advising people to purchase a new Windows Operating System occurs only days after Microsoft's stock was impacted due to poor Operating System sales
Microsoft Stock news
If you buy a decent printer it shouldn't be a problem. And even a considerable number of less than decent printers. For an agency like NSA, getting a postscript printer isn't hard, and really an enterprise printer ought to be able to handle postscript without too much worry.
Likewise with scanners, there's a huge number that are supported by SANE, if you're going to be buying a lot of scanners then it's not really that much more work than you'd otherwise be doing to make sure that the work properly for the intended use.
Windows 7 IS a worthy upgrade from XP - certainly from the security point of view. I have helped people with transitions from XP/Vista to 7 and found an almost unanimous praise for it. Given the choice, people preferred 7 for reasons of aesthetics, functionality and robustness.
The longer the Linux crowd believes that Microsoft can not make decent quality (once in a while at least), the longer they'll fail to make any changes which might someday resolve the issues that push people away from Linux.
There are only two reasons why you were having problems with your printer:
1) You were using Fedora.
2) You're an idiot.
The first problem is often caused by the second problem, so there may be no hope in your case.
Your best bet, however, is to just use Ubuntu. These days, it makes setting up printers and scanners much easier than even Windows or Mac OS X.
Windows 7 is much better at isolating ring 0 - too bad there dozens of services running by default. Remote Desktop?! Remote Registry?!! Home users won't use. Add a dozen helpful? shovel-ware services added by your OEM and even someone that cares will spend hours figuring out what they need. At least with apple you don't have nag-ware. Linux doesn't have all the security redundancy of Windows 7 but it doesn't have the downside thousands people paid and private writing malware against it either. It's always a matter of faith with any OS or firmware. When was the last time you built your own compiler? /tinfoil
15TW = 15,000 Nuclear Reactors. (Approx. one accident a month.)
This reminds me of a previous /. post that talked about draconian DRM: http://tech.slashdot.org/story/09/02/16/2259257/Draconian-DRM-Revealed-In-Windows-7
Specifically the second paragraph concerns me, "Noting that Win7 allows programs like Photoshop to insert themselves stealthily into your firewall exception list. Further, that the OS allows large software vendors to penetrate your machine."
I wonder if this is why the NSA wants everyone to upgrade.
No, the NSA recommends that you use a "modern OS" and then gives Windows Vista and Windows 7 as examples. Nothing suggests they consider these the only modern OS's in existence.
What makes you think I am using Linux? I happen to be, but resent the assumption.
At the NSA they need to do things like have employees print and scan documents. That's simply not always possible with linux. Believe me, I've tried with my printer for a year.
PEBKAC or a need for new hardware, these things aren't always possible with windows either.
Remote desktop and remote registry aren't on by default in Windows 7.
This makes the rest of your points invalid.
Hey, slashdot, I think your fortune command is broken. For about a week or so I keep getting this one: "Are Linux users lemmings collectively jumping off of the cliff of reliable, well-engineered commercial software? -- Matt Welsh"
The only way I could get my scanner to work was with Fedora, Ubuntu hasn't been able to find it since 9.04. The real trick with Linux is to keep trying different distros until you get one that works with the hardware you've got. I have another computer that only likes Mint, not Ubuntu, not Fedora. My friend could only get his computer to work with PCLinuxOS. My sister's computer prefers Ubuntu and wouldn't run Fedora. After you work with several different computers you'll learn to have a stack of live CDs.
Funny, I've had no problem with linux and my HP printer. No fiddling required, it worked straight out of the box.
Seven puppies were harmed during the making of this post.
Which make and model of scanner?
It "shouldn't be a problem" if you buy a "decent printer" where "decent printer" is defined as "some hypothetical printer which works with whichever of the dozens of Linux forks you happen to be using" and which is almost certainly not documented.
There. Fixed that for you.
If you mod me down, I shall become more powerful than you could possibly imagine.
I guess no one involved in green lighting this read the PDF.
The NSA pamphlet was only for Windows and Mac users, it didn't mention migrating to LINUX or BSD because it wasn't about alternative OSes, just what current users should go to.
They have a bunch of these fact sheets, shocking the securing iPhones and iPads one doesn't talk about migrating to Android or Win 7.
http://www.nsa.gov/ia/guidance/security_configuration_guides/fact_sheets.shtml
IT people can do this, most home users this is WAY over their heads. DEP on all software breaks stuff, we tried it at work and what a mess! Thanks a lot Microsoft.
You can say that again!
Last time I tried to connect to a network printer(at school), I simply had to click "find printer", wait a few seconds, and pick from the list of available printers(all 50 on the network). Easy.
XP(which we were running at the time), required -- at best -- knowing the IP. At worst, it also required some arcane driver too.
He must have been using Fedora then, because I'm a total computer idiot (and some would say idiot in general) and I can print using Ubuntu and a HP printer I literally found in the trash.
I guess if the editors don't. And the readers don't. There isn't much point anyway.
Ah one of my favorite trolls - "You claim X often happens, but in my case it didn't happen and so you are wrong". Does this have a name? The "anecdote troll" perhaps?
where "decent printer" is defined as "some hypothetical printer which works with whichever of the dozens of Linux forks you happen to be using" and which is almost certainly not documented.
The impression that I get from other Slashdot users is "HP good", if only because of HPLIP .
So I discover that a printer works best with one distro, a scanner with another, and a video card with a third. Am I supposed to run the distro that likes my video card on the bare hardware and then launch VMs every time I want to print or scan?
...is still in its shrink-wrap.
Any OS that allows users to run as "root" or "Administrator" by default is far from safe on today's Internet and should be avoided.
When politicians are involved, everyone loses.
For a competent technician either OS can be installed and configured properly. Perhaps in their case they could pay one with the savings on the Windows 7 licence fee.
Does this include cases where "properly" means "correctly running the Windows-only applications for which I bought the computer in the first place?" I didn't think so.
For a comparison the largest Windows botfarm had well over 1 million zombies in it. There were 2.9 million active Windows malware packages last year and probably more than 90% of most Windows boxes have expired AV subscriptions on them, and most are probably infected, but the user isn't smart enough to realize the reason why his box boots and runs so slow at times. Microsoft has relieved the situation somewhat by making available a free and effective AV package: Microsoft Security Essentials. Being free the only thing a Windows users has to do is set MSE for automatic update of the vaccine file. This is still not ideal, however, because there is usually a significant time gap between when a black hat releases a malware package and when it is finally detected, analyzed and the fix added to an AV vaccine file. For really critical security holes the gap may be as short as a few days, but for many of the others the gap may be as long as several months or never (i.e., the "cure" is to upgrade to a newer version of Windows). A LOT of people with "active" AV security have been caught in that gap and had their personal data stolen, sometimes along with a lot of cash.
The Linux botfarm was created by a group of hackers about two years ago and since Linux isn't susceptible to automatic email or browser drive-by attacks it took them 6 months to manually find 770 poorly secured Linux boxes and hack into them. Linux boxes are so hard to break into hackers use them to control the very large Windows bot farms that plague the Internet. When a black hat breaks into a Linux box she usually makes it as secure as it should have been, making it about impossible for other black hats to break in.
The superior security model of Linux, combined with the fact that as a totally Open Source OS the insertion of an NSA backdoor key is impossible, makes it ideal for situations where maximum security is a must. This is probably with that "Security" PDF discussed Windows security and mentioned the Mac OS X, but not Linux.
Running with Linux for over 20 years!
You can buy a printer and scanner that work fine with linux for considerably less than a reasonable windows license. If you buy a decent printer and scanner, equivalent in cost to a business level license, it will last you through 2 or 3 generations of windows. That's quite a lot of savings!
That's exactly right! If any user wants their computer to be really secure for Microsoft and the RIAA, then they should switch to Windows 7 ASAP. Only Windows 7 is really secure for Microsoft and the RIAA.
Trusted Computing. Accept no substitutes.
Great! Cough up the scratch..
For justice, we must go to Don Corleone
Details, please, especially for a computer that will run one distribution and not another.
The one thing that I have found is a failure with some graphical installers and Intel video chips, but that was a few years ago. Otherwise, it is just about the same as Windows; you install or compile and then install the driver if it exists for your OS. My last dedicated flatbed scanner will never work with Windows past XP, because HP will never create a driver for it and the source is closed. Can't really blame HP as the scanner is nine years old.
"What luck for the rulers that men do not think." - Adolph Hitler
I was very disappointed with that as well, but when it comes down to it there is so much utter crap software that needs to run as Administrator for no good reason (sorry guys - copy protection dongles is not a good enough reason and since Macrovision actually released something with a Y2K bug in 2008 their software sits one level below crap anyway).
It's a salesman driven platform as can been seen the second you open the case for the media and see the CD is in BACKWARDS so it can get covered in fingerprints or scratches removing it but it's nice shiny label can be seen from the outside. Choices like that are stupid from anything other than a sales point of view and sadly MS Windows 7 is still full of them. It's the stupid mindest that turned a reportedly successful tool into the useless and annoying Clippy because somebody wanted to show off the technology by having it pop up more frequently.
Have you actually used Windows 7 (or Vista, for that matter)? They haven't had "run-by-default-as-administrator" enabled (and strongly warn against it) during the setup process.
Don't talk stupid talk.
I am unable to follow your secunia links, I put them in my HOSTS file... apk
Hmmm my ancient ( in printer terms ) HP 5000 was auto detected by SuSe and functions perfectly.
Hey KID! Yeah you, get the fuck off my lawn!
Is it possible that the NSA wants us to be secure for its own selfish interests?
Lets say Joe Blow K-porn lover follows the NSA's example and updates to WIn7, then has a field day downloading, now the NSA or any other 3 letter agency looks in on Joe Blow. They find lots of evidence and when Joe Blow decides to use the ' but I was virused' the NSA is called in as a witness to prove the unlikely occurence of said event.
Remote desktop and remote registry aren't on by default in Windows 7. This makes the rest of your points invalid.
As...far...as...you...know
And here you are now claiming zero remote vuln capability in a product with closed code.
Ohhh, the irony...
I think this is pretty forward thinking advice.
Though I can't imagine ISPs are going to be happy about the NSA's frank assessment that their DNS servers "typically don't provide enhanced security services," and that home users should be using a third-party DNS, including open source.
On that topic: http://www.opennicproject.org/
I wonder how they feel about them?
(The cynic in me also wonders if they're trying to strong-arm the major ISPs into accepting some sort of "enhanced" DNS security package from the NSA. The best way to control Internet users, if they don't know about dotted quads (or IPv6 addresses), is to have backdoor control of DNS. If you can't reach the information, it doesn't exist.)
I've made no such claim. What I do know is that the remote registry service is set as manual, and remote desktop isn't enabled by default on systems that have it (however, Remote Assistance is, but I won't get into the differences. Google it)
If you're running Linux or BSD, then either you're expected to know what you're doing, or you're running an appliance with a built-in operating system based on one of those and the appliance designers are expected to know what you're doing.
In reality, with Linux, it may be that all you're doing is letting the Update Manager manage updates for you, and using the Upgrade button after a major Ubuntu release has been available for a month, but that's ok - you'll still be running some vaguely current software with most of the recent fixes. With BSD desktops, the reality is that you're really definitely expected to know what you're doing.
Based on the comments from other people here, what you're doing may also include complaining about peripheral makers who don't give out the documentation needed to write decent open-source drivers, but that's a mostly separable problem from making sure you're running an up to date operating system.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Microsoft is a major player in the National Business Park, so it comes as no surprise that the "Windows" section reads like MS marketing copy.
In the document, they are seriously recommending that everyone update to Office 2007, at a minimum, with no mention of alternatives (Libre, OOO) whatsoever.
*sigh* Oh well, it's the best government money can buy.
I don't think "old stuff works" is going to be much of a selling point.
I don't think "old stuff works" is going to be much of a selling point.
But new stuff works as well.
Have you seen Epson's driver support for their new printers, scanners and multi-function devices for instance?
http://avasys.jp/eng/linux_driver/download/
I don't think "old stuff works" is going to be much of a selling point.
For Enterprise work? Sure it is. Nobody wants to throw out thousands of perfectly good printers just because you upgraded the OS. Well, except for printer manufacturers that it is.
Faster! Faster! Faster would be better!
who are currently running XP , 'upgrading' to Win 7 means buying a new computer
If everyone did this it would stimulate the economy, and thus create jobs
and more revenue for the government.
You can typically use w2k drivers all the way up to win7 if you're still using 32bit. I have a scanner that they stopped supporting during the w2k years and it still works just fine, with w2k drivers, in windows 7.
The summary ignores that the NSA mentions both Windows and OS X and what to do to protect it. It could be that between both of those they 99% of desktop users are covered in the USA. The article doesn't really address servers and maybe the NSA feels that if you are using Linux or BSD you are either a) already protected or b) have the smarts to protect yourself anyway.
I guess for the conspiracy theorist on slashdot there is an option C: Microsoft is behind the NSA and the ploy is to get Windows and OSX secured so that Linux and BSD would be blamed for any breaches.
Yeah, but that's a Laserjet, in which case Postscript is a pretty universal language for it, so at least basic driver functionality isn't too difficult to implement. Inkjets...not so much.
The word you are looking for is syllogism. You don't need to make up new words just because it is " on line".
This issue is a bit more complicated than you think.
When did you last use XP? Adding network printers isn't exactly straightforward, but if the admins did their job right, you don't need to punch in the IP and can just find the darned thing. Also, XP is not the latest version of Windows and shouldn't be measured against current Linux distros.
Lucky for Linux users with inkjets and their difficult to implement drivers, the manufacturers of said printers seem to be willing to write the drivers. Open source drivers would be best, but for some people who are prepared to use them, closed ones work too.
Bend over Baby! I'm coming in!
Have you fscked your local propeller head today?
Also, XP is not the latest version of Windows and shouldn't be measured against current Linux distros.
Why not?
If XP is held up as a workable solution for end user computing and Linux is generally as competent, isn't it legitimate to argue that Linux at least meets a minimum level of usability?
In my experience most users just click continue on the UAC pop ups without even reading them. Even the main tech admin does that on his computer.
"To prevent this day from getting any worse, I'll just read ERROR as GOOD THING" 1GJU8xLuDKDxEs4KLf8fAGyptoDsqvEsBT
Netcraft reports that Usama bin Ladin has taken his own life in an angry reaction to the situation that the PlayStation Network is still down, and his credit card info was compromised and used shamlessly by the infamous and renegade hacker GeoHot. A ground team found his PS3 smashed to bits, and a tentative purchase order for an Xbox 360 had been drafted by his accounting department.
True, but the odds are greater for an inkjet than a laser that you wouldn't get simple plug 'n' play functionality. You might just have to go get that driver first.
For those who contributed to the above Slashdot summary who are obviously incapable of properly navigating or searching Web sites, the NSA provides advice on securing multiple different computer operating systems and revisions. Yes, that includes Linux and even Solaris, and multiple versions to boot. Furthermore, additional research will yield that the NSA also has articles on securing a variety of common applications, Web browser plugins, and file formats. Then again, should anything less be expected from the organization that created and developed Security-Enhanced Linux in collaboration with Red Hat?
Most men are not thought unwise until they speak.
This is plainly not funny. This is in all probability their singular motive for their recommendation. That, and to further inflate the stock of a lame duck American hegemony (Microsoft).
I hold very few opinions. I hold information based on observation and fact. If you wish to disagree, please use facts.
Why not? At the time of my experiment -- about a year ago -- I was using Kubuntu 9.10 and XP was /everywhere/. There were a few students with Vista or 7, but all school computers were XP. As far as know, this is still the case, so I have every right to make the comparison. /never/ had the XP find printer bit work correctly. I always had to make a new printer, tell it to use a new TCP/IP port etc. Perhaps it was just admins "not doing their jobs right", but oh well.
Oh, and I have
Though there's a surprising level of out of the box, automatic support though for inkjet printers.
Personally, for the range of HP and Epson I've setup for others and the ones I've owned myself I've never needed to resort to closed drivers. The user experience at the time was actually better than what it would've been compared to a Windows box.
I'm just surprised the anti-linuxians chose to pick on printer support as a reason a user wouldn't want to run Linux as it's an area it does quite well at. There'd be better arguments to be made about the areas Linux is weak at.
I wonder who in the NSA is in Microsoft's back pocket. Yeah, let me use Windows 7 and I'll be more secure. No thanks, I won't give up my OpenBSD. Maybe NSA wants to have an easier time spying through backdoors.
Windows 7 32bit is a different operating system. It doesn't have the security features of the 64bit version, doesn't support large amounts of memory and is in almost all ways inferior to windows XP. I'm tired of people bringing it up.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
When people can't get their already paid for program to work and disable the security settings to get it to work it defeats the purpose. sigh.
Many things can be done to get old programs to work but there are a few that are just made shitty. Most people don't take the time to work through it (and leave the security in place) and just disable the security and install what they want. What is really disturbing is that most of the engineers in my company have disabled the windows 7 security features.
To install Windows 7 would be a downgrade for Linux and BSD users, so that's already covered. The Feds correctly assume that most Windows users would not be up to installing or using Linux or BSD, so their only hope is to upgrade to Windows 7 even though that's like putting on a condom after sex with a hooker.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
read the summary. no mention of xp, only windows 7.
Wealth is the gift that keeps on giving.
The summary?
This part of the discussion has little to do specifically with the summary but more to do with is Linux a viable platform, specifically whether or not you can print something on a Linux box.
Are you arguing that we all should pretend XP doesn't have a significant user base and that it's level of usability has no relevance here?
If we could ignore XP it'd perhaps make the anti-linuxians position a little more easy to argue though.
I don't know, I never had any security issues with MSDOS = 6.22. Though I hear I was actually just one of the lucky ones...
There is no such agency.
But if there was, I would speculate that they indeed have ways into your Windows 7 or any other OS. If they didn't, they sure would be a disappointment. With that said, I am sure there is a genuine reason for them to suggest Windows 7. I am surprised that they didn't say "secure your wireless, please". Open WiFi routers are all over the place, have you ever done a casual wardrive and looked at the data? About half of my town's wifi is wide open. I would post this information and recommendations on how to secure them, ( PUT A PASSWORD ON IT, DUH) but am afraid of the paranoid backlash.
I wonder if that might be why the NSA is so vague. They probably know the vicious little details of why you should upgrade, but don't want to say so, because we will say, "OH YEAH?? HOW DO YOU KNOW? YOU BEEN IN MY COMPUTER??" People are paranoid about things they are ignorant about. I know I am resisting urges to wad me up a tinfoil hat right now, they are probably watching me through my web cam. O_o
Take the Red Pill.
"Are Linux users lemmings collectively jumping off of the cliff of reliable, well-engineered commercial software? -- Matt Welsh"
No, Linux users are the ones who opt for a better, more secure OS. They are the ones who choose to not use crappily engineered propriatory software.
Those who use Windows Vista or Vista SP2 (also known as Windows 7) are the lemmings jumping off the cliff...or is it that they are the sheeple being led to the Microshaft slauterhouse?
That's weird, for the last several years, I have experienced much bigger problems getting printers to work with Windows then with Linux (Kubuntu). I can't remember an instance where a printer worked with Windows and not with Linux, I can remember at least one of each of printers working with Linux and not with windows, of printers sort-of-working with Linux and not with windows, and of printers working with neither Windows nor Linux. When printers work with both, getting them to work with Linux is much easier and faster.
I haven't worked with scanners, so I wouldn't know.
This isn't "news", it's a bad blog rant.
The paper is for home users, and they are right to focus on the 99% there that are covered by windos and OS X.
And accusing the NSA of not supporting Linux is the most ridiculous thing I've heard in a decade. These are the guys that brought us SELinux, including fighting on our behalf to get an assurance that there won't be patent troubles with it.
You can accuse the NSA of a lot of things, like covert surveilance and stuff, but certainly not of ignoring Linux. Heck, they even have a hardening guide for Red Hat on their list of official guides, just like they do for windos, OS X and Solaris.
Assorted stuff I do sometimes: Lemuria.org
Thanks for the correction.
15TW = 15,000 Nuclear Reactors. (Approx. one accident a month.)
You do realise you are comparing Win 7, which has been out for 2 years, against the 2.6.x kernel which has been around for 8 years, right?
Lets looks at Windows during that timeframe (keep in mind that the stats only go back to 2003, when the 2.6.x kernel was released):
Win 7: 8% (5/65) - highly critical vulnerabilities unpatched
Vista: 8% (8/147) - highly critical vulnerabilities unpatched
XP: 12% (42/342) - highly critical vulnerabilities unpatched
Server 2008: 4% (4/130) - highly critical vulnerabilities unpatched
Server 2003: 6% (19/295) - highly critical vulnerabilities unpatched
Summing up: 8% (78/979) - highly critical vulnerabilities unpatched
Against the Linux 2.6.x kernel: 6% (17/265) - less critical vulnerabilities unpatched
So windows has 4.5x as many unpatched and 3.7x as many in total and has far more critical vulnerabilities left unpatched.
btw:
Highly critical means that the system can be completely comprimised if someone exploits it - there are just no known expoits of it in the wild.
Less critical basically means you have to be local and lets face it, if they have local access you're screwed anyway.
And for good measure, lets compare Linux to win 7 in 2010:
Win7: http://secunia.com/advisories/product/27467/?task=statistics_2010
47 advisories
11% unpatched
Criticality:
Highly: 40%
Moderately: 17%
Less: 36%
Not: 6%
Loction:
Remote: 55%
Local Network: 11%
Local: 34%
Linux: http://secunia.com/advisories/product/2719/?task=statistics_2010
47 advisories (same as windows)
4% unpatched (almost 3x better than windows)
Criticality:
Highly: 0% (walks all over windows here)
Moderately: 4% (more than 4x better here)
Less: 47%
Not: 49%
Loction:
Remote: 9% (again, walks all over windows)
Local Network: 2% (much better than windows again)
Local: 89%
In short:
Linux had ZERO remote automated system exploits - all remote exploits required user interaction.
The vast majority of Linux exploits required local access and even then the impact was fairly low.
The majority of Win 7 exploits had significant system impact.
The majority of Win 7 exploits could be triggered remotely, with many requiring no user interaction.
The winner?
Shear numbers: inconclusive - both have the same number
Criticality: Linux wins here easily - 96% were rated less critical or lower, compared to Win 7's 57% rated at moderate or higher
Locality: Again, Linux wins hands down - the vast majority are local exploits and the majority of Win 7 exploits are remote
Time to patch: ?
Exploits in the wild: ? but I'd suspect Linux would win given that most require local access to achieve...
I don't think "old stuff works" is going to be much of a selling point.
How about "new stuff works" as well. i never had a problem with new or old printers on Linux although I cannot say the same for MS Windows. Even my new HP Wireless printer (brand new) works perfectly.
There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
Nudge, nudge, wink, wink, if you've still got an old 32bit computer kicking along just fine and you are running other companies security software to make up for security failings (let's not forget all the claims to the exact opposite by M$ when XP first came out), really why would you bother paying for another M$ OS, when you can get any Linux distribution to provide you greater security for when you need it free.
Truth is apart for dual booting with Linux, when it comes to keep your old computer going just use the OS you were forced to buy when you got the hardware, until the system dies and you buy new hardware, hint you will most likely be forced to buy the M$ OS again anyhow.
Chaos - everything, everywhere, everywhen
MAC address? [grin]
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
I have switched (the main computer of the house) to Linux because there was no windows driver for my printer (hp photosmart) and for my scanner (epson 1240u).
I will never go back
The introduction says NSA "advises users to upgrade to Windows 7", but it actually says Windows 7 or Vista. This is a significant difference. There are still millions of Vista users out there, and they need not to upgrade. Besides, Vista is said to be more secure (yes, annoyingly secure) than 7.
Pure 100% FUD.
I've been running windows as the default admin user on the web since it was invented. In almost 20 years I've never had an experience that any regular human would deem as 'unsafe'. We're not talking riding a motorcycle without a helmet, or running with scissors type unsafe here. Let's keep it in perspective.
If you are running MS Windows XP or Vista Then an upgrade to MS Windows 7 is quite reasonable. The reason that they did not mention Linux users is because for them MS Windows 7 would be a downgrade.
Yeah, but if "new stuff doesn't work", it's a moot point, as the enterprise in question will be waiting for support for hardware they can already purchase, and which is already supported in another OS. Legacy is one thing, but if it comes at the price of progress, it's useless.
This is what frustrates me most. In my experience, the actual incidence of malware being installed without the user's knowing is close to zero these days. Since Vista, whenever I've heard of someone who got a virus it turned out that they were actually clearly warned that they were doing something very dangerous, sometimes even their antivirus software protested that it was a virus, and still they click continue. Why? Free movies online! Just download this video plugin first!
Users cannot be relied upon to make security decisions. The only way to make a secure OS is to remove the human factor, to take away all decision power for installing malware, which means you have to prevent them from installing anything that's not from a curated app store. In short, although it pains me to admit it, apple's model is the only one that can be truly secure.
Can you claim zero remote code vulnerability in linux, despite it being open source?
Having the source is meaningless when it consists of tens or hundreds of millions of lines of code. Back of the envelope calculations indicate that it would take you about 500 years to review 100 million lines of code, provided 8 hours a day are spent on it, every day. And then there's the bootstrapping issue. How can you be sure that the binary components you use to bootstrap the OS (be they executables or just a compiler) actually are secure?
In short, the only security metric that matters for operating systems is "do i trust my vendor?". Having the source doesn't buy you a single bit of security.
If you don't think microsoft can be trusted, I would have to ask why. Granted, in the 90's they had an awful track record, but if I look at the past decade, I see a business that "gets it" when it comes to security.
They are saying that if changing to Windows7 would be an upgrade, do it.
As many people here will say going from Linux, BSD, or almost anything apart from Windows, would not be an upgrade so they are not talking to you.
I'll see your Constitution and raise you a Queen.
> Any printer that does not come with vista/7 drivers.. DOES NOT WORK in vista or 7.
One could run Win XP in a VM which allows access to peripherals, and use print-to-PDF on Vista/7 to make the printout available to the VM.
I laugh, though, since this is approximately what I had to do once in order to print to a Windows-shared printer from my Linux installation. Now that the printer is shared via CUPS on Linux, though, I have no problem printing from either Windows or Linux.
I upgraded like a good little lemming, then found out that all government networks block access. Because it is not an approved product. Sad thing I had to downgrade to Vista..ugh
Have you actually used Windows 7 (or Vista, for that matter)? They haven't had "run-by-default-as-administrator" enabled (and strongly warn against it) during the setup process.
Don't talk stupid talk.
Yes, I have. I have a system I use frequently that has Win7, another with Vista, and two with XP. My preference? My Linux server.
By "run as Administrator", I'm including the Stupid Applications(tm) that require Administrator access just to run it. That's simply retarded, no matter how you slice it.
When politicians are involved, everyone loses.
Pure 100% FUD.
I've been running windows as the default admin user on the web since it was invented. In almost 20 years I've never had an experience that any regular human would deem as 'unsafe'. We're not talking riding a motorcycle without a helmet, or running with scissors type unsafe here. Let's keep it in perspective.
You are truly one of the Lucky Ones. I've seen systems that (literally) were infected out of the box.
When politicians are involved, everyone loses.
IME it's vanishingly unlikely that an admin would put that much effort into making printers browseable when the typical use-case is that nobody is ever going to browse for printers. PCs will be built with the appropriate printers pre-configured.
The article says that Windows 7 and Vista are better than previous versions of Windows, but the actual recommendation is to run a "modern OS". OS X is mentioned as well as Windows flavors. True, Linux and other BSD's are not mentioned, but if you are aware of and using those that article is not really for you anyhow.
""No mention of BSD or Linux so I guess the Slashdot crowd will just have to bite the bullet and change operating systems if they want to be really secure.""
I just about lost my coffee out my nose when I read that.
the whole discussion is about windows 7 being better than xp. if linux is brought into the debate, it has to stand up against 7, not xp.
Wealth is the gift that keeps on giving.
but even then there are lots apps with hidden stuff make it to the app store.
Also you need more then 1 app store so there is not lock in and or app store censorship.
http://www.youtube.com/watch?v=SP74aJBbIoY
(See that, from 2:50 onwards on the YouTube player control: As it simply "says it all", better than I EVER COULD, by analogy!)
Especially after my initial post here (that uses documented, concrete, & verifiable FACTS on security data):
http://it.slashdot.org/comments.pl?sid=2118740&cid=35994422
And later, in my further rebuttal/reply to your attempted deceits here:
http://it.slashdot.org/comments.pl?sid=2118740&cid=35998254
(LMAO - an ENTIRE OS DISTRO & even the rest of what MS gives business' to do business on as a development platform in ServerWare, Dev Tools, Office Suites, WebBrowsers, & OS? HAS LESS BUGS THAN A LINUX OPEN "SORES" KERNEL ONLY! )
APK
P.S.=> "Is there no one else? IS THERE NO ONE ELSE??" Achilles, Son of Peleus from the classic epic film TROY...
That'd be myself too, lol, as I stand before "all of Linuxdom" here on /. challenging you, immediately after BLOWING YOUR "champion" Agreus ( by Prince_o_Darkness (2098260) on Monday May 02, @02:44AM (#35997116) ) away, easily (with concrete, verifiable, & undeniable facts)
... apk
The advice was for securing home networks.
Linux is way more secure. Since it won't recognize my video card or my wireless card in my laptop, nobody will be able to see or remotely access anything.
"NOTE: please do not mention Linux or BSD. the NSA has had to cut back on expenses and loss of revinue has significantly impacted our staff skill set. WE can now only afford MCSE's so the only thing that can be dealt with is the current Windows release.
Until we can afford to pay more than $18.00 an hour for our techs we need to convince everyone to use windows 7.
Thanks for your understanding... Please let me know how the smear campaign for trucrypt is coming along, the loss of BinLAden has set us back as we were linking it to him."
This is a secret leaked NSA memo sent to me by a undisclosed leak.
Do not look at laser with remaining good eye.
paid technical help
Is such help any cheaper than a Windows license? I checked codeweavers.com, and support for CrossOver Pro (Standard + Games bundle) is $69.95 per year.
We're STILL debating this "is Linux good enough for the common user" thing??
Look, I really like Linux and I use it wherever possible as a server to increase reliability and cut costs. But anecdotes about your Uncle Joe aside? It's really NOT suitable for the vast majority of home users, period. The Linux advocates have been trying to push it on people for well over a decade now (and for a while, I even included myself in that camp). But ultimately, there are just too many issues it never really addressed for people, and I suspect this late in the game, probably never will.
Most glaringly, yes, the point you already brought up (but promptly blew off as a minor issue); gaming! There's a HUGE market for using a PC as a gaming system! I'd say just as many home users expect to be able to do this with a given PC as ones who don't care about t. So that alone means roughly HALF of all home PC users will not find Linux a really suitable choice -- regardless of ANYTHING else. Don't forget that even in households where the adults don't care about gaming and the kids are too young to be interested in mainstream games, there's usually some interest in buying and loading a few "educational titles" for the kids. Last I checked, they still didn't offer Reader Rabbit and such in a Linux edition?
Additionally, the whole idea of pasting a Windows-like GUI over the top of Linux only works until something goes wrong beneath the surface. If the user gets advanced enough to try downloading additional packages on their own, they're likely to eventually break something due to missing needed libraries, or overwriting a configuration file someplace in the /etc directory, or ?? At this point, they're suddenly plunged into needing to understand a lot more about the real Linux underpinnings than was ever asked of them the whole time they interacted with the "Windows look-alike" UI on top of X. This is where a lot of the Linux fans tend to forget the extent of the problem, because when "Uncle Joe" runs into this problem - he's going to call them for help and they'll probably just go over and fix it for him, returning him to happy bliss. That's not an option for everyone else who simply went with Linux because it was advised to do so to "save money". They're likely to have to erase everything and start over with a fresh re-install to get things going again -- leaving them with a pretty negative experience.
This is not always possible with Windows 7 either - neither my printer or scanner have drivers that work with it! I think I'm supposed to dump them in a landfill and buy new ones to be able to use newer drivers.
Manual means that it isn't running, and must be MANUALLY started. Remote Desktop isn't enabled by default, so both your examples were false.
The summary?
This part of the discussion has little to do specifically with the summary but more to do with is Linux a viable platform, specifically whether or not you can print something on a Linux box.
I think you just modded yourself offtopic.
...when NSA ran 99% on Solaris, with 1% PowerPC for graphics and web design...
By "run as Administrator", I'm including the Stupid Applications(tm) that require Administrator access just to run it. That's simply retarded, no matter how you slice it.
While I certainly agree that is annoying and insecure, how is that the fault of the OS?
...sometimes, in order to hurt someone very badly, you have to tell that person terrible lies. - PA
the whole discussion is about windows 7 being better than xp. if linux is brought into the debate, it has to stand up against 7, not xp.
The legitimacy of Linux as a possible solution for desktop computing was being questioned due to supposed difficulties with respect to printing from Linux.
Ignoring it's security issues, Windows XP is considered a viable platform from a usability perspective for many, many desktops.
If Linux could be considered to be as easy, or even easier to use that XP for printing, doesn't that somewhat quash the argument "You can't use Linux because you can't print from it or it's too hard to print from"
Now RobbieThe1st said
You can say that again!
Last time I tried to connect to a network printer(at school), I simply had to click "find printer", wait a few seconds, and pick from the list of available printers(all 50 on the network). Easy.
XP(which we were running at the time), required -- at best -- knowing the IP. At worst, it also required some arcane driver too.
To which DurendalMac repsonded with
When did you last use XP? Adding network printers isn't exactly straightforward, but if the admins did their job right, you don't need to punch in the IP and can just find the darned thing. Also, XP is not the latest version of Windows and shouldn't be measured against current Linux distros.
Given that XP is considered a viable platform, and when discussing Linux's viability due to aspects of its usability, isn't it OK to put Linux up against a legitimate alternative to test its appropriateness?
I also think Linux stands up against Windows 7 for many scenarios but when discussing whether Linux meets a minimum standard of usability it should only need to meet that minimum standard of usability. If it exceeds it, all the better.
Details? You want details? Who has time to troubleshoot every distro when a different one will work? That's the beauty of Linux. I guess you could look at which kernel modules are in the ram disk images and compare them across distros, but wouldn't it be easier to just insert another Live CD? It certainly has saved me a lot of time taking the path of least resistance.
4. Use of Social Networking Sites
Social networking sites are an incredibly
convenient and efficient means for sharing
personal information with family and friends.
---hmmm
Well you need to find better computer stores.
Which would mean either A. moving or B. giving up face-to-face interaction and free in-store pickup if I can't find a better computer store within city bus distance.
Sometimes they also state they're universal as well.
I've always understood "Universal" to mean that the driver for Mac OS X is compiled for both PowerPC and Intel architectures, in much the same way that "Fat" meant both 68K and PowerPC back in the mid-1990s.
#9. Secure your mobile electronic devices and delete sensitive data before crossing a US Customs and Border Patrol checkpoint. Ensure you have stored backup(s) in accessible locations in case your mobile electronics devices are retained by CBP officers for long term close inspection.
-- Gary Goldberg KA3ZYW 301/249-6501 AIM:OgGreeb Digital Marketing Inc., Bowie, MD
Because I am curious, that is why I like the details.
I never got close to even starting troubleshooting the problem I saw with Intel video chips and a couple graphical installers; that whole project was replaced before it really started. Still, I would like to know why, or if your results mirror mine.
There was another problem about two years ago for which I never discovered the true cause. Post installation, with an NVidia card and VIA chipset, X would fail to load. That's right, just spent nearly an hour installing the OS and applications, to get a lockup, keyboard and mouse not responding and a corrupted display. The forums indicated that I was not alone, but there were no solutions, and for some reason runlevel 3 was difficult to obtain, maybe something to do with a script running only on the first boot?
The same hardware ran the previous version of Suse fine, plus XP And 7, so it was not a hardware problem. And I also found that some distributions worked, some did not. I guess I could dig up the DVD's, diff 'em against the ?.1, but there are obviously several other changes between versions.
Which is why I have a fondness for Slackware. It hasn't failed me yet.
"What luck for the rulers that men do not think." - Adolph Hitler
But it has a version of IE that benchmarks fast. (as long as you are not using ssl)
Work bio at MMWD
By "run as Administrator", I'm including the Stupid Applications(tm) that require Administrator access just to run it. That's simply retarded, no matter how you slice it.
While I certainly agree that is annoying and insecure, how is that the fault of the OS?
End Users have a nasty tendency to judge an operating system by its applications, else they would have given serious consideration to other OSs that have come and gone over the years. Since they do, why can't I?
When politicians are involved, everyone loses.