No, it is not appropriate to make so broad of a generalization. IE 7 has been hardened substantially and my family routinely uses it for browsing purposes. I have been in security for more than 20 years and am far more paranoid than almost anybody outside of certain 3 letter agencies.
I run Windows Server 2008 on my notebook running as a normal user. The IE 7 configuration I use is that which is appropriate for a Domain Controller: safe but very restricted. Rather than opening up my default IE configuration, I then use FireFox with NoScript to provide fine-granularity enablement of browser functionality.
If IE 7 allowed me to enable a fine-grained NoScript capability in the Internet zone, I would do that instead. I very much doubt that there is enough consumer interest in such NoScript functionality to justify such development work by the IE team.
I don't have media player installed and I have media disabled in both browsers. Flash is not supported in either as well. Much of the web is focused upon rich media. I am not interested, and have disabled it, removing the associated potential vulnerabilities.
When Apple released 10.3, they stopped shipping security patches for 10.1. Thus, if I wanted to get my security patches, I had to update my OS version and pay my ~$150.
Given the unreliable HW - the motherboard burned out every 9 months, I threw in the towel after the 4th motherboard smoked.
By background, I am a BSD'er, starting on DEC Ultrix ~ 25 years ago. Given the software application library I have, it is easiest to continue with Microsoft, as they maintain back compat for a long time. I did upgrade to Office 12 which is far more secure than Office 11 and in the considered opinion of security people I know who have looked at the issue, probably more secure than current versions of OpenOffice.
My most recent Vista system cost me ~$600, Vista included. I could have built it for a bit less, but buying it saved me the time. I then started ripping out the extra's that the vendor included.
I was a user of OSX 10.1. I moved to Windows. OSX is elegant. It's life cycle cost is far higher than Windows. With Windows I get support for 7 to 10 years. If I buy Apple, I pay more for hardware and then have to spend another ~$150 every 3 years to update the OS and maintain security support. Apple costs a lot more. It has its rabid fanboys and girls, but I am a practical engineer. My wife and kids can use the Windows systems without problems and I can continue to use software that I have had for years. I have updated to Office 12 due to its greater security, but otherwise I have bought little software for years (my kids still play soem DOS games I had 15+ years ago, run on DosBox). By the way, I am sucesfully running Vista at home on a rasonably modern system and am running XP on an old Win 98 box for my son. My iBook is in a drawer waiting to be recycled after burning out its 4th motherboard.
I disagree with your trying to supress the trust zone model. It can be very useful, but I very much want to combine it with a fine-grained NoScript capability. I use 3 zones on my work notebook, which runs IE 7 in enhanced security configuration (scripting enabled only in the trusted zone) as the default browser:
Trusted zone - Windows Update, various MS IT sites that I use for Software downloads, my Bank, etc
Intranet zone - internal websites, limited scripting, but downloading is supported
Internet zone - no scripting, restricted downloading
Then if I want to go to a web site that needs to execute script, but which I do not want to extend full trust, I use FireFox with NoScript and limit what script sources I allow to run. This allows me to buy from Amazon and other suppliers. I also use if for downloading material that is blocked by the default settings of my IE7 configuration.
By default, I block flash and other active content.
By careful configuration of multiple browsers I am able to get only the functionality that I need and expose myself to the risks associated with this functionality and not those associated with richer functionality. I would add that I run as a normal user, not as an administrative user, so installing executables requires me to approve it as system administrator, something that I do not often do.
To the best of my knowledge, the goal is 10 years. 9X didn't make it. The 9X family was designed for a much more benificient world and it was not feasible to maintain the 9X family in the face of current internet threats. On the other hand, versions of NT 4 are still in extended support, and it has been 10 years.
Like all businesses, Microsoft tries to keep its customers happy. But its customers are in general not its users. ~ 75% of Windows systems are sold through Dell, HP, Acer, etc. I have no doubt that the HW manufacturers have always made it clear that they were looking for a set of features that would enable them to sell new machines to people that already had old machines. Most of the other ~ 20+ % of the user base is enterprise / government users, who are interested in manageability, security, and a bunch of enterprise features.
A version of XP that would run in a minimal system has been around for years. I do not think that it would be hard to generalize it for general use, as I assume that it was carefully crippled to deal with the interests of the HW vendors. "Windows for Legacy PC's" was made available for enterprises only and it supports a terminal server client, media, IE, and anti-virus. It is supported by Windows Update. You can configure it to less than a 1 GB disc image and it runs on 64 MB. Thus I have no doubt MS can do this if it chooses.
It is not really infeasible. One of the changes with Vista was the ability for an enterprise to set a trusted root(s) for code installation. If the code uses the current installer and its manifest is signed by one of the trusted roots, the installer will automatically elevate itself and install the application, even though the user does not have the necessary permissions for the installation - and there are no elevation permission prompts.
Thus something akin to this exists with Vista for the enterprise space. The problem is far harder in the consumer space due to trust issues. You really don't want everybody installing trusted installation roots. When everything just works, everything works for the attacker as well.
If you are using your machine as a single user system you are clearly right. The data you care about is in your user account. It is easier to clean up a user-space compromise than an administrator compromise, where you probably have to flatten the system and rebuild.
I have kids who use my systems. They run under normal accounts (The biggest security advantage of Vista is that normal accounts run well, unlike XP) and hence can mess up their own accounts, but are not so likely to mess up my account.
User accounts can perform DOS's and network attacks against other systems every bit as easily as administrator accounts, but it is easier for administrative tools to monitor the behavior of user accounts than it is for these tools to monitor the action of things running as system.
This should be called the neverending story. Unfortunately, I think that name is already taken by a children's book. The query is a bit inappropriate. I am not safe simply if I have my AV and anti-malware SW installed and updated. I MAY be safer, but the AV and anti-malware SW can itself be a vulnerability.
Increasingly, the attacks are made at the application level, not the OS level. The OS can protect itself from a non-administrative user, but cannot be expected to protect itself from an administrative user who has been fooled into doing something inappropriate. The AV and anti-malware SW try to protect against known issues, but it is a best effort sort of thing.
If you are browsing, do you have javascript, java, flash, etc. enabled? If so, you have the neat functionality, but you are very vulnerable to compromise by hostile / compromised web servers.
If you are running as a normal (non-administrative) user such compromise can compromise anything you do. If you are running as an administrative user such a compromise can compromise your system (in Vista, you would have to OK the UAC prompt).
If you open.pdf attachements or pdf's on web sites, is your pdf reader fully updated? Exploitable security issues have been found routinely in certain pdf readers.
If you open Microsoft Office documents, is your Office software fully updated? Numerous attacks have been launched via such documents. Office 2007 has far fewer vulnerabilities than Office 2003. Note that using OpenOffice does not inherently protect you. The same type of vulnerabilities exist in OpenOffice.
If you have Apple's QuickTime, do you keep it updated? It has had large numbers of vulnerabilities.
Then we can go into the world of media and games, where many vulnerabilities exist and all too often the application in question is internet facing.
If you want ease of use, feature richness, and dynamic extensibility, you are not going to have a high level of "security / assurance". A web world of static HTML without any scripting and limited media is quite safe - but it is not what the customers want. A similarily restricted application functionality set can be made truly safe as well, but is not what customers want. Users feel comfortable and safe with what they routinely work with, even if this is inherently dangerous. This is as true for computer users as it is for industrial / research workers, who tend to get a bit casual about even truly dangerous issues (I used to be an industrial safety officer in research laboratories).
There is nothing that Microsoft could have done to prevent this. Installation of applications to the machine requires administrator privledges, as does installation of drivers. On Vista, there will be a UAC prompt when you start installation and uninstallation, but the process will then run with the full administrator token. Admin's can do what they want on the box. On a *nix system such an installation / uninstallation error would typically nail the system as well unless it was run in a rather full jail, and I am uncertain that jailing the game would have adequately dealt with a process that might install new video drivers. Certainly, most users would have been slammed in either environment.
Microsoft is criticized for its slow release of patches and software. One of the major issues slowing down release is the exhaustive testing passes that software must go through, and they still occasionally miss something. The diversity of configurations in the field is astonishing. This is an issue Apple does not face, as they support an OS for ~ 2.releases, say 3 years -- and they make all the HW, which limits the diversity. Microsoft supports their stuff for 7 to 10 years (the 9X and ME series were a bit less than this).
It is not so much that there has been an increase in the vulnerabilities of Office products, but that as the OS has been progressively hardened, the low hanging fruit is now the applications. Office 2003 was designed for feature richness, not withstanding spearfishing attacks. Office 2007 is the first Office release where the SDL was applied and has far fewer vulnerabilities. In my opinion, despite the change in UI, the upgrade from Office 2003 to 2007 is justified on security grounds alone. There is reasonable ground to believe that Office 2007 is considerably less vulnerable than Open Office. If you want to see user application vulnerabilities, look at QuickTime. Apple does NOT get security, they are still in their features and ease of use over everything (where MS was 5 years ago).
Microsoft is building and acquiring more office space in the Redmond/Bellevue/Seattle area, but there has been an ongoing shortage of meeting rooms for years. Mike Nash made sure that the security response team had space when they needed it. Is it an optimal use of space? No, but it is a reasonable one. For security reasons, the rooms are inacessible to normal MS staff, vendors, and visitors. Non-security response team members are admitted on a as-needed basis.
The analysis is lacking a component. If MS fixes an issue in a bulletin, it knows that it has started the attack on that issue because the vast majority of attackers use bindif-type tools to reverse engineer the issue. Frequently, they will have exploits available within hours of the patch release. Thus, if MS is aware of an issue but monitoring tools do not report circulating exploits, it is better for the customer, to wait until either exploits start against the issue or a larger release is available to carry the fix. Exploits will start immediately after a release. Thus, SP's may fix a vast array of undocumented issues that could lead to future problems.
Microsoft's responsibility is to the vast majority of its customers, who typically take some time to implement updates. Microsoft learned a long timed ago that customers do not like a continual stream of fixes. Hence, patch Tuesday, with occasional releases for serious issues that are being exploited and constitute a particular customer threat. It is actually a reasonable balance. Is it ideal for everybody, no, but nothing is.
PDF is now a programmable display platform, not a publishing format. Its programmability is significant enough that it is a potential security threat to users, who view it as data, not as a potential executable. The extension to advertising is obvious. How else will this functionality be used?
This problem is no unique to pdf. The community swallowed the feature richness line and chose to ignore the old dictum, keep your data and your executables separate.
How would you like your XML? Would you like javascript as well? How about AJAX?
There are scale issue here. Even in metals with significant fatigue issues, such as Aluminum, if the structure is thin enough, the image forces on a dislocation suck it to the nearest free surface and you avoid the growth of dislocation tangles that result in fatigue failure. If I remember properly, the relevant thickness for Al was on the order of 100 nm. Note that I am working from memory from grad school ~ 25 years ago, when I did my Ph.D in fracture mechanics.
TI has been working with the mirror systems for a long time now, I suspect on the order of 20 years. They should have real reliability info to work from.
The phone battery failed causing him to fall or get in the way of something, resulting in the broken ribs and spine.
2
He fell or was stuck, resulting in the broken ribs and spine. The impact caused the phone battery to fail.
2 seems far more likely than 1. Having a battery blow up in a shirt pocket and leaving a burn on my chest is not going to break my spine. An explosion in my shirt pocket that is powerful enough to break my spine is also going to blow my chest tissue off, blow my ribs into my lungs and heart, and do a lot of other damage.
I have been in security for > 20 years. If I wasn't paranoid to begin with, I certainly am now.
I run Vista and Windows Server 2008 as a normal user, not as administrator. I use IE 7, protected mode, enhanced security configuration as my default browser. A few web sites go into my IE trusted sites zone.
Since IE is so locked down, I also run FireFox with NoScript installed. I am very careful whose javascript I run. I have not installed plugins and I block Flash.
Even if you get past my usage controls, I am still running as a normal user and do not have administrative rights. An attacker can blow my data, but can't compromise my system.
Microsoft did a lot of work hardening its browser snap-ins for Vista.
Since Adobe is building such a powerful platform on pdf, I use a much simpler pdf reader executable, which may have vulnerabilities, but is less likely to be targeted due to market share issues.
I haven't tried ripping audio on my Vista system, but I have ripped DVD-R's that my wife has copied off the air. They are of classic foreign children's cartoons and the like. She burns them on a DVD-R that is in between the satellite receiver and the TV. WMP doesn't handle such tasks well (a disappointment), but AVS Video tools does fine.
I am running a beta of Windows Server 2008 on my notebook and it does not have WMP installed by default. Indeed, the only way to get WMP is to install the desktop experience package, which includes a lot of other features I don't want.
The DRM issue is a pain in the ass if you are playing in that space. Since I am not, I have not had difficulties there. If you want to play with protected content, get yourself some SlySoft applications. I assume that other media players, such as the AVS player will work as well.
I like Vista for its better security, not the glitzy UI. Search is nice as well. Vista is significantly more secure, particularly if you configure for it. I turn off sidebar, optimize the system for performance (which turns off aero), and run users as normal users. I use a machine administrator account for installing software. Thus my kids are unlikely to nail my system.
Doctors attempt to apply science to the practice of medicine, but the body and its behavior is far more complex and the various feedback loops are beyond our current understanding. Much of medical practice is culturally based and not data driven. We know far more about animal nutrition than we do about human nutrition because we can do the experiments to get the data. We can't do equivalent experiments on human populations. If you think the situation is confusing in the area of nutrition, look at "mental health" and the effects of stress on depression, anxiety, etc.
The fact that a jury found somebody guilty, does not mean that that person is guilty. While I suspect that the error rate is rather low, the large number of cases means that a substantial number of convicts are innocent of at least one of the charges upon which they were convicted.
The court system is all but paralyzed under the case burden they are suffering from. Consequentially, it has a very strong bias against reconsidering decided cases, even when evidence comes up that renders some of the evidence used to convict a person rather questionable.
The court system is typically not concerned with justice, but with "law". The application of "laws" as interpreted by appeals courts to the case at hand.
There are problems with many of the circumstantial evidence tools, but they are small indeed compared to the error rate of human witnesses and their memory.
Actually, a number of badly behaved programs on XP will run properly on Vista. The reason for this is the use of deflection directories and registry hives so that attempts by the application running under the user's account are writen to per-user storage rather than to system file locations or the Local Machine registry hive.
The first user installed is by default the administrator. This is appropriate. But you can add user accounts as standard users, and I think the default for them is a normal user. I create an administrator account and then create my and other user accounts.
I believe that DirectX 10 still has back compat to v9. I am not a gamer, so I have never pushed this area.
I don't know of any difficulties running Opera under Vista or Windows Server 2008. I have succesfully used it.
I know. That is why I run as a normal user. A 0-day against my encoder can hose my user account, which is bad; but it won't hose my system, which is worse. For years I ran with all media off, including images. Unfortunately, even I found the impact on usage to be too severe. Thus, I now run with simple image rendering on. Other media is off.
If I am going to a potentially suspect site, I use Opera - all media off, all scripting off, everything off, cookies and cache cleared on exit - i.e., a supported static HTML renderer.
Thus, I use a diversity of browsers with different security policies IE7:trusted site zone > Firefox NoScript: designated trust > IE 7 hardened:internet zone > Opera: stripped static HTML rendering only.
Your comment is correct. You should never surf from a production server. I am not. I am running server on my Dell D620 notebook. I am using it as a rather minimal OS. The only thing that doesn't run on it is Microsoft Media, as I have not installed the desktop experience feature.
Unfortunately, standard VMWare Workstation and Microsoft Virtual Server / Virtual PC do not constitute strong security boundaries. They are manageability tools more than they are security tools. Hypervisors "MAY" by considerably stronger. There were a number of interesting security talks at Defcon / Blackhat / CanSecWest on attacking VM's and their host OS's.
The autoupdate problem is an issue. If the developers use signed packages under MSI 3, and the developer root is in the trusted roots store, it will still work without difficulty.
In many respects, Microsoft is trying to move third parties to a more rational and appropriate model, rather than the bad approaches that they started with in the 9X OS family and continued through XP. Indeed, the model MS is using is the traditional model that the *nix community traditionally used.
The entire issue of trust and update is not localized to MS. It occurs on all platforms. Should you allow an App to update / modify the OS? I don't think so, others have different opinions.
I don't see a need for blocking adds. The problem is not the adds per. se., but the active content. Active content may be malicious. Unfortunately, rich media is the draw for the bulk of the viewer base and rich media tends to use active content.
The viewer / user if presented with Hobson's choice: accept active content, get the desired benefit - while taking the risk; or block active content, be safe, and not get the desired benefit.
If the user wants to view the content and be relatively safe, they can run Vista as a normal user and NOT elevate to administrator to install stuff when the malicious site downloads malware to their system.
They can run NoScript or equivalent and be very careful to authorize only those domains that they trust to run script.
I am paranoid. I run Windows Server 2008, running as a normal user. IE 7 is configured as my default browser in enhanced security mode, which is locked down and secure. IE will not allow me to download many types of items in the Internet zone, so I use Firefox with NoScript installed and kept current. I am very cautious about what sites I allow to run script, but I have blacklisted doubleclick. I do not run flash.
Slashdot Mirror
I run Windows Server 2008 on my notebook running as a normal user. The IE 7 configuration I use is that which is appropriate for a Domain Controller: safe but very restricted. Rather than opening up my default IE configuration, I then use FireFox with NoScript to provide fine-granularity enablement of browser functionality.
If IE 7 allowed me to enable a fine-grained NoScript capability in the Internet zone, I would do that instead. I very much doubt that there is enough consumer interest in such NoScript functionality to justify such development work by the IE team.
I don't have media player installed and I have media disabled in both browsers. Flash is not supported in either as well. Much of the web is focused upon rich media. I am not interested, and have disabled it, removing the associated potential vulnerabilities.
Given the unreliable HW - the motherboard burned out every 9 months, I threw in the towel after the 4th motherboard smoked.
By background, I am a BSD'er, starting on DEC Ultrix ~ 25 years ago. Given the software application library I have, it is easiest to continue with Microsoft, as they maintain back compat for a long time. I did upgrade to Office 12 which is far more secure than Office 11 and in the considered opinion of security people I know who have looked at the issue, probably more secure than current versions of OpenOffice.
My most recent Vista system cost me ~$600, Vista included. I could have built it for a bit less, but buying it saved me the time. I then started ripping out the extra's that the vendor included.
I was a user of OSX 10.1. I moved to Windows. OSX is elegant. It's life cycle cost is far higher than Windows. With Windows I get support for 7 to 10 years. If I buy Apple, I pay more for hardware and then have to spend another ~$150 every 3 years to update the OS and maintain security support. Apple costs a lot more. It has its rabid fanboys and girls, but I am a practical engineer. My wife and kids can use the Windows systems without problems and I can continue to use software that I have had for years. I have updated to Office 12 due to its greater security, but otherwise I have bought little software for years (my kids still play soem DOS games I had 15+ years ago, run on DosBox). By the way, I am sucesfully running Vista at home on a rasonably modern system and am running XP on an old Win 98 box for my son. My iBook is in a drawer waiting to be recycled after burning out its 4th motherboard.
Trusted zone - Windows Update, various MS IT sites that I use for Software downloads, my Bank, etc
Intranet zone - internal websites, limited scripting, but downloading is supported
Internet zone - no scripting, restricted downloading
Then if I want to go to a web site that needs to execute script, but which I do not want to extend full trust, I use FireFox with NoScript and limit what script sources I allow to run. This allows me to buy from Amazon and other suppliers. I also use if for downloading material that is blocked by the default settings of my IE7 configuration.
By default, I block flash and other active content.
By careful configuration of multiple browsers I am able to get only the functionality that I need and expose myself to the risks associated with this functionality and not those associated with richer functionality. I would add that I run as a normal user, not as an administrative user, so installing executables requires me to approve it as system administrator, something that I do not often do.
To the best of my knowledge, the goal is 10 years. 9X didn't make it. The 9X family was designed for a much more benificient world and it was not feasible to maintain the 9X family in the face of current internet threats. On the other hand, versions of NT 4 are still in extended support, and it has been 10 years.
A version of XP that would run in a minimal system has been around for years. I do not think that it would be hard to generalize it for general use, as I assume that it was carefully crippled to deal with the interests of the HW vendors. "Windows for Legacy PC's" was made available for enterprises only and it supports a terminal server client, media, IE, and anti-virus. It is supported by Windows Update. You can configure it to less than a 1 GB disc image and it runs on 64 MB. Thus I have no doubt MS can do this if it chooses.
Thus something akin to this exists with Vista for the enterprise space. The problem is far harder in the consumer space due to trust issues. You really don't want everybody installing trusted installation roots. When everything just works, everything works for the attacker as well.
I have kids who use my systems. They run under normal accounts (The biggest security advantage of Vista is that normal accounts run well, unlike XP) and hence can mess up their own accounts, but are not so likely to mess up my account.
User accounts can perform DOS's and network attacks against other systems every bit as easily as administrator accounts, but it is easier for administrative tools to monitor the behavior of user accounts than it is for these tools to monitor the action of things running as system.
Increasingly, the attacks are made at the application level, not the OS level. The OS can protect itself from a non-administrative user, but cannot be expected to protect itself from an administrative user who has been fooled into doing something inappropriate. The AV and anti-malware SW try to protect against known issues, but it is a best effort sort of thing.
If you are browsing, do you have javascript, java, flash, etc. enabled? If so, you have the neat functionality, but you are very vulnerable to compromise by hostile / compromised web servers.
If you are running as a normal (non-administrative) user such compromise can compromise anything you do. If you are running as an administrative user such a compromise can compromise your system (in Vista, you would have to OK the UAC prompt).
If you open .pdf attachements or pdf's on web sites, is your pdf reader fully updated? Exploitable security issues have been found routinely in certain pdf readers.
If you open Microsoft Office documents, is your Office software fully updated? Numerous attacks have been launched via such documents. Office 2007 has far fewer vulnerabilities than Office 2003. Note that using OpenOffice does not inherently protect you. The same type of vulnerabilities exist in OpenOffice.
If you have Apple's QuickTime, do you keep it updated? It has had large numbers of vulnerabilities.
Then we can go into the world of media and games, where many vulnerabilities exist and all too often the application in question is internet facing.
If you want ease of use, feature richness, and dynamic extensibility, you are not going to have a high level of "security / assurance". A web world of static HTML without any scripting and limited media is quite safe - but it is not what the customers want. A similarily restricted application functionality set can be made truly safe as well, but is not what customers want. Users feel comfortable and safe with what they routinely work with, even if this is inherently dangerous. This is as true for computer users as it is for industrial / research workers, who tend to get a bit casual about even truly dangerous issues (I used to be an industrial safety officer in research laboratories).
Microsoft is criticized for its slow release of patches and software. One of the major issues slowing down release is the exhaustive testing passes that software must go through, and they still occasionally miss something. The diversity of configurations in the field is astonishing. This is an issue Apple does not face, as they support an OS for ~ 2 .releases, say 3 years -- and they make all the HW, which limits the diversity. Microsoft supports their stuff for 7 to 10 years (the 9X and ME series were a bit less than this).
It is not so much that there has been an increase in the vulnerabilities of Office products, but that as the OS has been progressively hardened, the low hanging fruit is now the applications. Office 2003 was designed for feature richness, not withstanding spearfishing attacks. Office 2007 is the first Office release where the SDL was applied and has far fewer vulnerabilities. In my opinion, despite the change in UI, the upgrade from Office 2003 to 2007 is justified on security grounds alone. There is reasonable ground to believe that Office 2007 is considerably less vulnerable than Open Office. If you want to see user application vulnerabilities, look at QuickTime. Apple does NOT get security, they are still in their features and ease of use over everything (where MS was 5 years ago).
Microsoft is building and acquiring more office space in the Redmond/Bellevue/Seattle area, but there has been an ongoing shortage of meeting rooms for years. Mike Nash made sure that the security response team had space when they needed it. Is it an optimal use of space? No, but it is a reasonable one. For security reasons, the rooms are inacessible to normal MS staff, vendors, and visitors. Non-security response team members are admitted on a as-needed basis.
Microsoft's responsibility is to the vast majority of its customers, who typically take some time to implement updates. Microsoft learned a long timed ago that customers do not like a continual stream of fixes. Hence, patch Tuesday, with occasional releases for serious issues that are being exploited and constitute a particular customer threat. It is actually a reasonable balance. Is it ideal for everybody, no, but nothing is.
This problem is no unique to pdf. The community swallowed the feature richness line and chose to ignore the old dictum, keep your data and your executables separate.
How would you like your XML? Would you like javascript as well? How about AJAX?
TI has been working with the mirror systems for a long time now, I suspect on the order of 20 years. They should have real reliability info to work from.
1
The phone battery failed causing him to fall or get in the way of something, resulting in the broken ribs and spine.
2
He fell or was stuck, resulting in the broken ribs and spine. The impact caused the phone battery to fail.
2 seems far more likely than 1. Having a battery blow up in a shirt pocket and leaving a burn on my chest is not going to break my spine. An explosion in my shirt pocket that is powerful enough to break my spine is also going to blow my chest tissue off, blow my ribs into my lungs and heart, and do a lot of other damage.
I run Vista and Windows Server 2008 as a normal user, not as administrator. I use IE 7, protected mode, enhanced security configuration as my default browser. A few web sites go into my IE trusted sites zone.
Since IE is so locked down, I also run FireFox with NoScript installed. I am very careful whose javascript I run. I have not installed plugins and I block Flash.
Even if you get past my usage controls, I am still running as a normal user and do not have administrative rights. An attacker can blow my data, but can't compromise my system.
Microsoft did a lot of work hardening its browser snap-ins for Vista.
Since Adobe is building such a powerful platform on pdf, I use a much simpler pdf reader executable, which may have vulnerabilities, but is less likely to be targeted due to market share issues.
I am running a beta of Windows Server 2008 on my notebook and it does not have WMP installed by default. Indeed, the only way to get WMP is to install the desktop experience package, which includes a lot of other features I don't want.
The DRM issue is a pain in the ass if you are playing in that space. Since I am not, I have not had difficulties there. If you want to play with protected content, get yourself some SlySoft applications. I assume that other media players, such as the AVS player will work as well.
I like Vista for its better security, not the glitzy UI. Search is nice as well. Vista is significantly more secure, particularly if you configure for it. I turn off sidebar, optimize the system for performance (which turns off aero), and run users as normal users. I use a machine administrator account for installing software. Thus my kids are unlikely to nail my system.
Doctors attempt to apply science to the practice of medicine, but the body and its behavior is far more complex and the various feedback loops are beyond our current understanding. Much of medical practice is culturally based and not data driven. We know far more about animal nutrition than we do about human nutrition because we can do the experiments to get the data. We can't do equivalent experiments on human populations. If you think the situation is confusing in the area of nutrition, look at "mental health" and the effects of stress on depression, anxiety, etc.
The court system is all but paralyzed under the case burden they are suffering from. Consequentially, it has a very strong bias against reconsidering decided cases, even when evidence comes up that renders some of the evidence used to convict a person rather questionable.
The court system is typically not concerned with justice, but with "law". The application of "laws" as interpreted by appeals courts to the case at hand.
There are problems with many of the circumstantial evidence tools, but they are small indeed compared to the error rate of human witnesses and their memory.
The first user installed is by default the administrator. This is appropriate. But you can add user accounts as standard users, and I think the default for them is a normal user. I create an administrator account and then create my and other user accounts.
I believe that DirectX 10 still has back compat to v9. I am not a gamer, so I have never pushed this area.
I don't know of any difficulties running Opera under Vista or Windows Server 2008. I have succesfully used it.
If I am going to a potentially suspect site, I use Opera - all media off, all scripting off, everything off, cookies and cache cleared on exit - i.e., a supported static HTML renderer.
Thus, I use a diversity of browsers with different security policies IE7:trusted site zone > Firefox NoScript: designated trust > IE 7 hardened:internet zone > Opera: stripped static HTML rendering only.
Unfortunately, standard VMWare Workstation and Microsoft Virtual Server / Virtual PC do not constitute strong security boundaries. They are manageability tools more than they are security tools. Hypervisors "MAY" by considerably stronger. There were a number of interesting security talks at Defcon / Blackhat / CanSecWest on attacking VM's and their host OS's.
In many respects, Microsoft is trying to move third parties to a more rational and appropriate model, rather than the bad approaches that they started with in the 9X OS family and continued through XP. Indeed, the model MS is using is the traditional model that the *nix community traditionally used.
The entire issue of trust and update is not localized to MS. It occurs on all platforms. Should you allow an App to update / modify the OS? I don't think so, others have different opinions.
The viewer / user if presented with Hobson's choice: accept active content, get the desired benefit - while taking the risk; or block active content, be safe, and not get the desired benefit.
If the user wants to view the content and be relatively safe, they can run Vista as a normal user and NOT elevate to administrator to install stuff when the malicious site downloads malware to their system.
They can run NoScript or equivalent and be very careful to authorize only those domains that they trust to run script.
I am paranoid. I run Windows Server 2008, running as a normal user. IE 7 is configured as my default browser in enhanced security mode, which is locked down and secure. IE will not allow me to download many types of items in the Internet zone, so I use Firefox with NoScript installed and kept current. I am very cautious about what sites I allow to run script, but I have blacklisted doubleclick. I do not run flash.