The German parliment has just provided a very strong argument for the emigration of the German security community to other locations outside of Germany. Since Germany is in the EU, which supports labor mobility within the EU, it should not prove difficult for the German security experts to relocate within the EU. Unless modified, I would expect it to force the movement of the profession from the country. There are some very good German security analysis tool builders. I would expect them to start working from other locales.
Stupid! Stupid! Stupid!
We have here a demonstration that other Western Democracies have large populations of professional politicians that can give US politicians a run for its money on stupidity and short sightedness.
I assume that the loss of anonymity is probably inevitable. It is arguable that people behave more responsibly when they assume that their family, friends, colleagues, and co-workers will hear of their behavior. I expect that most people concerned about anonymity are more concerned about information leaking to such social networks than to governmental authorities. It is not the assumption that urban populations have ever really made before: You had anonymity in the cities and large groups, but not in the villages or countryside. With modern technology we are likely to have less anonymity in developed and populated areas due to the density of tracking devices.
Certainly, I will find it most useful if my kids believe that I can track them and their behavior while they are going through their teenage years. It might dissuade them from some of the more outrageous stunts. After all, I don't want them trying to repeat, let alone exceed, some of the damm fool things I did.
You assume that customers upgrade to get major new feature sets. While new feature sets are great for marketing aimed at retail customers, who will in general use very few of the features (new or otherwise), enterprise / corporate markets tend to be much more conservative. In particular, they want MS to do as little damage as possible to their existing enterprise apps, many of which were written with little if any consideration for security or reliability. This legacy tail greatly complicates Microsoft's ability to ship products, as enormous amounts of effort have to be expended to minimize the app compat hit.
Microsoft executives pulled neat features from Vista (WinFS and others) because they were likely to consititute too much of a security risk. Other changes were made, despite app compat issues, to increase system security. Vista, far more than XP, allows a user to run as a normal user without any administrative credentials (If I have to do any administrative chore, I have to enter my machine administrator credentials, equivalent to su root). From my point of view, the increase in security associated with Vista compared to XP justifies it. I run with all the neat visuals turned off, so my screen is in "classic" mode. It speeds the system up.
Why do I run Windows? For the same reason as most users -- For the wide variety of apps that run on it (both commercial and shareware). Microsoft created an effective ecosystem. While the OSS community is trying, they are nowhere close -- just look at all the Linux distros, let alone the various BSD's. Over time, the OSS space will close the difference, but the Windows system is richer now. The security bulletin data suggests that the security push did have a significant impact, with high-impact security bulletins reduced by ~ 2X or more.
Users are impressed by features. Reviewers are impressed by features. The review articles are filled with tables tabulating what product has what feature. So people acquire stuff that has vast numbers of features that they will never use. Features sell. Just look at consumer products.
More features = more attack surface = lower security.
Running downloaded (generally untrusted) code = rich extensibility = bad security. After all, the code writer is doing what they want, not necesarily what you want.
The default document format for Office 12 is docx, which does not support macro functionality. Despite its addiction to rich functionality (remember, customers want it), Microsoft has gotten better over the past few years. If OO / Firefox /... is going to play the feature addition race with MS, they are going to dive headfirst into the same mud lake Microsoft went into first and we can expect that it will take them some time to figure out how the manage the associated issues.
In the massive movement to rich media, it seems to me that much of the web has made itself truly hostile to users who have are blind or have limited vision. I can have a reader deal with text. Dealing with image based text is a different matter. I would love to see requirements with the US and perhaps some of the other developed countries to require handicapped acessible content (assuming the content is not the images / media itself).
As for me, I don't particularily value all the visuals and I know the security issues associated with parsing complex data streams. In my normal web browsing zone I run with all media off, flash and its ilk specifically disabled, and all scripting off. My experience is poorer for the lockdown, but it is both faster and more secure.
The simplest and safest approach is simply to read e-mail in plain text only. It is reduced functionality, but it works. Somewhat more dangerous, but apparently safe enough is to read e-mail in a safe html subset -- shtml, with images and multi-media rendering turned off. This is the default for Microsoft's Outlook and since the move to shtml several years ago they do not seem to have had any view and be owned issues. The image blocking blocks the image spam.
Since it appears that Web 2.0 is all but synonomous with cross-site scripting as a feature, my default browser settings have all scripting and components off. A site gets into my trusted site list only if I trust it with my credit card or equivalently, allow it to install software on my system (such as Windows Update).
Actually, Ford won the critical court case concerning the Pinto. What saved Ford's case is that a senior engineer on the Pinto who was very familiar with the security issue (and the relative safety of various small cars) bought a Pinto for his daughter. This was taken as evidence that the risk associated with the Pinto gas tank was not unreasonable.
You have to look at the probablility as well as the impact of a vulnerability. All organizations that examine or fix issues categorize them by impact. An application crash is far less serious than a remote anonymous EOP or a remote anonymous DOS against a critical server. Customer's don't like installing patches. It is reasonable to fix the most serious issues via patches / updates and punt the less serious issues until the next service patch or major release.
A failing company with a product no user wants (far worse than the DRM stuff the content industry forced onto Microsoft, Apple, Real, etc.) tries for force their technology to be adopted and licensed against the interests of the users, Microsoft, Apple, etc.
There has never been a requirement to use the "best" technology in any field (even when lives are at stake) -- after all, "best" does not have a cost associated with it and one can always add improvements, even if the cost is exponentially higher.
As matter clouds condenses, gravitational energy is released. This energy has to be radiated away for the collapse to proceed, as the collapse is opposed by the thermal kinetic energy of the matter in the cloud. This was a major problem in the early universe when the abundance of metals was so low that radiation cooling was less efficient. If dark matter interacts very weakly with normal matter and electromagnetic fields, cooling is going to be very slow indeed. We know that dark matter exists and that it forms concentrations on the scale of large galaxies. We do not have strong evidence for the concentration of dark matter in the solar system, where it could result in apparent radial variations in solar or planetary masses. I supect that cooling of stellar mass dark matter clouds is rather difficult. Once somebody figures out how to observe the stuff and its properties, we can better understand what we see and what we should be looking for.
Well, actually it does appear that Vista and the 2007 applications have considerably fewer security issues than earlier releases. As I count the issues, Office 2007 had 2 important issues, Office 2003 had 6, a factor of 3 improvement. Exchange2007 had 1 critical and 1 important, Exchange 2003 had 1 critical and 2 importants. Vista had 2 criticals and 2 importants, while XP SP2 had 4 criticals and 1 important. This is a significant improvement and Microsoft's claims do appear to be substantiated.
It would be better not to have security issues at all, but Microsoft is behaving responsibly in patching regularily. Note that not all of the issues patched had been publically disclosed. The patch data on OS X and the *nix distro's is worse. Microsoft tries to release on a monthly schedule to minimize the impact upon its user base. Microsoft's enterprise users do NOT want a continuing stream of patches being released, but want them packaged at a regular schedule so that they can be planned for.
How many distro's continue to support 5 year old releases? Apple doesn't provide security patches for OS versions that are more than 2 point releases old -- you have to go and buy a newer copy of the OS for another $150 to get support. On the *BSD or *nix front, I don't see much active support for older releases for end users. With Microsoft, I have to install a service pack every 2 years or so, but I get active support for security issues for at least 6 years and frequently longer without having to pay for maintenance (and yes I know about the early termination of Win 9X / ME. This was an anomoly due to the fact that the 9X platform did not have the security infrastructure to support modern requirements. It couldn't really be patched.)
And the studio's wonder why TV viewership is declining? After trying for a year, I dropped my cable subscription -- I don't think what is on the networks is particularily good for my young kids. I get movies / video's from my public library, which is quite good. I truly despise the 10 minutes of adds for other video's that Disney puts in their headers, so only occasionally do I check out a Disney video for them to watch. My kids watch the occasional video, play outside, play some on the computer (I have done extensive filtering and if I see to much usage of a site such as neopets, I blacklist it), and read. Given few alternatives, even athletic kids will take to reading when they can't be outside with a ball. I have one TV in the house, a ~ 4 year old HDTV ready CRT. If the content suppliers think that I will replace my system to get DRM-protected content, they are sorely mistaken. I would rather read. With Google's book scanning project (books.google.com) and the Gutenberg project, there is a mass of older books that are free to complement what you find in your library and bookstore.
Eta Carinae is a Luminous Blue Variable, a very massive star (~ 80 to 120 Msolar) that is quite unstable. Last century it ejected ~ 10 solar masses of material. It is also a binary star, with a companion estimated to be ~ 80 solar masses or so. The orbit is significantly inclined from our point of view, so the spin axis is not pointed at all towards us, which is very fortunate indeed. I seem to remember one article a year or so ago that estimated that Eta Carinae was spinning at ~ 90 % of its breakup speed. This is very fast indeed, and if true, would mean that it would be a potential gamma ray burst source when it goes supernovae. Note that it would have to shed its atmosphere first and become a Wolf Rayet star before the GRB could punch through the stellar atmosphere.
Pair creation supernovae were predicted decades ago. The conditions for their formation are a bit strict and they do not appear to be very common at this point. Black hole creation is probably must more common. If we have seen one now, it is a good reinforcement of old theoretical work.
The following may be surprising to you. To the best of my knowledge, the enterprise/Government sector of Microsoft's PC market is ~ 25% of sales, with the rest being driven by the "partners": Dell, HP, etc. Consequentially, it is rather hard to focus on corporate/government issues that are not a simple feature add over the consumer SKU's. The Microsoft organization is structured around shipping features, a good match for the marketing requirements of Dell, HP, et.al; who are looking for sets of feature that can be used to convince users to replace their older system with a newer system that supports the newest features.
Features and gizmo's sell, or Dell, HP, et. al. wouldn't push them. You may not like them, I may not like them, but the fact is that they sell. The newer Linux distro's are getting bloated as well. Why? Because all those features appeal to users. The vendors are giving us what we "want" at least to the extent that they can succesfully convince us of what we "should want". I don't want to get into a debate on marketing driving wants. It is a black hole from which one never returns. But manufacturers do pay close attention to what sells, and what does not. It determines their survival or not.
If you want to keep it simple, install a minimal build of Linux, or one of the baseline BSD's. On the Windows side, Win 2K3 server makes a very secure and reliable platform.
There are vulnerabilites in all OS implementations. It will prove possible to circumvent LR IE. Some of approaches were discussed at the CanSecWest conference last month. Similarily, methods of compromising VM's were discussed. Nothing is foolproof. My claim was that the protected mode added a barrier, not that it was insurmountable. If you want to protect yourself better in *nix, you should consider using a chroot jail to confine your browser of choice and its snap-ins.
The assumption that Microsoft products are always insecure is not justified. Microsoft consumer products are feature loaded and are optimized for rich usage models. Consequentially, they have far larger attack surface than if they were minimally configured. We see the same thing hapening in the *nix releases. Ubuntu and SUSE are far larger than *nix releases of 5 years ago. Compare them and their requirements to the current BSD releases, which are far more economical. Field experience with Windows 2K3 servers has shown them to be quite secure and very reliable. I believe that this will continue to the be the case with LongHorn server, which I have been running on and off for 2 years now, from early pre-beta releases. Unlike the early builds of Vista, LongHorn server has been robust and reliable. Vista accomplished this by RTM, but LHS has always been solid in my experience.
If I don't trust the site with my credit card number or grant it the ability to update my software (such as Windows Update), capabilities that are security equivalent, it doesn't go into my trusted site list. Given that in general, I don't run scripting, multimedia, and the like, much of the web doesn't work. I simply accept that.
For untrusted browsing or simply going out and getting a file from sites that are not in my trusted site list, I use another browser. Currently it is Opera with everything turned off. No images, plugins, scripting, etc. Cache and cookies flushed on exit. In effect, a close to text more static renderer (opera is better supported than Lynx). If works fine for file acquisition and can easily handle the NYTimes. Even nicer, there are no adds. I start up clean when I go and get a file.
By using server, I have truly broken media on my system. There is no audio support and I don't have media player. I don't care.
You could do it that way, but it would be rather inconvenient. I suspect that you would have an easier time using a chroot jail to confine your browser. It has about the same impact. The protected mode involves an integrity label that is set to low. The browser, running at low, is not allowe to directly modify normal files (which are implicitly medium, system files are labeled high). Many of the vulnerabilities in Windows come from the fact that normal users are running with admin privledges. Unfortunately, much software is written assuming such privledges. If you are not running with administrator privledges, compromises of a user account or application are less likely to compromise the system, irregardless of the OS you are running under, be it Windows or *nix.
Actually, if you configure it for security, IE7 is probably less security challenged at this point than Firefox or Opera. The low rights / protected mode does add some additional barriers to exploits.
I would note that locked down as it its, it does break a lot of web sites. Paranoid as I am, I typically have explicit distrust keys for Flash and I disable all multimedia to avoid parser errors.
The more stuff you have running, the shorter the battery life. I am paranoid, perhaps a side-effect of decades in security, and I am not interested in glitz. The first thing I always did with Vista was to turn off Glass and go into advanced security settings and optimize for performance. I then turned off the Vista sidebar. Battery life under such conditions is better than XP.
I am now running LongHorn Server Beta 3 on my notebook, running as a standard user. Glass and Sidebar are not even available, and my battery life seems to have gone up significantly, I assume because fewer processes are running. IE is hardened on server and it is certainly more secure. And yes, I have enabled the wireless functionality and search indexer. My desktop does look much like Win 2K.
Security tends to go up as you run less functionality. It appears that battery life does so as well.
It is easy to condemn Microsoft for the vulnerabilities in Office, but the root issue here is the rich functionality in modern office suites. Office came to dominate the market by its rich functionality, tight integration, and ease of use. The addition of sophisticated scripting functionality allowed organizations or integrators to add yet more value. It also created a fertile environment for malicious attackers. As long as the Windows operating system was easily broken, nobody bothered much with attacking the application stack. As Microsoft has raised the bar in the attack resistance of the operating system, attacks have moved up the stack. I was not at MS at the time, but I do not believe that security has at the top of the stack for Office 11 and earlier. I do know that substantial hardening was performed on Office 12, which I believe is now marketed as Office 2007. From my point of view, Office 12 should be viewed as a very important security update to Office 11. I know, they changed the UI. I wish they had left a "classic" option. They didn't. But Office 12 is far less vulnerable than Office 11.
In their determination to sucessfully match Office's rich features, Open Office has acquired similar vulnerabilities. One evaluation I saw some time ago concluded that Open Office was likely to be more vulnerable than Office.
If you want to be secure, run software that does what you need, and NO MORE! Rich functionality and extensibility are the attack points. Not many people want to restrict themelves to txt files or filtered html, let alone edit any longer with editors such as vi or microemacs. Due to their extensibility, pdf and postscript are suspect in the eyes of the truly paranoid, let alone the complex modern formats.
Adding to the thread. In addition to the bitlocker functionality, which was introduced with Vista, Microsoft has supported the Encrypting File System (on NTFS formated discs) since Win 2K. If you export the key, security is quite good. EFS can be managed by group policy in enterprises. Note, if you export your key and loose it and your password, you are not going to be recovering your data. There is a reason that enterprises publish the recovery key to AD.
As to why you should trust MS to handle its crypto and privacy obligations, I would suggest several reasons.
MS's design and implementation has been carefully reviewed by trusted outside examiners as part of the Common Criteria effort. This includes access to source code and the running of explicit tests against interfaces and API's.
Governments and companies that are security critical deploy these systems. If MS were not behaving properly, these customers would not be buying and deploying.
I have both an XP and a Vista system at home. The XP box is an old Win98 box that I upgraded to XP. I will never migrate it to Vista, even though it will run Vista Basic - it does what I got it for and is supports a host of old devices which I have no intention of replacing and for which I will not be able to get Vista drivers. MS will be offering extended support for XP until ~ 2013. I will take advantage of that. I also have software on it that is worth far more than the machine. Remember, old PC's will do what you bought them to do until you have a hardware failure. I have a cousin who is still writing scientific papers using Word Perfect on a Win 3.1 box. Since she doesn't browse from the system, she doesn't have much of a security issue with her antique.
On the other hand, my new system has 2 GB of RAM and a Intel Core 2 Duo processor. I am running Vista on it and have my kids browse from it (running as limited users without admin privledges). It has very convenient parental controls. There are significantly fewer security issues with Vista than there are with XP, and in general you can configure the system to reduce these even further by turning off functionality that you don't use. Even running Vista basic, you get the security enhancements and the search functionality, in my personal opinion, the most important core features in Vista. I ran Vista on a Dell D610 notebook at MS since pre-Beta 1 (after all we eat our own dogfood, and B1 really was dogfood). I found that if I optimized for performance, turned off the sidebar, set to Windows Classic interface, and reduced the priority of the search service, I had quite good performance, even with old HW. I am not interested in glitzy interfaces, so I still run Windows Classic and have the sidebar turned off.
No single browser is truly secure. They are getting better, but so are the attacks. Reducing their functionality can increase their security. If you want to do banking as well as browse to dangerous locations from an XP or earlier system, I would recommend using 2 browsers. Until my children started using the computer, I was safe with IE alone, as I am a vigilant user and don't browse the more dangerous corners of the net. Since my children now ocassionally use the system as well, I have added Firefox. I use IE 7 on XP for my banking, trusted transactions, and interaction with will known sites (the security settings for the Internet zone are customized and quite high, with my bank in the trusted site zone). I have told my children to use Firefox for general browsing, (I have gone into the firefox configuration to disable active content, scripting, media, etc. AJAX does not run on my Firefox configuration). Note that on Vista a vigilant user can use protected mode and zones to get equivalent results.
I have recently added a Vista computer as my children't primary computer. Vista has basic parental controls. The children run as limited users and use IE7 in protected mode on the Vista system. I do not need to run Opera / Firefox as a secondary browser in this configuration - indeed, doing so would break the parental controls, which are integrated into the IE filter engine.
If general users want to be safe in e-mail, they should work in plain text only. I learned long before I came to MS to move to plain text. Doing so does a great job against image spam and it also breaks the html games that can be played against the user.
My home XP system is an old Win 98 system that I upgraded to XP. Given the legacy HW that is attached to it, I will never upgrade it -- Vista drivers are not available. The system and software still does what I bought it to do.
A look at the vulnerability / bug reports for IE 7 vs Opera vs Firefox vs Safari can be interpreted by the reader to favor any given browser, depending upon the relative weights given to the various factors and the reader's desire to believe in any given browser. I do not believe that the data clearly demonstrates a clear and uncontested security superiority for either Firefox or Opera. The data does clearly show that IE 6, an older browser, is less secure than newer browsers. This is not surprising. Older versions of Firefox also have more vulnerabilities. By the way, I do like Opera. The data shows that no browser is absolutely safe.
Using IE 7 in protected mode helps (Vista only). If you are going to browse in the most dangerous sites, I suggest that you take corresponding protective measures. The simplest would to be to run from within a VM. On a Free BSD system, it would be appropriate to jail your browser and you might want to use a Biba policy with the MAC labels to further confine potential damage. The Chroot jail is supported, to the best of my knowledge on Linux distros and if you are running from one of the Linux distros that support SeLinux, you can set the TE policy to confine it further.
The security of an OS and application is dependent upon how much functionality is exposed to the attacker. OpenBSD tries very hard to minimize their attack surface and has done a good job of it. Despite their efforts, they recently had a remote vulnerability in the IP6 system. Users seem to like rich functionality, as seen in modern Windows releases, as well as Linux releases such as SUSE 10. When you expose more functionality, you get more vulnerabilities. This is particularily true in applications such as browsers, which handle a wide variety of untrusted and frequently actively hostile content. When you start putting up security barriers, users get irritated. Surprisingly, Microsoft was willing to irritate its users a bit to start driving the security bar higher.
Applying security mechanisms such as MAC labels or TE policies tends to really interfere with casual system operation and baffle most users. Making the system unuseable is one way to secure, it as an unused system is not going to damage anyone. It is also not going to make a happy users. Hence the continual striving for an acceptable balance between ease of use, security, and functionality.
MS releases products with what it believes to be a reasonable balance of these issues for general consumers. MS also recognizes that some customers are willing to sacrifice functionality and ease of use for security and reliability. Thus provisions are made to allow the appropriate policy controls (typically implemented through group policy) to make the system suitable for DOD / critical infrastructure use. I would expect that you could find the appropriate information on MSDN, if not in the configuration guidelines for DOD environments (roughly the old NSA HiSec template and configuration guidelines).
I will start this response with noting that I work a security team at MS that deals with OS security issues.
Writing a secure browser is inherently difficult, particularily if you want to execute untrusted code, run complex parsers, or run neat active features. MS took an enormous step in security with their release of IE 7. This bug would appear to involve one of those neat features. I have no doubt that it will be fixed in a timely manner.
In protected mode IE, the process is running at a low integrity level. As such, it cannot write to normal integrity level items, and hence your data is reasonably safe from direct tampering.
Until a patch is released, turn off active cursors.
All features add attack surface. If you are more concerned about security, such as I am, you will disable features that are neat, but don't add much functionality. I suspect that most users like the neat eye candy.
As for me, I am running Vista on a notebook in power saving mode. I went into advanced settings and optimized for performance, thereby disabling aero / glass. I then went into the control panel and turned off sidebar. I run explorer in Windows classic mode. And yes, I routinely work in a command prompt.
I browse with IE in protected mode. I have gone into the advanced settings and turned off scripting, multi-media, explicitly disabled flash/shockwave, active code, etc. If web sites were understandable in plain text, I would turn of images as well. I would expect that most other browsers would be reasonably safe with such lockdowns -- but much of the web might as well not exist for such restricted browsers. Only for sites that I trust do I enable additional functionality, using IE's zones model, a capability I do not find in Opera or FireFox, which I have used extensively.
Note that before I joined MS, I was only a modest MS user. After my experience with Apple - an iBook that burned through 4 motherboards and never ran more than 9 months without replacement and an Apple policy that required me to keep buying new OS releases at ~ $150 about every 2 years to keep my security updates, I came to truly appreciate the long term and transparent MS support.
Slashdot Mirror
Stupid! Stupid! Stupid!
We have here a demonstration that other Western Democracies have large populations of professional politicians that can give US politicians a run for its money on stupidity and short sightedness.
Certainly, I will find it most useful if my kids believe that I can track them and their behavior while they are going through their teenage years. It might dissuade them from some of the more outrageous stunts. After all, I don't want them trying to repeat, let alone exceed, some of the damm fool things I did.
Microsoft executives pulled neat features from Vista (WinFS and others) because they were likely to consititute too much of a security risk. Other changes were made, despite app compat issues, to increase system security. Vista, far more than XP, allows a user to run as a normal user without any administrative credentials (If I have to do any administrative chore, I have to enter my machine administrator credentials, equivalent to su root). From my point of view, the increase in security associated with Vista compared to XP justifies it. I run with all the neat visuals turned off, so my screen is in "classic" mode. It speeds the system up.
Why do I run Windows? For the same reason as most users -- For the wide variety of apps that run on it (both commercial and shareware). Microsoft created an effective ecosystem. While the OSS community is trying, they are nowhere close -- just look at all the Linux distros, let alone the various BSD's. Over time, the OSS space will close the difference, but the Windows system is richer now. The security bulletin data suggests that the security push did have a significant impact, with high-impact security bulletins reduced by ~ 2X or more.
More features = more attack surface = lower security.
Running downloaded (generally untrusted) code = rich extensibility = bad security. After all, the code writer is doing what they want, not necesarily what you want.
The default document format for Office 12 is docx, which does not support macro functionality. Despite its addiction to rich functionality (remember, customers want it), Microsoft has gotten better over the past few years. If OO / Firefox / ... is going to play the feature addition race with MS, they are going to dive headfirst into the same mud lake Microsoft went into first and we can expect that it will take them some time to figure out how the manage the associated issues.
As for me, I don't particularily value all the visuals and I know the security issues associated with parsing complex data streams. In my normal web browsing zone I run with all media off, flash and its ilk specifically disabled, and all scripting off. My experience is poorer for the lockdown, but it is both faster and more secure.
Since it appears that Web 2.0 is all but synonomous with cross-site scripting as a feature, my default browser settings have all scripting and components off. A site gets into my trusted site list only if I trust it with my credit card or equivalently, allow it to install software on my system (such as Windows Update).
You have to look at the probablility as well as the impact of a vulnerability. All organizations that examine or fix issues categorize them by impact. An application crash is far less serious than a remote anonymous EOP or a remote anonymous DOS against a critical server. Customer's don't like installing patches. It is reasonable to fix the most serious issues via patches / updates and punt the less serious issues until the next service patch or major release.
There has never been a requirement to use the "best" technology in any field (even when lives are at stake) -- after all, "best" does not have a cost associated with it and one can always add improvements, even if the cost is exponentially higher.
This is a desparate marketing and publicity ploy.
As matter clouds condenses, gravitational energy is released. This energy has to be radiated away for the collapse to proceed, as the collapse is opposed by the thermal kinetic energy of the matter in the cloud. This was a major problem in the early universe when the abundance of metals was so low that radiation cooling was less efficient. If dark matter interacts very weakly with normal matter and electromagnetic fields, cooling is going to be very slow indeed. We know that dark matter exists and that it forms concentrations on the scale of large galaxies. We do not have strong evidence for the concentration of dark matter in the solar system, where it could result in apparent radial variations in solar or planetary masses. I supect that cooling of stellar mass dark matter clouds is rather difficult. Once somebody figures out how to observe the stuff and its properties, we can better understand what we see and what we should be looking for.
It would be better not to have security issues at all, but Microsoft is behaving responsibly in patching regularily. Note that not all of the issues patched had been publically disclosed. The patch data on OS X and the *nix distro's is worse. Microsoft tries to release on a monthly schedule to minimize the impact upon its user base. Microsoft's enterprise users do NOT want a continuing stream of patches being released, but want them packaged at a regular schedule so that they can be planned for.
How many distro's continue to support 5 year old releases? Apple doesn't provide security patches for OS versions that are more than 2 point releases old -- you have to go and buy a newer copy of the OS for another $150 to get support. On the *BSD or *nix front, I don't see much active support for older releases for end users. With Microsoft, I have to install a service pack every 2 years or so, but I get active support for security issues for at least 6 years and frequently longer without having to pay for maintenance (and yes I know about the early termination of Win 9X / ME. This was an anomoly due to the fact that the 9X platform did not have the security infrastructure to support modern requirements. It couldn't really be patched.)
And the studio's wonder why TV viewership is declining? After trying for a year, I dropped my cable subscription -- I don't think what is on the networks is particularily good for my young kids. I get movies / video's from my public library, which is quite good. I truly despise the 10 minutes of adds for other video's that Disney puts in their headers, so only occasionally do I check out a Disney video for them to watch. My kids watch the occasional video, play outside, play some on the computer (I have done extensive filtering and if I see to much usage of a site such as neopets, I blacklist it), and read. Given few alternatives, even athletic kids will take to reading when they can't be outside with a ball. I have one TV in the house, a ~ 4 year old HDTV ready CRT. If the content suppliers think that I will replace my system to get DRM-protected content, they are sorely mistaken. I would rather read. With Google's book scanning project (books.google.com) and the Gutenberg project, there is a mass of older books that are free to complement what you find in your library and bookstore.
Pair creation supernovae were predicted decades ago. The conditions for their formation are a bit strict and they do not appear to be very common at this point. Black hole creation is probably must more common. If we have seen one now, it is a good reinforcement of old theoretical work.
Features and gizmo's sell, or Dell, HP, et. al. wouldn't push them. You may not like them, I may not like them, but the fact is that they sell. The newer Linux distro's are getting bloated as well. Why? Because all those features appeal to users. The vendors are giving us what we "want" at least to the extent that they can succesfully convince us of what we "should want". I don't want to get into a debate on marketing driving wants. It is a black hole from which one never returns. But manufacturers do pay close attention to what sells, and what does not. It determines their survival or not.
If you want to keep it simple, install a minimal build of Linux, or one of the baseline BSD's. On the Windows side, Win 2K3 server makes a very secure and reliable platform.
Reasonable idea. I hope somebody from power management reads slashdot. I have no idea who to forward it on to.
The assumption that Microsoft products are always insecure is not justified. Microsoft consumer products are feature loaded and are optimized for rich usage models. Consequentially, they have far larger attack surface than if they were minimally configured. We see the same thing hapening in the *nix releases. Ubuntu and SUSE are far larger than *nix releases of 5 years ago. Compare them and their requirements to the current BSD releases, which are far more economical. Field experience with Windows 2K3 servers has shown them to be quite secure and very reliable. I believe that this will continue to the be the case with LongHorn server, which I have been running on and off for 2 years now, from early pre-beta releases. Unlike the early builds of Vista, LongHorn server has been robust and reliable. Vista accomplished this by RTM, but LHS has always been solid in my experience.
For untrusted browsing or simply going out and getting a file from sites that are not in my trusted site list, I use another browser. Currently it is Opera with everything turned off. No images, plugins, scripting, etc. Cache and cookies flushed on exit. In effect, a close to text more static renderer (opera is better supported than Lynx). If works fine for file acquisition and can easily handle the NYTimes. Even nicer, there are no adds. I start up clean when I go and get a file.
By using server, I have truly broken media on my system. There is no audio support and I don't have media player. I don't care.
You could do it that way, but it would be rather inconvenient. I suspect that you would have an easier time using a chroot jail to confine your browser. It has about the same impact. The protected mode involves an integrity label that is set to low. The browser, running at low, is not allowe to directly modify normal files (which are implicitly medium, system files are labeled high). Many of the vulnerabilities in Windows come from the fact that normal users are running with admin privledges. Unfortunately, much software is written assuming such privledges. If you are not running with administrator privledges, compromises of a user account or application are less likely to compromise the system, irregardless of the OS you are running under, be it Windows or *nix.
I would note that locked down as it its, it does break a lot of web sites. Paranoid as I am, I typically have explicit distrust keys for Flash and I disable all multimedia to avoid parser errors.
I am now running LongHorn Server Beta 3 on my notebook, running as a standard user. Glass and Sidebar are not even available, and my battery life seems to have gone up significantly, I assume because fewer processes are running. IE is hardened on server and it is certainly more secure. And yes, I have enabled the wireless functionality and search indexer. My desktop does look much like Win 2K.
Security tends to go up as you run less functionality. It appears that battery life does so as well.
In their determination to sucessfully match Office's rich features, Open Office has acquired similar vulnerabilities. One evaluation I saw some time ago concluded that Open Office was likely to be more vulnerable than Office.
If you want to be secure, run software that does what you need, and NO MORE! Rich functionality and extensibility are the attack points. Not many people want to restrict themelves to txt files or filtered html, let alone edit any longer with editors such as vi or microemacs. Due to their extensibility, pdf and postscript are suspect in the eyes of the truly paranoid, let alone the complex modern formats.
As to why you should trust MS to handle its crypto and privacy obligations, I would suggest several reasons.
MS's design and implementation has been carefully reviewed by trusted outside examiners as part of the Common Criteria effort. This includes access to source code and the running of explicit tests against interfaces and API's.
Governments and companies that are security critical deploy these systems. If MS were not behaving properly, these customers would not be buying and deploying.
On the other hand, my new system has 2 GB of RAM and a Intel Core 2 Duo processor. I am running Vista on it and have my kids browse from it (running as limited users without admin privledges). It has very convenient parental controls. There are significantly fewer security issues with Vista than there are with XP, and in general you can configure the system to reduce these even further by turning off functionality that you don't use. Even running Vista basic, you get the security enhancements and the search functionality, in my personal opinion, the most important core features in Vista. I ran Vista on a Dell D610 notebook at MS since pre-Beta 1 (after all we eat our own dogfood, and B1 really was dogfood). I found that if I optimized for performance, turned off the sidebar, set to Windows Classic interface, and reduced the priority of the search service, I had quite good performance, even with old HW. I am not interested in glitzy interfaces, so I still run Windows Classic and have the sidebar turned off.
No single browser is truly secure. They are getting better, but so are the attacks. Reducing their functionality can increase their security. If you want to do banking as well as browse to dangerous locations from an XP or earlier system, I would recommend using 2 browsers. Until my children started using the computer, I was safe with IE alone, as I am a vigilant user and don't browse the more dangerous corners of the net. Since my children now ocassionally use the system as well, I have added Firefox. I use IE 7 on XP for my banking, trusted transactions, and interaction with will known sites (the security settings for the Internet zone are customized and quite high, with my bank in the trusted site zone). I have told my children to use Firefox for general browsing, (I have gone into the firefox configuration to disable active content, scripting, media, etc. AJAX does not run on my Firefox configuration). Note that on Vista a vigilant user can use protected mode and zones to get equivalent results. I have recently added a Vista computer as my children't primary computer. Vista has basic parental controls. The children run as limited users and use IE7 in protected mode on the Vista system. I do not need to run Opera / Firefox as a secondary browser in this configuration - indeed, doing so would break the parental controls, which are integrated into the IE filter engine. If general users want to be safe in e-mail, they should work in plain text only. I learned long before I came to MS to move to plain text. Doing so does a great job against image spam and it also breaks the html games that can be played against the user. My home XP system is an old Win 98 system that I upgraded to XP. Given the legacy HW that is attached to it, I will never upgrade it -- Vista drivers are not available. The system and software still does what I bought it to do.
A look at the vulnerability / bug reports for IE 7 vs Opera vs Firefox vs Safari can be interpreted by the reader to favor any given browser, depending upon the relative weights given to the various factors and the reader's desire to believe in any given browser. I do not believe that the data clearly demonstrates a clear and uncontested security superiority for either Firefox or Opera. The data does clearly show that IE 6, an older browser, is less secure than newer browsers. This is not surprising. Older versions of Firefox also have more vulnerabilities. By the way, I do like Opera. The data shows that no browser is absolutely safe. Using IE 7 in protected mode helps (Vista only). If you are going to browse in the most dangerous sites, I suggest that you take corresponding protective measures. The simplest would to be to run from within a VM. On a Free BSD system, it would be appropriate to jail your browser and you might want to use a Biba policy with the MAC labels to further confine potential damage. The Chroot jail is supported, to the best of my knowledge on Linux distros and if you are running from one of the Linux distros that support SeLinux, you can set the TE policy to confine it further. The security of an OS and application is dependent upon how much functionality is exposed to the attacker. OpenBSD tries very hard to minimize their attack surface and has done a good job of it. Despite their efforts, they recently had a remote vulnerability in the IP6 system. Users seem to like rich functionality, as seen in modern Windows releases, as well as Linux releases such as SUSE 10. When you expose more functionality, you get more vulnerabilities. This is particularily true in applications such as browsers, which handle a wide variety of untrusted and frequently actively hostile content. When you start putting up security barriers, users get irritated. Surprisingly, Microsoft was willing to irritate its users a bit to start driving the security bar higher. Applying security mechanisms such as MAC labels or TE policies tends to really interfere with casual system operation and baffle most users. Making the system unuseable is one way to secure, it as an unused system is not going to damage anyone. It is also not going to make a happy users. Hence the continual striving for an acceptable balance between ease of use, security, and functionality. MS releases products with what it believes to be a reasonable balance of these issues for general consumers. MS also recognizes that some customers are willing to sacrifice functionality and ease of use for security and reliability. Thus provisions are made to allow the appropriate policy controls (typically implemented through group policy) to make the system suitable for DOD / critical infrastructure use. I would expect that you could find the appropriate information on MSDN, if not in the configuration guidelines for DOD environments (roughly the old NSA HiSec template and configuration guidelines).
I will start this response with noting that I work a security team at MS that deals with OS security issues.
Writing a secure browser is inherently difficult, particularily if you want to execute untrusted code, run complex parsers, or run neat active features. MS took an enormous step in security with their release of IE 7. This bug would appear to involve one of those neat features. I have no doubt that it will be fixed in a timely manner.
In protected mode IE, the process is running at a low integrity level. As such, it cannot write to normal integrity level items, and hence your data is reasonably safe from direct tampering.
Until a patch is released, turn off active cursors.
All features add attack surface. If you are more concerned about security, such as I am, you will disable features that are neat, but don't add much functionality. I suspect that most users like the neat eye candy.
As for me, I am running Vista on a notebook in power saving mode. I went into advanced settings and optimized for performance, thereby disabling aero / glass. I then went into the control panel and turned off sidebar. I run explorer in Windows classic mode. And yes, I routinely work in a command prompt.
I browse with IE in protected mode. I have gone into the advanced settings and turned off scripting, multi-media, explicitly disabled flash/shockwave, active code, etc. If web sites were understandable in plain text, I would turn of images as well. I would expect that most other browsers would be reasonably safe with such lockdowns -- but much of the web might as well not exist for such restricted browsers. Only for sites that I trust do I enable additional functionality, using IE's zones model, a capability I do not find in Opera or FireFox, which I have used extensively.
Note that before I joined MS, I was only a modest MS user. After my experience with Apple - an iBook that burned through 4 motherboards and never ran more than 9 months without replacement and an Apple policy that required me to keep buying new OS releases at ~ $150 about every 2 years to keep my security updates, I came to truly appreciate the long term and transparent MS support.