Then hire a consultant if you want support. Microsoft isnt preventing you from doing that.
Youre talking about free updates, which is the analogue to car warranties where the car manufacturer provides fixes without charge.
cause XP was still on sale fairly recently)
I can probably go out and download Red Hat 7.3, too. Id just be an idiot to expect anyone to be updating RPMs for it, especially the vendor, especially for free. Theres also the whole point that Microsoft TRIED to stop selling XP when Vista released, but there was huge demand for them to keep selling it. What you paid for, however, was a product with a fixed EOL date, and that did not change. If you bought XP, you knew what the EOL date is; if you didnt like it, you shouldnt have bought it.
Never mind that you werent actually buying XP licenses-- you were buying Vista / 7 Pro licenses with downgrade rights, so when XP finally goes off of support you still can legally get support by upgrading to Vista / 7 with that license you bought 3 years ago. They just threw in rights to run an older OS at no extra charge; no guarantee of extended support was made.
If you dont like their products (vista) dont buy them.
Just dont demand free support for an ancient, EOL'd product and expect anyone to take you seriously, or think you can get away with claiming that Microsoft has provided poor support for XP.
Correction to my other post: i did not see that they apparently changed it to a monetary reward, but it IS worth mentioning that Windows was not the first to be hacked for the first several years.
My point wasnt that OSX was less secure than windows, its that incentive / difficulty plays a HUGE role, and Windows is the most common and best understood target for exploits. That doesnt speak to architectural strenghts or weaknesses, just to popularity.
It was focused on getting an exploit to run through a link, which when speaking about OS security is invariably whats really being discussed.
When people speak about how horrible Windows security is due to viruses, well, guess what: most of those viruses appeared on that computer through the browser; there had to be an exploit in either the browser or one of its loaded plugins (ie flash, or the native image handler (GDI flaw on windows)); that exploit had to get past any sandboxing, and it had to have sufficient rights to execute code.
All of that depends partially on the browser, and partially on the OS. The OS can mitigate some of those exploits with tech like :
* no-execute bit
* ASLR (which as I said appeared in a "strong" form first on WIndows)
* native sandboxing
Regarding the failure to exploit ChromeOS, a few points. First, the prize tends to be "the device you owned"; chromeOS boxes tend to be a lot less valuable (retail) and less useful (to a hacker) than a MacBook or a Windows laptop. Second, ChromeOS probably is more secure than Windows or OSX, because its pretty stripped down. That doesnt speak to the kernel or to more common configurations, it just speaks to removing complexity; one could argue in all fairness that more common desktop distros are LESS secure due to poor firewall configuration compared to Windows' network awareness, or the microkernel design of the OS.
If we could just implement a script on slashdot to mute or auto-downmod users who post comments which clearly indicate both ignorance and not having read the article, maybe we could clean the site up.
Wow, a 4-digit UID and you cant be bothered to RTFA or any of the dozen other comments explaining why your comment is false.
The really sad thing is your UID indicates youve been into technology for at least a decade-- but it apparently doesnt stop you from making comments on stuff that you have absolutely no clue about.
Heres a hint: It was through MSRT / Security Essentials.
I dunno, how hard is it to compromise the official debian repository? And whats the budget disparity between the folks running Windows Update servers and the Debian repos?
If youre throwing away the key to an FDE'd drive, you must shut the system down to hibernate. FDE means the OS itself cannot be read from disk without the key; if you throw the key away, youre going to have a rather hard time interacting with your OS.
Perhaps thats possible to do, but AFAIK truecrypt does not dismount FDE'd drives or throw the key away unless you hibernate for that very reason.
Its been explained a million times, from people pointing out how Win7 had strong ASLR before any other major OS, to the fact that Windows was NOT the first to fall in the yearly Pwn2Owns for the first 5-6 years (that would be OSX).
Ever since admin-by-default was killed and UAC was introduced in Vista, there has been very little substantial security advantage in Linux except for two things-- the better updating system (since most vulnerabilities exist in third party programs, this is a better mitigation than anything Windows has), and its relative market obscurity. If Pwn2Own has taught us anything, its that all systems have driveby exploits; its just a matter of having the right incentive (such as a free macbook if you succeed).
If your machines are bare or just depend on the built-in firewall, they are not secure.
Thats pretty arbitrary, but OK. You could argue that the "out of the box" nature of Windows makes it less secure, except that file sharing is off by default since Vista (with the network location doohicky), and either way there are a LOT of consumer-oriented Linux distros that share the same problem. I havent seen one that has the nice auto-configuring firewall that Windows has since vista, however.
Car warranties are generally 3-5 years. XP is now 13 years old.
Find me a car on the market with gratis lifetime warranty / support, and we'll talk. Generally new cars with computer systems are lucky if they get a years worth of updates for said computer.
Thats called an evil maid attack, and it is a real threat-- as is hardware keyloggers. There is mitigation, however: its not super easy to do ahead of time, because each truecrypt bootloader is unique. The drive encryption key is encrypted with the passphrase, and stored with the bootloader-- and it must be present for the "fake" bootloader to be able to decrypt the drive. So for such an attack, someone would need to have access to the drive, make a copy of the bootloader, modify the bootloader with the keylogger, get access to the computer again, wait for you to type the key in, and then get access a third time to image the drive and retrieve the logged passcode.
Thats not 100% true; the key generally IS stored on-disk, and is itself encrypted with your passkey.
The reason they do this is so that you can change your passkey without re-encrpting your whole drive; instead they just have to re-encrypt your 256/512 bit key.
For FDE, the key is stored as part of the bootloader, which is why you have to burn your own recovery disk: if the bootloader goes heels up, you need to recover it as it is the only place the actual key is stored. It also means that you can trivially wipe a truecrypt FDE'd drive by killing the bootloader and any backups securely.
XP with 4GB of RAM loses ~1.5GB of ram to addressing problems off the bat. There goes the arguable RAM advantage it has over 7.
Anyone who's used XP in an office recently knows it its unusable at less than 768MB, out of a general maximum of 2.5-3.2GB (depending on hardware). As I said, add in mandatory compliance and security stuff and youre up to 1.5-2GB, leaving maybe a gig for programs. Thats a few browser windows, a document, and not much else.
The average office worker, on the other hand, will have Outlook, with about seventeen message windows open, a browser window with 2-5 tabs, 3-4 documents, and a wildcard depending on their role (accounting, spreadsheet, graphics, etc). 1 GB will not cover that without some painful disk paging.
Except that OSes dont have near that long of a lifespan.
2001 was Linux kernel 2.4 2000 was 2.2. Both have long since been EOL'd If you want to look at a full OS, I think Red Hat Linux 7.2 would be right about the same age as XP; it was EOL'd in December 31, 2003 (source).
Microsoft has gone way beyond what any other OS vendor has ever done, excepting perhaps IBM with some of their ancient AIX boxes.
Slashdot Mirror
Then hire a consultant if you want support. Microsoft isnt preventing you from doing that.
Youre talking about free updates, which is the analogue to car warranties where the car manufacturer provides fixes without charge.
cause XP was still on sale fairly recently)
I can probably go out and download Red Hat 7.3, too. Id just be an idiot to expect anyone to be updating RPMs for it, especially the vendor, especially for free. Theres also the whole point that Microsoft TRIED to stop selling XP when Vista released, but there was huge demand for them to keep selling it. What you paid for, however, was a product with a fixed EOL date, and that did not change. If you bought XP, you knew what the EOL date is; if you didnt like it, you shouldnt have bought it.
Never mind that you werent actually buying XP licenses-- you were buying Vista / 7 Pro licenses with downgrade rights, so when XP finally goes off of support you still can legally get support by upgrading to Vista / 7 with that license you bought 3 years ago. They just threw in rights to run an older OS at no extra charge; no guarantee of extended support was made.
If you dont like their products (vista) dont buy them.
Just dont demand free support for an ancient, EOL'd product and expect anyone to take you seriously, or think you can get away with claiming that Microsoft has provided poor support for XP.
Correction to my other post: i did not see that they apparently changed it to a monetary reward, but it IS worth mentioning that Windows was not the first to be hacked for the first several years.
My point wasnt that OSX was less secure than windows, its that incentive / difficulty plays a HUGE role, and Windows is the most common and best understood target for exploits. That doesnt speak to architectural strenghts or weaknesses, just to popularity.
It was focused on getting an exploit to run through a link, which when speaking about OS security is invariably whats really being discussed.
When people speak about how horrible Windows security is due to viruses, well, guess what: most of those viruses appeared on that computer through the browser; there had to be an exploit in either the browser or one of its loaded plugins (ie flash, or the native image handler (GDI flaw on windows)); that exploit had to get past any sandboxing, and it had to have sufficient rights to execute code.
All of that depends partially on the browser, and partially on the OS. The OS can mitigate some of those exploits with tech like :
* no-execute bit
* ASLR (which as I said appeared in a "strong" form first on WIndows)
* native sandboxing
Regarding the failure to exploit ChromeOS, a few points. First, the prize tends to be "the device you owned"; chromeOS boxes tend to be a lot less valuable (retail) and less useful (to a hacker) than a MacBook or a Windows laptop. Second, ChromeOS probably is more secure than Windows or OSX, because its pretty stripped down. That doesnt speak to the kernel or to more common configurations, it just speaks to removing complexity; one could argue in all fairness that more common desktop distros are LESS secure due to poor firewall configuration compared to Windows' network awareness, or the microkernel design of the OS.
I was speaking about security.
Although if you wanted to go down that road, AFAIK microkernels (like NT) tend to be more secure than monolithic kernels (like Linux's).
If we could just implement a script on slashdot to mute or auto-downmod users who post comments which clearly indicate both ignorance and not having read the article, maybe we could clean the site up.
Wow, a 4-digit UID and you cant be bothered to RTFA or any of the dozen other comments explaining why your comment is false.
The really sad thing is your UID indicates youve been into technology for at least a decade-- but it apparently doesnt stop you from making comments on stuff that you have absolutely no clue about.
Heres a hint: It was through MSRT / Security Essentials.
Class action against who? The people on slashdot who cant be bothered to read the article before they comment on it?
Count me in.
I dunno, how hard is it to compromise the official debian repository? And whats the budget disparity between the folks running Windows Update servers and the Debian repos?
Im thinking "hard".
I take it you dont understand what a botnet is, or why theyre the bane of the internet.
For starters: where do you think these "record size DDOS attacks" you keep hearing about come from?
Its not gonna stop a slew of comments on how Microsoft is violating user rights or whatever.
If youre throwing away the key to an FDE'd drive, you must shut the system down to hibernate. FDE means the OS itself cannot be read from disk without the key; if you throw the key away, youre going to have a rather hard time interacting with your OS.
Perhaps thats possible to do, but AFAIK truecrypt does not dismount FDE'd drives or throw the key away unless you hibernate for that very reason.
Its been explained a million times, from people pointing out how Win7 had strong ASLR before any other major OS, to the fact that Windows was NOT the first to fall in the yearly Pwn2Owns for the first 5-6 years (that would be OSX).
Ever since admin-by-default was killed and UAC was introduced in Vista, there has been very little substantial security advantage in Linux except for two things-- the better updating system (since most vulnerabilities exist in third party programs, this is a better mitigation than anything Windows has), and its relative market obscurity. If Pwn2Own has taught us anything, its that all systems have driveby exploits; its just a matter of having the right incentive (such as a free macbook if you succeed).
If your machines are bare or just depend on the built-in firewall, they are not secure.
Thats pretty arbitrary, but OK. You could argue that the "out of the box" nature of Windows makes it less secure, except that file sharing is off by default since Vista (with the network location doohicky), and either way there are a LOT of consumer-oriented Linux distros that share the same problem. I havent seen one that has the nice auto-configuring firewall that Windows has since vista, however.
Im assuming you have the good sense not to demand free ongoing support for those systems (particularly from the bloodless turnip that is SCO).
Red Hat updates are free?
News to me.
Car warranties are generally 3-5 years. XP is now 13 years old.
Find me a car on the market with gratis lifetime warranty / support, and we'll talk. Generally new cars with computer systems are lucky if they get a years worth of updates for said computer.
Your OS 20 years ago didnt have protected memory, ASLR, or a journaling filesystem, to name a few big ones.
sheeple
You lost me here, gunpistolman.
Thats called an evil maid attack, and it is a real threat-- as is hardware keyloggers. There is mitigation, however: its not super easy to do ahead of time, because each truecrypt bootloader is unique. The drive encryption key is encrypted with the passphrase, and stored with the bootloader-- and it must be present for the "fake" bootloader to be able to decrypt the drive. So for such an attack, someone would need to have access to the drive, make a copy of the bootloader, modify the bootloader with the keylogger, get access to the computer again, wait for you to type the key in, and then get access a third time to image the drive and retrieve the logged passcode.
Its doable, but it requires 2-3 accesses.
Thats not 100% true; the key generally IS stored on-disk, and is itself encrypted with your passkey.
The reason they do this is so that you can change your passkey without re-encrpting your whole drive; instead they just have to re-encrypt your 256/512 bit key.
For FDE, the key is stored as part of the bootloader, which is why you have to burn your own recovery disk: if the bootloader goes heels up, you need to recover it as it is the only place the actual key is stored. It also means that you can trivially wipe a truecrypt FDE'd drive by killing the bootloader and any backups securely.
SATA drives dont have OSes, they have firmware.
Autodismount is not, of course, applicable to FDE.
THats called hibernate.
XP with 4GB of RAM loses ~1.5GB of ram to addressing problems off the bat. There goes the arguable RAM advantage it has over 7.
Anyone who's used XP in an office recently knows it its unusable at less than 768MB, out of a general maximum of 2.5-3.2GB (depending on hardware). As I said, add in mandatory compliance and security stuff and youre up to 1.5-2GB, leaving maybe a gig for programs. Thats a few browser windows, a document, and not much else.
The average office worker, on the other hand, will have Outlook, with about seventeen message windows open, a browser window with 2-5 tabs, 3-4 documents, and a wildcard depending on their role (accounting, spreadsheet, graphics, etc). 1 GB will not cover that without some painful disk paging.
Except that OSes dont have near that long of a lifespan.
2001 was Linux kernel 2.4 2000 was 2.2. Both have long since been EOL'd If you want to look at a full OS, I think Red Hat Linux 7.2 would be right about the same age as XP; it was EOL'd in December 31, 2003 (source).
Microsoft has gone way beyond what any other OS vendor has ever done, excepting perhaps IBM with some of their ancient AIX boxes.