A lot of comments here complaining about how Win95 is a perfectly reasonable OS and why should anybody waste money on WinXP.
Which seems kind of strange, as these are probably the same people complaining about how Win95 sucks, crashes a lot and requires daily reboots.
But on another point. If you were running Linux would you be content with using kernel versions dating back from 1995? I don't remember what version that would have been, probably early 1.x, but anyway...
One of the reasons I stopped using Linux was because I found it difficult at the time to keep up with all the upgrades needed. I'd find new software but in order to use it my kernel would have to be at some level, and to do that meant upgrading libraries and compilers and such.
While I think one of the compelling things about Windows is the fact that even a 6 year old version of the OS(Win95) can still work with a lot of modern software. The reality is that it is quite painful to try to live solely in that past and the new software with new hardware does give some very compelling features that makes life nice.
I don't maintain a constant upgrade cycle, only when I feel I want to. I have a PIII-850, 768 Megs of RAM and a 30 Gig drive. I run Win2k. I have Office XP. But I still only have Money 2000, having seen no reason to upgrade to either 2001 or 2002 versions.
I don't know. I think a lot of people just like to bitch. Do whatever you feel you need to do, but don't try to convince myself... I can make my own decisions.
I think you are somewhat confusing the issue. Nobody, including Microsoft, disagrees that WinXP is not a major upgrade from Win2k in the corporate arena.
Most companies aren't even on Win2k yet. They put a hold on plans to wait for WinXP to see what happened. Many companies are still using Win9x.
Are you also arguing that WinXP is not a compelling upgrade from Win9x?
I think you'll be surprised at the adoption rate of WinXP and Office XP. They're both high quality pieces of software.
Unless they've changed, Microsoft has always taken the position that if you have a license to a new product you can install a downgraded product in it's place.
We used to buy licenses to Office 97 and installed Office 4.0 for instance...
The Unix community only recently started changing their own distributions to prevent bad default installs. My recent installation of Solaris 8 still installs the buggy sendmail.
Get off your moral high horse before you fall off.
Nimda was sort of a best practices of Virus/Worm writing, because it had the behavior of both.
It would infect executables, or web files. It could spread by the infected executables on shares, or by people browsing to infected web servers using old versions of IE. It also tried to scan the network looking for vulnerable IIS servers, as well as trying to email itself the same way Sircam did.(i.e. it included an SMTP piece)
The point is that it was written to try multiple vectors of attack, such that it's chances of finding a vulnerable machine were much higher.
The only thing that slowed it was that the Code Red incident had caused many, if not most, people to install the latest patches on their machines.
Another example, the sadmind worm effected both IIS and Solaris boxes.
I guess the point is, try to build diversity and the world just builds a better worm/virus writer.
P.S. The cluefulness of the general Linux administrator is actually pretty low as it tends to be primarily popular with inexperienced college students.
It also doesn't take much work at all to effectively admin an NT box. But most NT admins also have other priorities put upon them by their corporate bureaucracies.
"Past performance is no guarantee of future results"
While I agree all of your complaints were accurate even six months ago, there has been a great deal of emphasis placed recently on resolving those exact issues.
One person from MCS posted to NTBugtraq just last week asking for advice on making the website better.
There has been numerous tools released in the past few months that make administration easier. The Hotfix checking tool in particular.
The security bulletins also now reference whether or not they have been superceded by additional patches.
The notion of rollup hotfixes has become a reality, a process which really started last year but has been further refined.
Bitching about the way things used to be is not conducive to an argument of how to improve the present state.
"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."
What part of "Congress shall" do you not understand?
In the original conspiracy theory posted by/. numerous people pointed out that the clause only referred to the use of the MSN and MSNBC components, which are basically web services of a sort.
This new article only states that the sentence does appear in the EULA, which was not in dispute.
What was in dispute was whether the sentence was taken out of context.
This new article doesn't provide any new evidence.
On NT4... SP6a + august 2001 rollup hotfix
On Win2k... SP2 + august 2001 rollup hotfix
IE5.01sp2 or IE5.5sp2 or IE6.0
Every one of these is listed on Windows update and works just fine to update a server.
The reality is that a decent administrator would probably not rely upon the update tool for this, but rather the hotfix checker that you would install and run as a daily batch job.
The IIS exploit that Nimda used was reported in October of 2000 in MS00-078... Web Server Folder Traversal.
But it references actually having already been patched by MS00-057... File Permission Canonization which was released in August of 2000.
Both of these have been included in various other hotfixes moving forward, including rollup hotfixes thrown together to battle Code Red.
The other IIS exploit was really just to use holes which had been punched in from Code Red. This means that if CR had infected a machine, that machine would need to have been properly cleaned up.
The other vector this virus used was a problem with invalid interpretation of Mime headers, reported in MS01-020 in March of 2001. This was corrected with SP2 of both IE5.01 and IE5.5, as well as IE6.0.
Yes these exploits had been patched many months ago.
No you did not have to subscribe to anything to obtain these patches, they are all available for Free off of Microsoft's website.
http://www.microsoft.com/security
/. tends to have difficulty representing the truth. Personally I blame it on a shortage of anti-depressant medications in Michigan.
For a community which talks about freedom and openness, it amazes me to what level it will go to to stifle speech which is not favorable to it's cause.
This article may have been Offtopic, but it's important to learn about these things.
I don't want to dismiss the fear, because I think it is important.
But why attack Passport? How is Passport any more centralized than Visa or Mastercard?
You don't think credit card companies track your purchases? You don't get a statement at the end of the month? In the case of American Express they send you a statement at the end of the year that even classifies your purchases, so much at restaurants, so much for travel, etc...
These reactions seem to be more anti-Microsoft kneejerk reactions than any serious discussion of the problems and solutions. I don't see much value in that tactic.
Yes. The MP3 thing is factually incorrect. Actually most of this guys comments are either just plain wrong, or wishful thinking anyway.
I don't understand what it is with some people. They do not like the way the world is now, so they dream that the world is even worse than it actually is. For what purpose?
I tire of zealotry. The events this past week show how dangerous it can become.
A lot of comments here complaining about how Win95 is a perfectly reasonable OS and why should anybody waste money on WinXP.
Which seems kind of strange, as these are probably the same people complaining about how Win95 sucks, crashes a lot and requires daily reboots.
But on another point. If you were running Linux would you be content with using kernel versions dating back from 1995? I don't remember what version that would have been, probably early 1.x, but anyway...
One of the reasons I stopped using Linux was because I found it difficult at the time to keep up with all the upgrades needed. I'd find new software but in order to use it my kernel would have to be at some level, and to do that meant upgrading libraries and compilers and such.
While I think one of the compelling things about Windows is the fact that even a 6 year old version of the OS(Win95) can still work with a lot of modern software. The reality is that it is quite painful to try to live solely in that past and the new software with new hardware does give some very compelling features that makes life nice.
I don't maintain a constant upgrade cycle, only when I feel I want to. I have a PIII-850, 768 Megs of RAM and a 30 Gig drive. I run Win2k. I have Office XP. But I still only have Money 2000, having seen no reason to upgrade to either 2001 or 2002 versions.
I don't know. I think a lot of people just like to bitch. Do whatever you feel you need to do, but don't try to convince myself... I can make my own decisions.
I think you are somewhat confusing the issue. Nobody, including Microsoft, disagrees that WinXP is not a major upgrade from Win2k in the corporate arena.
Most companies aren't even on Win2k yet. They put a hold on plans to wait for WinXP to see what happened. Many companies are still using Win9x.
Are you also arguing that WinXP is not a compelling upgrade from Win9x?
I think you'll be surprised at the adoption rate of WinXP and Office XP. They're both high quality pieces of software.
Unless they've changed, Microsoft has always taken the position that if you have a license to a new product you can install a downgraded product in it's place.
We used to buy licenses to Office 97 and installed Office 4.0 for instance...
I think you are confused.
.NET is everything. VB.Net or C# can be used to develop client programs just as much as they can be used for web development.
You haven't heard of WinForms?
'you're on their payroll, tho'
Oh give me a fucking break.
The Unix community only recently started changing their own distributions to prevent bad default installs. My recent installation of Solaris 8 still installs the buggy sendmail.
Get off your moral high horse before you fall off.
Nimda was sort of a best practices of Virus/Worm writing, because it had the behavior of both.
It would infect executables, or web files. It could spread by the infected executables on shares, or by people browsing to infected web servers using old versions of IE. It also tried to scan the network looking for vulnerable IIS servers, as well as trying to email itself the same way Sircam did.(i.e. it included an SMTP piece)
The point is that it was written to try multiple vectors of attack, such that it's chances of finding a vulnerable machine were much higher.
The only thing that slowed it was that the Code Red incident had caused many, if not most, people to install the latest patches on their machines.
Another example, the sadmind worm effected both IIS and Solaris boxes.
I guess the point is, try to build diversity and the world just builds a better worm/virus writer.
P.S. The cluefulness of the general Linux administrator is actually pretty low as it tends to be primarily popular with inexperienced college students.
It also doesn't take much work at all to effectively admin an NT box. But most NT admins also have other priorities put upon them by their corporate bureaucracies.
Code Red was also memory resident.
That sure didn't stop it from propogating.
Your last paragraph has been addressed by Windows XP.
Microsoft listens to the critcism and responds, something very few other companies ever do.
Answer my question. What part of "Congress shall" do you not understand?
Microsoft is operating perfectly within the law of the land.
This is contract law, pure and simple.
Ever read the clarification on a mutual fund?
"Past performance is no guarantee of future results"
While I agree all of your complaints were accurate even six months ago, there has been a great deal of emphasis placed recently on resolving those exact issues.
One person from MCS posted to NTBugtraq just last week asking for advice on making the website better.
There has been numerous tools released in the past few months that make administration easier. The Hotfix checking tool in particular.
The security bulletins also now reference whether or not they have been superceded by additional patches.
The notion of rollup hotfixes has become a reality, a process which really started last year but has been further refined.
Bitching about the way things used to be is not conducive to an argument of how to improve the present state.
"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."
What part of "Congress shall" do you not understand?
In the original conspiracy theory posted by /. numerous people pointed out that the clause only referred to the use of the MSN and MSNBC components, which are basically web services of a sort.
This new article only states that the sentence does appear in the EULA, which was not in dispute.
What was in dispute was whether the sentence was taken out of context.
This new article doesn't provide any new evidence.
OEM install CDs for Windows NT/2k have typically always shipped with the latest service pack. This has even been the case with Windows 95.
This has been the case since at least 1997.
So once again, how can Microsoft be responsible for not doing something they already do?
They can't guarantee this as there are often already copies of the OS in the distribution channels.
Huh?
On NT4... SP6a + august 2001 rollup hotfix
On Win2k... SP2 + august 2001 rollup hotfix
IE5.01sp2 or IE5.5sp2 or IE6.0
Every one of these is listed on Windows update and works just fine to update a server.
The reality is that a decent administrator would probably not rely upon the update tool for this, but rather the hotfix checker that you would install and run as a daily batch job.
http://www.microsoft.com/windows2000/downloads/cri tical/q301625/default.asp
That was oh ever so difficult.
My god, it's even linked as a critical update off windowsupdate.
Oh... whoa is me, I am so pained by having to search 30 seconds to identify all the critical updates for my Win2k box.
There's a difference between trolling and being stupid. Just so you know, you aren't trolling.
The IIS exploit that Nimda used was reported in October of 2000 in MS00-078... Web Server Folder Traversal.
But it references actually having already been patched by MS00-057... File Permission Canonization which was released in August of 2000.
Both of these have been included in various other hotfixes moving forward, including rollup hotfixes thrown together to battle Code Red.
The other IIS exploit was really just to use holes which had been punched in from Code Red. This means that if CR had infected a machine, that machine would need to have been properly cleaned up.
The other vector this virus used was a problem with invalid interpretation of Mime headers, reported in MS01-020 in March of 2001. This was corrected with SP2 of both IE5.01 and IE5.5, as well as IE6.0.
Yes these exploits had been patched many months ago.
No you did not have to subscribe to anything to obtain these patches, they are all available for Free off of Microsoft's website.
http://www.microsoft.com/security
/. tends to have difficulty representing the truth. Personally I blame it on a shortage of anti-depressant medications in Michigan.
Yes, but that's because you are ignorant.
USBank, Mellon Bank... Heard of them?
Heard of GLB law?
I doubt you can support your assumptions by defining the word "better."
I asked this in another thread several days ago.
Someone pointed out that NASDAQ has relaxed these rules quite a bit, because otherwise they would have no stocks to trade at all.
Just early versions of IE 5.0. 5.01 has a patch which was included in sp2 of that release.
l t. asp?url=/technet/security/topics/Nimda.asp
Useful information is here:
http://www.microsoft.com/technet/treeview/defau
So let me get this straight.
Because a security check cannot be 100% accurate we should not use it at all?
So we should just abandon the requirement for ID at airport checkin because the ID might be counterfeit?
That makes no sense.
For a community which talks about freedom and openness, it amazes me to what level it will go to to stifle speech which is not favorable to it's cause.
This article may have been Offtopic, but it's important to learn about these things.
I'm glad I was browsing at -1 today.
I don't want to dismiss the fear, because I think it is important.
But why attack Passport? How is Passport any more centralized than Visa or Mastercard?
You don't think credit card companies track your purchases? You don't get a statement at the end of the month? In the case of American Express they send you a statement at the end of the year that even classifies your purchases, so much at restaurants, so much for travel, etc...
These reactions seem to be more anti-Microsoft kneejerk reactions than any serious discussion of the problems and solutions. I don't see much value in that tactic.
It's not a shipping product, yet it's being shipped with most major Linux distributions and has been for over a year now?
How convenient, and people accuse Microsoft of releasing software in a beta stage.
Yes. The MP3 thing is factually incorrect. Actually most of this guys comments are either just plain wrong, or wishful thinking anyway.
I don't understand what it is with some people. They do not like the way the world is now, so they dream that the world is even worse than it actually is. For what purpose?
I tire of zealotry. The events this past week show how dangerous it can become.