Not only that, but the more heavy-handed Apple gets, the more they risk that cool-chique image as they appear more and more like just another greedy corporation (i.e., more like MS).
Most people interested in hardware Apple doesn't already sell are techies/enthusiasts and businesses. None of them should hold any illusions about Apple being anything other than another greedy corporation (just like Microsoft).
If their hardware is truly superior, then it won't cost them much hardware business [...]
Of course it will. Most people don't buy "superior", they buy "cheap" (because that's all they can afford).
Apple will cater to the crowd looking for a machine between the Mini and the Mac Pro long, long before they cater to the crowd looking for OS X on generic PCs - and they're unlikely to do the former anytime soon because it would take a significant chunk out of higher-margin Mac Pro sales.
I have to wonder why they have not tried to get a preliminary injunction to halt shipment pending legal matters. They probably could get that fairly easily.
They're probably weighing it against the possibility of having their "you can only install the copy of OS X you bought onto our list of blessed hardware" clause in the OS X EULA ruled invalid.
That movie can be extremely easy to create, it's probably a fake.
Nowhere near as easy as just installing 10.5 on a suitable PC.
Seriously, why would anyone think the video is a fake ? It's not difficult to install 10.5 on EFI-capable PC hardware (which is both common and cheap).
Plop the mini's hardware into a mini-tower case, and tack on 1 PCI-E x16 slot, 1 PCI-E x1 slot, and 1 regular PCI slot, and then we'd have a machine worthy of my purchase. Until that point I'll keep on using my hacked up generic "mac" and my old PowerMac G4.
What they need is a Mac Pro Mini (or Mini Mac Pro). Basically, half a Mac Pro:
* Single dual or quad-core CPU
* 4 DIMM slots for 8G-16G RAM (2G standard)
* PCIe x16 slot (with room for dual-width cards)
* PCIe x4 slot
* PCIe x1 slot
* Two internal 3.5" bays, w/RAID1 or RAID0 on the chipset.
* One internal 5.25" bay (Dual layer DVDRW standard)
* Priced from about US$1100.
Of course, Apple will never do this because it would absolutely slaughter higher-margin Mac Pro sales.
First thing we did was make everyone a PowerUser to get the spell-checker working in Word (yes, that was quite a while ago).
I assume you mean Word 97. Even back then, you could have just modified the permissions on the relevant Registry key (and is what you should have done).
(This is not denying it was a problem in Word, just pointing out there are better solutions than the Power Users sledgehammer.)
Next we had to make everyone a DebuggerUser so they could debug the software they write. Then we just gave up and made everyone an admin (privelege escelation from DebuggerUser is trivial, so it's not like we were reducing security).
Well you are, because there's a significant difference between deliberately elevating privileges and having them high all the time.
OK, so as Software Developers ours might not be a typical office, but I wouldn't be surprised if those defaults were loosened (at least to PowerUser) in a lot of domains (due to bugs similar to the word-spellchecker one).
I'm sure they were, but that moves away from the "default configuration" context and, more importantly, was probably not really necessary anyway (better solutions would have been modifying the relevant filesystem and/or Registry permissions).
This leaves home and small-business (i.e. those without an AD domain setup) with the default which, even with XP-SP2, is to create admin acocunts without passwords.
I wouldn't be surprised if those non-AD boxes outnumber the AD ones. Even worse, those boxes are the least likely to have decent admin support.
While this is true, the rationale behind it was quite reasonable and there really wasn't a viable alternative. Further, in an unmanaged home environment, not running as an admin delivers a much smaller - nearly insignificant - security benefit compared to in a managed one (because even from a least-privilege default account, the typical ignorant end user will be happy to elevate privileges manually, either via a UAC prompt, a sudo prompt, or something else equivalent).
It's too bad that MS doesn't support the suid bit or capabilities and something like setuid (or seteuid).
This is a good thing. They're basically just hacks around a relatively primitive security model and have plagued UNIX security for decades (and will continue to do so).
I agree, only I'd change *default configuration in some environments* to out-of-the-box defaults which are unchanged in most environments.
The "out-of-the-box defaults" for Windows NT in a Domain environment is for users to not be Administrators. I'd say that accounts for a _lot_ of machines.
You're the first that I can think of to suggest (and you did say it out right) that MS Windows might actually have a better security model than Unix.
Then you need to read more. A LOT more.
Can you direct me to follow up your train of thought?
Wikipedia should be enough to get you started on Classic UNIX's and Windows NT's security models. The greater capabilities and flexibility of Windows NT's should be obvious from there. Pick up an OS textbook if you want more of the gory details.
However, to use the same example as before, the simple fact that UNIX has a superuser and Windows does not, makes its security model better.
Most Unix applications are installed by the system using the system package manager pulling the installation files from a known good source.
...By root (although often via sudo these days) to a system-wide location.
So not only are Unix apps still installable by any user any where that user wants them, not only do windows apps moving to Unix get converted to the Unix way of doing things, but you now even see "installer-less" versions of Unix apps making their way back over to Windows.
Which, of course, just raises the question of "why wasn't it done like that in the first place" ? Further, it highlights my point that it's the developer's fault if their application acts in a boneheaded fashion and not the OSes.
This reminds me of an excellent example of developer stupidity. Doom 3 on Windows "requires" Administrator privileges to run. The _only_ reason it "requires" them is because it tries to write to a configuration file stored in %PROGRAMFILES%\Doom 3. Change the permissions on that one file and it works fine as a regular user (poosibly even a "Limited User"). This "problem" has _nothing_ to do with Windows and everything to do with the developers who decided that Doom 3 wouldn't put its configure file where it belonged, in the user's home directory.
The vast, vast majority of Windows applications that "need" Administrator privileges are like this. They try to write to files in system directories (or sometimes just open them read/write, even though they never write to them), or to system areas of the Registry where they don't have privileges. This has nothing to do with Windows, it is just the result of lazy and/or incompetent developers.
...except a proper Unix can install into/home/user.
As can Windows.
A number of applications do this by default and will complain or just plain bail out if you try to install them as root.
Like what ? Most "UNIX" applications these days are installed from package managers, system-wide, by root (via sudo). Of the ones that are still compiled by source, pretty much every one will have some variation of './configure;make;make install' listed in the INSTALL file, to install system-wide - again, by root.
Also, something like/Applications can be set up so that multiple users can create new directories in it but not necessarily stomp on each other.
WOW. Just like Windows !
On other platforms, services tend to not be installed as superuser.
Ah, yes, the good old "start as root then drop to another user" hack. Pity they still frequently have to start as root in the first place.
The fact that none of this occurs to you just shows how ingrained the whole "run everything root" idea is in Windows user culture.
Except that Vista's %PROGRAMFILES% and/Applications have one difference, if I remember correctly:
No, they're the same. If you have write privileges to/Applications or %PROGRAMFILES%, you can write to it. If you don't, you will need to elevate (either via UAC or whatever Apple calls their sudo prompt).
The best Windows was able to do was autorunnable browser interfaces and installers, but Windows lacks the ability to be graphic-oriented when showing you a directory listing, and some CD listings can be downright cryptic (opening setup.exe vs. setup.ico without guessing their extensions is annoying) Macs installers to get to the point and won't offer you AOL, bundleware, and Adobe PDF installers.
Windows does not lack this ability, people just don't use it. You've been able to "embed" things like backgrounds and whole HTML pages into Explorer windows since ca. 1997, with IE4's shell integration.
I will not argue against OS X's "installation" method, however, I will highlight that there is no technical reason Windows applications can not do this, or even take features from both sides (have both an installer and be able to "self heal").
In summary, it's an application problem, not an OS problem.
Well then this would certainly (not) explain why when I tried to setup Win2K in a locked down fashion similar to Unix it was (not) such a smashing success.
Nothing in the OS can help with broken applications.
Try telling it to people who don't have direct firsthand experience otherwise...
I have firsthand experience. I've been running NT from a regular user account since 1996 and been responsible for several environments where users did not have Administrator access to their machines.
well/Applications is for everyone. your supposed to install it there. Any where else and your app is misbehaving anyways.
Exactly. Just like %PROGRAMFILES%.
MSFT has turned a single user OS and tacked on multi user support, and then multi user security. OS X, and every *nix are Multi-user OS's.
False. Windows NT is, and always has been, a multiuser OS.
I not only have applications but also user specific applications stuff that only I can run, and stuff that only I can see.
And you can do exactly the same in Windows.
You shouldn't have to be an admin to install a web browser, word processor , or spreadsheet. You should only be an admin if your installing it for everyone.
No, because MSI runs privileged and is able to install such processes at the command of normal users - that's the hole. You get one prompt, at installation time.. but I've never seen a windows installer that *didn't* prompt for elevation.
Nothing to do with the OS, everything to do with the application developer.
Contrast with Unix based systems where installing apps as a normal user is the norm and installing as root is an exception (indeed with OSX each user has a full set of directories for this by default, and it's rare for something to require elevation.. when it does you definately think because it's unusual).
Bullshit.
If you think the vast majority of UNIX applications aren't installed by root, to a system-wide location, or that the vast majority of OS X apps aren't installed to/Applications (also by root), then you're either a fool or delusional.
*Especially* today. You might just have had a point, ~20 years ago, when multiuser UNIX systems with technically competent users were at least relatively common, but today when most people interact with what are essentially (if not technically) single-user PCs, such a claim doesn't even pass the laugh test.
Except nearly all installers use admin privileges, because the Program Files directory (to name just one) isn't per-user. Windows really isn't structurally designed for per-user installation, although MS have tried it's still half finished. Users know this, and always click yes on installers when prompted.
So it's just like/bin,/usr/bin and/Applications, then ?
Any installer can stick a service in there that does privileged tasks, and that means UAC is a thin layer that's easy to work around.
The most significant problems with the Windows XP security model are as much social as technical. Because the model didn't make it easy to get "serious work" done as a non-administrator, most people are running as administrators most of the time. This creates a whole culture that is very vulnerable to social engineering---simple games are being run at the same permission level as complex drive-recovery utilities and keyboard loggers.
There is _nothing_ in Windows's "security model" that requires - or even encourages - this. The problem of apps needlessly requiring Administrator-level privileges is 100% the fault of the developers of said apps and has been for nigh-on a decade.
Vista does nothing to change anything fundamental in Windows's security, nor does it need to. It does introduce and improved UI and a bunch of hacks to work around broken applications, but that is because those applications are broken, not because there's a problem in Windows.
UAC has some problems, but the fact that it puts more work on developers isn't one of them. The work is necessary because it is accounting for a weaker security model from the past. And developers should know that security isn't free.
There's nothing "weak" about Windows NT's security model. Never has been. There were, arguably, weaknesses in the *default configuration in some environments*, but this is a simple end-user issue and not something that should be mistaken for genuine and fundamental _design_ problems (like, for example, UNIX's superuser).
Nope. If anything, I overestimate them. I'm an optimist like that.
The next generation is considerably more computer literate, and most Windows users now do have a semi-decent idea of "what not to do" in terms of avoiding nastyware (or at the very least, the average user is more cognicent of this sort of thing than 3-4 years ago).
No, they don't. They still want to see $CELEBRITY naked. They're still happy to type a few words into a computer to do that. After all, what'the worst that could go wrong ?
You're right that it's about secure users, but it's much easier to be a secure user on Linux, precisely because you would never download foo.exe -- or foo.sh, or whatever. For the most part, you get things through your package manager, or not at all.
Of course, that's because "you" know what you're doing and would act the same, even using Windows.
The typical end user, however, does not.
As such, it is not particularly easy to download and run SomeFamousPersonNaked.bin -- you have to download it to somewhere, then you have to change its permissions, and then you have to run it -- and even then, they still don't have root.
All the attacker needs to do is wrap it in a.tgz file, where permissions are preserved. Just like a.zip file, really, so most people won't see anything different at all.
That is assuming that the user is completely stupid, OTOH if you click dancingpigs.exe and get prompted to give your root password or even just accept/deny, most users will click cancel (if they dont you haven't explained sudo well enough).
No, they won't. They'll type in their passwords and click 'OK', because that's the only way they can see to get the computer to do what they want.
There is no way to secure a machine where an ignorant end user can run arbitrary code. Not now, not ever.
KDE's got better for what people actually use. Outlook had something to offer nine years ago but it's been outclassed big time since. The only thing Outlook really had going for it was device sync but most people gave up PDAs when M$ conquered the market. The things were an expensive toy and people did not buy new ones when their old ones got broken.
Just...wow. How can you even try to have a reasonable discussion with someone like this ?
1) Does it keep criminals off the streets?
2) Does it dissuade non-criminals from becoming criminals?
3) Does it persuade criminals to become non-criminals?
You forgot the most important one:
0. Should they even be considered a criminal in the first place ?
Not only that, but the more heavy-handed Apple gets, the more they risk that cool-chique image as they appear more and more like just another greedy corporation (i.e., more like MS).
Most people interested in hardware Apple doesn't already sell are techies/enthusiasts and businesses. None of them should hold any illusions about Apple being anything other than another greedy corporation (just like Microsoft).
If their hardware is truly superior, then it won't cost them much hardware business [...]
Of course it will. Most people don't buy "superior", they buy "cheap" (because that's all they can afford).
Apple will cater to the crowd looking for a machine between the Mini and the Mac Pro long, long before they cater to the crowd looking for OS X on generic PCs - and they're unlikely to do the former anytime soon because it would take a significant chunk out of higher-margin Mac Pro sales.
I have to wonder why they have not tried to get a preliminary injunction to halt shipment pending legal matters. They probably could get that fairly easily.
They're probably weighing it against the possibility of having their "you can only install the copy of OS X you bought onto our list of blessed hardware" clause in the OS X EULA ruled invalid.
That movie can be extremely easy to create, it's probably a fake.
Nowhere near as easy as just installing 10.5 on a suitable PC.
Seriously, why would anyone think the video is a fake ? It's not difficult to install 10.5 on EFI-capable PC hardware (which is both common and cheap).
Plop the mini's hardware into a mini-tower case, and tack on 1 PCI-E x16 slot, 1 PCI-E x1 slot, and 1 regular PCI slot, and then we'd have a machine worthy of my purchase. Until that point I'll keep on using my hacked up generic "mac" and my old PowerMac G4.
What they need is a Mac Pro Mini (or Mini Mac Pro). Basically, half a Mac Pro:
* Single dual or quad-core CPU
* 4 DIMM slots for 8G-16G RAM (2G standard)
* PCIe x16 slot (with room for dual-width cards)
* PCIe x4 slot
* PCIe x1 slot
* Two internal 3.5" bays, w/RAID1 or RAID0 on the chipset.
* One internal 5.25" bay (Dual layer DVDRW standard)
* Priced from about US$1100.
Of course, Apple will never do this because it would absolutely slaughter higher-margin Mac Pro sales.
NT has a superuser. Its called LocalSystem. The fact that it can't be logged into does not make it any more or less secure than POSIX superusers.
LocalSystem is not a superuser, it's a very highly privileged user. There's a difference.
First thing we did was make everyone a PowerUser to get the spell-checker working in Word (yes, that was quite a while ago).
I assume you mean Word 97. Even back then, you could have just modified the permissions on the relevant Registry key (and is what you should have done).
(This is not denying it was a problem in Word, just pointing out there are better solutions than the Power Users sledgehammer.)
Next we had to make everyone a DebuggerUser so they could debug the software they write. Then we just gave up and made everyone an admin (privelege escelation from DebuggerUser is trivial, so it's not like we were reducing security).
Well you are, because there's a significant difference between deliberately elevating privileges and having them high all the time.
OK, so as Software Developers ours might not be a typical office, but I wouldn't be surprised if those defaults were loosened (at least to PowerUser) in a lot of domains (due to bugs similar to the word-spellchecker one).
I'm sure they were, but that moves away from the "default configuration" context and, more importantly, was probably not really necessary anyway (better solutions would have been modifying the relevant filesystem and/or Registry permissions).
This leaves home and small-business (i.e. those without an AD domain setup) with the default which, even with XP-SP2, is to create admin acocunts without passwords. I wouldn't be surprised if those non-AD boxes outnumber the AD ones. Even worse, those boxes are the least likely to have decent admin support.
While this is true, the rationale behind it was quite reasonable and there really wasn't a viable alternative. Further, in an unmanaged home environment, not running as an admin delivers a much smaller - nearly insignificant - security benefit compared to in a managed one (because even from a least-privilege default account, the typical ignorant end user will be happy to elevate privileges manually, either via a UAC prompt, a sudo prompt, or something else equivalent).
It's too bad that MS doesn't support the suid bit or capabilities and something like setuid (or seteuid).
This is a good thing. They're basically just hacks around a relatively primitive security model and have plagued UNIX security for decades (and will continue to do so).
I agree, only I'd change *default configuration in some environments* to out-of-the-box defaults which are unchanged in most environments.
The "out-of-the-box defaults" for Windows NT in a Domain environment is for users to not be Administrators. I'd say that accounts for a _lot_ of machines.
You're the first that I can think of to suggest (and you did say it out right) that MS Windows might actually have a better security model than Unix.
Then you need to read more. A LOT more.
Can you direct me to follow up your train of thought?
Wikipedia should be enough to get you started on Classic UNIX's and Windows NT's security models. The greater capabilities and flexibility of Windows NT's should be obvious from there. Pick up an OS textbook if you want more of the gory details.
However, to use the same example as before, the simple fact that UNIX has a superuser and Windows does not, makes its security model better.
Most Unix applications are installed by the system using the system package manager pulling the installation files from a known good source.
...By root (although often via sudo these days) to a system-wide location.
So not only are Unix apps still installable by any user any where that user wants them, not only do windows apps moving to Unix get converted to the Unix way of doing things, but you now even see "installer-less" versions of Unix apps making their way back over to Windows.
Which, of course, just raises the question of "why wasn't it done like that in the first place" ? Further, it highlights my point that it's the developer's fault if their application acts in a boneheaded fashion and not the OSes.
This reminds me of an excellent example of developer stupidity. Doom 3 on Windows "requires" Administrator privileges to run. The _only_ reason it "requires" them is because it tries to write to a configuration file stored in %PROGRAMFILES%\Doom 3. Change the permissions on that one file and it works fine as a regular user (poosibly even a "Limited User"). This "problem" has _nothing_ to do with Windows and everything to do with the developers who decided that Doom 3 wouldn't put its configure file where it belonged, in the user's home directory.
The vast, vast majority of Windows applications that "need" Administrator privileges are like this. They try to write to files in system directories (or sometimes just open them read/write, even though they never write to them), or to system areas of the Registry where they don't have privileges. This has nothing to do with Windows, it is just the result of lazy and/or incompetent developers.
As can Windows.
A number of applications do this by default and will complain or just plain bail out if you try to install them as root.
Like what ? Most "UNIX" applications these days are installed from package managers, system-wide, by root (via sudo). Of the ones that are still compiled by source, pretty much every one will have some variation of './configure;make;make install' listed in the INSTALL file, to install system-wide - again, by root.
Also, something like /Applications can be set up so that multiple users can create new directories in it but not necessarily stomp on each other.
WOW. Just like Windows !
On other platforms, services tend to not be installed as superuser.
Ah, yes, the good old "start as root then drop to another user" hack. Pity they still frequently have to start as root in the first place.
The fact that none of this occurs to you just shows how ingrained the whole "run everything root" idea is in Windows user culture.
It all occurs to me, it's just irrelevant.
Except that Vista's %PROGRAMFILES% and /Applications have one difference, if I remember correctly:
No, they're the same. If you have write privileges to /Applications or %PROGRAMFILES%, you can write to it. If you don't, you will need to elevate (either via UAC or whatever Apple calls their sudo prompt).
The best Windows was able to do was autorunnable browser interfaces and installers, but Windows lacks the ability to be graphic-oriented when showing you a directory listing, and some CD listings can be downright cryptic (opening setup.exe vs. setup.ico without guessing their extensions is annoying) Macs installers to get to the point and won't offer you AOL, bundleware, and Adobe PDF installers.
Windows does not lack this ability, people just don't use it. You've been able to "embed" things like backgrounds and whole HTML pages into Explorer windows since ca. 1997, with IE4's shell integration.
I will not argue against OS X's "installation" method, however, I will highlight that there is no technical reason Windows applications can not do this, or even take features from both sides (have both an installer and be able to "self heal").
In summary, it's an application problem, not an OS problem.
Well then this would certainly (not) explain why when I tried to setup Win2K in a locked down fashion similar to Unix it was (not) such a smashing success.
Nothing in the OS can help with broken applications.
Try telling it to people who don't have direct firsthand experience otherwise...
I have firsthand experience. I've been running NT from a regular user account since 1996 and been responsible for several environments where users did not have Administrator access to their machines.
Except that on Vista *anyone* can install that application. On Unix you would need the root password to do such a thing.
False. Not on all, but certainly the majority of UNIX systems in use today.
well /Applications is for everyone. your supposed to install it there. Any where else and your app is misbehaving anyways.
Exactly. Just like %PROGRAMFILES%.
MSFT has turned a single user OS and tacked on multi user support, and then multi user security. OS X, and every *nix are Multi-user OS's.
False. Windows NT is, and always has been, a multiuser OS.
I not only have applications but also user specific applications stuff that only I can run, and stuff that only I can see.
And you can do exactly the same in Windows.
You shouldn't have to be an admin to install a web browser, word processor , or spreadsheet. You should only be an admin if your installing it for everyone.
So, just like Windows then ?
No, because MSI runs privileged and is able to install such processes at the command of normal users - that's the hole. You get one prompt, at installation time.. but I've never seen a windows installer that *didn't* prompt for elevation.
Nothing to do with the OS, everything to do with the application developer.
Contrast with Unix based systems where installing apps as a normal user is the norm and installing as root is an exception (indeed with OSX each user has a full set of directories for this by default, and it's rare for something to require elevation.. when it does you definately think because it's unusual).
Bullshit.
If you think the vast majority of UNIX applications aren't installed by root, to a system-wide location, or that the vast majority of OS X apps aren't installed to /Applications (also by root), then you're either a fool or delusional.
*Especially* today. You might just have had a point, ~20 years ago, when multiuser UNIX systems with technically competent users were at least relatively common, but today when most people interact with what are essentially (if not technically) single-user PCs, such a claim doesn't even pass the laugh test.
Except nearly all installers use admin privileges, because the Program Files directory (to name just one) isn't per-user. Windows really isn't structurally designed for per-user installation, although MS have tried it's still half finished. Users know this, and always click yes on installers when prompted.
So it's just like /bin, /usr/bin and /Applications, then ?
Any installer can stick a service in there that does privileged tasks, and that means UAC is a thin layer that's easy to work around.
How is this different to any other platform ?
The most significant problems with the Windows XP security model are as much social as technical. Because the model didn't make it easy to get "serious work" done as a non-administrator, most people are running as administrators most of the time. This creates a whole culture that is very vulnerable to social engineering---simple games are being run at the same permission level as complex drive-recovery utilities and keyboard loggers.
There is _nothing_ in Windows's "security model" that requires - or even encourages - this. The problem of apps needlessly requiring Administrator-level privileges is 100% the fault of the developers of said apps and has been for nigh-on a decade.
Vista does nothing to change anything fundamental in Windows's security, nor does it need to. It does introduce and improved UI and a bunch of hacks to work around broken applications, but that is because those applications are broken, not because there's a problem in Windows.
UAC has some problems, but the fact that it puts more work on developers isn't one of them. The work is necessary because it is accounting for a weaker security model from the past. And developers should know that security isn't free.
There's nothing "weak" about Windows NT's security model. Never has been. There were, arguably, weaknesses in the *default configuration in some environments*, but this is a simple end-user issue and not something that should be mistaken for genuine and fundamental _design_ problems (like, for example, UNIX's superuser).
You underestimate humanity.
Nope. If anything, I overestimate them. I'm an optimist like that.
The next generation is considerably more computer literate, and most Windows users now do have a semi-decent idea of "what not to do" in terms of avoiding nastyware (or at the very least, the average user is more cognicent of this sort of thing than 3-4 years ago).
No, they don't. They still want to see $CELEBRITY naked. They're still happy to type a few words into a computer to do that. After all, what'the worst that could go wrong ?
You're right that it's about secure users, but it's much easier to be a secure user on Linux, precisely because you would never download foo.exe -- or foo.sh, or whatever. For the most part, you get things through your package manager, or not at all.
Of course, that's because "you" know what you're doing and would act the same, even using Windows.
The typical end user, however, does not.
As such, it is not particularly easy to download and run SomeFamousPersonNaked.bin -- you have to download it to somewhere, then you have to change its permissions, and then you have to run it -- and even then, they still don't have root.
All the attacker needs to do is wrap it in a .tgz file, where permissions are preserved. Just like a .zip file, really, so most people won't see anything different at all.
That is assuming that the user is completely stupid, OTOH if you click dancingpigs.exe and get prompted to give your root password or even just accept/deny, most users will click cancel (if they dont you haven't explained sudo well enough).
No, they won't. They'll type in their passwords and click 'OK', because that's the only way they can see to get the computer to do what they want.
There is no way to secure a machine where an ignorant end user can run arbitrary code. Not now, not ever.
Just another twitter sockpuppet Seven accounts and more on the way.
Thanks for the heads-up. Is anyone keeping a list of sockpuppet accounts ?
KDE's got better for what people actually use. Outlook had something to offer nine years ago but it's been outclassed big time since. The only thing Outlook really had going for it was device sync but most people gave up PDAs when M$ conquered the market. The things were an expensive toy and people did not buy new ones when their old ones got broken.
Just...wow. How can you even try to have a reasonable discussion with someone like this ?
1) Does it keep criminals off the streets?
2) Does it dissuade non-criminals from becoming criminals?
3) Does it persuade criminals to become non-criminals?
You forgot the most important one:
0. Should they even be considered a criminal in the first place ?
Socialized health care denies or delays treatment if you smoke, are obese, forgot the cover on your TPS report.
In which country ?