Which you have to do (run as admin) for some programs and most users do because it is default. I guess you are blaming the victim then.
The blame falls wholely and solely on developers writing software that needlessly requires elevated privileges to run (which they are still doing today - eg: Doom 3).
So sad that these problems are greatly alleviated on other systems by such simple practices and Windows cannot find the time over a decade to try it on.
The problem isn't in Windows, it's in the applications that "need" to run as Administrator. Windows NT has been multiuser since the day it was released. Even DOS-based Windows has had per user profiles and registries since about 1997. That's nigh-on a decade developers have had to target both versions of Windows with a single LUA-compliant codebase.
So you're saying it's not a design flaw to have the user run as admin by default.
_Design_ flaw ? Hell, no. It's a configuration default that's easily changable by the end user.
About a 100,00 and growing. The sad thing is I need provide no more detail, you already know what I'm talking about.
100,000 whats ? Please don't tell me you're stupid enough to be counting viruses for your comparison.
So you *do* think running as admin by default is not a design issue. Staggering.
Of course it's not. You can't change design flaws with 30 seconds of user management.
Does Linspire (I think it was) defaulting to a root user mean Linux has a _design_ flaw ? of course not, it's just a configuration detail.
You're missing the point. You could be an 85-year-old AIDS-suffering Iraqi, and write a (potentially) best-selling novel (or Jazz composition, movie script, or software) just as likely, in fact probably more likely, than some hale and hearty 20-something young Turk (who might well be a better bus driver, though). If you drop dead the day after handing over the ms to your publisher, he can still make a fortune. But if the copyright expires with you, immediately anyone can copy and sell or give away their own edition. It becomes like Cheapbytes selling Linux distros at just over cost. The bus driver will create no value after he stops working, a writer only starts earning income for the publisher when he finishes creating and there is a product to sell.
Well then, the publisher should come up with a model that allows him to recoup his investment in the artist and make a tidy profit that doesn't rely on buying market-distorting, special-case laws to make it viable.
It used to be that "publishers" were special because they were the only ones who could afford the infrastructure for reproduction and distribution. Then doing that became (relatively) cheap and easy, so someone dreamed up copyright as a way of artificially creating a similar level of scarcity on the supply side. More modern technology has since come along - most recently, the internet - and made reproduction and distribution _so_ cheap and easy that the shaky conceptual foundations of copyright are really starting to become obvious.
A tiny percentage of writers and creative artists of all kinds earns any living at all from it. A writer is paid no salary for his work, most can only write in hours stolen from a job to pay the rent. If they get a publisher they will be paid perhaps 5, up to 10% of the cover price. They will be in the elite if they sell more than a few thousand copies -- earning them maybe a dollar an hour for their invested time. Most books' sales have declined to nothing within a year of publishing. The very few that are reprinted are the ones you're so envious of. Publishers depend on these to finance all the books that don't get so far. A publisher gets perhaps 40% of the retail cost, leaving 60% to the distributors and retailers. Out of that about 1/3 goes to the printer, a few thousand to editing, layout, art.
Outdated business models do not justify legislation to keep them going. We don't cry for buggy whip manufacturers anymore, either.
Somewhat covered above, but the publisher only pays a small percentage to the author anyway. He still has paid the entire cost of editing and design of the book. If anyone can duplicate the book for the cost of paper, of course they will undercut him, having paid nothing to create the book. And who will publicise it? Send copies for review? Why bother, when someone else will profit as soon as demand starts to take off? He loses any ability to profit from a hardback, to sell movie rights, translation, etc.
_Someone_ will profit from it. Logically, the person who most deserves to.
Again, you are trying to say that an almost certainly obselete business model should be protected by legislation. This seems to me to be a fundamentally flawed argument.
Before copyright they had to rely on patronage; which meant writing for the taste of rich benefactors rather than the public.
Sounds like an identical system to todays, with "benefactors" instead of "publishers" (or "movie studios", "recording studios" - take your pick).
People creating art for art's sake have never - and will never - consider how much money it can make to be an important criteria. Copyright is, for them, effectively irrelevant. The only people copyright really matters to are the middle men who want to profit from the reproduction and distribution of copyrighted works. Thus the people who "create" for them are compelled to create whatever it is those middle men deem worth of their funding. Practically speaking, it's no different to the "ben
I run OS X just fine a G4 the trick is Ram. like XP you really need 512 to make it work well.
Clearly we have different ideas about "fine". I can just run Mail and Safari on my 1Ghz, 768Mb iBook before it starts to get annoyingly unresponsive.
I have trashed my roommates XP machines every time I used them with such activies as file searches, and web browsing. I am barred from touching his XP machines.
Somehow I doubt that's all that's going on.
Um MSFT seperates it's server and desktop OS's( a wise move) therefore Win2k is more of a server than XP, win 2k3 came three years after Win2k. Hence why there is Vista and Vista Server editions. Different OS's for different needs.
They're not very different. Different software bundles. Different tuning parameters. Windows 2003 is obviously a more recent codebase.
However, they're still just minor revisions of the same OS. Kind of like the difference between a 2.6.1 kernel and a 2.6.14 kernel (to be fair Vista will be a major revision, so it's more like 2.4.x -> 2.6.x).
(Clearly you're too young to remember the "furore" about being able to turn NT4 Workstation into NT4 server just by twiddling some registry keys - it does, however, serve to demonstrate that the difference between a "desktop OS" and a "server OS" is basically just marketing.)
It's also one thing holding back desktop Linux.
There are many things holding back desktop Linux. A marketing name isn't one of them.
A server Optimised OS isn't good for desktops and a Desktop isn't good for hard core servers.
The tuning parameters of Windows XP vs 2003, like those between different versions of Linux, are changeable at runtime. The differences between, say, Redhat Enterprise WS (Workstation) and ES (Server) are not large.
So it's been 6 years between desktop OS's for MSFT. it will be 3-4 years between server OS's though.
You seem to be missing the point.
"Windows 2000" == Windows NT 5.0
"Windows XP" == Windows NT 5.1
"Windows 2003" == Windows NT 5.2
"Windows Vista" == Windows NT 6.0
Vista might be the first version of Windows that's being *marketed* as a "desktop OS" since XP, but it's still a follow-on from Windows 2003, which was released 3 years ago.
You repeat things I said earlier, as if you are arguing an (obvious) point against me.
Your original comment:
Microsoft's security model for NT gave more thought to making things convenient for administrators that to making products that would be resilient to outside attacks.
Your examples:
* LANMan clear text passwords (not relevant to NT's security model)
* SMB authentication (very non-specific, and not relevant to NT's security model)
* Always on Windows messenger service (not IM, the original broadcast admin chit chat) (not relevant to NT's "security model")
* Other services installed wide open by default (somewhat relevant to NT's security model).
* Easy open file access, like say, the automatic C$ type admin shares (somewhat relevant to NT's security model).
NT's "security model" is the thing that applies per-user ACLs to just about every part of the OS. It's being multiuser. It's being able to restrict what running code can do.
It's got nothing to do with the inherent aspects of supported network protocols, non-essential network services and the like. By your logic OS X values convenience over security because it can run a telnet daemon and supports Appletalk.
*Everyone* trades security for convenience - because it's impossible not to. Your assertion is that Microsoft have done this more than others. Your evidence is not convincing.
One can exploit simple LanMan passwords and then connect to its automatically activated C$ shares.
Do you have some specific outstanding vulnerabilities in mind or are you just waving your arms again ?
So "SMB is not even part of WinNT", because network file sharing is not part of the kernel, or because it also worked under DOS?
No, security vulnerabilities that are inherent to certain specifications of SMB are not relevant to "NT's security model", anymore than telnet transmitting plaintext passwords over the wire is relevant to OS X's "security model".
Well no, while OS X performance has increased in a lot of areas, [...]
They didn't really have anywhere to go but up.
OS X was dog slow at initial release and remained so, even on top-end machines, until they finally came out with Quartz "Extreme". Then it was just sluggish. That it *remains* sluggish, even on fast machines like G5 iMacs, is indicative of a deeper problem.
Quartz is not fast. It does do some cool stuff, but it's not fast.
Oh and here's another "Who cares about vaporware promises, XP is so great, it doesn't need anything!!" Except that what XP really needs isn't a flashy translucent graphic layer, but rather some attention to its wet toilet paper security, and that Microsoft's vision for 2004 was built upon a database file system, blah blah blah. Way to avoid everything by saying that WinNT is the immaculate conception. Praise be!
This is the point at which your desparate need to slip in some ad hominems and anti-Microsoft rhetoric _really_ starts to affect your coherency.
I did manage to get something out of it though - how would you suggest Microsoft address XP's "toilet paper security" ?
You can't just agree that Microsoft's security problems are a significant problem, [...]
No, I can quite agree that Windows has a "bad security record". What I disagree with is the implication that most of the responsibility for it that can be directly attributed to Microsoft and, by extension, there's much they can do about it (although from the look of those ugly hacks fooling badly written apps into thinking they've got free and open access to the system directories and registry, they're going above and beyond in trying).
[...] and then go on to address how you think things will play of differently in the future; [...]
The only comments I have made that are even remotely related to "the future" were saying that Vista's display system appears to be better technology
If I put a band-aid on a sucking chest-wound, am I really making changes to the situation or just making it look like I am to keep shareholder morale up?
What "sucking chest wound" are you thinking of here ? The vast, vast majority of Windows exploits leverage either:
1. Bad security practices (eg: running as Administrator, not patching).
2. End user ignorance (exacerbating problems exposed by #1).
Relatively few Windows exploits use unpatched holes, coding bugs or design flaws. Most of them are "run this random download from a website" or "run this random code I've just emailed to you".
Few companies however seem as determined to use a codebase full of more than the average number, some by design, as a base for all future work.
There's little evidence to suggest Windows has relatively more (or less) holes than any other OS.
Or do you hold Microsoft utterly blameless for all security woes?
I blame them for "security woes" that are their fault. ActiveX, for example, was a reasonable idea in theory, but practice quickly showed it to be a disaster - it should have been dropped years ago. Defaulting to Administrator-level users was also a less than ideal choice, although it's not really a design or coding issue and was understandable in context.
That would suggest they aren't making changes, when they are.
Microsoft's constraint is all self-imposed, and the discloser of the need to re-fix the WMF flaw shows that even after the correct choice to make becomes obvious, Microsoft is unwilling to take that option because it might sting a little temporarily. Or rather would have if they had made the right choice when the time was ripe.
Right, because no other platform has ever had an arbitrary code exploit before.
If the Guts of NT are stable then why the hell does it crash so much?
It doesn't.
I can kill XP in 5 minutes by using it the same as I use Linux or OS X.
Your machine is broken or you're lying.
Win2k3 is for servers not desktops. Win2k3 is the server version of XP(although more stable than XP) Vista Server is due out in 2007/8. Get yyour products correct.
It's irrelevant to the point - Windows 2003 (NT 5.2) was the last release of NT and is the codebase from which Vista has been derived. Windows 2003 was released a bit under 3 years ago.
I won't argue that KDE needs to make large gains but even KDE 3 has most of XP features.
More features, in some areas - but again you miss the point that it's a lot easier to make major improvements when you need to make major improvements. KDE (and GNOME) has improved a _lot_ in the last few years *because it needed to*.
Apple did require 2 1/2 major revisions to get it fine tuned. ( I go by 10.2.8 as being useful), [...]
I would pick 10.3 as the first "good" release of OS X (analagous to NT4 for Microsoft). You're also forgetting the release of OS X Server 1.0 in 1999.
[...] but Windows isn't the leading standard of speed either.
It's streets ahead of OS X (as is everything else) - and Windows certainly isn't slow.
What features Vista has OS X already has and it's doing it on less hardware than Vista.
OS X is sluggish on anything short of G5s. Vista will run just as well on G5-era PCs as OS X does on G5s (and probably better, Windows has a much better track record of being usable on old machines).
Microsoft has been constrained by a choice they made: to make binary backwards compatibility a major priority.
Pretty much all commercial OS developers make legacy support a primary priority.
Some (not all but quite a few) old old old old DOS programs still will run on Windows XP today; only the new 64-bit versions of Windows will cut off support for this stuff that's more than 20 years old.
This is not inherently a bad thing. NT isn't making many (if any) harmful sacrifices to retain its level of support for old DOS binaries (Windows 9x did, but it did so as it had a different set of design constraints).
But I don't think Microsoft would lose much business if they just stopped supporting parts of the old API they didn't like.
Microsoft disagree, and I'm inclined to think they're making more hard work and expense for themselves out of a real concern of losing customers, not just for the hell of it.
Far better in my opinion to annoy a minority of people depending on legacy code than to allow sloppy application coders to force almost all Windows users into bad security practices.
The problem is the "legacy code" in Vista is going to be Win32 - and there's a hell of a lot fo Win32 out there.
Microsoft don't do massive, radical changes. They do slow, gradual ones with relatively painless migration paths. The choice whether to "go secure" and break a bunch of existing software, or not, is in the hands of the end user.
It's pretty much impossible for Microsoft (or anyone else for that matter) to "force" developers not to write shitty code. If Linux had the user and developer demographics Windows had/has, it would have the same problems with shitty software leading to poor security practices.
If you're an artist who is, say, 85 years old, or have AIDS, or live in Iraq; who will publish you, fearing you could die tomorrow and they'd lose most of the profit?
If you're a bus driver who is, say, 85 years old, or have AIDs, or live in Iraq; who will employ you, fearing you could die tomorrow and they'd lose any ability to make money from you ?
That's actually an interesting example you have, given that if copyright didn't extend past death the publisher would be in the best position imaginable - the only copy (at the time) of a given work and nobody to share the profits with. Shortly after first publishing, of course, duplicates start to show up - but then all the profit is going to the seller with the most efficient production, in which case your hypothetical publisher will live and die by the measure of how well he does his job, as he should.
Thus no incentive for you to create.
There's as much incentive to create as there is to do any other sort of work.
Creative works can earn money independently of the creator being living or dead, so the "wages" argument isn't relevant.
So can the result of other workers' labours. The computer systems I have setup will be saving money and/or generating revenue for their owners _long_ after I have ceased being paid by them.
To put it bluntly, what justification is there for people creating copyrightable products get such an incredibly sweeter ride - and be excused the pressure of market forces - than any other kind of worker ?
If I copyright something today and die tomorrow, why shouldn't my estate be allowed to receive the copyright? If I had lived an extra day what would that change that my copyright should last an extra day than if I hadn't?
Because copyright is, ostensibly, an incentive for you to create new things. You can't do much new creating if you're dead.
Do you think employers should continue to pay employees' wage to their "estates" after they die ? If not, why not - what's the difference ?
I see, you are saying that since Microsoft Windows has been around for almost fifteen years, that Microsoft is unable (or unwilling) to learn from the past whereas Apple is.
No, I'm saying when you aren't constrained by decisions made fifteen years ago, it's a lot easier to take advantage of more modern technology.
Sure, but without knowing anything about what I should be searching for except for some hand-wavey comment, it's hard to use it.
Examples of easy admin vs. security, where security lost out:
I said details, not bluster.
LANMan clear text passwords
Wow, imagine that, clear text passwords in a network protocol written in the early 80s for connecting DOS machines in private LANs.
SMB authentication
What part of it, exactly ?
Always on Windows messenger service (not IM, the original broadcast admin chit chat)
You mean the one which just about every other networked OS ever written has had an equivalent of ?
Other services installed wide open by default
Most of which were designed back when expected connectivity was a secured LAN, not the internet.
Easy open file access, like say, the automatic C$ type admin shares
Because it's not like having an Administrator level login to the machine would give you any other avenues of attack...
Asking for examples of where NT and DOS put ease of use ahead of security is like asking for examples of parts of the Titanic that sunk. What a retarded question.
Then you should be able to do better than trivially explained examples - and particularly ones that are actually relevant to the design of NT, rather than ones showing how technology designed or implemented in dramatically different environments has different attributes or how technology ported to a new platform (like LANMan or SMB) doesn't magically have any flaws fixed.
You might also want to avoid talking about DOS or DOS software when you're giving examples about NT's security model. No amount of OS security can remedy an insecure protocol or program.
When Apple designs the world's first windowing system with real alpha channel translucency, vector scaling everywhere, and windows as texture surfaces, it's a simple "slap" action?
That achievements of their display layer may have been impressive does not change the fact that they were remaking just one component of an OS.
Microsoft has been struggling to deliver their modern graphics subsystem over the last half decade!
Well, Apple bought NeXT at the end of 1996. OS X shipped mid 2001. So 4.5 years (or about how long Microsoft have been working on Vista). But then we need to take into account that it took another two releases and ~18 months to get Quartz Extreme, then another ~2 years to get to Quartz 2D Extreme (which still isn't enabled by default, IIRC).
I don't think Microsoft are doing too bad time-wise, considering Vista's graphics will be *at least* as functional as Tigers. And Apple still have yet to address the performance problems of OS X.
Why don't they ask Apple how to slap it in? Slap!! Windows Vista has Tiger graphics!
Everything I've read suggests Vista's display system will be far more impressive than Quartz [Extreme].
Of course, Apple didn't have Quartz on the back burner for 5 years, it was shipping. And it worked. Since then, they've added significant improvements.
If by "worked" you mean "was dog slow even on the highest end machines and is still sluggish today" and by "significant improvements" you mean "completed the implementation outlined in the initial design", then you've got a point.
If you want to dial back to 1994, then yes: the Mac OS had a simple console OS. But was it a DOS app? Haha, hardly.
Windows 3.x wasn't just a "DOS app", it was practically a self contained OS - it had its own hardware drivers, memory management, CPU scheduling, API, etc. About the only thing DOS was used for was loading it. Technologically, MacOS Classic is roughly on par with Windows 3.x.
A decade later, successive versions of Mac OS X has shipped features Microsoft has only talked about since 2000.
I feel the Constitution should be amended so that "limited time" is defined better. I don't know if there's some strange irony here, but pre-Bush II Iraq actually had a pretty sensible copyright provision. No more than 25 years after an author's death, and no more than 50 years total. I could live with that. Life plus 75 could give a work nearly 175 years of protection. Is this at all sane?
No independent, arbitrary number will work in the long run. They will all be replaced by newer, bigger independent and arbitrary numbers (as has been done up until now).
Since copyright is fundamentally an economic tool, I say copyright term needs to be linked to the economic aspect of whatever it's protecting. Either the amount of revenue it generates as a proportion of the creation costs, or something depending on the demand for the product.
There is certainly no justification whatsoever for copyright protection to last beyond the creator's death and, IMHO, little justification at all for it to last even close to their lifetime.
Alternatively, we could just bin the idea of copyright altogether and rely on the free market, telling content producers they may protect their content as best they can with the technology available to them (my preferred solution).
and the same with vista. not alot of the old nt 3.1 code is still around, since it was all converted from asm to C for nt4 and then continualy removed/replaced.
NT was written from the start in C, it wasn't "converted" to it at a later date.
Microsoft's security model for NT gave more thought to making things convenient for administrators that to making products that would be resilient to outside attacks.
Details, please.
In the meantime, Apple, with a tiny fraction Microsoft's clout, market and developer resources, built Mac OS X with a strong focus on providing modern security features, a complete retrofitting and modernization of their existing legacy OS (Carbon), and a modernized incorporation of NeXT's object based frameworks. They released 5 major versions in that same timeframe, with more than 30 significant updates in between.
Apple bought an OS (NeXT) and slapped on a new display subsystem (Quartz), wrote a virtual machine environment to run legacy code (Classic Environment) and reimplemented an API for their current environment (Carbon). Then they took 3 releases to get a good OS out of it.
And they did this to replace an OS that was at the technological level of DOS-based Windows ca. 1994.
It's a lot easier to make big, impressive changes when it's big, impressive changes you have to make. Microsoft did their whole "next generation OS" thing back in 1993 (and they actually wrote it from scratch). The core of Windows is quite solid. The outer layers (like Win32) are showing their age and history and need to be replaced (and they are). There's simply no need for radical change in Windows - particularly the core of Windows - like there was from MacOS Classic.
So why is it then that Apple seems to have managed to copy all the working bits, while Microsoft has brought forward the parts that bring the most grief to users?
Because Apple, starting 5 - 10 years after Microsoft, had substantial hindsight and hardware advantages.
Vista by the way should of been a complete ground up rewrite.
Completely unnecessary. The guts of NT are (and always have been ) quite solid.
i would expect no less for taking over 6 years to build.
It's only been 3 years since the last Windows NT release.
Just look at were KDE, Linux kernel, X where 6 years ago.
It's a lot easier to make large gains when large gains actually need to be made.
Hell look at what Apple did with OS X in far less time than MSFT.
Apple slapped a new display system and virtual machine compatibility layer onto an OS they bought. Then it took them 3 subsequent major releases to get a good product out of it.
Every other major OS has under gone massive revisions and upgrades.
Every other major OS has had a lot more to do.
Hell Apple is working on it's second major change in 6 years. (Mac OS 9 to OS X , PPC to Intel)
PPC to intel is not a major change (well, not from the perspective of the OS). OS X is portable, it hardly needs to be changed at all to move from PPC to x86.
If you were running a big company and someone from some a competing company came along and said "hey, I've got this great program you should run on all your computers!" and wouldn't answer any questions about it's internal functioning (much less give you the source) would you do it?
Or they could, like, y'know, maybe buy a *source license*.
Both the subjective analysis and actual benchmarks show that a Guest OS that is running native code on its native processor has performance that is comparable to a dedicated machine.
In simple CPU crunching, perhaps, but as soon as any video display or I/O are needed, it all falls in a heap.
Yep. It came out 6 months after Windows 2003 and it has had 250 advisories (vs 76 for Windows 2003).
31% system access bugs, versus 55% for Windows 2003.
Ah, but raw percentages can be so delightfully misleading. Let's attach some real numbers to that:
RHEL3 has had 78 "system access bugs" in the past ~25 months, Windows 2003 has had 42 in the past ~31 months.
And notice the nature of the vulnerabilities? Things like cups, or curl. Or Realplayer (wtf?).
And on Windows 2003 we have bugs in similarly irrelevant things like Hyperterminal, Client Service for Netware and the commandline FTP Client.
Why aren't realplayer vulnerabilities included for 2003?
Because it doesn't ship with it.
The problem is that bug counting gets you no where.
An excellent point that so few seem to grasp.
Far more useful is number of compromised installations over time.
Only if examined relative to the total number of installations.
This a metric that reflects administrator competance as well of 'ease of lockdown'. As far as I know, the Unix or Unix-like platform has greater deployment as a server than Windows 2003, or other Windows platforms.
Why on Earth would you limit yourself to only servers ? Is there some magic aura around desktop machines that makes them invulnerable ?
Exactly how many of those secunia vulnerabilities is a "Linux Kernel" vulnerability?
No idea, but if you're going to try and compare numbers, make sure you only compare against "Windows kernel" vulnerabilities to make the comparison relevant.
So lemme use the famous MS marketshare argument.
It's pretty clear you don't understand "the marketshare argument". It's a tad more complicated than "more machines -> more bugs".
If Microsoft servers had greater marketshare than Unix or Unix-like platforms, than perhaps Microsoft Windows would have a greater number of vulnerabilities discovered. Sadly, even though Microsoft has LESS marketshare than Unix or Unix-like platforms, the number of critical vulnerabilities, remote vulnerabilities, and unpatched vulnerabilities are greater.
Firstly, Windows (in general) has around an order of magnitude more marketshare than all the other platforms combined.
Secondly, Windows 2003 probably has - at worst - similar marketshare to RHEL.
Thirdly - according to the web pages you linked to - Windows 2003 has had less than 1/3 the vulnerabilities of RHEL3, despite being on the market for approximately 15% longer (about 6 months). It does, however, have more unpatched vulnerabilities. Certainly, not all vulnerabilities are equal, or equally as likely to be exploited. But I strongly suspect we would never be able to reach an agreement as what should and should not be included, so right now it's the best we can do (FWIW, I think that including Realplayer and OO is dumb, but I can see a strong argument for including things like curl and cups).
Windows 2003 is no security nirvana.
No OS is.
Better than XP? Perhaps.
The majority of security "problems" that afflict XP have little to do with OS vulnerabilities.
But not by much, and only by exclusion of certain software and disabled services.
Disabling services *is* one of those ways most people consider important for improving security.
Grand. I don't care that they recompiled most of the system. Vulnerabilities continue to abound.
So the fact that Microsoft released _and sold_ no less than two versions of 98, and then WinME can be blamed on third party developers, not Microsoft, who produced them, and made bucket-loads of money from them. An apologist argument if ever there was one!
No-one is to "blame", it's just what happened.
Customers wouldn't (or couldn't) migrate away from DOS-based Windows, ergo Microsoft had to update the product for them.
If you really think Microsoft _wanted_ the hassle and expense of maintaining, supporting, and marketing two different codebases while trying to keep binary compatibility between them (and their previous releases), you've got a pretty weird idea about a preferable way to run a software business.
This argument would hold water _if_ Microsoft's own Windows-9X Logo guidelines hadn't told people to write applications in precisely the way you are saying they shouldn't have.
Yes, in some cases. How much hard real-time code have YOU written where being off by a microsecond can kill someone? In those cases you HAVE to know more than just what the API says. I have worked with several OSes that we had to get source code for and "tweak" to get best performance. It is a totally different world, and with Windows (and Linux) showing up in real-time situations it is in the programmers best interest to know.
By talking about hard realtime apps you're *well* out of the realms of anything the typical developer will be doing and relevant to this discussion. If required you _can_ have access to the Windows source code for these sort of (highly uncommon) situations.
Let me straighten you out...You have a lot of things wrong. The first version of Windows NT (3.1) was released in 1993 and had the same GUI as the normal Windows Operating System (told ya), [...]
Were this anywhere but Slashdot, I'd be surprised someone talking about "hard real time" a few sentences earlier would draw conclusions about an OS's internals based on its GUI.
The two big postives were a better security model and real multi-tasking (NOT MULTI-USER).
NT was multiuser from the start - according to the people who wrote it, any Operating Systems textbook that discusses it and, indeed, pretty much everyone except a bunch of trolls on Slashdot.
The advanced features in NT were copied from VAX/VMS, Microsoft hired a group of 6 VMS developers from Digital Equipment Corporation led by Dave Cutler to build Windows NT, and many elements of the design reflect earlier DEC experience with VMS and RSX-11.
How could Cutler have been "copying" something he wrote in the first place ?
So, It WAS NOT a clean sheet design from Redmond, it was a VAX/VMS security model on top ofthe Win3.1 GUI compatiability and other code for backward compatiabilty.
No, you have it completely arse-about-face.
NT was built from scratch - a completely new codebase. It had (has) a very similar design to VMS, because it was designed and written by the same people who wrote VMS. The security model was designed into it from the beginning. It was _always_ multiuser. The only architectural changes of any significance since NT 3.1 have been moving certain components to Ring 0 (and in some cases back out again).
*Then*, the win32 API, OS/2 API, POSIX API, Windows 3.x GUI and various other compatibility layers were added to that OS core. NT wasn't even designed to be a successor of Windows, it was designed to be a successor of OS/2 - until the surprise popularity of Windows 3.0, *2 years* after NT development began - this fact alone blows your theories out of the water.
I can run Windows apps on Linux and Linux apps on FreeBSD, as well, but that doesn't mean Linux has anything in common with Windows or FreeBSD has anything in common with Linux. Binary and API compatibility != code sharing or development history.
It WAS new technology to MS, hence the name from Marketing, the developers said it was N-Ten but that isn't a sexy name.
NT was pretty "New Technology" to the consumer-level marketplace.
Windows NT 3.1 ran on x86, Alpha, and MIPS processors. Windows NT 3.51 added PowerPC. Intergraph Corporation ported Windows NT to its Clipper architecture and later SPARC, but neither version was sold to the public (I remember Alpha and MIPS boxes with NT).
Amazing how you can know so much (or at least be able to regurgitate it from somewhere), yet still be wrong on such a fundamental level.
You can't change history no matter how much MS wants to. It is what it is. You are the one who got sucked in to the Windows Marketing Machine. I told you I was neutral, as someone who has done deep dives into Windows AND Unix I know what I'm talking about. No go back to keeping your Windows boxes online while my Solaris boxes take care of themselves. I'm done with this thread, it's a waste of time.
Still, many ignored the problem and Microsoft mostly chose not to kill their applications with the introduction of new Windows versions. Sometimes even at the expense of supporting applications that were known to be buggy.
Yes, that's because just "killing applications" that don't play the way you'd prefer them to isn't much of an option in the commercial world. It tends to lose you customers and, hence, revenue.
It's quite common in the OSS world, of course - but the OSS world has the luxuries of not needing to worry about staying in business or keeping its customers happy.
The most famous anecdote in that regard is about the Sims which had faulty memory management. Microsoft chose to program an exception for the Sims into Windows memory management rather than saying "tough luck, get a patch from Maxis".
The program was actually Sim City - the DOS original. The Sims wasn't even a glint in Maxis's eye at the time.
It is unfortunately not uninstallable by default, [...]
That's because Microsoft are selling an entire product, not a series of bits stuck together like a patchwork quilt. Much like you can't just walk in and buy a new Ford without the engine, fuel tank and seats, you can't buy Windows without essential parts.
[...] and shared by the only available shell, Windows Explorer.
Actually loaded by the shell (or any other piece of software) when required, just like any other shared component in any other OS.
Thus giving Windows Explorer the ability to go to internet URLs and potentially get infected by IE exploits. Also, several Microsoft applications need IE to be present.
As do numerous third party applications. That's kind of the whole point behind modular, reusable code, after all.
So while you comment may be correct from a programming point of view, IE is still more than an application you can simply uninstall for security reasons.
That's correct. It is, in fact, a shared OS-level component. Like khtml, gtk, qt, glibc, quicktime, WebCore, or any of thousands of other pieces of shared codes on dozens of other OSes.
You can remove it if you really want to, but you should be prepared to break anything that depends on its functionality.
I call that "deeply linked" and a weakness in design
Are khtml, gtk, glibc, WebCore and all those other shared components/libraries "weaknesses in design" as well ? Or are bugs in them just one of the engineering tradeoffs inherent to a modular design built around the premise of re-using code wherever possible ?
The blame falls wholely and solely on developers writing software that needlessly requires elevated privileges to run (which they are still doing today - eg: Doom 3).
So sad that these problems are greatly alleviated on other systems by such simple practices and Windows cannot find the time over a decade to try it on.
The problem isn't in Windows, it's in the applications that "need" to run as Administrator. Windows NT has been multiuser since the day it was released. Even DOS-based Windows has had per user profiles and registries since about 1997. That's nigh-on a decade developers have had to target both versions of Windows with a single LUA-compliant codebase.
So you're saying it's not a design flaw to have the user run as admin by default.
_Design_ flaw ? Hell, no. It's a configuration default that's easily changable by the end user.
About a 100,00 and growing. The sad thing is I need provide no more detail, you already know what I'm talking about.
100,000 whats ? Please don't tell me you're stupid enough to be counting viruses for your comparison.
So you *do* think running as admin by default is not a design issue. Staggering.
Of course it's not. You can't change design flaws with 30 seconds of user management.
Does Linspire (I think it was) defaulting to a root user mean Linux has a _design_ flaw ? of course not, it's just a configuration detail.
You're missing the point. You could be an 85-year-old AIDS-suffering Iraqi, and write a (potentially) best-selling novel (or Jazz composition, movie script, or software) just as likely, in fact probably more likely, than some hale and hearty 20-something young Turk (who might well be a better bus driver, though). If you drop dead the day after handing over the ms to your publisher, he can still make a fortune. But if the copyright expires with you, immediately anyone can copy and sell or give away their own edition. It becomes like Cheapbytes selling Linux distros at just over cost. The bus driver will create no value after he stops working, a writer only starts earning income for the publisher when he finishes creating and there is a product to sell.
Well then, the publisher should come up with a model that allows him to recoup his investment in the artist and make a tidy profit that doesn't rely on buying market-distorting, special-case laws to make it viable.
It used to be that "publishers" were special because they were the only ones who could afford the infrastructure for reproduction and distribution. Then doing that became (relatively) cheap and easy, so someone dreamed up copyright as a way of artificially creating a similar level of scarcity on the supply side. More modern technology has since come along - most recently, the internet - and made reproduction and distribution _so_ cheap and easy that the shaky conceptual foundations of copyright are really starting to become obvious.
A tiny percentage of writers and creative artists of all kinds earns any living at all from it. A writer is paid no salary for his work, most can only write in hours stolen from a job to pay the rent. If they get a publisher they will be paid perhaps 5, up to 10% of the cover price. They will be in the elite if they sell more than a few thousand copies -- earning them maybe a dollar an hour for their invested time. Most books' sales have declined to nothing within a year of publishing. The very few that are reprinted are the ones you're so envious of. Publishers depend on these to finance all the books that don't get so far. A publisher gets perhaps 40% of the retail cost, leaving 60% to the distributors and retailers. Out of that about 1/3 goes to the printer, a few thousand to editing, layout, art.
Outdated business models do not justify legislation to keep them going. We don't cry for buggy whip manufacturers anymore, either.
Somewhat covered above, but the publisher only pays a small percentage to the author anyway. He still has paid the entire cost of editing and design of the book. If anyone can duplicate the book for the cost of paper, of course they will undercut him, having paid nothing to create the book. And who will publicise it? Send copies for review? Why bother, when someone else will profit as soon as demand starts to take off? He loses any ability to profit from a hardback, to sell movie rights, translation, etc.
_Someone_ will profit from it. Logically, the person who most deserves to.
Again, you are trying to say that an almost certainly obselete business model should be protected by legislation. This seems to me to be a fundamentally flawed argument.
Before copyright they had to rely on patronage; which meant writing for the taste of rich benefactors rather than the public.
Sounds like an identical system to todays, with "benefactors" instead of "publishers" (or "movie studios", "recording studios" - take your pick).
People creating art for art's sake have never - and will never - consider how much money it can make to be an important criteria. Copyright is, for them, effectively irrelevant. The only people copyright really matters to are the middle men who want to profit from the reproduction and distribution of copyrighted works. Thus the people who "create" for them are compelled to create whatever it is those middle men deem worth of their funding. Practically speaking, it's no different to the "ben
Clearly we have different ideas about "fine". I can just run Mail and Safari on my 1Ghz, 768Mb iBook before it starts to get annoyingly unresponsive.
I have trashed my roommates XP machines every time I used them with such activies as file searches, and web browsing. I am barred from touching his XP machines.
Somehow I doubt that's all that's going on.
Um MSFT seperates it's server and desktop OS's( a wise move) therefore Win2k is more of a server than XP, win 2k3 came three years after Win2k. Hence why there is Vista and Vista Server editions. Different OS's for different needs.
They're not very different. Different software bundles. Different tuning parameters. Windows 2003 is obviously a more recent codebase.
However, they're still just minor revisions of the same OS. Kind of like the difference between a 2.6.1 kernel and a 2.6.14 kernel (to be fair Vista will be a major revision, so it's more like 2.4.x -> 2.6.x).
(Clearly you're too young to remember the "furore" about being able to turn NT4 Workstation into NT4 server just by twiddling some registry keys - it does, however, serve to demonstrate that the difference between a "desktop OS" and a "server OS" is basically just marketing.)
It's also one thing holding back desktop Linux.
There are many things holding back desktop Linux. A marketing name isn't one of them.
A server Optimised OS isn't good for desktops and a Desktop isn't good for hard core servers.
The tuning parameters of Windows XP vs 2003, like those between different versions of Linux, are changeable at runtime. The differences between, say, Redhat Enterprise WS (Workstation) and ES (Server) are not large.
So it's been 6 years between desktop OS's for MSFT. it will be 3-4 years between server OS's though.
You seem to be missing the point.
"Windows 2000" == Windows NT 5.0
"Windows XP" == Windows NT 5.1
"Windows 2003" == Windows NT 5.2
"Windows Vista" == Windows NT 6.0
Vista might be the first version of Windows that's being *marketed* as a "desktop OS" since XP, but it's still a follow-on from Windows 2003, which was released 3 years ago.
Your original comment:
Your examples:
* LANMan clear text passwords (not relevant to NT's security model)
* SMB authentication (very non-specific, and not relevant to NT's security model)
* Always on Windows messenger service (not IM, the original broadcast admin chit chat) (not relevant to NT's "security model")
* Other services installed wide open by default (somewhat relevant to NT's security model).
* Easy open file access, like say, the automatic C$ type admin shares (somewhat relevant to NT's security model).
NT's "security model" is the thing that applies per-user ACLs to just about every part of the OS. It's being multiuser. It's being able to restrict what running code can do.
It's got nothing to do with the inherent aspects of supported network protocols, non-essential network services and the like. By your logic OS X values convenience over security because it can run a telnet daemon and supports Appletalk.
*Everyone* trades security for convenience - because it's impossible not to. Your assertion is that Microsoft have done this more than others. Your evidence is not convincing.
One can exploit simple LanMan passwords and then connect to its automatically activated C$ shares.
Do you have some specific outstanding vulnerabilities in mind or are you just waving your arms again ?
So "SMB is not even part of WinNT", because network file sharing is not part of the kernel, or because it also worked under DOS?
No, security vulnerabilities that are inherent to certain specifications of SMB are not relevant to "NT's security model", anymore than telnet transmitting plaintext passwords over the wire is relevant to OS X's "security model".
Well no, while OS X performance has increased in a lot of areas, [...]
They didn't really have anywhere to go but up.
OS X was dog slow at initial release and remained so, even on top-end machines, until they finally came out with Quartz "Extreme". Then it was just sluggish. That it *remains* sluggish, even on fast machines like G5 iMacs, is indicative of a deeper problem.
Quartz is not fast. It does do some cool stuff, but it's not fast.
Oh and here's another "Who cares about vaporware promises, XP is so great, it doesn't need anything!!" Except that what XP really needs isn't a flashy translucent graphic layer, but rather some attention to its wet toilet paper security, and that Microsoft's vision for 2004 was built upon a database file system, blah blah blah. Way to avoid everything by saying that WinNT is the immaculate conception. Praise be!
This is the point at which your desparate need to slip in some ad hominems and anti-Microsoft rhetoric _really_ starts to affect your coherency.
I did manage to get something out of it though - how would you suggest Microsoft address XP's "toilet paper security" ?
You can't just agree that Microsoft's security problems are a significant problem, [...]
No, I can quite agree that Windows has a "bad security record". What I disagree with is the implication that most of the responsibility for it that can be directly attributed to Microsoft and, by extension, there's much they can do about it (although from the look of those ugly hacks fooling badly written apps into thinking they've got free and open access to the system directories and registry, they're going above and beyond in trying).
[...] and then go on to address how you think things will play of differently in the future; [...]
The only comments I have made that are even remotely related to "the future" were saying that Vista's display system appears to be better technology
What "sucking chest wound" are you thinking of here ? The vast, vast majority of Windows exploits leverage either:
1. Bad security practices (eg: running as Administrator, not patching).
2. End user ignorance (exacerbating problems exposed by #1).
Relatively few Windows exploits use unpatched holes, coding bugs or design flaws. Most of them are "run this random download from a website" or "run this random code I've just emailed to you".
Few companies however seem as determined to use a codebase full of more than the average number, some by design, as a base for all future work.
There's little evidence to suggest Windows has relatively more (or less) holes than any other OS.
Or do you hold Microsoft utterly blameless for all security woes?
I blame them for "security woes" that are their fault. ActiveX, for example, was a reasonable idea in theory, but practice quickly showed it to be a disaster - it should have been dropped years ago. Defaulting to Administrator-level users was also a less than ideal choice, although it's not really a design or coding issue and was understandable in context.
That would suggest they aren't making changes, when they are.
Microsoft's constraint is all self-imposed, and the discloser of the need to re-fix the WMF flaw shows that even after the correct choice to make becomes obvious, Microsoft is unwilling to take that option because it might sting a little temporarily. Or rather would have if they had made the right choice when the time was ripe.
Right, because no other platform has ever had an arbitrary code exploit before.
It doesn't.
I can kill XP in 5 minutes by using it the same as I use Linux or OS X.
Your machine is broken or you're lying.
Win2k3 is for servers not desktops. Win2k3 is the server version of XP(although more stable than XP) Vista Server is due out in 2007/8. Get yyour products correct.
It's irrelevant to the point - Windows 2003 (NT 5.2) was the last release of NT and is the codebase from which Vista has been derived. Windows 2003 was released a bit under 3 years ago.
I won't argue that KDE needs to make large gains but even KDE 3 has most of XP features.
More features, in some areas - but again you miss the point that it's a lot easier to make major improvements when you need to make major improvements. KDE (and GNOME) has improved a _lot_ in the last few years *because it needed to*.
Apple did require 2 1/2 major revisions to get it fine tuned. ( I go by 10.2.8 as being useful), [...]
I would pick 10.3 as the first "good" release of OS X (analagous to NT4 for Microsoft). You're also forgetting the release of OS X Server 1.0 in 1999.
[...] but Windows isn't the leading standard of speed either.
It's streets ahead of OS X (as is everything else) - and Windows certainly isn't slow.
What features Vista has OS X already has and it's doing it on less hardware than Vista.
OS X is sluggish on anything short of G5s. Vista will run just as well on G5-era PCs as OS X does on G5s (and probably better, Windows has a much better track record of being usable on old machines).
Pretty much all commercial OS developers make legacy support a primary priority.
Some (not all but quite a few) old old old old DOS programs still will run on Windows XP today; only the new 64-bit versions of Windows will cut off support for this stuff that's more than 20 years old.
This is not inherently a bad thing. NT isn't making many (if any) harmful sacrifices to retain its level of support for old DOS binaries (Windows 9x did, but it did so as it had a different set of design constraints).
But I don't think Microsoft would lose much business if they just stopped supporting parts of the old API they didn't like.
Microsoft disagree, and I'm inclined to think they're making more hard work and expense for themselves out of a real concern of losing customers, not just for the hell of it.
Far better in my opinion to annoy a minority of people depending on legacy code than to allow sloppy application coders to force almost all Windows users into bad security practices.
The problem is the "legacy code" in Vista is going to be Win32 - and there's a hell of a lot fo Win32 out there.
Microsoft don't do massive, radical changes. They do slow, gradual ones with relatively painless migration paths. The choice whether to "go secure" and break a bunch of existing software, or not, is in the hands of the end user.
It's pretty much impossible for Microsoft (or anyone else for that matter) to "force" developers not to write shitty code. If Linux had the user and developer demographics Windows had/has, it would have the same problems with shitty software leading to poor security practices.
If you're a bus driver who is, say, 85 years old, or have AIDs, or live in Iraq; who will employ you, fearing you could die tomorrow and they'd lose any ability to make money from you ?
That's actually an interesting example you have, given that if copyright didn't extend past death the publisher would be in the best position imaginable - the only copy (at the time) of a given work and nobody to share the profits with. Shortly after first publishing, of course, duplicates start to show up - but then all the profit is going to the seller with the most efficient production, in which case your hypothetical publisher will live and die by the measure of how well he does his job, as he should.
Thus no incentive for you to create.
There's as much incentive to create as there is to do any other sort of work.
Creative works can earn money independently of the creator being living or dead, so the "wages" argument isn't relevant.
So can the result of other workers' labours. The computer systems I have setup will be saving money and/or generating revenue for their owners _long_ after I have ceased being paid by them.
To put it bluntly, what justification is there for people creating copyrightable products get such an incredibly sweeter ride - and be excused the pressure of market forces - than any other kind of worker ?
Because copyright is, ostensibly, an incentive for you to create new things. You can't do much new creating if you're dead.
Do you think employers should continue to pay employees' wage to their "estates" after they die ? If not, why not - what's the difference ?
No, I'm saying when you aren't constrained by decisions made fifteen years ago, it's a lot easier to take advantage of more modern technology.
Sure, but without knowing anything about what I should be searching for except for some hand-wavey comment, it's hard to use it.
Examples of easy admin vs. security, where security lost out:
I said details, not bluster.
LANMan clear text passwords
Wow, imagine that, clear text passwords in a network protocol written in the early 80s for connecting DOS machines in private LANs.
SMB authentication
What part of it, exactly ?
Always on Windows messenger service (not IM, the original broadcast admin chit chat)
You mean the one which just about every other networked OS ever written has had an equivalent of ?
Other services installed wide open by default
Most of which were designed back when expected connectivity was a secured LAN, not the internet.
Easy open file access, like say, the automatic C$ type admin shares
Because it's not like having an Administrator level login to the machine would give you any other avenues of attack...
Asking for examples of where NT and DOS put ease of use ahead of security is like asking for examples of parts of the Titanic that sunk. What a retarded question.
Then you should be able to do better than trivially explained examples - and particularly ones that are actually relevant to the design of NT, rather than ones showing how technology designed or implemented in dramatically different environments has different attributes or how technology ported to a new platform (like LANMan or SMB) doesn't magically have any flaws fixed.
You might also want to avoid talking about DOS or DOS software when you're giving examples about NT's security model. No amount of OS security can remedy an insecure protocol or program.
When Apple designs the world's first windowing system with real alpha channel translucency, vector scaling everywhere, and windows as texture surfaces, it's a simple "slap" action?
That achievements of their display layer may have been impressive does not change the fact that they were remaking just one component of an OS.
Microsoft has been struggling to deliver their modern graphics subsystem over the last half decade!
Well, Apple bought NeXT at the end of 1996. OS X shipped mid 2001. So 4.5 years (or about how long Microsoft have been working on Vista). But then we need to take into account that it took another two releases and ~18 months to get Quartz Extreme, then another ~2 years to get to Quartz 2D Extreme (which still isn't enabled by default, IIRC).
I don't think Microsoft are doing too bad time-wise, considering Vista's graphics will be *at least* as functional as Tigers. And Apple still have yet to address the performance problems of OS X.
Why don't they ask Apple how to slap it in? Slap!! Windows Vista has Tiger graphics!
Everything I've read suggests Vista's display system will be far more impressive than Quartz [Extreme].
Of course, Apple didn't have Quartz on the back burner for 5 years, it was shipping. And it worked. Since then, they've added significant improvements.
If by "worked" you mean "was dog slow even on the highest end machines and is still sluggish today" and by "significant improvements" you mean "completed the implementation outlined in the initial design", then you've got a point.
If you want to dial back to 1994, then yes: the Mac OS had a simple console OS. But was it a DOS app? Haha, hardly.
Windows 3.x wasn't just a "DOS app", it was practically a self contained OS - it had its own hardware drivers, memory management, CPU scheduling, API, etc. About the only thing DOS was used for was loading it. Technologically, MacOS Classic is roughly on par with Windows 3.x.
A decade later, successive versions of Mac OS X has shipped features Microsoft has only talked about since 2000.
Yes, amazing how much e
No independent, arbitrary number will work in the long run. They will all be replaced by newer, bigger independent and arbitrary numbers (as has been done up until now).
Since copyright is fundamentally an economic tool, I say copyright term needs to be linked to the economic aspect of whatever it's protecting. Either the amount of revenue it generates as a proportion of the creation costs, or something depending on the demand for the product.
There is certainly no justification whatsoever for copyright protection to last beyond the creator's death and, IMHO, little justification at all for it to last even close to their lifetime.
Alternatively, we could just bin the idea of copyright altogether and rely on the free market, telling content producers they may protect their content as best they can with the technology available to them (my preferred solution).
NT was written from the start in C, it wasn't "converted" to it at a later date.
Details, please.
In the meantime, Apple, with a tiny fraction Microsoft's clout, market and developer resources, built Mac OS X with a strong focus on providing modern security features, a complete retrofitting and modernization of their existing legacy OS (Carbon), and a modernized incorporation of NeXT's object based frameworks. They released 5 major versions in that same timeframe, with more than 30 significant updates in between.
Apple bought an OS (NeXT) and slapped on a new display subsystem (Quartz), wrote a virtual machine environment to run legacy code (Classic Environment) and reimplemented an API for their current environment (Carbon). Then they took 3 releases to get a good OS out of it.
And they did this to replace an OS that was at the technological level of DOS-based Windows ca. 1994.
It's a lot easier to make big, impressive changes when it's big, impressive changes you have to make. Microsoft did their whole "next generation OS" thing back in 1993 (and they actually wrote it from scratch). The core of Windows is quite solid. The outer layers (like Win32) are showing their age and history and need to be replaced (and they are). There's simply no need for radical change in Windows - particularly the core of Windows - like there was from MacOS Classic.
Because Apple, starting 5 - 10 years after Microsoft, had substantial hindsight and hardware advantages.
Completely unnecessary. The guts of NT are (and always have been ) quite solid.
i would expect no less for taking over 6 years to build.
It's only been 3 years since the last Windows NT release.
Just look at were KDE, Linux kernel, X where 6 years ago.
It's a lot easier to make large gains when large gains actually need to be made.
Hell look at what Apple did with OS X in far less time than MSFT.
Apple slapped a new display system and virtual machine compatibility layer onto an OS they bought. Then it took them 3 subsequent major releases to get a good product out of it.
Every other major OS has under gone massive revisions and upgrades.
Every other major OS has had a lot more to do.
Hell Apple is working on it's second major change in 6 years. (Mac OS 9 to OS X , PPC to Intel)
PPC to intel is not a major change (well, not from the perspective of the OS). OS X is portable, it hardly needs to be changed at all to move from PPC to x86.
Or they could, like, y'know, maybe buy a *source license*.
In that little antitrust trial they had a while back, Microsoft and Apple weren't considered competitors.
In simple CPU crunching, perhaps, but as soon as any video display or I/O are needed, it all falls in a heap.
Apple has the type of monopoly Microsoft can only dream of.
Yep. It came out 6 months after Windows 2003 and it has had 250 advisories (vs 76 for Windows 2003).
31% system access bugs, versus 55% for Windows 2003.
Ah, but raw percentages can be so delightfully misleading. Let's attach some real numbers to that:
RHEL3 has had 78 "system access bugs" in the past ~25 months, Windows 2003 has had 42 in the past ~31 months.
And notice the nature of the vulnerabilities? Things like cups, or curl. Or Realplayer (wtf?).
And on Windows 2003 we have bugs in similarly irrelevant things like Hyperterminal, Client Service for Netware and the commandline FTP Client.
Why aren't realplayer vulnerabilities included for 2003?
Because it doesn't ship with it.
The problem is that bug counting gets you no where.
An excellent point that so few seem to grasp.
Far more useful is number of compromised installations over time.
Only if examined relative to the total number of installations.
This a metric that reflects administrator competance as well of 'ease of lockdown'. As far as I know, the Unix or Unix-like platform has greater deployment as a server than Windows 2003, or other Windows platforms.
Why on Earth would you limit yourself to only servers ? Is there some magic aura around desktop machines that makes them invulnerable ?
Exactly how many of those secunia vulnerabilities is a "Linux Kernel" vulnerability?
No idea, but if you're going to try and compare numbers, make sure you only compare against "Windows kernel" vulnerabilities to make the comparison relevant.
So lemme use the famous MS marketshare argument.
It's pretty clear you don't understand "the marketshare argument". It's a tad more complicated than "more machines -> more bugs".
If Microsoft servers had greater marketshare than Unix or Unix-like platforms, than perhaps Microsoft Windows would have a greater number of vulnerabilities discovered. Sadly, even though Microsoft has LESS marketshare than Unix or Unix-like platforms, the number of critical vulnerabilities, remote vulnerabilities, and unpatched vulnerabilities are greater.
Firstly, Windows (in general) has around an order of magnitude more marketshare than all the other platforms combined.
Secondly, Windows 2003 probably has - at worst - similar marketshare to RHEL.
Thirdly - according to the web pages you linked to - Windows 2003 has had less than 1/3 the vulnerabilities of RHEL3, despite being on the market for approximately 15% longer (about 6 months). It does, however, have more unpatched vulnerabilities. Certainly, not all vulnerabilities are equal, or equally as likely to be exploited. But I strongly suspect we would never be able to reach an agreement as what should and should not be included, so right now it's the best we can do (FWIW, I think that including Realplayer and OO is dumb, but I can see a strong argument for including things like curl and cups).
Windows 2003 is no security nirvana.
No OS is.
Better than XP? Perhaps.
The majority of security "problems" that afflict XP have little to do with OS vulnerabilities.
But not by much, and only by exclusion of certain software and disabled services.
Disabling services *is* one of those ways most people consider important for improving security.
Grand. I don't care that they recompiled most of the system. Vulnerabilities continue to abound.
As they do in Linux.
Step one, don't release Vista in the same state that the latest Visual Studio was released in. http://minimsft.blogspot.com/2005/11/hey-sharehold ers-vs-2005-is-fantastic.html
I'm sure we can both find partisan blogs to support any argument we want.
Yes, Vista is really, real
No-one is to "blame", it's just what happened.
Customers wouldn't (or couldn't) migrate away from DOS-based Windows, ergo Microsoft had to update the product for them.
If you really think Microsoft _wanted_ the hassle and expense of maintaining, supporting, and marketing two different codebases while trying to keep binary compatibility between them (and their previous releases), you've got a pretty weird idea about a preferable way to run a software business.
This argument would hold water _if_ Microsoft's own Windows-9X Logo guidelines hadn't told people to write applications in precisely the way you are saying they shouldn't have.
That's a rather extraordinary claim. Evidence ?
By talking about hard realtime apps you're *well* out of the realms of anything the typical developer will be doing and relevant to this discussion. If required you _can_ have access to the Windows source code for these sort of (highly uncommon) situations.
Let me straighten you out...You have a lot of things wrong. The first version of Windows NT (3.1) was released in 1993 and had the same GUI as the normal Windows Operating System (told ya), [...]
Were this anywhere but Slashdot, I'd be surprised someone talking about "hard real time" a few sentences earlier would draw conclusions about an OS's internals based on its GUI.
The two big postives were a better security model and real multi-tasking (NOT MULTI-USER).
NT was multiuser from the start - according to the people who wrote it, any Operating Systems textbook that discusses it and, indeed, pretty much everyone except a bunch of trolls on Slashdot.
The advanced features in NT were copied from VAX/VMS, Microsoft hired a group of 6 VMS developers from Digital Equipment Corporation led by Dave Cutler to build Windows NT, and many elements of the design reflect earlier DEC experience with VMS and RSX-11.
How could Cutler have been "copying" something he wrote in the first place ?
So, It WAS NOT a clean sheet design from Redmond, it was a VAX/VMS security model on top ofthe Win3.1 GUI compatiability and other code for backward compatiabilty.
No, you have it completely arse-about-face.
NT was built from scratch - a completely new codebase. It had (has) a very similar design to VMS, because it was designed and written by the same people who wrote VMS. The security model was designed into it from the beginning. It was _always_ multiuser. The only architectural changes of any significance since NT 3.1 have been moving certain components to Ring 0 (and in some cases back out again).
*Then*, the win32 API, OS/2 API, POSIX API, Windows 3.x GUI and various other compatibility layers were added to that OS core. NT wasn't even designed to be a successor of Windows, it was designed to be a successor of OS/2 - until the surprise popularity of Windows 3.0, *2 years* after NT development began - this fact alone blows your theories out of the water.
I can run Windows apps on Linux and Linux apps on FreeBSD, as well, but that doesn't mean Linux has anything in common with Windows or FreeBSD has anything in common with Linux. Binary and API compatibility != code sharing or development history.
It WAS new technology to MS, hence the name from Marketing, the developers said it was N-Ten but that isn't a sexy name.
NT was pretty "New Technology" to the consumer-level marketplace.
Windows NT 3.1 ran on x86, Alpha, and MIPS processors. Windows NT 3.51 added PowerPC. Intergraph Corporation ported Windows NT to its Clipper architecture and later SPARC, but neither version was sold to the public (I remember Alpha and MIPS boxes with NT).
Amazing how you can know so much (or at least be able to regurgitate it from somewhere), yet still be wrong on such a fundamental level.
You can't change history no matter how much MS wants to. It is what it is. You are the one who got sucked in to the Windows Marketing Machine. I told you I was neutral, as someone who has done deep dives into Windows AND Unix I know what I'm talking about. No go back to keeping your Windows boxes online while my Solaris boxes take care of themselves. I'm done with this thread, it's a waste of time.
I challenge you to
Yes, that's because just "killing applications" that don't play the way you'd prefer them to isn't much of an option in the commercial world. It tends to lose you customers and, hence, revenue.
It's quite common in the OSS world, of course - but the OSS world has the luxuries of not needing to worry about staying in business or keeping its customers happy.
The most famous anecdote in that regard is about the Sims which had faulty memory management. Microsoft chose to program an exception for the Sims into Windows memory management rather than saying "tough luck, get a patch from Maxis".
The program was actually Sim City - the DOS original. The Sims wasn't even a glint in Maxis's eye at the time.
It is unfortunately not uninstallable by default, [...]
That's because Microsoft are selling an entire product, not a series of bits stuck together like a patchwork quilt. Much like you can't just walk in and buy a new Ford without the engine, fuel tank and seats, you can't buy Windows without essential parts.
[...] and shared by the only available shell, Windows Explorer.
Actually loaded by the shell (or any other piece of software) when required, just like any other shared component in any other OS.
Thus giving Windows Explorer the ability to go to internet URLs and potentially get infected by IE exploits. Also, several Microsoft applications need IE to be present.
As do numerous third party applications. That's kind of the whole point behind modular, reusable code, after all.
So while you comment may be correct from a programming point of view, IE is still more than an application you can simply uninstall for security reasons.
That's correct. It is, in fact, a shared OS-level component. Like khtml, gtk, qt, glibc, quicktime, WebCore, or any of thousands of other pieces of shared codes on dozens of other OSes.
You can remove it if you really want to, but you should be prepared to break anything that depends on its functionality.
I call that "deeply linked" and a weakness in design
Are khtml, gtk, glibc, WebCore and all those other shared components/libraries "weaknesses in design" as well ? Or are bugs in them just one of the engineering tradeoffs inherent to a modular design built around the premise of re-using code wherever possible ?