The closest analog in Windows is IE7's Protected Mode, where IE7 (and only IE7) is sandboxed and is unable to access anything but it's own configuration files.
No, the closest thing in windows is the Mandatory Access Controls used in services.
Services are given specific abilities to read/write only specific things, and nothing else.
Of course, you could always do this with windows just by making each service run as a separate user, and give that user specific access controls. It's just a bit easier with the new system. And no easy way to do it with desktop apps.
There's also integrity levels, which prevents communications (rpc, window messaging, etc) from a lower integrity process to a higher integrity process.
While that system can barely run Vista,on that exact same hardware I run Kubuntu 64 bit while I have 2 windows XP machine running in VMWare (at a very decent speed), and my Linux desktop is still very responsive, playing a movie, browsing/. and compiling Asterisk.
Please. A Vista x64 screams on that platform. I'm using one right now.
I've done similar loads on this laptop and it does just fine. My heaviest work is java app dev, running Eclipse, 2 Tomcats, Oracle Enterprise, on top of the big memory hogs of Firefox and opera, and all the little regular stuff.
The only problem I have is that Eclipse+tomcat+tomcat+oracle uses over 3GB of ram combined when running the app, so I am going to have to shove 8gb of memory into this damn laptop to avoid it getting swappy.
I still don't run an anti-virus and feel confident in my safety, and I never see a popup screen asking me permission for every move I do.
When I upgrade my PC it is so that I can do more with it, not just so I can still do what I did on the old one at a slower pace.
Vista has its warts, but it performs noticeably better with higher end hardware than XP did, even XP-64. Its more stable and responsive under load including IO load.
It can be bad with substandard specs, or hardware with problematic drivers, or a bunch of trialware and crap installed by the OEM, or really slow disk subsystems. Avoid that, and Vista runs great.
Microsoft cannot envision a world WITHOUT Microsoft... and they force OEMS into "do or die" contracts to include only windows.. or they'll give a better price to somebody that plays along.
Of course you realize that MS has been explicitly prohibited from doing this in the US and the EU for many years. And of course you realize that this isnt true of any of the big OEMs as they offer a number of operating systems.
the author has no concept of the sheer amount of proprietary code and lock in Windows and Office have
This sentence makes no sense.
Windows and Office are 100% proprietary. They dont contain some subset quantity of proprietary code, its all proprietary code. Unless you mean code they bought from someone else that they wouldnt have the rights to release?
And how does Windows or Office 'have' lock-in? What does that even mean?
It can be very expensive to make a large, mature codebase ready for open source.
Some things that cost money:
- removing/replacing/rewriting code you dont own that you bought from someone else, but dont have the rights to open source (java had this problem with some of their audio stack IIRC)
- cleansing the code of profanities, personal attacks, racism, and just general comment unpleasantness
- fixing any dirty little secrets that are horrible glaring bugs that the company never fixed because it would be hugely expensive and the bugs were never discovered publicly
- hosting and support. you cant just throw it out there and expect people to just figure it out. you've got to write documentation, how-tos, etc.
- build dependencies on internal/home-grown systems/libraries/tools that you down own and/or cant release to open source
and so forth.
It's not just a button you push and say 'let it be free (gratis)', and its that easy.
Amazon is using Xen to build a product/service. They're not only using it internally in an enterprise capacity.
And Amazon's use of Xen in EC2 doesnt fall under the typical definition of 'enterprise'. They're a service provider.
The economics around open-source for a service provider are completely different than the economics for a typical enterprise just using it internally.
For the latter, virtualization isnt core to the business, its just a tool they use to get the real stuff done. In many cases, therefore, its not worth it to skill up internally and work through the warts of a system like Xen.
For the former (like Amazon), who wants to sell a product at volume, the marginal cost of non-free virtualization dwarfs other costs at volume. Therefore, in their situation, it is economically worth it to staff up in-house, learn the warts, and maybe even modify Xen to fit their needs.
But the two situations are not even remotely equal, and you cannot compare them. It is not logical to say that because Amazon uses Xen in a for-pay product/service that they sell, that its a good choice for random Corporation X who just wants to use it internally to manage their system instances.
Asking these customers to believe that "free" stuff is greater-than-or-equal-to what they have been spending thousands upon thousands of dollars on is like asking Christians to consider the notion that there is no god. They simply can't go there mentally.
What an incredibly ignorant set of assertions.
Many, many IT directors do actively and regularly examine the open-source alternatives to their vendor-supplied systems. Sometimes they change their systems as a result.
Someone below explains how many of those analysis go. Sometimes the more mature solution is worth a few extra dollars, especially if the few extra dollars are small compared to the total cost of the implementation, and tiny compared to the cost of failure. Sometimes its not, but thats a decision made every day.
Many, many Christians consider the notion that there is no God. Some of them fall away as a result, some of them dont. Some of them are even intelligent and can hold multiple concepts in their heads at the same time.
Your post is a ridiculous, nonsensical assertion that has no basis in reality and can trivially be disproved by simple observation.
If they want to regain peoples trust let them release all the docs the Wine project would need to be 100% interoperable.
Now this is just you being disingenuous. There is no 'document' that describes how to perfectly implement win32, user32 etc. Windows is filled with 15 years of shims, edge-cases, special-cases, back-compat-hacks, and just plain bad code, like every other commercial software of size and complexity.
Such a thing doesnt exist, other than in the source code itself, plus the build process, plus the compat testing, plus the testing scripts, etc etc.
And you know that, so asking for it is just being silly.
Then release real interoperability docs for exchange, sharepoint, etc.
Yeah, that happened last year. Go google it.
MS even went to the trouble of having plugfests and such for the samba project on their campus, put them one-on-one with the engineers who actually work on these things etc.
It may have taken along time, and the EU to get involved, but its out there.
You also probably knew that, and if you didnt, then you're having conversations about an industry that you apparently dont follow, which is also silly.
This is the simple-minded response to freedom everywhere. It sounds good, shuts people up who dont have time to sit around and think about it, but is generally quite silly.
Everything starts with an axiom, so lets start with a couple:
1. Every human individual is equally valuable.
2. Freedom applied to self trumps freedom applied to others.
(yes, I know there are deeper axioms, but I only have limited time here, and dont want to have to list all the turtles)
Thats all you need to completely invalidate your argument.
To demonstrate:
"Freedom to own slaves"
Without even getting into the discussion of why two highly subjective and ambiguous words such as 'own slaves' can't effectively be applied to 'freedom'...
An individual's freedom to not be owned (self-context) of course must trump another's "freedom" to enslave others (other-context).
You're always going to have conflicting freedoms in a modern society, but you can always just strip the argument back to self as the fundamental unit of freedom, which simplifies things.
So please... next time think about your argument before you trot out what you did. It embarasses us all.
With a more reasonable increase, the customer is more likely to feel "forced"[1] into paying the extra, because it amounts to less than the cost of a migration project.
In no case is it forced or coerced. Thats my point. The use of words like those are deliberately chosen to confuse and mis-inform people.
That's how vendor lock-in works. If you don't understand that, then I recommend you don't buy any software or make software purchasing recommendations... heck, just stop using software until you understand the concept.
Nice high-horse you've got there.
There is no such a thing as vendor-lock-in. It's an emotionally laden word that doesnt really mean what people think it means.
There are simply choices and marginal costs.
Some businesses are better at constructing the business relationship such that they can make the marginal cost of moving to another product always slightly higher than the cost of staying with.
Thats not a 'lock in', its not 'forcing', and its not 'coercing'. In all cases, the business/customer in question can do whatever they want, and move to whatever competing product they want. Or they can stay. In both cases there are costs.
Talking with words like lock-in and force and coerce just tries to create an emotional feeling associated with the subject matter. It's a manipulation technique.
Since so many web servers out there are linux, it stands to reason that virus writers would be more motivated to attack linux, owning a much more strategic point in the web than some end user's windows PC.
There are. There are a huge number of constantly running automated attack scripts against PHP, mis-configured Apache, and SSH. Hundreds to thousands of attempts per day, depending on the system.
If you dont see them beating against your boxen 24/7 constantly, then you're not looking very closely at your logs.
First, stop making the product so absurdly exploitable. In no way should it be possible to contract malware from simply visiting a website, or leaving a network cable plugged in.
I'm not sure what you see different on Windows from any other OS in this regard.
In windows, mac and unix, if you're not running as admin, you cant have malware take over your system (barring the occasional local priv escalation exploit).
In windows, mac and unix, if you're running as admin, then anything that comes by and exploits an app vulnerability (acrobat, flash, shockwave, quicktime) owns your box.
In windows, mac and unix, the same app level flaws, particularly in flash and quicktime are present.
In windows, mac and unix, just plugging in the network cable will never exploit your system, as long as its reasonably patched.
Second, make it obvious what you're doing, but not actually intrusive. It should not be possible to download and execute a program without realizing what you're doing. For an example of how to do this wrong, see VBA -- I should not be able to contract malware from a fucking office document. Nor should I have to memorize a list of dangerous file extensions.
Acrobat, Flash, and Quicktime all suffer from exactly the same problem as office w/ VBA in many platforms.
Have you disabled (in the registry) autorun/autoplay for all drives? Because if you haven't you are still vulnerable to a virus from e.g. an infected USB drive.
Only if you're running as admin with UAC turned off.
I used to think along the lines of what you're describing, until my Vista PC got infected by a virus which came from the factory on a USB mp3 player.
You do realize that your statement shows that you either:
1. Ran as admin with UAC turned off. or 2. Purposely chose to allow the malware on the thumbdrive run as admin by choosing Allow or putting in your passworing in the UAC elevation prompt?
This isnt a Vista problem, this is a user training problem.
Microsoft spends HUGE amounts of money and man-hours doing exactly as you describe. The problem isnt that, and even those exploits get patched so its not that big of a deal, and no different than any other OS.
Securing a windows desktop isnt that hard, you just dont run as admin, have it automatically update as soon as new patches are released, and dont use IE, Acrobat, Quicktime, Shockwave or Flash (all of which are notoriously buggy and full of holes).
Of course, the 'dont use Acrobat, Quicktime, Shockwave, or Flash' is the same advice regardless of operating system.
Run it that way, and it works great, and you dont have problems.
Well, what's wrong with Microsoft actually security their operating system from users running apps that are capable of writing to important system files and installing unwanted services without permission? Maybe that would be a good thing?
Windows' security works the same as every other modern OS, in that users have exactly as much permission as you give them.
If you have them running as admin, then they're admin. If you dont, then they're not.
It's been that way since NT3.51.
There's no magical hole in the sky in windows that allows non-admin users to do admin-stuff (other than the same occasional local priv escalation exploit that all operating systems suffer periodically).
As far as the playing.mp3 files and copying other files over your local network goes, this is also a long standing fact that Microsoft admitted to.
You lost alot of credibility when you bring this up, when you clearly dont understand what happened here.
Do some research on this, you'll find that this had nothing to do with DRM. It had to do with the audio prioritization subsystem going a little overboard in certain hardware/environment situations.
In other words, it was a junior programmer error, that had nothing to do with DRM. This is and was well publicized.
The fact that you keep trotting this out when you clearly didnt do your own research on what happened damages your credibility.
It suggests that you just internalize and repeat what you hear without any critical analysis.
1 - It still doesn't disable autorun/autoplay from writeable media by default. This is totally inexcusable these days. In fact, I would argue that autorun/autoplay in general is inexcusable. At most there should be a popup asking if you want to explore the volume or run the autorun/autoplay program.
True that its not disabled by default. However, the configuration tool to control things like autorun/autoplay is light years better than in XP (which didnt have one, was all registry hacks).
And it still asks you how you want to handle these kinds of devices the first time you insert one. Then you can click 'do nothing' for 'everything' if you want.
2 - File copies are ridiculously slow. Unzipping files using the built-in handler is unbelievably slow compared to e.g. 7-zip.
These are two separate and unrelated issues. The built in unzipper/zipper tool in Windows is HIDEOUSLY slow compared to WinZip/7-Zip/etc.
File copying slowness seems to be just for some people, and is definitely not a universal phenomenon.
4 - In order to allow write access to the Public folder, I have to use the asinine "Network and Sharing Center", the most pointless piece of crap middleman "utility" ever invented by Microsoft.
This is only if you leave it in home-style wizard mode. Cant remember off the top of my head how to fix it, but a 30-second google search will do you for it.
5 - The only view I ever want to use in Explorer is Details. So like every other version of Windows, the first thing I did was to set the view to Details for a folder, go into the Folder Options, and tell Windows not to use unique views for each folder. Despite doing this many times, Vista will still randomly pick other views that it thinks are better (even though they're worse) for some folders some of the time. It also refuses to remember the sort order I choose for my Documents folder, and every time I go into it, it's sorted by Type, not Name.
Agreed. This is one of the most horrible implementations of this sort of thing Ive ever seen.
7 - It's bogged down with DRM.
How do you support this? I've never seen any DRM. Of course, I dont use DRM products, so *shrugs*.
8 - Because of the new driver models, support for a bunch of still-useful legacy hardware was dropped. Should I really have to buy a new analogue video capture card, for example? S-Video and composite haven't really changed much in the last few years.
This is just life. Sometimes OS makers have to radically change driver models to move into the future. Your real complaint is with your video capture card maker, who is the one trying to force you to buy a new product by choosing not to write a new driver.
This argument is particularly specious. Hardware support will break periodically as operating systems make big changes in their underlying systems. Welcome to life. This is one of those things that MS should be wholly congratulated for, as breaking a bunch of backwards compatibility is long overdue with them.
I also have to ask... why did you move to a Vista machine or upgrade to Vista if your card wasnt supported? It's not like you're a home newb if you're here discussing this....
11 - The stupid split-token behaviour for administrators if UAC is enabled (although I can't remember offhand if this is just in Server 2008 or Vista as well, because I turn off UAC on my personal system). If you're going to copy (K)Ubuntu, please do it right, MS.
This is configurable. If you dont want it to force elevations (ie, the split mode you're talking about) when logged in as admin, then just change the configuration to HAVE IT NOT DO THAT. You can still leave non-admins required to elevate with a user/pass.
12 - There's still no true equivalent of a root account. Even if you use psexec to start up a command line in the context of the system account, there are things it's not allowed to do.
See my answer to #11. If you dont like this default home-user-targeted behavior, then change it.
What frustrates me the most is its inflexibility. The primary problem I have with the new UI's is how they waste screen real estate. I don't need huge icons everywhere when a 16x16 will get the point across. I have a massive amount of screen real estate, but wasting it on dead whitespace or buttons I never click still bothers me.
So minimize the ribbon. It only pops out when you move your mouse up there.
Be aware that accessing Jet db's across an SMB/CIFS share is not representative of overall performance of the system doing that SMB/CIFS sharing.
There seems to be alot of special-casing and exception handling for Jet access, and Samba has never done it as well, since its such a giant hack (IMO).
My point is that samba is very fast... but in that one very special case of networked jet db access, it may not be. But the rest of the samba stuff will be quite fast.
You are basically putting yourself in a situation where Microsoft could raise their price 1,000% per seat and you would be forced to pay.
In what conceivable way are they 'forced to pay'.
If they're in a subscription the pricing is locked for the duration. If they are not then its already paid for and they own it.
If MS were to raise the price 1000% then the business goes into the following decision tree:
* is the cost increase more expensive than the concrete and non-concrete migration costs to move away, or greater than the risk/cost of running unsupported software? ** if yes, then either migrate or stay where you're at ** if no, then pay microsoft next time you want to buy more stuff
There's no 'force'. There's simply the product cost, vs. the migration cost. Whichever one is cheaper, the business is likely to make that choice. This isnt something immoral, its just business and economics. Every business on the planet will try to make it painful for you to switch away from them.
If MS has developed such a good product (by some criteria that matches market selection) that everyone has it, and no one wants to go off it, and they can raise their prices and have people still stay with them, then they're being an effective business. This happens all the time where people will pay a premium for quality.
Now its arguable that most people would label what MS does as 'quality' per se, but its quality by some form of market selection, as people continue to buy from them.
This is really simple stuff, and no one is pointing a gun at anyone's head and saying 'you must pay now'. Thats one of the really annoying mythologies that floats around here.
Slashdot Mirror
Of course the argument can be made that MS should've locked down Program Files from the beginning, but that's another discussion.
Program Files have always been locked down.
The only thing that's changed is that the default user doesnt run with admin security privs in Vista and later, even if they're an admin account.
Sure, the prompts are, but it also restricts what can be run at startup (regardless of permissions)
No, it doesnt.
You have 20-30 services (maybe more or less) that run quite well on startup and dont have anything to do with UAC.
messes around with various directories that MS have decided are sacred, silently redirecting write operations to other places.
No, it doesnt.
That is program file virtualization, not UAC. And its not on by default.
Why are you conflating utterly unrelated things?
The argument is that windows ACL system is superior because its more fine-grained than UGO type security on unix systems.
Your response is that its not true because you dont like the registry???
Talk about fail-whale.
The closest analog in Windows is IE7's Protected Mode, where IE7 (and only IE7) is sandboxed and is unable to access anything but it's own configuration files.
No, the closest thing in windows is the Mandatory Access Controls used in services.
Services are given specific abilities to read/write only specific things, and nothing else.
Of course, you could always do this with windows just by making each service run as a separate user, and give that user specific access controls. It's just a bit easier with the new system. And no easy way to do it with desktop apps.
There's also integrity levels, which prevents communications (rpc, window messaging, etc) from a lower integrity process to a higher integrity process.
While that system can barely run Vista,on that exact same hardware I run Kubuntu 64 bit while I have 2 windows XP machine running in VMWare (at a very decent speed), and my Linux desktop is still very responsive, playing a movie, browsing /. and compiling Asterisk.
Please. A Vista x64 screams on that platform. I'm using one right now.
I've done similar loads on this laptop and it does just fine. My heaviest work is java app dev, running Eclipse, 2 Tomcats, Oracle Enterprise, on top of the big memory hogs of Firefox and opera, and all the little regular stuff.
The only problem I have is that Eclipse+tomcat+tomcat+oracle uses over 3GB of ram combined when running the app, so I am going to have to shove 8gb of memory into this damn laptop to avoid it getting swappy.
I still don't run an anti-virus and feel confident in my safety, and I never see a popup screen asking me permission for every move I do.
When I upgrade my PC it is so that I can do more with it, not just so I can still do what I did on the old one at a slower pace.
Vista has its warts, but it performs noticeably better with higher end hardware than XP did, even XP-64. Its more stable and responsive under load including IO load.
It can be bad with substandard specs, or hardware with problematic drivers, or a bunch of trialware and crap installed by the OEM, or really slow disk subsystems. Avoid that, and Vista runs great.
Microsoft cannot envision a world WITHOUT Microsoft... and they force OEMS into "do or die" contracts to include only windows.. or they'll give a better price to somebody that plays along.
Of course you realize that MS has been explicitly prohibited from doing this in the US and the EU for many years. And of course you realize that this isnt true of any of the big OEMs as they offer a number of operating systems.
the author has no concept of the sheer amount of proprietary code and lock in Windows and Office have
This sentence makes no sense.
Windows and Office are 100% proprietary. They dont contain some subset quantity of proprietary code, its all proprietary code. Unless you mean code they bought from someone else that they wouldnt have the rights to release?
And how does Windows or Office 'have' lock-in? What does that even mean?
It can be very expensive to make a large, mature codebase ready for open source.
Some things that cost money:
- removing/replacing/rewriting code you dont own that you bought from someone else, but dont have the rights to open source (java had this problem with some of their audio stack IIRC)
- cleansing the code of profanities, personal attacks, racism, and just general comment unpleasantness
- fixing any dirty little secrets that are horrible glaring bugs that the company never fixed because it would be hugely expensive and the bugs were never discovered publicly
- hosting and support. you cant just throw it out there and expect people to just figure it out. you've got to write documentation, how-tos, etc.
- build dependencies on internal/home-grown systems/libraries/tools that you down own and/or cant release to open source
and so forth.
It's not just a button you push and say 'let it be free (gratis)', and its that easy.
Lets think about this.
Amazon is using Xen to build a product/service. They're not only using it internally in an enterprise capacity.
And Amazon's use of Xen in EC2 doesnt fall under the typical definition of 'enterprise'. They're a service provider.
The economics around open-source for a service provider are completely different than the economics for a typical enterprise just using it internally.
For the latter, virtualization isnt core to the business, its just a tool they use to get the real stuff done. In many cases, therefore, its not worth it to skill up internally and work through the warts of a system like Xen.
For the former (like Amazon), who wants to sell a product at volume, the marginal cost of non-free virtualization dwarfs other costs at volume. Therefore, in their situation, it is economically worth it to staff up in-house, learn the warts, and maybe even modify Xen to fit their needs.
But the two situations are not even remotely equal, and you cannot compare them. It is not logical to say that because Amazon uses Xen in a for-pay product/service that they sell, that its a good choice for random Corporation X who just wants to use it internally to manage their system instances.
Asking these customers to believe that "free" stuff is greater-than-or-equal-to what they have been spending thousands upon thousands of dollars on is like asking Christians to consider the notion that there is no god. They simply can't go there mentally.
What an incredibly ignorant set of assertions.
Many, many IT directors do actively and regularly examine the open-source alternatives to their vendor-supplied systems. Sometimes they change their systems as a result.
Someone below explains how many of those analysis go. Sometimes the more mature solution is worth a few extra dollars, especially if the few extra dollars are small compared to the total cost of the implementation, and tiny compared to the cost of failure. Sometimes its not, but thats a decision made every day.
Many, many Christians consider the notion that there is no God. Some of them fall away as a result, some of them dont. Some of them are even intelligent and can hold multiple concepts in their heads at the same time.
Your post is a ridiculous, nonsensical assertion that has no basis in reality and can trivially be disproved by simple observation.
If they want to regain peoples trust let them release all the docs the Wine project would need to be 100% interoperable.
Now this is just you being disingenuous. There is no 'document' that describes how to perfectly implement win32, user32 etc. Windows is filled with 15 years of shims, edge-cases, special-cases, back-compat-hacks, and just plain bad code, like every other commercial software of size and complexity.
Such a thing doesnt exist, other than in the source code itself, plus the build process, plus the compat testing, plus the testing scripts, etc etc.
And you know that, so asking for it is just being silly.
Then release real interoperability docs for exchange, sharepoint, etc.
Yeah, that happened last year. Go google it.
MS even went to the trouble of having plugfests and such for the samba project on their campus, put them one-on-one with the engineers who actually work on these things etc.
It may have taken along time, and the EU to get involved, but its out there.
You also probably knew that, and if you didnt, then you're having conversations about an industry that you apparently dont follow, which is also silly.
This is the simple-minded response to freedom everywhere. It sounds good, shuts people up who dont have time to sit around and think about it, but is generally quite silly.
Everything starts with an axiom, so lets start with a couple:
1. Every human individual is equally valuable.
2. Freedom applied to self trumps freedom applied to others.
(yes, I know there are deeper axioms, but I only have limited time here, and dont want to have to list all the turtles)
Thats all you need to completely invalidate your argument.
To demonstrate:
"Freedom to own slaves"
Without even getting into the discussion of why two highly subjective and ambiguous words such as 'own slaves' can't effectively be applied to 'freedom' ...
An individual's freedom to not be owned (self-context) of course must trump another's "freedom" to enslave others (other-context).
You're always going to have conflicting freedoms in a modern society, but you can always just strip the argument back to self as the fundamental unit of freedom, which simplifies things.
So please ... next time think about your argument before you trot out what you did. It embarasses us all.
I dont know off the top of my head if Apache allows re-licensing, though I believe it does. Assuming so ....
The GPL licensed software that you forked has GPL license.
The Apache licensed software that was already there still has the same license it had before.
They're now two different pieces of software.
With a more reasonable increase, the customer is more likely to feel "forced"[1] into paying the extra, because it amounts to less than the cost of a migration project.
In no case is it forced or coerced. Thats my point. The use of words like those are deliberately chosen to confuse and mis-inform people.
That's how vendor lock-in works. If you don't understand that, then I recommend you don't buy any software or make software purchasing recommendations ... heck, just stop using software until you understand the concept.
Nice high-horse you've got there.
There is no such a thing as vendor-lock-in. It's an emotionally laden word that doesnt really mean what people think it means.
There are simply choices and marginal costs.
Some businesses are better at constructing the business relationship such that they can make the marginal cost of moving to another product always slightly higher than the cost of staying with.
Thats not a 'lock in', its not 'forcing', and its not 'coercing'. In all cases, the business/customer in question can do whatever they want, and move to whatever competing product they want. Or they can stay. In both cases there are costs.
Talking with words like lock-in and force and coerce just tries to create an emotional feeling associated with the subject matter. It's a manipulation technique.
Sure there is. It's called Safe Mode.
Boot into safe mode and change the video driver to the vga software driver, then boot normally and install the correct driver.
Since so many web servers out there are linux, it stands to reason that virus writers would be more motivated to attack linux, owning a much more strategic point in the web than some end user's windows PC.
There are. There are a huge number of constantly running automated attack scripts against PHP, mis-configured Apache, and SSH. Hundreds to thousands of attempts per day, depending on the system.
If you dont see them beating against your boxen 24/7 constantly, then you're not looking very closely at your logs.
Of course, the same question can be asked of Acrobat Reader: why is a badly coded app able to infect the whole system?
It's not.
Unless you're running your desktop as admin.
First, stop making the product so absurdly exploitable. In no way should it be possible to contract malware from simply visiting a website, or leaving a network cable plugged in.
I'm not sure what you see different on Windows from any other OS in this regard.
In windows, mac and unix, if you're not running as admin, you cant have malware take over your system (barring the occasional local priv escalation exploit).
In windows, mac and unix, if you're running as admin, then anything that comes by and exploits an app vulnerability (acrobat, flash, shockwave, quicktime) owns your box.
In windows, mac and unix, the same app level flaws, particularly in flash and quicktime are present.
In windows, mac and unix, just plugging in the network cable will never exploit your system, as long as its reasonably patched.
Second, make it obvious what you're doing, but not actually intrusive. It should not be possible to download and execute a program without realizing what you're doing. For an example of how to do this wrong, see VBA -- I should not be able to contract malware from a fucking office document. Nor should I have to memorize a list of dangerous file extensions.
Acrobat, Flash, and Quicktime all suffer from exactly the same problem as office w/ VBA in many platforms.
Have you disabled (in the registry) autorun/autoplay for all drives? Because if you haven't you are still vulnerable to a virus from e.g. an infected USB drive.
Only if you're running as admin with UAC turned off.
I used to think along the lines of what you're describing, until my Vista PC got infected by a virus which came from the factory on a USB mp3 player.
You do realize that your statement shows that you either:
1. Ran as admin with UAC turned off.
or
2. Purposely chose to allow the malware on the thumbdrive run as admin by choosing Allow or putting in your passworing in the UAC elevation prompt?
This isnt a Vista problem, this is a user training problem.
Microsoft spends HUGE amounts of money and man-hours doing exactly as you describe. The problem isnt that, and even those exploits get patched so its not that big of a deal, and no different than any other OS.
Securing a windows desktop isnt that hard, you just dont run as admin, have it automatically update as soon as new patches are released, and dont use IE, Acrobat, Quicktime, Shockwave or Flash (all of which are notoriously buggy and full of holes).
Of course, the 'dont use Acrobat, Quicktime, Shockwave, or Flash' is the same advice regardless of operating system.
Run it that way, and it works great, and you dont have problems.
Well, what's wrong with Microsoft actually security their operating system from users running apps that are capable of writing to important system files and installing unwanted services without permission? Maybe that would be a good thing?
Windows' security works the same as every other modern OS, in that users have exactly as much permission as you give them.
If you have them running as admin, then they're admin. If you dont, then they're not.
It's been that way since NT3.51.
There's no magical hole in the sky in windows that allows non-admin users to do admin-stuff (other than the same occasional local priv escalation exploit that all operating systems suffer periodically).
As far as the playing .mp3 files and copying other files over your local network goes, this is also a long standing fact that Microsoft admitted to.
You lost alot of credibility when you bring this up, when you clearly dont understand what happened here.
Do some research on this, you'll find that this had nothing to do with DRM. It had to do with the audio prioritization subsystem going a little overboard in certain hardware/environment situations.
In other words, it was a junior programmer error, that had nothing to do with DRM. This is and was well publicized.
The fact that you keep trotting this out when you clearly didnt do your own research on what happened damages your credibility.
It suggests that you just internalize and repeat what you hear without any critical analysis.
1 - It still doesn't disable autorun/autoplay from writeable media by default. This is totally inexcusable these days. In fact, I would argue that autorun/autoplay in general is inexcusable. At most there should be a popup asking if you want to explore the volume or run the autorun/autoplay program.
True that its not disabled by default. However, the configuration tool to control things like autorun/autoplay is light years better than in XP (which didnt have one, was all registry hacks).
And it still asks you how you want to handle these kinds of devices the first time you insert one. Then you can click 'do nothing' for 'everything' if you want.
2 - File copies are ridiculously slow. Unzipping files using the built-in handler is unbelievably slow compared to e.g. 7-zip.
These are two separate and unrelated issues. The built in unzipper/zipper tool in Windows is HIDEOUSLY slow compared to WinZip/7-Zip/etc.
File copying slowness seems to be just for some people, and is definitely not a universal phenomenon.
4 - In order to allow write access to the Public folder, I have to use the asinine "Network and Sharing Center", the most pointless piece of crap middleman "utility" ever invented by Microsoft.
This is only if you leave it in home-style wizard mode. Cant remember off the top of my head how to fix it, but a 30-second google search will do you for it.
5 - The only view I ever want to use in Explorer is Details. So like every other version of Windows, the first thing I did was to set the view to Details for a folder, go into the Folder Options, and tell Windows not to use unique views for each folder. Despite doing this many times, Vista will still randomly pick other views that it thinks are better (even though they're worse) for some folders some of the time. It also refuses to remember the sort order I choose for my Documents folder, and every time I go into it, it's sorted by Type, not Name.
Agreed. This is one of the most horrible implementations of this sort of thing Ive ever seen.
7 - It's bogged down with DRM.
How do you support this? I've never seen any DRM. Of course, I dont use DRM products, so *shrugs*.
8 - Because of the new driver models, support for a bunch of still-useful legacy hardware was dropped. Should I really have to buy a new analogue video capture card, for example? S-Video and composite haven't really changed much in the last few years.
This is just life. Sometimes OS makers have to radically change driver models to move into the future. Your real complaint is with your video capture card maker, who is the one trying to force you to buy a new product by choosing not to write a new driver.
This argument is particularly specious. Hardware support will break periodically as operating systems make big changes in their underlying systems. Welcome to life. This is one of those things that MS should be wholly congratulated for, as breaking a bunch of backwards compatibility is long overdue with them.
I also have to ask ... why did you move to a Vista machine or upgrade to Vista if your card wasnt supported? It's not like you're a home newb if you're here discussing this ....
11 - The stupid split-token behaviour for administrators if UAC is enabled (although I can't remember offhand if this is just in Server 2008 or Vista as well, because I turn off UAC on my personal system). If you're going to copy (K)Ubuntu, please do it right, MS.
This is configurable. If you dont want it to force elevations (ie, the split mode you're talking about) when logged in as admin, then just change the configuration to HAVE IT NOT DO THAT. You can still leave non-admins required to elevate with a user/pass.
12 - There's still no true equivalent of a root account. Even if you use psexec to start up a command line in the context of the system account, there are things it's not allowed to do.
See my answer to #11. If you dont like this default home-user-targeted behavior, then change it.
What frustrates me the most is its inflexibility. The primary problem I have with the new UI's is how they waste screen real estate. I don't need huge icons everywhere when a 16x16 will get the point across. I have a massive amount of screen real estate, but wasting it on dead whitespace or buttons I never click still bothers me.
So minimize the ribbon. It only pops out when you move your mouse up there.
Be aware that accessing Jet db's across an SMB/CIFS share is not representative of overall performance of the system doing that SMB/CIFS sharing.
There seems to be alot of special-casing and exception handling for Jet access, and Samba has never done it as well, since its such a giant hack (IMO).
My point is that samba is very fast ... but in that one very special case of networked jet db access, it may not be. But the rest of the samba stuff will be quite fast.
You are basically putting yourself in a situation where Microsoft could raise their price 1,000% per seat and you would be forced to pay.
In what conceivable way are they 'forced to pay'.
If they're in a subscription the pricing is locked for the duration. If they are not then its already paid for and they own it.
If MS were to raise the price 1000% then the business goes into the following decision tree:
* is the cost increase more expensive than the concrete and non-concrete migration costs to move away, or greater than the risk/cost of running unsupported software?
** if yes, then either migrate or stay where you're at
** if no, then pay microsoft next time you want to buy more stuff
There's no 'force'. There's simply the product cost, vs. the migration cost. Whichever one is cheaper, the business is likely to make that choice. This isnt something immoral, its just business and economics. Every business on the planet will try to make it painful for you to switch away from them.
If MS has developed such a good product (by some criteria that matches market selection) that everyone has it, and no one wants to go off it, and they can raise their prices and have people still stay with them, then they're being an effective business. This happens all the time where people will pay a premium for quality.
Now its arguable that most people would label what MS does as 'quality' per se, but its quality by some form of market selection, as people continue to buy from them.
This is really simple stuff, and no one is pointing a gun at anyone's head and saying 'you must pay now'. Thats one of the really annoying mythologies that floats around here.