I assume you mean Word 97. Even back then, you could have just modified the permissions on the relevant Registry key (and is what you should have done).
Yup.. that's why people use Windows. It's that good-old ease-of-use:-)
I'm sure they were, but that moves away from the "default configuration" context and, more importantly, was probably not really necessary anyway (better solutions would have been modifying the relevant filesystem and/or Registry permissions).
Define "better". I define it as "quick, easy and lets me get my job done". The "PowerUser" solution, while not as "elegant" as the registry/filesystem/ACL hacks, is probably "better" for 99.9% of people.
While this is true, the rationale behind it was quite reasonable and there really wasn't a viable alternative. Further, in an unmanaged home environment, not running as an admin delivers a much smaller - nearly insignificant - security benefit compared to in a managed one (because even from a least-privilege default account, the typical ignorant end user will be happy to elevate privileges manually, either via a UAC prompt, a sudo prompt, or something else equivalent).
I agree that Microsoft is in a tough spot (as are their users). They've focused on "ease of use" for a long time. Add a global network and malicious users, all of a sudden "ease of use" becomes "ease of abuse" and hey presto, some Elbonian teenager is in ur boxen!!LOL!!
Microsoft have grown fat and happy marketing to "the typical ignorant end user", and now that's coming back to bite them (and the users).
The visual studio developers said they needed it (i.e. VS poped up a dialogue winging that it needed it to be able to debug processes). IIRC they weren't doing anything with services or different accounts.
$DUDE finds vulnerability in $PRODUCT made by $VENDOR.
$DUDE claims this is really serious and should be fixed at once.
(optional) $DUDE does the Right Thing and tells $VENDOR about it so they can fix it before he goes public.
$VENDOR replies that $DUDE's claims are overblown.
Flamewar on/., lots of page hits, lots of add revenue, PROFIT!!
(optional, much later) $VENDOR quietly fixes $PRODUCT.
>I agree, only I'd change *default configuration in some environments* to out-of-the-box defaults which are unchanged in most environments.
The "out-of-the-box defaults" for Windows NT in a Domain environment is for users to not be Administrators. I'd say that accounts for a _lot_ of machines.
First thing we did was make everyone a PowerUser to get the spell-checker working in Word (yes, that was quite a while ago). Next we had to make everyone a DebuggerUser so they could debug the software they write. Then we just gave up and made everyone an admin (privelege escelation from DebuggerUser is trivial, so it's not like we were reducing security).
OK, so as Software Developers ours might not be a typical office, but I wouldn't be surprised if those defaults were loosened (at least to PowerUser) in a lot of domains (due to bugs similar to the word-spellchecker one).
This leaves home and small-business (i.e. those without an AD domain setup) with the default which, even with XP-SP2, is to create admin acocunts without passwords.
I wouldn't be surprised if those non-AD boxes outnumber the AD ones. Even worse, those boxes are the least likely to have decent admin support.
>This creates a whole culture that is very vulnerable to social engineering---simple games are being run at the same permission level as complex drive-recovery utilities and keyboard loggers.
There is _nothing_ in Windows's "security model" that requires - or even encourages - this. The problem of apps needlessly requiring Administrator-level privileges is 100% the fault of the developers of said apps and has been for nigh-on a decade.
Ironically Microsoft themselves have a proud history of producing such apps...
There's nothing "weak" about Windows NT's security model. Never has been. There were, arguably, weaknesses in the *default configuration in some environments*,...
I agree, only I'd change *default configuration in some environments* to out-of-the-box defaults which are unchanged in most environments.
> MSFT has turned a single user OS and tacked on multi user support, and then multi user security. OS X, and every *nix are Multi-user OS's.
False. Windows NT is, and always has been, a multiuser OS.
I've long thought that the single vs multi-user nature of Windows NT and Unix has more to do with user expectations than technical limitations.
Unix users were brought up on multi-user envoronments. root had to do stuff like install system-wide apps, printers etc.
Users never expected to be able to do this, and aplications developers coded knowing these limitations.
Windows users, on the other hand, evolved out of DOS users (please note that I'm talking about users not the underlying codebase). DOS users have always had unrestricted access to their system, and this expectation was inherited by modern-day Windows users.
Equally importantly, application programmers did not code with these limitations in mind.
What you end up with is a platform that's technically perfectly capable of being multi-user, but hamstrung by user expecteations and badly designed applicaitions.
>> linux one comes with a larger flash drive (12Gb vs 8Gb) ...
>Windows-equipped $499 laptops outsell the Linux-equipped $399
So to get XP I have to pay $100 extra _and_ I get a smaller drive.
An OEM version of XP costs over 100 dollars?
That can't be right. Microsoft would never do something as moronic as that, they'd give XP away for a penny before they'd capitulate the ultra-low-end market to Linux!
Now, I'm tired of dealing with drivers and all the b.s. I just want an OS that lets me do what I need to do.
Which, ironically, is the reason I use Linux:-)
The PC's I tend to use aren't new enough to run Vista, but are too new to install XP without lots of driver pain (SATA, Gigabit NICs...).
I also find that Linux does a much better job of staying out of my way and letting me "do what I need to do".
Obviously YMMV.
...just as Hollywood's writers began their walkout.
Oh... that explains it.
It's a conveniently timed report to bolster a negotiating position: "you can't possibly ask for more money, look how much it costs us to store this stuff!!"
... when some hardware isn't supported out of the box things tend to be a lot more painfull in linux.
That may well be, but I've not had anything I care about not work 'out of the box' in years.
(hibernate/suspend is in the "don't care" category, everything else I can think of works).
(oh... my UPS doesn't talk to Linux either, but I mostly just use it as a surge-arrestor so I guess that's in the "don't care" basket too)
Trying to build a driver floppy or a custom install CD for a linux distro is often far less well documented.
And (in my experience at least) utterly unnecessary. The only OS which needs special treatment to even install at the moment is XP - it doesn't know about SATA (or at least not last time I installed it, hopefully an XP-SP3 install CD will be released that fixes this). Other than this every current OS/Distro I know of installs far enough to let you add the remaining drivers using a USB key (or via network, assuming the missing driver isn't the NIC).
... 6 month upgrade treadmill...
I'd rather upgrade every 6 months (especially as it's so utterly painless with Ubuntu) than re-install every 3 months (in a vain attempt to resurrect my malware-laden wintendo).
That's just a personal preference, of course...
windows doesn't tend to come with drivers for chips... that are newer than the release of windows in question.
The situation is pretty similar in the linux world.
Except that Linux Distros are released far more frequently than Windows.
This makes installing Windows at the moment on anything remotely current (i.e. "less than 2 years old") a royal pain (like many people I'm not going to bother with Vista until well after SP1).
Installing Linux is a breeze.
Years ago, I spent an amazingly frustrating morning installing XP on a year-or-so old designed-for-XP laptop. Lots of rebooting, lots of installing drivers, lots more rebooting, upgrading drivers, rebooting again....
After I'd finished I chucked in a spare HDD and flung in a hot-off-the-burner FC2 install CD thinking "yup, this is gonna be futile...."
To my amazement it just worked. Network, graphics, mousepad, sound, USB.... everything I cared about worked (didn't bother with hibernate/suspend, I believe this is still an issue).
I know, I know, "just slipstream SP2 and drivers onto the install cd...."
My only question is "why, by the noodly appendages of the FSM, can't Microsoft do this every few months and re-release the install ISOs"
Oh yeah... 'cos then no one would bother 'upgrading' to Vista....
Slashdot Mirror
>IIRC they weren't doing anything with services or different accounts.
...
Then those developers lied. It's not needed at all for regular debugging. You already have full control over your own processes.
Or I misremembered. Or it was a bug that's since been fixed. Or a bunch of other possibilities.
No need to go around calling people liars
I assume you mean Word 97. Even back then, you could have just modified the permissions on the relevant Registry key (and is what you should have done).
:-)
Yup.. that's why people use Windows. It's that good-old ease-of-use
I'm sure they were, but that moves away from the "default configuration" context and, more importantly, was probably not really necessary anyway (better solutions would have been modifying the relevant filesystem and/or Registry permissions).
Define "better". I define it as "quick, easy and lets me get my job done". The "PowerUser" solution, while not as "elegant" as the registry/filesystem/ACL hacks, is probably "better" for 99.9% of people.
While this is true, the rationale behind it was quite reasonable and there really wasn't a viable alternative. Further, in an unmanaged home environment, not running as an admin delivers a much smaller - nearly insignificant - security benefit compared to in a managed one (because even from a least-privilege default account, the typical ignorant end user will be happy to elevate privileges manually, either via a UAC prompt, a sudo prompt, or something else equivalent).
I agree that Microsoft is in a tough spot (as are their users). They've focused on "ease of use" for a long time. Add a global network and malicious users, all of a sudden "ease of use" becomes "ease of abuse" and hey presto, some Elbonian teenager is in ur boxen!!LOL!!
Microsoft have grown fat and happy marketing to "the typical ignorant end user", and now that's coming back to bite them (and the users).
The visual studio developers said they needed it (i.e. VS poped up a dialogue winging that it needed it to be able to debug processes). IIRC they weren't doing anything with services or different accounts.
$DUDE finds vulnerability in $PRODUCT made by $VENDOR. /., lots of page hits, lots of add revenue, PROFIT!!
$DUDE claims this is really serious and should be fixed at once.
(optional) $DUDE does the Right Thing and tells $VENDOR about it so they can fix it before he goes public.
$VENDOR replies that $DUDE's claims are overblown.
Flamewar on
(optional, much later) $VENDOR quietly fixes $PRODUCT.
>I agree, only I'd change *default configuration in some environments* to out-of-the-box defaults which are unchanged in most environments.
The "out-of-the-box defaults" for Windows NT in a Domain environment is for users to not be Administrators. I'd say that accounts for a _lot_ of machines.
First thing we did was make everyone a PowerUser to get the spell-checker working in Word (yes, that was quite a while ago). Next we had to make everyone a DebuggerUser so they could debug the software they write. Then we just gave up and made everyone an admin (privelege escelation from DebuggerUser is trivial, so it's not like we were reducing security).
OK, so as Software Developers ours might not be a typical office, but I wouldn't be surprised if those defaults were loosened (at least to PowerUser) in a lot of domains (due to bugs similar to the word-spellchecker one).
This leaves home and small-business (i.e. those without an AD domain setup) with the default which, even with XP-SP2, is to create admin acocunts without passwords.
I wouldn't be surprised if those non-AD boxes outnumber the AD ones. Even worse, those boxes are the least likely to have decent admin support.
>This creates a whole culture that is very vulnerable to social engineering---simple games are being run at the same permission level as complex drive-recovery utilities and keyboard loggers.
...
There is _nothing_ in Windows's "security model" that requires - or even encourages - this. The problem of apps needlessly requiring Administrator-level privileges is 100% the fault of the developers of said apps and has been for nigh-on a decade.
Ironically Microsoft themselves have a proud history of producing such apps...
There's nothing "weak" about Windows NT's security model. Never has been. There were, arguably, weaknesses in the *default configuration in some environments*,
I agree, only I'd change *default configuration in some environments* to out-of-the-box defaults which are unchanged in most environments.
> MSFT has turned a single user OS and tacked on multi user support, and then multi user security. OS X, and every *nix are Multi-user OS's.
False. Windows NT is, and always has been, a multiuser OS.
I've long thought that the single vs multi-user nature of Windows NT and Unix has more to do with user expectations than technical limitations.
Unix users were brought up on multi-user envoronments. root had to do stuff like install system-wide apps, printers etc.
Users never expected to be able to do this, and aplications developers coded knowing these limitations.
Windows users, on the other hand, evolved out of DOS users (please note that I'm talking about users not the underlying codebase). DOS users have always had unrestricted access to their system, and this expectation was inherited by modern-day Windows users.
Equally importantly, application programmers did not code with these limitations in mind.
What you end up with is a platform that's technically perfectly capable of being multi-user, but hamstrung by user expecteations and badly designed applicaitions.
This is a PR fiasco for their DRM technology
:-)
No it isn't.
News/Media companies are going to be very quiet on this.
A cookie for you if you can figure out why
I thought it was a link in case there was a porn emergency (i.e. "OMG, there's porn on this PC, what do I do?")
So you're discriminating against dyslexics now?
>> linux one comes with a larger flash drive (12Gb vs 8Gb)
...
>Windows-equipped $499 laptops outsell the Linux-equipped $399
So to get XP I have to pay $100 extra _and_ I get a smaller drive.
An OEM version of XP costs over 100 dollars?
That can't be right.
Microsoft would never do something as moronic as that, they'd give XP away for a penny before they'd capitulate the ultra-low-end market to Linux!
If Microsoft really wants to bring an end to Linux
I was _really_ expecting you to add
flood the next LCA with bimbos and himbos to distract developers.
But we already have people associating Linux with virgins. Hardly a contribution.br
http://www.bbspot.com/News/2000/9/linux_laid.html
Read it and weep bitter, bitter tears of envy!
Virgin the ultimate middlemen
they own nothing (no assets) except a brand name
so using free Linux is an obvious choice, but where is the source code ? have they contributed ? i think not
Arguably they contributed the only thing they own, a brand-name.
Associating Linux with a successful brand is a Good Thing for Linux
their entire business is based on re-selling other peoples stuff (music/mobile/broadband/planes),
why deal with them when you can buy direct ?
skip the middleman
I tried that once, but no-one wanted to lease me 1/300'th of a Jumbo...
... oh, never mind.....
I'll just have be content with a beowolf cluster of these things imagining me in Russian.
Vista [...] performance (aside from file copying) has never been a problem.
... and the Ford Explorer is a real nice car except for that whole bursting-into-flames thing.
... when you've backed the wrong horse?
When Clippy pops up, offering to help!
and SAMBA!
Now, I'm tired of dealing with drivers and all the b.s. I just want an OS that lets me do what I need to do.
:-)
...).
Which, ironically, is the reason I use Linux
The PC's I tend to use aren't new enough to run Vista, but are too new to install XP without lots of driver pain (SATA, Gigabit NICs
I also find that Linux does a much better job of staying out of my way and letting me "do what I need to do".
Obviously YMMV.
Now, all these morons are losing their houses ... which makes MY house worth less!
Now if _that_ isn't a reason for helping others I don't know what is.
Only just got the Christmas decorations down and it's April 1 already...
Oh, wait... they're serious?!?!?!?
... It looks like you're trying to take over the flight controls ...
/dev/random > /dev/aileron
Or, for a more unix-y flavour...
# cat
$200K to keep a few bits from rotting?
...just as Hollywood's writers began their walkout.
Oh... that explains it.
It's a conveniently timed report to bolster a negotiating position: "you can't possibly ask for more money, look how much it costs us to store this stuff!!"
... when some hardware isn't supported out of the box things tend to be a lot more painfull in linux.
... 6 month upgrade treadmill ...
That may well be, but I've not had anything I care about not work 'out of the box' in years.
(hibernate/suspend is in the "don't care" category, everything else I can think of works).
(oh... my UPS doesn't talk to Linux either, but I mostly just use it as a surge-arrestor so I guess that's in the "don't care" basket too)
Trying to build a driver floppy or a custom install CD for a linux distro is often far less well documented.
And (in my experience at least) utterly unnecessary. The only OS which needs special treatment to even install at the moment is XP - it doesn't know about SATA (or at least not last time I installed it, hopefully an XP-SP3 install CD will be released that fixes this). Other than this every current OS/Distro I know of installs far enough to let you add the remaining drivers using a USB key (or via network, assuming the missing driver isn't the NIC).
I'd rather upgrade every 6 months (especially as it's so utterly painless with Ubuntu) than re-install every 3 months (in a vain attempt to resurrect my malware-laden wintendo).
That's just a personal preference, of course...
windows doesn't tend to come with drivers for chips ... that are newer than the release of windows in question.
....
The situation is pretty similar in the linux world.
Except that Linux Distros are released far more frequently than Windows.
This makes installing Windows at the moment on anything remotely current (i.e. "less than 2 years old") a royal pain (like many people I'm not going to bother with Vista until well after SP1).
Installing Linux is a breeze.
Years ago, I spent an amazingly frustrating morning installing XP on a year-or-so old designed-for-XP laptop. Lots of rebooting, lots of installing drivers, lots more rebooting, upgrading drivers, rebooting again
After I'd finished I chucked in a spare HDD and flung in a hot-off-the-burner FC2 install CD thinking "yup, this is gonna be futile...."
To my amazement it just worked. Network, graphics, mousepad, sound, USB.... everything I cared about worked (didn't bother with hibernate/suspend, I believe this is still an issue).
I know, I know, "just slipstream SP2 and drivers onto the install cd...."
My only question is "why, by the noodly appendages of the FSM, can't Microsoft do this every few months and re-release the install ISOs"
Oh yeah... 'cos then no one would bother 'upgrading' to Vista....
I know I use windows more because that is what I learned when I was younger and so it is less work to get adjusted to the next version.
I take it you haven't tried Vista yet.