I'd go with IQ test showing more than 110, and proof that you're over 25 rather than years registered, but I understand the theory.
But why more than 10 years?
You're making the flawed assumption that common sense is any more likely to be found in an individual of high native intelligence than it is among the general population. I've often found the exact opposite to be true. I'm not entirely certain why that is, but I believe it has to to with the very intelligent being able to find complex ways of rationalizing their defective motivations, ways that the less intellectually capable can not.
It's an operating system, not a religion. I'm using Windows 7 right now as I'm perusing/. while avoiding doing some photo touchups in Photoshop. In a few hours I'll boot into my Debian system and continue working on a project in Python. I feel no shame when I use Windows, it's a tool...it's there to aid in completing a job.
Very true, actually, and that applies to pretty much anything to do with a computer: programming languages, applications, whatever. If it does the job well, for the right price, that's sufficient.
Now, let's face it, Windows has a checkered history, and really was never a good tool until Windows 2000 came along, and offered the average user a Windows OS with the NT Kernel. Usability-wise, it's certainly come a long way... the biggest area where Microsoft really needs to make a more significant investment is security. Whether that's even possible given the requisite support for legacy apps is hard to say. Regardless, there are times when Windows and Windows apps are, in fact, the best tool for the job.
I think the biggest bias against Windows comes from who we have to thank for it, rather than the operating system itself. For many, it kinda feels like using tools supplied by the Devil, in order to help maintain the Devil's hegemony.
More to the point, Apple isn't trying to be a threat. Not really, in spite of their ad campaigns. Apple is a hardware company that caters to a specific clientele, and to their credit they're happy with that. That clientele also happens to not be the same people that Microsoft is after.
Apple really has spent very little effort wooing the corporate world, because once you do that, you will be expected to provide a level of support that is far beyond that offered to schools or individuals. In addition, you'll have to supply and maintain an entire ecosystem of corporate connectivity products. I doubt that Jobs & Co. really wants the headaches, and should they? They're already making billions from the Mac, the iPhone and the iPod/iTunes combo, and if they go corporate they'll be competing with commodity operators like Dell and HP/Compaq. Big companies buy from the lowest bidder, and it's pretty obvious by now that Apple has no intention of ever being the lowest bidder.
Sorry, but you couldn't. Your claims come from either ignorance or zealotry.
It comes from experience. I started out as a personal computer tech thirty years ago (before there even was an IBM PC), before the rise of malware (back then it was mostly boot-sector infectors and the occasional trojan.) In that time I've dealt with a lot of different hardware, lots of different operating systems... and it's always been Microsoft who's been at the bottom of the heap when it comes to network and filesystem security. They've made improvements, yes, but they are hampered by a design that makes security difficult. The Windows Messaging System alone is a throwback that until recently had no security features at all, and is still a liability.
I just get tired of people denying that Linux would have the same problems if it were as popular, when it would probably have more.
Probably it wouldn't, but if you'd read my previous post again you'll see that I didn't make that claim. I just said that Microsoft needs to work harder, and that's a fact. The fact that they don't (because they have no real motivation to do so) is a major strike against Windows. We've all talked about the inherent evils of monopolies, well, this is one of them. When you reach 90+% market penetration, and have managed to keep all other desktop operating systems from reaching anything resembling a competitive status, you don't have to do squat when it comes to security. Too many other people to blame for it. Yes, they put out a lot of patches and fixes, and that's good so far as it goes, but when you get right down to it, the rate of infection of Windows boxes is still ungodly. Microsoft still has some work ahead of them.
Nor am I ignorant or a zealot (hell, I write Windows code for a living.) A couple of my home machines are Linux, as is my server, because for a lot of things Linux is better. One of those is, like it or not, security.
Maybe you don't know as much about Unix security methodology as you do about Windows', but honestly the Unix-derived OSes would be a much harder target than Windows. The underlying philosophy is very different from Windows: remember, Unix started out in life as a network operating system.
You claim Windows can't be used safely on an untrusted network? That is false.
The GP lost his credibility the instant he said that, so far as I'm concerned. "Windows can be trusted on an untrusted network". That's dangerous misinformation. I hope he doesn't work IT at a power plant.
No you should still NEVER run a Windows box on a un-trusted network. Read any book on network security and it will tell you that.
That is absolutely correct. My own point of view is that nothing can be trusted on an untrusted network. That's why it's an untrusted network, and no operating system is perfect. This is not rocket science, but here's the thing: good security is a process, not something that you just buy, it's not a fire-and-forget scenario. But the truth is that some operating systems are just better at security than others, and that Windows is not at the top of that list.
I will say this: regardless of your preference in an operating system, you should always take steps. But that doesn't alter the fact that you have to take a lot more steps with Windows, to have even a hope of security.
When the rest of the world figures out that they don't need us anymore since we're too broke to buy their products they'll just ignore all the damn treaties and let us sink into failed state status like Afghanistan or Somalia.
If we're lucky, a gang of lawyers will go to China to try to sue and get run over by tanks. That little human rights violation I could live with. Hell, that I'd enjoy.
Hardly. You think that the mindset that created an ACTA only exists in the United States? A lot of Europeans seem to think that (if nothing else, it gives some some more imaginary ammo for America-bashing) but it's just not true. The unfortunate reality is that the corporations behind this aren't (for the most part) even American, so don't expect this to stop should the entire continent of North America vanish from the face of the Earth tomorrow. Europe is on target to be screwed in exactly the same way, for exactly the same reason, by exactly the same people. This particular agenda is put forth by some very powerful multinationals and, to make a long story short, they're criminal assholes who simply do not care who they hurt, whose culture or legal system they damage, as long as they can control distribution of their products as they deem fit. The fact that these plans happen to mesh quite nicely with those of governmental power mongers who, like weeds, seem to spring up pretty much everywhere just makes them easier to ram through.
The human race really needs to start considering megalomania and similar mental conditions as serious disorders, and either find ways to treat them successfully, or simply bar anyone suffering from them from public office, elected or otherwise. There are plenty of competent, sane people to fill those positions, we don't need to select for any of several psychoses. But we do, and the net effect is that we have people who are highly qualified at the process of getting elected, not so qualified at the actual job.
Not true. A firewall cannot prevent from a virus taking over your computer, it only protects from accessing specific ports. If you install Windows 7 and then visit a malicious site, your computer will be a spam transmitter almost instantly.
Thank you. I'm not going to reply to Gadget Guy anymore... he's about the only guy I've seen on Slashdot recently that I'm pretty sure is a Microsoft troll. I've never seen anyone so completely unwilling to admit that Windows still has real problems with security, even now with Windows 7.
b) Second, what little marketshare OSX and Linux have are disproportionately more sophisticated users that won't fall for the bullshit anyway.
I have to disagree with you on the OSX claim. Most of the Mac users I know are far more clueless that their Windows-using counterparts regarding security, because they've been told that their OS is "perfectly secure" and consequently don't bother doing anything else to defend themselves.
Linux people, yeah, I'll tend to agree with you on that score, but only until somebody successfully mass-markets a Linux variant to millions of ordinary people. Just keep in mind that that doesn't mean it has to have anything to do with PCs or a conventional desktop.
Well, you do understand that the kernel maintainers actually vet patches before including them, don't you?
Well, you do understand that open source means anyone can download a patch and actually apply it, don't you?
Yeees, and anyone who can do that is probably capable of making an intelligent decision as to whether to do it or not. My point is that if you are concerned about a timely response to security issues, it helps if you have a lot of people, and a lot of eyeballs, going over your code looking for problems. Either way, there have to be gatekeepers, people who verify that submitted patches do the job and aren't, in themselves, vulnerabilities.
Open source doesn't mean that every single patch or modification that is submitted is instantly made available for download. Only those that have been approved make it into the CVS. You should know that too.
P.S. I guess my recommendation would be to skip any edition of any OS that doesn't have limited accounts support
Yes. That eliminates the bulk of malware except, of course, those capable of privilege escalation. But you're absolutely right, giving any program that runs full access to your system by default is just stupid, and the first line of defense is to keep that from happening.
Most of us know exactly why Microsoft didn't do this a long time ago. It's because their target market was and is clusers (and, for that matter, clueless network administrators) and Microsoft wanted Windows to be as painless to install, configure and use as possible. Now, that actually is a worthy goal, and it's why a lot of services were enabled by default that, from a security perspective, should not have been (and are not now.) But the real world is a lot more dangerous than it used to be, so the potential inconvenience of added security is something that we're all just going to have to deal with, if we're at all responsible.
What I find interesting is how accepting most Unix/Linux people are of UAC. I mean, it's basically a Unix security technique applied to Window, so to them, it was kind of a "what took you so long" thing, rather than an inconvenience, because they were already used to it.
No, you couldnt. Linux is horribly insecure when compared to Windows, they don't even have a proper disclosure policy treating security bugs the same as normal bugs. Recall that recent root exploit that went ignored for 2 weeks? Yeah.
Yes, I could. Just ask any PC repair shop how much of their income is derived from malware infected PCs. Fact is, computer hardware is pretty damn reliable nowadays, so physical maintenance is less of an issue than it once was. For that matter, you might want to ask Dell or HP just how much of their new-system sales come from people whose computers are so badly infected that they believe that their machines are "broken", and go buy a new one. I guarantee you they track those numbers.
All this discussion about who is the most "secure" is irrelevant, and belies the fact that the burden of better security is on Microsoft, simply because of the number of installations out there. You can argue about whether Unix-style security is better or worse than Microsoft's, from a technical perspective, 'til your blue in the face but it won't make any difference. Windows machines are infected by the hundreds of millions, which means that Windows cannot be merely equivalent to Linux, or the Mac, or anything else. It has to be sufficiently capable to make a real dent in the sheer quantity of malware running on it.
But it's not. Not even close. You may be anti-Linux, anti-Unix, anti-Mac, anti-anything-that-isn't-Windows, but if you're at all reasonable, you will admit that Windows is the bigger threat, if nothing else by it's own success. That leaves Microsoft in the unenviable position of desperately needing better security, and yes, I will agree, they've made inroads... but they have a long way to go.
If it were, why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?
You don't. I certainly never have.
Gagh. I was referring to the millions of "clueless users" that this thread is about. Sure, you don't have to take such precautions if you know what you're doing: but Windows is marketed to people that don't. So... I'm sorry, what was your point again?
You accuse the software of not fixing social problems. In your own words, your friend's "husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free." This has nothing to do with Windows. Mac or Linux are just as vulnerable in this scenario.
You are a moron.
Bzzt. Wrong. Unix-style security is a hell of a lot better in that regard than Windows. The assumption has to be made that a rogue program will, at some point, be allowed to run (clueless user, worm, trojan, whatever.) The goal of a good, secure operating system is to then limit the damage by keeping that program (and, indeed, any user-space applications running under that user account) from accessing anything but files and directories owned by that user. Yet I've seen many, many infections on Windows machines (any version) that were initially executed under limited accounts but still managed to overrun the system. Is that as easy to accomplish on a Linux or Unix machine? You tell me. I haven't seen it happen yet.
You do realize that very, very few people posting here on Slashdot truly are morons. You might also want to consider that you don't know everything, because then you might appear to be a jackass.
why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?
Probably because you're too retarded to know how to use a hardware firewall, the Windows built in software firewall, and MSE?
*Posted via Windows 7 Professional behind a hardware firewall with the software firewall turned off*
"Retarded", huh. That's nice. We were discussing "clueless users" here, not senior engineers who have been playing with networks for a long time, probably from before you were born. My point is that, if an operating system were truly well-designed from a security perspective such nonsense would be neither necessary nor useful. But, for millions of people, it is and worse yet, is largely ineffective.
Nor, I suspect, is that "hardware firewall" exactly what you think it is. You would get the same benefit from a small Linux PC and a couple of NICs. In fact, what you probably have there is a little plastic box with a ARM processor running a Linux core with an IPTables firewall and a browser-based front-end. It's just software, and it has vulnerabilities of its own, and the primary benefit is that it doesn't depend upon the TCP stack in your operating system. But it isn't foolproof.
Ultimately, if an exploit is found that allows malware to run on your computer (and that hardware firewall won't help you when it comes to a browser-based or Trojan exploit) the last and best line of defense is an operating system that won't allow the attacker to access anything but the current user's files. The big problem with Windows is that it's relatively easy to gain privileged access: once that happens the game is lost. Yes, other OSes have similar vulnerabilities but it's a higher bar in most cases.
And I still don't see any evidence of Microsoft ignoring the plight of clueless home users.
{sigh} Time to come down from the ivory tower, dude. The proof is in the pudding: even if you're right, and Microsoft is truly doing all that it can in this regard (and, let's be clear here, it is not) whatever they are doing is not enough. Not nearly enough.
If you've ever spent an evening cleaning malware from a badly infected Windows system, you will understand exactly what I'm talking about. I don't give a single God DAMN if Microsoft has released some free tool, or if they ship machines with the firewall turned on by default, or turned off unnecessary services. Those are just basic, simple steps that every other OS pretty much did by default (or that any clueful user would have done for himself) and are not, in and of themselves, particularly significant. It also does not explain why an operating system that is specifically marketed to those "clueless home users" doesn't do squat to protect them in the real world (not the world you live in, by the way.)
Yes, we all know that Internet Explorer might as well be Swiss cheese insofar as its ability to block drive-bys and other malware infections is concerned. That's why most of us that have a clue recommend that our friends and family use anything but Explorer. But, in truth, a properly-designed and implemented operating system would never allow an incoming attack to do anything more than see files owned by the current user. But I've seen many Windows systems (XP, Vista and 7, fully-patched) with multiple infections, all of which appeared to have the run of the filesystem. If Windows security has improved so much, that shouldn't be possible... but it's an everyday occurrence. So whatever Microsoft is doing is empirically, emphatically and obviously insufficient.
So it's nice that you linked to some free Microsoft-supplied anti-malware software. You know what? Of the dozen infections that I had to clean from a friend's computer last night, you know how many that free Microsoft package found? One guess. That's right. ZERO. I had to run several different scanners to get rid of most of them (a couple I had to remove the hard way, removing entries from the registry and manually deleting executables.) Hell, good old Spybot found six infections. So... tell me again, this time with perhaps a few facts at your command, how Microsoft is protecting its users? Please.
The reality is what it is. Windows boxes are pwned by the millions, and if you consider the token consideration that Microsoft gives those users to be adequate, you just aren't seeing the big picture. Frankly, it's hard to believe that you are naive enough to think that jacking a Windows box (pick any version) onto the Internet without something running a little interference for you is safe. Tell you what: give me your current IP and we'll see just how "secure" your Windows 7 box really is.
The only people I've heard "hate on UAC" are "windows type people". Can you please supply a link to somewhere where linux-and-mac-type-of-people "hate on UAC"?
I'm a full-blown linux type of kind of person, and thought the UAC seemed like a good addition to Windows, contrary to many windows users. But security always comes at a price.
Good luck with your angry anti-anti-UAC thing and finding hidden fanboyism everywhere.
I agree. Most people I know that are familiar with Unix and Unix-derived operating systems had a very different reaction to UAC than the GP is claiming. You want to know what it was? I'll tell you: it was "About goddamn time!" The Unix/Linux crowd was waiting for decades for Microsoft to start implementing some Unix-style security (or at least Unix equivalent security) and you're right... it's the spoiled Windows types that were the biggest complainers.
You accuse the software of not fixing social problems. In your own words, your friend's "husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free." This has nothing to do with Windows. Mac or Linux are just as vulnerable in this scenario.
You are a moron.
And you missed the point entirely. And no, the Mac and Linux are not just as vulnerable in that scenario, which you would know if you knew much about Unix-level security. But I won't call you a moron, even though I believe you deserve to be.
Anyone else wonder how this lady friend "pays" for the IT help desk service at this guys house a long ways away?
Nope? Only me?
Back to mom's basement for me.
Yep. Only you. She's my girlfriend's best friend, actually, and she and her husband have done us some favors in the past, so I'm just reciprocating. Even so, the woman is tired of having her computer be damn near unusable half the time, and doesn't want to be inconveniencing other people on a regular basis. So she's willing to listen when I tell her that there are some other options.
What I'll probably do is just image their drive onto my server, once we decide to go ahead with a switch to Linux, say. Then, if they decide they can't handle it, I'll just flash them back to where they were. But I won't be so inclined to kill off an evening every month. They won't lose anything by the attempt anyway.
Wait, so they went back to internet explorer because Firefox doesn't look the same, why would they be accepting of Linux?
They sound like exactly the kind of people that will start complaining in a few days about how they need their itunes.
Well, if you read my comment you'd note that we went over the applications and Web sites they use, and I'm trying to make sure that the new software will, in fact, do what they want. It's not that KDE or Gnome or the Mac can't do just as well as a Windows system in this context, it's just that you have to account for what a person is actually doing with his or her computer, rather than just throwing something else at them (as so many geeks are wont to do) and saying "This is better. Now go away." It may be that there is some app or feature that is an absolute must have, and that will prevent us from switching them away from Windows. If so, oh well, but that's why I'm doing a requirements analysis first.
Slashdot Mirror
I'd go with IQ test showing more than 110, and proof that you're over 25 rather than years registered, but I understand the theory. But why more than 10 years?
You're making the flawed assumption that common sense is any more likely to be found in an individual of high native intelligence than it is among the general population. I've often found the exact opposite to be true. I'm not entirely certain why that is, but I believe it has to to with the very intelligent being able to find complex ways of rationalizing their defective motivations, ways that the less intellectually capable can not.
I didn't get the ten years bit either.
iPhone 3G wasn't the first iPhone though was it.
True ... but Windows Phone 7 isn't the first mobile OS from Microsoft either.
It's an operating system, not a religion. I'm using Windows 7 right now as I'm perusing /. while avoiding doing some photo touchups in Photoshop. In a few hours I'll boot into my Debian system and continue working on a project in Python. I feel no shame when I use Windows, it's a tool...it's there to aid in completing a job.
Very true, actually, and that applies to pretty much anything to do with a computer: programming languages, applications, whatever. If it does the job well, for the right price, that's sufficient.
... the biggest area where Microsoft really needs to make a more significant investment is security. Whether that's even possible given the requisite support for legacy apps is hard to say. Regardless, there are times when Windows and Windows apps are, in fact, the best tool for the job.
Now, let's face it, Windows has a checkered history, and really was never a good tool until Windows 2000 came along, and offered the average user a Windows OS with the NT Kernel. Usability-wise, it's certainly come a long way
I think the biggest bias against Windows comes from who we have to thank for it, rather than the operating system itself. For many, it kinda feels like using tools supplied by the Devil, in order to help maintain the Devil's hegemony.
Apple isn't nearly as much of a threat.
More to the point, Apple isn't trying to be a threat. Not really, in spite of their ad campaigns. Apple is a hardware company that caters to a specific clientele, and to their credit they're happy with that. That clientele also happens to not be the same people that Microsoft is after.
Apple really has spent very little effort wooing the corporate world, because once you do that, you will be expected to provide a level of support that is far beyond that offered to schools or individuals. In addition, you'll have to supply and maintain an entire ecosystem of corporate connectivity products. I doubt that Jobs & Co. really wants the headaches, and should they? They're already making billions from the Mac, the iPhone and the iPod/iTunes combo, and if they go corporate they'll be competing with commodity operators like Dell and HP/Compaq. Big companies buy from the lowest bidder, and it's pretty obvious by now that Apple has no intention of ever being the lowest bidder.
It's spelled "hackintosh," dipshit. Wow, your a moron.
Pretty much anyone reading both of your comments would think you the moron.
Sorry, but you couldn't. Your claims come from either ignorance or zealotry.
It comes from experience. I started out as a personal computer tech thirty years ago (before there even was an IBM PC), before the rise of malware (back then it was mostly boot-sector infectors and the occasional trojan.) In that time I've dealt with a lot of different hardware, lots of different operating systems ... and it's always been Microsoft who's been at the bottom of the heap when it comes to network and filesystem security. They've made improvements, yes, but they are hampered by a design that makes security difficult. The Windows Messaging System alone is a throwback that until recently had no security features at all, and is still a liability.
I just get tired of people denying that Linux would have the same problems if it were as popular, when it would probably have more.
Probably it wouldn't, but if you'd read my previous post again you'll see that I didn't make that claim. I just said that Microsoft needs to work harder, and that's a fact. The fact that they don't (because they have no real motivation to do so) is a major strike against Windows. We've all talked about the inherent evils of monopolies, well, this is one of them. When you reach 90+% market penetration, and have managed to keep all other desktop operating systems from reaching anything resembling a competitive status, you don't have to do squat when it comes to security. Too many other people to blame for it. Yes, they put out a lot of patches and fixes, and that's good so far as it goes, but when you get right down to it, the rate of infection of Windows boxes is still ungodly. Microsoft still has some work ahead of them.
Nor am I ignorant or a zealot (hell, I write Windows code for a living.) A couple of my home machines are Linux, as is my server, because for a lot of things Linux is better. One of those is, like it or not, security.
Maybe you don't know as much about Unix security methodology as you do about Windows', but honestly the Unix-derived OSes would be a much harder target than Windows. The underlying philosophy is very different from Windows: remember, Unix started out in life as a network operating system.
You claim Windows can't be used safely on an untrusted network? That is false.
The GP lost his credibility the instant he said that, so far as I'm concerned. "Windows can be trusted on an untrusted network". That's dangerous misinformation. I hope he doesn't work IT at a power plant.
No you should still NEVER run a Windows box on a un-trusted network. Read any book on network security and it will tell you that.
That is absolutely correct. My own point of view is that nothing can be trusted on an untrusted network. That's why it's an untrusted network, and no operating system is perfect. This is not rocket science, but here's the thing: good security is a process, not something that you just buy, it's not a fire-and-forget scenario. But the truth is that some operating systems are just better at security than others, and that Windows is not at the top of that list.
I will say this: regardless of your preference in an operating system, you should always take steps. But that doesn't alter the fact that you have to take a lot more steps with Windows, to have even a hope of security.
When the rest of the world figures out that they don't need us anymore since we're too broke to buy their products they'll just ignore all the damn treaties and let us sink into failed state status like Afghanistan or Somalia.
If we're lucky, a gang of lawyers will go to China to try to sue and get run over by tanks. That little human rights violation I could live with. Hell, that I'd enjoy.
Hardly. You think that the mindset that created an ACTA only exists in the United States? A lot of Europeans seem to think that (if nothing else, it gives some some more imaginary ammo for America-bashing) but it's just not true. The unfortunate reality is that the corporations behind this aren't (for the most part) even American, so don't expect this to stop should the entire continent of North America vanish from the face of the Earth tomorrow. Europe is on target to be screwed in exactly the same way, for exactly the same reason, by exactly the same people. This particular agenda is put forth by some very powerful multinationals and, to make a long story short, they're criminal assholes who simply do not care who they hurt, whose culture or legal system they damage, as long as they can control distribution of their products as they deem fit. The fact that these plans happen to mesh quite nicely with those of governmental power mongers who, like weeds, seem to spring up pretty much everywhere just makes them easier to ram through.
The human race really needs to start considering megalomania and similar mental conditions as serious disorders, and either find ways to treat them successfully, or simply bar anyone suffering from them from public office, elected or otherwise. There are plenty of competent, sane people to fill those positions, we don't need to select for any of several psychoses. But we do, and the net effect is that we have people who are highly qualified at the process of getting elected, not so qualified at the actual job.
egotistical*
Actually, I think "egotastical" is interesting, as in "ego fantastic".
Stop calling us clueless! I'm a pretty clued up user, I changed my desktop background to a picture of a cat.
What kind of cat?
Not true. A firewall cannot prevent from a virus taking over your computer, it only protects from accessing specific ports. If you install Windows 7 and then visit a malicious site, your computer will be a spam transmitter almost instantly.
Thank you. I'm not going to reply to Gadget Guy anymore ... he's about the only guy I've seen on Slashdot recently that I'm pretty sure is a Microsoft troll. I've never seen anyone so completely unwilling to admit that Windows still has real problems with security, even now with Windows 7.
b) Second, what little marketshare OSX and Linux have are disproportionately more sophisticated users that won't fall for the bullshit anyway.
I have to disagree with you on the OSX claim. Most of the Mac users I know are far more clueless that their Windows-using counterparts regarding security, because they've been told that their OS is "perfectly secure" and consequently don't bother doing anything else to defend themselves.
Linux people, yeah, I'll tend to agree with you on that score, but only until somebody successfully mass-markets a Linux variant to millions of ordinary people. Just keep in mind that that doesn't mean it has to have anything to do with PCs or a conventional desktop.
Well, you do understand that the kernel maintainers actually vet patches before including them, don't you?
Well, you do understand that open source means anyone can download a patch and actually apply it, don't you?
Yeees, and anyone who can do that is probably capable of making an intelligent decision as to whether to do it or not. My point is that if you are concerned about a timely response to security issues, it helps if you have a lot of people, and a lot of eyeballs, going over your code looking for problems. Either way, there have to be gatekeepers, people who verify that submitted patches do the job and aren't, in themselves, vulnerabilities.
Open source doesn't mean that every single patch or modification that is submitted is instantly made available for download. Only those that have been approved make it into the CVS. You should know that too.
P.S. I guess my recommendation would be to skip any edition of any OS that doesn't have limited accounts support
Yes. That eliminates the bulk of malware except, of course, those capable of privilege escalation. But you're absolutely right, giving any program that runs full access to your system by default is just stupid, and the first line of defense is to keep that from happening.
Most of us know exactly why Microsoft didn't do this a long time ago. It's because their target market was and is clusers (and, for that matter, clueless network administrators) and Microsoft wanted Windows to be as painless to install, configure and use as possible. Now, that actually is a worthy goal, and it's why a lot of services were enabled by default that, from a security perspective, should not have been (and are not now.) But the real world is a lot more dangerous than it used to be, so the potential inconvenience of added security is something that we're all just going to have to deal with, if we're at all responsible.
What I find interesting is how accepting most Unix/Linux people are of UAC. I mean, it's basically a Unix security technique applied to Window, so to them, it was kind of a "what took you so long" thing, rather than an inconvenience, because they were already used to it.
No, you couldnt. Linux is horribly insecure when compared to Windows, they don't even have a proper disclosure policy treating security bugs the same as normal bugs. Recall that recent root exploit that went ignored for 2 weeks? Yeah.
Yes, I could. Just ask any PC repair shop how much of their income is derived from malware infected PCs. Fact is, computer hardware is pretty damn reliable nowadays, so physical maintenance is less of an issue than it once was. For that matter, you might want to ask Dell or HP just how much of their new-system sales come from people whose computers are so badly infected that they believe that their machines are "broken", and go buy a new one. I guarantee you they track those numbers.
... but they have a long way to go.
All this discussion about who is the most "secure" is irrelevant, and belies the fact that the burden of better security is on Microsoft, simply because of the number of installations out there. You can argue about whether Unix-style security is better or worse than Microsoft's, from a technical perspective, 'til your blue in the face but it won't make any difference. Windows machines are infected by the hundreds of millions, which means that Windows cannot be merely equivalent to Linux, or the Mac, or anything else. It has to be sufficiently capable to make a real dent in the sheer quantity of malware running on it.
But it's not. Not even close. You may be anti-Linux, anti-Unix, anti-Mac, anti-anything-that-isn't-Windows, but if you're at all reasonable, you will admit that Windows is the bigger threat, if nothing else by it's own success. That leaves Microsoft in the unenviable position of desperately needing better security, and yes, I will agree, they've made inroads
Windows has been decently secure for a very long time
I disagree. And in fact, if I were in the business of cleaning Windows machines, I could make a lot of money disagreeing with you.
If it were, why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?
You don't. I certainly never have.
Gagh. I was referring to the millions of "clueless users" that this thread is about. Sure, you don't have to take such precautions if you know what you're doing: but Windows is marketed to people that don't. So ... I'm sorry, what was your point again?
You accuse the software of not fixing social problems. In your own words, your friend's "husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free." This has nothing to do with Windows. Mac or Linux are just as vulnerable in this scenario.
You are a moron.
Bzzt. Wrong. Unix-style security is a hell of a lot better in that regard than Windows. The assumption has to be made that a rogue program will, at some point, be allowed to run (clueless user, worm, trojan, whatever.) The goal of a good, secure operating system is to then limit the damage by keeping that program (and, indeed, any user-space applications running under that user account) from accessing anything but files and directories owned by that user. Yet I've seen many, many infections on Windows machines (any version) that were initially executed under limited accounts but still managed to overrun the system. Is that as easy to accomplish on a Linux or Unix machine? You tell me. I haven't seen it happen yet.
You do realize that very, very few people posting here on Slashdot truly are morons. You might also want to consider that you don't know everything, because then you might appear to be a jackass.
why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?
Probably because you're too retarded to know how to use a hardware firewall, the Windows built in software firewall, and MSE?
*Posted via Windows 7 Professional behind a hardware firewall with the software firewall turned off*
"Retarded", huh. That's nice. We were discussing "clueless users" here, not senior engineers who have been playing with networks for a long time, probably from before you were born. My point is that, if an operating system were truly well-designed from a security perspective such nonsense would be neither necessary nor useful. But, for millions of people, it is and worse yet, is largely ineffective.
Nor, I suspect, is that "hardware firewall" exactly what you think it is. You would get the same benefit from a small Linux PC and a couple of NICs. In fact, what you probably have there is a little plastic box with a ARM processor running a Linux core with an IPTables firewall and a browser-based front-end. It's just software, and it has vulnerabilities of its own, and the primary benefit is that it doesn't depend upon the TCP stack in your operating system. But it isn't foolproof.
Ultimately, if an exploit is found that allows malware to run on your computer (and that hardware firewall won't help you when it comes to a browser-based or Trojan exploit) the last and best line of defense is an operating system that won't allow the attacker to access anything but the current user's files. The big problem with Windows is that it's relatively easy to gain privileged access: once that happens the game is lost. Yes, other OSes have similar vulnerabilities but it's a higher bar in most cases.
And I still don't see any evidence of Microsoft ignoring the plight of clueless home users.
{sigh} Time to come down from the ivory tower, dude. The proof is in the pudding: even if you're right, and Microsoft is truly doing all that it can in this regard (and, let's be clear here, it is not) whatever they are doing is not enough. Not nearly enough.
... but it's an everyday occurrence. So whatever Microsoft is doing is empirically, emphatically and obviously insufficient.
... tell me again, this time with perhaps a few facts at your command, how Microsoft is protecting its users? Please.
If you've ever spent an evening cleaning malware from a badly infected Windows system, you will understand exactly what I'm talking about. I don't give a single God DAMN if Microsoft has released some free tool, or if they ship machines with the firewall turned on by default, or turned off unnecessary services. Those are just basic, simple steps that every other OS pretty much did by default (or that any clueful user would have done for himself) and are not, in and of themselves, particularly significant. It also does not explain why an operating system that is specifically marketed to those "clueless home users" doesn't do squat to protect them in the real world (not the world you live in, by the way.)
Yes, we all know that Internet Explorer might as well be Swiss cheese insofar as its ability to block drive-bys and other malware infections is concerned. That's why most of us that have a clue recommend that our friends and family use anything but Explorer. But, in truth, a properly-designed and implemented operating system would never allow an incoming attack to do anything more than see files owned by the current user. But I've seen many Windows systems (XP, Vista and 7, fully-patched) with multiple infections, all of which appeared to have the run of the filesystem. If Windows security has improved so much, that shouldn't be possible
So it's nice that you linked to some free Microsoft-supplied anti-malware software. You know what? Of the dozen infections that I had to clean from a friend's computer last night, you know how many that free Microsoft package found? One guess. That's right. ZERO. I had to run several different scanners to get rid of most of them (a couple I had to remove the hard way, removing entries from the registry and manually deleting executables.) Hell, good old Spybot found six infections. So
The reality is what it is. Windows boxes are pwned by the millions, and if you consider the token consideration that Microsoft gives those users to be adequate, you just aren't seeing the big picture. Frankly, it's hard to believe that you are naive enough to think that jacking a Windows box (pick any version) onto the Internet without something running a little interference for you is safe. Tell you what: give me your current IP and we'll see just how "secure" your Windows 7 box really is.
The only people I've heard "hate on UAC" are "windows type people". Can you please supply a link to somewhere where linux-and-mac-type-of-people "hate on UAC"?
I'm a full-blown linux type of kind of person, and thought the UAC seemed like a good addition to Windows, contrary to many windows users. But security always comes at a price.
Good luck with your angry anti-anti-UAC thing and finding hidden fanboyism everywhere.
I agree. Most people I know that are familiar with Unix and Unix-derived operating systems had a very different reaction to UAC than the GP is claiming. You want to know what it was? I'll tell you: it was "About goddamn time!" The Unix/Linux crowd was waiting for decades for Microsoft to start implementing some Unix-style security (or at least Unix equivalent security) and you're right ... it's the spoiled Windows types that were the biggest complainers.
Best combination of TNG and lolcat humor I've ever read!
I think that's the ONLY such combination I've ever heard.
You accuse the software of not fixing social problems. In your own words, your friend's "husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free." This has nothing to do with Windows. Mac or Linux are just as vulnerable in this scenario.
You are a moron.
And you missed the point entirely. And no, the Mac and Linux are not just as vulnerable in that scenario, which you would know if you knew much about Unix-level security. But I won't call you a moron, even though I believe you deserve to be.
Anyone else wonder how this lady friend "pays" for the IT help desk service at this guys house a long ways away?
Nope? Only me?
Back to mom's basement for me.
Yep. Only you. She's my girlfriend's best friend, actually, and she and her husband have done us some favors in the past, so I'm just reciprocating. Even so, the woman is tired of having her computer be damn near unusable half the time, and doesn't want to be inconveniencing other people on a regular basis. So she's willing to listen when I tell her that there are some other options.
What I'll probably do is just image their drive onto my server, once we decide to go ahead with a switch to Linux, say. Then, if they decide they can't handle it, I'll just flash them back to where they were. But I won't be so inclined to kill off an evening every month. They won't lose anything by the attempt anyway.
Wait, so they went back to internet explorer because Firefox doesn't look the same, why would they be accepting of Linux?
They sound like exactly the kind of people that will start complaining in a few days about how they need their itunes.
Well, if you read my comment you'd note that we went over the applications and Web sites they use, and I'm trying to make sure that the new software will, in fact, do what they want. It's not that KDE or Gnome or the Mac can't do just as well as a Windows system in this context, it's just that you have to account for what a person is actually doing with his or her computer, rather than just throwing something else at them (as so many geeks are wont to do) and saying "This is better. Now go away." It may be that there is some app or feature that is an absolute must have, and that will prevent us from switching them away from Windows. If so, oh well, but that's why I'm doing a requirements analysis first.