Yes, in principle that sort of thing is true for any OS: vulnerabilities are being found in applications all the time, but at least with FOSS they are fixed quickly, sometimes within hours of discovery.
Unbelievable....
Okay, you got me on that one. I stand corrected. However, it looks like Linux has had ASLR and DEP for longer than Windows (not vice versa) and it seems there is little interest in using sandboxing with Linux. In general, Code signing doesn't appear to be worth bragging about.
...If you're running some piece-of-crap AV why give Windows shit about it?
Because I hate AV software and would rather avoid using it if I can help it.
I have gone to such extreme lengths to answer in detail, and you accuse me of this....
Yes, because every time I point out that Windows cannot survive for long without AV software and a firewall, you either dismiss the idea or change the subject. This is important, because if it can't survive for any significant amount of time that way, you can say anything you want, but to me this is clear evidence the basic security of the Windows OS is completely ineffective.
As for whether it is accurate or not to use the term "inherent" when referring to OS security, that's really a matter of semantics. You say it's misleading, because it suggests that an OS can be made 100% secure. That isn't true, of course -- there will always be a weakness of some kind somewhere if you look hard enough -- but I still like the term because it's descriptive and many others have used it in the same context before.
And another thing: your attitude. It reminds me of the way M$ always used to treat its users in the 1990s whenever perfectly legitimate concerns regarding the security and stability of its Windows and Office products were raised. I can still remember Bill Gates in an interview back then (on CNN, I think); when asked why Windows would so often lock up "just because you were using Word" (as the interviewer put it), he said it was always the user's fault. Perhaps nobody could ever get him to admit that there was a problem, but I don't think he convinced anybody. It seems nothing has changed.
You keep on and on circumventing the simple fact that a virus can be contracted through an insecure service (not necessarily a part of the OS), an insecure application (not necessarily a part of the OS), and user interaction (not a part of the OS) among other methods.
That can't be correct. With Linux, for instance, a virus or a worm that infects a service or an application, perhaps through user interaction, can only succeed in infecting the rest of the OS if that service or application is running as root, which usually is not the case. In particular, normal users never have to run anything as root. Thus, when the service stops, or the user logs out, the virus or worm stops running as well. If we suspect something is wrong, the account in question can be deleted (perhaps replaced with a backup) and that would be the end of it. If Windows was anything like this secure, then we would not be having this conversation.
You said Windows (which happens to be an OS) had woeful intrinsic insecurity. Your conjecture of "relies almost entirely on additional protection" is plain nonsense. What do you think of ASLR / DEP / sandboxing/ Authenticode signing / etc are? The list is endless. Other OSes have introduced almost all these features years after Windows.
Linux doesn't have any of those features; they're not necessary (you're not really familiar with Linux, are you?). Only Windows seems to has them, and apparently they can be circumvented.
I hate making overly general negative statements, so I'll stop with that, but please do some research for the love of god. You just keep on and on ingoring facts, and repeating simpleton lines ad-infinitum.
It does make you sound desperate. I've decided not to argue with you on any more Windows technical points, because when I tried pointing you towards articles that mentioned any security weaknesses, you dismissed it all as rubbish. So, it's I think it's better to just focus on a few things that I'm absolutely sure of.
You're confusing security and obscurity here. The net effect is the same though. An OS that nobody cares to attack is likely to remain secure. If you haven't gotten the theme, I have not faulted your choice of OS whatever it might be -- I'm simply pointing out that your conjecture about Windows having brain-damaged security is wrong.
You're changing the subject. I was just saying that it's better to have an inherently secure OS.
Oh my god.. install MSE and leave auto-updates on. That's it. Nobody is even asking you to do that much, because nobody is even asking you to run Windows. Just realize that your initial assertion was wrong. TFA was about MSE being included in Win8 by default. That reduces this to a no-op. But you'll still be citing 8 year old or 3 year old rants from random people that don't know jack.
I disagree. If a Windows machine has been turned off for too long, it can have a lot of catching up to do, downloading all manner of updates, rebooting. Also, users have to remember to keep paying for their AV subscription fees. In such cases, infection can easily be the result.
Furthermore, I don't buy the argument that Windows suffers more from security problems simply because it is the most popular OS, or conversely that Linux owes much of its security to its obscurity. Linux may not be the most popular OS for end-user workstations, but after two decades its use is more widespread than you think.
I still don't understand how you think a firewall compensates for AV. Please, just answer this one question directly instead of avoiding it. This level of ignorance is unbearable.
My apologies if I was unclear in this matter. Not only can these machines not be reached from the Internet, those who use them cannot surf the Internet either (except for M$, which has to be let through, or else Windows won't work). It c
Who said it cannot last long? I merely said that you shouldn't even try this.... The outcome of this experiment is meaningless.
I strongly disagree. To me it is proof that Windows is inherently insecure: an OS that relies almost entirely on additional protection (firewalls, AV software) for its security.
This is important to me, because an inherently secure OS can prevent bad things from happening.
Normal users should simply not have to be so dependent, so aware and so involved at all times with the current state of their virus scanner and the patch level of their computer's OS. IMO, normal users should not have to deal with this kind of risk, which is doubtless the reason why so many Windows machines are infected today.
Just be a little less stubborn and run AV.
Not a chance. Firewalled off as those Windows machines are, they're as safe as they can be, they run noticeably faster (especially when booting up), use less memory, there are no AV subscription fees, and the users never have to be bothered to run any updates. Except for the fact that these machines can't be used to surf the Internet, they are almost as carefree to use and maintain as Linux.
Even if the OS is secure, you might be running a service that is not. You can contract a virus through ignorant user interactions. There are many ways of getting viruses that do not require compromising a security flaw in the OS. How do you not get this basic point??
Then how can it be that, in over a decade, none of my Linux hosts have ever been compromised, even though none of them have ever been protected by AV software, many applications have always been installed, a few were never protected by a firewall of any kind, and some of those machines ran for years without any security updates? Now that's what I call an inherently secure OS!
Just because I fail to convince you of any Windows design flaws does not alter reality. You can call basic Windows security whatever you want -- "The best in the business!" -- but if a fully patched Windows 7 machine without a firewall or AV software cannot last long before it is compromised, then it sounds to me like you are either kidding yourself, or doing your best to sell a product.
The last time I asked you how long a fully patched Windows 7 machine without a firewall or AV software would last before it was compromised, you said that was immaterial -- but that is my whole point. To me, if Windows can never last long like that, that would be what I call intrinsically insecure.
My idea of an intrinsically secure OS is one that, under the same circumstances, can almost always be relied upon to survive uncompromised up to the next security update. An OS like that has to be designed from the ground up with security in mind. Somehow, though, I don't think it would be accurate to describe Windows that way.
On the other hand, if under these circumstances you would still define Windows as an intrinsically secure OS, what, according to you, would be the definition and/or characteristics of an OS that is not intrinsically secure? (and I don't mean ones with obvious administrative flaws, like root/admin accounts that have stupid passwords).
Just because I'm critical of Windows doesn't mean I'm spreading FUD. After all, if my opinion (and/or that list at vanwensveen.nl) was so terribly off, then why is Windows security still so dependent on firewalls and AV software? As I said, the individual applications that make up those systems are still not configured to be safe by default (I suspect because M$ think it's more user-friendly that way), which is what I mean by intrinsic insecurity. Windows doesn't have to be that way, you know.
Remember, I didn't start out hating Windows. I actually started out hating OS/2 and favoring Windows, no matter that OS/2 had some pretty impressive mutitasking all the way back in... 1993 (?). The first network I administrated on my own was in 1995 at a small University using diskless workstations, DOS 6 and Windows 3.11. I loved that system! But, M$ broke it when Win95 was introduced and the University was forced to upgrade. As a result, local hard disks had to be added everywhere, reliability suffered and security became a lot harder.
What really turned me against M$, however, was the registry. That piece of shit was never introduced for our conveniece; it was only put there only to help M$ fight software piracy. It didn't matter to them that the registry was going to hurt all Windows users equally. Before the registry, if something got corrupted and Windows didn't want to start up anymore, there was always a chance that we could fix it from the DOS command line. After the registry, forget it: it was always necessary to reinstall (or restore from a backup image). That is still the way it is today and IMO this is simply unforgivable. In addition, it seemed that the first people to take advantage of the registry were the virus writers. Aargh! But, despite all the drawbacks, M$ was determined to continue with the registry.
As for the rest of the problems, always there were promises: everything would always be fixed in the next version of Windows. Yeah, right. Eight years later it was 2003, Windows XP was two years old, but whenever a newly (re)installed system was connected to the Internet, the damn thing would get infected by some worm within seconds, long before there was time to download and install all the necessary OS updates and AV software. Okay, in that case there was no firewall and no NAT between the system and the Internet, but if Windows had been designed with security in mind in the first place, that sort of thing would never have happened.
Now it's 2011, we're another eight years further along, and in the mean time M$ have introduced both Windows Vista and Windows 7. But, not only does their latest and greatest version still include the registry and rely on firewalling and AV software for security, it also comes with DRM. You'd think they'd be obsolete by now, but for some reason the virusses are still as busy as ever. I'm therefore forced to conclude that M$, after all these years, is still clinging to it's basic design philosophy, which, from a security perspective, is completely broken.
You're making a case that either Windows has "woeful intrinsic insecurity" or it is impenetrable. You don't see that there can be some shades of grey between those two stances?...
It's funny, but your words remind me of a message that I once sent to a friend (back in the 90s when I had just been introduced to Linux, but didn't really understand it yet) in which I described myself as "OS-agnostic" and said that I simply believed that the right tool should always be used for every job. I said that anyone who advocated one OS over another was just being myopic, so like you, I guess at that point I also saw everything in shades of gray.
But my attitude changed after I made a serious attempt to "learn Unix." I figured the best way to do so was by experience, so I swapped all of my personal systems (two Windows workstations, a Netware server and and Lotus Notes mail server) for a Red Hat workstation and a Debian server. It was a steep learning curve, but also a revelation for me: my understanding of the IT business was turned on its head: many problems just melted away and clear explainations were given for others.
This appealed to me, because I always wanted the systems I was responsible for to be more predictable, more controllable. I could never really say that about any of the black-box commercial software products that I used to work with, of which M$ products were definitely the worst. I didn't always think like that, but for me things really started to go downhill when Win95 was introduced with its awful registry. Nobody liked the registry; it was just something that we all had to learn to live with.
Linux systems, on the other hand, weren't like that -- what a breath of fresh air! They still used text files, just like Windows used to, and once configured properly, it all just worked. Sure, it was sometimes difficult to find hardware that was supported, and many well-know commercial software products did not have reasonable FOSS equivalents, but even back then what I saw looked so much more promising than Windows, and I figured it could only get better. Now, more than a decade later, I can offer my clients everything that I did in the late 90s (except for a Lotus Notes equivalent) and a whole lot more, using nothing but FOSS: Debian GNU/Linux for both servers and workstations, and using cheap hardware too!
In the mean time, naturally I've also kept an eye on M$ and their products, but it never seemed to me that my core grievances with the system were being addressed. In fact, in many ways the Windows user experience has only become worse: the prices have only gone up, the OS stops working if you upgrade too much of your hardware, and they've added DRM. The fact that the workstations still can't do without AV protection and now also come with their own little firewalls does not impress me either. IMO, if M$ and all their 3rd-party developers just made sure that the OS and all its applications were all safe from attack by default, then the firewalls would not be necessary and maybe not the AV stuff either. But sadly, that approach was never part of their the M$ philosophy, so I guess that's just too much to expect from them. That's what I meant by "woeful intrinsic insecurity" (admittedly, a somewhat awkward description).
In addition, there is the behavior of the corporation itself to consider. Occasionally, they have acted as a force for good, i.e. in their support for network neutrality, but more often they just act as a force for profit, bending the rules to help maintain their Windows/Office monopoly. For example, they successfully corrupted the ISO standardization process in 2006-2008 in order to get OOXML accepted, just so they could avoid ever having to add support for ODF. There are plenty more examples of their bad behavior (their treadmill strategy of locking customers into their product lines, the way they use the BSA to bully other businesses, their repeated corruptions of IETF standards to prevent software compat
Well, you're obviously very familiar and very comfortable with Windows. But, if what you say about the current state of Windows security is true, then IMO it should no longer be necessary for Windows machines to rely so heavily on their own individual firewalls and AV software for security. So, how long do you think your own fully patched Windows 7 workstation, connected to the Internet, used normally but without running its own firewall or AV software, would last without being compromised in some way? A day, a week, a month...?
Perhaps they would have done this earlier if Antitrust law did not prevent it?
Maybe. Maybe not.
... engadget article...
That article doesn't say anything except that Apple have been caught producing sloppy code (mostly for Safari) after resting on their laurels (the reputation of their BSD-derived Darwin OS) for too long. If Dr. Miller currently finds it harder to find *new* vulnerabilities in Windows than in OS X, that doesn't mean Windows is now inherently more secure: it still has many other vulnerabilities that take too long to get fixed, and sometimes never do. Which is why the vast majority of all worms, viruses, etc. are still for Windows (and not just because of their market share).
Furthermore, all versions of M$ Windows have a number of fundamental design flaws. Here's a nice list: A brief overview of Windows' most serious design flaws Although this document appears to be four years old, I kind of doubt that many of these issues have been addressed in the mean time.
These days I no longer have much to do with Windows these days (thankfully), but there are a few other issues that I can think of. For example, with Unix systems user memory is separate from the rest of the OS and by default users have no permission to write to the file system except in the home directories and in/tmp. With Windows, on the other hand, normal users can easily get the entire OS infected. The more recent draconian measures (as of Vista) that M$ has taken to prevent unauthorized software from being executed seem mostly to be there to prevent software piracy, as opposed to protecting users from malware.
Or, how about the issue of what AV software does to your computer? The two Windows machines that I am currently responsible for to a very limited extent are located behind a firewall and have almost no access to the Internet. This is so that we did not have to install any anti-virus software on them, which would otherwise slow their performance down intolerably. No doubt people these days think such a ridiculous performance hit is normal, but when I was managing Windows boxes back in the 90s it wasn't nearly so bad. To me, the mere fact that all mainstream AV solutions nowadays affect Windows performance so severely only helps to reinforces the notion that fundamental flaws affect all versions of Windows.
As opposed to the world of PCs, there is basically no free-software alternative for "smartphones," so you cannot be sure that any of them will respect your privacy beyond normal voice calls (if that). That's because mobile phone users are much more like subscribers than owners, with the latter being the telcos. And as long as there is nothing to prevent the telcos from acting like Google, Twitter and Facebook -- using people's personal information and activities for their own gain -- how can smartphones users expect to be treated any better?
Look at it as a late attempt by M$ to compensate for the woeful intrinsic insecurity of their family of operating systems. It's their own fault, but because they never bothered to fix the problem, a whole industry evolved to compensate for it. M$ could have included a free anti-virus service over a decade ago, except that it was always going to amount to an admission of a glaring weakness. Perhaps they've had a change of heart, but adding their own virus scanner is still not the same as fixing the problem.
Once it's there, however, it will still be possible to disable it so that a competing product can be used instead. I'm not sure if the usual big players in this market will complain, because if they do someone may argue that it would be okay for M$ to fix the problem, but unfair of them to compensate for it as long as they don't. Oh, the irony!
On the one hand we have a society that is making it increasingly difficult for people to function normally (buy things, pay bills, find government information, etc.) without access to the Internet. On the other we have corporations that 1.) are trying to criminalize whatever we do on the Internet as much as they can in order to increase their profit margins, and 2.) have way too much money and influence on our governments, meaning that they will attempt endlessly to push their agendas until they succeed. A Constitutional amendment would be a good way to put a stop to their attempts once and for all.
Okay, so what about the really bad guys out their, distributing spam, viruses, kiddy-porn -- wouldn't they then also have an inalienable right to Internet access? Well, yes, but those people can also be fined and/or incarcerated.
You're probably right about the pirated content, but it's not right either for the courts to be allowed to order parts of the Internet to simply be shut down every time the entertainment industry claims that it is being used for copyright infringement and starts making unreasonable demands. Sure, Usenet isn't what it used to be, but nothing on the Internet is the same way is was ten years ago. But Usenet is still there (at least, it was last time I looked), it still works the same way and it's still useful. It's time for our politicians to start protecting consumer interests, recognize that the demands of the entertainment industry are unreasonable before they end up shutting down the rest of Internet as well, and also face up to the fact that most copyright infringement could be prevented if only the entertainment industry were willing to change its business model and allow for on-demand access to content via the Internet for a reasonable fee.
The IT contracting companies here in the Netherlands do very well for themselves. They work for the government and all kinds of other organizations, but always the story is the same: per employee, contracting companies regularly get paid around EUR 100.00 an hour, while the employees receive less than half of that (and probably more like a third). There are a number of reasons I can think of why this practice continues:
1.) The employees know that the contracting companies generally pay more money than other employers, plus they give you perks like company cars that other employers only consider for their management staff.
2.) It's hard for the employees to go freelance, and thus bypass the contracting companies, because the end customers tend not to shop around, instead tending to stay loyal to certain contracting companies.
3.) Since most organizations seem to be terrible at recognizing good IT personnel and paying them what they're worth, many of these folks tend to look for jobs elsewhere, often preferring to work for IT contracting companies.
4.) Many organizations that work with IT contractors do so because they are not allowed to hire any more people for permanent positions. So, when they're required to do more work for which they have no staff available, they will argue that they have no choice. On the bright side, IT contracting fees are not counted as fixed labor costs.
5.) Once an organization has been using a certain number of IT contractors for long enough, they come to depend on these people, which is natural. Thus, it eventually becomes very difficult to get rid of them and they often end up staying indefinitely.
6.) The Dutch labor laws, which make it easy to hire personnel but difficult to fire them after 6-12 months, probably don't help either.
It looks pretty insane, because the only real winners are the owners of the IT contracting companies who walk away with tons of cash in profit every year without adding much in the way of value. The only reason I can think of why it continues is because, well, that's the way it's always been done.
... I have to remember that I'm not really a customer -- only a subscriber. The telcos are the actual customers in this equation, and so far they've not taken a liking to operating systems that are too open (think Openmoko and Maemo/Moblin/MeeGo). So, although I wish Mark all the luck in the world with his new strategy, I suspect the odds are stacked against him regarding the phones.
If America scraps most of its military nuclear capabilities, including its submarines and ICBMs -- relics of the cold war -- then I suspect the government would have enough money to make good education completely affordable for all students nationwide, as well as pay off much of the debt owed by those who already have an education.
Let's face it: America's once mighty economy is in serious decline, mostly because all of those manufacturing jobs have now moved overseas. Ironically, America's powerful corporations, which continue to receive so much government support (through tax breaks and laws passed in their favor), only helped to exacerbate this job exodus.
The real problem is that, for many decades now, the most expensive country in the world to get a good education has been the United States. As long as America was a booming industrial economy, that was never a problem -- especially not after WWII, when all the other economies lay in ruins -- but as soon as Asia's sleeping giant woke up, it became an albatross around Uncle Sam's neck.
For America, now is the time for serious investment in education. America is still a rich country, but just spends too much of its money in the wrong places. Shifting tax dollars from the military to education seems about right, because without being able to receive income tax from educated citizens with good jobs, pretty soon the country will no longer be able to afford all that expensive military hardware anyway.
For the moment at least, I don't think they mean your machine, rather those owned and operated by the British government. Still, seeing as they are major customers, this is a significant boost for the Trusted Computing Group and does not bode well for home users (treacherous computing, here we come).
It's likely that many people here are sick of all the expensive academic periodicals that often contain interesting articles, but that almost no one without access to a university library can read... except perhaps for a summary. One of my interests is herpetology, which is pretty obscure, but nevertheless, there seem to be hundreds of periodicals published on this one very narrow subject alone.
I've also heard stories about researchers who were upset to find out that their own papers, once published and on which they worked so hard, turned out not to be publicly available anyway. At that point the publishing company owns the copyright on your work, so AFAIK you can't even publish it on your own website.
Once upon a time, I suppose getting your paper published in one of these obscure and specialized academic periodicals was one of the only options available. Every few months a limited number would be printed and mailed out to university libraries around the world, but only to the ones with an interest in the subject (and willing to pay the subscription fee). Even today, however, the number of academic periodicals out there seems way out of proportion, so how come?
Well, it turns out that everybody would like to publish in the better known periodicals, but that most papers are rejected for various reasons. Still, as an academic you have to keep publishing (publish or perish!), so then you try to get your work published in one of the lesser known ones, perhaps with less peer review. This is one explanation. Another is that corporations often like sponsoring periodicals; sometimes just a little, and sometimes so much that they launch their own as a vehicle with which to advertise their products. However, peer review usually isn't worth all that much in cases of the latter.
The times, however, have now changed things rather dramatically. With the Internet, in my mind there is little or no need for these wretchedly expensive periodicals any more. Are they really good for science anymore, or are they only good for generating revenue for the publishing companies? Actually, it may be that things will change regardless. Of the periodicals that depend on sponsorship to some degree, many of their sponsors are now losing interest, probably because they think their activities on the Internet are more important. It's true that papers still needs to get peer-reviewed, but if it turns out that most researchers are now willing to do that even when the publications will be made available to the public for free, then everybody wins, right?
Perhaps I should add a note regarding medical periodicals. From what I understand, whether these are associated with expensive subscription fees or not, access to them is often restricted. If so, this is because it is felt that if the general public (e.g. journalists) had access to them, that the articles would more likely be misinterpreted. However, since this is bound to happen anyway, and it's worse if most people only have access to a misinterpretation of the article, I see no excuse for this practice either.
The discovery could lead to the invention of devices that can reconfigure their internal wiring and evolve into an entirely different and new device, to reflect the changing needs of *service providers*....
What if someone were to take a newly created snake embryo and repair that 'defective' gene before letting it develop further? Would it automatically develop four limbs and look more like a lizard? Whatever the result, if successful it might give us some more insight into how these fascinating creatures evolved.
My approach, using Exim4, is not to reject messages outright based on single issues, such as not having a proper reverse DNS entry, but to reject based on combinations of them. This is a great way to limit false positives.
For instance, an incoming message may also have a bad HELO, a bad sender domain, be blacklisted locally or by a DNSBL service, or not have a working callout so that the existence of the sender's account can't be verified. There are more issues like these to look for. My systems count the number of these transgressions per message and reject when a certain value is reached, say three, while dumping messages that score one or two end in the recipient's spambox folder. With Exim, this kind of solution is surprisingly easy to construct using ACL statements with user-defined variables that include arithmetic statements. The last checks that are performed involve Clamd and SpamAssassin, because they are so resource-intensive.
I should also mention that my systems also perform a number of checks up front for obvious spam that is rejected immediately, e.g. if the sender address domain is gmail.com, but the sender HELO name is not part of the google.com domain.
Just because Jobs was innovative, popular and successful doesn't mean he was a saint. Considering his closed hardware platforms, Jobs showed us that his views were perhaps even more the antithesis of the FOSS movement than those of Mr. Bill.
If I were to just keep all of my messages (both sent and received) in the same folder/file/directory (or folders/files/directories) forever, many of them would eventually become too large and inconvenient to work with. So, I wrote a script to file all my old ones away once a year on January the 1st into a directory for the previous year and replace them with new empty ones. Also, this does not stop me from searching (e.g. using grep) through my entire archive to find what I want.
...Discarding the moral teachings that have been handed down over thousands of years is equally ridiculous.
That is what is commonly believed, but absolutely false. For example, yes, the Old and New Testaments contain some timelessly positive moral teachings, such as "Thou shalt not kill", and "Do unto others as you would have them do unto you", but many have argued the wisdom of such statements to be self-evident.
What Christians do not like to be reminded of, however, is that both of their Testaments are also full of truly immoral teachings. For example, the Old Testament may forbid killing, but that only applies to fellow Jews; the killing of 'heathen' is not a problem, or else the various genocides described would not have been permitted. Similarly, the New Testament may say "Do unto others...," but at the same time condones slavery, a point which southern plantation owners were always eager to point out before the American Civil War.
Despite all of the free market competition, America has not succeeded in producing the best health care system in the world after all -- only the most expensive... by far! Yet, to change it is considered unamerican. How about unstupid?
Slashdot Mirror
100% wrong...
Yes, in principle that sort of thing is true for any OS: vulnerabilities are being found in applications all the time, but at least with FOSS they are fixed quickly, sometimes within hours of discovery.
Unbelievable. ...
Okay, you got me on that one. I stand corrected. However, it looks like Linux has had ASLR and DEP for longer than Windows (not vice versa) and it seems there is little interest in using sandboxing with Linux. In general, Code signing doesn't appear to be worth bragging about.
Because I hate AV software and would rather avoid using it if I can help it.
I have gone to such extreme lengths to answer in detail, and you accuse me of this. ...
Yes, because every time I point out that Windows cannot survive for long without AV software and a firewall, you either dismiss the idea or change the subject. This is important, because if it can't survive for any significant amount of time that way, you can say anything you want, but to me this is clear evidence the basic security of the Windows OS is completely ineffective.
As for whether it is accurate or not to use the term "inherent" when referring to OS security, that's really a matter of semantics. You say it's misleading, because it suggests that an OS can be made 100% secure. That isn't true, of course -- there will always be a weakness of some kind somewhere if you look hard enough -- but I still like the term because it's descriptive and many others have used it in the same context before.
And another thing: your attitude. It reminds me of the way M$ always used to treat its users in the 1990s whenever perfectly legitimate concerns regarding the security and stability of its Windows and Office products were raised. I can still remember Bill Gates in an interview back then (on CNN, I think); when asked why Windows would so often lock up "just because you were using Word" (as the interviewer put it), he said it was always the user's fault. Perhaps nobody could ever get him to admit that there was a problem, but I don't think he convinced anybody. It seems nothing has changed.
You keep on and on circumventing the simple fact that a virus can be contracted through an insecure service (not necessarily a part of the OS), an insecure application (not necessarily a part of the OS), and user interaction (not a part of the OS) among other methods.
That can't be correct. With Linux, for instance, a virus or a worm that infects a service or an application, perhaps through user interaction, can only succeed in infecting the rest of the OS if that service or application is running as root, which usually is not the case. In particular, normal users never have to run anything as root. Thus, when the service stops, or the user logs out, the virus or worm stops running as well. If we suspect something is wrong, the account in question can be deleted (perhaps replaced with a backup) and that would be the end of it. If Windows was anything like this secure, then we would not be having this conversation.
You said Windows (which happens to be an OS) had woeful intrinsic insecurity. Your conjecture of "relies almost entirely on additional protection" is plain nonsense. What do you think of ASLR / DEP / sandboxing/ Authenticode signing / etc are? The list is endless. Other OSes have introduced almost all these features years after Windows.
Linux doesn't have any of those features; they're not necessary (you're not really familiar with Linux, are you?). Only Windows seems to has them, and apparently they can be circumvented.
I hate making overly general negative statements, so I'll stop with that, but please do some research for the love of god. You just keep on and on ingoring facts, and repeating simpleton lines ad-infinitum.
It does make you sound desperate. I've decided not to argue with you on any more Windows technical points, because when I tried pointing you towards articles that mentioned any security weaknesses, you dismissed it all as rubbish. So, it's I think it's better to just focus on a few things that I'm absolutely sure of.
You're confusing security and obscurity here. The net effect is the same though. An OS that nobody cares to attack is likely to remain secure. If you haven't gotten the theme, I have not faulted your choice of OS whatever it might be -- I'm simply pointing out that your conjecture about Windows having brain-damaged security is wrong.
You're changing the subject. I was just saying that it's better to have an inherently secure OS.
Oh my god.. install MSE and leave auto-updates on. That's it. Nobody is even asking you to do that much, because nobody is even asking you to run Windows. Just realize that your initial assertion was wrong. TFA was about MSE being included in Win8 by default. That reduces this to a no-op. But you'll still be citing 8 year old or 3 year old rants from random people that don't know jack.
I disagree. If a Windows machine has been turned off for too long, it can have a lot of catching up to do, downloading all manner of updates, rebooting. Also, users have to remember to keep paying for their AV subscription fees. In such cases, infection can easily be the result.
Furthermore, I don't buy the argument that Windows suffers more from security problems simply because it is the most popular OS, or conversely that Linux owes much of its security to its obscurity. Linux may not be the most popular OS for end-user workstations, but after two decades its use is more widespread than you think.
I still don't understand how you think a firewall compensates for AV. Please, just answer this one question directly instead of avoiding it. This level of ignorance is unbearable.
My apologies if I was unclear in this matter. Not only can these machines not be reached from the Internet, those who use them cannot surf the Internet either (except for M$, which has to be let through, or else Windows won't work). It c
Who said it cannot last long? I merely said that you shouldn't even try this. ... The outcome of this experiment is meaningless.
I strongly disagree. To me it is proof that Windows is inherently insecure: an OS that relies almost entirely on additional protection (firewalls, AV software) for its security.
This is important to me, because an inherently secure OS can prevent bad things from happening. Normal users should simply not have to be so dependent, so aware and so involved at all times with the current state of their virus scanner and the patch level of their computer's OS. IMO, normal users should not have to deal with this kind of risk, which is doubtless the reason why so many Windows machines are infected today.
Just be a little less stubborn and run AV.
Not a chance. Firewalled off as those Windows machines are, they're as safe as they can be, they run noticeably faster (especially when booting up), use less memory, there are no AV subscription fees, and the users never have to be bothered to run any updates. Except for the fact that these machines can't be used to surf the Internet, they are almost as carefree to use and maintain as Linux.
Even if the OS is secure, you might be running a service that is not. You can contract a virus through ignorant user interactions. There are many ways of getting viruses that do not require compromising a security flaw in the OS. How do you not get this basic point??
Then how can it be that, in over a decade, none of my Linux hosts have ever been compromised, even though none of them have ever been protected by AV software, many applications have always been installed, a few were never protected by a firewall of any kind, and some of those machines ran for years without any security updates? Now that's what I call an inherently secure OS!
Just because I fail to convince you of any Windows design flaws does not alter reality. You can call basic Windows security whatever you want -- "The best in the business!" -- but if a fully patched Windows 7 machine without a firewall or AV software cannot last long before it is compromised, then it sounds to me like you are either kidding yourself, or doing your best to sell a product.
The last time I asked you how long a fully patched Windows 7 machine without a firewall or AV software would last before it was compromised, you said that was immaterial -- but that is my whole point. To me, if Windows can never last long like that, that would be what I call intrinsically insecure.
My idea of an intrinsically secure OS is one that, under the same circumstances, can almost always be relied upon to survive uncompromised up to the next security update. An OS like that has to be designed from the ground up with security in mind. Somehow, though, I don't think it would be accurate to describe Windows that way.
On the other hand, if under these circumstances you would still define Windows as an intrinsically secure OS, what, according to you, would be the definition and/or characteristics of an OS that is not intrinsically secure? (and I don't mean ones with obvious administrative flaws, like root/admin accounts that have stupid passwords).
You may also find these two articles interesting: Security-focused operating system and Security-evaluated operating system. Oh, and here's another, more recent, critique of Windows security: Why Windows security is awful.
Just because I'm critical of Windows doesn't mean I'm spreading FUD. After all, if my opinion (and/or that list at vanwensveen.nl) was so terribly off, then why is Windows security still so dependent on firewalls and AV software? As I said, the individual applications that make up those systems are still not configured to be safe by default (I suspect because M$ think it's more user-friendly that way), which is what I mean by intrinsic insecurity. Windows doesn't have to be that way, you know.
Remember, I didn't start out hating Windows. I actually started out hating OS/2 and favoring Windows, no matter that OS/2 had some pretty impressive mutitasking all the way back in... 1993 (?). The first network I administrated on my own was in 1995 at a small University using diskless workstations, DOS 6 and Windows 3.11. I loved that system! But, M$ broke it when Win95 was introduced and the University was forced to upgrade. As a result, local hard disks had to be added everywhere, reliability suffered and security became a lot harder.
What really turned me against M$, however, was the registry. That piece of shit was never introduced for our conveniece; it was only put there only to help M$ fight software piracy. It didn't matter to them that the registry was going to hurt all Windows users equally. Before the registry, if something got corrupted and Windows didn't want to start up anymore, there was always a chance that we could fix it from the DOS command line. After the registry, forget it: it was always necessary to reinstall (or restore from a backup image). That is still the way it is today and IMO this is simply unforgivable. In addition, it seemed that the first people to take advantage of the registry were the virus writers. Aargh! But, despite all the drawbacks, M$ was determined to continue with the registry.
As for the rest of the problems, always there were promises: everything would always be fixed in the next version of Windows. Yeah, right. Eight years later it was 2003, Windows XP was two years old, but whenever a newly (re)installed system was connected to the Internet, the damn thing would get infected by some worm within seconds, long before there was time to download and install all the necessary OS updates and AV software. Okay, in that case there was no firewall and no NAT between the system and the Internet, but if Windows had been designed with security in mind in the first place, that sort of thing would never have happened.
Now it's 2011, we're another eight years further along, and in the mean time M$ have introduced both Windows Vista and Windows 7. But, not only does their latest and greatest version still include the registry and rely on firewalling and AV software for security, it also comes with DRM. You'd think they'd be obsolete by now, but for some reason the virusses are still as busy as ever. I'm therefore forced to conclude that M$, after all these years, is still clinging to it's basic design philosophy, which, from a security perspective, is completely broken.
You're making a case that either Windows has "woeful intrinsic insecurity" or it is impenetrable. You don't see that there can be some shades of grey between those two stances? ...
It's funny, but your words remind me of a message that I once sent to a friend (back in the 90s when I had just been introduced to Linux, but didn't really understand it yet) in which I described myself as "OS-agnostic" and said that I simply believed that the right tool should always be used for every job. I said that anyone who advocated one OS over another was just being myopic, so like you, I guess at that point I also saw everything in shades of gray.
But my attitude changed after I made a serious attempt to "learn Unix." I figured the best way to do so was by experience, so I swapped all of my personal systems (two Windows workstations, a Netware server and and Lotus Notes mail server) for a Red Hat workstation and a Debian server. It was a steep learning curve, but also a revelation for me: my understanding of the IT business was turned on its head: many problems just melted away and clear explainations were given for others.
This appealed to me, because I always wanted the systems I was responsible for to be more predictable, more controllable. I could never really say that about any of the black-box commercial software products that I used to work with, of which M$ products were definitely the worst. I didn't always think like that, but for me things really started to go downhill when Win95 was introduced with its awful registry. Nobody liked the registry; it was just something that we all had to learn to live with.
Linux systems, on the other hand, weren't like that -- what a breath of fresh air! They still used text files, just like Windows used to, and once configured properly, it all just worked. Sure, it was sometimes difficult to find hardware that was supported, and many well-know commercial software products did not have reasonable FOSS equivalents, but even back then what I saw looked so much more promising than Windows, and I figured it could only get better. Now, more than a decade later, I can offer my clients everything that I did in the late 90s (except for a Lotus Notes equivalent) and a whole lot more, using nothing but FOSS: Debian GNU/Linux for both servers and workstations, and using cheap hardware too!
In the mean time, naturally I've also kept an eye on M$ and their products, but it never seemed to me that my core grievances with the system were being addressed. In fact, in many ways the Windows user experience has only become worse: the prices have only gone up, the OS stops working if you upgrade too much of your hardware, and they've added DRM. The fact that the workstations still can't do without AV protection and now also come with their own little firewalls does not impress me either. IMO, if M$ and all their 3rd-party developers just made sure that the OS and all its applications were all safe from attack by default, then the firewalls would not be necessary and maybe not the AV stuff either. But sadly, that approach was never part of their the M$ philosophy, so I guess that's just too much to expect from them. That's what I meant by "woeful intrinsic insecurity" (admittedly, a somewhat awkward description).
In addition, there is the behavior of the corporation itself to consider. Occasionally, they have acted as a force for good, i.e. in their support for network neutrality, but more often they just act as a force for profit, bending the rules to help maintain their Windows/Office monopoly. For example, they successfully corrupted the ISO standardization process in 2006-2008 in order to get OOXML accepted, just so they could avoid ever having to add support for ODF. There are plenty more examples of their bad behavior (their treadmill strategy of locking customers into their product lines, the way they use the BSA to bully other businesses, their repeated corruptions of IETF standards to prevent software compat
Well, you're obviously very familiar and very comfortable with Windows. But, if what you say about the current state of Windows security is true, then IMO it should no longer be necessary for Windows machines to rely so heavily on their own individual firewalls and AV software for security. So, how long do you think your own fully patched Windows 7 workstation, connected to the Internet, used normally but without running its own firewall or AV software, would last without being compromised in some way? A day, a week, a month...?
Perhaps they would have done this earlier if Antitrust law did not prevent it?
Maybe. Maybe not.
That article doesn't say anything except that Apple have been caught producing sloppy code (mostly for Safari) after resting on their laurels (the reputation of their BSD-derived Darwin OS) for too long. If Dr. Miller currently finds it harder to find *new* vulnerabilities in Windows than in OS X, that doesn't mean Windows is now inherently more secure: it still has many other vulnerabilities that take too long to get fixed, and sometimes never do. Which is why the vast majority of all worms, viruses, etc. are still for Windows (and not just because of their market share).
Furthermore, all versions of M$ Windows have a number of fundamental design flaws. Here's a nice list: A brief overview of Windows' most serious design flaws Although this document appears to be four years old, I kind of doubt that many of these issues have been addressed in the mean time.
These days I no longer have much to do with Windows these days (thankfully), but there are a few other issues that I can think of. For example, with Unix systems user memory is separate from the rest of the OS and by default users have no permission to write to the file system except in the home directories and in /tmp. With Windows, on the other hand, normal users can easily get the entire OS infected. The more recent draconian measures (as of Vista) that M$ has taken to prevent unauthorized software from being executed seem mostly to be there to prevent software piracy, as opposed to protecting users from malware.
Or, how about the issue of what AV software does to your computer? The two Windows machines that I am currently responsible for to a very limited extent are located behind a firewall and have almost no access to the Internet. This is so that we did not have to install any anti-virus software on them, which would otherwise slow their performance down intolerably. No doubt people these days think such a ridiculous performance hit is normal, but when I was managing Windows boxes back in the 90s it wasn't nearly so bad. To me, the mere fact that all mainstream AV solutions nowadays affect Windows performance so severely only helps to reinforces the notion that fundamental flaws affect all versions of Windows.
As opposed to the world of PCs, there is basically no free-software alternative for "smartphones," so you cannot be sure that any of them will respect your privacy beyond normal voice calls (if that). That's because mobile phone users are much more like subscribers than owners, with the latter being the telcos. And as long as there is nothing to prevent the telcos from acting like Google, Twitter and Facebook -- using people's personal information and activities for their own gain -- how can smartphones users expect to be treated any better?
Look at it as a late attempt by M$ to compensate for the woeful intrinsic insecurity of their family of operating systems. It's their own fault, but because they never bothered to fix the problem, a whole industry evolved to compensate for it. M$ could have included a free anti-virus service over a decade ago, except that it was always going to amount to an admission of a glaring weakness. Perhaps they've had a change of heart, but adding their own virus scanner is still not the same as fixing the problem.
Once it's there, however, it will still be possible to disable it so that a competing product can be used instead. I'm not sure if the usual big players in this market will complain, because if they do someone may argue that it would be okay for M$ to fix the problem, but unfair of them to compensate for it as long as they don't. Oh, the irony!
On the one hand we have a society that is making it increasingly difficult for people to function normally (buy things, pay bills, find government information, etc.) without access to the Internet. On the other we have corporations that 1.) are trying to criminalize whatever we do on the Internet as much as they can in order to increase their profit margins, and 2.) have way too much money and influence on our governments, meaning that they will attempt endlessly to push their agendas until they succeed. A Constitutional amendment would be a good way to put a stop to their attempts once and for all.
Okay, so what about the really bad guys out their, distributing spam, viruses, kiddy-porn -- wouldn't they then also have an inalienable right to Internet access? Well, yes, but those people can also be fined and/or incarcerated.
You're probably right about the pirated content, but it's not right either for the courts to be allowed to order parts of the Internet to simply be shut down every time the entertainment industry claims that it is being used for copyright infringement and starts making unreasonable demands. Sure, Usenet isn't what it used to be, but nothing on the Internet is the same way is was ten years ago. But Usenet is still there (at least, it was last time I looked), it still works the same way and it's still useful. It's time for our politicians to start protecting consumer interests, recognize that the demands of the entertainment industry are unreasonable before they end up shutting down the rest of Internet as well, and also face up to the fact that most copyright infringement could be prevented if only the entertainment industry were willing to change its business model and allow for on-demand access to content via the Internet for a reasonable fee.
The IT contracting companies here in the Netherlands do very well for themselves. They work for the government and all kinds of other organizations, but always the story is the same: per employee, contracting companies regularly get paid around EUR 100.00 an hour, while the employees receive less than half of that (and probably more like a third). There are a number of reasons I can think of why this practice continues:
1.) The employees know that the contracting companies generally pay more money than other employers, plus they give you perks like company cars that other employers only consider for their management staff.
2.) It's hard for the employees to go freelance, and thus bypass the contracting companies, because the end customers tend not to shop around, instead tending to stay loyal to certain contracting companies.
3.) Since most organizations seem to be terrible at recognizing good IT personnel and paying them what they're worth, many of these folks tend to look for jobs elsewhere, often preferring to work for IT contracting companies.
4.) Many organizations that work with IT contractors do so because they are not allowed to hire any more people for permanent positions. So, when they're required to do more work for which they have no staff available, they will argue that they have no choice. On the bright side, IT contracting fees are not counted as fixed labor costs.
5.) Once an organization has been using a certain number of IT contractors for long enough, they come to depend on these people, which is natural. Thus, it eventually becomes very difficult to get rid of them and they often end up staying indefinitely.
6.) The Dutch labor laws, which make it easy to hire personnel but difficult to fire them after 6-12 months, probably don't help either.
It looks pretty insane, because the only real winners are the owners of the IT contracting companies who walk away with tons of cash in profit every year without adding much in the way of value. The only reason I can think of why it continues is because, well, that's the way it's always been done.
... I have to remember that I'm not really a customer -- only a subscriber. The telcos are the actual customers in this equation, and so far they've not taken a liking to operating systems that are too open (think Openmoko and Maemo/Moblin/MeeGo). So, although I wish Mark all the luck in the world with his new strategy, I suspect the odds are stacked against him regarding the phones.
If America scraps most of its military nuclear capabilities, including its submarines and ICBMs -- relics of the cold war -- then I suspect the government would have enough money to make good education completely affordable for all students nationwide, as well as pay off much of the debt owed by those who already have an education.
Let's face it: America's once mighty economy is in serious decline, mostly because all of those manufacturing jobs have now moved overseas. Ironically, America's powerful corporations, which continue to receive so much government support (through tax breaks and laws passed in their favor), only helped to exacerbate this job exodus.
The real problem is that, for many decades now, the most expensive country in the world to get a good education has been the United States. As long as America was a booming industrial economy, that was never a problem -- especially not after WWII, when all the other economies lay in ruins -- but as soon as Asia's sleeping giant woke up, it became an albatross around Uncle Sam's neck.
For America, now is the time for serious investment in education. America is still a rich country, but just spends too much of its money in the wrong places. Shifting tax dollars from the military to education seems about right, because without being able to receive income tax from educated citizens with good jobs, pretty soon the country will no longer be able to afford all that expensive military hardware anyway.
For the moment at least, I don't think they mean your machine, rather those owned and operated by the British government. Still, seeing as they are major customers, this is a significant boost for the Trusted Computing Group and does not bode well for home users (treacherous computing, here we come).
It's likely that many people here are sick of all the expensive academic periodicals that often contain interesting articles, but that almost no one without access to a university library can read... except perhaps for a summary. One of my interests is herpetology, which is pretty obscure, but nevertheless, there seem to be hundreds of periodicals published on this one very narrow subject alone. I've also heard stories about researchers who were upset to find out that their own papers, once published and on which they worked so hard, turned out not to be publicly available anyway. At that point the publishing company owns the copyright on your work, so AFAIK you can't even publish it on your own website.
Once upon a time, I suppose getting your paper published in one of these obscure and specialized academic periodicals was one of the only options available. Every few months a limited number would be printed and mailed out to university libraries around the world, but only to the ones with an interest in the subject (and willing to pay the subscription fee). Even today, however, the number of academic periodicals out there seems way out of proportion, so how come?
Well, it turns out that everybody would like to publish in the better known periodicals, but that most papers are rejected for various reasons. Still, as an academic you have to keep publishing (publish or perish!), so then you try to get your work published in one of the lesser known ones, perhaps with less peer review. This is one explanation. Another is that corporations often like sponsoring periodicals; sometimes just a little, and sometimes so much that they launch their own as a vehicle with which to advertise their products. However, peer review usually isn't worth all that much in cases of the latter.
The times, however, have now changed things rather dramatically. With the Internet, in my mind there is little or no need for these wretchedly expensive periodicals any more. Are they really good for science anymore, or are they only good for generating revenue for the publishing companies? Actually, it may be that things will change regardless. Of the periodicals that depend on sponsorship to some degree, many of their sponsors are now losing interest, probably because they think their activities on the Internet are more important. It's true that papers still needs to get peer-reviewed, but if it turns out that most researchers are now willing to do that even when the publications will be made available to the public for free, then everybody wins, right?
Perhaps I should add a note regarding medical periodicals. From what I understand, whether these are associated with expensive subscription fees or not, access to them is often restricted. If so, this is because it is felt that if the general public (e.g. journalists) had access to them, that the articles would more likely be misinterpreted. However, since this is bound to happen anyway, and it's worse if most people only have access to a misinterpretation of the article, I see no excuse for this practice either.
The discovery could lead to the invention of devices that can reconfigure their internal wiring and evolve into an entirely different and new device, to reflect the changing needs of *service providers*. ...
What if someone were to take a newly created snake embryo and repair that 'defective' gene before letting it develop further? Would it automatically develop four limbs and look more like a lizard? Whatever the result, if successful it might give us some more insight into how these fascinating creatures evolved.
My approach, using Exim4, is not to reject messages outright based on single issues, such as not having a proper reverse DNS entry, but to reject based on combinations of them. This is a great way to limit false positives.
For instance, an incoming message may also have a bad HELO, a bad sender domain, be blacklisted locally or by a DNSBL service, or not have a working callout so that the existence of the sender's account can't be verified. There are more issues like these to look for. My systems count the number of these transgressions per message and reject when a certain value is reached, say three, while dumping messages that score one or two end in the recipient's spambox folder. With Exim, this kind of solution is surprisingly easy to construct using ACL statements with user-defined variables that include arithmetic statements. The last checks that are performed involve Clamd and SpamAssassin, because they are so resource-intensive.
I should also mention that my systems also perform a number of checks up front for obvious spam that is rejected immediately, e.g. if the sender address domain is gmail.com, but the sender HELO name is not part of the google.com domain.
Just because Jobs was innovative, popular and successful doesn't mean he was a saint. Considering his closed hardware platforms, Jobs showed us that his views were perhaps even more the antithesis of the FOSS movement than those of Mr. Bill.
If I were to just keep all of my messages (both sent and received) in the same folder/file/directory (or folders/files/directories) forever, many of them would eventually become too large and inconvenient to work with. So, I wrote a script to file all my old ones away once a year on January the 1st into a directory for the previous year and replace them with new empty ones. Also, this does not stop me from searching (e.g. using grep) through my entire archive to find what I want.
...Discarding the moral teachings that have been handed down over thousands of years is equally ridiculous.
That is what is commonly believed, but absolutely false. For example, yes, the Old and New Testaments contain some timelessly positive moral teachings, such as "Thou shalt not kill", and "Do unto others as you would have them do unto you", but many have argued the wisdom of such statements to be self-evident.
What Christians do not like to be reminded of, however, is that both of their Testaments are also full of truly immoral teachings. For example, the Old Testament may forbid killing, but that only applies to fellow Jews; the killing of 'heathen' is not a problem, or else the various genocides described would not have been permitted. Similarly, the New Testament may say "Do unto others...," but at the same time condones slavery, a point which southern plantation owners were always eager to point out before the American Civil War.
Despite all of the free market competition, America has not succeeded in producing the best health care system in the world after all -- only the most expensive... by far! Yet, to change it is considered unamerican. How about unstupid?