certain people basically can't get what they need anymore in real life and start living in a porn-fueled fantasy world that real life can never live up to, and that makes it very difficult to form real attachments
This sounds like the ideal state to aim for for someone who's attracted to children.
Sure, but if the system is live and has the EFS mounted
EFS isn't a partition encryption system, so there's no mounting involved. Each individual file has its own file encryption key.
What you said applies if the account whose data you want is already logged in and the machine merely locked, but not if the account isn't logged in, in which case the EFS key is not loaded yet and won't be decryptable without the real password.
(Bitlocker, on the other hand, is a volume-encryption system, like TrueCrypt.)
...or in my work account either, for that matter. I dedicate a separate standard account to untrusted software like games. Not that other apps don't have bugs, but the nature of games is such that I trust them even less than other software.
It requires a little extra work fiddling with things sometimes. Vista's auto-redirect functions for apps trying to write to files/registry entries they don't have permission to helps a lot (once you turn off Vista's heuristics for auto-requesting admin privs on what it considers to be installers), but sometimes using the Application Compatibility Toolkit (especially shims to tell the installer it has admin privs when it doesn't, and RunAsInvoker shim to override permission request manifests in Vista) or running the installer in a virtual machine and moving files/settings to the real machine is necessary.
Naturally, I don't run the games themselves as admin either, but that goes without saying. Heck, if we're talking about a 2D game, sometimes it's simplest to just play it inside a virtual machine in the first place.
Of course it's all moot the day software I implicitly trust contains a similar bug.:) (hardware drivers, OS patches, etc.)
Adobe Reader runs fine in a limited user account in XP.
As for the grandparent's question, the answer is "kind of." There's nothing about a limited user account that prevents a hijacked process from doing anything it wants within the context of that account (deleting that account's files, catching keystrokes, capturing the screen, uploading data, etc.). Just like in Linux or Max OSX, malware running with standard user privileges can still wreak havoc on that account's data--but, in the real world, malware writers write for the most common target and don't bother with taking into account unusual scenarios. They assume their Windows malware will run with admin privs. When it doesn't get those privs, it usually breaks immediately. So limited user accounts (as well as Software Restriction Policies and "execute denied" folder ACEs) tend to provide a fair amount of security through obscurity by bumping you out of the mainstream.
Vista finally shakes things up though by making standard (what used to be called "limited") privileges the default. We may see the rise of double-scenario malware that first requests admin priv elevation (the UAC prompt) and then, if it doesn't get it*, goes into a fallback mode where it does what it can within that one account with standard privileges. A few extra lines of code would let this type of malware also work in limited user accounts in XP; whether malware writers will bother or not is another story.
*We may also see privilege escalation prompt spam, ala ActiveX install prompt spam back in the old days of IE.
BitLocker encrypts the entire drive. If your swap file is on that drive, it's encrypted along with everything else. BitLocker is only available in Windows Vista Ultimate.
Unrelated to BitLocker, Vista supports encrypting the swap file with a random key generated on startup (same as the way it's done in Linux). The setting is buried inside the EFS settings in Group Policy. I don't know if the swap file encryption setting is available in all editions of Vista or not--group policy wasn't available in XP Home Edition, so it wouldn't surprise me if it's crippled in Vista Home Basic and Vista Home Premium. Still, you can get to the part with the EFS settings via secpol.msc, not just gpedit.msc, so I'm not sure. Can't remeber if secpol.msc was missing from XP Home or not.
There also exist third-party utilities for XP to encrypt the swap file.
I find it extremely silly that people object to the word "piracy." It has a specific meaning in context. It does not "demonize" copyright infringement in any way. It's not making any kind of statement. It's just an abbreviation, because "copyright infringement" is a lot of letters. It means the exact same thing. It's not implying anything else.
Objecting to equating copyright infringement with theft makes sense and is important.
Objecting to shorthand slang that is no more negative than the full phrase it stands for is a silly waste of time. (Much like this post I'm making now.)
The page you linked to doesn't actually support what you said. It only talks about volume license users.
Just to clarify your first paragraph: are you saying that a computer with no internet connection which has Windows Home Basic pre-installed by Dell will require a phone call to Microsoft twice a year to keep working?
I understand you're just reporting what you heard at the launch event, so not trying to jump on your case personally.:) But I think we need a link with info that applies to OEM/DSP and retail box keys.
No such thing in the Windows world, where installers are encrypted cab files, only accessible to the installer binary, and all the commands and settings that are needed, are completely hidden inside the EXE.
I sympathize with your feelings toward the horrible culture of Windows installers (a lot of them are just as you describe) but that's not actually an accurate statement. The Windows world equivalent is MSI. Now, if only all developers would actually use it...
"Untrusted source" was a strange choice of words, but I'd would say that, for better or for worse, it's difficult to install any software on Linux-bases OS's unless the software is already part of that particular distribution's customized repository.
I think you're getting confused with the idea of software that comes in two flavors of copy protection, either physical disc-based or online-activation based, where traditionally the former is the lesser of two evils.
But as of Windows XP, Windows already uses online internet activation, regardless of where the bits to install come from. So it doesn't make any difference whether you get it over the internet or get it off a disc. Either way, you enter the product key and the OS contacts Microsoft with a hash of representing your hardware and checks to see how that product key has been used before, with some unspecified limit of installs--per-time-unit before they want you to call on the phone and discuss whether or not you're really moving your copy instead of installing it on 20 PCs or whatever.
Client says, "Here're 20 Excel files of dialog for Game X. In each file, we want you to translate columns H and K in sheets 1-6, and column B in sheets 7-10, but only the cells that are colored green or pink or that have the name 'Bob' in column C. Please send us an estimate for cost and completion time."
A few lines in VBA can identify precisely the right cells to count across all 20 files and feed them into a counting function (also written in VBA) or dump them into a file for counting with some other application's word/character count feature.
Who uses VBA? Anyone who wants to automate a simple but repetitive task in an MS Office application. Ditto for OOo's scripting languages.
Just to add another to the list of people saying "Flashback? Huh?" I live in the Dallas/Fort Worth area of Texas, U.S.A. and order all my groceries from Albertsons.com, perishables included. They deliver in refrigerated trucks.
Still, even without refrigerated local delivery, there've been places shipping non-perishable food items for a while now. Just google for "groceries."
Unless you need Bluetooth specifically (as in, you want to use it with a mobile phone in addition to the base station) then I'd tend to recommend forgetting about Bluetooth and using a traditional encrypted digital wireless headset. They generally have longer range, better battery life, and aren't susceptible to Bluetooth's security issues (as mentioned in the early comments to this story). They also usually have handset lifters, as you mentioned.
Don't buy it directly from Plantronics, though. It's far less expensive to get it from a separate store, like Buy.com or somewhere.
(Strangely enough, at the moment at buy.com, buying the CS50 + the handset lifter separately is $10 less than the two bundled together.)
I haven't used the PSTN version or handset lifter, but I've had a CS50 USB, the USB-connection version of this same model, for about a year now and been very happy with it for VOIP.
Plantronics certainly isn't the only manufacturer for headsets like this, though, so you may want to Google around for a bit and see what looks good.
How many students want to be locked into using a web interface exclusively, especially when they use Outlook, Eudora, Thunderbird, Pine, Elm... as their preferred mail client?
Just for the record, it's likely that Outlook (not Outlook Express) actually can be used with Windows Live email--at least, I'm currently using Outlook 2003 with Hotmail (haven't tested a new Windows Live account specifically). This makes sense as part of MS's strategy to promote its own products.
I'm sure Slashdotters will be ecstatic to learn of this support for email standards.:)
Software restriction policies are a nifty tool, and it's a shame more people (or at least offices) don't use them.
Blocking just temporary internet files is obviously not fool proof (the exploit code itself could download files to another location besides the temporary internet files folder) but it does seem likely to break any malware that's written to have the browser do the work of caching scripts from the website ahead of time. (Does IE work that way? Cache scripts fully, even if they contain code that isn't allowed to execute in the zone the script is from?)
Then again, merely running in a limited user account breaks most malware.
One thing to watch out for is runtime engines that are unaware of group policy. For example, if you have a Java runtime environment installed, and you add JAR to the list of restricted file types, then trying to start malware.jar through the shell will fail with the standard software restriction policy message--but executing "java -jar malware.jar" will still work (unless you have a special custom Java runtime that's smart enough to check group policy:)
This is as opposed to, for example, VB script, because the VB script engine itself is aware of software restriction policies, so "wscript malware.vbs" doesn't work.
Extentions and the XPI installer sytem can execute any arbitrary action they feel like on the account Firefox is running in. They can contain executable native code and launch it. They're Firefox's version of Browser Helper Objects and ActiveX.
Read what he said again: "network access to the machine"
He means remote access, like Remote Desktop/Terminal Services, or shared file access (if simple file sharing is turned off; the concept doesn't apply if it's on, since everybody authenticates as guest anyway in that case), VPN server access (when XP itself is acting as a VPN server), remote registry access, remote process control, etc. etc., as well as the RunAs command to run software under a different account than the currently logged on desktop. None of these are possible with a blank password on the target account.
One of the few things I can think of that I like about MS Word over OpenOffice Writer is that MS Word's word count feature understands the difference between space-separated, word-counted Western languages and non-spaced, character-counted CJK languages. In a mixed-language document, MS Word's word count function will tell you how many Western words there are and how many Eastern characters there are, whereas OpenOffice Writer will return what are effectively garbage values, a total count of all characters (Western and Eastern together) and total count of all "words" as it tries to count blocks of CJK text as single words.
The question remains, though, will MS actually implement this to exactly match its specifications, or are we just looking at the next RTF? (As far as compatibility of whole documents goes.)
"DRM enforced rentals, at rental prices, are ok, because I don't expect to have that stuff long enough to worry about multiple machines, backups, etc. DRM files at permanent-copy prices are not worth it, because their inflexibility and fragility become a burden sooner or later."
I'd like to add that this is how I feel, also. I'm a regular user of Windows Media DRM video rental sites. (Cue pr0n joke.)
It's really about price points -- if permanent access is so cheap I can consider it a rental, then that's obviously ok, too. (Service goes out of business? Oh well, rental period over.) But if it's more than a small fraction of the cost of a non-Internet-enforced version (DVD/CD/whatever), then no.
If this is being used with 32-bit Windows XP for gaming, does that mean the machines virtual address space is more than maxed out with 2GB of main RAM + 2GB of VRAM + other hardware memory overhead on top of that? How much actual addressable physical RAM is left for the OS and applications?
Slashdot Mirror
certain people basically can't get what they need anymore in real life and start living in a porn-fueled fantasy world that real life can never live up to, and that makes it very difficult to form real attachments
This sounds like the ideal state to aim for for someone who's attracted to children.
I like happy, candy-colored worlds.
Sure, but if the system is live and has the EFS mounted
EFS isn't a partition encryption system, so there's no mounting involved. Each individual file has its own file encryption key.
What you said applies if the account whose data you want is already logged in and the machine merely locked, but not if the account isn't logged in, in which case the EFS key is not loaded yet and won't be decryptable without the real password.
(Bitlocker, on the other hand, is a volume-encryption system, like TrueCrypt.)
...or in my work account either, for that matter. I dedicate a separate standard account to untrusted software like games. Not that other apps don't have bugs, but the nature of games is such that I trust them even less than other software.
:)
It requires a little extra work fiddling with things sometimes.
Vista's auto-redirect functions for apps trying to write to files/registry entries they don't have permission to helps a lot (once you turn off Vista's heuristics for auto-requesting admin privs on what it considers to be installers), but sometimes using the Application Compatibility Toolkit (especially shims to tell the installer it has admin privs when it doesn't, and RunAsInvoker shim to override permission request manifests in Vista) or running the installer in a virtual machine and moving files/settings to the real machine is necessary.
Naturally, I don't run the games themselves as admin either, but that goes without saying. Heck, if we're talking about a 2D game, sometimes it's simplest to just play it inside a virtual machine in the first place.
Of course it's all moot the day software I implicitly trust contains a similar bug.
(hardware drivers, OS patches, etc.)
Adobe Reader runs fine in a limited user account in XP.
As for the grandparent's question, the answer is "kind of."
There's nothing about a limited user account that prevents a hijacked process from doing anything it wants within the context of that account (deleting that account's files, catching keystrokes, capturing the screen, uploading data, etc.). Just like in Linux or Max OSX, malware running with standard user privileges can still wreak havoc on that account's data--but, in the real world, malware writers write for the most common target and don't bother with taking into account unusual scenarios. They assume their Windows malware will run with admin privs. When it doesn't get those privs, it usually breaks immediately. So limited user accounts (as well as Software Restriction Policies and "execute denied" folder ACEs) tend to provide a fair amount of security through obscurity by bumping you out of the mainstream.
Vista finally shakes things up though by making standard (what used to be called "limited") privileges the default. We may see the rise of double-scenario malware that first requests admin priv elevation (the UAC prompt) and then, if it doesn't get it*, goes into a fallback mode where it does what it can within that one account with standard privileges. A few extra lines of code would let this type of malware also work in limited user accounts in XP; whether malware writers will bother or not is another story.
*We may also see privilege escalation prompt spam, ala ActiveX install prompt spam back in the old days of IE.
Don't feel too bad. They removed that feature in Office 2007.
Whoops, my "home user" perspective is showing.
BitLocker is also available in Vista Enterprise(only sold through volume licensing), not just Ultimate.
BitLocker encrypts the entire drive. If your swap file is on that drive, it's encrypted along with everything else.
BitLocker is only available in Windows Vista Ultimate.
Unrelated to BitLocker, Vista supports encrypting the swap file with a random key generated on startup (same as the way it's done in Linux). The setting is buried inside the EFS settings in Group Policy.
I don't know if the swap file encryption setting is available in all editions of Vista or not--group policy wasn't available in XP Home Edition, so it wouldn't surprise me if it's crippled in Vista Home Basic and Vista Home Premium. Still, you can get to the part with the EFS settings via secpol.msc, not just gpedit.msc, so I'm not sure. Can't remeber if secpol.msc was missing from XP Home or not.
There also exist third-party utilities for XP to encrypt the swap file.
I find it extremely silly that people object to the word "piracy." It has a specific meaning in context. It does not "demonize" copyright infringement in any way. It's not making any kind of statement. It's just an abbreviation, because "copyright infringement" is a lot of letters. It means the exact same thing. It's not implying anything else.
Objecting to equating copyright infringement with theft makes sense and is important.
Objecting to shorthand slang that is no more negative than the full phrase it stands for is a silly waste of time. (Much like this post I'm making now.)
The page you linked to doesn't actually support what you said.
:) But I think we need a link with info that applies to OEM/DSP and retail box keys.
It only talks about volume license users.
Just to clarify your first paragraph: are you saying that a computer with no internet connection which has Windows Home Basic pre-installed by Dell will require a phone call to Microsoft twice a year to keep working?
I understand you're just reporting what you heard at the launch event, so not trying to jump on your case personally.
"Untrusted source" was a strange choice of words, but I'd would say that, for better or for worse, it's difficult to install any software on Linux-bases OS's unless the software is already part of that particular distribution's customized repository.
I think you're getting confused with the idea of software that comes in two flavors of copy protection, either physical disc-based or online-activation based, where traditionally the former is the lesser of two evils.
But as of Windows XP, Windows already uses online internet activation, regardless of where the bits to install come from. So it doesn't make any difference whether you get it over the internet or get it off a disc. Either way, you enter the product key and the OS contacts Microsoft with a hash of representing your hardware and checks to see how that product key has been used before, with some unspecified limit of installs--per-time-unit before they want you to call on the phone and discuss whether or not you're really moving your copy instead of installing it on 20 PCs or whatever.
Now if you'll excuse me, I'm off to play DOAX2 as soon as I get done placing this pre-order for "THE IDOLM@STER."
Indeed. And not just for Wordfast.
Client says, "Here're 20 Excel files of dialog for Game X. In each file, we want you to translate columns H and K in sheets 1-6, and column B in sheets 7-10, but only the cells that are colored green or pink or that have the name 'Bob' in column C. Please send us an estimate for cost and completion time."
A few lines in VBA can identify precisely the right cells to count across all 20 files and feed them into a counting function (also written in VBA) or dump them into a file for counting with some other application's word/character count feature.
Who uses VBA? Anyone who wants to automate a simple but repetitive task in an MS Office application. Ditto for OOo's scripting languages.
Just to add another to the list of people saying "Flashback? Huh?" I live in the Dallas/Fort Worth area of Texas, U.S.A. and order all my groceries from Albertsons.com, perishables included. They deliver in refrigerated trucks.
Still, even without refrigerated local delivery, there've been places shipping non-perishable food items for a while now. Just google for "groceries."
Unless you need Bluetooth specifically (as in, you want to use it with a mobile phone in addition to the base station) then I'd tend to recommend forgetting about Bluetooth and using a traditional encrypted digital wireless headset. They generally have longer range, better battery life, and aren't susceptible to Bluetooth's security issues (as mentioned in the early comments to this story). They also usually have handset lifters, as you mentioned.
For example, the Plantronics CS-50
Don't buy it directly from Plantronics, though. It's far less expensive to get it from a separate store, like Buy.com or somewhere.
(Strangely enough, at the moment at buy.com, buying the CS50 + the handset lifter separately is $10 less than the two bundled together.)
I haven't used the PSTN version or handset lifter, but I've had a CS50 USB, the USB-connection version of this same model, for about a year now and been very happy with it for VOIP.
Plantronics certainly isn't the only manufacturer for headsets like this, though, so you may want to Google around for a bit and see what looks good.
How many students want to be locked into using a web interface exclusively, especially when they use Outlook, Eudora, Thunderbird, Pine, Elm... as their preferred mail client?
:)
Just for the record, it's likely that Outlook (not Outlook Express) actually can be used with Windows Live email--at least, I'm currently using Outlook 2003 with Hotmail (haven't tested a new Windows Live account specifically). This makes sense as part of MS's strategy to promote its own products.
I'm sure Slashdotters will be ecstatic to learn of this support for email standards.
Software restriction policies are a nifty tool, and it's a shame more people (or at least offices) don't use them.
:)
Blocking just temporary internet files is obviously not fool proof (the exploit code itself could download files to another location besides the temporary internet files folder) but it does seem likely to break any malware that's written to have the browser do the work of caching scripts from the website ahead of time. (Does IE work that way? Cache scripts fully, even if they contain code that isn't allowed to execute in the zone the script is from?)
Then again, merely running in a limited user account breaks most malware.
One thing to watch out for is runtime engines that are unaware of group policy. For example, if you have a Java runtime environment installed, and you add JAR to the list of restricted file types, then trying to start malware.jar through the shell will fail with the standard software restriction policy message--but executing "java -jar malware.jar" will still work (unless you have a special custom Java runtime that's smart enough to check group policy
This is as opposed to, for example, VB script, because the VB script engine itself is aware of software restriction policies, so "wscript malware.vbs" doesn't work.
Extentions and the XPI installer sytem can execute any arbitrary action they feel like on the account Firefox is running in. They can contain executable native code and launch it. They're Firefox's version of Browser Helper Objects and ActiveX.
Read what he said again: "network access to the machine"
He means remote access, like Remote Desktop/Terminal Services, or shared file access (if simple file sharing is turned off; the concept doesn't apply if it's on, since everybody authenticates as guest anyway in that case), VPN server access (when XP itself is acting as a VPN server), remote registry access, remote process control, etc. etc., as well as the RunAs command to run software under a different account than the currently logged on desktop. None of these are possible with a blank password on the target account.
One of the few things I can think of that I like about MS Word over OpenOffice Writer is that MS Word's word count feature understands the difference between space-separated, word-counted Western languages and non-spaced, character-counted CJK languages. In a mixed-language document, MS Word's word count function will tell you how many Western words there are and how many Eastern characters there are, whereas OpenOffice Writer will return what are effectively garbage values, a total count of all characters (Western and Eastern together) and total count of all "words" as it tries to count blocks of CJK text as single words.
1 7964
http://www.openoffice.org/issues/show_bug.cgi?id=
This is the sort of thing that one could write a macro to accomplish, though.
http://www.microsoft.com/office/preview/developers /fileoverview.mspx
Bottom of the page, under "Compatibility."
The question remains, though, will MS actually implement this to exactly match its specifications, or are we just looking at the next RTF? (As far as compatibility of whole documents goes.)
"DRM enforced rentals, at rental prices, are ok, because I don't expect to have that stuff long enough to worry about multiple machines, backups, etc. DRM files at permanent-copy prices are not worth it, because their inflexibility and fragility become a burden sooner or later."
I'd like to add that this is how I feel, also.
I'm a regular user of Windows Media DRM video rental sites. (Cue pr0n joke.)
It's really about price points -- if permanent access is so cheap I can consider it a rental, then that's obviously ok, too. (Service goes out of business? Oh well, rental period over.) But if it's more than a small fraction of the cost of a non-Internet-enforced version (DVD/CD/whatever), then no.
If this is being used with 32-bit Windows XP for gaming, does that mean the machines virtual address space is more than maxed out with 2GB of main RAM + 2GB of VRAM + other hardware memory overhead on top of that? How much actual addressable physical RAM is left for the OS and applications?