If Ms supplied something that detected/removed/protected against up&down, (free, with no 'Genuine Advantage / Validation' bs), then I'm sure pretty soon all the media would link to that & the sheeple would rush to download & install... How about it, Redmond?
You'll note said tool does not require any validation to download, anyone can download it regardless of the legality of their copy of Windows; no validation or genuine advantage required, period.
This tool is also regularly distributed via Automatic Updates/Windows Updates to help clean out any infections that computers that use these services may have contracted, either because they weren't patched, or some other mechanism that isn't due to a software vuln (e.g. USB Key Transmission).
The only thing that could be improved upon is combining the two together, but there are some people who have legitimate reasons for wanting to do one and not the other (generally, detect and remove but not necessarily patch). They are few and far between, but they do exist. And really, if you can be capable of going to a website and manually download a removal tool, you should also be able to enable AU or manually periodically go to WU/MU.
In summary: They have published the fix, free, and a removal tool, also free. Learn what you are talking about, everything you just said is already done.
This may purely just be me having a bad experience, and in no way indicative of others experiences, but I've often found that people who develop for or are strongly supportive of FOSS tend to be far less receptive to criticism than proprietary software.
I've often criticised Microsoft in forums, chat, in person, whatever, and generally find that if something is genuinely stuffed, they'll admit it and accept something needs to be done. Examples: Security is fucked and needs an overhaul, IIS is a mess and FTP support is rubbish, resource usage in modern versions is higher than it should be and needs to be reduced. The responses are generally quite receptive, and follow a trend of "Yes, this is sub-optimal, and needs to be worked on.".
I find it interesting that often when I've done the same for FOSS software (predominantly Linux, mainly because I use it more than BSD/Solaris/etc...), the response tends to be that either I don't understand what I'm talking about at all, or that what I perceive as a flaw is entirely by design and a work of technical genius (even if, while the programmmer might think its great, it doesn't necessarily translate to greatness as far as the user is concerned). Examples: X.org is a mess and needs an overhaul, code quality/API stability in KDE 4, and others I forget, but probably fairly minor.
Maybe this is a result of being more developer orientated than user orientated? I'm not sure. But I find it striking that when I complain about Microsoft to MS-fans, the result I tend to get is an admission of a genuine fuck-up where Microsoft has dropped the ball, and they need to fix it. Not always, but frequently with Linux, I get the reverse: that this is entirely by design, nothing at all is wrong or will be changed, and I just don't know what I'm talking about.
Microsoft distributes security updates to _ALL_ editions of Windows that are currently maintained irrespective of the legality of the license. However, if you are not running a legal license, you can only receive updates through Automatic Updates, limited purely to security updates. Use of Windows/Microsoft Update and/or the downloading of non-security updates requires a valid license. The reasoning for this is to prevent exactly what you accuse Microsoft of not doing, reducing the risk of large viral/worm outbreaks and the impact of such outbreaks on Windows users, particularly those with legal licenses. Even if you completely fail WGA validation, you still will receive security updates through Automatic Updates.
Ideally, I'd prefer MS to permit security updates through the WU/MU frontend even if an invalid license is detected. I'm not sure what error message is displayed and if it prompts for Automatic Updates to be enabled or informs the user that they can still receive security updates through AU. However, the point remains that MS still permits a legal avenue of obtaining such updates, despite running an invalid license, at THEIR cost of distributing such updates.
In fact, having double checked my information, the security patch that fixes the vulnerability that Conficker exploits was released prior to the creation and subsequent distribution of Conficker.
So, every single computer out there with a Conficker infection due to the exploit infection route could have been secured if patched. I would bet that would make for a gigantic reduction in the size of the Conficker botnet.
to genuinely care about the hype surrounding this worm when no one knows what its destined to do, and the problem stems from a host operating system with a near two decade track record of this sort of stuff.
A few things:
1. If you have 1 million+ infected hosts, and all the bandwidth that these hosts have access to, and can use these resources to do whatever you please, you pose a serious threat to many groups with a presence on the internet and an interest in its wellbeing. Do I really need to spell it out to you why it's important to care?
2. No, the problem in this case stems from people not patching their systems when security updates are made available. Microsoft made the patch available _LONG_ before Conficker was even a problem. Microsoft released the patch on 15th October 2008. What does this tell you? It means that effectively 99%+ of infected machines are infected because they weren't patched, either due to ignorance, sloth, or a combination of.
If I never patched my Linux/BSD servers when security flaws were discovered, they'd be rooted pretty fast too. Fortunately, most of the OSS community knows that security patches are important and need to be applied, not ignored. Elements of the Windows world don't share this culture, and it needs to change, so that worms like Conficker aren't able to thrive.
I know the floppy is alright, because it boots fine without any of these symptoms occurring from other machines it boots from.
Assuming you mean this box is booting off a floppy disk, how can you say the above? Have you discounted faulty drive electronics in the floppy drive itself?
The video cardish component appears fine to the naked eye
Your method for testing the reliability of your video card is by staring at it? What were you expecting to conclude? If you can see visible damage to any modern electrical component, excluding things like fans, then it's unlikely to work at all period. You can't possibly determine more technical and subtle faults by just staring at a PCB.
If you want to establish anything conclusively, you're going to have to test components thoroughly in software, or if that's not possible, swap them out with known good components and see if they fix the problem.
I imagine your issue is going to be finding compatible parts for what I assume is a reasonably ancient machine.
Doing someone a favour and trying to make more money aren't mutually exclusive; in fact, it can be clever business practice. By doing so, you can improve the perception of your company, the better perception results in people being more likely to buy products and services from you, and you've done it all without doing something unethical or illegal.
Frankly, I'd much rather Microsoft did stuff like the above, making their products easier to use, especially with 3rd-party products, than just being plain arrogant and anti-competitive. Or would you prefer the latter?
I remember watching that film very well, it was an excellent documentary.
But, in particular, I appreciated the irony that the most intelligent comment about the killings out of all the interviews came from the very man who was the scapegoat.
Aside from all the other people pointing out that your long rant is completely misguided and a result of misintepreting the article, I'm just going to address one single part of a sentence.
So, why doesn't Microsoft produce these tools for Windows
The tool in question is a debugger extension for WinDbg. I'm not sure how many people are debugging their Unix/Linux applications with WinDbg, but I'm guessing it's not a large number.
In which case I owe you an apology for my snarky reply;)
There's so many Slashdot posters/trolls who are completely ignorant of what they are talking about with regards to Microsoft products and technology, that I find it can be very difficult to sift out the ignorant from those select few who know what they are talking about but are talking in jest.
Once again, my apologies for my unwarranted snarky reply!
Windows does have a home directory, it's the one you correctly indicated. It stores user data and preferences. In this sense, it is identical to Unix home directories.
Windows in my experience only self destructs when the user is either an idiot, or does something incredibly stupid; these often go hand-in-hand. As such, my Windows installation and those I administer never spontaneously combust. Yours on the other hand...
Finally, you can use recovery certificates as others have indicated as a fail safe in the case of a munged Windows installation. This is very similar to TrueCrypt requiring you to backup the TC boot sector.
It's worth noting this only applies to pre-Vista machines. Vista and newer do support LM hashes, but they must be explicitly enabled manually in the systems security policy.
You raise an excellent point though, checking the password policy strength is a very good idea. You should ideally be mandating the usage of NTLMv2, and forbidding the usage of anything earlier (NTLMv1/LM) in the system security policy. If this is just a home box, not connected to a corporate network, then this should not be a problem.
LM is required for legacy Windows clients (think 9x and pre-win2k in some cases). Samba can handle NTLM, I'm not certain about NTLMv2. Really, it's unlikely anyone these days has a need for LM hashes, unless you require things like file sharing with ancient Windows operating systems. In which case, you have bigger problems:)
EFS is very powerful in the right hands, the simple encryption checkbox betrays the real power lying just beneath the surface. I do find it amusing when people criticise complex encryption architectures because not everything is exposed in a pretty UI. Would you feel better if there were some nice Aero encryption animations?
NTBackup is absolutely solid as a basic backup solution; I know many people who are very unhappy with Microsoft that it isn't present in Vista and 2008.
NetMeeting is effectively obsolete, it has been superceded by Windows Meeting Space; get with the times.
Windows Defragmenter is rubbish, I'll give you that.
Remote Desktop is an excellent solution for remote desktop of Windows machines and handles more advanced UI features like desktop compositing far better than most alternatives I've used. Why would I bother installing something like VNC when RDP can do everything I and most others need?
I know your post was meant to be ridiculing various Windows features, but it really just reveals your ignorance.
I think there are two major/popular ways to do what you want that I'm familiar with. There are of course other options, but I've not used them, and won't comment on them.
1. TrueCrypt
This is a simple but very powerful encryption utility that is also open-source. It performs its magic by either encrypting volumes or by using encrypted file containers (a file which contains encrypted data that can be mounted as a virtual drive). The file container approach is very easy to use but you won't be able to use it to encrypt your _entire_ home directory, only elements of it. Effectively, you'd create one or more encrypted file containers and store everything sensitive in them. You could use full volume encryption by storing your entire user profile on a seperate volume, but this is obviously more difficult to setup, depending on your OS. To do something like the latter properly in something like Vista, you'd probably need to do it at install time through an unattend and state which drive the Users directory should be located on, as changing this once installed is not simple and ill-advised.
2. NTFS EFS (Encrypting File System)
Included with all "professional" (ie. not Home/Starter/etc..) editions of Windows since Windows 2000. Enables file-system level encryption tied into NTFS to encrypt individual files/folders on any NTFS device. This has some significant pros, in that not only is it included as a stock component of the OS, but is extremely easy to setup. Just right click on the folder/file you want to encrypt and do so through the Advanced properties. However, getting into the guts of EFS and fiddling with encryption certificates, ciphers, etc... requires some additional skill and research as there is no simple unified front-end to managing EFS like there is for TrueCrypt.
It's important to note that these two encryption suites are very different in how they work. Whereas TC stores data in file containers (unless you encrypt the entire volume), EFS works at the filesystem level and is completely transparent to userland, enabling transparent encryption of anything on the NTFS volume that is user-related. Note that EFS binds to user accounts. You generally can't use EFS to encrypt data that is outside the scope of a user account (such as system files). You'll need full volume encryption technology for that.Microsoft also has BitLocker for full-volume encryption, but this is Vista only, and for home setups, needlessly complicated and difficult to setup, not to mention the TPM requirements for full functionality.
Other things to note would be the importance of portability. TrueCrypt works across Windows/Unix, whereas EFS is obviously specific to Microsoft. I'm not sure if there's an OSS implementation for reading EFS encrypted data under Unixes, but even if there was, I think you'd be mad to use it. You shouldn't be using EFS if portability between OS's is a concern. Also note that whereas TC will have a seperate password, EFS will use your account password for encrypting your user data. This means that if you lose/forget your account password, you _WILL_ lose your EFS encrypted data, unless you've set up things like recovery certificates. Further, if you use a password reset tool to reset your account password outside of your user account, you _WILL_ lose all your EFS encrypted data. Your account password is the key to your EFS data, and so losing it or changing it improperly can have very nasty consequences.
I can't really recommend either method, you really need to research and have a play with both to decide which you prefer. I will say that if you are going the full-volume encryption route, I'd highly recommend TrueCrypt over BitLocker for home setups. The general trend I've observed from using both is that they both are very powerful tools, and can both easily get the job done when setup properly. However, TrueCrypt is more geared towards home/smaller setups, while EFS/BitLocker can work on anything from an individual box to a centrally managed enterprise network. T
Where exactly is the conclusion being drawn that this guy even had Asperger's, or any disability? It's all just hypotheticals by armchair psychologists.
It's probably worth pointing out as well that most people with Asperger's are somewhat socially inept, but there's a difference between being socially awkward and just being an arsehole. The guy in the article comes across as the latter.
Some people are just genuinely brilliant without the "benefit" of a disability, some are just genuinely quirky, and some are just genuinely arseholes. Not every trait out there requires a mental disability or condition to explain it.
The thing is, the usage of LUA accounts is not a typical Windows (pre-Vista) setup. You've clearly discovered how useful they can be when used correctly, but very few people do use them, preferring instead to just run as an Administrator.
In this sense, while I agree a virus scanner is likely far less useful for someone with a system configuration like yours, yours is entirely atypical, and a more typical configuration would be well served to have at least a half-decent virus scanner.
This isn't too much of a problem anyway, with several high-quality free virus scanners available for non-commercial usage.
Windows Defender is an anti-spyware product, and not a virus scanner. It will NOT protect you against most virus threats, nor is it intended to.
In this respect, a 3rd-party virus scanner is still required if the detection and removal of viruses is important to you. Yes, there is Windows Live OneCare, but apart from the fact that it's scheduled to be discontinued in the future, you still have to pay for it.
And the mainframe is running what? Windows For Mainframes Edition? I don't think so.
Are you familiar with the client/server model? It allows a client application on effectively any OS to communicate with a server application on effectively any OS, provided they share a common network protocol. This isn't exactly a new development. So getting your "AIG Accounting '95" communicating with your AIX mainframe isn't really that implausible, or even difficult.
I disagree. I only use Windows at work, but it is my understanding that it is very difficult to make older Windows applications run in newer versions of Windows, especially applications that were written for Windows 95/98.
Not entirely accurate. Applications that just use the basic Windows APIs, such as the GUI framework and the TCP/IP stack are pretty solid going a very long way back. This tend to get difficult when you throw in DirectX (and the graphics driver that is going alongside it, which was never designed with running 90's era games in mind), or various other "secondary" APIs that aren't really core for basic applications, which really, is what is going to be running in the context of the GP. The hardcore processing and the real complexity is server-side anyway.
That's assuming that you keep updating Linux or Mac OS to the latest and greatest. But you don't have to. In your mainframe "example" it is assumed that the system images running the applications are not being updated. And then you complain that Linux/Apple apps may break if you update the OS? Come on.
You effectively do have to if you care for things like security updates, bug fixes, and product support. This applies to all operating systems. Where's the assumption that the system images running the applications are not being updated? Of course they're being updated, that's the whole point of what the GP is trying to get across, that he can update the OS without breaking the applications he wants to run on it.
Any thoughts on how such a thing could be gotten to work?
I have a few, but I'm not sure they are really what you're after.
At the binary level, runas.exe is really the application that exposes "sudo" functionality to other applications. Bizarrely, despite being a console application, it doesn't seem to expose any functionality to select how an application is executed. In this case, is it executed in the parent console or in a new console? This seems to me to be a pretty odd oversight for a console application that could clearly see use for launching other console applications from a command line.
So, to achieve what you want, it seems to me you need to delve into Windows API's. So, you could do what you want in either Cygwin or Cmd through a "helper" application that uses the right API with the right parameters, but this to me seems quite clumsy for what ought to be a simple problem with a simple solution.
There is a potential alternative, but I'm not sure if it's viable for you. PowerShell (a new shell by Microsoft for Windows designed from the ground-up) is both.NET based and can directly interact with the.NET API from the shell. This might present a unique opportunity to solve your problem without resorting to actually building a simple (or not so simple depending on how customizable you need it to be) helper application.
You could, for instance, leverage the ProcessStartInfo Class. An example piece of script that you could adapt for your purposes (you'll need to customize it and probably use different/additional properties):
$runas = new-object System.Diagnostics.ProcessStartInfo
$runas.Arguments = "/noprofile/user:Box\Admin `"C:\example.exe`""
$runas.FileName = "runas.exe"
$runas.UseShellExecute = $false
$runas_proc = [System.Diagnostics.Process]::Start($runas)
The UseShellExecute property should ensure that your program runs in the parent console window, and it's the property I use to do exactly that in a script of mine (though, it doesn't use runas or any UAC functionality). The above class has a CreateNoWindow property as well, but I vaguely recall that not working for me, and someone gave me a technical explanation as to why it isn't applicable in this case but UseShellExecute is. My memory has faded somewhat though, so experimenting with both may well be worthwhile.
PowerShell V2 which is still in development adds many new cmdlets, one being a Start-Process cmdlet which should eliminate the need to script the.NET API directly for this case. Of course, you'd need to be using alpha software (CTP3 is the latest) to do this currently. The prior method would work in V1 and V2.
A quick google search suggests numerous other ways to use UAC in PowerShell through various approaches. PowerShell may well be worth a look, and there's no reason you can't call Cygwin applications from a PowerShell instance.
A quick bit of advice, if you do choose to investigate PowerShell, don't approach it like just another shell, as it's design is fundamentally different from anything on Unix or the prior Cmd shell. I'd recommend reading the wikipedia article on it for a good overview. However, if you do choose to use it, you'll have an extremely powerful shell with a featureset easily on par with the bash or zsh shell. The limitation will be in the frequent lack of 3rd party console applications that Unix has had for a long time, but, as I mentioned before, there's no reason you can't use these from PoSH.
The Unix sudo model tends to work much better, and there are far fewer points where root access is required to get a particular task done.
Ok, firstly, UAC effectively IS a sudo model, and can be made to behave exactly like a traditional Unix sudo system with very little effort.
Secondly, the latter part of your sentence explains the problem exactly. There are far too many programs on Windows that require administrative access, and most don't need it, the requirement is due to bad programming. This being the case, you have three options:
* Run as an administrator all the time, and run all this code
* Run as a standard user all the time, and never run any of this code
* Run as a standard user most of the time, and run programs that require such permissions as required.
From a usability (I want to run this program) vs. security (don't run this program) perspective, the final option is the sensible one, minimising processes assigned administrative privileges to those that explicitly need it. This is what UAC does. Quibbles aside about how the "sudo" system should manifest itself (confirmation vs. credentials vs. silently elevating), I'd like to hear a better solution for enabling all of these poorly designed applications to run until they are either fixed or obsoleted. Because the "unix sudo model" is exactly what is inside Windows right now, and it clearly isn't working in your view.
I think you've misunderstood how UAC is implemented, and more importantly, how it can be configured.
UAC in no way replaces the existing NT security model, it's layered on top of it, and can be outright disabled or quite finely tweaked. It works by assigning seperate security tokens to user logins, one with a limited set of permissions, and one with the full set of administrative permissions. The obvious result being, the administrative security token is only assigned when permission is explicitly granted (or the application is whitelisted, as in Windows 7 in the default configuration).
However, the default behaviour of UAC can be changed in many ways. It can be outright disabled, taking you back to the traditional XP account model, but the better option if this is your ideal behaviour would be to disable "Admin Approval Mode", silently elevating all applications that require Administrative permissions while retaining some of the other benefits of UAC (e.g. IE Protected Mode).
You can also modify the UAC prompt to ask for credentials (versus just requesting confirmation), the default for standard users, but also applicable to Administrators. All of these options and other more advanced configuration can be modified in the systems Local Security Policy. In this respect, I'm not sure what you mean by your last paragraph?
What aspect of your sudo mechanism can't be achieved by UAC with the appropriate configuration?
Personally, I was hoping MS would stick to the real security route: Have UAC a true privilege separation, with no exceptions.
So was I, and I'm very disappointed they are taking the route that they are. However, the silver lining on the dark thundercloud is that this behaviour can still be enabled in Windows 7. Going into the Control Panel you can modify the UAC behavior through a slider, choosing various levels of UAC confirmation. Choosing maximum security will disable any whitelisting, with all privilege escalations requiring explicit approval, ala. Vista.
Of course, only security conscious people will make this modification in the first place, and it should really be the default. However, it's nice that it's still there, the default setting might be "broken", but the UAC implementation as a whole isn't.
Yeah, great, except autism isn't something that you get from watching Barney instead of Playschool, you are born with it. However, characteristics that may point to an autistic spectrum disorder will often not manifest themselves till several years after birth (and potentially, even quite some time after that).
As a result, the exposure or lack there-of to Barney is entirely irrelevant. The lack of social development is part of the development disorder.
Frankly, the best way to develop social skills is interaction with other kids, and you'll find, that won't really work much either.
I suggest you read up on ASDs (Autistic Spectrum Disorders) before making stupid comments on conditions that you clearly don't understand.
Actually, 6.21 removed DoubleSpace, 6.22 reintroduced it under the name DriveSpace with the offending code removed.
6.2 had DoubleSpace and introduced various other notable bits and pieces. Scandisk, which I suspect many Slashdot readers are familiar with, was introduced in 6.2.
1. The whole three application limit is nothing new, the same limit applies in XP Starter Edition and Vista Starter Edition.
2. I have severe doubts that Starter Edition is going to be embraced by the netbook market. XP Starter Edition wasn't, neither was Vista Starter Edition, so why would Windows 7 Starter Edition?
3. The study referenced would in no way be aimed at an analysis of the usage habits of the market that Starter Edition is intended for. Thus, the results are in no way relevant. Netbook usage patterns don't follow the same usage patterns as desktops and notebooks.
4. Microsoft recently went on record as saying that any edition of Windows 7 will work fine on netbooks. Whether this is true in reality remains to be seen, but, it is still significant in that it indicates Microsoft does not appear to internally be targetting only "x" edition(s) of 7 for the netbook market, but all. This has engineering ramifications.
and...
that 70% of Windows users have between eight and 15 windows open at any one time.
4. You would have thought a Slashdot poster would understand the difference between an application, a window, and a process. The limit appears to be process based, with no limit on application windows per process. From the Vista Starter Edition information (which I suspect will very closely resemble Windows 7 Starter Edition once finished):
With Windows Vista Starter, first-time home computer users can run up to three programs concurrently with no limit to the number of windows open.
This is not uncommon, for instance, Firefox will run all tabs and browsers under one process. If I'm running an e-mail client, I may well have numerous windows open, but all stemming from one process.
Make no mistake, Windows 7 Starter Edition is a thoroughly crippled operating system, I suspect will represent extremely poor value for money, is completely unnecessary in the product lineup, and ideally, should be dropped. However, this doesn't legitimise the usage of FUD (or bullshit, if you prefer) when discussing it.
Frankly, it's rubbish enough that FUD shouldn't be necessary in the first place.
Slashdot Mirror
If Ms supplied something that detected/removed/protected against up&down, (free, with no 'Genuine Advantage / Validation' bs), then I'm sure pretty soon all the media would link to that & the sheeple would rush to download & install... How about it, Redmond?
They do.
Malicious Software Removal Tool
Download Link
Technical Details
You'll note said tool does not require any validation to download, anyone can download it regardless of the legality of their copy of Windows; no validation or genuine advantage required, period.
This tool is also regularly distributed via Automatic Updates/Windows Updates to help clean out any infections that computers that use these services may have contracted, either because they weren't patched, or some other mechanism that isn't due to a software vuln (e.g. USB Key Transmission).
The only thing that could be improved upon is combining the two together, but there are some people who have legitimate reasons for wanting to do one and not the other (generally, detect and remove but not necessarily patch). They are few and far between, but they do exist. And really, if you can be capable of going to a website and manually download a removal tool, you should also be able to enable AU or manually periodically go to WU/MU.
In summary: They have published the fix, free, and a removal tool, also free. Learn what you are talking about, everything you just said is already done.
This may purely just be me having a bad experience, and in no way indicative of others experiences, but I've often found that people who develop for or are strongly supportive of FOSS tend to be far less receptive to criticism than proprietary software.
I've often criticised Microsoft in forums, chat, in person, whatever, and generally find that if something is genuinely stuffed, they'll admit it and accept something needs to be done. Examples: Security is fucked and needs an overhaul, IIS is a mess and FTP support is rubbish, resource usage in modern versions is higher than it should be and needs to be reduced. The responses are generally quite receptive, and follow a trend of "Yes, this is sub-optimal, and needs to be worked on.".
I find it interesting that often when I've done the same for FOSS software (predominantly Linux, mainly because I use it more than BSD/Solaris/etc...), the response tends to be that either I don't understand what I'm talking about at all, or that what I perceive as a flaw is entirely by design and a work of technical genius (even if, while the programmmer might think its great, it doesn't necessarily translate to greatness as far as the user is concerned). Examples: X.org is a mess and needs an overhaul, code quality/API stability in KDE 4, and others I forget, but probably fairly minor.
Maybe this is a result of being more developer orientated than user orientated? I'm not sure. But I find it striking that when I complain about Microsoft to MS-fans, the result I tend to get is an admission of a genuine fuck-up where Microsoft has dropped the ball, and they need to fix it. Not always, but frequently with Linux, I get the reverse: that this is entirely by design, nothing at all is wrong or will be changed, and I just don't know what I'm talking about.
Is this just me being unlucky?
You do realise that this is completely wrong?
Microsoft distributes security updates to _ALL_ editions of Windows that are currently maintained irrespective of the legality of the license. However, if you are not running a legal license, you can only receive updates through Automatic Updates, limited purely to security updates. Use of Windows/Microsoft Update and/or the downloading of non-security updates requires a valid license. The reasoning for this is to prevent exactly what you accuse Microsoft of not doing, reducing the risk of large viral/worm outbreaks and the impact of such outbreaks on Windows users, particularly those with legal licenses. Even if you completely fail WGA validation, you still will receive security updates through Automatic Updates.
Ideally, I'd prefer MS to permit security updates through the WU/MU frontend even if an invalid license is detected. I'm not sure what error message is displayed and if it prompts for Automatic Updates to be enabled or informs the user that they can still receive security updates through AU. However, the point remains that MS still permits a legal avenue of obtaining such updates, despite running an invalid license, at THEIR cost of distributing such updates.
There is no excuse for not being patched.
In fact, having double checked my information, the security patch that fixes the vulnerability that Conficker exploits was released prior to the creation and subsequent distribution of Conficker.
So, every single computer out there with a Conficker infection due to the exploit infection route could have been secured if patched. I would bet that would make for a gigantic reduction in the size of the Conficker botnet.
to genuinely care about the hype surrounding this worm when no one knows what its destined to do, and the problem stems from a host operating system with a near two decade track record of this sort of stuff.
A few things:
1. If you have 1 million+ infected hosts, and all the bandwidth that these hosts have access to, and can use these resources to do whatever you please, you pose a serious threat to many groups with a presence on the internet and an interest in its wellbeing. Do I really need to spell it out to you why it's important to care?
2. No, the problem in this case stems from people not patching their systems when security updates are made available. Microsoft made the patch available _LONG_ before Conficker was even a problem. Microsoft released the patch on 15th October 2008. What does this tell you? It means that effectively 99%+ of infected machines are infected because they weren't patched, either due to ignorance, sloth, or a combination of.
If I never patched my Linux/BSD servers when security flaws were discovered, they'd be rooted pretty fast too. Fortunately, most of the OSS community knows that security patches are important and need to be applied, not ignored. Elements of the Windows world don't share this culture, and it needs to change, so that worms like Conficker aren't able to thrive.
I know the floppy is alright, because it boots fine without any of these symptoms occurring from other machines it boots from.
Assuming you mean this box is booting off a floppy disk, how can you say the above? Have you discounted faulty drive electronics in the floppy drive itself?
The video cardish component appears fine to the naked eye
Your method for testing the reliability of your video card is by staring at it? What were you expecting to conclude? If you can see visible damage to any modern electrical component, excluding things like fans, then it's unlikely to work at all period. You can't possibly determine more technical and subtle faults by just staring at a PCB.
If you want to establish anything conclusively, you're going to have to test components thoroughly in software, or if that's not possible, swap them out with known good components and see if they fix the problem.
I imagine your issue is going to be finding compatible parts for what I assume is a reasonably ancient machine.
Doing someone a favour and trying to make more money aren't mutually exclusive; in fact, it can be clever business practice. By doing so, you can improve the perception of your company, the better perception results in people being more likely to buy products and services from you, and you've done it all without doing something unethical or illegal.
Frankly, I'd much rather Microsoft did stuff like the above, making their products easier to use, especially with 3rd-party products, than just being plain arrogant and anti-competitive. Or would you prefer the latter?
I remember watching that film very well, it was an excellent documentary.
But, in particular, I appreciated the irony that the most intelligent comment about the killings out of all the interviews came from the very man who was the scapegoat.
So, why doesn't Microsoft produce these tools for Windows
The tool in question is a debugger extension for WinDbg. I'm not sure how many people are debugging their Unix/Linux applications with WinDbg, but I'm guessing it's not a large number.
In which case I owe you an apology for my snarky reply ;)
There's so many Slashdot posters/trolls who are completely ignorant of what they are talking about with regards to Microsoft products and technology, that I find it can be very difficult to sift out the ignorant from those select few who know what they are talking about but are talking in jest.
Once again, my apologies for my unwarranted snarky reply!
Windows does have a home directory, it's the one you correctly indicated. It stores user data and preferences. In this sense, it is identical to Unix home directories.
Windows in my experience only self destructs when the user is either an idiot, or does something incredibly stupid; these often go hand-in-hand. As such, my Windows installation and those I administer never spontaneously combust. Yours on the other hand...
Finally, you can use recovery certificates as others have indicated as a fail safe in the case of a munged Windows installation. This is very similar to TrueCrypt requiring you to backup the TC boot sector.
It's worth noting this only applies to pre-Vista machines. Vista and newer do support LM hashes, but they must be explicitly enabled manually in the systems security policy.
:)
You raise an excellent point though, checking the password policy strength is a very good idea. You should ideally be mandating the usage of NTLMv2, and forbidding the usage of anything earlier (NTLMv1/LM) in the system security policy. If this is just a home box, not connected to a corporate network, then this should not be a problem.
LM is required for legacy Windows clients (think 9x and pre-win2k in some cases). Samba can handle NTLM, I'm not certain about NTLMv2. Really, it's unlikely anyone these days has a need for LM hashes, unless you require things like file sharing with ancient Windows operating systems. In which case, you have bigger problems
EFS is very powerful in the right hands, the simple encryption checkbox betrays the real power lying just beneath the surface. I do find it amusing when people criticise complex encryption architectures because not everything is exposed in a pretty UI. Would you feel better if there were some nice Aero encryption animations?
NTBackup is absolutely solid as a basic backup solution; I know many people who are very unhappy with Microsoft that it isn't present in Vista and 2008.
NetMeeting is effectively obsolete, it has been superceded by Windows Meeting Space; get with the times.
Windows Defragmenter is rubbish, I'll give you that.
Remote Desktop is an excellent solution for remote desktop of Windows machines and handles more advanced UI features like desktop compositing far better than most alternatives I've used. Why would I bother installing something like VNC when RDP can do everything I and most others need?
I know your post was meant to be ridiculing various Windows features, but it really just reveals your ignorance.
I think there are two major/popular ways to do what you want that I'm familiar with. There are of course other options, but I've not used them, and won't comment on them.
1. TrueCrypt
This is a simple but very powerful encryption utility that is also open-source. It performs its magic by either encrypting volumes or by using encrypted file containers (a file which contains encrypted data that can be mounted as a virtual drive). The file container approach is very easy to use but you won't be able to use it to encrypt your _entire_ home directory, only elements of it. Effectively, you'd create one or more encrypted file containers and store everything sensitive in them. You could use full volume encryption by storing your entire user profile on a seperate volume, but this is obviously more difficult to setup, depending on your OS. To do something like the latter properly in something like Vista, you'd probably need to do it at install time through an unattend and state which drive the Users directory should be located on, as changing this once installed is not simple and ill-advised.
2. NTFS EFS (Encrypting File System)
Included with all "professional" (ie. not Home/Starter/etc..) editions of Windows since Windows 2000. Enables file-system level encryption tied into NTFS to encrypt individual files/folders on any NTFS device. This has some significant pros, in that not only is it included as a stock component of the OS, but is extremely easy to setup. Just right click on the folder/file you want to encrypt and do so through the Advanced properties. However, getting into the guts of EFS and fiddling with encryption certificates, ciphers, etc... requires some additional skill and research as there is no simple unified front-end to managing EFS like there is for TrueCrypt.
It's important to note that these two encryption suites are very different in how they work. Whereas TC stores data in file containers (unless you encrypt the entire volume), EFS works at the filesystem level and is completely transparent to userland, enabling transparent encryption of anything on the NTFS volume that is user-related. Note that EFS binds to user accounts. You generally can't use EFS to encrypt data that is outside the scope of a user account (such as system files). You'll need full volume encryption technology for that.Microsoft also has BitLocker for full-volume encryption, but this is Vista only, and for home setups, needlessly complicated and difficult to setup, not to mention the TPM requirements for full functionality.
Other things to note would be the importance of portability. TrueCrypt works across Windows/Unix, whereas EFS is obviously specific to Microsoft. I'm not sure if there's an OSS implementation for reading EFS encrypted data under Unixes, but even if there was, I think you'd be mad to use it. You shouldn't be using EFS if portability between OS's is a concern. Also note that whereas TC will have a seperate password, EFS will use your account password for encrypting your user data. This means that if you lose/forget your account password, you _WILL_ lose your EFS encrypted data, unless you've set up things like recovery certificates. Further, if you use a password reset tool to reset your account password outside of your user account, you _WILL_ lose all your EFS encrypted data. Your account password is the key to your EFS data, and so losing it or changing it improperly can have very nasty consequences.
I can't really recommend either method, you really need to research and have a play with both to decide which you prefer. I will say that if you are going the full-volume encryption route, I'd highly recommend TrueCrypt over BitLocker for home setups. The general trend I've observed from using both is that they both are very powerful tools, and can both easily get the job done when setup properly. However, TrueCrypt is more geared towards home/smaller setups, while EFS/BitLocker can work on anything from an individual box to a centrally managed enterprise network. T
Where exactly is the conclusion being drawn that this guy even had Asperger's, or any disability? It's all just hypotheticals by armchair psychologists.
It's probably worth pointing out as well that most people with Asperger's are somewhat socially inept, but there's a difference between being socially awkward and just being an arsehole. The guy in the article comes across as the latter.
Some people are just genuinely brilliant without the "benefit" of a disability, some are just genuinely quirky, and some are just genuinely arseholes. Not every trait out there requires a mental disability or condition to explain it.
The thing is, the usage of LUA accounts is not a typical Windows (pre-Vista) setup. You've clearly discovered how useful they can be when used correctly, but very few people do use them, preferring instead to just run as an Administrator.
In this sense, while I agree a virus scanner is likely far less useful for someone with a system configuration like yours, yours is entirely atypical, and a more typical configuration would be well served to have at least a half-decent virus scanner.
This isn't too much of a problem anyway, with several high-quality free virus scanners available for non-commercial usage.
Free them from third-party AV hell.
Windows Defender is an anti-spyware product, and not a virus scanner. It will NOT protect you against most virus threats, nor is it intended to.
In this respect, a 3rd-party virus scanner is still required if the detection and removal of viruses is important to you. Yes, there is Windows Live OneCare, but apart from the fact that it's scheduled to be discontinued in the future, you still have to pay for it.
And the mainframe is running what? Windows For Mainframes Edition? I don't think so.
Are you familiar with the client/server model? It allows a client application on effectively any OS to communicate with a server application on effectively any OS, provided they share a common network protocol. This isn't exactly a new development. So getting your "AIG Accounting '95" communicating with your AIX mainframe isn't really that implausible, or even difficult.
I disagree. I only use Windows at work, but it is my understanding that it is very difficult to make older Windows applications run in newer versions of Windows, especially applications that were written for Windows 95/98.
Not entirely accurate. Applications that just use the basic Windows APIs, such as the GUI framework and the TCP/IP stack are pretty solid going a very long way back. This tend to get difficult when you throw in DirectX (and the graphics driver that is going alongside it, which was never designed with running 90's era games in mind), or various other "secondary" APIs that aren't really core for basic applications, which really, is what is going to be running in the context of the GP. The hardcore processing and the real complexity is server-side anyway.
That's assuming that you keep updating Linux or Mac OS to the latest and greatest. But you don't have to. In your mainframe "example" it is assumed that the system images running the applications are not being updated. And then you complain that Linux/Apple apps may break if you update the OS? Come on.
You effectively do have to if you care for things like security updates, bug fixes, and product support. This applies to all operating systems. Where's the assumption that the system images running the applications are not being updated? Of course they're being updated, that's the whole point of what the GP is trying to get across, that he can update the OS without breaking the applications he wants to run on it.
Any thoughts on how such a thing could be gotten to work?
I have a few, but I'm not sure they are really what you're after.
.NET based and can directly interact with the .NET API from the shell. This might present a unique opportunity to solve your problem without resorting to actually building a simple (or not so simple depending on how customizable you need it to be) helper application.
/user:Box\Admin `"C:\example.exe`""
.NET API directly for this case. Of course, you'd need to be using alpha software (CTP3 is the latest) to do this currently. The prior method would work in V1 and V2.
:)
At the binary level, runas.exe is really the application that exposes "sudo" functionality to other applications. Bizarrely, despite being a console application, it doesn't seem to expose any functionality to select how an application is executed. In this case, is it executed in the parent console or in a new console? This seems to me to be a pretty odd oversight for a console application that could clearly see use for launching other console applications from a command line.
So, to achieve what you want, it seems to me you need to delve into Windows API's. So, you could do what you want in either Cygwin or Cmd through a "helper" application that uses the right API with the right parameters, but this to me seems quite clumsy for what ought to be a simple problem with a simple solution.
There is a potential alternative, but I'm not sure if it's viable for you. PowerShell (a new shell by Microsoft for Windows designed from the ground-up) is both
You could, for instance, leverage the ProcessStartInfo Class. An example piece of script that you could adapt for your purposes (you'll need to customize it and probably use different/additional properties):
$runas = new-object System.Diagnostics.ProcessStartInfo
$runas.Arguments = "/noprofile
$runas.FileName = "runas.exe"
$runas.UseShellExecute = $false
$runas_proc = [System.Diagnostics.Process]::Start($runas)
The UseShellExecute property should ensure that your program runs in the parent console window, and it's the property I use to do exactly that in a script of mine (though, it doesn't use runas or any UAC functionality). The above class has a CreateNoWindow property as well, but I vaguely recall that not working for me, and someone gave me a technical explanation as to why it isn't applicable in this case but UseShellExecute is. My memory has faded somewhat though, so experimenting with both may well be worthwhile.
PowerShell V2 which is still in development adds many new cmdlets, one being a Start-Process cmdlet which should eliminate the need to script the
A quick google search suggests numerous other ways to use UAC in PowerShell through various approaches. PowerShell may well be worth a look, and there's no reason you can't call Cygwin applications from a PowerShell instance.
A quick bit of advice, if you do choose to investigate PowerShell, don't approach it like just another shell, as it's design is fundamentally different from anything on Unix or the prior Cmd shell. I'd recommend reading the wikipedia article on it for a good overview. However, if you do choose to use it, you'll have an extremely powerful shell with a featureset easily on par with the bash or zsh shell. The limitation will be in the frequent lack of 3rd party console applications that Unix has had for a long time, but, as I mentioned before, there's no reason you can't use these from PoSH.
I hope some of this is useful for you
The Unix sudo model tends to work much better, and there are far fewer points where root access is required to get a particular task done.
Ok, firstly, UAC effectively IS a sudo model, and can be made to behave exactly like a traditional Unix sudo system with very little effort.
Secondly, the latter part of your sentence explains the problem exactly. There are far too many programs on Windows that require administrative access, and most don't need it, the requirement is due to bad programming. This being the case, you have three options:
* Run as an administrator all the time, and run all this code
* Run as a standard user all the time, and never run any of this code
* Run as a standard user most of the time, and run programs that require such permissions as required.
From a usability (I want to run this program) vs. security (don't run this program) perspective, the final option is the sensible one, minimising processes assigned administrative privileges to those that explicitly need it. This is what UAC does. Quibbles aside about how the "sudo" system should manifest itself (confirmation vs. credentials vs. silently elevating), I'd like to hear a better solution for enabling all of these poorly designed applications to run until they are either fixed or obsoleted. Because the "unix sudo model" is exactly what is inside Windows right now, and it clearly isn't working in your view.
I think you've misunderstood how UAC is implemented, and more importantly, how it can be configured.
UAC in no way replaces the existing NT security model, it's layered on top of it, and can be outright disabled or quite finely tweaked. It works by assigning seperate security tokens to user logins, one with a limited set of permissions, and one with the full set of administrative permissions. The obvious result being, the administrative security token is only assigned when permission is explicitly granted (or the application is whitelisted, as in Windows 7 in the default configuration).
However, the default behaviour of UAC can be changed in many ways. It can be outright disabled, taking you back to the traditional XP account model, but the better option if this is your ideal behaviour would be to disable "Admin Approval Mode", silently elevating all applications that require Administrative permissions while retaining some of the other benefits of UAC (e.g. IE Protected Mode).
You can also modify the UAC prompt to ask for credentials (versus just requesting confirmation), the default for standard users, but also applicable to Administrators. All of these options and other more advanced configuration can be modified in the systems Local Security Policy. In this respect, I'm not sure what you mean by your last paragraph?
What aspect of your sudo mechanism can't be achieved by UAC with the appropriate configuration?
Personally, I was hoping MS would stick to the real security route: Have UAC a true privilege separation, with no exceptions.
So was I, and I'm very disappointed they are taking the route that they are. However, the silver lining on the dark thundercloud is that this behaviour can still be enabled in Windows 7. Going into the Control Panel you can modify the UAC behavior through a slider, choosing various levels of UAC confirmation. Choosing maximum security will disable any whitelisting, with all privilege escalations requiring explicit approval, ala. Vista.
Of course, only security conscious people will make this modification in the first place, and it should really be the default. However, it's nice that it's still there, the default setting might be "broken", but the UAC implementation as a whole isn't.
Yeah, great, except autism isn't something that you get from watching Barney instead of Playschool, you are born with it. However, characteristics that may point to an autistic spectrum disorder will often not manifest themselves till several years after birth (and potentially, even quite some time after that).
As a result, the exposure or lack there-of to Barney is entirely irrelevant. The lack of social development is part of the development disorder.
Frankly, the best way to develop social skills is interaction with other kids, and you'll find, that won't really work much either.
I suggest you read up on ASDs (Autistic Spectrum Disorders) before making stupid comments on conditions that you clearly don't understand.
Actually, 6.21 removed DoubleSpace, 6.22 reintroduced it under the name DriveSpace with the offending code removed.
:)
6.2 had DoubleSpace and introduced various other notable bits and pieces. Scandisk, which I suspect many Slashdot readers are familiar with, was introduced in 6.2.
Just some useless and ancient trivia for you
1. The whole three application limit is nothing new, the same limit applies in XP Starter Edition and Vista Starter Edition.
2. I have severe doubts that Starter Edition is going to be embraced by the netbook market. XP Starter Edition wasn't, neither was Vista Starter Edition, so why would Windows 7 Starter Edition?
3. The study referenced would in no way be aimed at an analysis of the usage habits of the market that Starter Edition is intended for. Thus, the results are in no way relevant. Netbook usage patterns don't follow the same usage patterns as desktops and notebooks.
4. Microsoft recently went on record as saying that any edition of Windows 7 will work fine on netbooks. Whether this is true in reality remains to be seen, but, it is still significant in that it indicates Microsoft does not appear to internally be targetting only "x" edition(s) of 7 for the netbook market, but all. This has engineering ramifications.
and...
that 70% of Windows users have between eight and 15 windows open at any one time.
4. You would have thought a Slashdot poster would understand the difference between an application, a window, and a process. The limit appears to be process based, with no limit on application windows per process. From the Vista Starter Edition information (which I suspect will very closely resemble Windows 7 Starter Edition once finished):
With Windows Vista Starter, first-time home computer users can run up to three programs concurrently with no limit to the number of windows open.
This is not uncommon, for instance, Firefox will run all tabs and browsers under one process. If I'm running an e-mail client, I may well have numerous windows open, but all stemming from one process.
Make no mistake, Windows 7 Starter Edition is a thoroughly crippled operating system, I suspect will represent extremely poor value for money, is completely unnecessary in the product lineup, and ideally, should be dropped. However, this doesn't legitimise the usage of FUD (or bullshit, if you prefer) when discussing it.
Frankly, it's rubbish enough that FUD shouldn't be necessary in the first place.