Slashdot Mirror


User: 99BottlesOfBeerInMyF

99BottlesOfBeerInMyF's activity in the archive.

Stories
0
Comments
10,115
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,115

  1. Re:Superiority of the Free Market. on Internet Connectivity Outside of the United States · · Score: 4, Insightful

    No...no..no ...wrong. Your simplistic approach is laughable. You are like the Swedes who always talk about how much "free" stuff they have...and this goes right along with that. take a look at how much they pay in tax...starting with that lovely little 90% + inheritance tax.

    You're the one making unwarranted assumptions here. Sure the Swedes pay more in taxes, but they provide less in subsidies to Telia and the other local telecoms than the US does. The US has spent billions of our tax dollars laying fiber then selling it off for pennies on the dollar to telecom companies in the US. More importantly, since Sweden is one of the companies with very open records it has repeatedly been used in studies and comparisons as an example case, providing piles of data showing that Swedish telecom providers are collecting much smaller margins than their American counterparts with local monopolies.

    In this particular instance, Sweden's policies of subsidies to benefit the people are a lot more effective and beneficial than the US's policy of subsidies to big companies who are likewise empowered by the state to gouge citizens. The Swedes have cheap, high speed access and less money from each citizen is spent subsidizing it than is spent for each US citizen.

    I'll take our capitalist system over any of their socialist ones any day.

    Every nation on the planet has an economy that is a mix of socialism, capitalism, and communism, the US included. If you want to see the sweet spot for the best mixture, take a look at where the quality of living is the highest.

    Socialism creates worse people time and time again.

    The number one, most effective correlation we can draw with violent crime is income disparity. Socialism, especially inheritance tax is simply mitigating income disparity. Strangely enough when everyone starts out life with more similar amounts of money and no one is born into extreme wealth people are less likely to feel justified in using violence to redress that imbalance. Further, since so few people start out life moving into huge amounts of debt they must borrow from those born wealthy, they are less desperate and less likely to take extreme actions. Sweden, like most countries with a slightly higher rate of socialism, better directed socialism, and without a long established, wealthy ruling class has but a tiny fraction of the violent crime in the US.

    I'd say that argues against your absurd assertion that socialism makes for "bad people."

    ...we have way too many socialist ideas in our govt/society as it is...but then again maybe I just feel that way because I busted my ass to be as successful as I am today.

    Good for you, but a whole lot of people work really hard. Statistically, that is not the path to success in the US. Being born wealthy is the path to success. For every dollar you earned working hard, inventing new things, or making the right moves, some person in the top 1% wealth class makes 1 million bucks by doing nothing but letting the banks use his money to gouge those who started with nothing. Every time someone invents a great new invention and makes a million dollars, a hundred other people who did nothing but be born rich made 10 million each funding the development and distribution of that invention.

    I suggest you look at the wealth disparity in the US and the condensation of wealth principal before you start badmouthing large inheritance taxes. Without them you end up in the same boat as many nations like the US, where a tiny percentage of the population controls more than half the wealth and gets rich by making everyone else borrow it. These systems usually end in an abrupt revolution where the poor kill the rich, redistribute the wealth, and the cycle starts anew. Unless the US reforms its misuse and underuse of socialism, some day you or your descendants will either be the elite being killed or the poor and desperate reduced to near slavery, despite your abilities and hard work.

  2. Re:Question on Personal Firewalls Mostly Useless, Says Mail & Guardian · · Score: 1

    Yeah, to some degree. SELinux is the closest I've seen to a usable desktop/workstation, but the defaults for it need to be seriously customized. I really hope someone builds the UI componenets necessary to bring this to the masses, but I'm sure not counting on Microsoft to do it.

  3. Re:What happened to Apple? on Dell Quietly Leaves MP3 Market · · Score: 1

    What happened to Apple? My iPod certainly works with Windows.

    I think Dell is still mad at Apple. If I recall correctly they used to sell iPods on the Dell store and pre-install iTunes on their boxes, but after about a year the deal went south. I've heard this was because Apple was not willing to make guarantees about unsold inventory and I've heard this was because MS was pressuring them to remove the iTunes pre-install. I don't know the real truth. Anyway, even without their own iPod competitor I doubt they will make another deal with Apple to sell them anytime soon.

  4. Re:The consequences were that you got fired.. on Apple Fires Five Employees for Downloading Leopard · · Score: 1

    Which is why I assert that you have never worked in retail sales.

    Too bad you're wrong about that.

    And if that is supposed to be public information why do you assume the sales person does not have access to that information? ...Again, if it's supposed to be public, they would have access to it.

    I'm not asserting that it is public knowledge, I'm asserting that it would probably be public knowledge if Apple had the time to write up more exhaustive and better explanations of how the features they demoed worked, and if they thought anyone would read them.

    If not then why are you assuming that the information is not availible to them?

    It doesn't matter if it is. Very few sales people are going to spend hours reading exhaustive descriptions of these features or remember it is they do. A lot of them, however, will probably spend a few minutes using these features to gain the same info.

    Right, the only way the customer would have more information than the sales person is if they've either signed an NDA and have the OS already (thus would not be asking the retail sales person about it)...

    Do you know what it takes to get into the WWDC and get a copy? Money. A lot of the people who went were sponsored by their respective companies. Some of them never even bothered to install the beta OS anywhere. They may very well have access to better information than the sales employee, but not have the time or motivation to actually install the OS and figure something out for themselves.

    ...or if they have not signed the NDA and have the OS in which case the retail employee should not be discussing the information with the customer and the customer should again not be asking.

    I see, so you're arguing that if customers know more about the product, even though they haven't signed an NDA it won't make the sales guys jobs harder? Like when you're in the store and some moron who downloaded the beta contradicts a sales guy talking to a different customer and the sales guy has no knowledge with which to counter those claims. "DTrace in OS X is incompatible with the output files of Solaris Dtrace. I tried and there was no way to get the standard files output. Buy a Lenovo." Is that a true statement or is the guy saying it just incompetent and did not bother using the CLI option? Is it optimal that an Apple sales employee doesn't even have a way to find out even though the average Joe on the street can with bittorrent and a little messing around?

    Keeping the sales guys ignorant when the beta is already leaked to anyone who wants a copy is not helpful. It provides no advantage to Apple.

  5. Re:Unfortunately his reasoning is flawed. on Windows vs Mac Security · · Score: 1

    In the 8 or 9 years I've been an admin I've never once seen someone running Office that needed admin access.

    At two different companies we tried setting up Windows with unprivileged accounts for normal users. In both cases we gave up because we ended up with random software that didn't work, or Office documents failing to execute macros properly or some other issue where a common function (like installing most software) required admin access. This is two different companies with different admins, both running to the exact same problem. I'm sure you can find hundreds of stories online of companies that tried to do the same and gave up.

    Frontpage crashing? I totally ignored that because it's absurd in an of itself. Frontpage runs just fine, if it didn't it wouldn't crash it would give you an access denied message for whatever it is trying to do.

    Just try running it in a non-admin account for normal work. Use it to build a few Web pages. Notice how it dies all the time. Try running it in an admin account. Notice how it doesn't crash all the time? I have no idea what is causing the issue, but claiming it doesn't exist because you don't know either is just silly.

    As for Bungie and the likes, they are owned by Microsoft, they are not however Microsoft.

    I think you're confusing branding with reality. They are part of MS and make games at MS's behest using money provided by MS which then goes to MS. Bungie used to be a Mac gaming company. MS is wholly responsible for the type of software these companies now produce.

    User conditioning is a problem, the second legitimate one you've raised. That is a major problem with Vista right now but it does get better and better with each released build so there is at least hope for it.

    What!?! You think it is getting better? You must not have played with the same Vista beta I did. Conditioning people to automatically click both "OK" and "Continue" is not in any way better.

    Running with limited privileges does indeed limit what malware can do. If the user isn't authorized to install software or drivers then the software the user loads from a website won't be able to install. It's plain and simple.

    Also, the computer will be mostly useless to them unless they have someone managing it for them. This is pretty darn rare for the home user market.

    Most games don't even require administrative privileges to run.

    Have you got anything to back that up? It sure doesn't jive with my experience.

    This is mitigated with tricks like sd4hide but that's another discussion and is simply caused by third parties once again.

    Wacky hacks are not going to be implemented by the average user. You keep seeming to think that because power users can do something, it makes the OS better, but for the average person that is just not true.

    How many website exploits come with privilege escalation?

    Not many, but that is because it is not needed, not because it is not easy.

    You said yourself all the developers target machines with users running as admins.

    Yeah, its called low-hanging fruit. If most users no longer run as admins, it will still not solve the malware problem, just escalate the arms race a bit. If all users were switched to non-admin accounts tomorrow, malware that used local escalations would show up next week.

    It is not a full solution to the problem but it is definitely a step in the proper direction.

    I agree, but it is one baby step. What is needed is a real, major advance such as SELinux has implemented, but adapted for the consumer desktop. The thing is, instead of taking a baby step MS could actually devote some serious resources and make real progress and innovate. They are currently behind numerous OS's that don't even have a malware problem to speak of. Instead of lame "me too" solutions a decade after everyone else, they should be the ones actually implementing more drastic solutions. I can certainly blame them for not doing so, because their illegal behavior has removed the need to do so.

  6. Re:Question on Personal Firewalls Mostly Useless, Says Mail & Guardian · · Score: 1

    If the project is good enough for you to want to use, I'd say you're confirming that its developers are competent.

    I usually try before I buy. It just means I want to run it, perhaps to evaluate, perhaps because I need to open those files in a weird format, perhaps because I think it's the greatest thing ever.

    With respect to honesty, it only takes one honest auditor to flush out any wrongdoing, but it takes 100% dishonest auditors to cover it up.

    Much code is never audited and much software is only available as closed source binaries. Who is to say an auditor will recognize a backdoor even if they see it.

    I have the luxury of not running any code I don't trust. I sympathize that you don't have this luxury.

    I can cope. I have VMs and IDS software. I'm fairly competent.

    Many users, however, often don't even realize that they are running code at all. They think they're opening a picture or a movie. They just want to play a game. Look at the most popular software packages on Windows. How many of them do you trust to not phone home, or overwrite something? Most users who get a foo.exe in their mailbox think, "hmm, I should run this martian blasting game that speeds up my internet." The OS should let them double click on any old thing without automatically trusting their entire machine and all personal data on it to the author of each of these binaries.

  7. Re:Unfortunately his reasoning is flawed. on Windows vs Mac Security · · Score: 1

    Your lack of specific examples speaks to my point if you can't even list one off the top of your head for the purpose of illustrating your point.

    I gave two specific examples, Office and Frontpage.

    As for the games, Microsoft doesn't make games, they publish and distribute them which is entirely different.

    What kind of crack are you smoking? They bought and own Bungie, Rare, Lionhead, Electric Gravity, and a at least a handful more I can't think of right now. You've never heard of Halo?

    If the game makers didn't place software in restricted locations then the user would have no reason to run as Administrator.

    If Microsoft Installed a regular user account by default in all installs and made it easy to "su" for specific operations and got all the software they themselves make to work properly then game companies would bother to develop and test with non-admin users in mind.

    Macros will however function just fine in Office as a limited user as will the grammer and spell checker and anything else you'd likely do as part of an Office document.

    Included and non-admin task macros work most of the time in most of office, but they certainly don't work all the time and there are a number of long outstanding bug reports.

    The default install of XP prompts the user to create several accounts as they deem necessary. It starts off with enter your name for the local administrator account. On the same screen it presents 5 more text boxes which the installer can use to create 5 limited user accounts.

    It does not, however, tell users why a single user needs multiple accounts, one admin and one not, so single user systems almost always only end up with one. I've done the install and it could be a hell of a lot more persuasive in making sure users make at least one non-admin account and telling them to use it as the normal account.

    Again, not a Microsoft problem that a 3rd party chose to create a crappy installer.

    Well, having to use installers at all is a failing of the OS, but that is a discussion for another day.

    When it comes to removing items from Windows it is not hard, it is a single line in the unattend script for your install cd.

    Hahahahaha! Umm, yeah lets see the average user get right on that.

    Almost all malware is already mitigated by running as a limited user. 2 years the common computer has been hammered by my clueless roommates and worst thing you will find on there are some cookies that are leftover. It's really not that difficult.

    No it isn't and any program a user runs still has access to all of that user's files and the ability to basically do anything that user can, usually without any user interaction with the system. Moving to non-admin accounts by default is a band-aid. It is, perhaps, a step in the right direction, but it is not a solution to malware, merely another escalation in the arms race that can be largely countered with minor modifications. If a random program can still pretend to be data and still read your e-mail addresses and still send e-mail and if the UI still conditions people to click "OK" over and over and over again simply to keep the computer working, then nothing is stopping malware in general, just specific, old malware.

  8. Re:The consequences were that you got fired.. on Apple Fires Five Employees for Downloading Leopard · · Score: 1

    I reject your argument that customers are idiots and salespeople need to be forced by their own ignorance not to tell them anything not stupid simple.

    What part of what's in the beta do you think is public that the employee's don't already have access too?

    Can you move all the Windows in a virtual desktop to another at once? Sure you just hit a key combination (shift-space) and it works. Would I remember that from reading through 10 pages of PR stuff? No. Would I remember it if I did it a few times to try it out? Yup. Are salespeople the same way? Probably. Can you have different windows of the same application on different desktops? What if you are on a third desktop and click the application icon in the dock, does it take you to one of those desktops? Which one? Having used the feature an employee can answer these questions and I don't think it is giving away anything to competitors or anyone else. Having just read the marketing stuff, an employee has no idea.

    The employees do have as much information as their customers do.

    Unless the employee happens to be a developer or happens to have downloaded a copy of the beta from one of the many Websites that are now hosting it. Then the customer has more info than the salesperson, which is not particularly good for business.

  9. Re:Market Share on Windows vs Mac Security · · Score: 1

    Attrition has not kept defactment stats stince 2001, thus their stats are completely irrelevant today.

    Except my point did not rely upon up to date statistics as it was a rebuttal demonstrating that market share was not the only factor that needs to be considered for security.

    But the stats mean very little. The actual webserver running has little to do with intrustions.

    I'm not sure I agree with that. Historically, IIS has been subjected to several exploits that were made into worms, contributing greatly to the compromise of those machines. While other factors may be more common in more recent years, the fundamental security of the server and the defaults and ease of administration are all contributing factors.

    For example, if webserver vulnerabilities were the main cause of web intrusions, IIS6 would almost never be broken into, because their have inly been three vulnerabilities discovered for it in it's history and all of them are less than critical.

    Well, the "criticality" of vulnerabilities is somewhat in dispute, but IIS 6 does have a very good record so far, although not as good as certain, less popular and less featureful servers.

  10. Re:Question on Personal Firewalls Mostly Useless, Says Mail & Guardian · · Score: 1

    It takes ONE guy to find a malicious backdoor in an OSS program and the backdoor will be fixed and the responsible lynched.

    Yeah because servers and dev machines are never compromised and because user accounts are never hijacked. It has happened before and will probably happen again.

    Under NDA's and similar stuff point to me one guy who'll risk his head exposing such a thing in a commersial firewall.

    Umm, this is an argument in favor of my point, not against it. We need to be able to run code we don't trust without a huge hassle and without giving it complete access to do anything it wants on our machines.

  11. Re:But what if Microsoft offered it all together? on Windows vs Mac Security · · Score: 1

    If, for whatever reason, Microsoft decided to bundle Firefox instead of IE with their Operating System, would that be an illegal practice, seeing as it still snuffs Opera and others while not actually being MS's product and so not fitting your definition of "provides your product an advantage over another product, because you have a monopoly on a different product."?

    I think it is all or nothing. Either include all competitor's products at the same cost, or include none and let the OEMs decide. If Opera did not complain then they would probably not be prosecuted for including only Firefox, but Opera would have a good chance if they went to court.

    I still wonder at times why they are even fighting the browser wars; what tangible benefits they are getting from IE. Is there some other issue with bundling another free browser? Maybe it wouldn't be free for them to bundle? Or is the going theory that they are afraid of increased cross-platform compatibility making switching OS's easier?

    IE provides lock-in and the ability to embrace other markets. It keeps the Web from being a viable cross-platform layer for deploying applications. One of the main barriers to corporations switching their desktops to Linux is legacy ActiveX applications. Watch MS integrate their new JPEG competitor in IE7 and their new PDF competitor as well and start to take those markets. Home users won't move to OS X if their home picture gallery will not work on a mac and they won't switch to a Linux desktop if the new PDF-like documents coming out of word are unreadable there. They have a whole lot of incentive to keep a proprietary browser that breaks the standards bundled.

  12. Re:The consequences were that you got fired.. on Apple Fires Five Employees for Downloading Leopard · · Score: 1

    No, store employees should not have it because they shouldn't be answering ANY questions.

    Hi, I'm looking for a new laptop and I can't decide if I want a Macbook or a Lenovo. I'll need to be able to run DTrace on it by this time next year. Will OS X run Dtrace or should I save the money, get a Lenovo, and install Solaris on it?

    The beta is released to developers under NDA, that means no one should be talking about what is and isn't in it, and for a very good reason, features are subject to change.

    Apple demoed those features to a huge audience and posted it on a public Website. Apple store employees are no more likely to leak info from the OS itself than developers are.

    No part of the retail employee's job REQUIRES them to have or use the software.

    No, but then they don't ever need to have run Tiger either to run a cash register. Being more informed makes them a better resource for customers and that includes knowledge of upcoming products that are already announced and the ability to reference it for customers in the case of a specific question.

  13. Re:Unfortunately his reasoning is flawed. on Windows vs Mac Security · · Score: 1

    First of all, I have installed XP and yes, it does indeed give me the option to create up to six users when I install.

    I'm not talking about options here. Would a normal, clueless user who threw in the install disk be led through the process of creating an admin account and a normal account for everyday use, without selecting weird options they don't understand? Because it sure doesn't seem that way to me.

    That is completely irrelevent however since the vast vast majority of Windows users will not be installing it and will have an OEM install it in which case it is exceedingly easy to create an unattended install script that creates a local least privilege user.

    Non OEM installs are all MS has control of and set the standard for how OEMs assume people will be using the machines. They usually try not to do anything that would make it harder to use than this "standard" since it confused users and costs them money in support.

    Exactly what Microsoft software doesn't run as a normal user?

    First, the OS itself makes a lot of task very difficult if you aren't an admin, like installing things. As for additional software, there are lists on various sites but some Office macros no longer work, Frontpage crashes repeatedly, and numerous games developed by companies that are part of MS won't run at all.

    The registry is indeed shared but that in and of itself is not a problem since ACLs are built into it.

    Unless you expect non-admin end users to install software, which most will want to.

    There are other parts of the registry which the user would have access to so this is completely unnecessary.

    And yet they don't. Why do you suppose it is that so many companies don't follow these "best practices" (MS included.

    You don't need to carefully pick your software you can change the permissions created or better yet, just install with runas instead of logging in as another user and then permissions will be setup correctly for that user.

    When it works, which is not all the time.

    As for Windows being modular, you actually can pull IE and Windows Media player out, you actually can replace the tcp/ip stacks. Most any function you can rip out and replace with something else.

    Wow you can remove common, end user software? When deleting a browser is hard, maybe you're a little less modular than you think.

    As for bug fixes from my own personal experience creating simple web forms I can say that all bugs that are reported are not created equal. There are definitely oversights which have occurred but MS does indeed fix a good number of local and remote privilege escalation bugs.

    They occasionally fix publicly known ones. They rarely, if ever, fix ones found internally according to people I know who worked there. On any given day I can use Google to find numerous, public, exploitable local escalations and build them into a worm that already has a remote unprivileged exploit. I can be fairly sure it will be there for a few months, at least.

    Vista will not be perfect, it won't even be near it but will it do more harm than good? Judging from XP I'd bet it'll do more good than harm.

    I'm not even sure I'll concede that, but in any case it won't be good enough for a normal user's normal use.

    As for Microsoft marketing I think you are way off base with what users both home and business are looking for. Security is indeed a concern but it is by no means at the top of the least.

    The intersection of users who are not locked in and who are informed enough to know if MS's marketing is lying and who aren't already on another platform and who might leave for another platform is not big enough for them to spend much money on; so they don't

    The XP w/SP2 firewall does however include ACL for program access to the Internet so you can stop anything you like.

    It is not informative enough, does not correspond to what users perc

  14. Re:Market Share on Windows vs Mac Security · · Score: 1

    2001 called. They want their statistics back.

    I just grabbed both of those numbers from the cited websites. zone-h.org does not seem to have any consolidated defacement by OS statistics easily available and is, thus, not as useful.

  15. Re:Question on Personal Firewalls Mostly Useless, Says Mail & Guardian · · Score: 1

    No, I haven't. Fortunately for us, there are thousands of people auditing the code at any given moment.

    And I can trust that all of them will look at the relevant code and are competent and honest?

    I have audited the Gaim code, however. I can assure you that there is no backdoor.

    I see. evil_Tak says it is good, so I should trust it eh? None of us know all the code we are running is trustable and will continue to be so as we update it. We all want to run code in which we have differing levels of trust. Not recognizing that in OS design is a problem.

  16. Re:The consequences were that you got fired.. on Apple Fires Five Employees for Downloading Leopard · · Score: 1

    The (ex)Apple employees are protesting that they came clean and yet endured the same punishment they'd have endured if they had not come forward but been caught anyway. The complaint is not that they were punished at all, it's that the punishment was excessive and gives nobody any incentive to be honest.

    Not punishing the as specified in the employment contract might cause Apple future legal headaches. Not having the employment contract take into account whether or not employees are honest is probably a poor business decision, but it is completely ethical, in my opinion. The incentive to tell the truth should not (ethically) be a lesser punishment, it should be having self respect.

    Apple can hire and fire whoever they want, for whatever (legal) reason. But that doesn't make this anything other than, at face value, assuming there's not more to it than TFA, a dumb decision.

    Given the exact circumstances, I'm not sure I agree. What is stupid is Apple not giving a copy of Leopard beta to every Apple retail employee in the first place and avoiding this whole issue. The product is announced and developers have it. Pirates and competitors have it by now. Store employees should have it if they want so they can start educating themselves and answer questions.

  17. Re:Question on Personal Firewalls Mostly Useless, Says Mail & Guardian · · Score: 3, Insightful

    Software firewalls 'solve' the same problem as antivirus software. They attempt to disallow stupid users from doing stupid things.

    I disagree. Software firewalls on Windows attempt (and usually fail) to add granularity of control for end users.

    For the most part, if people don't install unknown/untrusted software on their PCs, and use safer alternatives for online stuff (gaim, firefox, sylpheed vs. aol's own messenger, MSIE, Outlook) along with practicing safe online computing in general, personal firewalls add the same value as antivirus software. None.

    This depends a whole lot upon your definition of "trusted." In any case, this is just another example of tools being designed without taking users into account. For most users the point of a computer is to run software they want. They don't know what software is secure and I'd argue no one does as everyone has to trust others. I don't know if Firefox has a backdoor that will be enabled next week. I haven't audited all the code. I doubt you have either. Whether it is Firefox, some shareware, an executable some friend sent via IM, of just something the user thought was data but the extension was hidden on, users who don't run untrusted data are missing a huge portion of the functionality they want from their computer. More important yet, they expect that functionality. It is not that they are stupid, they just have reasonable expectations that are not being met.

    For example, most users never want any programs except their e-mail client to be able to read their e-mail address book. I mean what kind of stupid machine would let "nekkid_pics.jpg(.exe)" read my friends e-mail addresses and send a whole bunch of e-mail to them without asking me first? Who wants their computer to do that? And yet, almost all modern OS's just let any old program or program disguised as data to absolutely anything they want without asking the user or even informing them. That is what is stupid.

    Then again, maybe that should be required knowledge for any user who connects their computer to the Internet. We need licenses to show we are competent enough to drive cars, and this is the "Information Superhighway" after all.

    If I drive poorly, a bunch of kids could get run down and killed by a ton of metal. If I run random executables someone might get spam e-mail. Perhaps you see how the negative consequences of the former warrant licensing while the latter almost certainly does not?

    The real problems are twofold. One, computers are very poorly designed and don't behave as users expect. Two, when computers don't meet people's fairly reasonable expectations and instead are hijacked by spammers, people like you blame the users instead of the crappy OS's. Fix the software first, then if the problem persists you can blame the users.

  18. Re:Unfortunately his reasoning is flawed. on Windows vs Mac Security · · Score: 1

    How on earth can it be that people running as Administrator all the time is the fault of MS?

    Have you ever installed Windows XP? Do you recall that it, by default, creates only an administrative account, not a normal user account, which is what a Windows user would have to be using to gain these same benefits? Did MS not write that installer?

    MS hasn't required it for almost a decade since the launch of NT4.

    No, but popular software MS write themselves still does not work properly unless you are an administrator, thus they are certainly complicit in maintaining this culture.

    Users running as Administrators is simply not the fault of MS as evidenced my the thousands of people in corporate offices that run their computers without admin access all the time.

    Yeah, it works great so long as you carefully pick and choose your software, avoid software written for the home market, and have a full-time administrator taking care of all the things you can't easily do. Try it as a home user and try to do the normal tasks a home user typically does. You'll quickly see why no one does this.

    If 3rd parties created better installers which didn't put information where it doesn't belong then the issue would be long gone. It is not in any way shape or form a design problem.

    Umm, the shared registry and the fact that there are no granular, per application permissions are certainly design problems MS should have fixed by now.

    The basic services by default is a valid gripe but I haven't heard of many privilege escalation bugs in Windows that wasn't the result of a service being given more access than it needs. I'll add that the service caused the problem not any inherent design issues with Windows.

    Unneeded services running by default, network services serving local tasks, and the all or nothing mentality for security of user applications certainly is a design problem.

    It's not only the number of services but the fact that the underlying services being employed are not new, are time tested, and open many are open source. As a result the tools the OS is relying on are much safer.

    Well, I agree those factors make a difference, but I don't see how it can be called modular.

    Microsoft also does fix bugs, with all the patches out its complete absurdity to state otherwise.

    Where did I say MS doesn't fix bugs? I said they usually don't bother to fix bugs that provide local privilege escalations. For that matter they don't even fix all the bugs that may or may not cause remote privilege escalations or DoS. From ex-MS employees I know, the consensus is about 60% of the bugs reported are considered serious enough to fix. Since MS assumes if you're logged into the box you're probably an admin anyway, they don't bother with local escalations. Apple does fix them, under the assumption that their systems may be used in multi-user environments and it adds an extra level of security against many remote exploits.

    Yes there are still a lot of unfixed bugs and yes they need to step up this process but they aren't just sitting around doing nothing.

    MS, like many companies acts based upon what matters to their bottom line. When their OS is insecure and often exploited they look at a cost/benefit analysis. Since they have a monopoly and have built numerous mechanisms to lock people into using Windows, they aren't losing a lot of customers because of poor security. Since most users are not experts and believe what they are told, it is much more cost effective for MS to start an ad campaign telling everyone that their new OS will be the most secure ever and is super-extreme-secure, to the max, than it is for them to hire enough engineers to really fix the security issue. And, it gives them a feature they can advertise to sell upgrades to Vista users once they have a new OS. They can claim it is way more secure than Vista, just as XP was way more secure than Win2K, etc.

  19. Re:But what if Microsoft offered it all together? on Windows vs Mac Security · · Score: 1

    I call bull. Name just one court action that is "investigating" the issue. There are none. Second, that is not what courts do. They adjudicate issues. Governments and competitors investigate claims of monopolistic behavior.

    Okay, the French courts are currently "adjucating" by looking at and evaluating all the information brought to them by various parties to see if Apple qualifies as having monopoly influence with the iPod. If you don't think looking into all that information fits the definition of the word "investigate" I'm happy to ignore you and use it anyway.

  20. Re:...sniff... what's that smell? on Windows vs Mac Security · · Score: 1

    It is not illegal [sic] for them to bundle software where a marketplace exists.

    Bundling is a common term for the most common form of anticompetitive tying. Wikipedia has this to say about tying:

    "Tying is the practice of making the sale of one good (the tying good) to the de facto or de jure customer conditional on the purchase of a second distinctive good (the tied good). A classic example of de facto tying is the selling of razors at a loss and making the profit on the blades. Cell phones and printers sold at below cost, the profit to be made on the subsequent minutes or printer cartridges, are also common.

    Some kinds of tying, especially by contract, have historically been regarded as anti-competitive as it is implied in this that one or more components of the package are sold individually by other businesses as their primary product, and thereby this bundling of goods would hurt their business. It is also implied that the company doing this bundling has a significantly large market share so that it would hurt the other companies who sell only single components.

    ...

    It was first made potentially illegal in the United States by the Sherman Antitrust Act (section 1) if the firm has "economic power" in the tying good, and a "non-trivial" amount of business is affected by the tying. See Northern Pacific Ry v. United States, 356 U.S. 1 (1958); International Salt Co. v. United States, 332 U.S. 392 (1947). For at least three decades, the Supreme Court defined "economic power" to include just about any departure from perfect competition, going so far as to hold that possession of a copyright or even the existence of a tie itself gave rise to a presumption of economic power. See Fornter Enterprises v. United States Steel, 394 U.S. 495 (1969); United States v. Loew's, Inc. 372 U.S. 38 (1962). More recently, the Supreme Court has held that a plaintiff must establish the sort of market power necessary to other antitrust violations in order to show the sort of "economic power" necessary to establish a per se tie. See Jefferson Parish Hospital District No. 2 v. Hyde, 466 U.S. 2 (1985)."

    I think you're talking out of the wrong end. What courts?

    The above are references pertinent to the US, but antitrust law is surprisingly similar in most jurisdictions including the EU and much of Asia.

    What courts? In any judiciary I've come across, courts don't investigate they adjudicate. If it was a crime (if's not) then the police investigate. If it's a civil offense then it is up to the competitors to mount a legal challenge.

    In both the US and EU this is a criminal offense and is investigated charges are brought by the state (Attorney General in the US). In most instances this is paired with a civil suit from one or more wronged competitors.

    This is all pretty common knowledge stuff and there are lots of good summaries written by real lawyers available free online if this was not covered in a basic economics course you took. I don't know why you have this belief, but making IE unable to be removed is only one of the ways in which it is an anticompetitive action.

  21. Re:the article may have some good points, but... on Windows vs Mac Security · · Score: 1

    I was expecting to find some sort of powerful access control list system where permissions can be specified per process rather than per user, and maybe even something akin to SELinux or other Mandatory Access Control implementations.

    OS X does actually have built in ACLs, but they are not really used at all at this point and certainly are not a working, integrated security mechanism like those you mention. Rather, LaunchD provides a centralized hub that may simplify such an implementation in the future, including the spawning of processes and automated scheduling of them. I didn't mean to get your hopes up.

    Honestly, it's probably a very good thing that Apple didn't try to invent new security tools at the same time they were reinventing init, rc.d, inetd and crond. That's already a lot of risk to take.

    Agreed. LaunchD needs some serious security testing and more eyes before it is ready for more security minded distributions. As for restricting processes and applications, OS X's adoption and modification of OpenStep really lends itself to bringing this to the desktop in a usable way and Apple is one of the few companies with the HCI expertise to pull it off cleanly, but I don't think they see the business case for this yet, with security not being a pain point for most of their users and with the giant lighting rod which is Windows, sitting nearby.

  22. Re:Market Share on Windows vs Mac Security · · Score: 1

    IIS is hosting about 30% of all Websites by number according to netcraft.com. They account for 64% of 15,000+ Web sites defaced on attrition.org. It seems pretty obvious to me.

  23. Re:Better analogy on Windows vs Mac Security · · Score: 1

    If in a particular city, most people drive Toyota Corollas, you can bet car thiefs will learn how to break into Corollas and they will be broken into more frequently than the 2-3% of Daewoos. Because they're already so familiar with Corollas, those cars will probably be stolen in an even higher percentage than its marketshare. So it has at least some significance in some cases.

    Market share plays a significant role for both motivation (financial), ease of exploitation (easier propagation), and malware author knowledge base (heavily focused on Windows). The previous poster, however, made the claim that market share and motivation was the only consideration that should be taken into account for relative security and all others had no influence on security, which is obviously not the case.

    I'm just saying that comparing a security system to a non-security system isn't the best analogy.

    Actually I was comparing a weak security system (obfuscation) with a slightly stronger security system (home safe). An expert will defeat either, just as a security expert can probably break into a Windows machine or an OS X machine. That does not mean they are equally easy and it does not mean that building a robot that goes into people's houses and grabs anything under the mattress is the same level of difficulty as building a robot that goes into people's houses, cracks open their safes, and steals the contents. Realistically, that is the most relevant security issue of the day, automated worms.

  24. Re:Unfortunately his reasoning is flawed. on Windows vs Mac Security · · Score: 1

    It seems like everyone is saying Windows is insecure because processes always run as Local Service or whatnot when the reality is that they can run as whatever user the installer would like. Seems like they are talking about third parties being the weakness.

    There are two things I think you're overlooking. First, with LaunchD you don't have to create a special "user" for a piece of software to run with specific privileges and logging. Second, third party developers don't code software to work in a non-trusted mode, because by default users run as administrators on Windows. This is a design decision MS made poorly that results in this from third-parties.

    Both platforms are subject to local privilege escalation.

    True, but Apple actually fixes local escalations if you report them, and thus they are not always easy to find and exploit in an automated fashion. Microsoft ignores them since almost everyone runs as admin anyway. Last I heard there were hundreds outstanding, including ones that have been public knowledge for years.

    I think the biggest component which serves to assist OS X with security is the fact that is is pluggable, features can be removed and added at will.

    I'm not sure I see a real difference from Windows here. Mostly I'd say the difference is that OS X does not run many services by default, while Windows runs a pile of them, including RPC which should be a local, not network service for most users.

  25. Re:Yay! (Sort of) on New Hope for Stem Cell Research · · Score: 1

    Ok.... here's practical sex ed.: Don't want a child? Don't have sex.

    Here is why that isn't practical. First, this occurs with people who have not yet fully developed and are often incapable of making responsible, rational decisions. Second, this is fighting against the single, strongest instinctual drive hard-wired into our brains. Anyone who thinks copulation is a way for us to reproduce if fooling themselves. Copulation is how DNA retransmits itself and everything we think of as "us" including our consciousness, feelings, instincts, and body parts are just adaptations that have evolved to make that more likely. Anything you do to lessen that is simply the process weeding you out of the gene pool because you're defective.