Ummm, actually I am a lot smarter than any virus or spam.
Thats why we have automated tools to help in detection and removal.
Automated tools to detect and remove malware is largely an automated way to leverage the work of security researchers that discovered, fingerprinted, and build a removal script for a given malware. They also help to provide information needed to determine what is an isn't malware. This is making up for the failure of the OS to let us know what is going on. A smart OS would say, "Hey I notice you're sending a thousand e-mails a minute with a script. Are you sure that is a good idea?" Since it does not we install malware detection systems that perform some of those same tasks, in a limited way.
You're basically saying that humans are infallible at detecting "bad" content.
I understand you interpretation of his comment, but I think the major failing is on the automated side not the human side. Humans can't detect malware with current systems because the OS does not provide them with the information they need or the control to do anything about it. It is important to remember that only the user knows what they want the computer to do. It is not the computer's job to override their wishes, just to give them the options and information they need to make the right choice.
In alot of cases machines are far better at heuristics than humans.
This is true, but the human still has to be the decision maker. Maybe I want to run that script that mails millions of messages a day because I'm desperately trying to spread information on how to cure the deadly plague about to destroy humanity and the government won't believe me until it is too late. Sure its unlikely, but I just think it is important to stress that people are smarter and need to make the decisions. OSs should provide them the information they need and do what they are told.
Yes, it was. Windows NT was designed from day one to be a multiuser, networked OS.
This is very true, but the previous poster also has a point. Most of the important architectural features of the NT core that can be used to provide a secure OS are ignored by the rest of the operating system. For a car analogy, it is like switching out the engine in a car for a larger one, but not upgrading the frame and mount points with something that will let you actually taker advantage of it without crashing. Windows XP and what I've seen of Windows Vista still functions a lot more like Windows 95 than Windows NT in many of the ways that matter.
All OSes can be subject to a rootkit attack. What point are you trying to make ?
In the posts this person replied to I've described a design that would mitigate rootkit and other attacks. It is not something I've invented on my own, but merely the direction many of the more secure OSs (designed from the ground up with security in mind) are taking. I don't think anyone with a clue would argue that Windows does not have a security problem and it has not been ongoing for quite some time. The average user cannot safely and easily use their computer and it falls down in many regards, as I documented, including letting rootkits run wild without letting the user know it is happening and giving them the opportunity to stop it.
If MS cared what end users wanted, they would have implemented this or some other major security features years ago. There are hundreds of security experts who are at the top of their field and almost all of them could have outlined a system like this or that would have the same effects. I believe the point the poster was trying to make was that for all their talk of a more secure OS they haven't done this and are not interested or capable of so doing.
Exploits and security holes don't cause themselves. Any failing of the OS is caused by the person/persons who programmed it.
If you want to look at it that way, fine, but then all problems are caused by human error, if only the error of perceiving them as errors. The point is, the end user is not responsible for them, in most cases.
There is some porn that is legal, and some that is not. Some that comes from human slavery and some that doesn't.
Porn in the US is a fairly regulated industry. Asserting that a significant amount of it is illegal, without any evidence is empty rhetoric.
Not disagreeing with you on the cause, but I am not talking about living in a "bad" neighborhood and going home there. I am using an inadequate metaphor to point out that the end user has decisions to make, and that there are consequences to those decisions.
Perhaps you should be a little more conservative with your metaphors. Your metaphor was dangerously close to some arrogant, aristocratic racism I hear regularly. In any case, I've yet to see a correlation between people who merely visit sites and who become infected with malware and certainly nothing to demonstrate causality.
The above does not meet with my experience in this. I run the tech bench at an ISP. I can tell what kind of sites people have been visiting based on the malware that is detected on their pc. It's that simple.
Most malware (by infection number) does not spread through Websites at all. Of that which does, a good portion is posted on public forums and on cracked servers of all kinds. I'm looking at the infected host list for an entire class A right now as well as a list of the DNS request history for them. The vast majority has no correlation at all because most infections do not spread from a particular kind of Website. The only correlation I know of is particular sites that trick people into installing some sort of malware, often spyware.
The people who intentionally visit areas of the web that are KNOWN to contain more security risks than others.
It is this last group I disagree with. First, I'm not sure I believe there is such an "area of the Web." Second, I certainly haven't seen evidence of it. Third, assuming such a thing exists, it certainly is not common knowledge.
As you can see, the adage in question is perfectly reasonable and applies to everybody, not just Windows users.
I disagree. Asking a person to give up functionality for security is a recipe for disaster for any security scheme. Most will choose functionality. If you're interested in making a more secure system, rather than assigning blame to someone else you have to rethink this.
If I install a VM on a windows box I can run arbitrary untrusted software, but to do so sacrifices a great deal of usability. Heck, Even without install a VM I can make a separate user account with very limited privileges for running untrusted software and gain quite a bit of security. Again, this is very inconvenient. On OpenBSD or FreeBSD I can run untrusted software in jails, built into the OS fairly safely. On Solaris I can do this with zones. To paraphrase the sandwich analogy you linked to, I can feed the sandwich to a pig I don't really care about and then eat the bacon after he digests it and makes it into said bacon. I still get fed, but the risk of death via disease or poison is much less.
Like it or not, most of us both want to and need to run software from sources we don't trust. It is a decade past the time Windows should have built in jails or VMs and started running software in them by default. Other vendors need to integrate them as well and do a better job of meshing them with the OS and UI, but since most of them don't have a serious malware problem yet, they can be forgiven.
Actually most malware are viruses that can only spread via human interaction
True.
Worms are the only automated means of spreading malware and they are a fraction of the problem, much rarer than virus and script-based malware.
False.
Most malware is not automated, however, most infections are caused by automated malware. Worms are fewer in number, but spread much more quickly and widely. Counting the number of infections caused by worms and the number caused by malware involving human interaction yields the former as having a greater impact according to the majority of studies I've read.
Another reason for never pointing a firearm at someone, whether loaded or unloaded, is that who the firearm is being pointed at can't know for certain whether or not it is loaded...
This is sometimes true, but not always. Often everyone present knows one another and knows the state of the guns. With a bolt action, pump, or break action gun with the action open, it is often obvious the gun is unloaded. If I was hunting and my brother pointed his gun at me I'd be pissed, but I would not think he was planning on shooting me and retaliate. When you are alone with a gun, in your home, no one is going to retaliate if you point it at the TV, but you should still not do it.
I understand you point and it is valid in some instances, but I really think conditioning yourself to behave safely even when you are not thinking about it at all is the most important reason.
The weak link in most computer networks is human. If it was programmed by humans, there will be a flaw that can be exploited.
Most compromises are the result of automated exploits with no user interaction. Sure a human made the OS being exploited, but that does not make it a human failing, just a failing in the OS.
Most rootkits/spyware are installed by the owner of the PC when visiting illegal or semi-legal sites, such as pr0n/gambling/file sharing.
Since when is porn semi-legal?
If you go for a walk through a "bad" neighborhood with no protection at 3AM and get mugged, yes they should convict the mugger, but you chose to go through a dangerous area at a dangerous time.
"Bad" neighborhood exist mostly because the police do not equitably enforce the law and the laws themselves are not equitable. The fact the some neighborhoods have more danger to the average pedestrian than others is often because police resources are improperly allocated by the wealthy. Whether I'm in a poor neighborhood because that is the only place I can afford to live, or a wealthy neighborhood, should not make any difference to the police or their behaviors and no more blame should be placed upon me.
So take reasonable precautions, but don't expect your precautions to amount to much if you are making poor decisions.
Most people who are infected with malware are infected without ever doing anything and don't even know it happened. That is not their fault nearly as much as it is the fault of the OS designers who touted their OS as "super secure" even though it is less secure than pretty much every other one out there. They were lied to and are still being lied to. Stop blaming the victims.
As the old security adage goes, if untrusted software is run on your machine, it's not your machine anymore.
Given the fact that most software used by the average person is closed source and most people don't have the time or skill to audit the open source software they run, it seems like this is a pretty ridiculous way to design an OS. The adage is true right now (for most systems) but that does not mean it should be if MS was listening to their users. People want to run random games form the internet and click indiscriminately on files they get via e-mail. Build jails or VMs into the OS already and let the users run them safely.
There is no 100% solution except to cease using the technology. That's a given. But that would be like saying we should stop using cars because accidents happen.
What you advocated, however, was users not running software or opening data they don't trust. For most users, that cuts the functionality of their machine in half. Trust is a sliding scale. And given the relatively mild punishment for trusting too much, most users will chose functionality over security. The job of the OS should be to make sure they never have to make that choice.
There is no technical solution to everything, though. You cannot "fool proof" everything. Would you go around fool-proofing cars or guns? I'd rather expect someone using either to have proper training and knows how to use it, so he is neither harm to himself nor others.
Well, if I can get a gun or car to do exactly what I want without any risk or decrease in functionality, I'm all for it. As for training, the point is that the usability and functionality of the system has to be up to snuff before it can be effective. To bring cars to the equivalent level of functionality as a Windows machine you'd have to have no windshield and the user would have to just be guessing where they are going. Right now users are given basically no information about what is happening. Is that a program or data? What is it doing when I'm running it? Is it sending spam, or running a game? Is it reading my tax returns? No idea.
The analogy of guns is an interesting one. Anyone who has had a traditional education concerning guns has heard that they should always treat the gun as if it is loaded and point it away from anything they don't want to shoot. Why? Why not only point it in a safe direction when it is loaded? There is no danger if the action is open and it is obviously empty. The answer is "conditioning." Nobody can concentrate on one thing all the time. By always treating the gun as loaded users condition themselves through repetition. That way, when they're thinking about something else (like is that a bear in those trees) they unconsciously point their gun in a safe direction and don't accidentally shoot their hunting buddy when they stumble.
The reason this is such an appropriate comparison is because Windows uses conditioning as well. Every time it brings up the same cryptic dialogue box with (OK/Cancel) it conditions users to click "OK" to get their computer to work again. It also conditions them to click "OK" when being warned of a potential threat. It is one of the worst UI choices, ever and a classic example of what not to do. In many cases even reading the dialogue you don't know what each of the buttons will do since "OK" and "Cancel" are not appropriate responses and are not actions. It is the result of programmers ignoring the human component of computer/human interactions when it comes to security.
First and foremost, you are responsible for what comes out of your computer.
I'll accept that I am responsible, but that does not mean no one else is as well. Picture this, the computer sales guy talks a grandmother into buying a computer. She knows nothing about them, but he tells her it is as easy to use as a TV and will let her send e-mail to her grandkids. They install it and hook it up for her. She never patches it and it is not set to do so automatically. It is compromised. It sends spam. Is it her fault she was lied to? Is it her fault she assumed it would behave reasonably instead of doing things all on its own? Yes, but even more than that it is the fault of the salesman and the system designers.
If someone is unfit to use a car, we don't let him use it.
If more than 70% of people are unfit to use most cars on the road, but do just fine with an Audi, maybe we need to rethink our car designs rather than sending everyone back to driver's education.
Likewise, if someone is unfit to use a computer because he cannot follow the most basic rules of common sense, he should not be on t
How can a push to virtualisation - the process of running an OS on "virtual hardware" - possibly be the end of a company that's core business involves selling an OS? Not to mention that most virtualisation products require a host OS in the first place (VMWare's ESX Server is the only one that springs to mind that doesn't, but it certianly still requires at least one guest OS)
As virtualization takes off it offers several large advantages. On is the ability to run multiple OS's and gain access to their abilities and software simultaneously. Another, is security. A third is easy migration from one "host" OS to another. MS has a stranglehold on that host OS market for the desktop and they want it for the server space as well.
So fast forward a few years and computers are more functional and they can all simultaneously run several OS's with little performance hit. You have the option of running Linux on Windows or Windows on Linux. In both cases you get access to all the software at reasonably fast speeds. In the former case Linux filters Window's access to the world and in the latter Windows filter's Linux's access. Which would you rather have? For reasons of security, stability, and speed, Linux as the base OS is a pretty big winner right now. It is more secure, more stable, multitasks better, and manages memory better. There are instances right now where running Windows applications in a VM is faster than running them natively on the same hardware because of the memory management.
Fast forward a few more years. Linux is free as in beer. There is no reason not to ship all computers with it as well as Windows. If it becomes standard, then it is an easy target for developers. Would you rather develop for Windows which runs on most all machines, or Linux, which also runs on most all machines, including high-end server, cell phones, PDAs, and low end computers that can undercut Windows machines for the bottom segment of the market?
The whole thing reeks of an opportunity for businesses to get out from under the MS tax with a smooth and easy transition. It is a very real threat to them, which is why they have been buying and investing in VM left and right. They own, what 3 of the 5 biggest companies now and are a big part of the biggest open source project.
Now, a move to OSS I can see being problematic for vendors like MS, but let's be honest here - it's not looking to have made much of a dent in their profits over the last decade or so.
But there hasn't been a big move to open source, partly because of certain, large barriers to entry that VM would effectively knock down.
They are offering free products that are competing against free, open source products, like Zen, Qemu, and Bochs. Since the primary markets are on workstations and servers right now, they are trying to make sure their brand and products become standards in this space which is the part of the reason they are offering some of their software for free.
People, please, stay sensible. First of all, a rootkit has to GET into a system.
True, but there are many modes of infection.
Whatever a program may want to do, first of all it has to be started. Now, there are currently no unpatched remote exploits or program-runs-crap-by-itself bugs I'm aware of. In other words: You have to start it!
So, just because you don't know of any unpatched, remote vulnerabilities being exploited, we should not worry about them? What about local escalations, there are plenty of those outstanding and some people admin multi-user boxes. Finally, it can come in as a trojan. No one has the time to exhaustively check every program they run, if the source is even available. That means you have to trust every program you install. This is asking users to sacrifice usability for security, and that is a classic security blunder.
My prediction would be that you can eliminate about 95% of the most dangerous worms, trojans and spybots currently in the wild if we could just get people to abstain from running every single piece of junk they stumble upon.
My prediction is we can stop 100% of worms, trojans, and spybots by no longer using computers... of course that kind of defeats the purpose.
There is no technical solution for a social problem.
Malware is mostly a technical problem and a computer/human interaction problem. It can be solved with education as a social problem, but only when the previous problems have been fixed. You can't expect users to learn a whole lot of really complex topics in order to perform simple tasks. It is not going to happen. When joe-sixpack runs their computer they expect it to conform to some basic, sensible characteristics and it is failing. This is not the user's fault. This is the fault of the people who designed the system first and then tried to teach the average person a long series of complex topics and ever changing rules. What they should have done was ask the users what the computer should do and then make the computer do that.
It is unreasonable to expect that clicking on an icon that looks just like your picture files will install a program and let someone in Russia start using your computer to send spam. This is a failing of the computer, not the user. The computer should clearly indicate to the user what is a picture and what is a program. Then, it should not let the program do anything the user does not expect and want. If this rootkit arrives in a trojan, disguised as data or a beneficial program like a game, and the user runs it, they still should not have to worry about it because it should be running in a sandbox, by default. When it tries to do something unusual, like patch the core of the OS, the user should be warned in very strong language and given the option of letting the rootkit patch a VM's core OS instead, thereby stopping it from having any effect. It doesn't take a genius to do this, if only people would stop apologizing for how crappily most OS's, especially Windows, deal with this stuff. By blaming the users for this failing you're part of the problem. Stop it.
I have a Jabber server, but I never use it. Does anyone use Jabber?
Yes. I've seen quite a few more people using it because of Google's efforts. What I''d like to see is AOL move completely to Jabber and partner with IBM, Apple, and other players to make it the built in protocol in all their offerings.
Could someone explain to me why are VMWare and Microsoft rushing to give some of their virtualization products away free?
VMWare makes money selling really cool management suites for their virtualization technology. They figure if they give away the low-end stuff, then everyone will use it and those with money will buy their high-end stuff, which works with it. They are otherwise competing with several free, open-source implementations which would take over if they tried to charge for them.
MS does not like the fact that VMWare is king here and they don't want open source taking another market either. As a result they want to make sure everyone is using their solution and it chokes out the rest of the market. Once that is accomplished they can start charging and developing competitors to VMWare's management stuff.
The short answer is, they don't want you to move to a free, open source solution because they can't make as much money then.
Tell this to the EU who just fined MS $380M for giving away Windows media player.
Wow, so much is wrong with the above statement. I suppose the most obvious is the the fine was for not supplying API documentation having nothing to do with the media player.
Generally speaking, when assigning remedies, courts have options related to the breach of the law that occurred. For example, the UK's legislature will indicate that a certain crime may carry a fine not exceeding a certain level on a scale, and it is then for the court in a particular case to determine what fine to impose within those limits. Of course civil and criminal law don't work exactly the same way, but then again we don't have punitive damages in the UK either.
Yes, but when dealing with fines the courts are generally empowered to seize other assets to cover the value of fines in the instances where the convicted is unable to pay otherwise, or where the courts cannot collect otherwise. By your argument, I could go into a bank and run out with a million bucks, take it immediately to a brokerage and buy the rights to various patents and copyrights. Then when the police came for me, they could arrest me, but they would be powerless to get the money back or take it from me. When I got out of jail, I'd be rich. The money MS has and has reinvested into building the intellectual property they have was to some degree gained through illegal means, breaking criminal antitrust laws. Now I'm not a legal expert, but I suspect that in either my bank robbery or MS's antitrust violation the courts have the power to seize any asset gained by this illegal process as well as anything needed to cover the fines imposed. If MS "jumps ship" and somehow moves all their other assets out of the EU, the EU can still seize their intellectual property as compensation and the US is obligated to honor that.
The seizure of physical property if money is not directly available is also established.
I've seen a lot of laws, but they all make references to "salable assets" or "property." Can you show me ones that exclude intellectual property assets?
Would it make sense for a court to claim the copyright of a GPL'd application because one of the contributors upset it?
No. But it also doesn't make sense for the court to seize $1 from everyone in a private club because one member owes a fine. They can, however, seize the rights to the portion of the GPL software that particular person owned, but not revoke the already sold license (since that comes along with the intellectual property).
What if a defendant decided to assign all their IP to some other body just before the ruling was given?
The same thing that happens when a defendant gives away all their money just before a ruling is given.
I'm not saying it couldn't be done, but attempting a parallel with forfeiture of physical goods is not likely to work as an analogy here.
As far as I know, the same laws apply. It does not matter if it is a house, stocks, a patent, or a copyright. From the court's point of view it makes little difference.
I'm not a lawyer, so I could indeed be completely wrong about this, but a quick web search didn't turn up any example cases either. Have you actually seen any specific cases where this happened?
Every corporate bankruptcy case I've ever seen included the sale of intellectual property assets as part of the assets which were used to compensate the creditors. I have been involved in one particular case (in the US not the EU) where a corporation was dissolved and sold off and the courts and the IRS were certainly concerned about the intellectual property of salable value. They ignored incidental copyrights, but I don't think you can consider Windows to be incidental.
Go install it and try it. You'll see what it does.
Quite frankly, I don't have the time or inclination. I've read the reviews and seen briefs.
Every damn program that needs to do anything with any sort of escalated privlidges[sic] pops up a window. A window you CAN'T say "don't show again" to.
The problem major is the definition of "escalated privileges." Windows has not implemented the granularity of control necessary and has not set reasonable defaults for behavior of existing and new software. Hundreds of pop-ups are a bad thing as they make the computer harder to use. Worse yet, MS has repeated their UI snafu and present standardized dialogues always with the same options, instead of a different set of buttons that are actions for each case. This will train people to bypass the system either by mechanically always selecting the same option or by finding a way to turn it off.
It is like they took a fundamentally good security idea that is designed to inform users and provide them with better control and handed it over to a committee who did not understand that the human/computer interaction was a vital part of this and further did not understand the design goals or any type of security restriction not encompassed by the existing user/admin paradigm.
The whole security model is totally different.
I'm reserving judgement until it is out of beta and I have a chance to test it personally, but it looks right now as though they missed the boat and this will do little to help.
Hint: an awful lot of software will not run on it. Many of those that don't can be run in a "compatibility" sandbox, which is pretty isolated from the system.
From what I've read, it is kinda, sorta isolated. If they wanted security, however, all applications would be running in a sandbox for security reasons, not just compatibility. For that matter the security and privileges of those sandboxes should be set to functional defaults and easily editable via a top-notch UI. If I had 100 billion and 6 years to drop on OS development you better believe it would have functional, integrated jails. But then, I'm serious about the concept of security, while MS is a lot more interested in blunting the majority of the bad press while doing as little work as possible on security that is not securing the system from the end user instead of for them.
Remember though, as in the US, the guilty punishment was very little compared to the payout for all the civil suits which became slam dunks. Expect MS to settle a lot more lawsuits in Europe to server and media player companies.
Have MS headquartered in some EU country. Would the EU be so quick to want to force an EU company to hand over all of it's software to competitors?
First, the EU has convicted and punished dozens of EU headquartered companies for monopoly abuse. Second, "hand over all it's software"?!? They are ordering them to document the interaction between the server and the desktop. There is no software required, just documents that explain how they interact so others are not illegally disadvantaged.
This boils down to the EU hates it that other countries are better at things then they are.
Oh, I see. You're an idiot.
Is it impossible for Linux and apple to use window Servers?
Who cares? The question was can Windows desktops use Linux and Apple servers as easily as Windows servers?
Exchange, one needs an exchange client first.
No, they need to be able to run an exchange server on a non-windows box. That is why the EU ordered them to document the exchange protocol.
And for other application, your dealing with a specific application. Granted MS may have made product ABC, but do they have to make a client for product ABC for every desktop OS?
You have the entire ruling completely backwards. MS doesn't have to create any clients at all. They have to document the protocols well enough so that Linux and Apple and Sun, etc. servers can compete on even ground when serving Windows desktops. This isn't about stopping MS from having a monopoly on desktop OSs. It is about stopping them from using that monopoly to gain another monopoly on Server OSs.
The unregulated monopoly business model goes like this. Take a monopoly (desktop OS). Tie it to a new market (servers OS, web browsers, media players, etc.). You quickly drive everyone else out of business and you have two monopolies. Rinse. Lather. Repeat. Soon you just have a small number of competing monopolies, innovation is pointless, and consumers are screwed. That is why I don't know of a single country where what MS has done is not illegal.
... they don't really know how to unbundle. Complying with the law is just as late as everything else is.
The provision they are failing to comply with is not bundling, it is tying. It is using secret, undocumented protocols in both the server and desktop products.
But before we all bash them too too hard -- where, again, are the usable Linux desktops that we'd like to have to replace Windows?
You are completely misconstruing the EU's ruling. They are not being punished for having a monopoly on desktop OS's. They are being punished for illegally advantaging their server OS using their desktop OS monopoly. There are plenty of usable Linux servers and fewer are being used because of the illegal action.
Try bankruptcies and fraud cases for starters. Intellectual property is seized and transferred from corporate entities all the time. Patents and copyrights have been transferred any number of times and are considered the same as any other asset as far as the criminal courts are concerned.
I've never seen anything in either the UK's IP legislation or anything like the EU Copyright Directive...
Those uphold the principles of reciprocity, not the right of the government to act within it. If the EU confiscated the intellectual property the US is the one bound to honor it. I think you're either misconstruing my earlier remark. In any case any given member state may have laws that conflict, but if so I've never seen one. It seems like a huge loophole if I can transfer all my assets to intellectual property (like patents and copyrights) and the government is powerless to seize any of them even if they are purchased with the proceeds of a crime. If this is truly the case, I might have a new business venture in mind. Let me know if you find any countries where this truly is the case.
The difference is that you can't uninstall MS software when it's bundled with Windows.
You are incorrect. The difference is MS is bundling products with a monopolized product while Apple is not (probably). I say probably because if Apple is found to have a monopoly on portable music players (they have 70% or so now) then it is illegal for them to bundle other products with it (iTunes). Of course several courts are now investigating this issue. Apple and MS are both held to the same standard, most people are failing to understand what that standard is.
The parent isn't insightful, it's simply wrong. Under WIPO treaties, to which pretty much every major economic power in Europe is a signatory, the EU can do no such thing.
Actually, it is you who is completely wrong. Both the EU and the US have under numerous cases confiscated intellectual property rights as well as other assets from convicted criminals. Now the fact that these rights are worth a lot of money and the company is based in the US makes a difference politically, but not legally. In fact, according to the WIPO traty the US would be the one bound to respect the EU's confiscation of those intellectual property rights.
However the amount is not always insurmountable for those of ordinary means.
It does not matter. In some anomalous cases poor people will become wealthy. That does nothing to effect the overall trend towards consolidation. The point is, in general, having money to start with is more likely to get you wealth than talent or hard work. As a result, without any socialism, all economies follow the cyclical trend of consolidation then revolution.
In the USA, more so than in other countries, someone with a good idea and some hard work still has a better chance of becoming wealthy than in most any other country.
What ever makes you believe this? The numbers I've seen place the US as below average in upward mobility. We're even behind China in this regard. Maybe you need to take another look at where your statistics are coming from.
You arent smarter than viruses and spam.
Ummm, actually I am a lot smarter than any virus or spam.
Thats why we have automated tools to help in detection and removal.
Automated tools to detect and remove malware is largely an automated way to leverage the work of security researchers that discovered, fingerprinted, and build a removal script for a given malware. They also help to provide information needed to determine what is an isn't malware. This is making up for the failure of the OS to let us know what is going on. A smart OS would say, "Hey I notice you're sending a thousand e-mails a minute with a script. Are you sure that is a good idea?" Since it does not we install malware detection systems that perform some of those same tasks, in a limited way.
You're basically saying that humans are infallible at detecting "bad" content.
I understand you interpretation of his comment, but I think the major failing is on the automated side not the human side. Humans can't detect malware with current systems because the OS does not provide them with the information they need or the control to do anything about it. It is important to remember that only the user knows what they want the computer to do. It is not the computer's job to override their wishes, just to give them the options and information they need to make the right choice.
In alot of cases machines are far better at heuristics than humans.
This is true, but the human still has to be the decision maker. Maybe I want to run that script that mails millions of messages a day because I'm desperately trying to spread information on how to cure the deadly plague about to destroy humanity and the government won't believe me until it is too late. Sure its unlikely, but I just think it is important to stress that people are smarter and need to make the decisions. OSs should provide them the information they need and do what they are told.
Yes, it was. Windows NT was designed from day one to be a multiuser, networked OS.
This is very true, but the previous poster also has a point. Most of the important architectural features of the NT core that can be used to provide a secure OS are ignored by the rest of the operating system. For a car analogy, it is like switching out the engine in a car for a larger one, but not upgrading the frame and mount points with something that will let you actually taker advantage of it without crashing. Windows XP and what I've seen of Windows Vista still functions a lot more like Windows 95 than Windows NT in many of the ways that matter.
All OSes can be subject to a rootkit attack. What point are you trying to make ?
In the posts this person replied to I've described a design that would mitigate rootkit and other attacks. It is not something I've invented on my own, but merely the direction many of the more secure OSs (designed from the ground up with security in mind) are taking. I don't think anyone with a clue would argue that Windows does not have a security problem and it has not been ongoing for quite some time. The average user cannot safely and easily use their computer and it falls down in many regards, as I documented, including letting rootkits run wild without letting the user know it is happening and giving them the opportunity to stop it.
If MS cared what end users wanted, they would have implemented this or some other major security features years ago. There are hundreds of security experts who are at the top of their field and almost all of them could have outlined a system like this or that would have the same effects. I believe the point the poster was trying to make was that for all their talk of a more secure OS they haven't done this and are not interested or capable of so doing.
Exploits and security holes don't cause themselves. Any failing of the OS is caused by the person/persons who programmed it.
If you want to look at it that way, fine, but then all problems are caused by human error, if only the error of perceiving them as errors. The point is, the end user is not responsible for them, in most cases.
There is some porn that is legal, and some that is not. Some that comes from human slavery and some that doesn't.
Porn in the US is a fairly regulated industry. Asserting that a significant amount of it is illegal, without any evidence is empty rhetoric.
Not disagreeing with you on the cause, but I am not talking about living in a "bad" neighborhood and going home there. I am using an inadequate metaphor to point out that the end user has decisions to make, and that there are consequences to those decisions.
Perhaps you should be a little more conservative with your metaphors. Your metaphor was dangerously close to some arrogant, aristocratic racism I hear regularly. In any case, I've yet to see a correlation between people who merely visit sites and who become infected with malware and certainly nothing to demonstrate causality.
The above does not meet with my experience in this. I run the tech bench at an ISP. I can tell what kind of sites people have been visiting based on the malware that is detected on their pc. It's that simple.
Most malware (by infection number) does not spread through Websites at all. Of that which does, a good portion is posted on public forums and on cracked servers of all kinds. I'm looking at the infected host list for an entire class A right now as well as a list of the DNS request history for them. The vast majority has no correlation at all because most infections do not spread from a particular kind of Website. The only correlation I know of is particular sites that trick people into installing some sort of malware, often spyware.
The people who intentionally visit areas of the web that are KNOWN to contain more security risks than others.
It is this last group I disagree with. First, I'm not sure I believe there is such an "area of the Web." Second, I certainly haven't seen evidence of it. Third, assuming such a thing exists, it certainly is not common knowledge.
As you can see, the adage in question is perfectly reasonable and applies to everybody, not just Windows users.
I disagree. Asking a person to give up functionality for security is a recipe for disaster for any security scheme. Most will choose functionality. If you're interested in making a more secure system, rather than assigning blame to someone else you have to rethink this.
If I install a VM on a windows box I can run arbitrary untrusted software, but to do so sacrifices a great deal of usability. Heck, Even without install a VM I can make a separate user account with very limited privileges for running untrusted software and gain quite a bit of security. Again, this is very inconvenient. On OpenBSD or FreeBSD I can run untrusted software in jails, built into the OS fairly safely. On Solaris I can do this with zones. To paraphrase the sandwich analogy you linked to, I can feed the sandwich to a pig I don't really care about and then eat the bacon after he digests it and makes it into said bacon. I still get fed, but the risk of death via disease or poison is much less.
Like it or not, most of us both want to and need to run software from sources we don't trust. It is a decade past the time Windows should have built in jails or VMs and started running software in them by default. Other vendors need to integrate them as well and do a better job of meshing them with the OS and UI, but since most of them don't have a serious malware problem yet, they can be forgiven.
Actually most malware are viruses that can only spread via human interaction
True.
Worms are the only automated means of spreading malware and they are a fraction of the problem, much rarer than virus and script-based malware.
False.
Most malware is not automated, however, most infections are caused by automated malware. Worms are fewer in number, but spread much more quickly and widely. Counting the number of infections caused by worms and the number caused by malware involving human interaction yields the former as having a greater impact according to the majority of studies I've read.
Another reason for never pointing a firearm at someone, whether loaded or unloaded, is that who the firearm is being pointed at can't know for certain whether or not it is loaded...
This is sometimes true, but not always. Often everyone present knows one another and knows the state of the guns. With a bolt action, pump, or break action gun with the action open, it is often obvious the gun is unloaded. If I was hunting and my brother pointed his gun at me I'd be pissed, but I would not think he was planning on shooting me and retaliate. When you are alone with a gun, in your home, no one is going to retaliate if you point it at the TV, but you should still not do it.
I understand you point and it is valid in some instances, but I really think conditioning yourself to behave safely even when you are not thinking about it at all is the most important reason.
The weak link in most computer networks is human. If it was programmed by humans, there will be a flaw that can be exploited.
Most compromises are the result of automated exploits with no user interaction. Sure a human made the OS being exploited, but that does not make it a human failing, just a failing in the OS.
Most rootkits/spyware are installed by the owner of the PC when visiting illegal or semi-legal sites, such as pr0n/gambling/file sharing.
Since when is porn semi-legal?
If you go for a walk through a "bad" neighborhood with no protection at 3AM and get mugged, yes they should convict the mugger, but you chose to go through a dangerous area at a dangerous time.
"Bad" neighborhood exist mostly because the police do not equitably enforce the law and the laws themselves are not equitable. The fact the some neighborhoods have more danger to the average pedestrian than others is often because police resources are improperly allocated by the wealthy. Whether I'm in a poor neighborhood because that is the only place I can afford to live, or a wealthy neighborhood, should not make any difference to the police or their behaviors and no more blame should be placed upon me.
So take reasonable precautions, but don't expect your precautions to amount to much if you are making poor decisions.
Most people who are infected with malware are infected without ever doing anything and don't even know it happened. That is not their fault nearly as much as it is the fault of the OS designers who touted their OS as "super secure" even though it is less secure than pretty much every other one out there. They were lied to and are still being lied to. Stop blaming the victims.
As the old security adage goes, if untrusted software is run on your machine, it's not your machine anymore.
Given the fact that most software used by the average person is closed source and most people don't have the time or skill to audit the open source software they run, it seems like this is a pretty ridiculous way to design an OS. The adage is true right now (for most systems) but that does not mean it should be if MS was listening to their users. People want to run random games form the internet and click indiscriminately on files they get via e-mail. Build jails or VMs into the OS already and let the users run them safely.
There is no 100% solution except to cease using the technology. That's a given. But that would be like saying we should stop using cars because accidents happen.
What you advocated, however, was users not running software or opening data they don't trust. For most users, that cuts the functionality of their machine in half. Trust is a sliding scale. And given the relatively mild punishment for trusting too much, most users will chose functionality over security. The job of the OS should be to make sure they never have to make that choice.
There is no technical solution to everything, though. You cannot "fool proof" everything. Would you go around fool-proofing cars or guns? I'd rather expect someone using either to have proper training and knows how to use it, so he is neither harm to himself nor others.
Well, if I can get a gun or car to do exactly what I want without any risk or decrease in functionality, I'm all for it. As for training, the point is that the usability and functionality of the system has to be up to snuff before it can be effective. To bring cars to the equivalent level of functionality as a Windows machine you'd have to have no windshield and the user would have to just be guessing where they are going. Right now users are given basically no information about what is happening. Is that a program or data? What is it doing when I'm running it? Is it sending spam, or running a game? Is it reading my tax returns? No idea.
The analogy of guns is an interesting one. Anyone who has had a traditional education concerning guns has heard that they should always treat the gun as if it is loaded and point it away from anything they don't want to shoot. Why? Why not only point it in a safe direction when it is loaded? There is no danger if the action is open and it is obviously empty. The answer is "conditioning." Nobody can concentrate on one thing all the time. By always treating the gun as loaded users condition themselves through repetition. That way, when they're thinking about something else (like is that a bear in those trees) they unconsciously point their gun in a safe direction and don't accidentally shoot their hunting buddy when they stumble.
The reason this is such an appropriate comparison is because Windows uses conditioning as well. Every time it brings up the same cryptic dialogue box with (OK/Cancel) it conditions users to click "OK" to get their computer to work again. It also conditions them to click "OK" when being warned of a potential threat. It is one of the worst UI choices, ever and a classic example of what not to do. In many cases even reading the dialogue you don't know what each of the buttons will do since "OK" and "Cancel" are not appropriate responses and are not actions. It is the result of programmers ignoring the human component of computer/human interactions when it comes to security.
First and foremost, you are responsible for what comes out of your computer.
I'll accept that I am responsible, but that does not mean no one else is as well. Picture this, the computer sales guy talks a grandmother into buying a computer. She knows nothing about them, but he tells her it is as easy to use as a TV and will let her send e-mail to her grandkids. They install it and hook it up for her. She never patches it and it is not set to do so automatically. It is compromised. It sends spam. Is it her fault she was lied to? Is it her fault she assumed it would behave reasonably instead of doing things all on its own? Yes, but even more than that it is the fault of the salesman and the system designers.
If someone is unfit to use a car, we don't let him use it.
If more than 70% of people are unfit to use most cars on the road, but do just fine with an Audi, maybe we need to rethink our car designs rather than sending everyone back to driver's education.
Likewise, if someone is unfit to use a computer because he cannot follow the most basic rules of common sense, he should not be on t
How can a push to virtualisation - the process of running an OS on "virtual hardware" - possibly be the end of a company that's core business involves selling an OS? Not to mention that most virtualisation products require a host OS in the first place (VMWare's ESX Server is the only one that springs to mind that doesn't, but it certianly still requires at least one guest OS)
As virtualization takes off it offers several large advantages. On is the ability to run multiple OS's and gain access to their abilities and software simultaneously. Another, is security. A third is easy migration from one "host" OS to another. MS has a stranglehold on that host OS market for the desktop and they want it for the server space as well.
So fast forward a few years and computers are more functional and they can all simultaneously run several OS's with little performance hit. You have the option of running Linux on Windows or Windows on Linux. In both cases you get access to all the software at reasonably fast speeds. In the former case Linux filters Window's access to the world and in the latter Windows filter's Linux's access. Which would you rather have? For reasons of security, stability, and speed, Linux as the base OS is a pretty big winner right now. It is more secure, more stable, multitasks better, and manages memory better. There are instances right now where running Windows applications in a VM is faster than running them natively on the same hardware because of the memory management.
Fast forward a few more years. Linux is free as in beer. There is no reason not to ship all computers with it as well as Windows. If it becomes standard, then it is an easy target for developers. Would you rather develop for Windows which runs on most all machines, or Linux, which also runs on most all machines, including high-end server, cell phones, PDAs, and low end computers that can undercut Windows machines for the bottom segment of the market?
The whole thing reeks of an opportunity for businesses to get out from under the MS tax with a smooth and easy transition. It is a very real threat to them, which is why they have been buying and investing in VM left and right. They own, what 3 of the 5 biggest companies now and are a big part of the biggest open source project.
Now, a move to OSS I can see being problematic for vendors like MS, but let's be honest here - it's not looking to have made much of a dent in their profits over the last decade or so.
But there hasn't been a big move to open source, partly because of certain, large barriers to entry that VM would effectively knock down.
What does VMware have to do with open source?
They are offering free products that are competing against free, open source products, like Zen, Qemu, and Bochs. Since the primary markets are on workstations and servers right now, they are trying to make sure their brand and products become standards in this space which is the part of the reason they are offering some of their software for free.
People, please, stay sensible. First of all, a rootkit has to GET into a system.
True, but there are many modes of infection.
Whatever a program may want to do, first of all it has to be started. Now, there are currently no unpatched remote exploits or program-runs-crap-by-itself bugs I'm aware of. In other words: You have to start it!
So, just because you don't know of any unpatched, remote vulnerabilities being exploited, we should not worry about them? What about local escalations, there are plenty of those outstanding and some people admin multi-user boxes. Finally, it can come in as a trojan. No one has the time to exhaustively check every program they run, if the source is even available. That means you have to trust every program you install. This is asking users to sacrifice usability for security, and that is a classic security blunder.
My prediction would be that you can eliminate about 95% of the most dangerous worms, trojans and spybots currently in the wild if we could just get people to abstain from running every single piece of junk they stumble upon.
My prediction is we can stop 100% of worms, trojans, and spybots by no longer using computers... of course that kind of defeats the purpose.
There is no technical solution for a social problem.
Malware is mostly a technical problem and a computer/human interaction problem. It can be solved with education as a social problem, but only when the previous problems have been fixed. You can't expect users to learn a whole lot of really complex topics in order to perform simple tasks. It is not going to happen. When joe-sixpack runs their computer they expect it to conform to some basic, sensible characteristics and it is failing. This is not the user's fault. This is the fault of the people who designed the system first and then tried to teach the average person a long series of complex topics and ever changing rules. What they should have done was ask the users what the computer should do and then make the computer do that.
It is unreasonable to expect that clicking on an icon that looks just like your picture files will install a program and let someone in Russia start using your computer to send spam. This is a failing of the computer, not the user. The computer should clearly indicate to the user what is a picture and what is a program. Then, it should not let the program do anything the user does not expect and want. If this rootkit arrives in a trojan, disguised as data or a beneficial program like a game, and the user runs it, they still should not have to worry about it because it should be running in a sandbox, by default. When it tries to do something unusual, like patch the core of the OS, the user should be warned in very strong language and given the option of letting the rootkit patch a VM's core OS instead, thereby stopping it from having any effect. It doesn't take a genius to do this, if only people would stop apologizing for how crappily most OS's, especially Windows, deal with this stuff. By blaming the users for this failing you're part of the problem. Stop it.
I have a Jabber server, but I never use it. Does anyone use Jabber?
Yes. I've seen quite a few more people using it because of Google's efforts. What I''d like to see is AOL move completely to Jabber and partner with IBM, Apple, and other players to make it the built in protocol in all their offerings.
Could someone explain to me why are VMWare and Microsoft rushing to give some of their virtualization products away free?
VMWare makes money selling really cool management suites for their virtualization technology. They figure if they give away the low-end stuff, then everyone will use it and those with money will buy their high-end stuff, which works with it. They are otherwise competing with several free, open-source implementations which would take over if they tried to charge for them.
MS does not like the fact that VMWare is king here and they don't want open source taking another market either. As a result they want to make sure everyone is using their solution and it chokes out the rest of the market. Once that is accomplished they can start charging and developing competitors to VMWare's management stuff.
The short answer is, they don't want you to move to a free, open source solution because they can't make as much money then.
Tell this to the EU who just fined MS $380M for giving away Windows media player.
Wow, so much is wrong with the above statement. I suppose the most obvious is the the fine was for not supplying API documentation having nothing to do with the media player.
Generally speaking, when assigning remedies, courts have options related to the breach of the law that occurred. For example, the UK's legislature will indicate that a certain crime may carry a fine not exceeding a certain level on a scale, and it is then for the court in a particular case to determine what fine to impose within those limits. Of course civil and criminal law don't work exactly the same way, but then again we don't have punitive damages in the UK either.
Yes, but when dealing with fines the courts are generally empowered to seize other assets to cover the value of fines in the instances where the convicted is unable to pay otherwise, or where the courts cannot collect otherwise. By your argument, I could go into a bank and run out with a million bucks, take it immediately to a brokerage and buy the rights to various patents and copyrights. Then when the police came for me, they could arrest me, but they would be powerless to get the money back or take it from me. When I got out of jail, I'd be rich. The money MS has and has reinvested into building the intellectual property they have was to some degree gained through illegal means, breaking criminal antitrust laws. Now I'm not a legal expert, but I suspect that in either my bank robbery or MS's antitrust violation the courts have the power to seize any asset gained by this illegal process as well as anything needed to cover the fines imposed. If MS "jumps ship" and somehow moves all their other assets out of the EU, the EU can still seize their intellectual property as compensation and the US is obligated to honor that.
The seizure of physical property if money is not directly available is also established.
I've seen a lot of laws, but they all make references to "salable assets" or "property." Can you show me ones that exclude intellectual property assets?
Would it make sense for a court to claim the copyright of a GPL'd application because one of the contributors upset it?
No. But it also doesn't make sense for the court to seize $1 from everyone in a private club because one member owes a fine. They can, however, seize the rights to the portion of the GPL software that particular person owned, but not revoke the already sold license (since that comes along with the intellectual property).
What if a defendant decided to assign all their IP to some other body just before the ruling was given?
The same thing that happens when a defendant gives away all their money just before a ruling is given.
I'm not saying it couldn't be done, but attempting a parallel with forfeiture of physical goods is not likely to work as an analogy here.
As far as I know, the same laws apply. It does not matter if it is a house, stocks, a patent, or a copyright. From the court's point of view it makes little difference.
I'm not a lawyer, so I could indeed be completely wrong about this, but a quick web search didn't turn up any example cases either. Have you actually seen any specific cases where this happened?
Every corporate bankruptcy case I've ever seen included the sale of intellectual property assets as part of the assets which were used to compensate the creditors. I have been involved in one particular case (in the US not the EU) where a corporation was dissolved and sold off and the courts and the IRS were certainly concerned about the intellectual property of salable value. They ignored incidental copyrights, but I don't think you can consider Windows to be incidental.
Go install it and try it. You'll see what it does.
Quite frankly, I don't have the time or inclination. I've read the reviews and seen briefs.
Every damn program that needs to do anything with any sort of escalated privlidges[sic] pops up a window. A window you CAN'T say "don't show again" to.
The problem major is the definition of "escalated privileges." Windows has not implemented the granularity of control necessary and has not set reasonable defaults for behavior of existing and new software. Hundreds of pop-ups are a bad thing as they make the computer harder to use. Worse yet, MS has repeated their UI snafu and present standardized dialogues always with the same options, instead of a different set of buttons that are actions for each case. This will train people to bypass the system either by mechanically always selecting the same option or by finding a way to turn it off.
It is like they took a fundamentally good security idea that is designed to inform users and provide them with better control and handed it over to a committee who did not understand that the human/computer interaction was a vital part of this and further did not understand the design goals or any type of security restriction not encompassed by the existing user/admin paradigm.
The whole security model is totally different.
I'm reserving judgement until it is out of beta and I have a chance to test it personally, but it looks right now as though they missed the boat and this will do little to help.
Hint: an awful lot of software will not run on it. Many of those that don't can be run in a "compatibility" sandbox, which is pretty isolated from the system.
From what I've read, it is kinda, sorta isolated. If they wanted security, however, all applications would be running in a sandbox for security reasons, not just compatibility. For that matter the security and privileges of those sandboxes should be set to functional defaults and easily editable via a top-notch UI. If I had 100 billion and 6 years to drop on OS development you better believe it would have functional, integrated jails. But then, I'm serious about the concept of security, while MS is a lot more interested in blunting the majority of the bad press while doing as little work as possible on security that is not securing the system from the end user instead of for them.
Apparently it won't sting quite enough, though.
Remember though, as in the US, the guilty punishment was very little compared to the payout for all the civil suits which became slam dunks. Expect MS to settle a lot more lawsuits in Europe to server and media player companies.
Have MS headquartered in some EU country. Would the EU be so quick to want to force an EU company to hand over all of it's software to competitors?
First, the EU has convicted and punished dozens of EU headquartered companies for monopoly abuse. Second, "hand over all it's software"?!? They are ordering them to document the interaction between the server and the desktop. There is no software required, just documents that explain how they interact so others are not illegally disadvantaged.
This boils down to the EU hates it that other countries are better at things then they are.
Oh, I see. You're an idiot.
Is it impossible for Linux and apple to use window Servers?
Who cares? The question was can Windows desktops use Linux and Apple servers as easily as Windows servers?
Exchange, one needs an exchange client first.
No, they need to be able to run an exchange server on a non-windows box. That is why the EU ordered them to document the exchange protocol.
And for other application, your dealing with a specific application. Granted MS may have made product ABC, but do they have to make a client for product ABC for every desktop OS?
You have the entire ruling completely backwards. MS doesn't have to create any clients at all. They have to document the protocols well enough so that Linux and Apple and Sun, etc. servers can compete on even ground when serving Windows desktops. This isn't about stopping MS from having a monopoly on desktop OSs. It is about stopping them from using that monopoly to gain another monopoly on Server OSs.
The unregulated monopoly business model goes like this. Take a monopoly (desktop OS). Tie it to a new market (servers OS, web browsers, media players, etc.). You quickly drive everyone else out of business and you have two monopolies. Rinse. Lather. Repeat. Soon you just have a small number of competing monopolies, innovation is pointless, and consumers are screwed. That is why I don't know of a single country where what MS has done is not illegal.
The provision they are failing to comply with is not bundling, it is tying. It is using secret, undocumented protocols in both the server and desktop products.
But before we all bash them too too hard -- where, again, are the usable Linux desktops that we'd like to have to replace Windows?
You are completely misconstruing the EU's ruling. They are not being punished for having a monopoly on desktop OS's. They are being punished for illegally advantaging their server OS using their desktop OS monopoly. There are plenty of usable Linux servers and fewer are being used because of the illegal action.
I'd be interested to see some examples.
Try bankruptcies and fraud cases for starters. Intellectual property is seized and transferred from corporate entities all the time. Patents and copyrights have been transferred any number of times and are considered the same as any other asset as far as the criminal courts are concerned.
I've never seen anything in either the UK's IP legislation or anything like the EU Copyright Directive...
Those uphold the principles of reciprocity, not the right of the government to act within it. If the EU confiscated the intellectual property the US is the one bound to honor it. I think you're either misconstruing my earlier remark. In any case any given member state may have laws that conflict, but if so I've never seen one. It seems like a huge loophole if I can transfer all my assets to intellectual property (like patents and copyrights) and the government is powerless to seize any of them even if they are purchased with the proceeds of a crime. If this is truly the case, I might have a new business venture in mind. Let me know if you find any countries where this truly is the case.
The difference is that you can't uninstall MS software when it's bundled with Windows.
You are incorrect. The difference is MS is bundling products with a monopolized product while Apple is not (probably). I say probably because if Apple is found to have a monopoly on portable music players (they have 70% or so now) then it is illegal for them to bundle other products with it (iTunes). Of course several courts are now investigating this issue. Apple and MS are both held to the same standard, most people are failing to understand what that standard is.
The parent isn't insightful, it's simply wrong. Under WIPO treaties, to which pretty much every major economic power in Europe is a signatory, the EU can do no such thing.
Actually, it is you who is completely wrong. Both the EU and the US have under numerous cases confiscated intellectual property rights as well as other assets from convicted criminals. Now the fact that these rights are worth a lot of money and the company is based in the US makes a difference politically, but not legally. In fact, according to the WIPO traty the US would be the one bound to respect the EU's confiscation of those intellectual property rights.
However the amount is not always insurmountable for those of ordinary means.
It does not matter. In some anomalous cases poor people will become wealthy. That does nothing to effect the overall trend towards consolidation. The point is, in general, having money to start with is more likely to get you wealth than talent or hard work. As a result, without any socialism, all economies follow the cyclical trend of consolidation then revolution.
In the USA, more so than in other countries, someone with a good idea and some hard work still has a better chance of becoming wealthy than in most any other country.
What ever makes you believe this? The numbers I've seen place the US as below average in upward mobility. We're even behind China in this regard. Maybe you need to take another look at where your statistics are coming from.