Oh wow, a privilege escalation bug in an operating system. That completely invalidates all my points. If you know anything about OS security you'd know that there exist and have existed and will exist privilege escalation bugs for all popular operating systems.
Those are all from 2009 BTW. Anyway the point isn't to bash Linux or Windows for that matter, but I'll be impressed when someone can actually provide a valid critique of NT design. Maybe too much to ask for in a comment, but w/e...
It is not IE that makes Windoze insecure, it is the OS and the design philosophy
Not sure if you're joking here. Microsoft employees thousands of programmers. They aren't "programmed" to use any philosophy when they get hired. Do you have any specific criticism of the NT design?
-- COM is a security disaster
COM has nothing to do with security. Using COM allows code written in different languages to interoperate at the binary level without taking heavy dependencies (well, except the interface). Hell even Mozilla uses a similar tech - XPCOM.
-- executing any vaguely executable rubbish based on its extension is a disaster
And on some other operating systems you can mark them as executable and run them. Nobody is going to stop you. If you can't change permissions on the file, but you have read permissions, you can read the file and write it to your home directory and then set the +x permission.
4. Backward compatibility, and a zillion features that assume an essentially insecure and trusted world are a disaster. M$ has no way out.
You can believe that if you want to. If you want others to believe it you have to provide some level of evidence.;)
I think games have been moving towards pure the sit-back-and-enjoy entertainment genre of movies. Very few games are *really* challenging or make you think (except ofcource the puzzle types). With all these big budget titles you can mostly just run through the game in your first sitting. Still, the multiplayer aspect tends to correct that balance of difficulty vs. pure entertainment/visuals
Heres my guess: Statistically out of every 10 Windows users 7 will be average (mom, dad, grandma, etc) , 1 user will be a moron and will fall for every phishing and malware attack, 1 will be a moderately advanced user and 1 will be a fairly advanced user / developer.
When you're dealing with that kind of audience, your goals are *vastly* different than highly customizable operating systems like Linux. Your criticisms are minor and superficial. Given *ANY* UI decision you can find users that disagree with it. Calling it proof is frankly laughable.
As far as RAM is concerned, firefox itself is going to consume/require several hundred megs for an average user visiting youtube and other misc. flash heavy websites. That said, I don't have a clue what the actual RAM usage levels are of Win7 vs Ubuntu 9.10
If Apple trusted MS on Windows 7 not needing a very special driver and just couple of tweaks to Vista driver would be enough and if their internal tests failed horribly in Windows 7 final
Huh? The Windows 7 beta was out for general public consumption for quite a while. And MS partners like intel, apple, nvidia, ati, etc get a pre release version even earlier. I can't believe that they didn't even test whether Win7 worked on macbooks until MS released the official version.
person I've completely had it with India and Indians dictating how to implement technology. F@#k'em!!!!
A large percentage of the Indian population are poor illiterate farmers/village-folk. A very tiny percentage of their population (my guess is single digits) is online and most Indians I know would never support such policies. Most likely this is just their internal politics (similar to the abortion and LGBT posturing we have here) to appeal to the conservative populace. Heck they tell me some morons even tried to ban Valentines day as it imposes liberal "western" values ! (It didn't work)
But you are right that linux sucks at running windows executables.
That isn't an accurate rephrasing of what I said. Saying Linux or OSX is immune from Windows viruses is marketing FUD. I am not advocating people say - Hey use this OS, it won't run any of your existing programs. It make sense to turn a negative into a positive, but that's the job of the marketing dept, which we should leave out on technical forums;)
I can give you a thousand viruses and worms I'm immune to.
That is a nice FUD to cover for the fact that Linux doesn't run windows executables. Or are you telling me Linux can detect before hand if an executable is going to cause harm?
How to exploit linux remotely? troll full_disclosure or milw0rm till someome finds a remote vuln and posts sample code. or find one yourself.
How to exploit linux using a drive-by exploit? do the same thing, but look for browser exploits.
(replace linux with any other OS and it still works)
You're just whining. Don't confuse evolution supporters with scientists. Theory of evolution by natural selection is the BEST explanation that we have right now to explain many aspects of life. Do you have an alternate theory that is better but still manages to agree with all the scientific tests, results and subsequent discoveries that validate the existing theory?
The average person who has no understanding of science has an implicit trust in science, because it has built around itself a credibility bubble. And for good reason. Every now and then revolutions happen and existing theories fall in the light of better theories. This is not accidental. Its because scientists are not dogmatic or 'faith' based. This is not true in all cases ofcource. *Sometimes* when large amounts of money are involved a bad scientist might defend his theory more aggressively. But even then, they fall eventually. The new theory is accepted and the process continues.
I thought the fact that I used python to demonstrate it makes it obvious. The point is, executable permissions are easily bypassed. And in the case of exploiting arb. code execution vulnerabilities, this is irrelevant.
Also, last time I checked ubuntu (the most popular distro) does install python, (or maybe perl) as part of the base install. I don't know if this is true for the majority of distros.
What if a file system requires that an executable be marked as executable before it can be executed?
Then you have stopped compiled binary files from executing. However, you can get around that by using a python script, which AFAIK requires no executable permission. A quick check on my macbook pro shows that it works.
With the millions of Linux machines out there, you'd think at least some of those viruses would be propagating in the wild.
The viruses that exist for Linux are generally proof-of-concept examples, but they aren't actually attacking and infecting Linux machines successfully. That's despite the large number of Linux servers that have both lots of system resources (CPUs, RAM, etc) and high-speed connections, which would make them very attractive targets.
Many houses on my street have never been robbed. And guess what ! They happen to be painted off-white. Many of them have wide screen TVs and other expensive items. The security system these Off-white houses use must be better than others !!
Prove that a significant amount of malware programmers are trying to write malware for Linux and are unable to and you *might* have the hope of constructing a point.
The viruses that exist for Linux are generally proof-of-concept examples, but they aren't actually attacking and infecting Linux machines successfully
The mere fact that they can exist points to a flaw in Linux; would you not agree?
I bet all of this is a real mystery to you if you believe that Windows and Linux are equally secure.
By that logic ofcource Plan9 is the most secure OS.
Simplistically, an operating system's job is to move the magnetic head on the hard disk and load bits from the hard disk, copy them into memory and set the CPU instruction pointer so the bits are read by the CPU as instructions and thus the executable executes till a pre-emptive interrupt is triggered after the specified time slice.
I cant for the life of me think of anything in *ANY* operating system that would prevent that. The only way to prevent such an executable from executing would be to know before hand if these 'bits' cause harm to your PC or is a regular executable. Again, can't think of any OS that would prevent that.
Lets look at common forms of malware. (includes viruses IMO)
Malware that spreads though a user action: Downloading & Installing malware (disguised as a screensaver with ponies). No OS can prevent you from doing that.
Malware that spreads through a 'drive-by' exploit through the browser: There exist and have existed for time immortal arbitrary code execution vulnerabilities in almost all browsers. Making a comparison of Windows vs Linux is moot, since the browsers are but applications and have nothing to do with the core functionality of the OS making flaws in them, irrelevant to a discussion on OS design.
Malware that spreads through an exploit in the OS: If you want to claim that any Linux default install doesn't have or rather hasn't ever had any remote code execution vulnerabilities through which malware spreads on Windows, then there is no point talking to you because you have taken some industrial strength kool-aid that would be hard to argue against.
-------
Heres what I think contributes to Windows computers getting compromised. Ofcource this doesn't include co-ordinated attempts at hacking a computer. We've seen numerous times any server can get r00ted given the right amount of time and expertise.
* Lack of white-listed software:- Default way to install software on Windows is to download an untrusted installer and run it.
* Lack of culture of frequent patching:- We've seen it over and over again. Worms like conficker get wire spread coverage MONTHS after the vulnerability has been patched by MS. In many cases the worm itself is created after reverse engineering security patches. Many users turn off windows autoupdate, making the job of infecting their PCs all the more easier.
* Lack of diversity in install base:- Common executable format and insane amounts of backwards and cross compatiblity among different windows flavors makes writing a windows malware easy.
Maybe they didn't want their employees handling GPL code (like my employer does.. seriously we're not allowed to look at GPL'd code!). Maybe they are trying to see if they can offload their development costs for a platform that isn't going to give then any return on investment. Maybe novell approached them first.
But that means hardware vendors are free to bundle any browser. How come MS is the one who has to promote their competition? Why not just tell the computer vendors to give the choice to the user? For e.g. When you customize your order, after choosing your CPU, HDD etc, you can choose your browser. (Ofcource most people here would like there to be an OS choice too, but htats a separate discussion:) )
Incorrect analogy. AFAIK Apple forces you to only use their software when you buy a mac from them or any apple reseller. MS can't and doesn't (not recently anyway) force computer vendors to use IE. They are free to bundle whatever crap they want (and many do).
Complaining about Apple controlling the Apple computer market is like complaining Toyota controls the Toyota car market
Actually, MS doesn't sell computers. It has no control over what decisions dell,hp,sony etc make with regards to bundling. - See all the trialware that gets included.
These preboot Linux will act like training wheels to let people kick their dependence on Windows
You can get windows working in a "kiosk" mode too. The problem is you have to pay for it. Ignoring the preboot environment for a minute theres an interesting margin game here though.
Vendor A (low-volume)
With Windows : -$30 per license per device With Linux : +$30 per device Advantage : Stick with Linux
Vendor B (high-volume)
With Windows : -$10 per license per device With Linux : +$10 per device Advantage : Stick with Windows
Ofcource this is oversimplifying it. I don't consider the differences in selling price (which are assumed to be close to 0 due to corrective market forces) differences in costs in acquiring parts, differences in sales figures etc. This isn't a thesis, just a comment on a website:p
but I imagine it's another vendor-lockin, poor-performance-substitute abomination like NTFS was, or WinFS will be.
You can believe that if you want. You have to show evidence for it though if you want others to believe it. What don't you like about the algorithms used in NTFS? Feature wise I cant think of any major issues in NTFS. http://en.wikipedia.org/wiki/Comparison_of_file_systems#Features
Traditionally, Windows(NTFS) has always been good at random access I/O and Linux(ext2/3) at sequential I/O. My experience has been ext2/3 always lagged behind NTFS in handling large files (>3GB)
Yes, that would happen only if DRM became something like a BSOD or some other data loss flaw. IMO, most kinds of DRM - license key checks, CD Checks, etc are not all that intrusive in the minds of gamers.
They wont go out of business either way, they would just move to consoles, where its harder to pirate w/o modding OR convince MS to add DRM to Windows as a core component so that its impossible to pirate w/o installing a cracked OS - both out of reach of casual pirates and non-geeks.
I'm tired of game companies "not getting it" when it comes to pirates. Want to stop the pirates? Make games cheaper and feature complete, assholes.
I think the only thing they can do, is stop investing 10 million per game and hire all those people to make them. If wanting games cheaper was the predicating factor for pirates, I'd love to see pirates pool in and pay game developers and sound engineers and artists to write games for them. I wonder if that would ever happen.
Regardless of your own position on piracy, my experience has been that pirates just want content for free no matter what. Sadly, I only see this ending badly for legitimate consumers. Only when RIAA/MPAA successfully convince (i.e. pay) congress to pass laws requiring DRM on every damn thing, will it be over.
What happened to MMU based security? User & Kernel address space division seems to work for desktop OSs. Why hasn't it been adopted for the mobile platform?
Slashdot Mirror
Oh wow, a privilege escalation bug in an operating system. That completely invalidates all my points. If you know anything about OS security you'd know that there exist and have existed and will exist privilege escalation bugs for all popular operating systems.
Its Not Like Linux Doesn't Have Any
Those are all from 2009 BTW. Anyway the point isn't to bash Linux or Windows for that matter, but I'll be impressed when someone can actually provide a valid critique of NT design. Maybe too much to ask for in a comment, but w/e...
It is not IE that makes Windoze insecure, it is the OS and the design philosophy
Not sure if you're joking here. Microsoft employees thousands of programmers. They aren't "programmed" to use any philosophy when they get hired. Do you have any specific criticism of the NT design?
-- COM is a security disaster
COM has nothing to do with security. Using COM allows code written in different languages to interoperate at the binary level without taking heavy dependencies (well, except the interface). Hell even Mozilla uses a similar tech - XPCOM.
-- executing any vaguely executable rubbish based on its extension is a disaster
And on some other operating systems you can mark them as executable and run them. Nobody is going to stop you. If you can't change permissions on the file, but you have read permissions, you can read the file and write it to your home directory and then set the +x permission.
4. Backward compatibility, and a zillion features that assume an essentially insecure and trusted
world are a disaster. M$ has no way out.
You can believe that if you want to. If you want others to believe it you have to provide some level of evidence. ;)
Hmm, I wonder why the spammers aren't trying to attack Google? (or maybe we just dont know?)
If they could get into Google's codebase and find a way around anti-spam measures, that would mean tons of cash for them.
I think games have been moving towards pure the sit-back-and-enjoy entertainment genre of movies. Very few games are *really* challenging or make you think (except ofcource the puzzle types). With all these big budget titles you can mostly just run through the game in your first sitting. Still, the multiplayer aspect tends to correct that balance of difficulty vs. pure entertainment/visuals
Heres my guess:
Statistically out of every 10 Windows users 7 will be average (mom, dad, grandma, etc) , 1 user will be a moron and will fall for every phishing and malware attack, 1 will be a moderately advanced user and 1 will be a fairly advanced user / developer.
When you're dealing with that kind of audience, your goals are *vastly* different than highly customizable operating systems like Linux. Your criticisms are minor and superficial. Given *ANY* UI decision you can find users that disagree with it. Calling it proof is frankly laughable.
If you're interested in why windows is "bloated" you can read this: http://blogs.msdn.com/e7/archive/2008/11/19/disk-space.aspx
As far as RAM is concerned, firefox itself is going to consume/require several hundred megs for an average user visiting youtube and other misc. flash heavy websites. That said, I don't have a clue what the actual RAM usage levels are of Win7 vs Ubuntu 9.10
If Apple trusted MS on Windows 7 not needing a very special driver and just couple of tweaks to Vista driver would be enough and if their internal tests failed horribly in Windows 7 final
Huh? The Windows 7 beta was out for general public consumption for quite a while. And MS partners like intel, apple, nvidia, ati, etc get a pre release version even earlier. I can't believe that they didn't even test whether Win7 worked on macbooks until MS released the official version.
http://en.wikipedia.org/wiki/Development_of_Windows_7#Builds
Troll? Seriously?
person I've completely had it with India and Indians dictating how to implement technology. F@#k'em!!!!
A large percentage of the Indian population are poor illiterate farmers/village-folk. A very tiny percentage of their population (my guess is single digits) is online and most Indians I know would never support such policies. Most likely this is just their internal politics (similar to the abortion and LGBT posturing we have here) to appeal to the conservative populace. Heck they tell me some morons even tried to ban Valentines day as it imposes liberal "western" values ! (It didn't work)
But you are right that linux sucks at running windows executables.
That isn't an accurate rephrasing of what I said. Saying Linux or OSX is immune from Windows viruses is marketing FUD. I am not advocating people say - Hey use this OS, it won't run any of your existing programs. It make sense to turn a negative into a positive, but that's the job of the marketing dept, which we should leave out on technical forums ;)
I can give you a thousand viruses and worms I'm immune to.
That is a nice FUD to cover for the fact that Linux doesn't run windows executables. Or are you telling me Linux can detect before hand if an executable is going to cause harm?
How to exploit linux remotely? troll full_disclosure or milw0rm till someome finds a remote vuln and posts sample code. or find one yourself.
How to exploit linux using a drive-by exploit? do the same thing, but look for browser exploits.
(replace linux with any other OS and it still works)
You're just whining. Don't confuse evolution supporters with scientists. Theory of evolution by natural selection is the BEST explanation that we have right now to explain many aspects of life. Do you have an alternate theory that is better but still manages to agree with all the scientific tests, results and subsequent discoveries that validate the existing theory?
The average person who has no understanding of science has an implicit trust in science, because it has built around itself a credibility bubble. And for good reason. Every now and then revolutions happen and existing theories fall in the light of better theories. This is not accidental. Its because scientists are not dogmatic or 'faith' based. This is not true in all cases ofcource. *Sometimes* when large amounts of money are involved a bad scientist might defend his theory more aggressively. But even then, they fall eventually. The new theory is accepted and the process continues.
That would require that the target have python.
I thought the fact that I used python to demonstrate it makes it obvious. The point is, executable permissions are easily bypassed. And in the case of exploiting arb. code execution vulnerabilities, this is irrelevant.
Also, last time I checked ubuntu (the most popular distro) does install python, (or maybe perl) as part of the base install. I don't know if this is true for the majority of distros.
What if a file system requires that an executable be marked as executable before it can be executed?
Then you have stopped compiled binary files from executing. However, you can get around that by using a python script, which AFAIK requires no executable permission. A quick check on my macbook pro shows that it works.
node-1:tmp nox$ cat test.py
def main():
print 'hello';
main()
node-1:tmp nox$ ls -all test.py
-rw-r--r-- 1 nox wheel 36 Dec 23 08:16 test.py
node-1:tmp nox$ python test.py
hello
node-1:tmp nox$
With the millions of Linux machines out there, you'd think at least some of those viruses would be propagating in the wild.
The viruses that exist for Linux are generally proof-of-concept examples, but they aren't actually attacking and infecting Linux machines successfully. That's despite the large number of Linux servers that have both lots of system resources (CPUs, RAM, etc) and high-speed connections, which would make them very attractive targets.
Many houses on my street have never been robbed. And guess what ! They happen to be painted off-white. Many of them have wide screen TVs and other expensive items. The security system these Off-white houses use must be better than others !!
Prove that a significant amount of malware programmers are trying to write malware for Linux and are unable to and you *might* have the hope of constructing a point.
The viruses that exist for Linux are generally proof-of-concept examples, but they aren't actually attacking and infecting Linux machines successfully
The mere fact that they can exist points to a flaw in Linux; would you not agree?
I bet all of this is a real mystery to you if you believe that Windows and Linux are equally secure.
By that logic ofcource Plan9 is the most secure OS.
Simplistically, an operating system's job is to move the magnetic head on the hard disk and load bits from the hard disk, copy them into memory and set the CPU instruction pointer so the bits are read by the CPU as instructions and thus the executable executes till a pre-emptive interrupt is triggered after the specified time slice.
I cant for the life of me think of anything in *ANY* operating system that would prevent that. The only way to prevent such an executable from executing would be to know before hand if these 'bits' cause harm to your PC or is a regular executable. Again, can't think of any OS that would prevent that.
Lets look at common forms of malware. (includes viruses IMO)
Malware that spreads though a user action: Downloading & Installing malware (disguised as a screensaver with ponies). No OS can prevent you from doing that.
Malware that spreads through a 'drive-by' exploit through the browser: There exist and have existed for time immortal arbitrary code execution vulnerabilities in almost all browsers. Making a comparison of Windows vs Linux is moot, since the browsers are but applications and have nothing to do with the core functionality of the OS making flaws in them, irrelevant to a discussion on OS design.
Malware that spreads through an exploit in the OS: If you want to claim that any Linux default install doesn't have or rather hasn't ever had any remote code execution vulnerabilities through which malware spreads on Windows, then there is no point talking to you because you have taken some industrial strength kool-aid that would be hard to argue against.
-------
Heres what I think contributes to Windows computers getting compromised. Ofcource this doesn't include co-ordinated attempts at hacking a computer. We've seen numerous times any server can get r00ted given the right amount of time and expertise.
* Lack of white-listed software :- Default way to install software on Windows is to download an untrusted installer and run it.
* Lack of culture of frequent patching :- We've seen it over and over again. Worms like conficker get wire spread coverage MONTHS after the vulnerability has been patched by MS. In many cases the worm itself is created after reverse engineering security patches. Many users turn off windows autoupdate, making the job of infecting their PCs all the more easier.
* Lack of diversity in install base :- Common executable format and insane amounts of backwards and cross compatiblity among different windows flavors makes writing a windows malware easy.
* Lack of securit
Who knows. Lots of guesses..
Maybe they didn't want their employees handling GPL code (like my employer does.. seriously we're not allowed to look at GPL'd code!). Maybe they are trying to see if they can offload their development costs for a platform that isn't going to give then any return on investment. Maybe novell approached them first.
But that means hardware vendors are free to bundle any browser. How come MS is the one who has to promote their competition? Why not just tell the computer vendors to give the choice to the user? For e.g. When you customize your order, after choosing your CPU, HDD etc, you can choose your browser. (Ofcource most people here would like there to be an OS choice too, but htats a separate discussion :) )
Incorrect analogy. AFAIK Apple forces you to only use their software when you buy a mac from them or any apple reseller. MS can't and doesn't (not recently anyway) force computer vendors to use IE. They are free to bundle whatever crap they want (and many do).
Complaining about Apple controlling the Apple computer market is like complaining Toyota controls the Toyota car market
Actually, MS doesn't sell computers. It has no control over what decisions dell,hp,sony etc make with regards to bundling. - See all the trialware that gets included.
These preboot Linux will act like training wheels to let people kick their dependence on Windows
You can get windows working in a "kiosk" mode too. The problem is you have to pay for it. Ignoring the preboot environment for a minute theres an interesting margin game here though.
Vendor A (low-volume)
With Windows : -$30 per license per device
With Linux : +$30 per device
Advantage : Stick with Linux
Vendor B (high-volume)
With Windows : -$10 per license per device
With Linux : +$10 per device
Advantage : Stick with Windows
Ofcource this is oversimplifying it. I don't consider the differences in selling price (which are assumed to be close to 0 due to corrective market forces) differences in costs in acquiring parts, differences in sales figures etc. This isn't a thesis, just a comment on a website :p
Maybe somebody can flesh this out a bit more..
but I imagine it's another vendor-lockin, poor-performance-substitute abomination like NTFS was, or WinFS will be.
You can believe that if you want. You have to show evidence for it though if you want others to believe it. What don't you like about the algorithms used in NTFS? Feature wise I cant think of any major issues in NTFS. http://en.wikipedia.org/wiki/Comparison_of_file_systems#Features
Traditionally, Windows(NTFS) has always been good at random access I/O and Linux(ext2/3) at sequential I/O. My experience has been ext2/3 always lagged behind NTFS in handling large files (>3GB)
Yes, that would happen only if DRM became something like a BSOD or some other data loss flaw. IMO, most kinds of DRM - license key checks, CD Checks, etc are not all that intrusive in the minds of gamers.
They wont go out of business either way, they would just move to consoles, where its harder to pirate w/o modding OR convince MS to add DRM to Windows as a core component so that its impossible to pirate w/o installing a cracked OS - both out of reach of casual pirates and non-geeks.
I'm tired of game companies "not getting it" when it comes to pirates. Want to stop the pirates? Make games cheaper and feature complete, assholes.
I think the only thing they can do, is stop investing 10 million per game and hire all those people to make them. If wanting games cheaper was the predicating factor for pirates, I'd love to see pirates pool in and pay game developers and sound engineers and artists to write games for them. I wonder if that would ever happen.
Regardless of your own position on piracy, my experience has been that pirates just want content for free no matter what. Sadly, I only see this ending badly for legitimate consumers. Only when RIAA/MPAA successfully convince (i.e. pay) congress to pass laws requiring DRM on every damn thing, will it be over.
Probably someone who wants to hack it to install Linux..
What happened to MMU based security? User & Kernel address space division seems to work for desktop OSs. Why hasn't it been adopted for the mobile platform?
http://thedailywtf.com/Articles/New_Site_and_A_Sincere_Thank-you.aspx