Sadly, it appears that the date-tracking function in the Zune is at least somewhat independent of the firmware, since the 2nd and 3rd-gen Zunes were unaffected. On the other hand, the issue has already resolved itself. Of course, come 2012, it may happen all over again (by which time the thought of a 30GB media device will sounds like an utter joke).
Yep. Not only that, but as of this morning, it works again. I'm not sure exactly how it was tracking time, but its year length was off by a day. A pain, but they were only out for 24 hours. All things considered, I'm amazed how much uproar it caused (checked Google Trends yesterday?)
Of course, it being a chance to bash MS, no surprise to find it on Slashdot.
My suggestion, if you want to really get into EVE, is start out with somebody who already plays. Get them to mentor you a little, and more importantly to sponsor you for a corp. Some of the main advantages:
1) They've been through the learning curve already (and it was harder when they did it - CCP keeps making the new player experience smoother) and they know the tricks like how to make collecting loot really pay off on the market. 2) They can help you specialize your character for maximum short-term potential, or to reach one of the top-level abilities (say, carrier pilot) quickest. Even if it's little more than letting you knwo what the options are and pointing you at EVEMon, you'll be a better player potentially months ahead of the curve. 3) They might be willing to toss a little cash your way. New pilots now start with enough skill points they can immediately pilot tier 3 frigates and can get tech 2 weapons in under two weeks, so cash is usually the main barrier to capability unless you either get lucky or mission like no other. However, a fully-fitted frigate plus all the skillbooks you will need for your first month costs well under what an experienced player can make in 20 minutes. 4) You have an immediate in-game community. This is a big one - EVE is a social game, and taking advantage of that makes it much more fun. It also provides a probable avenue for joining an experienced corporation, possibly even if you don't meet the criteria for normal recruits (such criteria are usually in place to ensure you know what you're doing - which your mentor will ensure - or to prevent spies, which is one area where a inside supporter really helps). 5) You have a wingman. Maybe it's an experienced character who rips through level 4 missions in his battleship and invites you along for the ride and to keep scrambler frigates off his back, while letting you stuff your cargo hold with loot worth as much as your whole ship. Maybe it's an alt the other player made just for you, resulting in two "newbie" characters who can work together to bring down overconfident solo pirates... or pull a bit of tag-teaming piracy themselves.
Don't forget, trials are now 3 weeks. Even with the prohibition on t2 ships for trial characters, that's enough time to build a decently powerful cruiser, sufficient for moving to 0.0, farming all the cash you could need, and joining on PvP roaming or defense operations.
I like this idea, with one caveat: you need to use CCP's own SMTP server to send the mail, using your account credentials (or perhaps API key). This prevents the otherwise trivially easy spoofing of the sender name, since CCP's own server could verify that the credentials used match the username the mail is supposedly from.
Even better, this then allows use of the in-game anti-spam mechanism, the CSPA charge (CONCORD Spam Prevention Act, basically a user-configurable fee that a player pays using in-game currency in order to send a private message). It might even be possible to set CSPA differently for email vs. in-game EVEMail.
You don't lose anything that you were already training. The only time wasted is between when the skill finishes (you get the skill whether you're logged in or not) and when you start the next one (there is no way to start a new skill train automatically).
Not wuse where you read otherwise, but it was either misunderstood or outright wrong. Until just recently, you could even start a skill train, cancel your account, wait for the training to finish, re-activate and log in again, and you'd have the skill. CCP has now removed this "ghost training" for non-subscribers, but as long as your account is active you only *need* to log in to finish skill training, not to start it.
Presumably it's just to collect metrics on how widespread the malware is. It might also be used for vaguely PR-like purposes (such as TFA). It does not (apparently) identify the computer that got infected, merely indicates that such an infection was found.
Dunno about ForeFront, but there's a whitelist for OneCare. Given hat ForeFront is a business app, I'd expect it to have some centrally configurable whitelist.
The malware may try and stop Windows Update from running (many of them do). For that matter, the kind of people likely to install something like this (it spreads either through Trojans or as scareware, not through system exploits) are probably statistically more likely to have Windows Update turned off entirely. For that matter, this isn't a worm that spreads automatically - it takes substantial user error to get infected in the first place.
All this means that the only infections the MSRT can get to were either not fully compromised (yet) or the user did something tricky (like downloading the MSRT to another computer, renaming the executable, and running it from a flash drive). Considering that, 400,000 is actually a lot for a well-known and reactive (not proactive) tool like the MSRT.
Out of curiosity, when do you have Windows Update scheduled (controllable from the Change Settings dialog on the side of the Windows Update window in Vista)? It only takes a few minutes to run the MSRT most of the time, and a couple minutes of disc thrashing at 5AM isn't likely to be a problem.
Substitute Vista for XP and add the Windows Firewall (which is much better on Vista than XP) since I'm on a laptop that's not always behind a router, and this is true for me as well. There's always the risk of a 0-day exploit, but those are less and less common and there are mitigations for them (like NoScript or other forms of Flash blocking, plus don't run everything as Administrator). Unfortunately, as the software security gets better, it seems the user security gets worse.
It really is a problem of education. The OS tries to warn you, but it can't determine sketchy download from legit ones so the same warning always appears and people click right past it. People don't even recognize these things, or else they think that having Norton installed makes them immune. Most computer users treat it simply as a tool, and never think in terms of its security.
Nope. Try a little research, please. This program spreads through two methods, Trojans and scareware (tricking the user into thinking that his computer is infected, so he buys and installs AV2k9 as a "fix"). Such software can do anything the user can (which, provided you run the program with root/Administrator credentials - like you would if installing something - is anything at all).
In either case, it's a simple matter of Problem Exists Between Keyboard And Chair. The prevalence of malware for Windows does make scareware more likely to work, but in the end it's still a matter of the user telling the OS to do something stupid (run a malicious program) and the OS obeying just like it's supposed to.
Actually, probably most people you know run the MSRT without even noticing. It's a default part of Windows Update and has been for years. Unless you specifically de-select it every month (or blacklist it) it will run automatically.
400,000 is probably the number of computers that got infected but were still sufficiently operable to run Windows Update on automatic, with perhaps a handful of people who manually ran it off a flash drive or similar (it doesn't need to be installed, and it might be possible to rename the executable or something like that even if AV2k9 tries to block the MSRT binary. I imagine a large number of machines were totally compromised before they could run Windows Update, and another large number had it turned off. Still, 400k is a lot of computers to be fixed by one tool.
First, you don't have to run the MSRT I suspect you can even blacklist it, but leave Windows Update running normally and automatically otherwise. I don't recommend doing so, but it's your system.
Second, if it did damage your system, you could probably make a civil case about it. This makes it somewhat unlikely MS is ever going to risk actively causing a problem for any significant number of users. I suppose an accident could happen - after all, real antivirus programs have been known to have false positives from time to time, with occasionally catastrophic results - but the MSRT is targeted at specific software rather than being a broad defense, and it is tested widely before each release.
An amusing notion, but it'll never happen for two reasons: 1) EULAs may or may not be enforceable in their usual sense, but a requirement that you can't remove the software doesn't even make sense. The concept of a EULA is that you must agree to the terms in order to use the software. If you're not using the software (i.e. you remove it) you're not bound by the terms anymore. 2) Since this is intentionally malicious software and almost certainly constitutes at least one form of fraud, the owner publicly identifying themselves would be a bad plan. Not only are they unlikely to win a legal battle with MS in civil court (the fraud might even make the EULA automatically invalid or some such), but they might well end up facing criminal charges as well.
IANAL, and one can always hope the malware authors get stupid, but this doesn't seem a likely scenario.
It's probably the ad providers, but the really disturbing thing is it may be legit. Well-known (I can't quite call something like doubleclick "reputable" but you get the idea) advertising companies have pushed ads for malware sites before. In fact, they've even pushed ads that actually contain malware (Flash-based exploits, mostly - it's a sad day when AdBlock actually improves security as well).
For that matter, while Google doesn't generally do the pop-up-flashing-in-your-face ads, I've seen many examples of scam anti-malware software pushed through AdWords/AdSense. According to a study that I think was on Slashdot some time back, Live actually does a better job of filtering out the really slimy advertisers. Many ad providers do little to no verification at all, though; they'll take anybody's money.
I wonder if it might work better with CrossOver (real Wine as opposed to Cedega/Cider)? I've never used CrossOver on either Mac or Linux, but I know some people who played EVE in CrossOver and they reported no problems except lack of sound (irritating, but less irritating than crashes... and this was nearly a year ago).
For what it's worth, I use Wine and the Windows client, rather than the Cedega-based Linux client. Premium graphics, good stability and performance, occasional graphical glitches from version to version but they usually get fixed quickly. Smaller install footprint, too (I dual-boot on a laptop, so this actually matters).
Excellent post. One thing I'd quibble with slightly, however, is that the "cheaper only if your time has no value" meme is most often applied to Linux when it is being recommended as a money-saver, not a hobby. If you have free time to muck around with computers and wouldn't mind learning a new OS that could be useful in the future, Linux is a great investment of your time (and I spent a substantial portion of freshman year doing just that). On the other hand, if you're trying to convince somebody to switch to Linux as a cost-saving measure relative to Windows, it's quite possible that time spent learning the OS is, in fact, lost productive time.
To put it differently, just because you'd do it as a hobby (so your time is effectively free) doesn't mean the people being encouraged to switch for financial reasons (which, as I mentioned, is the most common place for the meme to appear) are going to either have free time to do so, or find it something they enjoy enough to do in what free time they have.
TFA mentions it at some length, but only on the second page. It was rather shocking, though... Empyrean Age is a great expansion, having the game be available through Steam probably helped, etc, but I still hadn't expected such meteoric growth. It could just be a statistical anomaly - I certainly haven't seen a tripling in number of players online when I log on (it has been trending upward, but not nearly so fast). They also did (just recently) ban a number of very wealthy and influential (in-game) players for massive exploits, which may cost them a few logins from those individuals but also open up power vacuum for those who want the corporations they used to lead, or the space that those corporations can no longer afford to hold.
I'd say it's a bit more analogous to the difference between 2000 and XP (which had a fairly similar release interval, as well). The interface change isn't as radical, and hardware requirements haven't increased, but otherwise it's the same idea. Take a functional core, improve it slightly while maintaining full compatibility (bump the version number by.1 to indicate this), improve the interface to better appeal to the mass-market, add just a few really substantial features but a good spread of small ones, and release it as a whole new OS.
It worked great with XP, and while 2000 was not nearly so reviled as Vista, ME (which is what most upgraders were coming from) certainly was. I can't say for sure whether MS will pull it off again, but it's quite possible. The pre-release builds are certainly very impressive.
Mod parent -1, Problem Exists Between Keyboard And Chair.
Seriously, don't give anybody who doesn't know how to use a computer (i.e. your friend's daughter) an Administrator account. If some idiot with full privileges wants to install some Trojan-infected P2P program (or run such an infected program that she downloaded from somewhere) it is actually the OS's job to allow, not prevent, this.
Seriously, these are Trojans, not worms or even classic viruses. They are simply programs that do something else beyond what you think they do. It's not a security breach in the OS. It doesn't require any privileges beyond what a normal installation on any system (including Mac or Linux) needs. If you explicitly run malware on your system - which is all a Trojan is, malware that you have to tell the OS to execute - you're hosed on *any* general-purpose OS provided that you have the necessary credentials.
This kind of thing is not even remotely Microsoft's fault, and the same kind of crap exists on Linux and OS X as well. It's the easiest kind of malware to write, and it's literally impossible to be immune to it and still have a general-purpose operating system that you have control over (i.e. Admin/root privileges). The only preventions are limited permissions - otherwise, the OS has no way to tell that you *didn't* want to modify it to prevent Windows Update for some completely legitimate purpose.
A few that I'm aware of, but that are mostly behind-the-scenes:
Kernel has been reorganized, modularized, and streamlined (you know this as MinWin, but what I describe above is pretty much all that is). Various performance improvements have come of this, though most are only relevant to enterprise systems.
Bootup initialization, along with hibernate and resume, have been parallelized and will take advantage of multiple cores.
A few that will be useful to enterprises or anybody who needs the features:
BitLocker drive encryption has been improved; you can now encrypt removable drives, transfer them to other computers, and decrypt them (even on XP/Vista machines).It has also been better integrated into the UI.
Numerous group policy controls have been added.
Multi-touch is natively supported, any many features have been designed to aid in touch-based control of the system (such as enlarging buttons when a touchscreen is in use)
A few more that nearly everybody will see:
UAC's default configuration no longer uses the secure desktop, and no longer prompts when elevating Microsoft-signed binaries. This results in fewer prompts overall, and those that get are seen being less of an interruption.
The taskbar and system tray are both being redesigned. Among other changes, you can now re-order icons
Gadgets are now integrated onto the desktop, removing the need for a separate (and slow-starting) sidebar process.
The interface for joining networks is much better designed, resembling that found on OS X
Paint, Calculator, and several other basic apps have been vastly improved
Changing display settings is easier to reach, and it auto-detects improperly configured displays and can correct them automatically
User-customizable themes, including everything from desktop backgrounds to icons to sound schemes, can now be easily created, copied, modified, and switched between.
There are many others, but those are all that come to mind at present.
Actually, I believe 2000 couldn't always fully clean up after a crashed application, eventually requiring a reboot if you had to terminate programs. Of course, you had to reboot every patch Tuesday anyhow.
Vista (and Win7) are able to apply most patches (kernel and certain other central components aside) without rebooting. I've gone for 3 months or so, installing all patches, without rebooting. No previous home/workstation version of Windows could do that. (Server editions are somewhat better, though still similar to their contemporary client edition.)
I've managed to BSOD 2000, XP, and Vista. Vista it was using some really screwy and unsupported drivers/driver configurations (beta driver versions, or XP drivers that weren't to stable to start with shoehorned into Vista's kernel). 2000 and XP could be BSODed by sufficiently misbehaving user-mode software on completely stock and MS-approved drivers. Vista certainly has its faults, but downtime - unexpected or otherwise - is not one I've seen on a properly configured system.
Of course, proper configuration means, among other things, reformat that OEM shit straight off and do a clean install. The difference in performance, stability, and general bugginess between OEM images and clean installations is astounding. The difference in user opinion of Vista is fairly similarly divided.
Of course, you might be forgetting the way certain vendors (*AHEM* Intel *AHEM*) did NOT meet the original versions of the requirements, then forced Microsoft to change them... resulting in either computers that claimed to be "Vista capable" but couldn't run Aero at all, or those that claimed to be "Vista Premium capable" but ran Aero like crap because a lot of their graphics stuff was still handled by the CPU.
Not saying Microsoft was blameless in that one - they should have stood up for their customers more strongly - but when you've got major manufacturers and major assemblers/retailers demanding that the sticker requirements be reduced, and *technically* Vista does run on them... Well, I still disagree with what they did, but I can see why.
As I'm not a domain controller, I can't speak on the Group Policy stuff (with regard to UAC, Win7 does have some new GP stuff elsewhere taht I know of). However, UAC is actually already configurable through the Local Security Policy (accessible through the Administrative Tools menu).
One recommendation I always make to people who've always run as Admin, can't imagine doing otherwise, and can't stand UAC is: don't turn it off (making everything run with Admin privileges again) but instead use the Local Security Policy to make it so that privilege elevation is granted automatically (without prompting). This is less secure that prompting, but still much better than running everything as admin always.
Spot on. It's bad that this wasn't checked for and prevented, but the players were only out for 24 hours.
Sadly, it appears that the date-tracking function in the Zune is at least somewhat independent of the firmware, since the 2nd and 3rd-gen Zunes were unaffected. On the other hand, the issue has already resolved itself. Of course, come 2012, it may happen all over again (by which time the thought of a 30GB media device will sounds like an utter joke).
Yep. Not only that, but as of this morning, it works again. I'm not sure exactly how it was tracking time, but its year length was off by a day. A pain, but they were only out for 24 hours. All things considered, I'm amazed how much uproar it caused (checked Google Trends yesterday?)
Of course, it being a chance to bash MS, no surprise to find it on Slashdot.
My suggestion, if you want to really get into EVE, is start out with somebody who already plays. Get them to mentor you a little, and more importantly to sponsor you for a corp. Some of the main advantages:
1) They've been through the learning curve already (and it was harder when they did it - CCP keeps making the new player experience smoother) and they know the tricks like how to make collecting loot really pay off on the market.
2) They can help you specialize your character for maximum short-term potential, or to reach one of the top-level abilities (say, carrier pilot) quickest. Even if it's little more than letting you knwo what the options are and pointing you at EVEMon, you'll be a better player potentially months ahead of the curve.
3) They might be willing to toss a little cash your way. New pilots now start with enough skill points they can immediately pilot tier 3 frigates and can get tech 2 weapons in under two weeks, so cash is usually the main barrier to capability unless you either get lucky or mission like no other. However, a fully-fitted frigate plus all the skillbooks you will need for your first month costs well under what an experienced player can make in 20 minutes.
4) You have an immediate in-game community. This is a big one - EVE is a social game, and taking advantage of that makes it much more fun. It also provides a probable avenue for joining an experienced corporation, possibly even if you don't meet the criteria for normal recruits (such criteria are usually in place to ensure you know what you're doing - which your mentor will ensure - or to prevent spies, which is one area where a inside supporter really helps).
5) You have a wingman. Maybe it's an experienced character who rips through level 4 missions in his battleship and invites you along for the ride and to keep scrambler frigates off his back, while letting you stuff your cargo hold with loot worth as much as your whole ship. Maybe it's an alt the other player made just for you, resulting in two "newbie" characters who can work together to bring down overconfident solo pirates... or pull a bit of tag-teaming piracy themselves.
Don't forget, trials are now 3 weeks. Even with the prohibition on t2 ships for trial characters, that's enough time to build a decently powerful cruiser, sufficient for moving to 0.0, farming all the cash you could need, and joining on PvP roaming or defense operations.
I like this idea, with one caveat: you need to use CCP's own SMTP server to send the mail, using your account credentials (or perhaps API key). This prevents the otherwise trivially easy spoofing of the sender name, since CCP's own server could verify that the credentials used match the username the mail is supposedly from.
Even better, this then allows use of the in-game anti-spam mechanism, the CSPA charge (CONCORD Spam Prevention Act, basically a user-configurable fee that a player pays using in-game currency in order to send a private message). It might even be possible to set CSPA differently for email vs. in-game EVEMail.
You don't lose anything that you were already training. The only time wasted is between when the skill finishes (you get the skill whether you're logged in or not) and when you start the next one (there is no way to start a new skill train automatically).
Not wuse where you read otherwise, but it was either misunderstood or outright wrong. Until just recently, you could even start a skill train, cancel your account, wait for the training to finish, re-activate and log in again, and you'd have the skill. CCP has now removed this "ghost training" for non-subscribers, but as long as your account is active you only *need* to log in to finish skill training, not to start it.
Presumably it's just to collect metrics on how widespread the malware is. It might also be used for vaguely PR-like purposes (such as TFA). It does not (apparently) identify the computer that got infected, merely indicates that such an infection was found.
Dunno about ForeFront, but there's a whitelist for OneCare. Given hat ForeFront is a business app, I'd expect it to have some centrally configurable whitelist.
The malware may try and stop Windows Update from running (many of them do). For that matter, the kind of people likely to install something like this (it spreads either through Trojans or as scareware, not through system exploits) are probably statistically more likely to have Windows Update turned off entirely. For that matter, this isn't a worm that spreads automatically - it takes substantial user error to get infected in the first place.
All this means that the only infections the MSRT can get to were either not fully compromised (yet) or the user did something tricky (like downloading the MSRT to another computer, renaming the executable, and running it from a flash drive). Considering that, 400,000 is actually a lot for a well-known and reactive (not proactive) tool like the MSRT.
Out of curiosity, when do you have Windows Update scheduled (controllable from the Change Settings dialog on the side of the Windows Update window in Vista)? It only takes a few minutes to run the MSRT most of the time, and a couple minutes of disc thrashing at 5AM isn't likely to be a problem.
Substitute Vista for XP and add the Windows Firewall (which is much better on Vista than XP) since I'm on a laptop that's not always behind a router, and this is true for me as well. There's always the risk of a 0-day exploit, but those are less and less common and there are mitigations for them (like NoScript or other forms of Flash blocking, plus don't run everything as Administrator). Unfortunately, as the software security gets better, it seems the user security gets worse.
It really is a problem of education. The OS tries to warn you, but it can't determine sketchy download from legit ones so the same warning always appears and people click right past it. People don't even recognize these things, or else they think that having Norton installed makes them immune. Most computer users treat it simply as a tool, and never think in terms of its security.
Nope. Try a little research, please. This program spreads through two methods, Trojans and scareware (tricking the user into thinking that his computer is infected, so he buys and installs AV2k9 as a "fix"). Such software can do anything the user can (which, provided you run the program with root/Administrator credentials - like you would if installing something - is anything at all).
In either case, it's a simple matter of Problem Exists Between Keyboard And Chair. The prevalence of malware for Windows does make scareware more likely to work, but in the end it's still a matter of the user telling the OS to do something stupid (run a malicious program) and the OS obeying just like it's supposed to.
Actually, probably most people you know run the MSRT without even noticing. It's a default part of Windows Update and has been for years. Unless you specifically de-select it every month (or blacklist it) it will run automatically.
400,000 is probably the number of computers that got infected but were still sufficiently operable to run Windows Update on automatic, with perhaps a handful of people who manually ran it off a flash drive or similar (it doesn't need to be installed, and it might be possible to rename the executable or something like that even if AV2k9 tries to block the MSRT binary. I imagine a large number of machines were totally compromised before they could run Windows Update, and another large number had it turned off. Still, 400k is a lot of computers to be fixed by one tool.
First, you don't have to run the MSRT I suspect you can even blacklist it, but leave Windows Update running normally and automatically otherwise. I don't recommend doing so, but it's your system.
Second, if it did damage your system, you could probably make a civil case about it. This makes it somewhat unlikely MS is ever going to risk actively causing a problem for any significant number of users. I suppose an accident could happen - after all, real antivirus programs have been known to have false positives from time to time, with occasionally catastrophic results - but the MSRT is targeted at specific software rather than being a broad defense, and it is tested widely before each release.
An amusing notion, but it'll never happen for two reasons:
1) EULAs may or may not be enforceable in their usual sense, but a requirement that you can't remove the software doesn't even make sense. The concept of a EULA is that you must agree to the terms in order to use the software. If you're not using the software (i.e. you remove it) you're not bound by the terms anymore.
2) Since this is intentionally malicious software and almost certainly constitutes at least one form of fraud, the owner publicly identifying themselves would be a bad plan. Not only are they unlikely to win a legal battle with MS in civil court (the fraud might even make the EULA automatically invalid or some such), but they might well end up facing criminal charges as well.
IANAL, and one can always hope the malware authors get stupid, but this doesn't seem a likely scenario.
It's probably the ad providers, but the really disturbing thing is it may be legit. Well-known (I can't quite call something like doubleclick "reputable" but you get the idea) advertising companies have pushed ads for malware sites before. In fact, they've even pushed ads that actually contain malware (Flash-based exploits, mostly - it's a sad day when AdBlock actually improves security as well).
For that matter, while Google doesn't generally do the pop-up-flashing-in-your-face ads, I've seen many examples of scam anti-malware software pushed through AdWords/AdSense. According to a study that I think was on Slashdot some time back, Live actually does a better job of filtering out the really slimy advertisers. Many ad providers do little to no verification at all, though; they'll take anybody's money.
I wonder if it might work better with CrossOver (real Wine as opposed to Cedega/Cider)? I've never used CrossOver on either Mac or Linux, but I know some people who played EVE in CrossOver and they reported no problems except lack of sound (irritating, but less irritating than crashes... and this was nearly a year ago).
For what it's worth, I use Wine and the Windows client, rather than the Cedega-based Linux client. Premium graphics, good stability and performance, occasional graphical glitches from version to version but they usually get fixed quickly. Smaller install footprint, too (I dual-boot on a laptop, so this actually matters).
Excellent post. One thing I'd quibble with slightly, however, is that the "cheaper only if your time has no value" meme is most often applied to Linux when it is being recommended as a money-saver, not a hobby. If you have free time to muck around with computers and wouldn't mind learning a new OS that could be useful in the future, Linux is a great investment of your time (and I spent a substantial portion of freshman year doing just that). On the other hand, if you're trying to convince somebody to switch to Linux as a cost-saving measure relative to Windows, it's quite possible that time spent learning the OS is, in fact, lost productive time.
To put it differently, just because you'd do it as a hobby (so your time is effectively free) doesn't mean the people being encouraged to switch for financial reasons (which, as I mentioned, is the most common place for the meme to appear) are going to either have free time to do so, or find it something they enjoy enough to do in what free time they have.
TFA mentions it at some length, but only on the second page. It was rather shocking, though... Empyrean Age is a great expansion, having the game be available through Steam probably helped, etc, but I still hadn't expected such meteoric growth. It could just be a statistical anomaly - I certainly haven't seen a tripling in number of players online when I log on (it has been trending upward, but not nearly so fast). They also did (just recently) ban a number of very wealthy and influential (in-game) players for massive exploits, which may cost them a few logins from those individuals but also open up power vacuum for those who want the corporations they used to lead, or the space that those corporations can no longer afford to hold.
I'd say it's a bit more analogous to the difference between 2000 and XP (which had a fairly similar release interval, as well). The interface change isn't as radical, and hardware requirements haven't increased, but otherwise it's the same idea. Take a functional core, improve it slightly while maintaining full compatibility (bump the version number by .1 to indicate this), improve the interface to better appeal to the mass-market, add just a few really substantial features but a good spread of small ones, and release it as a whole new OS.
It worked great with XP, and while 2000 was not nearly so reviled as Vista, ME (which is what most upgraders were coming from) certainly was. I can't say for sure whether MS will pull it off again, but it's quite possible. The pre-release builds are certainly very impressive.
Mod parent -1, Problem Exists Between Keyboard And Chair.
Seriously, don't give anybody who doesn't know how to use a computer (i.e. your friend's daughter) an Administrator account. If some idiot with full privileges wants to install some Trojan-infected P2P program (or run such an infected program that she downloaded from somewhere) it is actually the OS's job to allow, not prevent, this.
Seriously, these are Trojans, not worms or even classic viruses. They are simply programs that do something else beyond what you think they do. It's not a security breach in the OS. It doesn't require any privileges beyond what a normal installation on any system (including Mac or Linux) needs. If you explicitly run malware on your system - which is all a Trojan is, malware that you have to tell the OS to execute - you're hosed on *any* general-purpose OS provided that you have the necessary credentials.
This kind of thing is not even remotely Microsoft's fault, and the same kind of crap exists on Linux and OS X as well. It's the easiest kind of malware to write, and it's literally impossible to be immune to it and still have a general-purpose operating system that you have control over (i.e. Admin/root privileges). The only preventions are limited permissions - otherwise, the OS has no way to tell that you *didn't* want to modify it to prevent Windows Update for some completely legitimate purpose.
A few that I'm aware of, but that are mostly behind-the-scenes:
A few that will be useful to enterprises or anybody who needs the features:
A few more that nearly everybody will see:
There are many others, but those are all that come to mind at present.
Actually, I believe 2000 couldn't always fully clean up after a crashed application, eventually requiring a reboot if you had to terminate programs. Of course, you had to reboot every patch Tuesday anyhow.
Vista (and Win7) are able to apply most patches (kernel and certain other central components aside) without rebooting. I've gone for 3 months or so, installing all patches, without rebooting. No previous home/workstation version of Windows could do that. (Server editions are somewhat better, though still similar to their contemporary client edition.)
I've managed to BSOD 2000, XP, and Vista. Vista it was using some really screwy and unsupported drivers/driver configurations (beta driver versions, or XP drivers that weren't to stable to start with shoehorned into Vista's kernel). 2000 and XP could be BSODed by sufficiently misbehaving user-mode software on completely stock and MS-approved drivers. Vista certainly has its faults, but downtime - unexpected or otherwise - is not one I've seen on a properly configured system.
Of course, proper configuration means, among other things, reformat that OEM shit straight off and do a clean install. The difference in performance, stability, and general bugginess between OEM images and clean installations is astounding. The difference in user opinion of Vista is fairly similarly divided.
Of course, you might be forgetting the way certain vendors (*AHEM* Intel *AHEM*) did NOT meet the original versions of the requirements, then forced Microsoft to change them... resulting in either computers that claimed to be "Vista capable" but couldn't run Aero at all, or those that claimed to be "Vista Premium capable" but ran Aero like crap because a lot of their graphics stuff was still handled by the CPU.
Not saying Microsoft was blameless in that one - they should have stood up for their customers more strongly - but when you've got major manufacturers and major assemblers/retailers demanding that the sticker requirements be reduced, and *technically* Vista does run on them... Well, I still disagree with what they did, but I can see why.
As I'm not a domain controller, I can't speak on the Group Policy stuff (with regard to UAC, Win7 does have some new GP stuff elsewhere taht I know of). However, UAC is actually already configurable through the Local Security Policy (accessible through the Administrative Tools menu).
One recommendation I always make to people who've always run as Admin, can't imagine doing otherwise, and can't stand UAC is: don't turn it off (making everything run with Admin privileges again) but instead use the Local Security Policy to make it so that privilege elevation is granted automatically (without prompting). This is less secure that prompting, but still much better than running everything as admin always.