General discussion


The Great Myth - Windows that lock properly

By Deadly Ernest ·
Microsoft Windows has been out in its many variants for over 20 years. The first versions were overlays on DOS and had very good security compard to the current versions. Why does it seem impossible for Microsoft to write a new version without including most, if not all, of the vulnerabilities that were found and patched in the previous versions?

Some think this is laziness, other see a conspiracy. I don't know which, but it is bloody annoying to have to spend a lot of time keeping up with the vulnerabilities and loading the patches.

Yet each version is touted as being the most secure yet, then within weeks we have the patches for previously known faults. Soon we are told we can expect to see the first fruits of the MS involvement in Trusted Computing and that this new software will be totally secure and have a big brother tie that will make Orwells 1984 look liberal and open minded.

This leads me to ask some questions:

1. Does anyone really think that MS will get this right with no known vulnerability types at time of launch?

2. Does anyone really expect that they can trust MS with the centralised data that they say they need to make the Trusted Computing to work?

3. Is there any real corrolation between the current lock down on software etc by MS and the movement by small business to Linux/Unix systems?

Thoughts and comments on these points are most welcome. Yes I know I have thrown the cat amongst the pidgeons on this, please try not to throw too many more in.

This conversation is currently closed to new comments.

28 total posts (Page 1 of 3)   01 | 02 | 03   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

in all honesty

by Jaqui In reply to The Great Myth - Windows ...

microshaft is not capable of producing anything worth using.
and they are incapable of producing secure code.

Collapse -

Oh some people like them

by Deadly Ernest In reply to in all honesty

Since you are in Vancouver I may be able to get away with saying that some people like M$, like those guys a few years back that just LOVED to play with MS Flight Simulator whilst learning to fly into buildings - seems the simulator did not include the instruction 'Always park on the runway'.

Less seriously I always found it funny that certain games manfuacturers made the PC version of the game to run on MS yet if you bought the network version it was designed to run on a Linux server.

Collapse -

MS vs Unix/Linux

by ~Omega~ In reply to in all honesty

Honestly, I'm getting irritated by all these people who tout their opinions as truths. Windows has time tested and popular support from consumers to back up the claims it makes. Linux has nothing but a bunch of people who like to fling mud at a good product.

Of course, windows has flaws. If you wrote a product with the same capabilities, under a deadline, you'd probably come up with some flaws as well.
The difference is, while Linux supports a product for a few months, then throws it's code to the consumer to troubleshoot, fix and recompile, Microsoft *EMPLOYS* people to do that for you. I seriously doubt Linux is flaw free... It just have fewer people to exploit, so it isn't the center of attention for hackers.
Not to mention that MS has a huge balancing act it has to maintain between security and usablity. The two are relativly mutually exclusive.
I am the first to point out that Microsoft has flaws, but I'm not so quick to throw it in the trash.
This is not to say that I don't think Linux is a great product as well. There is room for more than one operating system in this world, and I personally don't want my customers using Linux. I would be over there everyday teaching them how to use their computers!

Collapse -

But Brent

by HAL 9000 Moderator In reply to MS vs Unix/Linux

The really juicy things to attack are the Internet Nodes the main 13 of which are on US soil and not one of them uses a Windows Product on it.

Then there are the financial institutions which have billions of $ in different currencies flow through their systems on a daily basis again none of these server units run Windows or any M$ product for that matter.

The very first case of Hacking was into the Melbourne Universities Mainframe which of course ran Unix and from there those individuals could run rampant as there just was no effort placed on security back in those days and what made it even better was that there where no laws being broken.

But when you look at what happened back then they spoofed valid user accounts and then created their own so that they could have permanent access to the network.

As for this "Windows has time tested and popular support from consumers to back up the claims it makes. Linux has nothing but a bunch of people who like to fling mud at a good product."

With the bulk of the software houses only writing apps for Windows machines what else can you expect? Ask any of these users if they have had any down time and they will reply "YES but that was required by the System to do Such & Such."

Ask them have they ever experienced a intrusion and they will reply sometimes "Yes but that was because I didn't do such & such."

Ask them has a Windows patch or Hot Fix ever broken an OS or application and their answer is always YES!

"Of course, windows has flaws. If you wrote a product with the same capabilities, under a deadline, you'd probably come up with some flaws as well."

I just love the bit about Deadlines when was the production version of Longhorn supposed to be a production reality? M$ deadlines are nothing short of a joke I can still remember some guy getting really upset with me for being Flippant when I suggested that he not wait for Longhorn to hit the markets as he was being serious and I was joking at his expense, that was now about 18 months ago!

I'll leave the rest of your rant alone as really it is at best not worth the effort and at worst ill informed. But I do have to say this I attended the Launch of 2003 the very first M$ Product to be released after their much touted "Trusted Computing" was announced and we where all told that this was a new product from the ground up and complied with every specification of the "Trusted Computing" that M$ had introduced so that their customers could have faith in their products. Within 2 weeks there was a Patch available for 2003 ES and as it was a "Critical" one it sort of left a sour taste in my mouth after listening to their "Hard Sell" about just how great it actually was and just how much they had improved the Base Code.

Now part of the problem is that M$ writes code to be used on as wide as possible array of hardware and even XP has a basic requirement of a 300 MHZ CPU with 128 MEG of RAM which by any standard is positively geriatric so why are they supporting this old hardware when it isn't possible to buy now days new? The OS that ran perfectly on this stuff is no longer supported and that was either NT or 98 if M$ considers this obsolete software why is the hardware still supported? Why does each release of Windows get bigger and have more eye candy but doesn't address the very basics that so much time and money have been spent on addressing on previous versions?

Why are M$ Product Life Cycles so short? Currently we will soon be reaching the 5 year limit on XP where full patching will no longer be supported but right at this point in time there is no replacement for XP! The 5 year limit should arrive just about the same time as whatever Longhorn is called is released and there will be no time to allow us to fully test the new offering so we can come to grips with it before deploying it on a wide scale Business base if the Business actually want it. They didn't want to move away from 98 Se to Y2K or even XP and while 98 and XP where being sold side by side 98 was the one winning in the sales area this came directly from a M$ Partners meeting and was their excuse for stopping production of 98 but then allowing the retro installing of 98 if we sold a copy of XP Pro. I really have no idea of just how many XP Pro pieces of software that I have sold that will never actually be used but I'm doing as I'm told and fitting the XP Pro COA to the box and loading it with 98 or NT4 depending upon the need of the business.

With the release of XP the activation was a real pain for me as I have a unit there that I test new Hardware on and I was constantly having to reactivate all the M$ products loaded on it every time I changed or even fitted for a few hours of testing 3 or more new products. That was a nightmare as at least once a week I was reactivating all the software even though the computer had been returned to its original configuration, since then I now only use Volume License stuff and even buying that isn't an easy task as I have to order it in and then wait at least 1 week before it arrives so I can then pick it up or wait another few days until it eventually gets freighted out to me.

While it fixed one problem it has introduced several more that where unexpected and unwanted. Now every time that I install a Service Pack I have to ring M$ and get a new Product Key as for some reason the ones that I've been given just are not acceptable to the Service Packs, at least with SP1 you where told about the problem before you actually installed the pack but with SP2 that didn't happen and you only found out about the problem the next time you logged onto M$ Web Site to down load a bit of something and you where denied the opportunity because the M$ Server wouldn't accept the product key that I had obtained from M$ before applying the previous Service Pack.

It is really expensive, time consuming and a waste of time having to ring M$ for a new Product Key wait at least 1 week while they E-Mail you one after putting you through the grinder to prove that you really bought the thing in the first place and generally making you feel like someone who is stealing from them and then you have to change the Product Keys on all the computers which is another thing that M$ doesn't pay for but which they cause.

Anyway Rant Finished no malice intended! :)

Col ]:)

Collapse -

You sure like to hear yourself talk, don't you?

by ~Omega~ In reply to But Brent

My apologies, of course you are right. It is appearent you know everything.

Collapse -

Glad to see that

by HAL 9000 Moderator In reply to You sure like to hear you ...

You realize this.

Is that enough or do I also have to add a "Sarcasm Alert" as well?

Col ]:)

Collapse -

you really need

by Jaqui In reply to MS vs Unix/Linux

to look at the open source model if you think it's supported for a few months then tossed to the people to deal with.
it's always the people, and a new version of the os every 6 months.

hmm, a 6 month product cycle.

ms uses a 5 year cycle..

how does linux / *bsd, irix, unix do it?
beat ms by 4.5 years in product cycle?
ms pays 20 thousand programmers at most

open source has 20 million.
( 20 million linux users, add the other open source and the number climbs )
take a look at the newer releases, all the features winders has, with very few vulnerabilities.

guess those millions of prgrammers get it done better than ms thousands do.
more yes fixing code, 24/7 progress on code quality.

ms can't win in a quality battle.
they can't afford the same number and time for programmers that the open source operating systems have.

Collapse -

Driver Support

by rkuhn In reply to you really need

If Linux has so many programmers at their disposal, then why such lame driver/device support from Linux?

And don't give me that proprietary/vendor crap.

6 month product lifecycles are a pain in the rear especially when updates are so frequent yet can't even detect my printer.

Oh yeah, I guess I could read for a few hours and mod something, or I could just let Windows detect and install it for me...

Collapse -

actually . . .

by apotheon In reply to Driver Support

There's awesome driver support. The problem isn't lack of driver support in general, but lack of driver support for certain specific things that are somewhat common. The example to beat all examples is the Winmodem which, as referenced in the name for it, was designed specifically for Windows.

Wireless cards are neatly handled by ndiswrapper. Video cards are well-supported by kernel modules installed when the OS is installed.

Meanwhile, I've lost count of the number of times I've seen problems arise with Windows trying to install the wrong drivers for something, and refusing to let someone simply install a driver from CD.

Finally: Why not mention the proprietary drivers offered by vendors?

Collapse -


by HAL 9000 Moderator In reply to Driver Support

Would you like me to list a range of devices that Windows will not host?

Not the newest ones but the tried and tested things like Video Capture cards. The Life View ones are not detected by XP on install and nor are the newer Sound Blaster Sound Cards. A lot of the Video Cards will result in default installs and require a driver upgrade from the maker not MS.

Col ]:)

Back to Windows Forum
28 total posts (Page 1 of 3)   01 | 02 | 03   Next

Related Discussions

Related Forums