General discussion


The Great Myth - Windows that lock properly

By Deadly Ernest ·
Microsoft Windows has been out in its many variants for over 20 years. The first versions were overlays on DOS and had very good security compard to the current versions. Why does it seem impossible for Microsoft to write a new version without including most, if not all, of the vulnerabilities that were found and patched in the previous versions?

Some think this is laziness, other see a conspiracy. I don't know which, but it is bloody annoying to have to spend a lot of time keeping up with the vulnerabilities and loading the patches.

Yet each version is touted as being the most secure yet, then within weeks we have the patches for previously known faults. Soon we are told we can expect to see the first fruits of the MS involvement in Trusted Computing and that this new software will be totally secure and have a big brother tie that will make Orwells 1984 look liberal and open minded.

This leads me to ask some questions:

1. Does anyone really think that MS will get this right with no known vulnerability types at time of launch?

2. Does anyone really expect that they can trust MS with the centralised data that they say they need to make the Trusted Computing to work?

3. Is there any real corrolation between the current lock down on software etc by MS and the movement by small business to Linux/Unix systems?

Thoughts and comments on these points are most welcome. Yes I know I have thrown the cat amongst the pidgeons on this, please try not to throw too many more in.

This conversation is currently closed to new comments.

28 total posts (Page 3 of 3)   Prev   01 | 02 | 03
Thread display: Collapse - | Expand +

All Comments

Collapse -


by Deadly Ernest In reply to 1, 2 and 3

finally someone actually amswered the questions instead of making general comments and assertions.

Collapse -

Sorry I thought it was a rhetorical question

by HAL 9000 Moderator In reply to The Great Myth - Windows ...

1 No Way in Hell. I've actually been known to say that something is about as likely of happening as it is that M$ releases a product that works the way that they claim.

2 NO. NO. No. No. NO. NO. NO. NO. to the 100000000000000000 power!

3 Most defiantly.

Since its inception M$ has constantly shown that they are untrustworthy in any form whatsoever.

There is only one certainly with anything M$ it will be bigger require more system resources and have even more "Undocumented Features" than the previous version of whatever it is that you are looking at at the time that comes from M$.

Even if you where stupid enough to actually Trust M$ with your information and they only used it for their own purposes which would be forced upgrades and constant residuals you can not trust their infrastructure as it is unsafe and has been hacked on numerous occasions so any data that you are silly enough to send them should be considered as Public Domain.

The data that I provide M$ as a Certified Partner is from my prospective advertising only so I only give out what I would place on a business card.

Does that go some way to answering your question?

Col ]:)

Collapse -

Yes thanks

by Deadly Ernest In reply to Sorry I thought it was a ...

kind of confirmed what I thought - but will have little effect on what happens.

What does worry me is that when the Trusted Computing concept was first floated by MS under another name (Paladium I think) they stated that any machine using the new system would be safe to communicate with any other machine using the system and that they would ensure that no contanimated systems would infect the system by making it impossible for the older systems to talk to the new systems and you could not turn off the checking system. This caused a furor and the Trusted Computing concept came out saying that you would be able to turn it off, but again it would only talk to a 'trusted' machine whilst TC is turned on.

This still leaves me wondering how all those millions of poorer people who use older systems and software will be able to use e-commerce since they probable wont have 'trusted' systems until about 7 years after their release (based on current trends. Thus about 80% of home uses wont be trusted by the big companies with the new systems. Methinks many millions being spent on hardware and software capabilities that will only be of use to a few govt depts - thus they should not be built in but add ons.

Collapse -

I think that the 7 year time frame

by HAL 9000 Moderator In reply to Yes thanks

Is very conservative as I still am building new 98SE Boxes as the companies don't want to upgrade their existing software to the newest one out. So a lot of the new box that I sell has a nice XP Pro COA on its side and is loaded with 98 SE I don't think that a single one of these Volume License products will ever be actually used unless they decide to use XP Pro when Vista hits the market.

The whole thing is a mess and it's getting harder to deal with every day.

Col ]:)

Collapse -

You must be balanced with the Force.

by humbletech99 In reply to The Great Myth - Windows ...

They're both good and bad products, depending on what you look at.

If linux user base approaches microsoft's, I'll bet anyone on the planet my entire life savings and even my life (I'm so confident that this is true) that there will be more security vulnerabilities and in increased frequency found in Linux AND the software that runs on it (don't forget that).

Give credit where its due, they're both good enough to have millions upon millions of users, servers etc. so they can't be that bad, there's just always room for improvement, being the greedy humans that we are, we want more... forever.

Let's give the software developers on both sides a pat on the back (they're excellent people) and say keep up the good work and we'll get there!

Positive encouragement, please, people...

Collapse -

Your life?

by apotheon In reply to You must be balanced with ...

It's a good thing I'm a nice guy. I won't require you to give up your life when your prediction doesn't turn out to be accurate.

In fact, you're too late: it's already inaccurate. Take a look, for instance, at the comparison of Linux webserver systems as compared with Windows webserver systems. Linux/Apache systems make up something like 60% of the webservers, and Windows/IIS about 20%, as I recall. Somehow, Windows/IIS ends up being the most exploited, most vulnerable webserver implementation on the market.

Maybe we should look into DNS. Linux outnumbers Microsoft there, too, and Microsoft gets the lion's share of exploits.

How about mailservers? There's a greater percentage of mailservers running Sendmail (rather than Exchange) than the percentage of browsers that are IE now, thanks to the influence of Firefox. Exchange is the most-exploited mailserver, though.

Perhaps we should compare Squid proxy servers to MS Proxy Server, or version control system servers between Linux and Windows, or engineering workstation systems in aerospace engineering (sensitive government-related systems), or rendering farm servers in the movie industry, or . . . well, you probably get the point by now. In all those cases, the Microsoft solution is FAR outnumbered, but always gets most of the exploits.

Windows has its uses. Those uses are not security-related. You really should recant on that "bet my life" bit.

Collapse -

Horses for courses

by Deadly Ernest In reply to The Great Myth - Windows ...

I see that we are starting to get into the 'which is better' debate - again. For those who have not been keeping up with the surveys etc, a few points - and no I do not remember the bloody URLs for them so please don't ask. What I have seen during 2005 reinforces the trends from earlier years. NB Market share changes are usually based on percentage of market share - can be misleading as the market is still growing. Often a reduced percentage can still represent a real growth due to a high market growth rate.

In the desktop software area MS is the clear leader but still losing more market share to Linux each year- the rate of change is increasing.

General office apps is mostly MS with them losing more market share each year to Linux and Lotus. Especially so in regards to mail servers.

There are more Linux Internet and general system servers than any other O/S followed by Unix and then MS - common reasons cited being dependability followed by better security.

For special embedded software apps - Linux is the O/S of choice as it uses less resources and is easy to adjust for the specific use; about 75% of the market in one survey.

Some serious vulnerability studies of several Linux distributions and their MS equivalents shows that MS, at time of release, were far worse than the Linux equivalents released at that time. Another point found was that when the Linux suppliers fixed a vulnerability it did not appear again in later versions. MS tend to shoot from the hip with fixes and patches that often cause other troubles; whilst the Linux community takes more time in preparing the fixes and appears to test them better. This results in the Linux fixes taking a bit longer but being a better quality fix, that is longer lasting. the down side is that not all Linux distributors cooperate closely re the making and inclusion of fixes. Up side is that each new kernel includes all the known fixes.

Both camps have problems re drivers - the biggest complaint against Linux is that the hardware manufacturers do not always write Linux drivers for their gear so you have to wait until the general community does it. The biggest problem with MS is that their software automatically thinks that any MS generic driver is far better than anything specially written by the manufacturer and will automatically 'fix' the faulty driver by replacing it with the generic. This 'feature' cannot be turned off in MS but can be turned off in Linux.

People should be closely looking at what they want out of the system and then choosing the best OS to suit their needs and budget - often the needs will revert around compatibility with other software or people, and that is where MS tends to keep market share - people not wanting to change from a known beast.

Collapse -

Vista virus !!

by lastchip In reply to Horses for courses

Today it has been announced, "Second Part To ****", a virus writer, has the dubious distinction of being the first to publish a virus for Vista.

Trust Microsoft with anything; Dream on !!!

Back to Windows Forum
28 total posts (Page 3 of 3)   Prev   01 | 02 | 03

Related Discussions

Related Forums