OSNews

>"Why would anyone recommend users to buy a new computer from a certain company instead?"

Unless..."



UNLESS MAYBE THEY"RE ON APPLE'S PAYROLE!

or maybe its just they considered that Macs are more user friendly and have more productivity software available to consumers.

Edited 2006-07-05 17:53

I don't wish to make argument, but do you expect a basic computer user to download an ISO (or 5), burn it to disc, then _install_ an OS, especially one with less hardware support than the OS they had before?

Also people think that when their virus ridden machine breaks down, they have to get a new one

But if a user could walk into a Linux-store and buy a machine with it pre-installed, then by all means. This is what linux needs more of.

If you can expect a normal user to download massive amounts of music and videos, using bittorrent, kazaa, bearshare and the like, and then burn them to CD/DVD, then sure, they can download and burn an OS install to DVD

And in the meantime, keep getting the PCs that run Windows infected? What a piss-poor idea. Or buy products to remove the malware? Still a poor solution.

People are not utilizing these security measures and they shouldn't have to think about it. Fortunately, on XP and OS X this stuff is on by default.

You can only do so much for security outside of a managed environment run by competent people. Maybe this is what we need more of: companies that sell remote management services. You join their service and they back up your files and install a new company image on your machine, giving you a User-level account. You connect to the network whenever you need administrative tasks performed or to perform regular (automated) backups of your data. You get your software from the company's repository, which they vouch to be safe.

But the privacy concerns are immense. And too many people want to admin their own machine, even if they don't know how.

Yes. By definition, malware either works around existing security mechanisms in systems -- or it dupes users into running unsafe processes. No system is infallible and/or can address both of these attack vectors. Education is vital, regardless of how good the underlying security system is.

OS X isn't more secure overall than Windows?

Did I understand you correctly?

Did I understand you correctly?

No you did not understand him correctly. Try it the other way, he is saying that OS X is more secure overall than XP.

Ask a clarifying question, get modded to the basement... Here's a +1 to help your aches and pains.

@jbauer

The only long term solution that is going to work is to educate users, although it's certainly the most difficult to achieve, as it usually happens.

When did users get good at doing regular backups? I still have to twist arms to get people to install updates.

Microsoft has never had any focus on educating users but has spent far more time trying to showoff Windows as something you don't have to learn, something that'll just sort of work for you.

You're not going to get Microsoft to educate users, it'd not be in their best interest as the only option most users see available.

The only long term solution that is going to work is to educate users, although it's certainly the most difficult to achieve, as it usually happens.

Sorry, but that won't occur; if people were willing to learn, listen and take on board advice, people wouldn't be running Windows - End users would know how to install Linux or *BSD without any problems, they would be reading books on how to automate things via using script.

The simple fact is, end users are lazy, and think that the computer is some magical device that sits there and works miracles, without them needing to learn a thing - thank Microsoft and to a less degree, Apple, for promoting the 'keep the users stupid' mentality.

If end users were forced, from day one, to learn the fundamentals of computers, we wouldn't be in the malware, virus ridden, trojan prone situation which the IT industry is in now.

The simple fact is, end users are lazy, and think that the computer is some magical device that sits there and works miracles, without them needing to learn a thing

I've seen this excuse used time and again to explain away badly designed software, but I've never met an end user who fit the definition.

Hell, I design operating systems, and I prefer using XP on my laptop to any Linux distro.

My reasons are simple, pragmatic, and coherent: The software I need on a laptop runs well on XP and much of it isn't available on any Linux distro.

I've seen this excuse used time and again to explain away badly designed software, but I've never met an end user who fit the definition.

Well obviously Mr Operating System Designer, you've never trained end users, and seen that end users simply parrot steps rather than actually learning the fundamentals behind them.

As soon as something has been switched around, they're lost; if they knew the fundamentals, they could easily adapt to those changes, and start working again.

As a so-called 'operating system designer' you should know that end users simply learn the step by step process of getting something done, but the fact is, the never actually learn the process itself.

If end users were willing (which most are not) to learn even the most *basic* and *fundamental* things of security, we wouldn't have a whole industry dedicated to creating the various bits of crap which are included with computers, but end users have demonstrated by their lack of any proactive moves, that they don't want to learn.

Hell, I design operating systems, and I prefer using XP on my laptop to any Linux distro.

My reasons are simple, pragmatic, and coherent: The software I need on a laptop runs well on XP and much of it isn't available on any Linux distro.

For a so-called 'operating system designer' you do seem to confuse security, computer fundamentals with software availability; we aren't talking about software availability, we're talking about the end users unwillingness to learn about the fundamentals of information technology and how they can use that information to make their computing experience more secure.

May I suggest that you also learn what an example is, as I used Linux/FreeBSD as an EXAMPLE not as a definitive step that end users should take; end users can have secure environment with Windows XP, simply by LEARNING the fundamentals and sticking to best practices in regards to computer security.

Well obviously Mr Operating System Designer, you've never trained end users, and seen that end users simply parrot steps rather than actually learning the fundamentals behind them.

Bad guess.

Anyone who has taught has done that, and it's not limited to computer users. The users who behave that way are rarely, if ever, "lazy".

As a so-called 'operating system designer' you should know that end users simply learn the step by step process of getting something done, but the fact is, the never actually learn the process itself.

And only computer geeks thing this should or can be 'fixed' rather than fixing the system so they don't have to learn "the process".

I don't understand the process by which my car operates. I haven't understood it since the first car I bought with a complex electronic ignition system. I've never had to understand it. I understand "turn key until engine catches."

That doesn't make me "lazy". It makes me a tool-user. Until geeks get it through their heads that tool-users are not interested in the underlying process but only in the result of using the tools, they will continue to blame users for their failure to design usable tools.

end users can have secure environment with Windows XP, simply by LEARNING the fundamentals and sticking to best practices in regards to computer security.

This is true. And the problem is that far too much has to be learned. Here's how I keep my car sufficiently secure: i lock the doors when I'm not in it. That's pretty much the fundamentals of automobile security.

It would take a large essay to describe the fundamentals of computer security, even for relatively secure systems like FreeBSD.

One of a designer's jobs is to isolate the end user from the complexity of the tool. This is the one that people who blame the user are trying to avoid doing.

That doesn't make me "lazy". It makes me a tool-user. Until geeks get it through their heads that tool-users are not interested in the underlying process but only in the result of using the tools, they will continue to blame users for their failure to design usable tools.

The car analogy is probably not a good one here. Pretty much everyone I know who has a car wishes they understood a bit better how it worked, if only to know that they're not getting shafted when they go see the car mechanic!

One of a designer's jobs is to isolate the end user from the complexity of the tool. This is the one that people who blame the user are trying to avoid doing.

That is true in certain cases, but not always. Some applications, such as 3D modeling/animation, need to give access to all parts of the tool to the user.

The best tools are those that adapt to the user, i.e. give the user access to as much complexity as they want/need.

You'd rather listen to Norton (Symantic)'s advice?

Sophos a company that makes AV products suggesting that users change to an almost virus free OS – Isn't that a bit like turkeys voting for Christmas?

Well, between the possible improvements to Vista, and the launch of OneCare, Sophos is looking at a serious slimming down of its customer base.

The handheld community weren't fooled by the AV software houses' attempts to push them into buying their gear. Linux users aren't really really big on buying software and subscriptions.

So that leaves MacOSX. And of course, the lack of viruses/malware on that platform are going to be a bit of a problem; unless you can get the user base to a size where the virus writers reckon its worth buying the equipment and putting the effort in. That would give Sophos a new market to aim for, and their new customers will look kindly on the outfit that recommended Macs (Sophos) rather than one that tried to tell them that their OS has vulnerabilities (Symantec).

Yes I’m sure you are right, and Mac users aren’t frightened to put their hands into their pockets (not like all those fake Windows running Avast or AVG). Though with Mac OS I’m sure there will be less viruses (viruses that trick users into running them as root), and Sophos will develop more products for the Mac that protect users from themselves, social engineering tricks, rough websites etc.

I’m sure that virus writers will also increasing move into these areas as well.

Well there are evidences that WinAPI is very unsecured. Writing virus or trojan horse is much more simple for Windows that for MacOS X & that's one of many reasons why there is so many of them i think

It has nothing to do with the winapi, it has to do with the fact that IE is totally integrated into windows explorer, and that normal users run as administrators. Couple that with the amount of spyware installed by P2P apps like Kazaa (a huge #, I believe) and it leads up to a very insecure setup

Ofcourse You are right that IE integration, runing as administrator by default etc. are veeery good reasons. But WinAPI itself too. Everyone who deal with security will tell You that. There are some errors, that can't be repaird because then many apps will stop working because of compatibility problems. & those errors are known for years now, but MS, goverments, corps etc. etc. just don't talk about it, because it is very danngerous thing for them, for whole network where Windoze computers are.

The WinAPI is no more or less secure than any other API. They all have loads of bugs that lead to buffer overruns, which is what the security firms spend most of their time tracking.

<<Everyone who deal with security will tell You that. There are some errors, that can't be repaird because then many apps will stop working because of compatibility problems. & those errors are known for years now, but MS, goverments, corps etc. etc. just don't talk about it, because it is very danngerous thing for them,>>

Yeah, a lot of people say this, but there's no real evidence for it.

True, however there's a lot to be said about making a file executable simply through its file extension.

I do agree that social engineering is still the weakest link.

Having a .exe extension makes it very easy to spot. If you had to make some kind of permission change, then folk would do that and run the program anyway.

And even XP warns you about running executables that you download.

All they will ever be able to do, is minimise the damage caused by rank stupidity ... :-(

Most .exe or indeed .doc parts are hidden by default, and it's not that hard to call a file nakedAnnWidacomme.jpg.exe anyway.

Having a .exe extension makes it very easy to spot. If you had to make some kind of permission change, then folk would do that and run the program anyway.

Every additional steps help make the system a little more secure. And, as others have mentioned, WinXP hides those file extensions by default, another bad security decision. I hope they change this in Vista.

All they will ever be able to do, is minimise the damage caused by rank stupidity

Yes, that was my point.

yes there is
running code without prompting
so many executable types
wmf
virii which uses parts of the operating system itself to infect other operating systems and make it hard for a user to remove due to the nature of it
setting up administrator accounts with no passwords
services running like messenger, remote registry service, ssdp, remote desktop, by default whether needed or not

social engineering comes into play for a lot of it no doubt, but windows makes it easier to perform the attack once you trick users with the social engineering.

Every one of those things, or their equivalent, has happened to Unix-based OSes.

"running code without prompting" was first notoriously shown as a bug on an IBM OS back in the bitnet days, when the christmas card virus hit, for example.

My personal all-time favorite was the release of BSD that went out with the debugging password in sendmail set so that anyone who knew it could obtain root on any BSD system with that release on it that hadn't been patched.

Followed rapidly by all the consumer wifi routers that no one changes the default administrative password on.

and the BSD releases that don't set a root password at install time and don't require you to set one.

and the Linux distros that have installed and enabled apache/php without patches for well known php bugs.

and the text editors such as vi and emacs that will automatically execute scripts embedded in files you edit.

and....

You can read all about here:
http://www.sophos.com/pressoffice/news/articles/2004/06/pr_uk_20040...

The timing of this press release seems to indicate some sort of connection ....