http://www.osnews.com/story/9654/Darius_Guide_to_Windows_2k_XP_Desktop_Security Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Mon, 06 Jul 2009 18:31:41 GMT http://www.osnews.com/images/osnews.gif http://www.osnews.com http://osnews.com/thread? http://osnews.com/thread? Rule #5 is redundant as it was already pointed in in rule #2. I guess he really meant it. And of course the last one, 10, was a placeholder.

These tips are very sound, but I think the author over simplified the whole process. Doing all those tasks could easily take an hour or two at best. But once it's done, it's done.

I'd also like to suggest using a third party email checking program that simply reads the headers rather than downloading the whole message. There are plenty, and for all platforms, I'll refrain from mentioning any names so not to be an ad. I've been screening my emails for the last 5 years and it works great. I do feel sorry for AOL users though... don't know if there's any help for them in this area. POP3 email accounts are very easy to keep clean. Like I said, preview the mail and delete offending ones before downloading them into your computer.

Proxomitron is a great content filtering proxy. Not only does it keep certain things out it makes surfing faster and less annoying with flashing ads.

Typical reaction from users would probably sound like: "why should I have to go through so much work just to stay safe on the computer?"

Well... do you put on your seatbelt when you enter a vehicle? Check mirrors? Etc? Maybe it's just because most of us spend so much time on a computer we don't seem bothered to stop and spend a few extra seconds doing safety precautions. Tue, 08 Feb 2005 22:28:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Nice one Darius. I have to agree, what ever gets the work done.

Gotta agree it far easier to use a separate router/switch some of them come with firewalls(software) but they work very well.

I seen alot of users use KazAa which can lead to all kinds of problems. Tue, 08 Feb 2005 22:29:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Set up a hardware router/firewall: This isn't nearly as difficult as it sounds. In fact, you can walk into just about any computer electronics store and pick one of these up for about $30.

say i just purchased Windows XP Pro from a reputable retailer who charges MSRP. it cost me $299. now you're telling me i have to buy a $30 hardware add on to protect myself on top of it?

what if i'm still a dial-up user? do i need a router with a modem in it to protect me from the outside world?

if you require a piece of hardware between your OS and the internet, your OS probably isn't ready for the internet.

not critiquing your piece. it was good simple, and i agree with most of it. just pointing out that you shouldn't have to put up with that crap. Tue, 08 Feb 2005 22:29:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Well if you read the intro of the article it does stipulate that its aimed for broadband users, so technically you do need some piece of hardware between you and the internet, and hardware there is a plenty. Tue, 08 Feb 2005 22:33:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? I believe this is probably the only safe way to run windows, on a virtual machine! Also, you should probably use VPC on Mac/VMWare on Linux instead of VMWare on top of windows (due to security concerns).

Also, it is necessary to use a less priviledged account if only to prevent accident. If a program doesn't support unpriviledged users, it is probably too old and not secure anyways. Tue, 08 Feb 2005 22:33:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? These are the rules that those of us trying to use Windows for business, rather than hobbyist purposes have learned from painful experience.

It's nice to see them compiled into an accessible form for beginners, although I'm not entirely sure the OSNews readership are the right demographic to be targeting with this level of info. Tue, 08 Feb 2005 22:34:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? ... but I already use all the manners you describe, except the hardware firewall Instead go get a 486 from a trashcan and install Smoothwall on it with 2 LAN cards or an 1-floppy firewall Linux distro such as freesco The effect is much the same But maybe you can escape free. Also, there is the point at Sygate, and there is another free anti-virus program at www.free-av.com. Tue, 08 Feb 2005 22:36:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? windows is fine, as long as u know what ur doing, same goes with any other OS out there. Am using XP right now, and cant wait for longhorn Tue, 08 Feb 2005 22:40:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Extra points for presenting your preference for Windows without sounding like a fanboy/zealot. The right tool for the job, or the right tool with regards personal preferences - both are valid.

Personally, this reminded me that making Windows secure, though not overly complicated, is still not a trivial process. Still, I'll keep a copy of your article for the next time I have to reinstall Windows on a friend/family member's PC (which is certain to happen once or twice in the next six months...sigh...)

One question though: regarding logging in as Administrator...isn't it safer to log in as a normal user, then using "Run as administrator" for those few apps that require it? Tue, 08 Feb 2005 22:43:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Rule #5 is redundant as it was already pointed in in rule #2.

I should clarify this one. Rule #2 was meant to be stuff you do before you first get online, so you can stay on long enough to get the critical updates without getting nailed. For example, if you go online with either a hardware firewall or WinXP SP2 (or both), then you're going to be pretty safe until you can hit Windows Update and get the critical updates.
However, once you are online, you will definitely want to download and install a software firewall ASAP, per rule #5. Tue, 08 Feb 2005 22:45:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Primarily I am a Linux user, but I work with Windows everyday at the customers, because the majority here in Transylvania still uses Windows. I must keep up myself even in Windows security (and I try to keep up) as well as in Linux security. Tue, 08 Feb 2005 22:45:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? jesus crist, you guys are real lamers ;]]]

I have zone alarm free firewall NA2003 and MS antispyware(free, but I think it's not necessary)
Of course, I don't use IE, firefox instead.

Is it hard to download there programs?..
Just double click........ Tue, 08 Feb 2005 22:46:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Good piece, Darius. A refreshing change from geekspeak. Nice to hear some english on this site. Tue, 08 Feb 2005 22:47:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? I hate to say it. I really do. But you can get much more secure in only FOUR steps:

1. Buy a Mac
2. Plug it in
3. Turn it on.
4. Have fun.

(Optional #1. Install Linux on a PC) Tue, 08 Feb 2005 22:53:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? He does say that if you can switch do so. This is for those of you(I am typing this from my powerbook) who can't for whatever software application reason why.

If all your doing is surfing the web, even Linux can be made desktop friendly, but there are still business apps that are windows only. With longhorn beta due in June/July this year Longhorn itself won't be ready till that time next year. So if in the next 18 months you need basic everyday functionality(surfing, email, Office, etc), get a Mac. But if you need to run Windows you need to run Windows and that's it. Tue, 08 Feb 2005 23:02:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? for microsoft to do was to allow for the download of the latest patches onto the computer. burn to cd and then point a local variation of microsoft update onto that cd. that way i could dump the updates to cd ones and install them over and over rather then haveing to go online ever so often.

yes there are the service packs but they only cover everything upto that date. and the installers after that are all standalones that risk trampleing each other if not installed in the correct order.

basicly this is a trick one can do with most linux installs today. if you dont have the bandwith yourself, get a friend that have bandwith to mirror one of the ftps that hold a mirror of the update files for your distro. burm em on cd or dvd. bring it home and aim the package manager of said distro at the media. hit update and boom. Tue, 08 Feb 2005 23:04:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Linux isn't necessarily secure out of the box. I've had an unprotected Linux box get hacked within 24 hours of going online. Knowing a little about security and making sure that your system is protected is essential whatever OS you're using. Tue, 08 Feb 2005 23:05:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? It is actually possible to run IE securely: just create a throwaway restricted user account for IE use alone. The restricted account user can't install software and can't access files of other users, so even if IE autoexecutes any nastiness, it can't do any damage.

Of course, it's a hassle to log in as a different user just to browse the web. So we'd want to use "runas" to run just IE as a different user.
Unfortunately, MS has made running IE as a different user a little harder than necessary. Rightclicking and using "Run as" doesn't seem to work. What did work for me was the following.

Say the limited account is called "IEuser". Then create a shortcut to "runas /user:IEuser cmd". on your desktop. Double-clicking this will open a command prompt that runs as IEuser. Now you can manually start IE with "start iexplore". Or create a batchfile c:windowsie.bat that just contains the line "start iexplore" and you can start IE by just typing "ie". Remove all shortcuts to IE from you normal desktop and only run it from the restricted account. This way you can use IE without worry about any IE exploits. Tue, 08 Feb 2005 23:07:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? "Windows is an OS for power users, not the computer illiterate." Interesting comment. I wonder if Microsoft this this as well...

But serioiusly folks, here's my additional tip for keeping XP clean when I do have to use it once in a while:

Keep track of every single files installed when you do install an application. If you don't use for some reason, you can truely reinstall properly and not have tons of junk left over in the form of files and registry entries. I use Regshot 1.61e and UNDOReg to do this. No need for fancy new software. This way you can tell as well if a program is intalling more than it should, and clean it. Tue, 08 Feb 2005 23:13:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? XP, SP2, AVG, Firefox, hardware firewall/gateaway router..

Been over a year since I had to deal with spyware. Tue, 08 Feb 2005 23:21:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Don't argue, just do it. And don't use programs that aren't written for multi-user environments. Have things gotten this bad in the last two years? When I used windows I never had this many problems! Tue, 08 Feb 2005 23:43:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? It's only free for a 30-day trial. I liked it enough after trying it that I paid for it after it was up (~$20 after a student discount). Very fast and light on system resources.

I prefer it to others I've tried: McAfee/Norton/Symantec on the commercial front and AVG/Antivir/Avast! on the free side.

The other AV I've heard nothing but good things but haven't tried yet is Kaspersky. Tue, 08 Feb 2005 23:44:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? say i just purchased Windows XP Pro from a reputable retailer who charges MSRP. it cost me $299. now you're telling me i have to buy a $30 hardware add on to protect myself on top of it?

If you are the kind of guy who will pay that much money for a copy of XP then I suggest looking at nothing under $100 when it comes to a router. I mean why not be a sucker 2 times in a row ?

what if i'm still a dial-up user? do i need a router with a modem in it to protect me from the outside world?

Then just run a software firewall.

if you require a piece of hardware between your OS and the internet, your OS probably isn't ready for the internet.

If you are on broadband I can honestly think of no reason not to have a router. Far more flexible no matter what OS you plan to run internally. Tue, 08 Feb 2005 23:48:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Has anyone mentioned "Don't run as administrator"?
That should have been the first thing on the list. Tue, 08 Feb 2005 23:55:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Man what distro and when? That does suck to get hit that fast, you must have made some real enemies. I would say all Linux distros that have a IP stack turned on by default in the kernel sould have iptables setup by default with connection tracking to block all unwanted traffic. The time of starting up with 20 services by default is OVER!

Good article btw, I get alot of Windows users coming to me asking to de-spyware their box. Tue, 08 Feb 2005 23:58:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? My primary computer is a Mac, I say this because I am not too familiar with all the Windows software out there. On my PC I use Spybot S&D for a cool function. It tells me whenever a program edits the registry, so I may block it. Its either an option or apart of the RegAlyzer 1.0f plug-in. There may be another program that can do this sort of thing, but this is the one I use. its very handy. Tue, 08 Feb 2005 23:59:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? I've got the same configuration used for my XP partition (XP-SP2, hardware firewall/router, Firefox, AVG, Spybot). Despite daily checks (automated AVG + spyware checks), I haven't caught a single virus/trojan/whatever. But I have to admit I rely on my trusty iBook to fetch my emails...

I mostly agree with Darius' checklist. Maybe you could add the following tip :
(11) Avoid warez at any price, be very cautious with P2P.

The Average-Joe-User might not be warned enough about this, 'til it's too late and his box is infected. I spent months (years?) repeating this to a few friends of mine who would usually call for help because their box has gone sluggish after downloading the latest serial/keygen. Most of the time using IE, of course... To my relief, they learnt the bare minimum about safety (this sums up to Darius' ckecklist, plus my #11). Too bad for fixing evenings & offered dinners ;o)

Recently the NSA released a "Mac OS X security guide", explaining how to ensure security from install to config and daily use. Maybe it would be time for the "power users" to write such a guide for Windows XP. Tue, 08 Feb 2005 23:59:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Amen to that!

Doesn't surprise me to see Darius trying with all his gusto to make
Windows SEEM usable and easily configurable. He is one of the biggest anti-mac trolls here on OS SNOOZE. Wed, 09 Feb 2005 00:05:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? This tool is only available under Windows XP Professional, and I am surprised it was not mentioned.

Even if you have a single Windows XP Professional box, you can use this to really lock down your machine.

Start mmc, and add this tool in. This gives you an incredible view by which you can lock down almost every component on your machine.

You can even apply service ACLs with this. This means that you can set up restricted users for whoever you like, but make it so they can't shut off your AV services, or even plug in devices (if the devices use a service).

If Eugenia wants, I can write up a couple pages on how to use this .

Mitch Wed, 09 Feb 2005 00:19:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Nice job here, but just a couple things I felt could be in diff. order OR done a BIT differently, but with GOOD reason with examples:

You mention not cutting off services FIRST (or not needing to if you run a firewall which is right on, but what about BEFORE you get that software driven firewall? Yes, XP/2003 have one & it works, but others like 2000/NT/9x/ME don't natively).

So, cutting off remotely oriented services like Messenger? Are a good move prior to going online for example, agreed??

(There are other suggestions services-wise I have but that is an example that within minutes? Unprotected rigs I have setup for people online get literally in minutes victimized by... I would bet you've all seen that before too)

Anyhow, as to services cutoffs & more "massive" security tunings?

I put up a list of what the author MIGHT consider pretty 'esoteric' security & higher end security suggestions that's been out online since 1997 @ NTCompatible.com!

(& article #1 there? Afaik, is most likely the "original" out there online. I say that, since I have not seen an older one to date out online in 10++ years now... some of it MIGHT surprise you as to what you can REALLY do to "harden" an NT=based Os to-it's-potential-max, afaik)

The OLDEST Windows NT-based Os' tweak guide there is for BOTH speed & security... its latest version is here:

http://www.avatar.demon.nl/APK.html

Reading thru that for the author? Just MIGHT give him/you some things to consider adding to your article here... not all of it is THAT nutty/complex. Whole article to apply it? 1 hour work with regedit.exe usually.

One suggestion you miss, or not one I saw? STOP USING INTERNET EXPLORER!

(I hate to say that because it IS a good browser but its extensible architectures & insistence thru nags on ActiveX/JavaScripting is an opening CONSTANTLY exploited online. Even the newest popup blocker containing IE in Windows Server 2003 STILL does those damn nags about scripting... & those scripts? Are what open the doors for "Bad BHO inserts" & toolbars from malware etc. imo!)

Anyhow, nice job, take a peek at that article & take what you want from it IF you find any of it useful... & please, DO CONSIDER suggesting using Opera or FireFox rather than IE to novices out there...

(If you did suggest that? My bad man... have a good day guys!)

APK
apk4776239@hotmail.com Wed, 09 Feb 2005 00:24:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? even I'm mac & linux user, i've never had virus/spyware problem with windows either.

never needed anything else than

1) firewall
2) updates now and then
3) mozilla products instead of ie/outlook

no viruses, no spyware, nada, in the last 10 years ... got some nasty virus on floppy disk though something like 10 years ago Wed, 09 Feb 2005 00:28:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? It is not the OS, it is the user behind the console.

Most users complain that Microsoft software crashes for no reason and they do not have a fix for the problems that arise. Wrong! Every, I mean, every single error can be found and solved, with very detailed instructions. The problem is that most of those users use pirated copies, so how they do expect to have support? We all know that Microsoft prices are abusive (at least here in Brazil) but you got a company behind your back, and their support. You just have to know where to go for help: a thing that a good Linux user would do and know how to do. This kind of thing does not happen with most users because they do not have the will to learn from everything: they are there to use the computer, not to fix it; they have other things to do, computer are only another tool, not the main tool. And they are (somewhat) right in keeping this behavior. This is what make (most of) us, that work with information technology everyday, some steps ahead.

Nowadays, every script kid knows how to hack a Windows box because there is a huge ammount of information out there: the desktop OS market share is about 90-95% Windows. It does not mean by any way that Linux is secure or the software is secure either. We will only know that when Linux achieve the same space between the users as Windows does today. One thing that we must have in mind that there are a lot of software engineers that make every single thing possible in Windows. So does Linux, but it is too early for everyone.

Even with pirated copies, there is a lot of (official) information that can be used for free. Ever heard about http://support.put_company_name_here.com?

One example that happened to me: I was watching a discourse about Linux in my University. The guy said: "If MS Windows have a bug, where you can get a fix to it? You do not have a choice!" and an expectator exclaimed "Only God knows!". At that very moment, I remembered what one of my bosses once said: "God is the Internet". The information is out there, you just have to search.

I really would like to be apart from this discussion since I am not a fluent english speaker and could be easily misunderstood, but I am tired of comparisons/comments/articles saying that "security is all about the software". Wed, 09 Feb 2005 00:29:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Linux isn't necessarily secure out of the box. I've had an unprotected Linux box get hacked within 24 hours of going online.

Most distros have gotten their act together over the past two years. Linux distros are now much more secure out of the box. There was a recent article about this, I believe.

Alexander Peter Kowalski
One suggestion you miss, or not one I saw? STOP USING INTERNET EXPLORER!

He did say this. Repeatedly. May I suggest you read the complete article before commenting. :-) Wed, 09 Feb 2005 00:39:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? About the guy that said Nod32 is not free - you're right, my mistake

@retro cat
Doesn't surprise me to see Darius trying with all his gusto to make
Windows SEEM usable and easily configurable. He is one of the biggest anti-mac trolls here on OS SNOOZE.

Right, and that's why I recommended getting a Mac 2 or 3 times in the article and even provided a direct link to the Mac Mini. Just because I personally don't care for them doesn't mean I'm biased. Hell, I even tried to convince my parents to get one.


Start mmc, and add this tool in. This gives you an incredible view by which you can lock down almost every component on your machine.
You can even apply service ACLs with this. This means that you can set up restricted users for whoever you like, but make it so they can't shut off your AV services, or even plug in devices (if the devices use a service).

About MMC:
1. Most of us don't have Windows XP Pro
2. Remember, this is a minimalist guide - unless XP Pro exposes some hole that the Home version doesn't, it seems like more work than is necessary.

You mention not cutting off services FIRST (or not needing to if you run a firewall which is right on, but what about BEFORE you get that software driven firewall? Yes, XP/2003 have one & it works, but others like 2000/NT/9x/ME don't natively).
So, cutting off remotely oriented services like Messenger? Are a good move prior to going online for example, agreed??

Well, that's what rule #2 is for For example, if you have XP SP2 installed, the Messenger service is basically cut off by default. Wed, 09 Feb 2005 00:50:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? "(If you did suggest that? My bad man... have a good day guys!)"

I covered it peragrin, so likewise to you bro...

(I.E.-> Read my whole posting like you stated to me! No offense intended man, just saying we both missed more or less here!)

* We BOTH missed I think a bit... skimmers abound!

Still, that URL I post up there?

http://www.avatar.demon.nl/APK.html

Well, It's a FAR improved extension of the original article for this @ NTCompatible.com as article #1, the oldest I have ever seen online for this type of work in both "security and speed" tuning NT-based Os' & is fairly up-to-date for even Windows Server 2003 as well as the older Os, & has some WILD things in it you just MIGHT not be aware of... it IS possible!

(Website master @ NTCompatible.com? He won't post this latest one for 1 reason - it turns folks onto how to use CUSTOM HOSTS FILES, which affects webmasters incomes adversely... I don't blame him, he wants the adbanner view hits! BUT, by the same token, he understands WHY I use them - don't waste time calling out to adbanners servers & loading their ads? YOU GO FASTER!)

Not only faster, but in today adbanners even being javascript/activex script infected as have been shown this year 4x I know of alone? Adbanner blocking HOSTS files can not only speed ya up, but also secure you as well!

Anyhow - if you have time? That URL here again:

http://www.avatar.demon.nl/APK.html

Might have a few things in it of interest for the author of the article & you guys too!

APK

P.S.=> Makes sense on both our parts today we both missed what we both skimmed (myself missing IE reference & your missing me apologizing if I missed it in my original post): Today is the BIGGEST single patch download day I have EVER seen from Microsoft was today 02/08/2005... I am hauling in 12 of them as I speak/write here my man, on dialup? It's distracting & slow... ANYWAYS!!!

Oh, I got turned onto a VERY unique idea from your posts here I did a thread about in another forum here:

http://www.ntcompatible.com/thread31114-1.html

VERY UNIQUE/CREATIVE & ORIGINAL THINKING IMO! Whoever came up with that one? Could think... impressed & I learned something myself here! I may stop by again... not many forums, hate to sound like an ass, teach me new things nowadays & this one here in yours? DID! apk Wed, 09 Feb 2005 00:51:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? In addition to what Darius has mentioned here (good article btw), I have a look at these keys in the registry from time to time:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun

Some pretty nasty stuff can hide out there. I delete any keys I don't recognize...this is a favorite hideout of spyware. But, if you follow Darius's recommendations, these keys should be clean. Cheers. Wed, 09 Feb 2005 00:53:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Even easier: Use a Mac or install Solaris. Wed, 09 Feb 2005 00:54:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? My backslashes were stripped out, replacing w/ forward slashes:

HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run Wed, 09 Feb 2005 00:55:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? I can also use windows without fear by following these rules (and removing unneeded bindings in network config especially netbios, per somewhere in grc.com). But I have non-geek users in the house who won't know how to follow these rules, or will become confused when the firewall asks if it should allow a new service.

Sure, windows can survive an internet session conducted by a knowledgeable user. But I'd not call a computing environment anywhere near secure unless it can survive usage by my 10 year old, or my guests, friends, or wife. As stated in rule#1, that's difficult to impossible.

Meanwhile, this Linux box has been running 7/24 for months with several users (desktop & part-time webserver), sans spyware blockers, virus scanners, etc. The only extra I've got is a GPL'd firewall script to automate ip-tables setup and I'm reasonably confident that this box will survive a session from any of my users. Logs show no problems other than a couple of failed attempts to relay (spam I presume) off SMTP : 25 and a few flubbed passwords.

Sorry, but it would take -big- changes to convince me that Windows is anything like secure. Wed, 09 Feb 2005 01:19:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Hello Darius,

Many people DO have XP Professional, as it's also known as Media Center Edition, Tablet PC Edition, or just Professional. It is also very popular with gamers.

The pirated XP editions are all XP Professional, as the Volume License Keys like FCKGW.... are all XP Pro.

You can't lock down service ACLs with XP Home. This is critical if you want to set up nonprivileged accounts and make it so that those accounts cannot restart or delete services.

This also provides a single interface for many of the security configurations, including registry permissions, file system permissions, and user rights assignments.

You can template these and load them onto other systems, thereby reducing the time you need to configure a system to several minutes. Somehow I see this as minimal .

You can also use the Group Policy object with a focus on your Local Computer to completely customize a system in a few clicks, if you have a template.

The goal of this is to provide something that is less work in the end. You can load in and apply templates with XP Pro that automate everything you are trying to do. You can't with Home.

There are more XP Pro installations out there than you have been led to believe.

Mitch





About MMC:
1. Most of us don't have Windows XP Pro
2. Remember, this is a minimalist guide - unless XP Pro exposes some hole that the Home version doesn't, it seems like more work than is necessary. Wed, 09 Feb 2005 01:36:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Firstly, the firewall built-in to XP is quite sufficient unless you feel paranoid enough to need to know what's going out of your machine. It's been there since the original release and is - at the very least - quite sufficient for connecting long enough to download SP2 (just make sure the machine is fully booted and the firewall turned on before you actually connect to the 'net, this doesn't matter once you've got SP2 installed) and a 3rd party firewall.

Secondly, running as an admin all the time is just silly. At most, you should put yourself into the Power Users group, but ideally you want to just be a plain User. I'd be interested to know what software you've got that doesn't work with "Run As", because I haven't seen any for many years (and I've been doing the regular user/Run As thing in NT since 1996).

The only steps I take to "secure" my personal Windows machines are:

1. Enable firewall
2. Automatic updates
3. Run as a regular user
4. Avoid IE

Every now and then I'll run one of those free online virus/adware scans just for the hell of it, but they've never found anything yet.

Basically, if you follow the same steps on Windows you do anywhere else, you'll be secure. Wed, 09 Feb 2005 01:39:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Yes, I understand that's different, but is there any way in particular that you can get nailed by a virus, worm, or spyware, assuming you've followed all the rules I've outlined here? Or are you saying that your way is easier?

The goal of this is to provide something that is less work in the end. You can load in and apply templates with XP Pro that automate everything you are trying to do.

In the case of security, can it automate me downloading and installing the latest version of Firefox and Thunderbird when I reinstall Windows? And if it can, is it actually worth the effort involved, assuming you're not installing for 500 users in a corporate enviroment? Wed, 09 Feb 2005 01:45:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? say i just purchased Windows XP Pro from a reputable retailer who charges MSRP. it cost me $299. now you're telling me i have to buy a $30 hardware add on to protect myself on top of it?

No, all you need to do is enable the built in firewall (and if it's pre-SP2, don't physically connect to any hostile networks before the system is booted). Wed, 09 Feb 2005 01:51:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? These are the rules that those of us trying to use Windows for business, rather than hobbyist purposes have learned from painful experience.

There really isn't anything on that list you should be learning from "painful experience", they're things you should have been doing proactively for years (if you're "trying to run a business", at least). Wed, 09 Feb 2005 01:52:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Unfortunately, MS has made running IE as a different user a little harder than necessary. Rightclicking and using "Run as" doesn't seem to work. What did work for me was the following.

It works fine, it's just the (default) IE Desktop icon is "special" (like the Recycle Bin or My Computer) and not a shortcut. If you just right-click -> "Run As" from the IE shortcut under Start -> Programs or in the Quicklaunch bar it works fine.

With regards to making a permanent Run As shortcut for IE, use this as the shortcut command:

runas /user:IEUser /savecred "C:Program FilesInternet Exploreriexplore.exe"

It will prompt you for a password the first time, but after that will just start up immediately.

NOte also that you'll need to run IE from an Admin account for Windows Update. Wed, 09 Feb 2005 01:53:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? You gotta admit, Spybot S&D's Immunize feature is damn useful as an extra precaution against auto-installing activex btards. Wed, 09 Feb 2005 01:54:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? I hate to say it. I really do. But you can get much more secure in only FOUR steps:

1. Buy a Mac
2. Plug it in
3. Turn it on.
4. Have fun.

5. Wonder where all your software is. Wed, 09 Feb 2005 01:55:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? This is very good. But the average user would never be able to do most of this! I spent an hour on the phone the other night because my friend turned on the internet connection firewall in XP and knocked her self off the internet! Then Comcrap (Comcast) her ISP told her that she could not use ICF with her cable connection! Yes she should have a router between her PC and her modem. Problem is that if there is the slightest problem with the router her ISP will not giver her any support on that. They will tell her to get rid of it and plug her PC right into the modem!

The other thing I have to laugh at is people who say windows is secure. Yet thos people who say it's secure are the same people who tell you to take your windows apart (Ger rid of or don't use IE, or Outlook exspress, change reg settings, install this third party app and that thir party app etc) Before you know it you are using simi Windows! LOL!

Also if you look at Linux desktop distros (Those put together for the desktop) like Xandros, Linspire, Lycoris etc, I have YET to hear of any one using one of those distros (Me being a Xandros 2.5 user since 2.0 and 2.5 came out) being hacked. It's possible that it's happened to someone but even after doing a search of Linux sites I have yet to find someone who can say for sure it's happened to them!

Yes other distros that people are using on the desktop but yet still have server related services running, maybe no built in firewall on by default (Which all the Linux desktop distros I mentioned about have at least a basic firewall by default) Maybe services etc running as root etc. I exspect that they may get hacked. I am sorry but out of the box Windows XP sp2 is not secure! You have to spend time making it secure! I don't have to worry about that on my Xandros machine because the apps you have to install to make Windows secure like firefox or mozilla etc are already there!

Boy I would be PISSED if I turned on my Mac and had to spend 30 minutes to an hour (Not including patching the OS etc) just to get it to a point where I will feel simi safe!

My question is can someone show me how to make Windows useable and very secure without using 3rd party apps? (As if there were no Firefox or Mozilla or Zone Alarm etc. Just using Windows it's self and only Microsoft tools! And software! Now that would be an article!) Wed, 09 Feb 2005 01:56:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Sure, windows can survive an internet session conducted by a knowledgeable user. But I'd not call a computing environment anywhere near secure unless it can survive usage by my 10 year old, or my guests, friends, or wife. As stated in rule#1, that's difficult to impossible.

Well, my 60 year old mother (who is about as technophobic as you can get) manages to do it ok, and I live 2000km away, so it's not like I'm there holding her hand every time she dials up.

Sorry, but it would take -big- changes to convince me that Windows is anything like secure.

Follow the same habits on Windows as you do on Linux and it's just as secure. Wed, 09 Feb 2005 01:57:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Darius,

If you get nailed by something that shuts off services, you will have issues. If you put ACLs on the services, it makes it that much harder.

I have seen spyware/adware/virii that shuts off services.

And yes, I can automate downloading those applications when reinstalling Windows.

BTW, Darius, let me plug XPLizer here for another way to automate shutting off Windows "features" such as SMB and CIFS: http://theinsider.deep-ice.com/

I also use that tool for my own XP Pro workstation .

Mitch Wed, 09 Feb 2005 02:27:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Spend $30 on a router. Download a firewall, antivirus, an alternative browser, and all the critical updates.

Sounds like he contradicted himself from the start. Wed, 09 Feb 2005 02:52:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Computer Associates and MS are giving Etrust EZ Armor away for free:

pick your spot to get it:

http://my-etrust.com/microsoft

http://store.ca.com/dr/v2/ec_main.entry25?page=pyocantiarmor&cl...

http://www.microsoft.com/windows/partnerpack/

http://www.microsoft.com/windowsxp/downloads/updates/sp2/antivirus/...
(other vendors on there have 90 and 180 day free versions as well)

Its solid, gets great reviews, scores well on third party tests, is fast, and has a smaller footprint over my old standby, Norton. Wed, 09 Feb 2005 03:16:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Microsoft to me screwed up by leaving every port open as default. Out of the box it should have every port closed and the firewall should always been on. The thing I never liked about Windows it's unstable, even XP. I been using Xandros 3 Deluxe and this is what Windows should of been long ago. So far since I had Linux for two months it hasn't crashed yet. I couldn't say that for Microsoft. Tyrone Miles you should get Xandros 3 Deluxe. It so much better than v2 because of the newer kernel. It seems more snappier. Wed, 09 Feb 2005 03:21:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? What a bunch of crap!

Most people run windows as admin, which should be what people do

Would you login to linux as root for everything? No.. typically in linux/unix you setup another regular user to use and then su to root when you need more rights to install software.

The same is or should also true for windows, although nobody follows it because there's not a lot of applications that are certified for the version of the operating system so that they make use of all of features so not all of them work under a power user or non-admin account.

Although, if you use apps that are certified for Windows 2000 or XP then you should be able to login as a regular user, this would reduce what you have rights to which in turn would stop a lot of these stupid viruses, or spyware that's out there.. Wed, 09 Feb 2005 03:22:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? 5. Wonder where all your software is.

My guess, you dont own a Mac. The only software that is 'missing' is the software to protect your PC from spyware & viruses. And even that, Norton MAKES antivirus for the Mac... Do you know what it does all day on the Mac? FILTERS WINDOWS VIRUSES.

It's just funny that the top most downloaded applications for Windows is Virus scanners, Spyware/Adware removers & P2P applications. Oh what fun I am missing using a Mac. Wed, 09 Feb 2005 03:22:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? My question is can someone show me how to make Windows useable and very secure without using 3rd party apps?

(As if there were no Firefox or Mozilla or Zone Alarm etc. Just using Windows it's self and only Microsoft tools! And software! Now that would be an article!) Wed, 09 Feb 2005 03:28:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? That was an intelligent, useful, and to-the-point article. You should write more of them, if you have the time.

I may start referring the students at my workplace to it; it would probably make their lives (and mine) easier. As much as I'd like to stick Ubuntu CDs in their hands and tell them to install that, it's just not going to happen. Wed, 09 Feb 2005 04:26:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? If you get nailed by something that shuts off services, you will have issues. If you put ACLs on the services, it makes it that much harder.
I have seen spyware/adware/virii that shuts off services.

That's my point though - if you follow the guidelines set forth in this article, how are you going to get spyware on your system to begin with?
Basically, my whole approach to this would be like locking the front door of your house when you go somewhere. Your approach is like locking the front door, installing a state-of-the-art security system, hiring a couple of goons to camp out in your front yard, and having the police patrol your street several times a day Sure, my way isn't as secure as yours, but assuming the neither of us are having our houses broken into, you're doing a lot more work than me, unless your way allows you to run without firewalls and anti-virus, in which case I would say your method is like leaving the house unlocked and then putting a guard dog inside Wed, 09 Feb 2005 04:37:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? For die hard IA32/64 users:
a) Get rid of any CDs having the microsoft logo on it.
b) Reboot the PC and insert any available Linux distribution CD.
c) Follow the on-screen guides to install the new operating system.

For people who want to explore other HW platforms:
a) Put your PC in a nice box.
b) Drive to your worst enemy house and leave the package outside his/her door.
c) While on the road visit the closest Apple store in your area.
d) Buy a Mac. Wed, 09 Feb 2005 04:40:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Darius,

Suppose Mozilla Firefox has a malicious XPI file loaded (and yes, I have seen this happen). The next thing you know, something's disabling the Symantec AV Services or Windows Firewall, and you've got issues.

Never assume any program is safe, or is not going to have issues because it's not Microsoft . A major difference between Firefox and IE is that many of the buffer overflows that affect IE affect components running in the LocalSystem context, while Mozilla's run on a slightly saner user context.

At least here, when the bad XPI tries to do its dirty deeds, it won't be able to carry them out.

Mitch Wed, 09 Feb 2005 05:11:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? This is a good article and should be useful to a few people. Windows does not have to be a security seive, you just have to take responsibility for yourself.

I do everything just about the same except for the hardware firewall. I have never had spyware and have had only one virus in the past two years (blaster - firewall down at the time). My isp scans email for viruses and blocks vulnerable ports too, which helps. Wed, 09 Feb 2005 05:15:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Suppose Mozilla Firefox has a malicious XPI file loaded (and yes, I have seen this happen). The next thing you know, something's disabling the Symantec AV Services or Windows Firewall, and you've got issues.

Well, I guess I'm fucked then cuz I don't have XP Pro

Seriously though, where are these malicious XPI files? I've heard they exist, but have never actually seen one. And for the moment, what are the chances that you're going to get hit with one of these out in the wild? And can XPI files install themselves automatically?
In my case, even if an XPI file got through, since I don't use Nav or Virusscan or the XP firewall, they'd have to look for several firewalls/virus scanners before they found the ones I was using.

As a previous article pointed out, it won't be long me thinks before I have to update this article again and tell everyone to avoid using Firefox too. At that point, I guess I'll be using Opera Wed, 09 Feb 2005 05:21:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Some interesting comments here.

I use Win2k, Linux and FreeBSD myself, and often help folks (convert a few too) on various setups.

The biggest problem is not the software at all...The problem is to do with the lack of education on systems or even some basic concepts. If you can teach a bar-girl some basic security, its one more knowledgable user.

Someone suggested buying a Mac, straight off the bat. Ok, there is a problem with that...What could that be?

Well, think about it. IF a no-clue Windows user just gave up his/her problematic setup and spent money on a brand new setup, he/she doesn't learn a single thing! They then become a no-clue Mac user. And if the Mac is been targeted by the "bad folks"? What then? Spend more money on another platform?

As you can see, this isn't solving a problem. Its throwing money at it (and running from a problem)...Money that needs not to be spent unless you need to. (I prefer to save money when I can, rather than spend it when I don't need to).

The lack of knowledge in combating spyware/malware/etc and basic network security is the key problem. IF this can be solved, you'll see that Windows users and their setups will be alot more resilent to security related issues.

Its really all about education. (The very things that both Microsoft and Apple fail to address...Why would they? Since the lack of knowledge is what really brings in the profits!)

Best example : Keep your system updated against security issues! If MS encouraged this basic concept a bit more, Blaster would have never happened. (ie : It was preventable as MS released a patch for it 2 weeks before it hit...The lack of widespread notices is what really elevated the situation to an international news level).

Overall, its a nice guide, Darius...Maybe we can refine it a bit further for folks who don't know how to do this and that. A "step by step guide for the non-techie folks" ?

Yeah, there is quite a large number of folks who still have no clue, and you have to sit patiently with them and tell them the basics...Basically, "teach them to fish"
(If they know how to solve their issues, they wouldn't need to spend money on another system!) Wed, 09 Feb 2005 05:39:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? 5. Wonder where all your software is.

The Applications folder. Duh Wed, 09 Feb 2005 05:39:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? "For XP users - install Service Pack 2 before going online: This is always recommended, even for non-XP users"

That's right all you non-XP users, make sure you download the XP service pack before doing anything else.....uh....

"A couple of other things to note about anti-virus programs - since most Linux users run a software firewall of some sort, this is really the only security-related program you'll have to run that Linux users don't!"

$500 to anyone who can make this quote make sense.

"Alright, so that's it. Now you've got a secure box"

These rules don't keep blaster-type infections away, unless I'm missing something. Wed, 09 Feb 2005 05:53:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? "what if i'm still a dial-up user? do i need a router with a modem in it to protect me from the outside world?"

No, just put a NIC in the windows machine, hook it up to a linux machine with a NIC and iptables firewall, and hook the modem up to that

Damned if I've ever seen a hardware firewall/dialup modem in one - altho perhaps that's just because I haven't been looking for one. Wed, 09 Feb 2005 05:55:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? 1. Why? Is this anything more than an academic exercise? ("Can an MS-only system be secure? Discuss!")

2. MS doesn't make one of every kind of software. For example, they don't make any P2P software and they don't make a multi-protocol instant messenger. How many people does *that* leave out in the cold (Hint: every Kaaza user)? In other words, your average system can't do what it's owner wants with just MS software... so who cares if it can be secured? Wed, 09 Feb 2005 06:04:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? "Recently the NSA released a "Mac OS X security guide", explaining how to ensure security from install to config and daily use. Maybe it would be time for the "power users" to write such a guide for Windows XP."

They haven't got the manpower to write that book - not in less than a decade, anyhow Wed, 09 Feb 2005 06:16:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? A decent article but it clearly misses the point of it. The truth is windows is not secure at all and to make it secure you need to patch it endlessly with third party software and more bloat-ware to get the job done. The author says "dont use IE", isnt that part of the operating system? So what he is saying is dont use the stuff thats broken in it pay $399 for a bunch of patches and dont use some of the features since there bad. Does this make sense at all? All I kept seeing in the article was the word, "download" and dont click on. This is not a computing experience its a work around for problems that shouldnt exist. I dont have those problems with my Mac or my Linux box. I do Apt-Gets and im done or my Mac has one update system thats it, i have a firewall and anti-virus just in case, I never have an issue. Most people who have two computers run a router anyway so thats mostly out of the way. I guess what im trying to say is, a windows machine costs me alot of patience and for the money we pay for it and the money Microsoft makes these things should be under control. When making any changes in Windows it never asks for a password. A simple design like that makes alot of difference. I feel very bad for the people that dont know anything about computers. The Mac mini is looking better everyday. Its a good tip chart for those who want to travel that path, but dont tell the myth about Windows is safe, cuz thats like saying no one breaks into an unlocked car. Wed, 09 Feb 2005 06:26:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? "Recently the NSA released a "Mac OS X security guide", explaining how to ensure security from install to config and daily use. Maybe it would be time for the "power users" to write such a guide for Windows XP."

They haven't got the manpower to write that book - not in less than a decade, anyhow

http://www.nsa.gov/snac/os/winxp/winxp.pdf Wed, 09 Feb 2005 06:42:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? It appears that you miss the point. Although the author put a great effort to write this guide (which I respect that), the point is that computers are made to make our lives easier. I personally like to spend time on my computer doing something productive rather than chasing any kind malware. Operating systems such as Mac OS X and UNIX/Linux achieve that to some degree, and it's not due to not being popular OSes it is clearly the way they are designed.
I work for a fortune 100 company, and our environment consists of UNIX and Windows. I am the UNIX admin and I spent most time improving my systems and not have to worry about virus and spyware. The windows admins are always stressed to make sure that no malware will penetrate our systems and create havoc on user desktops.
Anyway you see it (TCO, user experience) Microsoft fails to deliver a secure platform and the best way (I see it) is either to demand better quality software (already done by major Microsoft customers) or move to other more secure platforms.
Trust me with Mac OS X and UNIX you do not have to be a CISSP to have a secure/worry free environment. Wed, 09 Feb 2005 06:52:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Awesome guide Darius. So, it wasn't perfect, who really cares? It hit on the major points of windows' out of the box lack of security and how to plug it up. For those throwing cheapshots or who keep nitpicking at some of his wording - write your own and/or stay with the alternative and STFU. I think praise and thanks are in order for the time and effort he put into this and we should provide hints and tips to make it even better. So, good job Darius and thanks.

I pretty much have been following several of your rules and a couple of my own for a long time using XP and running with admin priveledges and I have seen nary trouble in doing so. Get a mac if you want. I have no need for one. Wed, 09 Feb 2005 07:01:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? I hate to say it. I really do. But you can get much more secure in only FOUR steps:

1. Buy a Mac
2. Plug it in
3. Turn it on.
4. Have fun.

5. Wonder where all your software is.

6. Install Adobe Photoshop, InDesign etc., Macromedia Flash , Dreamweaver etc., Microsoft Office 2004, WMP 9 for Mac, Mathematica, Norton Antivirus (if you are really paranoid)...

7. Install Virtual PC for Mac Wed, 09 Feb 2005 07:24:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? My guess, you dont own a Mac.

Alas, you'd be wrong. Although my poor little iBOok is in the shop at the moment having its modem replaced, it is nevertheless mine.

The only software that is 'missing' is the software to protect your PC from spyware & viruses.

And games.

And, of course, anyone who has just thrown their PC out and bought a Mac (as suggested) isn't going to have much luck running their collection of Windows software on that Mac, are they ? Wed, 09 Feb 2005 08:01:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? And games.

Lol. drsmithy, remember that mac gaming parody that can out a long while back? I think it was drunkgamers that did that one. Hilarious. Sorry for being off-topic, but I couldn't help but think about that one. Wed, 09 Feb 2005 08:12:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? I've not been so frightened by an article for such a long time. I know virus/worms/spyware/DRM/Big Brother have been around for a long time. But that article was frightenting. Most of this stuff is relatively new(Quantity), and I've been in computing a long time.

I hated the article for what it represented to me as a knowlegeable computer user. Download Critical updates, Free avti virus software. I could weep.

This is not simple. Just simplified. For the first time I can see microsoft making a killing on anti-virus/spyware removing software. An absolute killing. Because I'm frightened now, and I know who I want to run to.

I'm an awful computer person. I gave my mum a second hand microsoft machine. No Firewall/ Windows 98(second edition thats one that requires no activation key) with some version of internet explorer in it. I doubt any critical anything has been fitted on it in since she got it over 2 years ago. The russian mafia probabably has her credit card details. The Leprecauns are probably using her machine as some sort of zombie sending penis enlarging adverts to housewifes accross the nation.

The only thing. I really taught her(apart from the on button and the blue E, and dribs and drabs of word/excel) was how to got download.com and download the most popular of whatever she wanted and make sure its free not shareware and off you go(bless her she's still searching for the holy grail of a typing tutor).

My mum loves her machine she thinks its great its an old dell running at 300 its almost too old. She's done a stack of courses. Did one on scanning of all things the other week. I was very proud(ok maybe a little sneering to myself)

But I taught my mum not to be afraid. I taught her how to have fun on her computer. And as for securety well she saves stuff to floppy disk, and I think thats almost the perfect backup.

I'd like to see an article once that says don't give a monkeys. Virus/Worms/Spyware/Adware/Privacy sod it the people who write these things are clever than me. Lets use this thing until it completely breaks and buy another. It was only £200 and next month they will be twice as fast. Have lots of newfangled thingy's. Just make sure your data that the important stuff not your music/pron/games but your cv/the e-mail you got from mom with the picture of your new brother on the IMPORTANT stuff that doesn't date and you can't replace it will probably fit on a CD or probably a floppy.

Anyone who thinks this is unsafe computing your damn right there will be concequnces. I'm not saying don't proect your machine. I'm saying if it doesn't fit on a fag packet. Its just another scary article. By another expert of XXXXX for XXX years.

Microsoft/Apple/Linus should hang your heads in shame(for many reasons). A Novice is often a novice for years. I think I'm getting too old to learn new tricks, and am pleased that I lived through a time when computing held only the fear of the new not of bogeymen. Wed, 09 Feb 2005 08:35:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Applications on MAC...are you kidding...LOL Wed, 09 Feb 2005 09:05:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Nice article Darius. I like the way it was written in very plain English.

To be totally honest with you, that article does not belong on a site like this, you should have printed it and sent copies of to all the newspapers and general magazines that you knew of.

It is simple to read articles like that which should be sent to all "JOE USERS" who use unprotected Windows machines and click everything. Wed, 09 Feb 2005 09:13:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Fairdinkum, this is one of the best articles i have read on OS News, so far.

Thanks, Darius Wed, 09 Feb 2005 09:25:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? You can get a fast v.92 dialup modem-router from Actiontec Electronics http://actiontec.com/products/broadband/dual_pcmodem/features.php, that is called a Dual PC Modem. It has a NAT/firewall and runs on embedded Linux. It works with Windows, Linux or Macs too. Wed, 09 Feb 2005 09:54:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Q. What about not running as Administrator?
A. I have found that some programs don't respond well to this, and it is generally a
pain in the arse to pull off. Plus, I have never found it necessary, as I have always
run as Administrator with no problems thus far.

You ran critical apps on the UNIXES as root too ?
For windows it's easy to make a batch script which lets you set the nasty executable
setuidroot.All the user has to do is click the shortcut and off he/she goes.I would
only recommend this on non-production and home systems though.Only supported on
Windows XP Professional.

examples:

(1)running mmc in the admin context from cmd ;

runas /usr:admin "mmc d:windowssystem32compmgmt.msc

the same one with saving the admin credentials so the next time you don't have to give
them anymore;

runas /usr:admin /savecred "mmc d:windowssystem32compmgmt.msc

(2)running a batch-file with admin credentials on some desktop;

runas /user:admin "cmd /k "CDocuments and SettingsUserDesktopBatch.bat""

(within the batch could be: another runas for the same or different platform or
subnet/domain, runas /user:Admin /savecred "cmd /c net localgroup Administrators User
/add && net localgroup User /delete..)

note:doing it remotely is is practically the same procedure
,with a few other things.

(3)runas /user:admin /savecred {explorer/regedt32.exe/tlntsvr....}

Or to give some world understandable example: NERO burningrom;

You have to run it as admin or right-click + runas
it all the time, which is pretty boring if you burn a lot of iso's like many of us do.

Place an empty file on your desktop and name it whatever.bat
(This is the "beauty" of windows,nearly every file can be an executable within an
executable,within a.... deleting some file extensions wouldn't do much good since you
never know for 100% if you have covered them all,besides every time you install new
apps severall new ones are added,some you can't stop because they have to be present
for system cause)

(You don't have to chmod +x (UNIX) every file in order to make it executable,the file
extension alone makes it executable in essence,however acl's can prohibit for some to
actually execute it,but still it is a executable file.

put this into the whatever.bat file:

-----------------------------------------
runas /user:Admin /savecred "cmd /k "C:path_to_nero.exe"
-----------------------------------------

change the *.bat icon to the nero.exe icon and you have made your own windows
setuidroot exe.

The first time you are asked of course to give the correct credentials.The second
time you double click the shortcut NERO burningrom will start as if lauched directly
from root.

This is pretty much where this nero burning-rights patch from AHEAD is all about.

As said this only works with XP-professional



TIP:Simple way to get rid of spyware as in procaution is better than healing.

Goto
http://www.heise.de/ct/ftp/result.xhtml?url=/ct/ftp/04/15/110/defau...

Download kafu.exe, this neat tool sets some registry entries non-writable for all non-root accounts.Give a limited user account temporary admin-rights,logon as the temporary admin and execute the kafu.exe from cmd prompt.Logout,and set the credentials back to limited user.Next time you login again a lot of registry entries(autorun,startup (think spyware) don't allow write access for users without admin credentials.


Every tool that works is fine,no load no bloat.


Have fun Wed, 09 Feb 2005 10:02:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? "say i just purchased Windows XP Pro from a reputable retailer who charges MSRP. it cost me $299. now you're telling me i have to buy a $30 hardware add on to protect myself on top of it?

what if i'm still a dial-up user? do i need a router with a modem in it to protect me from the outside world?

if you require a piece of hardware between your OS and the internet, your OS probably isn't ready for the internet."

Well, Microsoft engineers recommend the installation of a hardware firewall as well. This is in the user documentation for MS Windows. In the words of MS Engineers at a conference, "Windows is not designed to be directly connected to the internet without some type of hardware firewall." That about sums it up right there. Wed, 09 Feb 2005 10:21:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? I was expecting something new in this article, but it contains just the usual stuff. And I have to object to some of these tips.

I use Windows for about 10 years, and I have had a virus only once, and that was when the whole internet-virus thing just started. I simply didn't know that there were such things like E-Mail viruses, but thiat way I learnt my part.

I do not use a virus scanner, I do not use an additional software firewall, and I switched over from Internet Explorer to Firefox just recently, but I still use Outlook express.

So how do I keep my computer clean? I simply rely on two things: My hardware firewall/router and - most important - my brain. I do not open emails with attachments which do have suspiscious names, I tell all people not to send me all these funny (not!) power-point slides, as they get deleted immediately. These people have learnt nothing. I do not download and install every program that is advertised on the net in banners. I do not click "OK" on every message box that opens. I do not use file-sharing programs and I do not install cracked software.

The big advantage of my approach is that my system isn't bloated by firewalls that turn out to be attackable themselves, by anti-virus software that slows down the whole computer as if there was some spy-ware installed.

It is really as simple as that: a hardware firewall and your common sense.

Especially missing the later will result in a virus sooner or later, even with the best protection.

Kaya Wed, 09 Feb 2005 10:22:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? ...and I am not logged in with administration privilges, my account even does not have the so called "power user" rights, I am always logged in as an ordinary user. The only exception is for installing/updating software and for some games (which are often written without having in mind the possibility of different user accounts).

But people surfing the internet with the administration priviliges, they shouldn't be surprised that they might run into problems. And yes, it *does* make sense to have at least two accounts even on a private computer: One for normal usage and one for administration.

It is all about education, and I see Microsoft failing here, especially in teaching people and software developers to support and make use of different accounts and privileges.

Kaya Wed, 09 Feb 2005 10:29:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? "say i just purchased Windows XP Pro from a reputable retailer who charges MSRP. it cost me $299. now you're telling me i have to buy a $30 hardware add on to protect myself on top of it?

If you are the kind of guy who will pay that much money for a copy of XP then I suggest looking at nothing under $100 when it comes to a router. I mean why not be a sucker 2 times in a row ?"

Well, if you get your software like most of us, that is the cost of it. Windows XP Pro costs $299.99 US at CompUSA and other retailers. So I guess there are millions that pay that kind of price since that is what it costs. Wed, 09 Feb 2005 10:34:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? For windows it's easy to make a batch script which lets you set the nasty executable setuidroot.

Note that, technically, "Run As" (with saved credentials) is *not* the same as SUID.

Or to give some world understandable example: NERO burningrom;

[...]

put this into the whatever.bat file:

-----------------------------------------
runas /user:Admin /savecred "cmd /k "C:path_to_nero.exe"
-----------------------------------------

This is superfluous. ALl you really need is a shortcut with a "target" like (copied from mine):

C:WINDOWSsystem32runas.exe /user:Administrator /noprofile /savecred "C:Program FilesAheadNeronero.exe"

No need for the extra batch file to add an additional layer of obfuscation. Wed, 09 Feb 2005 10:55:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? [i]No need for the extra batch file to add an additional layer of obfuscation.['i]

Not at all my intention to obfuscate.Though some might feel more at home in the ZDNET and friends area.It was and still remains my intention to push the envelope a little. Wed, 09 Feb 2005 11:59:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? 1st) the thread is not about Macintosh software or applications or anything like that; I'd suggest that we forget about that slice of the discussion. Those who say that Macintosh platform has no software have no idea or found no useful application. The same could be said for *nix.

2nd) Runing MS-Windows as a non admin is sometimes really difficult. If you're running remote debuggers, .NET, Visual Studio Enterprise Arquitect (not Plain VS) and some other developing tools, being non-admin is really annoying sometimes. Obviously there's got to be a way, by using shorcuts and runas commands to make it work, but I assume that if you have the knowledge to have that specific Developing Scenario, you have the knowledge to maintain your Operating System and working environmnent fairly secure.

3rd) As somebody suggested, StartupMonitor is a must. It's free and uses little to no Ram memory nor CPU. (http://www.mlin.net/StartupMonitor.shtml).

4th) I have XP Professional and I don't use SP2 because I am behind an OpenBSD Box. Despite that, I have managed to keep my box out of virus and spyware by using Opera (and Firefox) and not using Outlooks of any kind. This guide is good, as it points many interesting problems. I would, however (for improved performance and OS stability) recommend that many users check http://www.blackviper.com/ as it has a very good list of services and what could and should be turned off/manual/automatic depending upon your knowledge or needs.

I check the list from time to time (and make some personal adjustements according to my requisites).

Whether OS X, Linux, Unix or Windows are secure, that depends, as someone said, of the user and his/her ability to recognize potential threats; power users could get caught too, but that's more unlikely to happen. Of course the OS helps, Windows is more prone to be ´damaged´ by default, that's true, but sometimes, some of us (who own a Mac) do NEED to use Windows. Tell me where can I find my Visual Studio Arquitect Edition for Mac and I'd be happy to throw my Windows Dual Headed box and its games to the thrashcan. No, using mono is not an option. No using BBEdit and compiling in windows is not an option. So you see, Windows is a must sometimes. The secret lies in making it usable to the point where you don't mind weather you're under win or xxx. (Except you might miss Exposé)

Good article, congratulations. Wed, 09 Feb 2005 12:00:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? The secret lies in making it usable to the point where you don't mind weather you're under win or xxx. (Except you might miss Exposé)

Sometimes it costs more than you gain from it. :-) Wed, 09 Feb 2005 12:28:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? [i]but I assume that if you have the knowledge to have that specific Developing Scenario, you have the knowledge to maintain your Operating System and working environmnent fairly secure.[i/]

Just don't connect (directly) the dev PC to the net unless you realy have to. Wed, 09 Feb 2005 12:31:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? every spyware, worm or virus at the end boils down to some msdos .exe file so detecting newly downloaded exe files is key to pc security; question:
"where can i find a utility software that finds new exe files in my pc ?"
thanks Wed, 09 Feb 2005 13:36:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Nice article Darius. I like the way it was written in very plain English.
To be totally honest with you, that article does not belong on a site like this, you should have printed it and sent copies of to all the newspapers and general magazines that you knew of.

If it is simple to read, why shouldn't it be on this site? Why shouldn't every article be simple to read? Just because you're writing something of a technical nature doesn't mean it has to be complicated.
But anwyay, it is a simple article because this is really simple stuff. And I see people in the Comments section throwing up 'runas' commands and other such things, trying to make the shit more complicated than it needs to be. Wed, 09 Feb 2005 13:55:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? MS provides service pack 2 on cd for free and also provides free phone support on its installation (even if you have an oem version of Windows):

http://www.microsoft.com/athome/security/protect/windowsxp/choose.m...

"If you are having problems with your computer after installing Windows XP SP2, please visit our online support center. You can also call (888) SP2HELP or (888) 772-4357"

Get the cd mailed to you at no cost:

http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en...

"Please print this order confirmation, and keep it for your records. Your CD should arrive in 4 - 6 weeks. In the meantime, register with Microsoft to be contacted about important security, product, event and other information.
We will send an e-mail confirmation of your order to you shortly.

Order Number: Order Date: Pay Method:
01176394346721 2/9/2005 No Charge

My Basket

Part Number Qty. Product Name Price Item Total
E85-03147 1 Windows XP Professional SP2 English NA Patch CD Web Only Pro/Home $0.00 $0.00

SubTotal: $0.00
Shipping and Handling: $0.00

Estimated Tax: $0.00
Total: $0.00 (USD)"

And finally, stay abreast of security issues via an email alert system from MS (in addition to using automatic updates): http://www.microsoft.com/security/bulletins/alerts.mspx Wed, 09 Feb 2005 15:00:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? don't have your account running as local admin!!!!!!!

any unix/linux hell even Mac person can tell you that.

if you only had to do one thing to make windows more secure that would be the step to take.

ridiculous it's not mentioned in the article... Wed, 09 Feb 2005 15:26:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Good guide in general, although I think a couple things are a bit overboard, e.g. the hardware firewall (which is also a bit impractical for laptop users). Even the AV is a little bit redundant if the system is otherwise secure.

I usually like Linux better. I was much happier with a Slackware Linux box. But Windows runs some apps I like, and runs this cheapass wireless card I'm too cheap to replace.

I don't like SP2. It's more idiot proof, but also more admin proof, I've discovered. It took me hours to turn off all the warnings about firewalls and AV software. I'm running ZoneAlarm for both. I know I'll get flamed for this, but I haven't noticed any improvement between SP1 & 2.

Oh, and if you're running a firewall that lets you control which programs are allowed to use the net, make IE ask permission every time.

One obvious thing for W2K users - make sure the admin has a password. I was surprised to find out that people don't do this, but apparently, some don't. Wed, 09 Feb 2005 15:39:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? don't have your account running as local admin!!!!!!!
any unix/linux hell even Mac person can tell you that.
if you only had to do one thing to make windows more secure that would be the step to take.
ridiculous it's not mentioned in the article..

And still the comments keep coming, insisting that you need to run as non-admin, many saying so because of their background in Unix/Linux. But let me tell you this ...
When a Windows users switches to *nix for the first time and starts trying to operate it like it was a Windows box (eg - trying to install apps by looking for a setup.exe file they can double-click on), the first thing they are told is that *nix is different than Windows, and therefore you should stop trying to treat it like a Windows box.
Well, same thing applies here. People swear up and down that just because this is the way things are done in *nix, then it MUST be done that way in Windows too. These are the same people who get pissed and think that you can't do much to improve the performance in Windows because you can't recompile the kernel.
And anyway, for every day desktop use, what happens in Linux when you're doing something that requires root privileges? From my experience, you get a dialog box asking for the root password. And after about the 20th time I got asked for the password, I just started typing it in without even thinking about it. God forbid a trojan or something were to ask for the password, because I would most certainly type it in as a force of habit. So really, it seems to me that the password dialog box is the only thing seperating you from chaos anyway. Basically, no matter what OS you're using, you need the ability to install applications. And if you have the ability to install applications, you also have the ability to install spyware. Wed, 09 Feb 2005 16:01:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? When a Windows users switches to *nix for the first time and starts trying to operate it like it was a Windows box (eg - trying to install apps by looking for a setup.exe file they can double-click on), the first thing they are told is that *nix is different than Windows, and therefore you should stop trying to treat it like a Windows box.
Well, same thing applies here. People swear up and down that just because this is the way things are done in *nix, then it MUST be done that way in Windows too.

Running things in general as root has absolutely nothing to do with religion although it would be a general healthy one not to run as much as possible as root.Please don't feel offended when people try to correct your security awareness regarding certain issues which are commonly accepted as defacto standard in the whole security community,yes that includes windows as well,instead embrace it.On every OS system it's wise to run things with root credentials only when you realy realy have to,and than runas,sudo will be preferred above than logged in as root directly.Otherwise a nice and interesting article,maybe not for the average OSnews reader but still.It's a generally heathy habit to not run thing as root as much as possible regardless whatever OS you are running Wed, 09 Feb 2005 16:16:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Virtually impossible for normal windows desktop use. I am not a windows desktop wizard and don't claim to be, but I wonder how many of these folks professing users not to run as root or with admin priveledges really actually use windows. Running without admin priveledges and trying to get things done on a daily basis in windows is a friggin headache for someone who wants to be productive. I have tried it, and found that it was a hassle to install apps and even run a few without actually logging back in as admin even after being prompted for root password. My windows box has been running root and functioning fine. I think it's important to remember that Windows is different than *nix, so stop treating it like *nix, and the same goes for *nix. Wed, 09 Feb 2005 16:42:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? and games

Gaming consoles provide more than enough games to keep a person busy thier entire life. The new gen gaming console like th playstation 3 and xbox 2 will handily trounce the highest end PC in player experience.

Not a very good reason to stick to windows IMO.

And, of course, anyone who has just thrown their PC out and bought a Mac (as suggested) isn't going to have much luck running their collection of Windows software on that Mac, are they ?

Virtual PC anyone? First most users use what came bundled with their PCs so the transition isn't particularly hard.

I have never bought a windows App that I needed on a Mac, I just found a suitable replacement. Wed, 09 Feb 2005 16:46:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? The new gen gaming console like th playstation 3 and xbox 2 will handily trounce the highest end PC in player experience.

You mean in breathtaking 3D graphics and medicore gameplay? At least on a PC, you have the whole 'indie' scene going on, games that are written and played by people who don't judge the value of a game based on its polygon count. More than likely, the games that will be made for the PS3 and Xbox2 will be the same games we've been playing since the mid-80's ... only with prettier graphics. IMHO, I've played $10 shareware games that are more fun to play than just about anything released on the current generation of consoles. Wed, 09 Feb 2005 16:59:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Gaming consoles provide more than enough games to keep a person busy thier entire life. The new gen gaming console like th playstation 3 and xbox 2 will handily trounce the highest end PC in player experience.

Not a very good reason to stick to windows IMO.

Actually, a VERY good reason to stick to windows IMHO.

Half-Life 2, Doom 3, Far Cry, etc, etc. A bevy of FPS shooters and RTS games are one of the main gaming reasons I stick with windows. Usually those games get PORTED to the consoles, with exceptions like Halo, etc. and then the ported experience very often is not up to par with their PC originals (keyboard mouse control, high resolution visuals, graphical fortitude). So no, the new gen consoles will not trounce the PC when they come out, because most likely the PC will twice as powerful as they are now once they do, and the consoles will still most likely be behind in graphical hardware. Plus, I have too many toys as it is. Wed, 09 Feb 2005 17:04:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? I have made the switch six months ago.
Before: I used DOS, OS/2 and Windows (one way or another, every single version i've known). When I mean used I am saying that it was actually used every day for every task. (OS/2 was cool!) and for more than "a couple of weeks". Heck I've used OS/2 2.x, 3.0 Warp and 4.0 Merlin for more than three years. (Used to work at IBM).

Now I have brough a Macintosh (Powerbook 15''). I have used linux on the desktop, but the use was merely an ´attempt´. OpenBSD and some linux (for Lotus Domino Servers) are on my servers.

I haven't found a piece of software missing (I am not talking about games) on the Macintosh.

Well, to be honest, there are two.

1) Visual Studio .NET: weather you like .NET or not, if you have to do it, Visual Studio rocks (and sucks at the same time in some other things). But the editor and tools are really productive if you get used to them. I've tried weird things on the Mac, because I'd love to code on the mac and compile on the PC, thus discarding VS. But the ' good ' editors for mac, are either not .NET aware or offer only syntax highlighting for c#, which is not always enough with big projects where you simply can't remember deep levels of namespaces and class paths, etc.; if you COULD even do that, then there's Windows.Forms designer which, despite all its crap when there are a lot of controls, it's simply the ´only choice´ to "draw" forms with .NET and Windows.Forms. (SharpDevelop, which is good, is not as good and doesn't work on a Macintosh). So drawing complex windows forms is a no-no situation on anything but VS.NET...

2) I am a big fan of Total Comander for Windows. I know almost every shortcut, I have my colors, my FTP Sites, everything. If you get used to it (something it may take time if you are not used) it's really more productive than dragging and dropping between multiple windows or explorer, etc.
I've found a few clones for Macintosh (muCommander for example) but either they lack more than half of TotalComander functionality or they are slow (like muCommander). The shortcuts would be another problem...

So, all in all, Macintosh plataform does NOT lack software of any kind! you can do everything you do with your Windows box!

If not, it's time to ask, What do you use your computer for? (if you say MS-Access, you deserve a good and old IRC style /KICK )

There is something to be mentioned tho, a lot of GOOD OS X software is Shareware (a lot != all). Which means you'll have to pay if you love applications. The good thing is, many of them are worth.

But this have nothing to do with the article, so to help a little bit, I disagree with darius (the author) when he says that running as non-root is not "neccesary nor needed" (or something like that). But on the other hand, those who have tried (I know three people who did try, plus me) have failed. Maybe it's just a matter of getting used to it and find workarounds (but you have to find workarounds all the time!). To make it simple, ignore the fact that it is better or worse; because either one or the other, Windows is simply not conceived for it from the ground up. It's constantly being ´patched´ to allow it and maybe Longhorn will enforce that; in the mean time, unless you've got some good XPerience, you'll find annoying popups and dialogs.

* final note regarding Mac games: I play these games. Jedi Knight Academy (available), NeverWinter nights (available) and Warcraft II/ Starcraft (thanks to blizzard, available too on the SAME Windows CD I brought years ago). (For those starcraft fanboys, there's a new MacOS X installer for starcraft).
And I am planning to buy World of Warcraft (Available Too) as soon as it's released in Europe. (In a few days I presume). So, you see, there ARE some games... Wed, 09 Feb 2005 17:20:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? So, you see, there ARE some games...

lol, no ones saying there aren't any games for the mac, there are, just not as many and the selection is light years behind that of the windows crowd. Wed, 09 Feb 2005 17:24:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? As Janeiro said, "why should you have to go buy a piece of hardward?" Routers/firewalls are just specialized computers that do nothing but deal with data packets. A properly set up computer can do that and run applications that you want to use. With a *nix flavor you can set this stuff ahead of time and then hook to the internet without extra hardware. With Windows you cannot. At least not without a much higher level of vulnerability. Wed, 09 Feb 2005 17:36:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? well, it seems like microsoft disagrees with you. we've seen them moving towards a multiuser system since nt. sp2 (whose purpose was a massive security overhaul) broke the old windows single user behavior that was used by older apps. newer nt operating systems use something real similar to SELinux, which is along the lines of security policies rather then root. but regardless, it is definately not the single user mentality.

not trying to troll here, if im just missing something let me know. my guess is that longhorn will be alot more "unixy" then xp. Wed, 09 Feb 2005 17:48:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? You're right, nobody said there weren't games for the Macintosh plataform; the lights behind (or ahead from a Windows' user) is kind of true. But that depends. If you want to get your work done or play computer games.

I do both. That's why my 2nd box is ´made of Windows´; but when you need to the your work done efficiently and with a very professional look, I'd choose my OS X and it's ´non-existant´ applications. Wed, 09 Feb 2005 17:51:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? "if you require a piece of hardware between your OS and the internet, your OS probably isn't ready for the internet. "

So far I have not found an OS that I would not use a router to connect to the internet with. I guess that means that there aren't any OS's that are internet ready? Call me paranoid, but I do not connect without one.

I actually enjoyed the article. I don't use Windows anymore, but I also know that my OS does not work best for everyone. As the author stated, he needed to use tools that had no good equivalent on the other OS's.

Bill Wed, 09 Feb 2005 17:55:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? So, all in all, Macintosh plataform does NOT lack software of any kind! you can do everything you do with your Windows box!

Just for starters, I sometimes I work from home by logging into a company intranet that only works on the Windows version of Internet Explorer, as it makes extensive use of ActiveX controls. Whether this is a good thing or a bad thing is not the point. The point is if I buy a Mac and ditch my Windows machine, I can't work from home anymore unless I get Virtual PC, but that kind of defeats the point, doesn't it?

(mattb)
not trying to troll here, if im just missing something let me know. my guess is that longhorn will be alot more "unixy" then xp.

You're missing something. I've been running the way I described in the article for years now, and following the guidelines, the number of times I've been hacked/infected has been 0. Though I would agree with anyone who says that in GENERAL runnnig as a regular user is better than running as root/admin whenever possible, but in the case of Windows, it's a matter of convienence vs safety, and convience wins out here.

(To everyone else ...)
Many of you have talked about how much better the security is on other platforms - you are REALLY stating the obvious. But sometimes, a person doesn't get to dictate the platform he/she uses, especially if our jobs depend on it. We have to learn to deal with that platform and work around its limitations, which is what we do. Linux users especially do the same thing, just in different areas.
I'm sure many of you would get annoyed if somebody posted an article explaining how to set up fonts properly in distro x, and then somebody like me came along and said "Hey, but Windows does this out of the box!!" Yeah, so what? That mean you're going to drop your distro of choice and switch to Windows just because of that? Come on, people ... THINK before you post!! You don't think Windows users who read this site don't KNOW that security is better on other platforms? Who exactly are you trying to impress with your profound wisdom? Wed, 09 Feb 2005 17:58:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? when it comes down to it, security and convenience will alwas be a tradeoff. as it stands, i find the windows security policy system pretty useless, they dont offer anywhere near enough modularity. for example, say i want to give install permissions to a user, but dont want to give them +w to /windows. right now, its not possible, but it will be if they keep going the way they are going. you are right by saying as of now, its more trouble then its worth to run as a limited user in windows. however, it wont alwas be that way Wed, 09 Feb 2005 18:38:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? for example, say i want to give install permissions to a user, but dont want to give them +w to /windows. right now, its not possible, but it will be if they keep going the way they are going. you are right by saying as of now, its more trouble then its worth to run as a limited user in windows. however, it wont alwas be that way

Right, that was my whole point. I didn't mean to say that it would ALWAYS be that way, but just for the moment anyway Wed, 09 Feb 2005 18:45:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? "The new gen gaming console like th playstation 3 and xbox 2 will handily trounce the highest end PC in player experience. "

Boy, you said it. And that's not even mentioning the patches you'll undoubtedly need to get the game to work on your PC, and of course that's only if you meet the hardware requirements in an age when a brand new $650 computer can't even play a $20 game without dropping frames, generally freaking out and on occasion, just for fun, getting kicked out of the app by Windows "We're sorry but Windows needs to kick you out of your game even though you haven't saved it an hour"... By the time you've spent upwards of $800 on your computer or more, you can finally play Unreal Tournament. The real question for FPS people is why don't they get off their @$$es and go do paintball if they're so anxious to shoot people, especially considering the money they would save? Do people really feel good about buying spending a grand or so just to play videogames?

They talk about first person shooters all they like, but play a game like KOTOR on XBox and then try and play it on PC with the mouse and keyboard. Way too tedious. Wed, 09 Feb 2005 18:47:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? The real question for FPS people is why don't they get off their @$$es and go do paintball if they're so anxious to shoot people, especially considering the money they would save? Do people really feel good about buying spending a grand or so just to play videogames?

Because I just spent six years in the army and I don't feel like paintballing anymore, on top of all the actual CQB training we did. I have a PC and I want to install the games that I want, period. Be it FPS', RTS', and RPG games that we love. We don't have to come up with the alternative of buying a console, just because my mac doesn't have all the games I want to play. And what concern is it of yours if I feel good spending a grand just to play videogames?

By the time you've spent upwards of $800 on your computer or more, you can finally play Unreal Tournament.

How's this for embellishment? By the time you throw out your old mac and buy a new one, you can finally play Unreal Tournament. Wed, 09 Feb 2005 19:14:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? You're missing something. I've been running the way I described in the article for years now, and following the guidelines, the number of times I've been hacked/infected has been 0. Though I would agree with anyone who says that in GENERAL runnnig as a regular user is better than running as root/admin whenever possible, but in the case of Windows, it's a matter of convienence vs safety, and convience wins out here.

You will probably never know when a sophisticated hacker has made mary with your PC.There isn't a tool on earth that could detect all the hooks and advanced techniques of hiding processes.The point is merely in my opinion,that a personal experience can't be reflected on something exact.The result of adding one and one is and will most likely allways be two,and it's a bit hard to swallow when someone likes 3 better and mentions that as an option in a serious theme article.You could argue about the colours or the game atmosphere of some game without stepping on the toes of reality all day long.Without claiming to know everything i feel the need to say in my very own humble opinion that sercurity is a exact process with a lot off user parameters involved.The stuff as in Q3 doesnt belong in any serious security article,other than emphasizing a obstacle and preferably followed by an acceptable solution. Wed, 09 Feb 2005 19:20:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? "And what concern is it of yours if I feel good spending a grand just to play videogames? "

None at all. The post wasn't directed at you specifically, but since you asked, you don't think that's a little bit ridiculous spending that much when you could have just done Halo 2 for a couple of hundred?? Wed, 09 Feb 2005 19:27:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? >You mean in breathtaking 3D graphics and medicore gameplay? At least on a PC, you have the whole 'indie' scene going on, games that are written and played by people who don't judge the value of a game based on its polygon count. More than likely, the games that will be made for the PS3 and Xbox2 will be the same games we've been playing since the mid-80's ... only with prettier graphics. IMHO, I've played $10 shareware games that are more fun to play than just about anything released on the current generation of consoles.

i disagree (big suprise), it all depends on the genre. i would eat my hat before playing an fps or rts on console. at the same time, platformer and adventure games tend to be FAR superior on console. however, you are totally right about the whole "indie" scene on the pc, gathering of developers being a shining example of low cost, low budget games being better then the average flashy high bugdet shooter of the month.the only reason windows is currently on my main box is more of a world of warcraft bucket then anything else, if you are into rts, fps, simulation, or mmorpgs, you really dont have a choice other then pc. if you are more a sports, platformer, adventure, racing, or fighting game kinda guy, a console is the way to go. Wed, 09 Feb 2005 19:27:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? You will probably never know when a sophisticated hacker has made mary with your PC.There isn't a tool on earth that could detect all the hooks and advanced techniques of hiding processes.

You're right, which means if you run into this kind of hacker who wants in your PC bad enough, he's going to get in, period. There's no such thing as a computer online that's not hackable. What I'm talking about here in this article is security for your average, every day desktop user, who doesn't very often have some badass hacker specifically gunning for his machine. In almost all situations, it's either some worm making the arounds or somebody trying to find a way to use your box as a spam relay - they're not going to waste time trying to get into a reasonably secure system when there are 100,000 others out there that are wide open.

Having to do all those advanced security stuff certainly goes a long way of making your box more secure, as will hiring a security guard to sit outside by your front door while you're at work will make your house more secure. But when we leave our homes, we lock our front doors and accept that there is a very small chance that when we get home, all of our furniture will be gone. But the chance of that happening is so small, we normally don't do much more than that, unless you've got like $100,000 hidden away in your closet or something Wed, 09 Feb 2005 19:46:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Linux isn't necessarily secure out of the box. I've had an unprotected Linux box get hacked within 24 hours of going online.

when i take Slackware online, i disable services in inetd.conf. and add "--nolisten tcp" to X server args. with no listening daemons, it's much harder to own my box.

some extra tips for Windows:
Qwik Fix (if you use IE)
patch Mozilla, AIM, and other apps
disable unused services in services.msc
don't implicitly trust other boxes on your home LAN
20,000 entry hosts file to block suspect sites

all of the above takes maybe an hour or two, plus a few minutes a month to patch programs. it beats reinstalling Windows, or worse yet, losing your CC number to a script kiddie. Wed, 09 Feb 2005 19:58:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? The post wasn't directed at you specifically, but since you asked, you don't think that's a little bit ridiculous spending that much when you could have just done Halo 2 for a couple of hundred??

Not ridiculous at all when you already have the system. I, as well as what I would assume is much of the user base that even strolls through OSNews.com, don't only use windows to game. Quite the contrary for me, actually. I am a gamer, but do not game nearly as much as I used to. And when I do, Windows suffices. I also use Windows for work and encoding my DVD collection to avi, surf, IM, myHTPC box, etc. As for gaming, all I have to do is buy the game and install it. So, for me and many others, windows and the PC suits our gaming needs just fine. I don't think $50 is too exhorbitant a price to play Halo 2 on the PC. Wed, 09 Feb 2005 20:09:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Running without admin priveledges and trying to get things done on a daily basis in windows is a friggin headache for someone who wants to be productive.

I don't have Admin privileges on my Windows box at work, and yet I am productive...I mean, really, what amount of time a day do you normally spend installing software? Furthermore, I'm not sure how that would qualify as "productive" time..."productive" time is when you use applications, not when you install them, IMHO. Wed, 09 Feb 2005 20:32:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? You mean in breathtaking 3D graphics and medicore gameplay?

Hey, I don't mind that you prefer Windows at all, but if you're going to attack my industry in one broad stroke, I'm going to have to step in and correct you.

There are lots of very good 3D games with amazing graphics for the PS2/Xbox/Gamecube consoles. Of course, there's a lot of crap too, but that's volume for you. It's not fair to generalize the way you do

At least on a PC, you have the whole 'indie' scene going on, games that are written and played by people who don't judge the value of a game based on its polygon count.

Really? I'd be curious to hear about some of those 'indie' games. Unless you're talking about puzzle games, such as Bejeweled... The only example I can think of of a successful non-puzzle indie game is Counter-Strike, and that was a Half-Life derivative, which itself was a Quake derivative (though it had better gameplay than both its predecessors).

More than likely, the games that will be made for the PS3 and Xbox2 will be the same games we've been playing since the mid-80's ... only with prettier graphics.

That's because these games are fun. You're basically saying that because we're not inventing whole new genres, there's no creativity in games, which is complete BS. After all, there hasn't been any new genre created in movies or literature for decades, and still you get some pretty good films once in a while.

It's like saying that music sucks because most musicians still use a 4/4 beat, or that modern computing sucks because we're stuck in the WIMP paradigm. In fact, there's a reason why such formulas exist: that's because they work. Same thing goes for video games - you can't just say a first-person shooter or a real-time strategy game is just "more of the same" and not innovative because of its genre - it's how the genre is explored (the implementation, if you will) that counts.

IMHO, I've played $10 shareware games that are more fun to play than just about anything released on the current generation of consoles.

I find this hard to believe. Please give us some examples. I also doubt that you've played much console games over the past couple of years. Again, there's been a lot of crap, but there's also been some very innovative (and fun) games produced. Wed, 09 Feb 2005 20:43:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Virtually impossible for normal windows desktop use. I am not a windows desktop wizard and don't claim to be, but I wonder how many of these folks professing users not to run as root or with admin priveledges really actually use windows.

I've been doing since 1996. What problems are you having ? Wed, 09 Feb 2005 20:51:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? A bevy of FPS shooters and RTS games are one of the main gaming reasons I stick with windows.

Sure, but as soon as you step out of those genres the PC game scene sucks compared to consoles (which is not surprising, since a lot more development money goes into console games than into PC games as a whole).

The reason why FPS and RTS are more fun to play on PCs is, as you point out, the fact that you can use the mouse and keyboard combon. These types of games are more difficult to play with a console controller (despite the constant improvement in controllers). Case in point: Quake3 on the Dreamcast was very playable with the Dreamcast mouse and Keyboard. On the other hand, Halo and Halo 2 are proof positive that you can play FPS on consoles. However, you must realize that FPS and RTS games are but two genres among many.

Another point for consoles is ease of use. I want to play a new game? I just buy or rent it, drop it in the console, and it just works. No need for installation, updating drivers, troubleshooting all kinds of little problems, tweaking resolution+effects to get a decent frame rate, etc., etc.

PC gaming is mainly for geeks, while console gaming is much more mainstream (Minesweeper and Solitaire being the exception, of course).

lol, no ones saying there aren't any games for the mac, there are, just not as many and the selection is light years behind that of the windows crowd.

Similarly, the selection for Windows PC is light years behind that of game consoles. Wed, 09 Feb 2005 20:54:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? well, it seems like microsoft disagrees with you. we've seen them moving towards a multiuser system since nt. sp2 (whose purpose was a massive security overhaul) broke the old windows single user behavior that was used by older apps.

SP2 did nothing of the sort. It didn't make fundamental changes at the level you're talking about.

newer nt operating systems use something real similar to SELinux, which is along the lines of security policies rather then root.

NT has been doing this since it was released in 1993.

not trying to troll here, if im just missing something let me know. my guess is that longhorn will be alot more "unixy" then xp.

First you need to explain what you mean by "unixy".

when it comes down to it, security and convenience will alwas be a tradeoff. as it stands, i find the windows security policy system pretty useless, they dont offer anywhere near enough modularity. for example, say i want to give install permissions to a user, but dont want to give them +w to /windows.

This is a developer issue not a Windows one. App installations shouldn't be writing to the Windows directory at all and *should* allow for installation into the user's own directory. Wed, 09 Feb 2005 20:54:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? From my experience, you get a dialog box asking for the root password. And after about the 20th time I got asked for the password, I just started typing it in without even thinking about it. God forbid a trojan or something were to ask for the password, because I would most certainly type it in as a force of habit.

The problem isn't the things you do deliberately, it's the things that happen without you knowing - program bugs that let exploits in. If you're running as a regular user, the damage is somewhat contained. More importantly, most pieces of malware are written with the assumption that the user will be running as admin and simply fail if they're not (as they try to do things they don't have permissions for).

Not running as admin is basically a containment procedure - it means when you shoot yourself in the foot you don't blow the whole bottom part of your leg off with it. It costs nearly nothing in terms of inconvenience but introduces substantial barriers to today's malware (this will change in time as more malware is written to not need admin privileges, but hasn't yet). Wed, 09 Feb 2005 20:55:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Basically, the formula for modern gaming is this:

Take last year's game, add a couple of new weapons/levels and maybe increase the polygon count using the same engine, and then sell it for $50 as a whole knew game.

I'm sorry, but the majority of modern games are not even worth the packages they come in, either on the PC or consoles. I actually own an Xbox, bur rarely touch it because the games are so damn lame. Like Halo 2 which everyone brings up - was supposed to be this badass FPS, so I rented it and played it for maybe 10 minutes, basically the same crap we've seen over and over and over again. Hell, look at EA Sports and their ilk - how do they get away with charging full price year after year for what should be $10 expansion packs to last years games?
Sorry, but I come from the 'golden age' of video gaming, where you didn't have to sit through 3 hours of CG snorefest (hell, if I wanted to watch a movie, I would've rented one) and/or pour through a 300-page manual just to get into a game, so maybe I expect too much. And I'm not just biased towards video games, as most movies and music sucks too. Of course, you find a few gems every now and then, but is it really worth having to dig through the piles of shit in order to find them?

But hey, I guess if you like playing the same games year after year, you really don't have much to complain about. Wed, 09 Feb 2005 21:02:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Actually, I run as a power user at work because I don't have admin privileges. For every day use, this works out most of the time, but sometimes I lament about the things I can't do. So if I want to make a quick change at the system level, do I then need to shut down all my apps and log in as Administrator? Wed, 09 Feb 2005 21:08:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? "It costs nearly nothing in terms of inconvenience"

Not to geeks maybe, but I work with people who are distressed if the incons on the desktop are out of order. So far keeping systems patched and keeping the firewall on has kept us from any problems, but if I have a need to swith these people to Firefox or user accounts, I'm going to have to present my case trial lawyer style. What do you say in a situation like that? Wed, 09 Feb 2005 21:12:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? "Sorry, but I come from the 'golden age' of video gaming"

I'm curious which games you're talking and when the golden age was. Examples? Wed, 09 Feb 2005 21:15:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? >SP2 did nothing of the sort. It didn't make fundamental changes at the level you're talking about.

really? from what ive read, it made a bit of a buzz around microsoft. for the first time, microsoft broke old application compatiblity in the name of security. most of what was broken was stuff that violates NTs security paradigm. if you really want, ill google some links for you later, but it shouldnt be too hard to find.

>>newer nt operating systems use something real similar to SELinux, which is along the lines of security policies rather then root.

>NT has been doing this since it was released in 1993.

correct, that is what i was saying. with every version it becomes more powerful.

>First you need to explain what you mean by "unixy".

unixy as in multiple users with different levels of access. i remember reading that sfu was going to be integrated as well, but thats not what i was referring to ;-)

>This is a developer issue not a Windows one. App installations shouldn't be writing to the Windows directory at all and *should* allow for installation into the user's own directory.

actually, its a little of both. the problem is that everything is very tightly coupled in windows. things shouldnt need to write to windows, but in some cases they do. the registry needs to be cleaned up alot, with clear definitions of what is system stuff, and what isnt. program files should only be used for globally installed apps, otherwise they should go to the users folder. that kind of stuff. as i said throughout my post, microsoft is moving in this direction, and has for a long time. windows users shouldnt just ignore this stuff because they are used to a single user os. at the same time, ms is not done yet, and often the half implementation of this stuff will give extremely inconsistant results (whether or not something installs if you dont have privileges mostly depends on who made the installer right now). Wed, 09 Feb 2005 21:35:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Basically, the formula for modern gaming is this:
Take last year's game, add a couple of new weapons/levels and maybe increase the polygon count using the same engine, and then sell it for $50 as a whole knew game.

Actually, it'd be sold as a sequel, and people would know what they'd be getting. If they buy the sequel, it's because they liked the original and want to play more of it. That's market forces for you. There are also incentives to re-using the same engine, especially if you developed it in-house. Games cost a lot of money, and a great deal of that money is used on artistic production (modeling, animation, texture, effects, sound). If a developer can save some money by reusing last year's engine, they'll do so (also, it is costly for game programmers to learn a new engine for every game). The fact is that you can produce very different games using the same engine, like you can make two very different programs using the same toolkit.

That said, it's true that publishers will often try to duplicate the success of groundbreaking games, and this will stifle creativity and innovation. However, it's unfair to over-generalize like you do.

I actually own an Xbox, bur rarely touch it because the games are so damn lame.

Ah, that's your problem, you should own a PS2 instead! ;-) Seriously, the more innovative games (which are often from Japan) are often found on PS2 and Gamecube.

Like Halo 2 which everyone brings up - was supposed to be this badass FPS, so I rented it and played it for maybe 10 minutes, basically the same crap we've seen over and over and over again. Hell, look at EA Sports and their ilk - how do they get away with charging full price year after year for what should be $10 expansion packs to last years games?

Sports games tend to be repetitious, because they are based on a real-life game that doesn't change. Meanwhile, it's also difficult to break new ground in FPS games because there have been so many of them. I didn't really care much for Halo 2, but I have fond memories of the first one.

Sorry, but I come from the 'golden age' of video gaming

You don't have to be sorry, the first video game I played was Space Invaders, and it had only come out three months earlier. Needless to say, I was hooked after the very first game (which probably explains why I work in the games industry nowadays). It's a good thing we can still play these games using emulators, but the fact is that the industry has much evolved since then. Not only that, but there were sucky games back in the days as well (E.T., anyone?)

where you didn't have to sit through 3 hours of CG snorefest (hell, if I wanted to watch a movie, I would've rented one)

Well, just press Start and you'll skip cut scenes on most console games. That said, some people like their games to have a story. You can't please everyone, but fortunately you can skip movies on most games.

and/or pour through a 300-page manual just to get into a game,

By definition, console games are easy to play and reading the manual is almost always unnecessary. Most of them have 16 or 32 pages, max (often with a couple of pages devoted to ads).

And I'm not just biased towards video games, as most movies and music sucks too. Of course, you find a few gems every now and then, but is it really worth having to dig through the piles of shit in order to find them?

Yes, because there's no other way apart from forbidding people to make bad art/movies/books/TV/music/games. You want quality, you'll have to look for it. However, it's not that hard: there's word-of-mouth, web sites aplenty, magazines...

But hey, I guess if you like playing the same games year after year, you really don't have much to complain about.

Ironically, I don't play that much games during a year. The last thing I want to do when I come home is to get back on the PS2 and start playing. However, I try a lot of games for a few minutes, and people often show me stuff, just so I keep abreast of what others are doing. I'll usually play through 2 or 3 games a year, tops. Considering this, I try to select the best games I can. Don't get me wrong, we agree that there's a lot of crap, but there are quite a few good games out there as well... Wed, 09 Feb 2005 21:41:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? I'm curious which games you're talking and when the golden age was. Examples?

Well, now that we are officially off-topic (hey, the article author's the one who started it!)...

Best videogame ever (for me): Tempest. I'm actually trying to find a vintage Tempest machine, but the few I've seen were horribly expensive.

Other great games from that era: Stargate, Robotron:2084, Joust, Ladybug, Gyruss...man, I could go on all day! Wed, 09 Feb 2005 21:45:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? "Seriously, the more innovative games (which are often from Japan) are often found on PS2 and Gamecube. "

Unless you're a Star Wars fan in which case you're left out in the cold. Wed, 09 Feb 2005 21:47:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Temporarily, I was the most popular kid in the neighborhood when I got my Atari 2600. Then I got an Intellivision II. Then somebody else got a Colecovision and my popularity waned...

After that, it was Dino Eggs and Fahrenheit 451 on the Commodore 64. Wed, 09 Feb 2005 21:53:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? I imagine we're showing ours right about now. Wed, 09 Feb 2005 21:55:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? you can count on it... but I ought to admit that I fit perfectly in the same "period" (to put a friendly name).

:D

Don't forget The TI99/4A and it's fabulous Parsec. (that did it...) Wed, 09 Feb 2005 21:59:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Actually, it'd be sold as a sequel, and people would know what they'd be getting.

Right, so you're telling me that all those games using the Quake 3 engine were sequels?

That said, it's true that publishers will often try to duplicate the success of groundbreaking games, and this will stifle creativity and innovation. However, it's unfair to over-generalize like you do.

Um, no it isn't ... just LOOK at the games on the shelf today. A whole lot of crap, very little quality.

Ah, that's your problem, you should own a PS2 instead! ;-)

Actually, I had a PS2 and sold it. I plan to do the same thing with the Xbox, but haven't gotten around to it yet. On the other hand, I may put a mod chip in there so I can play some real games on the 46' Toshiba.

I'm curious which games you're talking and when the golden age was. Examples?

My first console was an Atari 2600, if that tells you anything. Favorite game of all time - Robotron 2084 - the closest thing I have found to digital crack so far
When my dad came to visit for the holidays, I put in Atari Anthology and introduced him to Yars Revenge. It was close to his bedtime, but he kept forgoing sleep for just 'one more game', and that is gaming at its best. VERY few games today have that sort of addictive nature to them. Wed, 09 Feb 2005 22:05:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? It's been a while since we last met online. I only post here from time to time now. How's it going?

I don't dispute the dominance the consoles have over the gaming market, after all, it pretty much is the gaming market. I am simply firing back at those mac heads who are quick to dismiss windows as an unacceptable gaming platform, among other things, and then further say "that's what the consoles are for." I pretty much only play FPS's and RTS games, which makes my choice of windows as a gaming platform pretty clear. But no doubt, the consoles have always been, and will always be the gaming mainstream as you pointed out.

I don't have Admin privileges on my Windows box at work, and yet I am productive...I mean, really, what amount of time a day do you normally spend installing software? Furthermore, I'm not sure how that would qualify as "productive" time..."productive" time is when you use applications, not when you install them, IMHO.

You're right, "productive" time varies from person to person. I am talking my home productivity. For me, that means using apps, installing/uninstalling them, backing up my DVDs, bootskinning, uxtheming, having fun with it, etc. I remembered having difficulty doing some of those things without admin priveledges. So, I said screw it and gave myself admin rights and that was that. It's been so long since I have been logged in with other than administrative rights, that I can hardly remember (last time I tried I was using 2000 Pro I believe). The point was, to this day, I have been running with admin rights and all has been well with me security-wise.

Good to see you again, a nun he moos. Wed, 09 Feb 2005 22:11:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Right, so you're telling me that all those games using the Quake 3 engine were sequels?

Allow me to quote you on this: "Take last year's game, add a couple of new weapons/levels and maybe increase the polygon count using the same engine". What you're describing here is a sequel, not just a new game with the same engine. Case in point: Half-Life vs. Quake. They did not simply add new weapons/levels - they had completely new weapons (with different behaviors) and completely new levels - in fact, a new setting. The art direction was totally new, there were lots of new gameplay mechanics and the story...well, there WAS a story, contrary to Quake. To me, Half-Life is not a pumped-up copy of Quake, but rather a complete game in and of itself, that just happens to use the Quake engine.

Um, no it isn't ... just LOOK at the games on the shelf today. A whole lot of crap, very little quality.

Well, to be fair, you have to play those games to judge them, not just look at the box. It depends on what you like, I guess. But, by definition, quality games will be more scarce than crap games.

VERY few games today have that sort of addictive nature to them.

True - but there's a reason fot that. We've moved from put-another-quarter-in business model to a buy-the-new-game one. Games are now designed to generally have between 6 to 15 hours of play time. Wed, 09 Feb 2005 22:27:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Actually, I run as a power user at work because I don't have admin privileges. For every day use, this works out most of the time, but sometimes I lament about the things I can't do. So if I want to make a quick change at the system level, do I then need to shut down all my apps and log in as Administrator?

Right click -> Run As.

The only tricks with Run As are that you need to Shift+Right click on control panel icons to get the "Run As" option and that starting a copy of Explorer as Admin is rather unintuitive.

To get an Administrator level instance of Explorer, you need to "Run As" *Internet Explorer* and then chuck a drive letter into the URL bar. Hopefully Microsoft will fix this someday. Wed, 09 Feb 2005 22:51:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? So far keeping systems patched and keeping the firewall on has kept us from any problems, but if I have a need to swith these people to Firefox or user accounts, I'm going to have to present my case trial lawyer style. What do you say in a situation like that?

Firstly, there's basically nothing a typical user should *need* admin privileges for in a managed environment. Most applications that have trouble running as a regular user can be fixed with a bit of permissions fiddling in the relevant registry keys and filesystem. For the tiny minority that can't, a "runas /savecred" shortcut should make end user interaction pretty much transparent.

The problem with giving users elevated privileges is not that they have Administrator access to their machines, per se, it's when they run as an Admin *all the time*. We don't have a huge problem with giving (most) users a *local* (obviously not Domain) Administrator account to log in with when required, but if we find people running as an admin level account *all the time* they're in for a serious dressing down.

We simply presented it as a benefit - users wouldn't be able to install their own software (ie: P2P, etc applications), users wouldn't be able to (easily) hose entire machines, most malware and viruses don't work when the user isn't an admin, etc.

I've considered a move to Firefox for external web browsing (enforced at the proxy level by user-agent checking), but the lack of easy centralised management for Firefox and that annoying copy-paste bug have thus far stopped me. Wed, 09 Feb 2005 22:53:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? really? from what ive read, it made a bit of a buzz around microsoft. for the first time, microsoft broke old application compatiblity in the name of security. most of what was broken was stuff that violates NTs security paradigm. if you really want, ill google some links for you later, but it shouldnt be too hard to find.

Most of the breakage from SP2 came from things dropping "bug compatibility" with some earlier versions of Windows, recompiling most of the system with an improved compiler (limiting buffer overflow exposure) and the firewall defaulting to "on". I imagine there was also some tweaking of files and registry permissions.

Personally I wouldn't consider any of that "fundamental changes", but YMMV.

correct, that is what i was saying. with every version it becomes more powerful.

Well, not really more powerful, perhaps just more finely configured.

unixy as in multiple users with different levels of access. i remember reading that sfu was going to be integrated as well, but thats not what i was referring to ;-)

Well, NT has supported multiple users with different levels of access since it was released, so in that case I'd have to say "no".

actually, its a little of both. the problem is that everything is very tightly coupled in windows. things shouldnt need to write to windows, but in some cases they do.

Yes, poorly written applications - that was my point .

the registry needs to be cleaned up alot, with clear definitions of what is system stuff, and what isnt.

These things are already well defined. The problem is with developers who are still writing like their applications are only going to run on Windows 95.

program files should only be used for globally installed apps, otherwise they should go to the users folder. that kind of stuff. as i said throughout my post, microsoft is moving in this direction, and has for a long time. windows users shouldnt just ignore this stuff because they are used to a single user os. at the same time, ms is not done yet, and often the half implementation of this stuff will give extremely inconsistant results (whether or not something installs if you dont have privileges mostly depends on who made the installer right now).

Again, this is all developer issues. The basic facilities for this have been around since NT was released (with somewhat more advanced features like prompting for an admin user account introduced in Windows 2000) and were supported (albeit not enforced, for obvious reasons) even in the non-multiuser Windows 9x line. Wed, 09 Feb 2005 22:55:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? I'd be interested to know what software you've got that doesn't work with "Run As", because I haven't seen any for many years (and I've been doing the regular user/Run As thing in NT since 1996).

I call shenanigans. Thu, 10 Feb 2005 02:36:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? I call shenanigans.

Any particular reason ? Thu, 10 Feb 2005 03:00:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Is Darius lithuanian? Name is lithuanian for sure Thu, 10 Feb 2005 12:28:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Is Darius lithuanian? Name is lithuanian for sure

Dunno ... I stole the name from a friend of mine Thu, 10 Feb 2005 14:09:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? Darius is persian Thu, 10 Feb 2005 16:19:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? "Install a software firewall before going online: You should burn one of these to CD and have it ready before you reinstall Windows the next time."

Why I have a real hardware firewall (not a router) I
don't need a bloat monster like ZoneAlarm hogging my
system resources it's annoying and it makes a bloody
mess in Windows registry. Thu, 10 Feb 2005 21:02:00 GMT donotreply@osnews.com (Anonymous) Comments http://osnews.com/thread? http://osnews.com/thread? "Install a software firewall before going online: You should burn one of these to CD and have it ready before you reinstall Windows the next time."

Those were either/or options, meaning install a software firewall if you don't have a hardware one. Anyway, I like to have a software firewall in addition to hardware (I use Sygate myself), because I can more easily tell which apps are trying to send outbound packets. Thu, 10 Feb 2005 21:12:00 GMT donotreply@osnews.com (Anonymous) Comments