Home > Microsoft > Gartner takes Microsoft to task Gartner takes Microsoft to task Submitted by Tudy 2005-02-21 Microsoft 49 Comments Microsoft should be concentrating on securing Windows instead of trying to challenge security software companies, according to research firm Gartner. About The Author Eugenia Loli Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker. Follow me on Twitter @EugeniaLoli 49 Comments 2005-02-21 10:09 pm There shouldn’t be a need for third party security companies. The security should be built into the OS. If Symantec can protect against malware, why can’t the OS just do it itself? 2005-02-21 10:18 pm Yes and no… There shouldn’t be a need for anti-spyware software, period (various Linux packaging approaches deal to this pretty well) – and hence no anti-spyware companies. There shouldn’t be a need for anti-virus software – IMO there’s currently not if you’re running anything other than Windows. But it seems to be a somewhat necessary evil… Personally I detest Microsoft’s approach to security for the last few years – the way they’re trying to persuade us that antivirus software and firewalls are necessary and everyone should have them, rather then building a decent OS that makes them redundant. 2005-02-21 10:23 pm I have this MacWorld magazine here and it talks about securing your Mac (don’t even have one yet), and they suggest you get AV software and a third party firewall even. Seemed strange. Also, the PC I just bought came with Norton Firewall pre-installed. You mean the XP firewall isn’t good enough? What’s the problem? 2005-02-21 10:24 pm There shouldn’t be a need for third party security companies. The security should be built into the OS. If Symantec can protect against malware, why can’t the OS just do it itself? Because then the European Union would force MS to create a Reduced Security Edition of Windows. 🙂 2005-02-21 10:39 pm I have the french edition of your MacWorld magazine. It says while the Mac doesn’t need AV software for the moment it’s good to run something so that you won’t infect PCs. 2005-02-21 10:39 pm I don’t know about Mac OS-X+, but most OSS OS don’t generally need AV software or third party firewall software. In fact most OSS OS’s could potentially act as decent firewalls to keep your other machines safe from outside attackers, and restrict people on the inside from doing bad things. As for viruses there are only a few major ones that can do system wide damage, such as rootkits and worms, but I don’t think most home users have to worry about those. Even if someone does manage to sneak in a rootkit onto your box there’s free software to get rid of it. As for MS and security they can squeeze more money with a protection scheme, but don’t know if they would. They all ready get plenty of revenue from their OS and Office Suite, not saying that they wouldn’t want more. 2005-02-21 10:56 pm I knew something was not right when MS came out with it’s own anti-spyware software. If you stop to think about, it’s actually quite bizar. Is that how far we have come in the 21st century. Make crap software, and then make other software to prevent the crappiness from ruining your customers data and privacy. I think it is a huge step back, and I sincerely hope MS does what it needs to do with Longhorn. Just create a f***ing OS that’s secure, because this is embarrassing. 2005-02-21 11:08 pm is that no one is doing anything to stop MS from doing these kind of filthy dirty business tricks to milk money from legit consumers and corporations. Our society has become completely information based and information exchange is very common. I think MS sees this and just like one of the posters said the reason why would they work ground up on a brand new OS and fix all the problems when they can launch damn updates every month to patch problems so that people keep paying the piper. Longhorn is going to be the biggest piece of crap the planet will have ever known and I am gonna keep my XP so I can play games. I am an avid XP user adn while i am comfortable with XP I am not comfortable with the fact that us users have to install all sorts of malware and spyware removal tools to just keep the machine alive!! All these crazy drivers and crazy services that keep running leaving your ports open for hackers is just messed up! That is where tools like nLite come in to compact and shrink and free up resources on machines running XP. But regular users dont have time to do this kind of stuff. I cant personally wait to buy a really powerful Mac whenever it comes out…but even then I doubt if us users would be safe. 2005-02-21 11:11 pm Isn’t this the way that Microsoft began with dos? The whole borg mass assimilation strategy will be the end as was the beginning if they dont get it right at Longhorn. Peace 2005-02-21 11:14 pm It’s like the fox selling hen house insurance. Great that MS is giving it away for clients. They would sell it if they weren’t so afraid of the massive backlash this is beginning to cause. And don’t get me wrong, MS is still well entrenched, but the early signs of shift were happening. The PC world moved from, “you don’t think about which operating system,” for 99% of the population to, “do I want Windows, Mac, or Linux.” Being the ultra paranoid company, MS didn’t like what would happen next, particularly with their quality issues. So they’re giving it away to keep Windows in its place. Corporations can look to server solutions for a fee. Coming soon… And when McAfee and Symantec are toast in 5 years, MS will start charging subscriptions. Count on it. I will continue to use Symantec or McAfee products since MS is a train wreck on quality and security, and frankly, because I don’t trust Microsoft at all. So I am happy about this move since it will for the ISV’s to innovate and keep their prices low. 2005-02-21 11:17 pm in other news, Microsoft is buying Gartner 2005-02-21 11:18 pm I have a mac and I don’t run AV software on it. I tried Norton one time, but for the last 4 years I never have needed AV software running OS X. There can’t be a real virues threat, or Apple keeps doing a good job with updates,,,,i have’t been infected. Now my two XP boxes….yes..they’ve all been infected. I just cleaned data mining software off it today, 46 different items. On top of that viruses have gotten on both XP machines. 2005-02-21 11:26 pm Seem to me I remember some other companies that went by the wayside adding functionality to Windows. What ever happened to Stacker and Syquest?(I think that was the name) Oh well, you play with the big dog, you might get bit. 2005-02-22 12:09 am i don’t normally use such strong words as “joke” – but when you can’t deploy an OS without thining about 3rd party anti-virus, 3rd party firewalls, 3rd party anti-spyware, 3rd party registry and system cleaners, 3rd party software uninstallers … you have to ask .. is that OS a joke? 2005-02-22 12:15 am Lets look at the average modern desktop for a moment.. Desktop OS – Microsoft Internet & Communications – Microsoft Office Productivity – Microsoft Development Tools – Microsoft Antivirus & Security – Norton + Others Its clear that this is their last segment to squeeze a little more revenue from — nothing wrong with that per se — but doesn’t lend itself to making any more friends. 2005-02-22 12:50 am Not sure why you would need virus software for OS X? I havent bought virus software for my Mac or firewall. Windows machines are exploited not because of marketshare, but the system overall sucks. when was the last time an activeX or VBScript affected your Linux or OS X computer? NOT!!! not that viruses cant happen on a Linux or OS X computer, but the program would require permissions to do so. 2005-02-22 1:32 am “Buy my AV and Anti Spyware so the virii and spyware that I allow to exist don’t take out your legs.” -Microsoft 2005-02-22 1:37 am The trouble with Windows is too many services running by default and too much tight integration of those services into the operating system. Sure many Linux distros leave all sorts of crap running in a default installation but its possible to turn off services so theres NO ports listening and still have a usable desktop operating system. Window has evolved from an operating system developed in the early 90s when we did not have the hostile internet as we know it today. In those days windows boxes were connected to relatively safe local area networks. The whole basic design of the operating system is flawed. Its like running around in a sinking ship trying to plug all the holes-plugging the holes wont help in the long run-u need a whole new ship. 2005-02-22 1:58 am You know. I run the default Fedora Core 3 and before that FC2/FC1/RH9/RH8/RH7.4?/RH5.? and I have never had a single security problem. Whats up? I do not work in the computer world so I am not a tech wizard. In the early days I had a devil of a time learning to get sound and printing working. I was just cheap. I didn’t want to pay MS. Why doesn’t everybody do this? Or use some other nix? Why?????? 2005-02-22 2:00 am I run a Linux shop at home…server, main computer, kids computer and laptop. I think a valid reason for running anti-virus software on a MAC or Linux is so that you can make sure that you don’t PASS ALONG one that is riding on e-mail. I have cron do a scan of my /home directory every morning just so that nothing like that happens. However, that said, I agree with a lot of the comments above. Windows really is a BAD operating system in this area. It is still WAY too vulnerable. And…like one post says above, what’s with all of that extra utility stuff you need just to keep the thing healthy? THAT says something right there! Although I ADD F-Prot to my Linux system, I need no other utilities to keep it healthy….cron cleans things out on a regular basis and there is nothing else to worry about. THAT’s a real operating system….one that lets you OPERATE your work and business! 2005-02-22 2:28 am Solutions: GNU/Linux | BSD | Mac Lets just put an end to this tragedy we call Windows… 2005-02-22 2:36 am Well, Linux could theoretically be vulnerable to trojan attacks, with malware installed through fake rpms or such (disclaimer: I’m not a programmer). It wouldn’t affect the system, but it could mess with your files. If you only install stuff from trusted sources (i.e. official repositories) then you’re pretty safe on that side. Other non-trojan viruses aren’t that effective on Linux/*nix systems because you can’t make a file executable through its filename (like in Windows). There has been a single Apache/Linux worm of importance, Slapper. And of course the grandaddy of them all, the Internet Worm of 1988, which affected Sun and VAX systems. In recent times worms have mostly targeted Windows servers. 2005-02-22 2:45 am Thats why you need nLite. I personally just started using it and have created an XP Home Edition install CD from my OEM XP CD with SP 1a. The OEM CD was 520-550 mb and now my install CD is 520 MB with XP Home + SP 1a and SP2 and Directx 9 and windows media 10…What I am trying to say is that XP can be completely reconfigured to have a tiny footprint with no useless services. This way it would be safe. I think this is the first step with us end users trying to morph the OS into something useable. I have not had a virus problem since the windows 98 days personally, but that does not mean that other people dont. MS needs to look at Apple and see that they need to improve quality big time. 2005-02-22 3:04 am Unfortunately there are enough users out there who would rather buy more and more layers of anti-this and anti-that software than switch to a secure OS. Until that happens, nothing can force Microsoft to secure its OS. As an example, I recently touted the Xandros Open Circulation Edition to several colleagues at the office who constantly complained how the PC at their home were getting packed with all sorts of rubbish. Add to that the constant cribbing about viruses, spyware etc. Despite my links to several articles showing positive reviews and screenshots as well as list of features and advantages, several of them prefer to buy anti-spyware for $39 rather than switch to a free OS. It is this kind of self-inflicted slavery that is keeping Microsoft in business and at the top of the pecking order. 2005-02-22 3:51 am What to do when people whine and complain about anti virus, and spyware after you have offered a solution. .. Tell them that it’s THEIR fault they have problems, and that you don’t want to hear them whine anymore. It worked for me, when people come to me with viruses and spyware after i’ve already told them of ways to end their problems I tell them that I don;t want to hear it. End result, they either learn to fix it themselves, they switch, or they pay real money for someone to fix it for them. Best part? I don’t hear them complain about it again, either way. 2005-02-22 3:54 am For those that don’t think they need anti-virus on Windows, ask my last manager. We argued for years about the need for AV, until one day when his ISP sent him a letter threatening to shut off his service because he was so virus ridden. My response? I laughed at him, and said I told you so. If you run Windows, you need to protect it or you will get computer AIDS and that’s a FACT. You won’t even know it until your ISP beats down your door, and then it’s already past too late. 2005-02-22 4:18 am Heh. My brother-in-law is a hard core Redmond user. He says Longhorn is a load of …. . SO I doubt M$ has solved anything but made it look pretty. 2005-02-22 4:29 am I use Panda Online AV to get rid of virus if i ever get one…havent gotten one yet. use lavasoft adaware to get rid of malware….which i dont get ever since i got sp2 and started checking blocking cookies. xp is crap but u gotta dig to make it shine. i have done a lot of digging. i keep xp cause i like to game. pure and simple. xp is not bad once u get the hang of it. 2005-02-22 4:36 am They will not listen. There is more money to be made off ‘Security Products’ than by securing Windows. They want to sell Anti Spyware to the corporations – the same will probably hold true for their Anti Virus when they bother to do something with the IP they bought. It looks good for the consumer giving away ‘free protection’, and they can charge recurring subscriptions for the companies which is something they have been wanting to do for a while – regular revenue. To summarise, they will NOT secure Windows or IE as it is NOT in the interest to do so. 2005-02-22 4:46 am As long as Windows users continue to run as Administrator, download and run any old program that come their way, and run malicious programs, you are going to need some sort of protection against viruses and spyware. I dont run as adminstrator, dont willingly download and install junk off the net, and watch what I download from my e-mails. How many viruses and spyware have I had in the last few years? NONE! Dont think for a minute that OS X or Linux is completely immune from this kind of stuff. Windows has two things going against it: 1. Its dominent. Why target a small amount of users with your new spyware or virus? If the goal is to infect the largest amount of people possible, you might as well put your efforts into the most used OS. Kinda like how many software companies dont port to Linux and OS X. Not enough users to justify the effort. 2. Dumb users. Not only are there alot of people using Windows, but there are several dumb ones as well. I’m not saying that they are idiots, but when it comes to computers they dont know how to be safe. Now going to Linux may work so they dont have to worry about spyware and such, but imagine if there was a large scale migration of home users to Linux. The same old habits these users had on Windows will carry over to Linux. Add in a mix of spyware from increaded market share and Linux too will have some problems of its own. 2005-02-22 6:23 am There are plenty of tools out there to secure windows permissions, lock down its services, and substitue programs that are more security oriented for everyday tasks. People here post plenty of guides showing productive ways to streamline windows, increase system security and prevent an installation from being compromised. Yet all people around here do is say how “insecure” windows is… Fine. The default installation isn’t very secure. Big deal. The default installation of Ubuntu won’t play movie trailers off the internet, nor will it automatically configure wireless cards. No seems to complain that they have to do a little configuring linux to get what they want. So why does everyone one make a big fuss about having to lift a finger (without spending money) to secure windows? The reason I don’t run linux is that I’d don’t know it well enough to really be secure. Once I’ve installed a linux system, I’m not familiar enough with everything to know exactly what is running, or what I need to lock down, configure, and properly secure. Notice I’m not blaming linux – I just know my current limitations. If you don’t know how to properly secure Windows, use something you do know how to use safely. The worst thing one could do (and what every linux fan here likes to do) is give out an OS, screaming to everyone that its “secure” and just fixes everything. Security comes from knowing how to use a tool correctly – not the tool itself. 2005-02-22 9:10 am Fantastic post, Vincent. (Sorry this desn’t contribute much more than a ‘me too’ post would, but I had to say it.) 2005-02-22 11:18 am “Microsoft’s overriding goal should be to eliminate the need for (antivirus) and (anti-spyware) products, not simply to enter the market with look-alike products at lower prices,” This would be the actual end to competition in the anti-spyware / anti-virus markets. This has been a typcial strategy of MS for over 2 decades. _____________________________________________________________ “You don’t just judge a company by what they say, you also judge them by what they do. Microsoft’s recent clampdown on MSN Messenger to repair the vulnerabilities there is a clear sign that Microsoft can mobilize very quickly when something is completely within its control. If Microsoft was ignoring security, the market would punish it and so would the legal system,” Turner said. I guess he hasn’t read the EULA for MS products. You cannot hold MS reponsible. If you read the section on the Windows 2000 EULA entitle: “EXCLUSION OF LIABILITY/DAMAGES.” Or here is a quote from XP Pro. “LIMITATION ON REMEDIES; NO CONSEQUENTIAL OR OTHER DAMAGES. Your exclusive remedy for any breach of this Limited Warranty is as set forth below. Except for any refund elected by Microsoft, YOU ARE NOT ENTITLED TO ANY DAMAGES, INCLUDING BUT NOT LIMITED TO CONSEQUENTIAL DAMAGES” Google for the EULA’s and actually read them. Its kind of scary. ____________________________________________________________ “Gartner’s MacDonald also rapped Microsoft’s decision to create an updated version of Internet Explorer (7.0) for Windows XP only, hinting that motive for the decision could be to push corporate customers into upgrade their systems from Windows 2000.” And this is a surprise how? How about not intergrating IE and Outlook Express into the base system. Give the user the ability to remove them. 2005-02-22 11:54 am 1. Its dominent. Sorry, I have to disagree. Think about web servers. Apache is the dominent web server; however, it doesn’t have all the compromises as IIS. 2. Dumb users. Ok, I have to agree here. No issue. __________________________________________________________ Fine. The default installation isn’t very secure. Big deal. Sorry Vincent… This is a huge deal…Users will never learn to secure their systems. By not doing so, they cause havoc for other people, like being a spamming host. Warez server or what ever. Secure by default should be mandatory. Make the user set up their networking, make them turn on file sharing, let them create share and create who can share them. Default setting should not be set to allow sharing by default to all users. If your going to turn a service on, make sure it has sane defaults. That is it. Otherwise don’t turn on the service. _____________________________________________________________ The worst thing one could do (and what every linux fan here likes to do) is give out an OS, screaming to everyone that its “secure” and just fixes everything. Security comes from knowing how to use a tool correctly – not the tool itself. Hey, I am a *nix fan (Linux, *BSD, Solaris) and no, I don’t scream its secure. I have seen several distro’s that have services turned on w/out sane defaults. 1) Like X is listening and waiting for a connection. 2) How about SSH running in the background waiting for a connection or 3) sendmail is running and not config’d for local mail delievery only. Some distro’s take the time for sane default settings and some don’t. Its in all in who or what you pic. Now on the bright side, it has been getting better for the general purpose distro. Look at the *BSD’s, secure (for the most part) upon install. Heck, DHCP and networking isn’t even turned on. And no, I would’nt recommend this for a new user or grand ma. Is setting up *BSD’s hard? NO. Just a few quick edits and your off and running. The same thing applies to the secure Linux distro’s out there. What about the Mac’s? Well, I have heard they have sane default installs. But, I cannot specifically comment on them. How is the default install of OS X? I would like to hear from some security inspired OS X users. 2005-02-22 11:57 am I get sick of hearing that people hacking into Windows based systems is Microsoft’s fault. That’s like blaming stolen cars on Ford or GM. I don’t care what you do to ‘secure’ your OS, it’s going to get hacked by someone. To state that Micorosfot is at fault for us having to use antivirus and antispyware utilities let’s the real perpetrators of the crimes get away scot free. Next time a bank gets robbed, I think we ought to throw all of the bank’s employess in jail for obviously not doing their job. If they were, then they never would have been robbed. It’s not the bank robber’s fault, it’s the banks. No matter what kind of system you put together, there will be people who try to take it apart. THe more complex you make it, the harder the criminals will work at it to break it down. Get over it already. 2005-02-22 12:07 pm Gosh, I hate even more listening the the religious zealots in the Mac and Linux world chanting about their OSX and Redhat installation done get attacked. With single digit marketplace percentage numbers, is that any wonder? That’s like you standing in a crowd of a million other people and someone starts shooting. Then when you don’t get hit, you proclaim it’s because of your purple shirt and everyone had ought to get one. If I am going to spend my time writing a virus against an OS. I am going to choose the one that I will get the most bang for my buck from. I am not going to waste my time for 1% of the machines out their in hopes that I can infect 1% of the 1%. Now who is stupid? That arguement holds so little water. Why can’t they see the forest throught the trees? 2005-02-22 12:31 pm “If I am going to spend my time writing a virus against an OS. I am going to choose the one that I will get the most bang for my buck from. I am not going to waste my time for 1% of the machines out their in hopes that I can infect 1% of the 1%. Now who is stupid? That arguement holds so little water. Why can’t they see the forest throught the trees?” Does it make sense for such a large target to give its users administrator privileges by default, especially considering that many of those users are not computer literate? Mac OS X doesn’t do this, Red Hat doesn’t do this, Xandros doesn’t do this, so why does the operating system that is the biggest malware target on the planet do this? The simple fact is that these alternative operating systems, even if they had Windows’ market share, would be safer (not necessarily safe, but safer) for no other reason than that. 2005-02-22 12:34 pm Intresting discussion with many valid points. I’m a big fan of Linux, call me a Linux fanboy if you like. Every change I get I’ll tell everybody that GNU/Linux is a good OS. It’s good in some areas where Windows is weak, but Linux has it weaknesses. The fact that you need to work to get your computer safe is the most relevant issue here. Security is not software. I repeat: security is not software. Security is a process of preventing unwanted risks. Security starts by understanding this, and by wanting to learn to minimize the risks. Many Windows users do not want to learn secure computing. You will get trouble if you do not care even if you’re running Linux. My Linux webserver has been compromized once, because I was running outdated webserver (Apache on Redhat), without automatic updates. I’ve learned my lesson, I use Debian GNU/Linux with cron-apt which updates security updates automatically. Ok, that much offtopic, and now to the topic: I’ll sum up what’s happened: 1. Microsoft makes an operating system that allows insecure tecniques 2. Security companies start selling security software 3. Microsoft starts selling security software Why oh why Microsoft does not increase security with more secure software? – Drop ActiveX – use more shared libraries – allow automatic updates of all their software (take a look at Debian and apt-get) The only natural explanation to me is that they really do not want to make more secure software. By the way: This talk about MSN Messenger update in this article is so bizarre I do not know if I should laugh or cry. MSN Messenger was vulnerable for PNG exploit for 6 months, before Microsoft fixed it. Was that fast for you???? If you want to see what I’m talking about here, see for yourself: Cert announcement was public 4.th August 2004 http://www.kb.cert.org/vuls/id/388984 Microsoft update (six months later) http://www.microsoft.com/technet/security/Bulletin/MS05-009.mspx (you can see the bulletin release date at the bottom of the page) See the date Debian fixed this http://www.debian.org/security/2004/dsa-536 See the date Redhat fixed this http://www.redhat.com/archives/fedora-announce-list/2004-August/msg… have a nice day with your fast MSN Messeger security updates Eleknader 2005-02-22 1:36 pm > I get sick of hearing that people hacking into Windows based systems is > Microsoft’s fault. That’s like blaming stolen cars on Ford or GM Not quite – unless they continually refused to fit locks, or in some other way proved incompetent in securing the vehicles they manufacture. Car manufacturers are constantly keeping ahead of the car thieves with new locking, tracking and other systems. Why? Because if they don’t, their competitors will and they’ll lose money! Microsoft didn’t have any competitors for nearly two decades – where was the incentive to waste money on inconsequential security? You might not like Linux but even the most fervent MS zealot is better off with it around! 2005-02-22 3:48 pm I’ll bite. Ubuntu, and most Linux distributions in general are free (libre, dinero). You’d be a fool to complain about free lunch, TNSAAFL, just grab the salt, pepper, and ketchup and get to work. Movie trailers, movie trailers. Well that’s not really Ubuntu’s fault, they can do very little about what patent/copy right encumbered media formats mcse web master use. Hardware stuff, well talk to your hardware vendor tell ’em “Hey dude I’m like using linucks now, could you guys like send me a install ceedee for linucks? K thnx bye!”. Usually most hardware you buy comes with a Win32 installer with all sorts of neat drivers that the vendor writes, not MS. Microsoft’s OS on the other hand is expensive, at least for a legit copy. If I/you spend a nice chunck of money for a piece of software, I’d like to be decently stable/secure/usable or I’m sure as heck gonna go trolling on BBS. Microsoft has been at this game for over 20 years and can’t seem to get it down. Sure they promise Longhorn this Longhorn that, guess we’ll have to wait and see. You say securing Microsoft’s OS cost nothing? Zone Alarm is not free, Norton is not free, Ad-Aware is not free. All these apps are commercial applications, they may offer free versions but that’s a different subject. Anyways spend a month on *nix and get to know it/hate it intamately and come back and troll. 2005-02-22 4:39 pm “…What gets me…is that no one is doing anything to stop MS from doing these kind of filthy dirty business tricks to milk money from legit consumers and corporations.” I am. I am running Linux! 2005-02-22 5:36 pm MS is all about convenience before anything else. Linux is functionality before anything else. Both have flaws. XP default install has bloat and it should allow users to be able to configure the install completely like linux allows. I use XP to game and so I have no other choice than to keep using XP. Then I learned that I can secure my XP install and compact it to extreme means. Good news. But being that XP is the largest bulls eye out there, it is still unnerving. But in a way, MS is learning mroe about how to secure their OS by writing better code. My prob with MS is now that I have read all these opinions and I am a lot more educated now in my opinions thanks to you guys is that XP needs to not be the swiss army knife but rather a completely configurable leaned out version of an OS on top of which people can add stuff…exactly like Linux. I think the open source community has it right. But no one can deny XP is a brilliantly easy to use OS and has a lot to offer. Just like Linux. 2005-02-22 6:49 pm There are plenty of tools out there to secure windows permissions, lock down its services, and substitue programs that are more security oriented for everyday tasks. People here post plenty of guides showing productive ways to streamline windows, increase system security and prevent an installation from being compromised. Yet all people around here do is say how “insecure” windows is… How many typical home desktop users do *you* think have enough technical acumen to learn about and locate those tools, or even understand at a basic level what the security issues are in the first place? *That* is the problem many of us have. Windows is marketed to beginning users who don’t have a clue, and for the most part, the boxes being used by those users are insecure. Yes, there are plenty of aftermarket tools and techniques that one can use to secure their boxes, BUT THOSE TOOLS AND TECHNIQUES SHOULD NOT BE REQUIRED!!! Sorry to yell, but some folks seem to need a clue by four… 2005-02-22 6:56 pm is that no one is doing anything to stop MS from doing these kind of filthy dirty business tricks to milk money from legit consumers and corporations. I’ve been using OS/2 almost exclusively at home since 1992, only recently (1995) supplimenting it with Linux in a serious way, I used a Mac IIci as my workplace workstation from 1993 through the time of my layoff (2001), avoiding Windows use (and advocating the Mac) whenever I could in that context, and I’ve made my living writing code on platforms (OS2200 and Solaris) which are completely unrelated to Microsoft. What else can one do? What gets me is that more people aren’t doing the same. The writing has been on the wall for a LONG time, people… 2005-02-22 7:32 pm “There are plenty of tools out there to secure windows permissions, lock down its services, and substitue programs that are more security oriented for everyday tasks. People here post plenty of guides showing productive ways to streamline windows, increase system security and prevent an installation from being compromised. Yet all people around here do is say how “insecure” windows is…” people say how inhearently insecure windows is. it was built with security as an afterthought, linux on the other hand was built from day 1 to be a network operating system. “Fine. The default installation isn’t very secure. Big deal. The default installation of Ubuntu won’t play movie trailers off the internet, nor will it automatically configure wireless cards. No seems to complain that they have to do a little configuring linux to get what they want. So why does everyone one make a big fuss about having to lift a finger (without spending money) to secure windows?” first off all, not lifting a fingure means not doing work. you have a choice, either spend money, or go about trying to find the one or two halfway decent products in the huge amount of shareware that does these things. the only way its free is if your time means nothing. i dont have a wireless card, and windows wont play .mov files either without installing software that supports it. i think the big thing is that i can install ubuntu, connect it to the net, wait five minutes, and it WONT be infested with malware. “The reason I don’t run linux is that I’d don’t know it well enough to really be secure. Once I’ve installed a linux system, I’m not familiar enough with everything to know exactly what is running, or what I need to lock down, configure, and properly secure. Notice I’m not blaming linux – I just know my current limitations. If you don’t know how to properly secure Windows, use something you do know how to use safely.” if you just throw an up to date version of linux on your computer, chances are it will be secure enough for normal use. we arnt talking about hardened servers here, we are talking about being able to use the internet without it breaking the os. “The worst thing one could do (and what every linux fan here likes to do) is give out an OS, screaming to everyone that its “secure” and just fixes everything. Security comes from knowing how to use a tool correctly – not the tool itself.” first off, i have yet to scream anything about linux (at people anyways, there have been numerous obscenities hurled at my monitor over the years 😉 ) for the most part, you are right about knowledge being important. if you have one 20$ lock, and one 120$ lock, both will perform equally poorly if you dont turn the key when you leave the house. however, if one of them opens only if you turn the key, and the other opens if you look at it funny, you can still say that one is pretty crappy, and the other does its job well. 2005-02-22 7:56 pm I agree with one of the posters who said that the normal user would not spend that much time tweaking their XP install and since XP seems to be targetted for the masses, MS should have made it already tweaked and tight and secure right from the get go instead of all this unsecure bloat. I agree but I dont recall security, especially commonfolk getting their computers hacked or getting so much spam, virus, malware and adware on thier machine whenever they jsut try to connect to the internet to check their email! I dont recall there were such security issues and I am not even talking about servers or anything here but good old XP, when it cmae out. I dont recall worrying about internet malware when I was using 98 rather I remember worrying about viruses and stuff. So maybe we can give Microsoft a break on XP. I dunno. I am rather of 2 minds on this one. I can see the pros and cons to Linux and so can I on Windows XP. I guess I am flipflopping haha 2005-02-22 10:57 pm Jack First off I found your MCSE webmaster comment in the first paragraph to be very cute. I’d also like to know how you decided that apple.com employs MCSEs to run their website. If you might not have noticed, ironically, googling “movie trailers” has their site show up as first. “Microsoft’s OS on the other hand is expensive, at least for a legit copy.” Prove it. You might want to also read an on-going article series from the president of worldcom (also found on OSNews) showing the huge price hike you get from buying a computer with Windows installed on it vs getting one without an OS or with a Linux distribution. He happened to use Dell, Gateway and a few other vendor’s retail websites as a basis for his numbers — so it fits the end-user’s cost quite well. “You say securing Microsoft’s OS cost nothing? Zone Alarm is not free, Norton is not free, Ad-Aware is not free. All these apps are commercial applications, they may offer free versions but that’s a different subject.” In that same line of thought Jack I can say this: Red Hat, Novell, etc all have non-free (beer) commercial Linux distributions. They may offer free ISOs but thats a different subject. I fail to see how your above comment is different from the statement I just made to the point that it would bring any useful point to the discussion. There are publicly avaliable free versions of these tools that are not hindered in core functionality or ease of use. At best, brining up that they also have other commercial versions as well is a tacky ploy at using semantics to say that “ZoneAlarm” isn’t free because “ZoneAlarm Firewall” is the name of the free version. While at worst its just irrelivant pointless commentary on your part meant to take up the vacuum of not having any real point. Now it seems the main crux of your post was that its ok for Ubuntu to require work for things to function properly because its not expensive like windows. However, you have not presented a solid argument to support that windows is so much more expensive nor that the above mentioned tools are not freely avaliable for everyday useage. Therfore, in this context I fail to see why working to make windows secure is any worse than working to make multimedia or networking function properly in Ubuntu. As for spending a month in linux to “get to know it”, how is this: I know how to setup SSH from source; create both a ‘vanilla’ IPSEC LAN as well as establishing VPN connections using L2TP. I’m able to make both Samba and nfs shares. I can make users, groups, set file permissions. I’m able to compile mplayer so I can see those “stupid” movie trailers. I can setup Iptables and I’ve even played with the init scripts. I’ve also setup a stage1 install of Gentoo, once and it took me about a week of reading all the documentation. Do I feel thats enough to make a secure system? No. Do I think thats more depth of exposure than the “grandma” most linux gurus pride themselves on forcing their favorite “Desktop ISO” on? Yes. Maybe your definition of operating system competence for safe usage is using GIMP/OpenOffice in Ubuntu for a month – mine’s obviously a bit more detailed and I certainly don’t think I’m near the minimum required familiarity yet. Rich “How many typical home desktop users do *you* think have enough technical acumen to learn about and locate those tools, or even understand at a basic level what the security issues are in the first place?” In my defense how many home desktop users do you think have the acumen to compile mplayer+codecs from source, install decss functionality, or setup their wireless card+networking shares from a HOW-TO in the first place? I’m willing to bet that every destop user you name, will also fit in the criteria of the question you posed to me. Who ever said Windows was a beginner’s OS for people who are clueless? I know I never did. Are you sure that you are not assuming that just because something comes on your computer by default that its supposed to be some lowest common denominator of software? Yes windows has insecure defaults but these same defaults are designed to be unobtrusive to the begining user in order to maximize functionality. You might notice that the main end-user out there doesn’t buy a computer just to be secure from a virus – that person buys it so he can do/create something he wants with it. In that line of thought Functionality sells more than Security. So a compromise has to be made between the two at some point. The defaults are just that – they are not the end all be all of security for an OS. They are just what MS happens to think are a decent compromise between security, functionality and ease of use. If you don’t agree with their opinion you can change it, the problem is with the users not the OS. Matt “people say how inhearently insecure windows is. it was built with security as an afterthought, linux on the other hand was built from day 1 to be a network operating system.” Great. Windows was built from day 1 to be a desktop operating system for simple end-users. If you want to use that kind of logic in saying that linux is just that much more secure, then I can use this same logic to say that windows is just that much more suited to being what an end-user wants. Either way it sounds nice in theory but it really doesn’t mean much when you start looking at reality. “think the big thing is that i can install ubuntu, connect it to the net, wait five minutes, and it WONT be infested with malware.” This is true you can do that in Ubuntu. You can also do that with a current default install of windows. What is your point? 2005-02-22 10:58 pm Comparing the need to install some media codecs on Ubuntu to play music and having to tweak the hell and install a lot of 3rd party apps on WindowsXP just to stop it from turning into a user nightmare is idiotic at best. It is like comparing a house where the owner wants a plasma television to watch stuff on and the other owner needing a roof, windows and doors to protect themselves from the elements. Windows is a mess and it is a continual pain in the ass to keep running well whereas my experience with Linux is that it is very trouble free once you have it setup. It allows for you to just get on with using the computer. Even my non computer literate girlfriend prefers to let Linux load up and use that for her needs than Windows XP on our home system (dual booting). Did I mention audio on Windows totally blows where my prosumer gear under alsa works very well with no latency issues or bugs? 2005-02-23 12:06 am Everyone blames Microsoft for lack of security, but other than “improve it!”- no suggestions relevant to Windows OS whatsoever. Here is very simple question: a personal computer user at home, who happened to not have a geek available to babysit his computer, should that user be allowed to download and install software on his computer? By the same line of reasoning, should that user be allowed to install Web browser plug-ins, add-ons and extensions? Say yes- and then explain how would you make an OS of your choice secure for that home user. Say no- and give the phone # of a computer geek who will install the software or browser extension for you, free of charge, on a short notice.