That does, however, present problems with the tangled web that MS applications (and their local technies) have initatied.

For example, you're working in a java-enabled browser app that relies on Word to handle the printing end. THREE apps (the browser, Word, and the print routine) have all been called by the java app.

Do you want to enter your password three times? I don't. How successful do you think those apps would be for end users? (HA! nearly bust a gut thinking about it.)

I'm sure that if there were as many users of Linux as there are Windows, there would be just as many hacks and viruses spread through that OS. Can you imagine teaching an average user how to edit a Kernel? No one bothers writing hacks and viruses for Linus, because Linux isn't that common, and people who run Linux machines are not as likely to have a file on their hard drive named "all my passwords.doc."

Oh, sorry, it's not called "all my passwords.doc" anymore, because Windows had to hide the file extensions, because it was confoooooooosing for people.

Sorry... that was written by my disgruntled instructional designer voice--who comes out only when under tight deadlines and is frustrated by user ignorance of basic computer operations (that were listed as requirements when they took the damn job).

That's not quite accurate.

On *nix systems, users can often install and run software strictly from their home directories.

The key distinction is between root and user permissions (this gets blended a bit with ACL systems, but we'll just bracket that, shall we?); root can do anything to the system root feels like, and users can generally only touch their home directories.

A userland virus/worm could cause significant issues (say, by fiddling with the user's mailqueue or the like), but you need root access to fudge-up the whole system.

Windows XP has classes of users that are (to my knowledge; I don't use XP at home, and at work we're careful and keep up to date with patches, and don't use the limited users) limited in a very similar way.

The problem, of course, is that most people seem to prefer not having to enter passwords to the additional layer of (potential) security.

The core issue seems to me to be that the "average" user wants both extreme ease of doing things (no passwords and no logging in as someone else to do things; I know most novice linux users use root for everything, and it's trivial to change to root from a user in *nix. I do, too, but I at least know it's a potential problem) and to use his computer with as little knowlege about security issues as possible. The two interests conflict with his third implicit interest, which is "do whatever crap I want with the computer", which makes limiting what can be installed by the user exceedingly difficult.

The real problem, in other words, isn't that non-root can install things, but often that root doesn't know what the hell he's doing.

I see no real solution to the problem, sadly.

Dean:

Several weeks into my "Escape to Linux" (running an IBM ThinkPad T20 very nicely, thank you, under Mandrake Linux 9.1) I find myself more and more just damn glad that I no longer have to trouble myself with Windows and its shortcomings.

Sigivald:

For whatever reason, I don't mind entering passwords. And I do things as root only when I have to. Maybe because, Linux newbie though I am, I have memories of the havoc I used to wreak, accidentally zeroing out the boot sector on a 5¼" floppy disk while playing around with some new software— back in the days before I had a computer that had a hard drive! :)

I've been running Slackware-Linux for a little over 3 years now. In that time I've had exactly "0" problems with viruses, trojans, worms, etc. The whole user/super-user thing makes it much more difficult to screw up a system with malicious software. I did mangage to break my system, when I was first getting started, by running as "root" when I should have been running as "robin".

BTW, I've managed to crash Slackware exactly 1 time in these 3 plus years, and that was when I was trying to do something out of the ordinary. I played with XP for a few weeks, and crashed it several times in that brief period. IMHO, Microsoft makes inferior software.

Dean,
Not sure how much secadmin experience you have, but most hacks against the Unices are specifically to get to the root account. Once there, it is easy to install a "root kit", erase evidence in the syslogs that you have been there, and go away happy until the next time, which is now easy since you have your "root kit" to help. Hacking in as root, gives you complete access to anything on the machine so most security measures dealing with access and passwords are useless. Having said that, I agree with you in that probably 95% of all attacks against ANY system could be prevented by use of the built in security features that are already available. I haven't had to hack into a system for a long time (contrary to current belief, hacking has a useful and legitimate beginning, for example when a user loses their root password, a more common occurrence than you would credit), but I used to just go out to the web, search for the latest hacking scripts, run them against the target system and let the user back in to his system. It is not that easy these days since systems are getting harder to crack every day and there is not the proliferation of hacker sites that there once was. In addition, with all the "watcherware" on most large systems these days, doing as I have just described almost gaurantees you a visit from the local security administrators, usually as you set at your keyboard.

"IMHO, Microsoft makes inferior software."

You're not the only one, Robin. Most non-Microsoft aligned engineers agree with you. But Gate's genius has always been about market manipulation, not software. His determination to keep Windows code proprietary is the cause of both its unwieldiness and our mutual vulnerability to mischief.

I'm wondering what the free-market worshippers think about how we got here and what market solutions could have mitigated the virtual Microsoft monopoly. Clearly, the best product didn't win and we've been paying for it ever since.

"There is, however, a fairly simple and straightforward way to combat the problem."

Uh huh. Buy a mac.

D

Actually, Dean, the user system that xxx refers to in XP is almost exactly like that under *nix, with XP Pro having the same sophisticated file/program access mechanisms that 2000 does.

The problem is that these are off by default, not to mention a single user install defaults to Administrator (same as root) access. This is NOT good.

I can only guess that MS didn't want to deal with tons of calls asking "why can't I install XXX anymore?"

David: good one! Heh.

Robin: I fully agree that *nix is a marvelous OS, but I've been running XP Pro since it came out (98SE before that, 95, MS-DOS 5, 3.31, 2.11, and C/PM), and oddly enough, for the past 3 years I haven't had any problems with all those issues either! Nor have I ever had a system crash, or a BSOD. Funny, eh? :)

shep, I have to say you have slanted events very much. True, MS products suffer from defects due to market pressure, but it it very much not the case that open software is always good, and proprietary software not always bad.

In fact I'll bet you are not old enough to remember the microcomputer world before Windows started introducing some order into things. It was a real zoo; you had to know the escape sequences of your printer, the details of your cdrom, the serial ports settings for your mouse and modem, and so on... And you had to configure this by hand for every program you had.

This is not a good thing.

In fact, what most "freeware"/open software advocates forget is that it took 15 years of proprietary software and the exercise of the free markets you don't seem to like to turn the personal microcomputer into an inexpensive commodity just like a stereo. Otherwise you wouldn't have cheap, easy to use development software running on cheap, reliable hardware.

Not to mention that MS came out on top due to the stupidity and/or bad decisions of their competitors. If you like I can provide specifics. :)

Actually, Dean, even Windows (the NT kernel stuff, anyway) isn't all that bad if you use a firewall and some common sense. Most of the worms that we've been hearing about are activated when someone opens a file attachment to an email.

NEVER OPEN A FILE ATTACHMENT FROM A STRANGER.

That would cut down worms by about 70-80%, easy. And until the recent DCOM worms came out, a firewall would stop the rest. Even now, freeware utilities from Gibson Software (www.grc.com) can shut DCOM for you, no matter what patches you've installed, guarenteed. In fact Gibson has released several free utilities that no Windows user should be without (why, oh WHY did MS turn universal plug'n'play on by default!!?). Highly recommended.

But really, that's it. Use a firewall, excercise some common sense, and 90% of these problems will disappear.

While writing this, it occurs to me that the vast majority of vulnerabilities found in Windows are due to buffer overflow problems, and I know that MS is working very hard (yes, yes, it shouldn't have been released that way; I very much agree), but they've encountered problems with their own employees, too.

Someone up at school told me about this: MS was running some sort of 'bot to scan code for potential buffer problems (a good first step), but when the coders found out what was being done, at least some of them put wrappers around vulnerable code to fool the 'bot.

Gates, and on down was NOT amused. Word went out that anybody caught doing that would be fired.

First of all if Linux had the market penetration of windows every moron and their brother would be running the machine with the root password. Just like everyone runs windows under an admin user name. Personally I do it too, but I run a hardware fire wall, software fire wall and I unbind NetBIOS from TCP. Not exactly impenetrable but it keeps the script kiddies at bay.

In my life have only had one Trojan infect my computer and I caught it before it could contact the evil zombi bot base command. I have only had maybe two viruses. With the Trojan I booted in system recovery mode, copied the offending software to a disk and put it on another machine that I had prepared for the event and stuck it in my DMZ just to see what it would do. It made a connection to an AOL chat room and I logged the information and sent it to AOL. Now they could have found out who was using the bot with that information but I'll bet any money they didn’t give a rat's ass.

85% of problems with windows OS's are due to lack of knowledge on the part of the user. Linux boxes are run by people who typically know what they are doing. If you know how to secure a windows system (and granted it's not easy), you shouldn't have much in the way of problems. At work with all of your stupid moronic co-workers downloading the compleat Kaza collection you are more venerable since you admins typically let them do it. (they have to the VP of sales is the one downloading the Tatu videos).

Dean,

I think you are oversimplifying the problem. Just securing the file system and limiting the installation of software is not the answer. I agree that windows is lax with it's default file security setup so that users with little to no knowledge can get around without much problems but many other issues exist. I'm not denying that *nix systems are typically more secure but it is not just due to the reasons you mentioned.

Since windows o/s is designed to do everything for everybody too many services are installed and enabled by default that causes glaring security holes. I think the *nix type systems are slightly more secure since it usually takes a little more understanding of things to get it setup and usually you can pick and choose what gets installed. Windows imbeds services into their operating system and enables them by default even if they are not currently used. One of my favorite "default" services that you couldn't turn off without knowing what you were doing was the Universal Plug and Play service that was one of the first windows XP vulnerabilities. This is a service that allows you to automatically detect and control network attached devices such as printers and consumer electronic equipment. At the time nothing to my knowledge used this service, Microsoft enabled this in the hopes that the technology would take off. Innovation at it’s best.

Windows is designed to do peer to peer networking easily for the average user that doesn't have much knowledge of the system so in order to do this a lot of system information that can be used to hack into the system is typically available without any type of authentication. Combine this with no public scrutiny of the source code and Microsoft's lax attitude about security you have a time bomb waiting to happen. I say school is still out on how serious MS is about security.

*nix type systems have their share of problems but they tend to get fixed quicker than windows and of course they have been around a lot longer to work out the kinks. The difference is that when a problem is identified with a windows o/s it needs to be fixed by windows developers since they are the only ones that have access to the source code typically and it can take a little time to get a patch out there. In the open source world the turn around time to get the code fixed is quicker since everyone with the knowledge can look at the code when a problem is identified and attempt to fix it.

Since Windows has such a huge installation base it becomes a target for most of the hacking attempts. Combine this with the ease of installation and the fact that more and more people with minimal understanding of the operating system call themselves administrators you have yourself a huge problem. If I had a nickel for every system I found out there that was unpatched and had every service known to man enabled I would be a rich man. Inevitably it was done by some high paid consultant that had no clue.

These are just a few examples of the security problems that Microsoft and the computer industry are challenged with. Most of these things can be prevented by a little more forethought on Microsoft’s end but I believe the key is to also educate the typical computer user since all too many of the security issues we face today are at the eighth networking layer, between the keyboard and the chair.

Didn't say that "that open software is always good, and proprietary software not always bad", Casey. And I don't think "MS products suffer from defects due to market pressure" but because of Gates' almost pathological (or just plain rational from the free-market perspective) need to dominate the market.

"In fact I'll bet you are not old enough to remember the microcomputer world before Windows started introducing some order into things."

Actually, I'm old enough to appreciate the elegance of DOS and have worked in every Windows and Mac OS since 3.1 and 7.1, respectively.

Ok, I stand corrected, twice! :)

Well, maybe. Perhaps I should have referred to the way that MS markets their products, instead of market pressure. I had the vector pointing in the wrong direction.

If you've been around that long, then you know that (at least) Windows helped impose a helpful uniformity on interface standards in the Intel world. I actually tried Windows 1.0 a long time ago. Pathetic... As I said before, one of the weaknesses of MS-DOS was that you had to hand-configure every application you had for every device you wanted it to use. Windows put all that in one place.

Of course, Mac OS did too. I think both sides have adapted useful things from each other; MS took the idea of a GUI with a consistent interface from Apple, while they adapted to the Wintel concept of using (basically) generic components. Nearly everything in modern Macs -except the cpu- could be dropped into a Wintel box.

Actually, I avoided 3.x. I used DOS/Desqview (which used interrupt-driven, pre-emptive multitasking way before Win95 did!) as long as I could, but it couldn't keep up with all the device drivers that kept popping up, so the base memory in each virtual machine kept getting smaller.. :(

I nearly bought OS/2 Warp instead of Win95, but a particular episode crystallized my decision: Jerry Pournelle's current column in Byte that month. He was writing about some computer conference (COMDEX? don't recall now) where IBM was offering their OS/2 SDK for a low, low $495, while MS was begging people to take their Win95 SDK; they were giving it away for free!

You tell me which platform is gonna get more apps developed for it? ;)

This is what I meant by MS competitors shooting themselves in the foot. It's a pity, because OS/2 was way better than '95, and competitive with NT 4.0...

I just wish Apple would open up their own operation, but they seem to prefer to make large margins off of a smaller market, than vice versa. It would be nice to build my own Apple clone.

And I would pay money for an Intel build of OS X. :)

But let's all remember one of the basic laws of computing: All Operating Systems suck.

Can't argue with a word of that, Casey. Although the Mac OS was always the better choice for average (read non-technical) users, as Windows has gotten more stable and peripheral-friendly (XP is OK), Macs have become less so.

Man-o-man, the propellor speed coming off of this comment section is overwhelming. I'm hanging on by my fingernails.

One point: Microsoft didn't win because of superior software, they won because of gimmes and cheap software. Complain all you want and scream MONOPOLY, but as a professional trainer and course developer, I can tell you that their applications were MAGIC from the standpoint of making PCs easy to use.

It's too easy forget the bandits in the market charging OUTRAGEOUS prices for software. MS came along and slipped under their radar, people invested in learning the GUI (once applied to all), and BAM--bye bye Corel, Wordstar, Wordperfect, and Lotus 123. I still prefer Lotus 123 or Quattro Pro (and recently discovered the latter came with my PC) but they don't integrate seemlessly. They STILL haven't figured it out.

The same is true for just about everything. We all know that some more expensive clothing is better, yet we'll do fine with a few bargains from Target. Quality doesn't always win or come out near the top. Price does. Gates figured that out.

Of course, the asshat forgot that cardinal rule. $200-$300 for an Office upgrade? He's lost his marbles!

Actually, Mme. du Toit, you are agreeing with shep and I, but with different language. :)

We've already talked about the utility of a consistent interface (GUI), and in an earlier post I discussed how market pressures (a term I mis-used in a reply to shep {g}), and an expanding user base, forced prices down.

Actually, the low price then, and the high price now are linked. Gate's first priority back then was soaking up as much market share as he could. It worked. Now MS has something like 93% of the desktop.

The problem is: now that almost everyone in the world bought Windows, how do you keep making money? Simple, you force upgrades, and charge large quantities of money for them. And you change the paradigm from "selling a copy" of the software to "granting rights to USE the sofware." Big difference.

Oh, and stop supporting old platforms. I've heard recently that they don't support '98 or NT 4.0 anymore. That's ridiculous.

shep: with academic discount, the cheapest G5 tower (1.6gz PowerPC cpu, 256Mb DDR-266 ram, 800Mz FSB, 80Gb SATA, SuperDrive, NVIDIA GeForce FX 5200 Ultra, 1 FireWire 800, 2 FireWire 400, 3 USB 2.0 ports, gigabit Ethernet built in, Bluetooth & Airport "ready", etc) is $1,799.

Yikes. Too bad I don't have $1,799. :)

Casey, I understand that is what MS is trying to do, but it will backfire.

I'm not frightened by Goliaths like MS. The point being that I remember other Goliaths that THOUGHT they were unbeatable and people were "stuck" with their products because of the investment in learning.

It was not that long ago that every charlatan on the planet was a Word Star trainer. Every geek magazine was full of Word Star certifications and support people. Where are they now? I remember MegaCalc and SuperCalc. I know I sound old mentioning these long gone dynasties, but they were once on the top of the mountain, too. They once had 60, 70, 80, or 90% marketshare.

MS was successful because they were CHEAP. The GUI is only a small part of that.

When Mr. and Mrs. Small Business America can no longer afford the upgrades, or when a competitor offers a similar system at lower price, they'll switch. As long as the upgrade prices were reasonable, consumers lined up to buy them. When it came time to upgrade Office, I'd buy 1/2 dozen copies. At $30 to $50 it wasn't worth it to violate the license agreement. But $300? No way. I bought ONE and I won't upgrade everyone else. When the ones we have no longer work, I’ll look for something else, or use whatever freeby comes on the computer we end up buying as the replacement.

MS will fail because of this. They won't "fail" per se, but their market share will begin to fall off. But they are not going to be replaced by geek-enabled systems like Linux, because they are too hard and too complicated to use.

Western Union was once thought to be the most evil corporate animal--before that the railroads. Later it was AT&T. Then it was IBM. The same arguments and recriminations were made against them that we hear regarding MS. Times change. Even the unbeatable giants change. They just disappear gradually and people forget they were ever upset about it.

Mme. du Toit,

I love it when you talk geek; you are so sexy! Heh.

Yeah, I remember WordStar... All those Control-key combinations. I still remember a few, like ^KV, ^KD, ^KY... :) It really irked me when I had to learn MS/Windows hotkeys like ^C and ^V ("what's this Control-V CRAP!!!?")... Heh heh heh.

Actually, Linux isn't too bad, but it isn't quite there yet.

What I would like is the stablity of *nix (with other goodies thrown in, like updating and re-loading modules without a restart) with the damn-near universal hardware support of Windows. XP has recognized everything I've thrown at it (ok, Windows seems to be weak on monitors, but the generic plug'n'play setting work fine for me), but with Linux it's a different matter, especially things like USB support.

I can hear the Linux guru now: "well, all ya gotta do is recompile the kernel with the proper support..."

Yeah. I should NOT have to do that. That is the OS's job, not mine, dammit! Any more than it is my job to tell the OS the spin rate, block allocation on my hard drive (who else here remembers the old "MFM vs. RLL" debate, eh?), or any other 1,001 details of my hardware!

I have to say, Slackware is lovely, IF you know enough about Linux to configure it properly. Pretty damn big, "if," though.

Anyway. Point being that several popular Linux flavors are getting closer. Right now, the best one for "Aunt Mamie" (the proverbial AOL candidate) is Lindows.

Lindows is Debian/KDE using Windows-like behavior. It very definitely takes away some of the control from the user (I, for one, would like the option to boot to a console, then run "startx" later on), but that is generally a good thing for the typical "joe/jane-six pack" user who just wants to do things with the computer, not tweak it all day. Lindow performs a full install in about 10 minutes (yes, 10 minutes), and all it asks you is the name of the computer, and a "security password" (to avoid the confusion of explaining what a root account is).

This gives you a decent minimal Linux setup. The sweet part is the Click'n'run Warehouse. One of the major headaches of Linux is obtaining, then installing a new sofware package. IF you understand makefiles, and IF you run all the shell scripts properly, and IF you have the proper permissions, and IF the folders you create have the proper permissions... You may end up with a useful new application. :)

And, yes, there are package managers like RPM, but most of them don't handle unresolved dependencies very well...

With Lindows, on the other hand, you simply click on an icon, and everything is done for you. Sa-weet!

Ok. Lindows is not free. It costs $60. This upsets some of the propeller-heads, who expect ALL software to be free (apparently they have difficulty making a distinction between free beer, and free speech). Also, Lindows is very much a broadband OS. I would not want to install (say) OpenOffice (~50 megs) via dialup! And after the complementary 2-weeks of click'n'run, you are expected to pay for access to the service.

Gasp! God FORBID that someone would make a PROFIT out of offering a service!... Heh heh heh.

Click'n'Run is ~$60/year, or $5/month. And EVERYTHING you install is always available thru your personalized "My Lindows" account online. So everything you install even in the two-week free trial (think about how much you could install over two weeks over RoadRunner; it's a damn lot!) will always be available for you to reinstall later, if you wish.

And you can do this for all the computers in your house, if you like... :)

Lindows is definitely not perfect, and I'm not sure if I would recommend it as an enterprise solution, but it's definitely worth a look for the home user.