Experts: MS tweaks, new laws won't make 04 safer

Experts: MS tweaks, new laws won\'t make 04 safer

Interesting article about expectations for the coming year on-line:

Experts: MS tweaks, new laws won't make 04 safer

Re: Experts: MS tweaks, new laws won\'t make 04 safer

a way to keep from haveing windows problems

Re: Experts: MS tweaks, new laws won\'t make 04 safer

[ QUOTE ]
raggie33 said:
a way to keep from haveing windows problems

[/ QUOTE ]

Very funny, a Linux site!

I really believe, that starting with W2K and XP, Windows is finally a stable product!

Also, I do believe, that a lot of crashes with windows, are not truely windows crashes, but rather caused by somebody else'e driver, service, background program, etc.

I still have 2 mission critical PC's that use pure DOS, and they are stable and rock solid! (actually I use DOS from Windows 98!)

Re: Experts: MS tweaks, new laws won\'t make 04 safer

It's an ok article Tomas but consider the source.

Re: Experts: MS tweaks, new laws won\'t make 04 safer

[ QUOTE ]
BuddTX said:

I really believe, that starting with W2K and XP, Windows is finally a stable product!

Also, I do believe, that a lot of crashes with windows, are not truely windows crashes, but rather caused by somebody else'e driver, service, background program, etc.



[/ QUOTE ]

Hear Hear. I'm happily driving an updated and maintained Windows 2000 installation here. Between the router, software firewall, antivirus, and a cup of common sense I haven't had a problem for going on four years now. (date of movement from Win 98 to Windows 2000)

I haven't suffered any of the viruses, hacker attacks, or frequent crashes that other OS users need to believe are just plaguing us here in the Windows world. (Ok, I did get a BSOD a day ago when I tried loading a 700 meg bin file onto a virtual cd drive, but lets be a little reasonable here) And I'm able to do everything I need or want to do, including happily running all my games.

I periodically give Linux a few-week test drive to see how development is coming. Last year it was Mandrake ... 8, I think. The distro ran smoothly enough, and wasn't bad to use. I rather liked KDE, but I kept finding myself looking for a reason to justify the bother of booting to Linux to do a task for which I didn't really have any complaints about doing in Windows. I had the same problem recently when trying to move over to Firebird from Internet Explorer.

Sorry, I know I'm supposed to be miserable, but Win 2k has been an exemplary desktop OS for me.

Re: Experts: MS tweaks, new laws won\'t make 04 saf

[ QUOTE ]
Saaby said:
It's an ok article Tomas but consider the source.

[/ QUOTE ]
Oh, the fact it's a reprint of an IDG article?

Question: Why do so many people have to take any mention of the "majority software" on desktops world wide as an attack on that software?

Please explain how in heck anyone can write any article on the state of the desktop computing world without mentioning the leading maker of that world's software OR the recent spate of problems.

To make any attempt at discerning how the next year in that world might be without discussing where we are, why we are there, and what is happening right now would be negligent. That's probably why this PC World writer just happened to mention Microsoft. That IS 90 percent or more of the market, right?

If all non-Microsoft software on desktop machines were to disappear at the stroke of midnight on January first, would it have ANY effect on what to expect next year on the 'Net? Right. I didn't think so either.

The curent state and future state of the internet is dependent on Microsoft and it's software. Any responsible analysis of the internet has to recognize that, and also what is and is not being done with it.

Saaby, if you have any factual problems with the content, say so. I'd be pleased to see that. From what I see the article is simply a distillation of a lot of serious, much larger and more detailed presentations given recently at several venues.

If there is a problem with linking to it because this version is on a Mac site, I suppose I could dig for the original on the dark side. Why though? Heck, Macintosh isn't even mentioned in the article, is it?

At least I didn't link to something like this: Inquirer article It's REALLY biased.

I'm going to bed. Lemme know if the world is a better place when I get up.

Re: Experts: MS tweaks, new laws won\'t make 04 safe

Greed and arrogance are killing M$. 2004 will bring big layoffs at M$. Linux is the future. The world cannot afford M$ (or @pple).

Re: Experts: MS tweaks, new laws won\'t make 04 safe

[ QUOTE ]
If all non-Microsoft software on desktop machines were to disappear at the stroke of midnight on January first, would it have ANY effect on what to expect next year on the 'Net? Right. I didn't think so either.


[/ QUOTE ]

Of course it would. There is tons of software not written by MS that people rely on on a daily basis that makes their business work.

Shall I name a few?

Graphics editing
Digital Audio
Digital Video
CAD
3D rendering
Scientific modeling
Automated control systems
Circuit design
Desktop publishing
CD burning
GIS
Web content devleopment
Revision control

Re: Experts: MS tweaks, new laws won\'t make 04 safe

I meant it just how it sounded. Consider the source. It's a Microsoft article on MacCentral so you need to step back for a second and say "Does this look heavily biased? Are they saying things that are completely horse pucky?" It's a bit like reading an iPod article on CNet...

Re: Experts: MS tweaks, new laws won\'t make 04 safer

[ QUOTE ]
MichiganMan said:
[ QUOTE ]
BuddTX said:

I really believe, that starting with W2K and XP, Windows is finally a stable product!

Also, I do believe, that a lot of crashes with windows, are not truely windows crashes, but rather caused by somebody else'e driver, service, background program, etc.



[/ QUOTE ]

Hear Hear. I'm happily driving an updated and maintained Windows 2000 installation here. Between the router, software firewall, antivirus, and a cup of common sense I haven't had a problem for going on four years now. (date of movement from Win 98 to Windows 2000)

I haven't suffered any of the viruses, hacker attacks, or frequent crashes that other OS users need to believe are just plaguing us here in the Windows world. (Ok, I did get a BSOD a day ago when I tried loading a 700 meg bin file onto a virtual cd drive, but lets be a little reasonable here) And I'm able to do everything I need or want to do, including happily running all my games.

I periodically give Linux a few-week test drive to see how development is coming. Last year it was Mandrake ... 8, I think. The distro ran smoothly enough, and wasn't bad to use. I rather liked KDE, but I kept finding myself looking for a reason to justify the bother of booting to Linux to do a task for which I didn't really have any complaints about doing in Windows. I had the same problem recently when trying to move over to Firebird from Internet Explorer.

Sorry, I know I'm supposed to be miserable, but Win 2k has been an exemplary desktop OS for me.

[/ QUOTE ]

I used to be a happy Windows user. I was on w2k at work and XP at home. Have a Cisco wirless with their dynamic key WEP, behind two Cisco 2500's with firewall IOS, all the updates, software such as AV software firewall ad-aware, running as a non-administrator user, followed standard security practices of setting permissions on the file system and registry, disabled all unnecessary services, tested anything new under vmware, the list goes on and on. Fat fingered an address in IE one day and was presented with a search page which proceeded to add a toolbar to my IE, and a bunch of keys to me registry despite being extra secure. I setup a dual boot and found I didn't need to bother booting into windows for anything. Bought a bigger hdd and didn't bother to install Windows on it. The main problem with Windows is security and stability was added on. Linux was built with security and stability and useability is the add on. No matter how much you tweak windows or add on software it will never be secure without a complete redesign of the underlying kernel. Linux has been gained major leaps in the useability area in even the last few months. As Microsoft tries more and more to lock people in to their system they have to keep pushing harder and harder to make things work on an already over extended design, its a bomb waiting to go off.

Re: Experts: MS tweaks, new laws won\'t make 04 safer

If there was a handicap parking spot on a computer I could legally park there.I know very little about them other than basic operations and use them almost solely for the purpose of internet "surfing". I've never taken a class on computers and have no intention of ever doing so.

Windows is my friend. It's simple and for the most part self explanatory. I read about programs that are superior and so I try them,and to date have un-installed each and every one as they are just too complicated and require too much interaction on my part to make them work.Computing is recreation to me and to many hundreds of thousands of other people. Without Windows I don't believe I'd be writing this today as I just don't have the patience for another complication in my life.I have XP on this machine and it is borderline too complicated.

All that being said it is my belief that Windows should be renamed....Volkswebben.

Re: Experts: MS tweaks, new laws won\'t make 04 saf

[ QUOTE ]
evan9162 said:
[ QUOTE ]
If all non-Microsoft software on desktop machines were to disappear at the stroke of midnight on January first, would it have ANY effect on what to expect next year on the 'Net? Right. I didn't think so either.


[/ QUOTE ]

Of course it would. There is tons of software not written by MS that people rely on on a daily basis that makes their business work.

Shall I name a few?

...



[/ QUOTE ]

I agree, Evan, that there are a lot of applications used by business that are essential, however, I limited my question to only those things running on desktops and only those that would affect the things covered in the article (how will security and spam be on the internet in 2004).

That long list you gave, while essential to many businesses, aren't operating systems or e-mail and browsing applications.

If Linux were to disappear completely it would have a drastic effect on the operation of the internet since that is essential to many servers and routers. If Linux were to disappear only on the user's desktop it would have a marginal effect on the internet - too few desktop users. Macintosh disappearing would likewise have little effect on the internet (though there would be a drastic effect on print publishing and the arts - even the PC magazines would have to move to PC's).

No, since currently the majority of bandwidth use is for spam (unaffected by the newest laws) and trojans, worms and viruses aimed at Microsoft products (unaffected by the existance of people using desktop Linux and Macintosh systems), I'll stick by my comment that fixing the problems that currently exist on the internet rely on Microsoft, and it ain't gonna happen!

Us non-Microsoft users are out of the loop on effecting change for the better on the internet. It has to be done by Microsoft (and Microsoft users), or not at all. At best we can watch and comment, at worst we can be silent. I choose to try to at least make people aware that the problem is theirs, and the rest of us are waiting for something to happen.

Oh! Website design applications were mentioned on Evan's list - Microsoft's Front Page has more effect on the internet than any other web design program, and is a major source of problems for other browsers since it's designs do not follow international design standards, but create sites "best viewed with Internet Explorer." This is a tremendous help in locking in users to MSIE since MSIE is often the only browser that will display a Front Page site without problems. That's another thing that only MS and MS users can fix. The rest of us can talk about it until we are hoarse, but we can't fix it.

I'm not picking a fight, I didn't start out trying to badmouth MS or anyone else. This was a simple reference to an article from the mainstream computer press that was picked up by a Macintosh site I happen to read. If anyone takes grave exception to any of the facts or opinions expressed in the article, it would be helpful to everyone to give alternate information references that show them wrong.

If some folks look at ANY reference to Microsoft that is not glowing praise as an attack on Microsoft, they will have to get used to it. With 90 to 95 percent of internet use and 99.99 percent of internet problems being related to Microsoft software, any discussion of the internet's future HAS to mention Microsoft and if honest has to mention the related problems.

Bottom line, at least for me: See how the internet is going this year? That's how it will be next year, too, only worse. Worms, viruses, trojans and spam will continue to run everyone ragged until the underlying problems are fixed.

There is little likelyhood of them being fixed in the near future. Try to make it better or do nothing at all. Either way, you'll have to live with it until the underlying problems are fixed, and fixed properly. That requires an honest attempt by Microsoft to fix the problems inherant in their software, and an effort worldwide by lawmakers to make opt-out spam illegal. (OPINION!)

If you believe both of those will happen real soon now(tm), then 2004 will be a stellar year on the internet.

If you have your doubts, then you have a choice. Try to make things change for the better or sit befuddled and watch the show.

As to this thread, the original thought was to give some lightweight background info on where we were likely to be on the internet this next year, not to have it turned into the usual "Mine is better than yours, nya, nya, nya!" thread.

Anyone want to discuss where the internet is heading for 2004 and what we can do to make it just a little bit better?

. . .

Anyone?

. . .

Oh. /ubbthreads/images/graemlins/frown.gif

I'll try again in 2005.

Re: Experts: MS tweaks, new laws won\'t make 04 saf

Israel Stops Buying Microsoft Software

http://www.siliconvalley.com/mld/siliconvalley/7599217.htm

"Some federal agencies in France, China and Germany, as well as the city government of Munich, have opted to use Linux not just on servers but also on individual workstations. Entire national governments, including those in Britain, Brazil, Japan, South Korea, China and Russia, are exploring open source alternatives to Microsoft."

Re: Experts: MS tweaks, new laws won\'t make 04 saf

It's only going to get worse. And it won't only get worst because of MS. The boom in wireless appliances will be a leading cause (IMO) of security breaches in the coming years. Already, way too many people setup a wireless network in their home without paying attention to security settings. They leave their access points wide open, allowing anyone to sniff traffic or hop on to their network with no work whatsoever. Regardless of what operating system is running on computers attached to that wireless network, a security problem has been created. The average consumer will be purchasing more and more wireless equipment, and the adoption rate will far exceed the rate of understanding of the security issues with wireless.

It gets even worse when businesses fail to properly secure their wireless networks. It's astounding to find out that 60% of wireless access points are left fully open in an unsecured fashion. Many of these are left so intentionally (for free use open access points), however, the vast majority are left open because of a lack of knowledge about security.

One mistake that network administrators make when incorporating wireless into their network infrastructure is to treat it as a trusted part of their network, and thus, fail to isolate it from their more trusted, wired network. A wireless network is one of the most easily compromised networking components. Standard WEP-64 can be broken in under an hour. WEP-128 can be broken in a few hours on a busy network. So even implementing so-called "Secure" communication on wireless networks does little to keep out the truly persistant. WEP on a wireless network can be seen as little more than a "KEEP OUT!" sign for your network. WPA and access point authentication (along with VPNs) do help a LOT, however, the vast majority of wireless networks do not use these systems.

A wireless network should thought of as an untrusted network, and treated as such. It should be outside of the trusted networks, and have strict access restrictions imposed on incoming traffic. In addition, regular audits of wireless clients is a good practice to catch unauthorized users of an access point.

Above all, the important thing that is lacking is education of users. The implications of activities is not always clear to the average user. The knowledge gap grows even wider the more capabilities appear in systems.

The worst things you can do are to not understand the implications of your actions, and rest on your laurels thinking that you're totally secure and will never have an issue.

BTW - do you honestly think that if all MS software went away tomorrow, and were replaced with a competitor's equivalent, that there would only be 1/1000 of the security problems on the net that there are now?

Re: Experts: MS tweaks, new laws won\'t make 04 saf

Keep in mind that MSFT's definition of Security is different from ours.

Their's: Security = NO competition!!!!

Ours: Security = Freedom from all those blasted Worms, Viruses, and so forth, Ad Nauseum.

Re: Experts: MS tweaks, new laws won\'t make 04 saf

Just curious....
Are competitive OSes REALLY that safe or is it that hackers aren't wasting their time hacking a system used by only a small percentage of users?

Re: Experts: MS tweaks, new laws won\'t make 04 saf

Those other OSes can be hacked, if left unprotected. The greatest security is immunity to Windows worms, viruses and so forth. A Windows binary executable file or VB Script cannot run on Mac OS, OS X, UNIX, BSD, POSIX, Linux, BeOS, or any other Non-Microsoft OS.

What is usually hacked is Apache or other Web Server, or other servers. However, those are not the OS. Linux is the kernel, and everything else is wrapped around the kernel. This results in a Distribution, such as Redhat, SuSe, Mandrake, Debian, etc.

Re: Experts: MS tweaks, new laws won\'t make 04 saf

[ QUOTE ]
BTW - do you honestly think that if all MS software went away tomorrow, and were replaced with a competitor's equivalent, that there would only be 1/1000 of the security problems on the net that there are now?

[/ QUOTE ]

I don't have the knowledge or experience to say yes to that, Evan, but I do believe security would be improved. Some of the holes in MS products are inherant in the design policies and guidelined they have set, just as some of the lack of equivalent holes in some other products come from those developers setting differenty policies, guidlines and requirements.

It is not that Microsoft has bad programmers, they have company guidelines - a design philosophy - that requires them to make systems that are as open as possible to interactions from outside, and even their new "secure" stuff still had backward compatibility required and built in that allows those holes.

Without a change in policy within the company there is little likelyhood that MS Windows will become a secure product. The same applies to their applications.

In my opinion it will require that change in policy at Microsoft, to incorporate real security without all the "backward compatibility holes," to effect real change. lacking that the only out is a change in provider.

Many of the Microsoft products are fully compatible all the way back to before security was required on the desktop. Just a bunch of independent, dumb, slow, non-connected boxes. Now even flashlights are coming out with CPU's ...

Likewise, some of the network protocalls still in use today on the internet date back to when I first got on ARPANET and even before. The mail protocalls are an excellent example. They date from a time when just getting onto the net was enough of a validation for a box to be trusted. My first home machine in 1984 was a UNIX box used as a mail and news server for myself and friends. If a person could figure out how to use UUCP, they could contact the world. Close to zero security required or used.

That brings me to spam. The only way to kill spam technologically would start with dumping our current mail protocalls. They are not secure and a probably insecurable. There is no way to track spam originators if they are smart and don't want to be tracked. Something with end-to-end security and trackability is needed, and it isn't SMTP ...

Of course it's also not HotMail ... /ubbthreads/images/graemlins/smile.gif

I agree, Evan, that as more "appliances" get "smart" and "connected" we will have more problems, but that is a lot from designing them to use the old protocalls and formats instead of designing them from the start as secure systems.

I have a wireless ethernet LAN here in the apartment - with every way on and off it covered by a firewall and every packet encrypted. That's the best I can do with today's products, and about ten times better than most users get "out-of-the-box."

Sad, eh?

Re: Experts: MS tweaks, new laws won\'t make 04 saf

[ QUOTE ]
GJW said:
Just curious....
Are competitive OSes REALLY that safe or is it that hackers aren't wasting their time hacking a system used by only a small percentage of users?

[/ QUOTE ]

In my opinion the other stuff is to some extent provably safer, but likely not several orders of magnitude safer.

One of the big differences between Microsoft's philosophy and the philosophy of most every other designer of operating systems is how the product is provided.

Microsoft ships product with almost every possible input, output, port, connection, link, whatever in an "enabled" or "open" state. This is to make it easier for the stupid "I don't read instructions" user to get things to work. Plug the little boxes into the big box, plug everything into the wall and *BINGO!* everything sees everything else and possibly even works with it.

Most other providers ship with most permissions, inputs, outputs, ports, connections, links, etc. disabled, except for the most basic things required to run in the "most basic" way. When something new is connected or a new service is to be used some permissions need to be changed to enable same. Everything else remains secure.

As a quick example: To use my systems to join CPF Chat, I had to specifically instruct my machine to allow information to pass in and out on the port it required. This change required my administrator password. My understanding is that on an MS Windows system that port (and most others) is already open, and that in any case changes can be made without any security.

Note also that in the initial list of what Microsoft ships in an open state I did not include "permissions" as I did in the second list. This is because in my system, for example, each and every file and action has "permissions" set that control access and use. If I want to read or copy or change or run or move anything the first thing the system does is to see if I have permission to do that and if not it tells me so. I can choose to allow myself to do anything on the machine, but to do so I must prove to the machine I'm me with a password.

If Microsoft would just ship all their systems with all the doors and windows closed and locked, except for the most basic required things, their security would be improved an order of magnitude. If Microsoft Windows just required the user to enter a password before making fundamental changes to their systems, most of the worms, trojans, and viruses would be out of luck.

On my system, with only a single user, me, a separate password is required to be entered from the keyboard any time a program of any sort wants to make an operational change or to change any part of the operating system.

On an MS Windows system there is no validation required for those same changes.

This sort of security difference is typical between MS Windows and other more secure systems.

I can remove these interlocks and safety precautions if I so desire (I don't) but someone running a Windows box cannot add them. A difference in design philosophy and security viewpoint.

Yes there are fundamental differences that make MS Windows an easier target, but HOW MUCH easier I cannot honestly say.

Re: Experts: MS tweaks, new laws won\'t make 04 saf

The biggest step to overcome will in reality be the education of users to make good decisions about actions taken online.

The notion of security not only includes protection from hackers/viruses/worms/etc, it's also the assurance that your information is safe and private.

A lot (and way too many) people have fallen victim to various things, like paypal scams, or the nigerian email ring, that ask them to perform compromising actions through the simple means of sounding and looking official. No change in operating systems or programming paradigms is going to change the social engineering aspect of security breaches. Entering your social security number or CC number on a field in a dodgy looking site, or across an unsecured wireless connection, or a non-secured web session is begging for trouble. However, many people don't realize just how much trouble they can get into.

The code (on all platforms) will continue to get better. However, the people, both the users and the black hats (those wishing to compromise security), will continue to get worse. It will be increasingly hard to protect people from the malicious actions of others (especially when the path the black hats take steers more towards social engineering as the system vulnerabilities disappear), and from the actions of themselves.

Like I said, right now, the adoption of wirelessly connected devices is greatly outpacing the average user's understanding of the security implications of such devices. I believe we will be seeing more problems from improperly administered wireless devices over the next year. These devices span the entire range of operating systems and applications, so it's not a single OS that you could say is "at fault". We have PDAs which run PocketPC, PalmOS, and some variants of Linux. Many wireless access points run linux as their base OS, yet come configured from the factory in an unsecure state (for ease of configuration). Many call the enabling of wireless security settings an "Advanced setting", thus scaring off many users from enabling them for fear of upsetting the functionality of their router. In addition, many wireless cards won't work properly in secure modes with WAPs. Case in point: My friend's centrino laptop with a new intel B wireless card won't communicate with my linksys wireless-G router in WPA mode, nor his identical wireless router at home. The drivers for the intel card specify that that version supports WPA. In fact, we are unable to get any secure mode to work between this card and router. I'm able to have WEP and WPA work fine. Thus, he's left to operate with no wireless security at home.

These are the kinds of things that show that security is still a second thought to many companies making many products.