Forgot your password?
typodupeerror
Windows Operating Systems Software

Koreans Advised to "Avoid Vista" for Now 333

Posted by ScuttleMonkey
from the as-long-as-warcrack-still-works dept.
An anonymous reader writes "The Chosonilbo reports that several government ministries in South Korea are advising users not to install Windows Vista, at least until popular online services can be made compatible. The problem is that ActiveX is pervasive in the Korean webspace, employed by everyone from web games to online banking. Upgrading to Vista is expected to render many of these services unusable. Portions of the popular "Hangul" word processor, a major competitor to Office in that country, are also not functioning under Vista. The Ministry of Information is planning to publish compatibility information for popular websites, and urging users to carefully research the implications of upgrading."
This discussion has been archived. No new comments can be posted.

Koreans Advised to "Avoid Vista" for Now

Comments Filter:
  • Oh noes! (Score:5, Funny)

    by dancingmad (128588) on Wednesday January 24, 2007 @06:21PM (#17744288)
    The Chinese Purification [slashdot.org] has alrady begun in Asia!!!
  • Server side FTW! (Score:5, Insightful)

    by MrNaz (730548) on Wednesday January 24, 2007 @06:22PM (#17744306) Homepage
    Many people ask me why I insist on server side web apps unless there is absolutely positively no way around it. Now they know why. Client side processing means client side requirements. Server side processing means the client can be using anything from a PC with Firefox to an iPhone with... oh wait :P

    • It's a tradeoff really: what you can offload on the client is processing power and security issues you don't have to worry about for your servers too.
      • Re: (Score:3, Insightful)

        by DimGeo (694000)
        You can't offload security input validation to the client. I mean you can, but you have to check the input again on the server anyway.
      • Re:Server side FTW! (Score:5, Informative)

        by JimDaGeek (983925) on Wednesday January 24, 2007 @09:40PM (#17746612)
        Uhhh... you really cannot offload security to a client. Trust me. I work for a fortune 500 with more than 150,000 employees. We have converted most of our apps to be web apps. All security was brought to the server side because we had so many issues with clients systems. Any one that offloads security to a client is a dolt IMO. It will come back to bite you big time. :-)
        • Re: (Score:3, Insightful)

          by Shaper_pmp (825142)
          Web Developers' Mantra:

          Do Not Trust the Client.
          Do Not Trust the Client.
          Anything sent to the client then returned is suspect.
          Anything provided by the client is doubly suspect.
          Regexps and validation are your friend.
          Do Not Trust the Client.

          Oh, and it's also always useful to remember:

          There is no such thing as a "hidden" HTML field.

          CSS and Javascript are not security layers, they are presentation layers. Using presentation for security is like hanging a sign on a door saying "please don't open this door" instea
  • by Joe The Dragon (967727) on Wednesday January 24, 2007 @06:23PM (#17744324)
    ActiveX is pervasive in the Korean webspace.
    They should move to something that work in linux, mac os, and windows.
    • Re: (Score:3, Interesting)

      ActiveX is pervasive in the Korean webspace.
      They should move to something that work in linux, mac os, and windows


      Of course they should, but reality is not there. Some sites even insist on using VB, in place of Javascript - ugh! IMHO, the problem lies with uninformed web developers and managers who have never used anything other than MS-Windows and therefore the fact there are others OSs and web browsers is news to them.
      • by Anonymous Coward on Wednesday January 24, 2007 @06:41PM (#17744604)
        Of course they should, but reality is not there.

        They must be undergoing some sort of existential crisis.
        • Re: (Score:2, Interesting)

          Haha, you really do not get it. ActiveX and Microsoft are darlings there. South Korean economy is ridden by miriads of PC parts makers and the whole nation depends on their elecronics export to US and EU. Microsoft feeds them, so they obey. If Linux was ever able to offer robust driver layer to their hardware they may consider to switch, but they are not even considering given the braindead software layer that surrounds the Linux kernel, giving you the second tier wrapper shit? No way, Direct(x) way by Mic
          • by tb3 (313150)
            I read in the paper the other day that South Korea has the lowest national birth rate in the world. The rate is 1.0, which puts South Korea on the Children of Men [imdb.com] fast track.

            World's biggest Microsoft fans/world's worst birth rate? I'm just sayin ...
            • Re: (Score:3, Funny)

              by h2g2bob (948006)
              World's biggest Microsoft fans/world's worst birth rate? I'm just sayin ...

              That'll be the copy protection
      • by MightyMait (787428) on Wednesday January 24, 2007 @07:21PM (#17745170) Journal
        Some sites even insist on using VB, in place of Javascript - ugh!

        Don't I know it!!! I assume you mean client-side VBScript, which only works in IE. Server-side VBScript (in ASP, or VB.NET in ASP.NET) works just fine, since plain HTML is sent to the browser.

        Recently, while troubleshooting an error in one of our customer's server-side code, I came across a web-form with a client-side VBScript validator. Underscoring the fact that the "developer" didn't understand what was going on, there was a disclaimer on the page that the form only works on "Internet Explorer and other browsers that support ASP". Of course, ASP had nothing to do with the incompatibility, it was the client-side VBScript.

        It almost goes without saying, but the code had FrontPage written all over it!!
    • by dokebi (624663) on Wednesday January 24, 2007 @07:21PM (#17745162)
      Short version: they use Active-X because of US export policy.

      Long version: Before Clinton allowed export of strong encryption, web browsers outside US only supported 40-bit encryption. So instead of using ssl with 40-bit keys, the Korean government adopted something called SEED, a homegrown algorithm with support for longer keys. So all the online banking stuff was done with it. This was around when IE was taking over the browser market, so banks used Active X to implement SEED. People liked it because it allowed them very nice and frequently updated widgets, and most people were running windows anyway.

      Fast forward 10 years, the whole country is dependent on Active-X and therefore MS, with *zero* support for alternatives. As everyone is using IE, most web sites (including Korean Government sites) are designed only for IE+Acitve-X. All banking, shopping, stock trading, is done through Active-X, with no alternatives. This discourages people from using anything but Windows, perpetuating the monopoly. Korea is the only country where the stock market and most financial system shutdown because of the MS-SQL slammer worm (back in Jan '05). With help from rampant software piracy, MS is *the* dominant player in *all* software markets, and Korea's culture of homogeneity has simply perpetuated the monopoly.

      I'm hoping people learned their lesson and will shift to more standards compliance and alternative implementations, but somehow I don't think so. In fact, the Korean Government will demand MS "fix" "their" problem, as obviously it is MS's fault for breaking "the Internet".
      • by smclean (521851)

        I'm hoping people learned their lesson and will shift to more standards compliance and alternative implementations, but somehow I don't think so. In fact, the Korean Government will demand MS "fix" "their" problem, as obviously it is MS's fault for breaking "the Internet".

        This is a small point compared to the real point you were making, but couldn't someone claim that they have every right to pressure MS to fix ActiveX in this case? All they did was adopt a technology that MS pushed on everyone. Granted, it didn't take hold very well for most of MS's market, but you can't blame them for being a bit angry at being left out in the cold.

        Interesting stuff about the strong encryption export policy, thanks.

      • by geekoid (135745)
        It would be proper to say Browsers made in the US were not allowed to be exported if that had larger then 40 bit encryption.
      • by jrumney (197329)

        Short version: they use Active-X because of US export policy.

        If that were all it was, the rest of the world would be using ActiveX as well.

        I suspect the real reason that South Korea has invented its own encryption algorithms rather than trust a third party's lies to the north of their border. But even so, they could still use SSL/TLS with those algorithms (RFC 4162) instead of resorting to the snake oil they are using today.

        MS is *the* dominant player in *all* software markets

        IBM big-iron is st

  • The more promising the view, the steeper the cliff...
    • Re: (Score:2, Flamebait)

      It's more like a guy with a gun forcing you off the top of the mountain you're currently sitting on, back down to the valley, and up another mountain where the view is pretty much the same as the one you had from the first mountain.
    • by StikyPad (445176)
      ...nevermind the fact that vistas [answers.com] are not at all synonymous with cliffs.

      Oh, and also that cliffs are all steep by definition.

      Other than that, good analogy.
  • Only prudent. (Score:5, Insightful)

    by RightSaidFred99 (874576) on Wednesday January 24, 2007 @06:26PM (#17744366)
    I'm actually a MS user and I don't have a rabid irrational hatred of them like many around here. However, I'm not moving to Vista anytime soon. First, there's no compelling reason for me until DX10 games start hitting. Second, Vista is new and has many known issues, including performance issues. Third, all kinds of crap is going to break.

    I think we're going to see Vista be the most slowly adopted OS Microsoft has ever released.

    • Re:Only prudent. (Score:4, Insightful)

      by Anonymous Coward on Wednesday January 24, 2007 @06:29PM (#17744424)
      "I don't have a rabid irrational hatred..."

      I don't have a rabid irrational hatred of Microsoft either, just a rational one.
    • Re:Only prudent. (Score:5, Insightful)

      by Rosco P. Coltrane (209368) on Wednesday January 24, 2007 @06:33PM (#17744486)
      I'm actually a MS user and I don't have a rabid irrational hatred of them like many around here.

      Neither do we. We have a perfectly rational rabid hatred of them.

      Seriously though, that preamble was unnecessary: it's perfectly okay to be a happy MS user and not be so hot about installing a new product from them. But hot or not, one of these days you'll have to bite the bullet anyway.
    • I'm actually a MS user and I don't have a rabid irrational hatred of them like many around here.

      You must be new here. :P

    • by oneiron (716313)
      Ohhh.. You're a gamer. That means you have a rabidly rational reason to force yourself to be happy with what Microsoft produces. I'm sure you understand the notion that, even if you wanted to try an alternative, you'd be dead in the water for serious gaming.

      I used to be like that. Now, I just use MS products because I'm used to them, they tend to work OK, and I'm too lazy to try alternatives. However, I understand the problems with the MSopoly and mildly resent the company for exacerbating them on a r
    • by geekoid (135745)
      My hatered for MS is not irrational. It is built upon the history of MS. I've been through all the OSs, and watched there attitiude.

      I've seen the threaten to destroy people out of spite, watched there reps storm out of a meeting because they were called a vendor, etc . . . I could go on and on.
    • by KurdtX (207196) on Wednesday January 24, 2007 @08:31PM (#17745996)
      I'm actually a MS user and I don't have a rabid irrational hatred of them like many around here.
      Congratulations on the purchase of your first computer!
    • by rssrss (686344)
      "I'm actually a MS user and I don't have a rabid irrational hatred of them like many around here."

      Au contraire, mon ami. Many, if not most, of us are M$ users and we have developed a thoroughly rational hatred of the company, based on our experiences of bloated, bug ridden, excessively expensive software, their constant undermining of standards, and their elevation of their opportunities to make money above user convenience. (My favorite was the Win98SE installer that asked if you wanted on-line services, a
  • Firmware... (Score:2, Funny)

    by Foryst (870882)
    Did someone forget to install the memory and update Korea's firmware again?
  • by lazycam (1007621)
    I never upgrade when there is a new release. This is responsible thinking and planning on the Korean government's part. Now, if we could only convince our government and other consumers to follow suit.
  • I used to think... (Score:4, Interesting)

    by mollymoo (202721) on Wednesday January 24, 2007 @06:32PM (#17744480) Journal
    I used to think Korea was a pretty technologically advanced place. Till I read this:
    ActiveX is pervasive in the Korean webspace, employed by everyone from web games to online banking
    • Re: (Score:2, Interesting)

      by The Bungi (221687)
      There's nothing wrong with ActiveX, other than the fact that it transfers the burden of trust entirely to the user, and leaves no middle ground there because it is a native executable that runs under your own credentials.

      On the other hand, it's a lot better than a Java applet. The internet "video revolution" that we're supposed to be in right now (for better or worse) is made possible by Flash, which would have been impossible to achieve with something like Java.

      If you know what you're doing, ActiveX is

      • by owlnation (858981)
        If you know what you're doing, ActiveX is perfectly "safe".
        um, remind me why phishing / identity theft is big business, and spam too for that matter. Hands up everyone who thinks many Microsoft users know what they are doing.

        I think we disagree on the definition of "safe".
        • by The Bungi (221687)
          Hands up everyone who thinks many Microsoft users know what they are doing.

          You seem a bit indignant here, but you're merely reinforcing what I said. "Safe" in quotes means exactly that, and yes, there are millions of Windows users who will happily click on a dialog just to get that REALLY COOL web page to load so they can look at some pr0n or a joke. So I must be missing your point.

      • by Shados (741919)
        Its almost true, but not quite. Once you have an active x installed in a way thats usuable by a browser, then it can be used "at will". So let say I make a web site, with my own active x, and I'm the only user. I don't risk anything from visiting that web site, obviously. But let say someone else learns about it, and stick the tag to use the same control on their web site, but this time abuse a security hole in it... When I go on that web site, I'm going to get owned by my own Active X. There was recently a
        • by The Bungi (221687)
          If ActiveXs could only be used by the web site that installed them, what you say would be more true

          mkay, but that's just another aspect of the issue of trust transition. And I'm having trouble imagining how useful the Shockwave or Acrobat plugins would be if I could only use them on the website that installed them.

  • Uh oh (Score:5, Funny)

    by Annymouse Cowherd (1037080) on Wednesday January 24, 2007 @06:34PM (#17744512) Homepage
    Wait, Battle.net isn't compatible with Vista?
    • They're afraid that if there is another Battle.Net patch to work with Vista the Zerglings will get nerfed.
  • In Korea... (Score:4, Funny)

    by spaceyhackerlady (462530) on Wednesday January 24, 2007 @06:44PM (#17744634)

    In Korea only old people use ActiveX.

  • So says the Ministry of Information? Like, the Ministry of Truth? "Don't install Vista. Drink Victory coffee."
  • Install Vista? In Korea? Heaven forbid! They might get...get [whispers] security. OMG!!! Repent, repent, ye lost souls! Let ActiveX be thy savior!
  • I thought the whole point of ActiveX was to be incompatible with anything but Microsoft products. Apparently their Embrace-Extend-Extinguish strategy worked a bit too well.

    Anyone know what this is all about - they must still be aiming to support old ActiveX stuff, right?
  • The real reason is that Windows Vista does not yet offer in-built protection against attacks by giant North Korean rabbits [slashdot.org].

  • by bitserf (756357) on Wednesday January 24, 2007 @06:56PM (#17744830)
    Ran into this with my partner, who is Korean. Her online banking uses incredibly invasive, poorly conceived and programmed software called nProtect. Which installs a bloody device driver to function. It actually blue screened Vista randomly. It does not install without Administrator level access to the machine (obviously). In addition, it required that you run IE7 in Administrator mode when attempting to log in. Also, many many websites did not function reliably with Vista and IE7, their ActiveX controls expecting to have administrator level access to the machine. Advanced technologically? Hardly. Just proprietary and locked in, and not very security conscious. The amount of times I had to click "Allow this website to install an ActiveX control" is just insane, I don't want to think of the amount of remote code execution vulnerabilities present on a machine with all these controls installed. They're pretty much conditioned to allow the website to install any old thing, really, since so many of their websites require it.
    • by element609 (303265) on Wednesday January 24, 2007 @07:48PM (#17745450) Homepage
      I wonder if this has anything to do with the large amount of spam originating from South Korea? For my less internationally inclined clients, I sometimes suggested using the DNSBL cn-kr.blackholes.us to help fight some of the unwanted spam.

      I spent a month at a S. Korean University, and there was a lot of junk installed on the public computers on campus. Every evening they rebooted, and and started with a clean image each morning - so IE was clogged after a day's worth of surfing. Needless to say, I rebooted before using one.
    • There is one right way to enable active-x on a website that pervasively needs it. That is to add the website to your trusted sites list and change the settings only for trusted sites to allow active-x. I'm sure a lot of people just edit their settings for all websites though after getting tired of clicking allow 20 time in one banking session.
    • by springbox (853816)
      WTF are you serious about the bank using nProtect? Is there a good reason for this? Because the nProtect rootkits don't actually do much to stop people who want to subvert them.. I'd drop that bank pretty quickly..
  • If the execs running Red Hat or another Linux distro had the killer instinct that Gates and other Microsoft execs have always had, then every single obstacle to "upgrading" Windows to Vista would be greeted as an offramp to Linux. Packages that reinstalled Linux would be marketed as "Windows recovery tools" to people evaluating Vista. Bundled with Office workalikes and training videos, and clickable data conversion tools.

    It's easy to blame MS for being bad. It's harder to blame Linux distros for being bad a
  • by GFree (853379) on Wednesday January 24, 2007 @07:01PM (#17744920)
    They create ActiveX; it's has its uses but the security flaws are far too large to ignore.

    People criticize MS for ActiveX, so...

    They remove ActiveX; now there's less of a push for it but existing ActiveX systems are screwed.

    People criticize MS for removing ActiveX, so... ...

    PROFIT?
    • Re: (Score:3, Insightful)

      by grcumb (781340)

      They create ActiveX; it's has its uses but the security flaws are far too large to ignore.

      People criticize MS for ActiveX, so...

      They remove ActiveX; now there's less of a push for it but existing ActiveX systems are screwed.

      People criticize MS for removing ActiveX, so... ...

      PROFIT?

      I believe the technical term for this situation is 'Hoist by their own petard.' (Reference here [wikipedia.org] for the literarily challenged.)

  • One would think that the PHB's in Redmond would have considered the ramifications of being sooooo special that it disconnects a whole high tech country from your product. I'm am so glad I dumped all my MS stock 3 weeks ago.
  • When i listened to national public radio the other day they were advising the same thing. To wait on Vista until all the bugs are worked out. I really fail to see why the fact that Koreans were advised the same thing makes that big a difference. The title should have been "Users warned to wait until upgrading to Vista".
  • by whoever57 (658626) on Wednesday January 24, 2007 @07:21PM (#17745158) Journal
    ... until Hangul don't run! (there goes my karma!)
    • by vertinox (846076)
      You know. That made me chuckle but I think that went over everyone's head.

      I only know what Hangul text is because I had to trouble shoot an Outlook issue once with a client receiving email from Korea. I had to look it up to find ways to test the foreign language packs.

      I don't speak Korean though.
  • Not Vista's fault (Score:5, Interesting)

    by Sloppy (14984) on Wednesday January 24, 2007 @07:34PM (#17745284) Homepage Journal
    The problem is that Vista doesn't play well with a software program called Active-X that is widely used in Korean Internet sites.

    No, the problem is that incompetently created websites use delicate nonportable nonstandard proprietary software that is only interoperative with one single obsolete platform.

    Don't blame Vista; blame people who aren't responsible, experienced, or forward-looking enough to see why complying with standards is so necessary.

    Now let's see how people will fix their glaring mistake. Will they "fix" it by repeating it (i.e. rewriting ActiveX controls to be compatible with Vista, so that they can get paid to screw their customers again in 5 years when the next version of Windows comes out) or will they fix it by removing the irresponsible dependencies?

    • by Lothsahn (221388)
      Once again, as stated in a previous post, the problem was US export restrictions.

      It's not because they're "backwards", it's because the US export policy on encryption was SO onerous they refused to use the "standard" at that time (40 bit SSL)

      http://slashdot.org/comments.pl?sid=218612&cid=177 45162 [slashdot.org]
    • Bingo, exactly correct. This is not a Vista problem, it's a problem that various suckers used ActiveX and other non-standard features in the first place. And me without mod points, too.

              Brett
    • by dbIII (701233)

      No, the problem is that incompetently created websites use delicate nonportable nonstandard proprietary software that is only interoperative with one single obsolete platform.

      Isn't that what a lot of third party MS Windows software developement is about? I have new systems runing Win98 for this reason - to run stuff from back when VB was Pascal instead of resembling Java like it does today. Obviously this stuff is getting replaced by a cross platform application.

    • Re: (Score:3, Informative)

      I'm 99% certain that they'll repeat their mistake.

      ActiveX controls and IE-isms are pervasive across the Korean web. Almost every major Korean web site relies either on custom ActiveX controls or some feature of IE that is non-standard. My wife is Korean, and we keep a copy of Virtual PC on our Mac just so that she can access her bank.

      There are some indicators that this is changing, but progress is very slow. One example of this is a shift in displaying video clips - 18 months ago these were universally d
  • This assumes that one of two things will eventually happen:

    • MS will give ActiveX in Vista the freedom it had in previous versions of Windows
    • All these sites/applications will move to something less Windows-centric

    As for the first, it's possible that MS can decide later that it "degraded the user experience" with Vista with regard to ActiveX and loosen the restrictions on it with SP1 (thus, degrading the user experience when the next generation of ActiveX exploits get into the wild).

    For the second, it

"Consistency requires you to be as ignorant today as you were a year ago." -- Bernard Berenson

Working...