Why Does Windows Still Suck? 1995
RatBastard writes "SF Gate's Mark Morford asks: Why Does Windows Still Suck? After wtaching his significant other's Windows PC drown in a sea of viruses and worms after only 4 minutes on her new DSL connection, Mark Morford wonders why the masses have not stormed Redmond waving torches and scythes in anger over the never-ending security flaws in Windows. Why haven't they jetisoned the foul beast from Redmond and migrated en mass to the Macintosh or even Linux?"
Why? (Score:5, Informative)
Re:Common sense, for the love of Pete... (Score:3, Informative)
Re:Common sense, for the love of Pete... (Score:4, Informative)
Hold up. (Score:1, Informative)
Re:Why? (Score:0, Informative)
Well... (Score:3, Informative)
For example:
(Sometime in the later '90s, a Mac org whose name I forget ran a rather amazing hacker competition: they offered a $13,000 cash prize to anyone in the world who could hack into the company's unprotected Mac server and alter the contest's home page in any way. Needless to say, no one ever could).
If the author were half as clever as he thinks he is, or not being dishonest, he'd realize that such a competition says absolutely nothing about the operating system and everything about the person or persons who configured it. I could put a really secure Windows 2003 Server on the net (the easy way: basically disable every incoming network service). Doesn't mean Windows 2003 is secure...
As to why the masses don't migrate en-masse to the Mac Mini.. That's an easy one... They want to actually run applications other than Final Cut and iTunes. For all the greatness of OS X, Apple still hasn't managed to do a very good job of getting widespread developer support behind it. An operating system can be the most secure and uncrashable thing on the planet and nobody is going to give a flying damn if they can't run software they want to use on it.
Cracks in the wall.... (Score:4, Informative)
I'd just submitted the same item, but with some additional background...
Moreford isn't the only person noting crap quality of Microsoft. The New York Times saw fit to run 2300 words on erasing a hard drive and reinstalling the OS [nytimes.com], to terminate spyware with extreme prejudice. I mean, when was nuking your C:\ drive national news? A few months earlier, I was interviewed for an expose of the adware/spyware industry in Barbiarians at the Digital Gates [nytimes.com]. My own technical followup, Spyware, Adware, Windows, GNU/Linux, and Software Culture [netcom.com] has garnered a number of responses, most variations of "why do people put up with this cr*p?!"
Even the local small-town paper's usually Microsoft partisan columnist is suggesting it's time for the Microsoft Empire to begin to crumble [napanews.com]. And he's not the only one.
The point is that these aren't geeks and gearheads talking out, it's the current in the popular press. Ordinary people. Which wouldn't be so significant if there weren't clearly identifiable, far better alternatives. Linux. Mac OS X. ABMS - Anything but Microsoft.
I think we're finally seeing the ediface crumble.
Re:Why? (Score:1, Informative)
Re:Maybe He Just Married a Moron (Score:1, Informative)
the fact is that in mandrake it's very easy not to get infected with anything.
Re:Maybe He Just Married a Moron (Score:2, Informative)
The computer didn't just up and die on its own. It was systematically attacked by OTHER COMPUTERS through the DSL network connection.
The original analogy that compared that to someone else hitting your car is accurate.
JHutch
Re:Economics (Score:3, Informative)
Exactly. Normal people think when their computer slows down it's because "it has all this stuff on it" - as if every additional program they install should load it more and so slow it down even when the program's not running. After all, in the real world, loading more stuff in your vehicle really does slow it down (and there's no concept of "only when the stuff is running").
Or they think the computer's getting slower just because it's getting older, like people do.
Re:The issue... (Score:3, Informative)
So when the user gets a spam trojan installed on their system due to a security hole in IE where no patch yet exists, it's their fault right?
Anyone remember the Windows Refund effort? (Score:5, Informative)
When you tried to do this, companies would say that you needed to contact Microsoft for the refund. Microsoft would say you needed to contact the computer seller. Once you finished running around in circles, you found out that it only cost the manufacturer about $1.00 to put the copy of Windows on that machine, and that's what you'd have refunded to you.
Of course, if you needed to get Windows back on the machine, now you'd have to pay the $180 for a full copy of it, because you had to return any and all materials from your computer purchase in order to get your dollar back.
Of course, if you managed to convince the manufacturer to sell you a computer without an operating system pre-installed, you had to pay an extra $10-$50 for that choice. Why? In order to be sure the computer worked in the first place, they had to install Windows to test the peripherals and other devices! Oh, did you want warranty support too? Sorry. "We don't support other operating systems."
The whole pre-installation thing was pure genius on the part of Microsoft's marketing department.
Wrong ! (Score:5, Informative)
This article says otherwise. [theregister.com]
Some history. [theinquirer.net]
It's the servers (Score:5, Informative)
However, they have subtle differences with each set of machines that come off the production line. You can buy 4 servers at the same time and each will be a LITTLE different. Linux doesn't care. We use the same image with blades that we use with 345s that we use with 445s - no sweat.
BUT, with Windows, 2 blades (or whatever) require totally different drivers to be installed. My team can image (literally) tens (and probably 100-200, although we haven't tested that) of servers at once - using Linux in about a day. Windows - won't work, the requirements for the OS to have just the RIGHT driver for each server is a bloody NIGHTMARE.
Another issue is access. A lot of applications with Windows seem to need admin equivalent access and then want that ongoing to change anything. This means a lot of people need a LOT more access than we want to give out! With *nix, we've managed to use sudo and scripts to keep those boxes better locked down.
Otherwise, to be frank, I don't give a r@ts ass one way or the other. I simply line Linux b/c it works. If we could get past the image issue, I could probably live with Windows (and just suck it up WRT access).
Re:The issue... (Score:4, Informative)
If you truly believe that viruses and other types of malware don't exploit these holes then I doubt I'll be able to convince you. Look around with Google.
Re:I'm amazed. (Score:1, Informative)
They try to.
But all the Linux users who care about user-friendliness seem to be involved with the GNOME project. And they aim all their efforts at making Linux easy to use for people who've never used a computer of any sort before.
Unfortunately, the approach they take ends up making everything completely different from Windows, meaning that they make life incredibly hard for the 99% of computer users who have, with great effort, learned how to use Windows, and are no longer willing to expend any effort to learn anything different...
Re:Common sense, for the love of Pete... (Score:3, Informative)
There's always been a firewall-everything mentality on the internet, or at least as long as the net has been popular. Do you think a company would be wise to expose their servers (be they unix, windows, whatever) to the internet without a firewall? Even servers running the most hardcore secure operating systems are behind firewalls (excluding the servers that ARE firewalls). Why is that?
It shouldn't be any different with personal computers, except the cost of the firewall, depending on how important and mission-critical you think your home computer is.
Re:Only problem exists between chair and keyboard. (Score:3, Informative)
I don't follow. I'm just gonna leave the hardware part alone, because odds are you're talking about your circa-1989 parallel-port Epson dot matrix printer or some damn-fool thing, but software? Mac OS X will run virtually any Mac application ever written --there are a very few ancient programs that won't run either under Mac OS X or the Classic environment --and it can run any POSIX-compliant UNIX program for which you have the source code. That means it can run all Linux software plus all Mac software, plus or minus a small fudge factor.
Also, what with Virtual PC, it'll run practically all Windows software.
There's just not a hell of a lot of software out there that can't run on a Mac. So whatcha mean?
Re:Microsoft needs to be banned from preinstalling (Score:2, Informative)
Bullshit. (Score:3, Informative)
I admined pre-OSX boxes for years.
Some dialogs do stop processing, but it's not "any time you get a dialog on the screen".
Your problem is more likely FileMaker, which is horrific at these things. As soon as *FileMaker* produced a dialog of its own, then *FileMaker* services stop working.
The whole machine doesn't though.
Re:It's a Catch-22 (Score:1, Informative)
And there's SDL of course...
Re:Seems dubious (Score:3, Informative)
No, but since Macs come with a standard Apache build (v. 1.3.29 currently), and we've been using that for web servers for the past 15 years...
Re:Microsoft needs to be banned from preinstalling (Score:2, Informative)
Congrats. You've just described at least 95 percent of all Windows users. Perhaps they'd be better suited with something better designed, and easier to maintain. Like a Mac for example.
Re:It's a Catch-22 (Score:4, Informative)
I think many of the popular emulators use it... don't know about "big" games though.
Re:Economics (Score:3, Informative)
It wasn't all that long ago that disks maxed out at a couple of gigs, games that could easily fill a couple of hundred megs each had the default option of "install to disk", the FAT filesystem got horribly fragmented, the defrag tool didn't defrag if you so much as moved the mouse and Windows had no concept of DLL versioning or security so it was pretty damn easy for any new program to stamp all over critical files with any random version the publisher had pulled out of nowhere.
It wasn't that long ago that a computer really was slow because "it has all this stuff on it".
Re:It's a Catch-22 (Score:2, Informative)
The key difference is that DirectX is more widely supported in games than OpenGL. Why? My guess is that it largely has to do with hardware support. Notice that for a while there, video card manufacturers stopped advertising support for OpenGL? It's not that they actually stopped supporting it, but rather, there weren't many updates to OpenGL in the past.
With consistent updates to their API, Microsoft gave hardware manufacturers an opportunity to make more money on upgrades every couple of years, as they could support DirectX 7, then 8, 9... and so on. Certainly, they could continue to create more powerful video cards, capable of crunching bigger numbers faster, but if the games are using a newer DirectX, then the hardware is essentially useless. In return, Microsoft establishes dominance of its own, proprietary API.
This is versus what?
In the end, the game developers will use whatever graphics API is best supported by hardware, and for the past several years, this has been DirectX. The choice is not based on difficulty, I assure you.
*Note: I am aware that OpenGL lacks any sound API, but there is of course OpenAL or SDL, to which similar arguments apply.
There is something in the networking department. (Score:1, Informative)
Although quite frankly, networking is the easiest part.
Re:Longhorn is the answer (Score:3, Informative)
That has nothing to do with it.
Install XP (no SP2)
Reboot
You are machine administrator, it's not even a choice unless you create a different account, give it admin rights, then remove the admin rights from your initial user.
OK, that little fiasco over, now configure a net connection then run "netstat -a -o"
What are all those processes listening on non-loopback adress for ?????
Why would the default installation come configured to do somehting that stupid ?
Now, connect to the internet, use a web browser and a Chat app - particularly astonishing results come from MS's own apps, but you'll get similar results with any.
run the netstat test again.
Tell me, did you allow those processes to run, did you allow those processes to listen
That's what's wrong with Windows, not the 'codebase'
Re:Wrong ! (Score:2, Informative)
This article says otherwise.
It's funny how you can quote in support of your opinion an article that says exactly the opposite. And get moderated informative to boot!
I quote from the article in question:
"As structured, the MDP does not appear on its face to violate the explicit terms of the Final Judgment with respect to the pre-installation of operating systems."
Re:Microsoft needs to be banned from preinstalling (Score:4, Informative)
I've always been suspicious that those infamous "NSA_KEYS" had something to do with the settlement..... I could easily see MS proposing something like "drop this nonsense and we'll give you boys all the inside crypto keys you want, we'll keep Windows insecure and you can keep everyone owned.."
Check... You'll see, settlement talks during GW's tenure were even in NY as I recall!
They've been found guilty after all... No other convicted criminal is/has been allowed to keep their illegally gotten wealth after being convicted!... It's unprecidented, but TOTALLY slipped by in the hysteria after 9/11!..... There's a government connection here, they certainly wouldn't let me keep the money after robbing a bank!... It's unprecidented!
Re:The issue... (Score:3, Informative)
I disagree about the amount of foreknowledge required to operate and own a computer. My parents can easily use Linux with a Knoppix CD - and it's quite secure too. I understand fully the argument about how virus authors target the most popular platform, but I also think that you're ignoring large areas of software where Microsoft is not dominant.
For example webservers. Apache is (I hope) still number one, and the vulnerabilities in Apache are not nearly the same level as IIS.
Virus writers don't target Windows only because it's the most popular - it's also the easiest target. By your logic, the virus writers should be using all of the Apache servers out in the wild to send spam - which they're not.
When the Apache server has a vulnerability, it's patched extremely rapidly and all distributions pick up that patch and get it to the users. For example the Debian server I use will pull the update from the Debian Security repository.
If a vulnerability in MSIE is found, it can be months before the patch makes it out. I truly the think the deployment process and speed of these patches is crucial, and that's really where Microsoft is falling short.
You do make good sense about the anti-virus software, firewall and spyware scanner. Except the firewall is now built into Windows XP SP2 and can be programatically disabled or circumvented by software on the same box. That's true of any firewall software, but now users are most likely to have the SP2 firewall - making it an easier target, since there's less choice in the matter for the user (if the user knows what a firewall is).And the spyware scanner that Microsoft is releasing will have updates on a monthly basis. So if the new spyware definitions are released on the 5th of each month, then the spyware authors will release their new code on the 6th. Doesn't that strike you as... terrifying?
Feel free to e-mail me if you like about these issues - I really enjoy this kind of talk :-)
Re:Why? (Score:3, Informative)
Re:Microsoft needs to be banned from preinstalling (Score:3, Informative)
Re:Microsoft needs to be banned from preinstalling (Score:2, Informative)
Re:Microsoft needs to be banned from preinstalling (Score:5, Informative)
From here [latimes.com]
Or this:
From here [com.com]
Ashcroft and James didn't have their positions in Clinton's administration.
Bad Moderators, go sit in the corner and think about what you've done.
Re:Why? (Score:5, Informative)
Re:Microsoft needs to be banned from preinstalling (Score:3, Informative)
A 'clean install' means you format your hard drive and install the O/S from scratch. Then you have to download the security patches and updates by yourself for the O/S, firewall, and anti-virus software. Many times before you get the chance to down load the patches, the PC is infected.
This can be minimized somewhat by connecting to the internet from behind a firewall. Some DSL/Cable hubs have them built in, or you can do it through another computer with a firewall using NAT (Linux), Connection Sharing (XP), or other mechanisms. A firewall with stateful blocking (only accepting inbound packets from outbound connections you establish) will stop a lot this stuff. At the same time you need to go only to the update sites for your O/S and anti-virus/firewall software until all the patches for these are applied to your system (still no guarantees, but this seems to work for me). If you have no anti-virus software, and especially if you have no firewall, you are likely to be screwed very quickly.
As a note, the last time I had a virus that disabled my PC at home was in 1995. At work, I only had one in that same time, and that was in 2003. I am a programmer, and I access the internet a lot... always with high speed connections. For the last few years I have been using a Linux box with iptables for my firewall, and NAT/ipforwarding to a few computers behind it.
Boring (Score:4, Informative)
This really starts to get boring. I have already written about it countless times only to get completely ignored every time I dare to point out that the emperor is naked.
I find it truly amusing that people who say that there are other advantages than only Digital Restrictions Management of using "trusted" computing [gnu.org] and Palladium-like platforms usually talk with great enthusiasm and excitement about the new and innovative security features [cap-lore.com] that have already been implemented in the 1970s [cap-lore.com] for crying out loud, only better and with no strings attached [cam.ac.uk]. All TCPA zealots are usually completely ignorant of the existance of such operating systems as KeyKOS [upenn.edu] or EROS [eros-os.org] with formal proofs of correctness [psu.edu] for God's sake and without all of the silliness of "trusted" computing.
And no, this is not only my opinion [eff.org] that we don't need DRM to get security. I am not the only one who says that everything that TCPA can possibly do to security can also be done in software, with the only exception of DRM, and in fact it has already been done, decades ago. I am not really surprised at all why it is completely ignored by the TCPA and TCI pushing industry. I am only outraged that there are so many naïve people who once again will gladly do anything no matter how dumb it is, if only their good uncle Bill Gates says that it's good for them.
Please, people, if you want to learn about real systems security, then read some old papers by Jerome Saltzer, Michael Schroeder, Norman Hardy and Jonathan Shapiro. If you want to learn about cryptography, read texts by Bruce Schneier. Microsoft is not a reliable source of knowledge in that field.
People always ask me where are the real innovations in systems security and I always say them that they are in the seventies, and have been being ingnored since then by major software vendors because people don't demand using them. This story and this thread is a great example: "Yeah, this version of Windows may suck, but still I am looking forward to buy the next one."
Wait, I've already heard it... In 1995, 1998, 2000, 2003... Oh, you mean that this time they really mean it?
Re:Why? (Score:2, Informative)
eDirectory! (Score:5, Informative)
In fact I stopped hating Microsoft (for a while) after my first 10 installs of 2000 Server and Active Directory. I fell for the hype, which was mostly true, until I used Novell Netware 6.0 with eDirectory.
eDirectory is the same, plus better [novell.com] and it runs on Linux, Windows and pretty much any place you want to install it. The licensing is a lot more straight-forward, it's better than Active Directory [novell.com], runs on Linux and it's Novell. We love Novell now don't we [suse.com]?
I say the question is:
A story (Score:5, Informative)
Day 1: Couldn't partition my hard drive because the Slackware installation disk doesn't have drivers for SATA disk controllers. Spent the rest of the day searching the web for work-arounds.
Day 2: Located a message board where someone had posted a custom ISO image of Slackware disk 1 with a SATA-enabled kernel. Was able to partition my hard drive and get setup running, but when it came time to pick a kernel to install, it refused to let me insert disk 1 to grab the SATA kernel. Spent the rest of the day searching the web for work-arounds.
Day 3: Finally figured out that I could put the setup process in the background, unmount the CD, eject and re-insert disk 1, then bring setup back to the foreground. Completed setup and got X running. Copied over source for 2.6.10 kernel, which I had burned to a CD. Started doing configuration, and realized there were no Linux drivers available for my wireless network card. Spent the rest of the day searching the web for solutions.
Day 4: Discovered ndiswrapper, a module that allows you to use standard Windows drivers for wireless NICs under Linux. Downloaded and built it with no problems. Tried to load my NIC drivers, and the entire OS immediately locked up. Rebooted and tried a couple more times with the same results. Spent the next 2 days searching the web for solutions.
Day 6: Finally found a single post from someone who had the same hardware revision of the same card, who had been able to get it working using the 2.6.9 kernel. Burned the source to CD and installed it on Linux box, configured, compiled, rebooted, built ndiswrapper and it worked! Unfortunately, I couldn't get an address from DHCP server. Spent the rest of the day searching the web for solutions.
Day 7: Took a day off.
Day 8: Found out that I was using the wrong command to query DHCP (I was foolishly running dhcclient instead of dhcpcd, it's so obvious!), so now DHCP works and I can connect to the net without having to assign a static IP address. I spent the next couple days configuring the video drivers, audio drivers, and getting all the modules to configure correctly at boot-up.
Day 10: Started working on getting the video-capture card drivers working. Ran into a myriad of build errors right off the bat. Did some research and learned I needed to compile some extra features into the kernel before the drivers will build. So I reconfigure, build, install, reboot... and the kernel won't load. Decide to call it a day and have a few stiff drinks before I am tempted to toss the computer out the window.
Day 11: Okay, turned out it wasn't anything tragic, I booted to an older kernel, rebuilt the new kernel, and everything worked fine. But the capture card drivers still wouldn't build. Spent the rest of the day searching the web for solutions.
Day 12: Finally realized that all info I've found about using this particular capture card refers to the fact that the user was using a 2.4 kernel instead of 2.6. So I download the kernel source, configure, build, install, reboot... and now I can build and install the capture card drivers. Unfortunately, there are no drivers available in the kernel source for my motherboard sound chipset. But I figure I can address that problem later. I do a bunch of configuring, ho
ClamWin - SF.NET POTM plug. (Score:3, Informative)
Interview with the developers can be read here:
here. [sourceforge.net]
Patrick McGovern
Director, SourceForge.net
Pat@sf.net
Re:Wrong ! (Score:3, Informative)
The problem is that the OEMs are given this "choice": Either pre-buy massive amount of OEM licenses, or pay full retail price through some other channel. Buying a full-blown $300 license pretty much guarantees an OEM will be eaten alive by other competition in the sub-$1000 market. Since they've already paid the cost of the OEM licenses up-front, they're always going to find a way to recover the cost.
I'd say a good solution would be to have a middle-man buy the licenses, then dole them out to OEMs. There would be the advantage of volume licensing prices, but without the need to cough up the cash before the host system is sold. But, oh wait, Microsoft's EULA prevents anyone but OEMs from buying OEM licenses. And, oh yeah, reselling licenses is forbidden as well.
They call it the Microsoft Tax, but at least the IRS waits until I have the money before they take their cut.
Re:Why? (Score:4, Informative)
yes (Score:1, Informative)
Re:No kidding (Score:1, Informative)
Also, try just typing "info", instead of "help". I admit, why info instead of help. But hey, it works, sort of, and right at the top of the screen it says to type h if you're a first time user and you need a primer.
But I do agree with you, linux usability sucks. You often have to fall back to the command line, but the command line is very forbidding, due to there being nothing to guide a beginning user along if he isn't already aware that it exists.
If I were the fedora people, I'd make it so that opening up a bash session would print a banner on top of the screen:
First time user? Type "primer" to figure out what does what.
Then that would step by step, in a self-explanatory manner, explain how to get things done on the command-line.
That's only half of the problem ofcourse. The other half is that POSIX has not standardized the user interface beyond very, very basic commands, and as a result anyone wanting things done on the shell has to fall back to strings of arcane basic commands, instead of being able to use the much easier non-standardized command line tools which are available on every distro (a perfect example is custom compiling a kernel, which is always explained in ways that circumvent the package system instead of dramatically simpler ways that exploit it). LSB needs to start standardizing the command line. Ofcourse, they won't, because for a lot of linux geeks the barrier to access is actually a big draw, elitist pricks that they are.