Vista = Eye Candy with Win95 and Dos underlinings, expect more security issues when it releases =(

I suppose the Xbox has some pong code still in it as well !

As long as Windows remains the populist OS.. hackers will try to challenge Redmond !! On the other hand the lesser known OS's hardly face this problem.

Vista will be a nightmare... for Microsoft and hackers alike, at least. Microsoft will be releasing the largest amount of code they've ever done at one time, but at least they've had some good beta rounds with it. Hackers, though never long on the uptake, will at least be stymied by the newness of it all. We can only hope that Redmond didn't cut and paste old code, vulnerabilites and all, into the new OS.

The "genuine Windows" spyware is making me pause in endlessly updating Windows. Yes, I do in fact have a 100% valid copy of Windows. And I do think MSFT has a right, like when I install, to use keys, etc., when I install.

I just really don't like the idea of something that is constantly "checking" my machine and sending info to MSFT. What if they, say, extend this to their DRM package, and check my whole machine? What if they decide to market Office ("You really should buy Office 2007..."), or decide that I really need the new version of Windows media player? I wouldn't like my car, for instance, complaining I hadn't installed genuine Ford parts....

Their updates for non-security reasons also break things -- as in their patent infringement Active X thing -- where I now get alerts on a lot of sites. That too got thrown in an update, but that's not about security, but MSFT and the patent mess.

They've now made it a tradeoff to me -- I feel I am yielding control of my machine to MSFT in exchange for software security patches. MSFT has its flaws, but one huge benefit of them (versus Apple) is I feel I can install and run "anything". It feels security is becoming a mechanism, semiconsciously at MSFT, to shut that down.

Microsoft should consider hiring some of these smart hackers or atleast working closely enough, otherwise it could prove expensive for the company in the long run. The least they can do is give credit to the guys who report unpatched vulnerabilities.
For Vista, a cash reward should be given to those who can hack it or break it! Lessons learned will be applied before releasing for Retail & before you know it Vista would be sold out!

Let's get rid of the old canard that Windows is hacked because it is popular, while lesser used OSes are not attractive targets. The architecture and coding of Windows invites hacks simply because it is poorly conceived and comparatively easy to hack into it. If it was easier to hack Unix or OSX or Linux, we'd see thousands of hackers doing so. Hopefully MS designed their new system from the ground up as a robust networking OS.

Windows is easy to hack because it is a sloppy operating system. The coding is loosely designed and has for the most part been carried over from OS to OS without much change. 95 coding was the first major change since WW3.1 and it was a bust, it was sloppy coding that was rushed out to beat their projected release date. 98 was the fix and here again they rushed it out to beat the release date so it got even sloppier what happens when you take a sloppy code and slap some pretties and a few new features on top of it?? it gets sloppier! So then we have WinME, dont get me started. Moving on at the same time as 95/98 we have the NT world (wow MS actually had a decent secure OS). With NT true you did have up to NT4.0 which with each upgrade fixed vulnerabilities but NT was and still is MS's most secure OS. Then we take the NT platform for another upgrade and attempt to localize it like 98, it becomes 2000 a decent and sturdy OS with a pretty good backbone. But then we make a huge mistake. Mixing 2000 with ME and adding that stupid blue GUI. And hence the birth of XP the worlds most vulnerable OS known to man. The code just keeps getting messier because its carried over so much. If they were any smarts at all they would build Vista from the ground up (which it doesnt appear to be what they have done, it still bears a strong functional resemblance to XP from the beta's I have tested). So Windows doesnt get the brunt of attack because its popular, it gets it because Redmond and Gates both suck so bad at what they do they really cant seem to get it right.

Hackers target Microsoft because it is the popular OS and since they can make a bigger name for themselves if they hit a Microsoft product. Who would care if Linux was hacked...no one but the business world...and quite frankly there are more Windows' Desktops than Linux desktops running Virtual PC. Plus recently Apple was hacked by a worm, or virus (can't remember), and people were shocked because it was built on a Linux based OS. It's not because Microsoft is easy to exploit...it's because they are the easiest target to hit with the largest audience to gain recognition, that's all. Quite similar to Half-Life 2...very popular and highly modded by the mod community...that's all. Popular=better target.

Windows is by far the most secure OS available in the market. i dont understand why MS even bothers to fix any "flaws".

The Populist = Hacked relationshisp is beyond hollow - see granular security. See thousands of Windows viruses. No Steve, Apple isn't "based on a linux OS" it is based on UNIX. "In the Business world?" see netcraft.com. Linux + Apache + MySQL + (PHP | Perl | Python). Sorry but people need to admit they have not done thier homework. "Windows not easy to exploit" they invented the term script kiddy ? Need I continue ? My email is epjr@canoemail.com if you want to continue this conversation.

No, no, no. Popularity has nothing to do with it. The Apache Web server is the most popular Web server on the planet, yet it remains secure while Microsoft's Web server (far less popular) was hacked to pieces and resulted in Code Red and dozens of other Internet-hobbling vulnerabilities.

Windows is insecure because everyone runs it with full Administrator privileges -- since most software you install requires it. That means when you get a virus, the virus gets full access to the operating system.

It doesn't have to be that way. Linux and Mac OS X don't let users (or the viruses they get) run and destroy the operating system files. You can still install a virus if you're stupid enough to install some random untrusted software, but you can't destroy and infect the entire system. Linux and Mac OS X are true multi-user systems which protect themselves and other users from each other. Windows never was.

Oh, and Mac OS X is based on FreeBSD, not Linux -- two completely different operating systems.

"Hackers target Microsoft because it is the popular OS and since they can make a bigger name for themselves if they hit a Microsoft product."

This makes no sense at all. If you're a "hacker", do you think you'd make a bigger name for yourself coding up yet another Windows virus (one of hundreds every month), or by coding up the first true Linux or OSX virus?

You actually believe being another lemming will get you recognition. Think about what you're saying.

Anyone using Windows at this point is just plain ignorant, or is a video gamer. DirectX is the only thing Microsoft has over Linux at this point in time and really, how many people actually play games?

I've got over 25 years of IT experience. It is nice to see someone (see xEEEx's and WorldEclipse.net's comments above) understand and admit the truth about Microsoft's painfully poor code, which all of us pay for - not just in the purchase price, but the price of lacking security, poor performance and marginal stability.

Authors such as Steve (above) do a painful disservice to the millions of computer users who do not know first-hand how awful Microsoft's products are.

Stop pretending MS software is well-written and is just big target. Their software is a big EASY target, due to its poor quality.

Hence the reason I run Windows to this date...to play the 100's of games I have at home...and sorry about the misconception of the Mac OS...I had thought it was based on Linux (UNIX) system. I agree on the permissions issue...on my home computer I have it set-up that everone, but myself, is a power-user...ability to install software (games), but not enough power to modify the system...so the g/f sometimes gets error messages of access denied, but I tell her it is for the safety of the system and that her permissions need to stay limited.

To clarify from the apple.com OSX website --

http://www.apple.com/server/resources/oracle/

"It begins with a UNIX-based foundation, with the Mach microkernel and the latest advances from BSD"

Let me explain that I understand that Windows is full of holes and whatnot...but I had gathered that since there were so many users (general consumers) that have Windows that this was the "main" reason that drove the hacker community to exploit windows...my question to the hacking community is why? Why waste your valuable day to exploit vulnerablities in something that is crappily coded and do thousands, if not millions of dollars in damages to a computer network (or business, or people's homes?)...if the US has it's way I think they are putting together a law somewhere down the line that if you hack a US citizens computer that it is considered terrorism (this I heard through the grapevine so please don't quote me on that). I'm not saying MS Windows is bulletproof...I was saying that they were mainly targeted because of the audience they had.

I think when windows made access to the computer easy, they made everything easy - which is a huge sacrifice when it come to security . I'm thinking "open ports' or "raw sockets" in xp which provide the potential to do a lot of good and evil.
Then there is a serious lack of attention to detail - when a multibillion company with the most expensive programers leave a sercuity hole open over muliple versions of the OS and in public view for months at a time.

"DirectX is the only thing Microsoft has over Linux at this point in time and really, how many people actually play games?"

A LOT. The main reason that people have a PC in their home is for games, and home users far outweigh business users these days. I would love to see a Linux graphics API so that companies could make marketable Linux games.

Microsoft has ALWAYS been a target for hackers for a few reasons. First, its software is relatively unstable. Second, it is VERY popular...who's going to write viruses for an OS nobody uses, that's illogical; you want your virus to do major damage. Also, since few hackers regularly come in contact with Tiger OS, they don't realize its vulnerability. (This is not true with Linux). Finally, the fact that nobody mentioned, Microsoft has an evil reputation, especially when it comes to the Silicon Valley and many elite hackers. They are an evil monopoly, who wouldn't target them? It's practically a good deed.

Hi,

I think j2r7 has it right. Windows was designed around convenience and ease not security. Now they are trying to bolt security on top. No way that is going to fly.

I read that Vista beta has had a lot of complaints because of security nags and that they are now disabling those. :-) (Interview with new security head at MS on CNET). They know their customer base cares more for ease/convenience than security.

"DirectX is the only thing Microsoft has over Linux at this point in time and really, how many people actually play games?"

Are you kidding me? Would you recommend Linux for your grandmother's machine? Hell no, because she'd be calling you every hour to figure out how to use something. Linux is good for geeks, MS is good for everyone else. Linux will NEVER be an easy to use desktop OS.

Also, gaming is one of the single largest uses of personal computers today, so I guess the answer to your question would be, "A whole freakin' lot"

Some hackers work for notoriety, but the largest reason for finding exploits is monetary. If you can target 90% of personal desktops (which is a lot easier to target than systems managed by a knowledgable administrator) you're going to pick that option over targeting say 5%(which is being generous). I don't see anyone offering up to 50k for Linux exploits. Why? Because noone cares. Linux boxes are run by geeks because noone else can run them. Even if Linux did have a larger market share it would still be easier to target MS because any idiot can run their software and those people don't know how to protect themselves.

I'm not taking anything away from Linux. It's a great server OS. But it cannot compete with MS in the desktop environment because most people don't have time to get a CS degree to use their PCs.

I'll tell you what, when your favorite OS hits double digit market shares, come back and talk to me. Until then try to respect what MS has done.

One other reason that Windows has such severe security issues is the people using it. I always install Firefox on other peoples computers because it has a built in condom, the popup blocker. IE is considered a security threat IMO because it gives its users too much freedom! Windows users are much less computer savvy (in general) than unix or linux users. Microsoft has to learn to anticipate this. There are 5 year olds mastering computers...times have changed.

Uneducated computer users are the root cause of 70% of the security issues and the other 30% is poor code. When ever security becomes secondary to ease of use the product will become a target. Careless people adopt the technology and the programmers no longer have a motivation to write sophisticated code.

"Would you recommend Linux for your grandmother's machine? Hell no, ..."

Hell no! is right. I'd never recommend Linux to an unsophisticated user. They've most likely never heard of Linux... I just tell 'em it's the "new" windows and they're happy.

"I would love to see a Linux graphics API so that companies could make marketable Linux games."

One already exists... called SDL

I don't see anything wrong with the current version of Windows. There've been several releases of the Windows OS over time, with each release it gets more complex, LARGER(hint, hint), takes more CPU power to type the same 4 sentences you could have done in half the time and half the CPU using notepad, good ol' ASCII works JUUUST fine for most things, I think,
foo-foos, frillies, and unnecessary animations and visual special effects actually start to make users think fondly of ol' DOS, I think at some point you have to consider the transparency of the work tool. Say you're a carpenter. What's really important to you in, say, a hammer?
If ya gotta slog through data, you want tools that have similar utilitarian principles: Reliability, familiarity, and durability. I think they should start sending hackers to the Big House for a ten-year stretch instead of trying to re-invent the wheel every 3 weeks to stop them. If you vandalized someone else's car, you'd end up in jail for it. Hacking doesn't seem to have any serious legal penalties staged against it as a practice, hence the lack of respect for other people's property. Typewriters don't 'crash' unless they fall off your desk...

>If it was easier to hack Unix or OSX or Linux, we'd see thousands of hackers doing so.<

Why would a hacker want to waste his time by hacking an operating system with a 3.x% market share? (Mac OSX)

Viruses are there for a reason, evolution of better systems or to expose bad coding. Without them we would be in worse shape!

Fact of life, we will never get it perfect but as long as we keep those rich kids from making a easy buck!

Linux is now easier to install and use than MS Crapdoze. Just try installing the new Ubuntu or Suse, and you'll see what I mean. And it's a good thing Linux made it to the top when it did, otherwise more people would be forced to use that junky piece of crap Vista. By the way guys, grandma's couldn't install windows or linux or anything, even mom's require hours of training just to use windows.

"Would you recommend Linux for your grandmother's machine?"

Hell YES! I replaced the OS in my 70 year old in-law's PC. They were constantly infecting the previous OS (Win2k) with viruses and malware. No amount of "protective" software was able to fend it off. I tried the McAfee and Norton suites. Both slowed the machine down and failed to block new exploits. My in-laws also suffered when they acidentally reconfigured things on the machine and couldn't undo the changes. I had to work on their machine at least once a month.

Now they have Xandros. This is the most Windows-like Linux desktop I've seen. No training was required. It works just like Windows. They have been using this for over two years now with no software upates, patches or other hassles. Not a single virus or other malware has showed up in all that time. It just works.

We use Xandros extensively on desktops at my office too. Linux on the desktop works fine thank you very much.

Users don't have root access so thay can't screw things up no matter what they do. Application settings are stored in easy to restore config files. Windows applications such as the Office suite will run fine on Linux if you spring for the Deluxe version with the Codeweavers Crossover Office package.

Yes, ubuntu is one of my favorite versions of linux. And to those who ignorantly claim that windows is targeted because of it's popularity need to do some serious homework. Anyways, like the above poster mentioned, around 10 years ago I could write, do powerpoints, watch movies, play games, and go on the internet on windows. Fast forward to the present. I can still do the same things, BUT, I need a computer with insane processing power because Microsoft codes sloppy and uses more system resources than is needed. I believe they do this to pat Intel on the back and force users to uprgrade. And yes, linux users are much more computer savvy than any windows user ever could be

You silly persons. This is such a dead issue. Me thinks its time for people into criticizing software to get a real job. You UNIX/MAC types are way out of line. Find a girlfriend.

The preceding comment courtesy of Monty Python and a different Steve from the Steve referenced above.

Yeah.... Hackers should start writing virus for apple computers, so the 2 users in the whole world would cry about it.

I've personally had enough. When will the community finally put MS into the circular file where it belongs and run linux. Load the distro of your choice (Ubuntu, SuSE 10, etc) and be done with MS worms, viri, trojans, sloppy programming, and security updates. Its time. Linux.

I think all GUI based ops are crap.
They are all vulnerable in one way or another, but I aggree with the crowd. Yes MS Os' made be code dung, but hackers like an audience, like a chain killer likes to screw with the cops head. It's for internalized notoriety.

But then again I'm one who still believes that Xbase data retreival can still run circles around this garbage handed to us - code named ACCESS. That, Little Adam is another story.

I have been around from the days of 64k memory and 1 megahertz buses, but was never more than a user. I still am not a "geek." About a year ago I had lost some valuable data to a virus not stopped by the free anti-virus programs out there. I felt that it was immoral to steal Microsoft software but was forced to use pirate operating systems ($3 a CD in Central America) because the installation media of the ones I owned had failed. At that time I discovered Ubuntu. I am in seventh heaven. It worked right the first time. Yes the printer cost me some problem but a web search provided an answer, even if i don't understand why it works and it was not nearly as bad as setting up a printer on DOS 2.11. The same with the scanner. The next time my wife complains about the slow performance on her laptop (caused by the anti-virus program,) I am going to convert it from XP to Linux. Yes! I would put it on Grandmother's computer! The first viruses seem to have been developed to punish un-authorized disk copies. Now days I have a suspicion that some viruses are developed to motivate sales of software: after all subscriptions drive the anti-virus business.

There are two reasons you see a lot more Windows exploits. The obvious one that has already been mentioned is market share--if you're going after machines to use as zombies or for identity theft, it only makes sense to go after the biggest population.

The second reason, which I haven't seen mentioned, is that there's a lot more code in Windows. Not just bloat--the modern base Windows OS comes with a lot more feature-wise than any other OS in the history of computers. Linux is just a kernel, everything else is a 3rd-party package. Where do you draw the line when comparing vulnerability counts? I see more Fedora security updates released most months than do Windows security updates.

The biggest problem I see with Windows is privledge separation--most Windows users exclusively use an account with administrative privledges for tasks that don't (or shouldn't) need it.

Ignoring all of security stuff, the bottom line is you should select the applications/services/features you need, and then pick the OS that runs them the best. Firefox may work greak for surfing Google, but there's a good chance it's hosed for your grandmother's favorite online gambling site. That's why people still use IE.

Yes! Microsoft is poorly architected I agreed but what is the replacement if almost businesses are using MS Office. How can I send and ask them to read my proposal or other business document if I am using let say open Office. We can only say about the Direct X and the gamer how about the business sector. I'm also tired using Microsoft, but how? I heard a lot of bad thing nagging etc, etc. but what do we do. Just talked about our hatred? For the hacker: hacked MS Office to be 100% compatible with Open Office or vice versa and no question asked I abandoning this giant impotent Microsoft!

Well, MS never did write os's, only purchased them!!!

I just read alot of complaints about Microsofts Operating Systems, about how sloppy or poorly written it is.

Let me ask you this. How many OSs have you written?

If Microsoft Wrote a perfect error free software, think about how many 3rd party companies would be put out of business.

Just and Idea. And you cant complain about the OS if you've not written your own.

"There is no best, there is only pros and cons."
WINDOWS=anyone can write things for it which means more is available which means more people have it which means they download more stuff into it from unknown sources which means it develops problems. (but my choice for my desktop machine)
MAC=more integrated which means things work better out of the box (my choice for grandma's machine) but less free toys since its harder to write for and less is available for free.
LINUX=open source which means it has a chance to have as many "white hat" hackers working on it as "black hat" hackers which is a battle MS will always lose. As linux works toward becoming a windows replacement it is beginning to show some of the same problems but not nearly as quickly. (Linux is my choice for all-purpose internet server.)
UNIX=the grandpa of everything. probably for lack of popularity this seems to be the only OS where the white-hat hackers actually outnumber the black-hats. harder to run and definate lack of toys but once its running its stable for many years (unix is my choice for single-purpose dedicated internet servers)

Gandalf Parker
--
Older than virtual dirt? Actually, yes I am .

"I just read alot of complaints about Microsofts Operating Systems, about how sloppy or poorly written it is.

Let me ask you this. How many OSs have you written?

If Microsoft Wrote a perfect error free software, think about how many 3rd party companies would be put out of business.

Just and Idea. And you cant complain about the OS if you've not written your own."

That's a specious (read: stupid) argument. Take a class in logic.

windows needs to take a page out of *nix...

it already takes bites out of everything else.

so what i think they should do is partition windows the way *nix does, not completely the same, but similar...

c:\windows [/etc/ & /dev] is where all the goodies at, so why dont microsoft just take that and put it in its own partition, then it would be easier to just fix a partition than the whole thing, same goes for program files[/usr], documents and settings[/home]

why do you think when there is an error with *nix, we could just remount/replace a partition rather than re-installing the OS...

also is it just me, or is it that when one updates windows automatically, there is this annoying popup that always comes up in teh middle of the screen, like every 5 minutes, when one keeps telling it later, why dont they change that to a little balloon to popup in the bottom right hand corner, ive accidentally clicked restart when im in the middle of something importatnt, HOW ANNOYING!!!!!

Doesn't anyone here know where *nix came from??? It was developed BY HACKERS, FOR HACKERS. It's certainly not more secure than Windows unless you run it that way (i.e. with code you or others have written to "secure" it). Windows is more complicated than that, but knowledgeable users can still bullet-proof it with less time and energy.

For jimbo: yes, I HAVE written an OS before (and so have several other "top" college grads). Not to take anything away from your argument, I just thought you should know it's not that uncommon.

I'm really glad I use nothing Microsoft and am happy with Apple's System

I'd like to share a few basic tips for security under Windows, for those of you who don't know already.

1. Set up a LAN and throw in it a computer with a linux-based firewall distribution, which will serve the Internet to the client computers. Any piece of old junk, like a Pentium-2 with two networks cards (one for the LAN itself, the other for the Internet), will do. You won't necessary need an hard disk, since some distributions can run from usb keys, or even from floppy disk. Just google for IPCop or SmoothWall, both of which are very easy to use, but require an hard disk. Or you can try Freesco, which runs on a single 1.44 floppy disk.

2. On the clients, for web browsing, use Opera. If you can't, use Firefox. If you can't, use IE.

3. On the clients, for email, use The Bat. If you can't, use Thunderbird. If you can't, use Outlook.

Dear "God":

> Unix: It was developed BY HACKERS, FOR HACKERS.

Yeah, but notice there is a semantic difference between the old-style "hackers" à la Bell Labs and the new mob-money-fuelled vandalizing sort of hackers. Please uphold this difference.

Remember the original Unix paper (Man am I old or what?):

http://cm.bell-labs.com/cm/cs/who/dmr/cacm.html

> I HAVE written an OS before (and so have several other "top" college grads).

Hmmm.... now how much functionality did *that* have? I'm not talking about a 3000 line one-CPU preemptive task scheduler with minimal device support (which of course is approachable in one-semester coding run). There is "OS" and there is "THE BUG-ADDLED BIG OS AKA WINDOWS", the latter apparently mainly designed to give the consumer (and the new MIS director recently promoted from sales) the old razzle-dazzle, leaving problems which will mutate into serious festering sores in no time nicely hidden underneath the "Genuine Advantage(tm)" holographic logo.

I have to say I don't get the Microsoft Way at all though. It looks like tech has all the skills and goods they need, so are they regularly being scr3wed over by management and marketing? Rumors of the iterated Vista deathmarch seems to indicate so.

I really dont complicated my self with win32, i have an OpenBSD box i used for everything... and i have a win32 box with windows2000, and that is only used when i have to do something i really, really, really cant do with OpenBSD...

the simple fact that i believe that microsoft puts out applications/OS's that are still in BETA...

havent you guys notice the users are the real QA testers?

microsoft is a close-minded, arrogant, "I want to copy everything" and make it my format/technology company..

if they want something they just copy it, and make it theirs with a new name (e.g. ASP=JAVA)

sorry for that typo, (C#=JAVA)

I run Mac OSX. I've been using Mac's since OS 6 and i never recall having a Virus, spyware or anything bad in the system.