Secure your computer! NOW.

[M. Johansson]

Don't worry, Longhorn is a lot nicer....

And it will most likely have automatic updates enabled by default. Thank god.

Oh, and new hardware will definetly be needed with Longhorn. Hardware that supports NGSCB (Palladium) will not be needed, but the new graphical interface is very advanced, and will need quite a machine to power.

[hotnuts21]

I would think more people selling computers would help out the problem.
My auntie purchased a PC from a reputable high street vendor and it did NOT come with any AV software. Also the firewall built into XP was not automatically configured. I would think that this would be enabled by default but it is not which is a bit weird, my auntie didnt know what a Firewall was let alone one was included (but disabled) with her XP software.

Out of curiosity I only use the XP firewall and Norton AV, is the firewall any good does anyone know? Or should I upgrade to the Norton systemworks with there firewall?

[Martin Pickering]

I've been online since 1995. Never had a single problem with viruses. Never even had "virus protection" software. Admittedly my Macs occasionally freeze and have to be rebooted but that's not a virus problem. It's just the usual result of running poorly tested shareware or MS "bloatware".

I'm just glad I don't have to bother about all this "firwall" stuff and "protection". I'm able simply to get on with the work without distractions.

One day I might "upgrade" to OSX but right now OS9 rocks for me. And nobody's going to bother to write naughty software for that.

[samsm]

I read an article recently about Microsoft and viruses... wish I could find it, but I kind of remember some arguments:

-------------------------------------------
In Linux's case, the installations usually begin with all ports closed. This helps to deter Internet-borne viruses.

With OSX's and Linux's user controls, unless you are running as root (pretty much not done as it is a big security hazard), authentication is required to do serious damage to the system... makes it a lot harder for a virus to go behind a user's back and change system settings. That is, unlike Windows, where almost everyone runs as Administrator in one way or another. That is unless they prefer to switch users every time they need to change the system time or install those security updates that come out every 2-3 days.
-------------------------------------------

I'm not saying that Linux or OSX of these systems has a bullet-proof vest, but in addition to being the biggest target, Windows is also the easiest target... and Microsoft is most certainly to blame for that.

Sure, people should run updates. I think that's fair, especially if the security updates are separate from other updates and of minimal size to aid the slow downloader.

But should people have to purchase special firewall and virus software?
Heck no! Windows is advertised to be a product that you can use to connect to the internet and browse away. If you can't because of random gremlins that are taking advantage of (not third party software but) official Microsoft software, that's just wrong. That's Microsoft's problem to address in a way that their customers can handle.

Rorrrrrrww! ;-)

[Ingoal]

Well...

Off Topic:

i guess you can start another windows/linux discussion about the security part...and what i would like to point out, once again:

1. True, windows has got holes and security issues - but so does Linux (if you compare the average patch number per month: Linux >> Windows)
2. Windows is the main target of attacks cause in many cases it's easier to use an exploit against windows than against linux (cause most security holes in windows are found, posted somewhere and more than often ready with a ready code-bit to really exploit it)
3. Windows is clearly the favourite target cause it is sold by Microsoft
4. Windows is clearly the favourite target cause it's so common and an exploit/virus/etc is 100times more harmful than one targeting linux/unix/... machines...
5. etc etc

but back to your point: true, you shouldn't need to spend additional money to get the security you should have by default...and you don't need to: Windows XP comes ready with an inbuilt firewall, which is suitable for 99% of all users...that leaves us with the virus protection problem...and there's no inbuilt av-soft (i guess that will change too as soon as the next windows version is released)...but hey: with a firewall and a little commonsense you don't need to fear around 90-95% of all viruses...and for the rest you can always install a free or retail antivirus software....

Ingo

[Martin Pickering]

See http://online.wsj.com/article_email/...baiCm4,00.html

[samsm]

Off Topic:

[list=1][*]True, windows has got holes and security issues - but so does Linux (if you compare the average patch number per month: Linux >> Windows)

The big difference is those Linux patches are for nearly every application that MIGHT be installed with Linux. For most people those patches aren't even pertinent because the offending port isn't open. This is a gargantuan advantage for Linux. Microsoft has been advised ad nausea by various security experts to change their stance on this. For example, a representative of ZoneAlarm has commented that he advised MS to close ports by default years ago.

The rest of those arguments relate to the popularity of Windows. If Windows is so popular than certainly there should be the incentive and resources at Microsoft to fix them. Disagree? Big sales means big money which subsequently means big problem solving potential.

true, you shouldn't need to spend additional money to get the security you should have by default...and you don't need to: Windows XP comes ready with an inbuilt firewall, which is suitable for 99% of all users.

So why is Mattias trying to get people to waste their money on redundant firewall software? Just curious.

The new Windows will have built-in virus detection? Good! Viruses have been a problem for Microsoft OSs for around 10 years now, it's well past time they took some responsibility.

Good luck with this thread. People who update, update. You might win a handful of converts but overall, as we've seen over the last 5+ years, many many people don't update even though they've been browbeaten and updates are available to them on the Internet. This isn't Windows specific: hear about the Mod_SSL problem a few years ago? Basically, anyone who makes software that responds to requests needs to be aware of that reality... a large percentage of people are not going to update. They aren't going research and download some virus detection application. They aren't going to go through a convoluted series of steps to guide the broadband setup wizard to trigger another wizard which sets up a firewall buried in their system.

Luckily, this is what software is all about: making things as easy as possible. Is there any other point to software at all? Windows is marketed to the lowest common denominator, it should work for the lowest common denominator. It should work without buying or hunting for extra applications. Without hunting for a hidden feature buried in some wizard. Does anyone disagree that the location of the XP firewall is... convoluted?

Sorry about the rants, but lets use some sense here. Either thousands of (largely ignorant but well-meaning) users can each independently run across a thread or article like this one and change their ways, or one huge software companies with tons of resources can make small alterations to the default configurations of their software which will squash 99% of all viruses. Which is more likely? Which is actually going to get the problem fixed? Which is better for the landscape of computing?

A lot of these problems result in denial of service issues, those can affect everyone, regardless of how well-kept their computer is. Who is going to step up and address the problem? Thousands of individual computer users driven by a spontaneous and inexplicable comprehension of the complex technical issues involved, or one large software company that already understands those issues, and could have solved them at any major release in the last 10 years?

Alright, lets say I'm full of crap, maybe I am.
Forget fault for a second, just throw that away. No one is at fault, these issues are an act of god so to speak. How do these problems get fixed? Ask yourself, who has the power to actually (not in make believe) fix these issues on a large scale. Face it, individual action is not going to be pervasive enough to eliminate the problem. Good luck getting a substantial percentage of users to upgrade, firewall, and virus detect on their own. Not going to happen. The only way this problem is getting stopped is at the source, which is MS.

[earther]

Maybe computer users should be licensed like drivers. Pass a knowledge test and renew every few years! LOL!!!

[M. Johansson]

Alright, lets say I'm full of crap, maybe I am.
Forget fault for a second, just throw that away. No one is at fault, these issues are an act of god so to speak. How do these problems get fixed? Ask yourself, who has the power to actually (not in make believe) fix these issues on a large scale. Face it, individual action is not going to be pervasive enough to eliminate the problem. Good luck getting a substantial percentage of users to upgrade, firewall, and virus detect on their own. Not going to happen. The only way this problem is getting stopped is at the source, which is MS.

I agree. Either we implement drivers licences for users, or we let Microsoft be responsible for the protective layer of the computer. The latter makes more sense.

[Ingoal]

Off Topic:


The big difference is those Linux patches are for nearly every application that MIGHT be installed with Linux. For most people those patches aren't even pertinent because the offending port isn't open. This is a gargantuan advantage for Linux. Microsoft has been advised ad nausea by various security experts to change their stance on this. For example, a representative of ZoneAlarm has commented that he advised MS to close ports by default years ago.

Well...true that some of those patches are for applications, but i didn't know that kernel etc are programs that come with linux and might be installed [img]images/smilies/wink.gif[/img]

As for the ports: true, MS should have done this in a long time...but hey...the ways of MS are inscrutable...

Off Topic:


The rest of those arguments relate to the popularity of Windows. If Windows is so popular than certainly there should be the incentive and resources at Microsoft to fix them. Disagree? Big sales means big money which subsequently means big problem solving potential.

Well...i don't know if you ever had the joy to listen to a software engineering lecture. If not be assured that throwing more money won't make the bugs leave (at all or faster), especially if you're talking about millions of LOC...

So why is Mattias trying to get people to waste their money on redundant firewall software? Just curious.

The new Windows will have built-in virus detection? Good! Viruses have been a problem for Microsoft OSs for around 10 years now, it's well past time they took some responsibility.

Firewall: Well...once again, there are other windows OSs out there...not only XP

AV: at least that's what i heard...and i heard that MS bought an av-software corp a few months/a year back, but i can't find the news anymore....so yup, we can be hopeful....

Not going to happen. The only way this problem is getting stopped is at the source, which is MS.

Well...as for the seemingly endless rant: it's like that...ppl might update or not, it's a free country (depending on where you are atm)...but nonthless it's necessary to at least try to get them update...

As for the MS == Dark Empire...we need to stop it....i can do nothing but [img]images/smilies/FRlol.gif[/img] ...Sam, this will lead us nowhere...and i can't believe that ppl develop such an attitude. Let them be, you don't need to use their stuff...and so you're ultra-secure, as all users of other OSs claim, so why even bother [img]images/smilies/wink.gif[/img]?

[samsm]

Well, I've actually supported the dark side recently. :-)

Around a year ago I actually bought a Dell with XP Pro just to see how it worked, how things worked on it, and to get some compatibility with random things like fringe video formats.

Anyway, my complaining comes from a personal level as a consumer as well as a raving lunatic and is not simply MS bloodlust (although I confess to a little). :-)
If these problems were addressed (and they could have been, so many times!), Windows would be a better product and that would be one less thing for me to criticize, condemn, and complain about.

In related news I saw an good quote today:
Any fool can criticize, condemn, and complain - and most fools do.
-- Dale Carnegie

Heh.

[Ingoal]

Well, I've actually supported the dark side recently. :-)

Around a year ago I actually bought a Dell with XP Pro just to see how it worked, how things worked on it, and to get some compatibility with random things like fringe video formats.

Anyway, my complaining comes from a personal level as a consumer as well as a raving lunatic and is not simply MS bloodlust (although I confess to a little). :-)
If these problems were addressed (and they could have been, so many times!), Windows would be a better product and that would be one less thing for me to criticize, condemn, and complain about.

Well...i guess there's always two ways of dealing with such issues (errors/bugs) - one would be the open approach (admit, say you'll fix it, fix it) and the other would be the deny-protract-closed approach (admit only if someone really found proof, say you'll fix it soon, then someday fix it...or NOT)...and MS clearly went with approach #2...and i don't like that either...on the other hand, on some level, i can understand them - in such situation i always question myself: what would i do? and, tbh, the answer i get: i would probably do it similiar if not even exactly the same way....

In related news I saw an good quote today:
Any fool can criticize, condemn, and complain - and most fools do.
-- Dale Carnegie

Heh.

Hehe

[tedhead]

Think your secure? Check out this site AuditMyPC

It's non-profit, so everything is free.

<<Advisor Edit: Dynamic image removed. Please cease adding this to all your posts.>>

[adamjaskie]

*nix OSes are more secure simply because as a regular user you CANNOT do anything that affects the overal system without explicitly typing in the root password. Sure, there are always exploits and bugs, but they are fixed usually less than a day after they are discovered. There are also the users that stupidly do everything as root, but user stupiditiy cannot be helped. "I wanted to be able to install stuff without typing a password, so i just browse the web as root." Such stupidity will always exist, and you cannot blame it on the OS.

Windows would be a LOT more secure if it was properly locked down so only the administrator account could install software or make changes to the system that affect more than one user. Microsoft should ship their OS secured in that manner. It would reduce a lot of headaches.

[i_like_php]

all i will say it's all about user preference....

if you were born and raised around linux, then you're gonna use it, those accustomed to windows will simply use it.

besides windows users can go here to test if ports on their machine, are either open or close and etc...

http://grc.com

[M. Johansson]

*nix OSes are more secure simply because as a regular user you CANNOT do anything that affects the overal system without explicitly typing in the root password.

A Windows computer can actually be configured like this quite simply. Computers at large companies and public computers are almost always configured this way. This is not done on home computers, though, because it's a total pain in the butt.

Sure, there are always exploits and bugs, but they are fixed usually less than a day after they are discovered. There are also the users that stupidly do everything as root, but user stupiditiy cannot be helped. "I wanted to be able to install stuff without typing a password, so i just browse the web as root." Such stupidity will always exist, and you cannot blame it on the OS.

Don't think of it like "stupidity". I'm sure there are lots of people with very high IQs that don't know about the dangers of running your system as administrator/root. Most people are simply not aware that their computers are valuable to hackers, and therefore don't think there is a point in caring too much about security. It's also incorrect that this stupidity cannot be helped. A system should be secure without the user knowing much about security.

Windows would be a LOT more secure if it was properly locked down so only the administrator account could install software or make changes to the system that affect more than one user. Microsoft should ship their OS secured in that manner. It would reduce a lot of headaches.

This is kind of what Microsoft is trying to do with NGSCB (formerly known as Palladium). With that said, simply shipping systems with an administrator account and a user account won't solve anything, because that would create different haeadaches for users. Most people don't even have one password on their computer. In the end, people would just be running as root/admin anyway. Security should be more transparent that that. Non-tech people have better stuff to do than learn how to use their computers. People waste enough time on computer trouble already.

But I agree with you on the point that computers should ship secure out of the box. It should include antivirus (that protects against spyware as well) and firewall. Everything should update automatically without need of interaction from the user. All this will be in Longhorn.

[Sla]

I think Microsoft made a good decision with Windows XP - the administrator account is hidden, even though you need to enter a password for it during install. If you want to use administrator, you need to CTRL+ALT+DELETE twice at the login screen to activate it. While it's not completely secure (no system is), it prevents John Doe's 8 year old scipt-kiddie wanna be son from accessing the powerful account on the computer, and accidentally deleting something that Daddy needs to keep his job.

[wwb_99]

Except JDSK is probably running as an administrator anyhow, as that is the default kind of account that windows creates.

There is one thing that makes it livable to run as a normal user for most things in *nix--the su command. The problem now is one has to close everything, log out then log back in to do some simple tasks. If I could hop into administrator priviliges to install something then hop out quickly without killing everything I would run as a normal user.

WWB

[pippo]

In addition to the usage of su there is sudo too.


:-)

[wwb_99]

Actually, there is a functional equivalent of sudo --if it means what I think it does (super user do something).

One can make a shortcut in WinNT/2000/XP and have it run as another user.

WWB

[adamjaskie]

Actually, there is a functional equivalent of sudo --if it means what I think it does (super user do something).

One can make a shortcut in WinNT/2000/XP and have it run as another user.

WWB

Yeah, basically you have a list of users and a list of commands those users can perform as super user. The user has to type their password again for each of the commands, but does not need the root password. For example, I am doing tech support in the mech. eng. labs here at Michigan Tech. I have sudo access to some printer queue management stuff, plus sudo access to kill off errant processes that arent mine. I type "sudo kill ..." and type MY password, and it runs it as root. However, I could NOT type "sudo rm -rf /" because rm is not in the list of commands I have sudo access to.

[M. Johansson]

What the heck just happened to this thread?

[M. Johansson]

What the heck just happened to this thread?

Ah, Longhorn discussion was split to here:
http://www.sitepointforums.com/showthread.php?t=140049

[Pace]

I wouldnt advise the auto updates... Your better off checking from time to time as lately many windows updates have headlined IT news areas as being riddled with backdoors and vulnerabilities...

[M. Johansson]

I wouldnt advise the auto updates... Your better off checking from time to time as lately many windows updates have headlined IT news areas as being riddled with backdoors and vulnerabilities...

Yeah, but that is extremely time-consuming in comparison, and not a realistic effort to make for most people. Auto-updates is a fair compromise and will protect you from most stuff.