Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Why does every one hate Microsoft

Reply
Thread Tools

Why does every one hate Microsoft

 
 
Todd H.
Guest
Posts: n/a
 
      10-26-2006
"Dana" <(E-Mail Removed)> writes:

> Now it is security concerns. Microsoft is finally addressing security in
> thier OS, by building security into the OS, now once again the crazy
> europeans and companies like Mcafee and Symmatic are complaining that
> Microsoft is going to add security to the OS. Well to those people I say
> STFU, it is about time microsoft take control of the security of the OS,
> there should be no reason I have to buy a third product solution to secure
> the OS I purchase from Microsoft.


That I agree with. You shouldn't need $40/year of 3rd party crap just
to make an OS not be a pain. This is among the reasons Mac is such a
compelling choice as a desktop.

I don't weep for the Symantecs and McAfee's. They know security is a
changing landscape, and if they didn't learn the lessons of Norton
Utilities when Windows finally started including undelete and disk
defrag functionality, then they don't know their business very well.
They should be thankful windows was so horrible reliant on them for so
long rather than bemoaning the (possible) end of the line.

--
Todd H.
http://www.toddh.net/
 
Reply With Quote
 
 
 
 
Dana
Guest
Posts: n/a
 
      10-26-2006

"Todd H." <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "Dana" <(E-Mail Removed)> writes:
>
> > Now it is security concerns. Microsoft is finally addressing security in
> > thier OS, by building security into the OS, now once again the crazy
> > europeans and companies like Mcafee and Symmatic are complaining that
> > Microsoft is going to add security to the OS. Well to those people I say
> > STFU, it is about time microsoft take control of the security of the OS,
> > there should be no reason I have to buy a third product solution to

secure
> > the OS I purchase from Microsoft.

>
> That I agree with. You shouldn't need $40/year of 3rd party crap just
> to make an OS not be a pain. This is among the reasons Mac is such a
> compelling choice as a desktop.


And as Mac shows, there is competition in the OS world.
And as Linux becomes more popular with more applications coming on line,
Microsoft will have to adapt to keep its share.
>
> I don't weep for the Symantecs and McAfee's. They know security is a
> changing landscape, and if they didn't learn the lessons of Norton
> Utilities when Windows finally started including undelete and disk
> defrag functionality, then they don't know their business very well.
> They should be thankful windows was so horrible reliant on them for so
> long rather than bemoaning the (possible) end of the line.


I agree
>
> --
> Todd H.
> http://www.toddh.net/



 
Reply With Quote
 
 
 
 
Beachcomber
Guest
Posts: n/a
 
      10-26-2006

>I don't weep for the Symantecs and McAfee's. They know security is a
>changing landscape, and if they didn't learn the lessons of Norton
>Utilities when Windows finally started including undelete and disk
>defrag functionality, then they don't know their business very well.
>They should be thankful windows was so horrible reliant on them for so
>long rather than bemoaning the (possible) end of the line.
>


I like Microsoft products. Yes, they are a near monopoly in some
ways. That can be a good thing. For all their push to hire great
minds, they have always been pretty much a copycat company. I like
Apple products too. Sometimes I wish that Microsoft products would
work as well as Apple products. (I've just downloaded the new IE7 for
Windows. It works ok and has some new, up-to-date feature, but it
looks like too many decisions were made by committee and it lacks that
cutting-edge elegance).

The GUI interface, which is the basis for Windows is a copy from the
Macintosh and before that, from the Xerox Parc technology. In my
mind, bad versions of DOS went on for far too long. The mouse,
Internet Explorer,and another Microsoft cash cow... MS office... all
are copies of great ideas from other individuals and organizations.
Microsoft was even late in recognizing the importance of the Internet
when it went mainstream in the mid 90's.

Still, they give out free updates and patches and they generally work,
hassle free. Microsoft products provide value. The Europeans all
get together in haughty meetings and say "Harrrumph... we can't have
this American company dominant in a product that is so vital to our
economies... so lets try to throw a wrench in the works and
over-regulate them with our laws..."

Americans are jealous of success too. Many attack Bill Gates for his
wealth, his geekiness, his dominance of his company, and even his
generosity and his charitable foundations.

If Microsoft was that awful, they wouldn't have 80-90% market
dominance. If you want a better operating system, you could choose
Apple, or if you don't like paying high royalties, there is always
Linux.

If all you want to do is complain.... you could write your own :}

Beachcomber

 
Reply With Quote
 
Sebastian Gottschalk
Guest
Posts: n/a
 
      10-26-2006
Dana wrote:

>> No, customers wanted a *web*browser (hint: something that's suitable for
>> surfing the web in terms of security) *delivered* with the OS. Well, why
>> didn't they ship Netscape 4.x?

>
> Because Microsoft had their own,


No, they didn't. They had a file browser which was particularly enhanced to
roughly render some little subset of HTML. It has some policies stuck on
the top, but one can trivial show that it is unsuitable for reliably
processing untrustworthy content.

Declaring it a webbrowser doesn't make it become one.

> and there is no problem with them tying it to their OS.


Wrong again. The problem is that the explorer shell and all programs that
use the TridentEngine Control or just the ShellDoc-API inherit all its
vulnerabilities, making even administrative tasks become dangerous.

> If customers wanted a different web browser, there are quite a few available
> for them.


If customers were able to make a choice or just recognize that there's a
difference between a webbrowser and the WWW, then they would have chosen
Netscape on a large base and not even considered misusing IE as a
webbrowser.

>> They're integrating DRM into the kernel. That's far away from security.

>
> That is how they are implementing security. Which the customers have been
> demanding.


You forgot to specify which customers. Media companies trying to sell their
content by using DRM against the users, these aren't customers in the usual
meaning.

> But windows is made for the masses who have no desire to mess with the
> drivers, they just want an OS that works out of the box with minimal
> configuration from the user to make it work


I guess even normal users want a reliable workstation for doing serious
work. With IE, DRM, and the lack of fundamental OS enhancements like a
well-proven crypto filesystem a la TrueCrypt or extensive network
monitoring capabilities (for WireShark you need WinPCap), you can't do
anything serious on such machines. Normally you should be in constant fear
of your data getting ****ed up with you being unable to anything against
it.

>> On the other hand, malicious guys will simply buy a certificate. Not that
>> VeriSign would be trustworthy in any way...

>
> On that we agree, which is why Symmatic and Mcafee and those types will
> still be in demand to come up with software to help protect windows.


No. Symantec an McAfee could easily afford such a certificate and simply
shut up. They never complained about the lack of validation in the
certification process.

The real reason is that their software products are so ****ed up and can
hardly be ported to Windows Vista, having ignored it for so long time.

>>> there should be no reason I have to buy a third product solution to
>>> secure
>>> the OS I purchase from Microsoft.

>>
>> There has never been any such reason.

> As you pointed out, microsoft has always been weak on security.


No. Microsoft has done many mistakes, ranging from a crappy default
configuration over to user applications bundled to Windows and some legacy
issues, but the core system of Windows itself has always been a very clever
and well-designed highly secure system. Hey, why do you think they got
EAL4+ certification for Windows 2000? Or C2 for Windows XP? You can't
achieve such a thing without at least a solid base.
 
Reply With Quote
 
Sebastian Gottschalk
Guest
Posts: n/a
 
      10-26-2006
Todd H. wrote:

> You shouldn't need $40/year of 3rd party crap just to make an OS not be a pain.


You don't need to, and never did. Actually all this security software
bullshit makes a secured Windows box become vulnerable in first place.
The real problem is that users are too stupid to actually use the built-in
security features, Microsoft intentionally hides them (XP Suck^W"Home"
Edition), and are useless by default because everyone has full root
privileges.

> I don't weep for the Symantecs and McAfee's. They know security is a
> changing landscape, and if they didn't learn the lessons of Norton
> Utilities when Windows finally started including undelete


That the biggest fun: users got their "Recycle Bin", and they're still
deleting their own data and ask for recovery. Now the Norton stuff has even
added a "Norton Protected Recycle Bin" inside the normal "Recycle Bin", and
there's still their Norton Undelete. I mean, how ignorant can someone be
delete important data even with two or three layers of confirmation, and
how stupid must someone be to add even more confirmations?

> and disk defrag functionality,


Well, yeah, hardly spectacular. NTFS always did a good job in avoiding
fragmentation, the NTFS Fragmentation API always provided the functionality
to consistently make single files continuos, and shifting around continuos
files to keep large chunks of free space in between isn't that big either.
 
Reply With Quote
 
Dana
Guest
Posts: n/a
 
      10-26-2006

"Sebastian Gottschalk" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Dana wrote:
>
> >> No, customers wanted a *web*browser (hint: something that's suitable

for
> >> surfing the web in terms of security) *delivered* with the OS. Well,

why
> >> didn't they ship Netscape 4.x?

> >
> > Because Microsoft had their own,

>
> No, they didn't.


Internet explorer. Which when those two first came out, I would say IE was
better than Netscape.
>
> > and there is no problem with them tying it to their OS.

>
> Wrong again.


No, I am quite right. There is nothing wrong with Microsoft tying internet
explorer to the OS.


>
> > If customers wanted a different web browser, there are quite a few

available
> > for them.

>
> If customers were able to make a choice or just recognize that there's a
> difference between a webbrowser and the WWW, then they would have chosen
> Netscape on a large base and not even considered misusing IE as a
> webbrowser.


That is not what happened, Internet Explorer became the popular choice over
NetScape.
>
> >> They're integrating DRM into the kernel. That's far away from security.

> >
> > That is how they are implementing security. Which the customers have

been
> > demanding.

>
> You forgot to specify which customers. Media companies trying to sell

their
> content by using DRM against the users, these aren't customers in the

usual
> meaning.
>
> > But windows is made for the masses who have no desire to mess with the
> > drivers, they just want an OS that works out of the box with minimal
> > configuration from the user to make it work

>
> I guess even normal users want a reliable workstation for doing serious
> work. With IE, DRM, and the lack of fundamental OS enhancements like a
> well-proven crypto filesystem a la TrueCrypt or extensive network
> monitoring capabilities (for WireShark you need WinPCap), you can't do
> anything serious on such machines. Normally you should be in constant fear
> of your data getting ****ed up with you being unable to anything against
> it.


No one is forcing you to buy windows. Just do not turn around and try to
demand via theo courst and governments what Microsoft can and cannot do.

>
> >> On the other hand, malicious guys will simply buy a certificate. Not

that
> >> VeriSign would be trustworthy in any way...

> >
> > On that we agree, which is why Symmatic and Mcafee and those types will
> > still be in demand to come up with software to help protect windows.

>
> No.


Sure they can if they want.
>
> >>> there should be no reason I have to buy a third product solution to
> >>> secure
> >>> the OS I purchase from Microsoft.
> >>
> >> There has never been any such reason.

> > As you pointed out, microsoft has always been weak on security.

>
> No.


Yes, it is well known that Microsoft has put out some very vulnerable
software products.

> Microsoft has done many mistakes, ranging from a crappy default
> configuration over to user applications bundled to Windows and some legacy
> issues, but the core system of Windows itself has always been a very

clever
> and well-designed highly secure system. Hey, why do you think they got
> EAL4+ certification for Windows 2000? Or C2 for Windows XP? You can't
> achieve such a thing without at least a solid base.


That still does not help how vulnerable Win 2k is to attack.
Of course being the most widely used OS also plays a factor in this, in that
more people to to crack it.


 
Reply With Quote
 
Sebastian Gottschalk
Guest
Posts: n/a
 
      10-26-2006
Dana wrote:

> "Sebastian Gottschalk" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Dana wrote:
>>
>>>> No, customers wanted a *web*browser (hint: something that's suitable

> for
>>>> surfing the web in terms of security) *delivered* with the OS. Well,

> why
>>>> didn't they ship Netscape 4.x?
>>>
>>> Because Microsoft had their own,

>>
>> No, they didn't.

>
> Internet explorer.


Didn't you read the rest of the statement, where I explained why MSIE
should not be considered a webbrowser?

> Which when those two first came out, I would say IE was better than Netscape.


IE -> trivially compromised by malware, generally unavoidable
Netscape -> maybe a bit fuddly, but works well

Na, that's not a choice, that's a collary.

>>> and there is no problem with them tying it to their OS.

>>
>> Wrong again.

>
> No, I am quite right. There is nothing wrong with Microsoft tying internet
> explorer to the OS.


You really didn't read a word, did you? The integration of an unfixable
security problem into the OS is of course a big problem.

> That is not what happened, Internet Explorer became the popular choice over
> NetScape.


Right, and there's still no relationship to the product quality. People
used IE because it was there and they didn't know anything else.

> No one is forcing you to buy windows.


You may consider this statement again.

>>> On that we agree, which is why Symmatic and Mcafee and those types will
>>> still be in demand to come up with software to help protect windows.

>>
>> No.

>
> Sure they can if they want.


For sure they stopped doing so more than 10 years ago.

> Yes, it is well known that Microsoft has put out some very vulnerable
> software products.


It is also well known that Microsoft has put out some very secure software
products. Now, you should not generalize everything.

> That still does not help how vulnerable Win 2k is to attack.


Huh? Is it? That would be real news. Any references to a major security
problem in Win2K?

> Of course being the most widely used OS also plays a factor in this, in that
> more people to to crack it.


What did we learn from Apache vs. IIS? The most easily attackable system is
the target, which is not necessarily the most widely used one.
 
Reply With Quote
 
Dana
Guest
Posts: n/a
 
      10-26-2006

"Sebastian Gottschalk" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Dana wrote:
>
> > "Sebastian Gottschalk" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> Dana wrote:
> >>
> >>>> No, customers wanted a *web*browser (hint: something that's suitable

> > for
> >>>> surfing the web in terms of security) *delivered* with the OS. Well,

> > why
> >>>> didn't they ship Netscape 4.x?
> >>>
> >>> Because Microsoft had their own,
> >>
> >> No, they didn't.

> >
> > Internet explorer.

>
> Didn't you read the rest of the statement, where I explained why MSIE
> should not be considered a webbrowser?


Being that Internet Explorer is recognized as a web browser, your opinion is
just that, an opinion.

>
> > Which when those two first came out, I would say IE was better than

Netscape.
>
> IE -> trivially compromised by malware, generally unavoidable
> Netscape -> maybe a bit fuddly, but works well


Still the point is when the browser wars between IE and Netscape happened,
netscape lost even with all the problems in IE.
>
> >>> and there is no problem with them tying it to their OS.
> >>
> >> Wrong again.

> >
> > No, I am quite right. There is nothing wrong with Microsoft tying

internet
> > explorer to the OS.

>
> You really didn't read a word, did you? The integration of an unfixable
> security problem into the OS is of course a big problem.


And again, there is nothing wrong with Microsoft tying IE into the OS.
You may dissagree with the MS decision to do that, but that is their choice
to make, not yours. If you do not like that, well use a different OS.

>
> > That is not what happened, Internet Explorer became the popular choice

over
> > NetScape.

>
> Right, and there's still no relationship to the product quality. People
> used IE because it was there and they didn't know anything else.


Netscape was advertising. Heck I had both browsers at one time. Just like I
have Mozilla and opera today.
I myself never liked Netscape Browser, and it seems quite a few people also
felt that way about Netscape browser.
>
> > No one is forcing you to buy windows.

>
> You may consider this statement again.


I did, if you despise MS so much, do not buy their products.
Yes if you work for a company, and they buy Windows, that you have no
control over.

>
> >>> On that we agree, which is why Symmatic and Mcafee and those types

will
> >>> still be in demand to come up with software to help protect windows.
> >>
> >> No.

> >
> > Sure they can if they want.

>
> For sure they stopped doing so more than 10 years ago.
>
> > Yes, it is well known that Microsoft has put out some very vulnerable
> > software products.

>
> It is also well known that Microsoft has put out some very secure software
> products. Now, you should not generalize everything.


Windows is not anywhere being as secure as a Unix distro from say Sun or HP.
This is not a knock against windows, it is just a known fact.
Heck server 2003 is their best server yet, almost as good as a Unix box in
regards to reliablity, and ability to handle intensive processing. I still
would not trust Windows as my database server platform, for that I will
stick with HP or Sun Unix and Oracle.
>
> > That still does not help how vulnerable Win 2k is to attack.

>
> Huh? Is it? That would be real news. Any references to a major security
> problem in Win2K?
>
> > Of course being the most widely used OS also plays a factor in this, in

that
> > more people to to crack it.

>
> What did we learn from Apache vs. IIS? The most easily attackable system

is
> the target, which is not necessarily the most widely used one.



 
Reply With Quote
 
Sebastian Gottschalk
Guest
Posts: n/a
 
      10-26-2006
Dana wrote:

> Being that Internet Explorer is recognized as a web browser, your opinion is
> just that, an opinion.


What about talking about facts? The detail that it's commonly recognized as
a webbrowser doesn't make it one. From a technical point of view it simply
isn't.

> Still the point is when the browser wars between IE and Netscape happened,
> netscape lost even with all the problems in IE.


Are you trying to permanently switch subjects? The fact that IE has "won"
the "browser war" is absolutely no argument for its quality. As you already
wrote: Nothing more than an opinion.

>> You really didn't read a word, did you? The integration of an unfixable
>> security problem into the OS is of course a big problem.

>
> And again, there is nothing wrong with Microsoft tying IE into the OS.
> You may dissagree with the MS decision to do that, but that is their choice
> to make, not yours. If you do not like that, well use a different OS.


Could it be that you logic is a bit flawed?
So, once again: Microsoft, being fully aware of the consequences, put a big
security problem into the system, knowing that it would hurt the customers
on the long run. I'd call that a bad thing. Whether it was their free
choice of not.

>>> No one is forcing you to buy windows.

>>
>> You may consider this statement again.

>
> I did, if you despise MS so much, do not buy their products.


Seems like you didn't. Hint: What's the difference between "buy" and "use"?


> Windows is not anywhere being as secure as a Unix distro from say Sun or HP.
> This is not a knock against windows, it is just a known fact.


Hmm... says who? AFAICS they had to pull a lot of stuff to integrate
various security modules to just get the EAL3 evaluation, whereas for Win2K
you had to pull a lot of configuration measures.

> Heck server 2003 is their best server yet, almost as good as a Unix box in
> regards to reliablity, and ability to handle intensive processing.


Actually the part about "intensive processing" is quite counterintuitive,
because of the memory management with the Working Set mechanisms: usually
the most efficient way, but when confronted with a huge memory load, leads
to hardly controllable page flattering.


BTW, when will you ever fix your broken quoting? Maybe you should stop
misusing Outlook Express as a newsreader. Which is, well, just another good
reason why I don't consider you being able to give any valuable opinions
about computer security.
 
Reply With Quote
 
JAB
Guest
Posts: n/a
 
      10-26-2006
Sebastian Gottschalk wrote:
> No. Microsoft has done many mistakes, ranging from a crappy default
> configuration over to user applications bundled to Windows and some legacy
> issues, but the core system of Windows itself has always been a very clever
> and well-designed highly secure system. Hey, why do you think they got
> EAL4+ certification for Windows 2000? Or C2 for Windows XP? You can't
> achieve such a thing without at least a solid base.


EAL4+ makes a "highly secure system" are you sure?
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
findcontrol("PlaceHolderPrice") why why why why why why why why why why why Mr. SweatyFinger ASP .Net 2 12-02-2006 03:46 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola Microsoft Certification 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd realexxams@yahoo.com Microsoft Certification 0 05-10-2006 02:35 PM
D-Link DSL 504T - I hate my router - No, I really really hate it!!! Simon Harding Computer Support 7 01-03-2006 09:11 PM
microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework,microsoft.public.dotnet.framework.windowsforms,microsoft.public.dotnet.general,microsoft.public.dotnet.languages.vb Charles A. Lackman ASP .Net 1 12-08-2004 07:08 PM



Advertisments