Operating Systems

I talked not long ago with a computer dealer in our town
all he has is windows XP he says Vista isn't working properly?
so he doesn't have it
wow what a shame..with the next O.S lets please get it right
this time make it simple make it to default by itself back to the early manufacters settings eh maybe this would be one way of throwing off worms virus bugs just allow the O.S to default itself every month?
Then it is up to computer owner to back everything up himself...Lets get it working right

 

I work at Microsoft on Windows security. I have been running Vista for 3 years now, as we had to "eat our own dogfood" from an early point. There were driver issues that created many problems when Vista was first released (many vendors did nor provide very good drivers). These have been solved now.

I strongly recommend the use of Vista over XP on security grounds alone. I have an old XP desktop system at work that I use as an index server for well over 100 GBytes of source source code. It has a 3.2 GHz single core processor, 1 GByte of RAM, and a modest video card. It runs well, despite the fact that most independent analysts would say that it is totally inadequate.

Vista SP1 is due to be released any day. If you wait a month or so, you can probably get it installed. Modern systems will run Vista well. Memory is more important than processor speed - get 2 GBytes of RAM, the increase in performance when running a number of apps is far greater than increasing the processor speed.

 

Vista is getting nothing but bad reviews, for good reason. It's a bloated resource hog. Stay with XP.

 

My wife has Vista on the house PC, I have XP on my garage PC. She loves the way it looks and works. Has had 0 problems. I like XP on mine (older/weaker system).

I think it depends on the system, and how much you "tinker" with your machine.

 

Here it is straight from the horses mouth.

http://www.youtube.com/watch?v=3a2zqRc1jvs

 

I agree memory is important it is also getting cheaper for folks to upgrade buy a few extra sticks of memory
I have seen cheap computers work so much better

 

Seems kinda vague, maybe the whole thing is out of context. And believe me, I am not a MS fan.

 

I had to buy a new computer a few weeks ago because my E-machine bit the dust. Didn't have time to screw around, so I had to get VISTA, because that's all anyone stocks.

Other than having to get rid of a perfectly good HP printer because HP doesn't provide a VISTA driver for it for my HP pavillion with VISTA, it has been OK. I also had to get a new serial to USB adapter for one application, and I couldn't find a VISTA driver for the old one. I don't do much with the computer except internet, and some basic office functions with the on-board Office Works.

I have had occasional lock-ups of IE, have to use task manager to close it down. Don't know what's up with that.

 

Amazing. Reading this you would think the only OS available for PCs was from Microsoft. Yet
there are lots of secure OSes that work well on standard PCs and both older and newer hardware but are not Microsoft. They will provide you with all the standard functions you need. Sure you might occasionally run in to a poorly coded site or that only works in MS because of Direct X or DRM but that is the site builders fault/choice not the OSes and for those cases you can run an MS such as Win 2K in a virtual machine.

Most are free and many are now designed so you can do everything from the GUI just like Windows. No need to use command line. They have their own repositories full of free software that can do the same thing MS software does and install as easy if not easier the MS software.

There are lots of flavors to choose from. Many will run as a live CD but to really get a feel for them install a virtual machine program such as Virtualbox in MS Widows. You can easily download many other OSes for free. With Virtualbox you won't even need to burn an ISO to CD or DVD. Instead you can install straight from your hard drive with the virtual CD built into Virtual box.

Linux is the most widely used alternative (BSD is probably not so good for newbies but it is rock solid.). I would suggest though that you try several and don't let the one with the most hype necessarily be your choice. Personally I like PCLinux OS but there are other as good but with slightly different implementations of various features you might be more comfortable with.

 

Contrary to popular belief, most people don't need to know how the clock works in order to know what time it is. A store-bought computer should work right out of the box with anything you can connect to it for home use.

 

Yeah, but lets be honest. Only "techies" are going to be knowledgeable/brave enough to try a linux distro of some sort, and really be able to make it work for them. Even at that, if you game or whatnot, you may still need windows, its just too much of a standard these days for most people to just totally walk away from it.

The only one I've heard of that you might even think of setting your websurfing grandmother up with is ubuntu.

 

Maybe Kbuntu but if Grandma was use to Windows she would probably find Gnome used in Ubuntu strange and challenging at best. There are easier to use choices then the Buntus but they get all the publicity.

Many work on install. There is nothing else to do. If they use KDE for desktop a Windows user could probably use it without any instructions. Note now days you can buy a computer with Linux pre-installed and it will just work when you plug it in. However as long as Windows user keep hanging on to their misconceptions based on Linux as it was many years ago few will try it.

 

Buy some more Ram

 

So, I haven't followed linux. I know it's much more stable, and has much less threat of attacks by virus & malware. But how is it with most software? I mean, can it run most software without major adjustments or problems? Of all varities? Games, media, productivity, etc? I'm not opposed to different things. I use Opera & Thunderbird, Open Office Suite & Corel Wordperfect Office Suite, as well as the MS versions.

 

I believe an application called wine will run most windows apps in a linux environment. Not sure how well it works with games and other graphics intense programs though.

 

Wine can in fact run many windows apps but there are some that it wont as of yet. Wine is still being perfected. A program called "cedega" shows great promise for gaming as it incorporatex a opensource directx compliment I believe. Gaming in linux has made great strides in recent years and now many windows games have been ported to linux. A few that comes to mind are doom, unreal tournament, alien arena,simcity, and many more. The gaming aspect is improving at a record pace. I use PCLinuxOS for my os and will never go back to windows. Linux is much more secure than windows and the performance meets or exceeds windows in many area's. Drivers are being written for devices constantly and the major vendors are starting to take notice. Linux is not just for geeks anymore. If my mother can use it then anyone can. It is 99% point and click and has a vast supply of quality software at your fingertips. I n my opinion people need to learn to use linux now because in the future that knowledge will be very handy to have. Entire countries are switching to linux and opensource software for many reasons as well as major corporations. Give linux a try. I think you will be very surprised at what you find. I will provide a link to PCLinuxOS so you can check it out.
http://www.pclinuxos.com/

Thanks.

 

While I currently work for Microsoft, a long time ago I served as a Unix SysAdmin and have worked with BSD systems along the way. You can configure a Linux system to be more secure than a Vista system, but you will have truly hindered its useability - turning on the SeLinux type enforcement module, setting up the TE policy tables (a truly major job), and then trying to get the functionality you want to work.

Microsoft does not make it easy for the home consumer to move into the "enhanced security - reduced functionality" mode that is sometimes deployed in the military. It is not a consumer usage mode. But the mode exists. If you really want to find out how to configure a windows system for maximum security, you need to read the "Windows Version Security Guide" where Windows Version will be "Vista", "XP", "Windows Server 2003", etc and follow the configuration guidance.

As you might expect, this is not necessary for consumers. You can make a very good case that Vista and Office 2007 are at least as secure and probably considerably more secure than the major Linux distributions it is competing with - and it is much easier to use. The price is just that, you have to pay for it, but the cost is not high when buying it with your hardware.

I have been doing security work for a long time, most of which was not spent at Microsoft. I run Vista at home. It is very reliable and performs well. My wife and kids have no problems using it. If you are running modern hardware I recommend it.

 

JRM, hi, it's pretty cool to have a Microsoft brain to pick.

I don't believe there's a lot of demand among the masses for milspec browsing, so I believe your example to be not to the point. Honestly, that "enhanced security - reduced functionality" statement is extreme and irrelevant because it isn't what we need. We need reasonable security with reasonable functionality. We don't need to *know* that *nobody*, no matter their resources, can harm our communications (or us, through those communications), we just need to be reasonably certain that we are not getting nasty stuff in our computer, and if we do get it then we want to be able to eliminate it easily.

In that context, I would ask if Microsoft is doing a better job of reaching these goals with IE than the Mozilla folks are with Firefox. I would also ask if Microsoft is doing a better job of reaching the same goals with Vista than the Linux people are with their work.

I don't mean to come across as either a jerk or a lawyer, I've just heard so many too-general and extreme statements from everyone that the chance to pin someone down to the real question is valuable to me.

Thank you,

lp

 

Assuming a naive user, I would rate the security of the combination of Vista and Office 2007 to be somewhat higher than that of Ubuntu with Open Office, counterbalanced somewhat by the fact that Microsoft is the primary attack target.

Both systems can be hardened by skilled users.

Windows has a substantially longer supported lifetime, typically 7 years standard support + 3 or more years extended support. This is far longer than any of the Open Source alternatives, and several times longer than Apple (I had an iBook, OS 10.1, when OS 10.3 came out, APple stopped security updates).

Irritating as it is from a security perspective, Microsoft's long support of legacy functionality also means that old apps continue to work on Microsoft for a very long time, typically well in excess of 10 years.

 

I would like to get your opinion on browsers too, as they seem to be under ever-increasing pressure from people who wish to give us malware.

 

I have used IE, Firefox, and Opera. When I had my Mac, I also used Safari. And a decade ago I used Monzilla. I will restrict my comments to modern browsers on a Windows platform.

I am writing this on my notebook, which is running Windows Server 2008. IE 7 is my default browser on this system, as it is on my home systems.

Microsoft has done a very good job hardening IE 7. On Vista and Windows server 2008, security is a bit better, with the browser running in "low rights", which makes browse-by attacks harder. Overall, I view IE 7 as more secure than FF or Opera.

One of the things I like about IE is its support for different trust zones. I use this extensively.

IE - Internet zone, this is my general internet browsing zone. I set the security level to medium high and then went in and customized it, turning off all scripting. I also blocked Flash and Shockwave and turned off Java. I can go to quite hostile web sites with this, as the blocking of active content blocks the attacks. It also breaks many web sites. But with this set as my default, if I hit a link that calls up a browser, I am safe.

IE - Trusted Sites zone. I put Microsoft updates here as well as those few sites I truly trust with my money. There are a few government sites as well. I only put a site here if I truly trust them and are convinced that they are well managed and will not run malware for third parties. Even so, if something is to be installed from here, I still get the elevation popup.

My third zone is a partial trust zone. This is not currently supported by IE, but I have high hopes for IE 8. For this, I run FireFox with NoScript installed. I still block Flash and Shockwave. I will invoke FF if I want to go to a site that I want to run some scripts, but not all scripts. Thus, I may temporarily run scripts from the site in question, but not from the other sites linking to it.

With a locked down IE as my default browser, and the use of IE zones for trust issues, complemented by separately invoked FF when needing to run script from a known site, I have a rather fine-grained approach to web security.

As a side note, it is well known in the security world that the various developments that constitute "Web 2.0" have not properly included security issues. Promiscuous usage of web active functionality is far more dangerous than generally realized. The increasing number of compromised servers increases the risks to users.

 

Since virii, worms, trojans, etc. are so simple to write that school kids do it, security being a BIT better means absolutely nothing.

The largest percentage of users will take a computer home, plug it in, and do whatever they do. Absolutely blind to the dangers that lurk, and clueless about how to beef security up.
Microsoft has failed miserably at protecting these people.

I prefer to use programs that are non-microsoft for those very reasons.

 

Just running a non MS product does not make you secure. If you are running a totally non-standard platform with no shared functionality (snap-ins) and the like, you are probably secure just because nobody will bother to attack you. But you will miss most of the functionality that justifies the time and expense of computers in the first place.

The numbers of Linux and OSX systems deployed is large enough that attackers are turning to them as well. OSX has had a significant number of attacks and security researchers have pointed out that Apple needs to follow Microsoft's security work. Vista is more secure than OSX.

Looking at bug issues, you can make a good case that Vista is more secure than the competing major Linux distribution's. I have pointed out in my postings that you can secure both.

Also looking at bug issues, you can make a good case that IE7 is more secure than Firefox, even without the Low Rights barrier that was added with Vista. Given what I have seen, I believe that Office 2007 is more secure than Open Office.

The one overwhelming thing Microsoft sees in attacks now is human weaknesses. We have made our OS and major apps reasonably resistant to code-only attacks. The primary problem now is the user installing and running stuff, typically by clicking on something on a web site and then installing it. Software measures alone have limited utility against what are really social engineering attacks. Microsoft cannot fix wetware vulnerabilities.

Don't assume that just running Linux will make you safe. Let us consider the case that you want to run a "Safe OS". Consider Open BSD. It has only have 2 vulnerabilities in the default OS in 8 years. Sounds good. But what you get with the OS is just that. Then you have to install the apps and user functionality that you want. So every month or so you have to download the source code for the security patches, recompile and rebuild the system, and start up again. Not very convenient and doing so requires some reasonable skill.

By the way, I have experience with OSX and am a very unhappy Apple ex-customer - I had an iBook with OS X 10.1. I will never deal with Apple again. I also have a background as a Unix sysadmin with some background in the BSD's. I was also a security architect for Novell 10 years ago.

 

I don't use a nix OS. I use XP. I used to run OS/2. The most stable and easy to use OS ever written. There were only 3 virus written for it, and they never left the IBM labs. I miss OS/2. The only reason I use Windows is because of the applications I run.

There are danger warnings all over the net about Outlook. The average user has no idea what they are, nor how to deal with it. It's a poorly written program anyway. I use Thunderbird.

IE is a joke. I use FireFox.

Office is insanely expensive, and also has security issues. I use OpenOffice.

If I can use something other than an MS product, I will.

 

I too used OS2 in the early 90's.

As for the security issues with Office and Outlook, these issues are version dependent. The Microsoft security push occurred when Office 2003 was in development, and Office 2003 is considerably more secure than its predecessors. Office 2007 and its supplied plug-ins are far more secure than Office 2003. And more secure than Open Office.

IE7 is a very good browser. It is not as standards compliant as FF, but this was done to maintain functionality for web sites that were coded to the far less compliant IE 6 and 5. IE 8 will have a full compatibility mode.

As for the relative merits of IE vs FF vs Opera ..., I am reminded of the vi vs emacs editor dispute of 2 decades ago. Both got the job done. Both had relative strengths and weaknesses within the context of different user's usage styles. No one browser can be optimal for all usage modes.

I run internal security tools on systems with installed software. We typically find that third party developers are much less likely to be aware of security issues than Microsoft teams, which have to go through a final security review before they can ship.

 

You may work for MS, but it means nothing to me. Windows is a bloated, junk OS. Nothing you can say about it will change my mind.

 

If we view the operating system as simply the primitives that provide memory, file system, and networking access and protection, all shipping OS's such as Vista, Ubuntu, Suse, RedHat, PCBSD... are bloated. OS's are useless in and of themselves. They are infrastructure upon which you layer middleware and run applications. It is the applications that add value to the end user. Since different users want different things, you have the faster or slower addition of a wide variety of functionality to all operating systems aimed at the end user (systems for governmental usage are different). With Vista, you get it all on the disc and then all the other stuff your hardware vendor adds over that. With the *nix's focused upon the consumers, you get a substantial bundle and the rest is sitting at servers waiting to be installed with a single click. In the end, most users end up with a LOT of stuff they don't use. The same is of course true in application packages such as Office and Open Office.

This is a basic feature of the consumer economy. I may not like it. You may not like it. But try and get devices without lots of features. For whatever reasons, features sell, even if almost nobody uses many of them.

 

Hello again, and thank you for the copious information- I've thought about this issue quite a lot now and I've learned a little too.

I'm going to try to cut my irrelevant thoughts and get to the nub of things here. Let's not consider all the past issues, let's just consider what the case is today.

This, to me, is the nub of the situation: Microsoft says that for several hundred bucks, depending on just which version of Vista I might desire, I can get marginally better novice-level security than a particular flavor of Linux offers. I dunno, I think it might make more sense for me to toss some vo-tech school kid fifty bucks to set me up with a bulletproof Linux system on a computer I already own. Seen in that light, for fifty bucks I can get *better* security than with Vista operating at my novice level.

And while Microsoft has been playing security-catchup, look at what some of the Linux folks have been doing:

http://youtube.com/watch?v=_ImW0-MgR8I

Impressive, to say the least. Its just eye candy, but pretty nice eye candy.

i've been playing with some different Linux distros, I've settled on PCLinux as my introduction distro because it seems easiest to get started with. I've been dual booting PCLinux on the machine I'm presently on, along with XPsp1, for a couple of weeks.. and I find I don't need XP so far. Don't get me wrong, I really like XP, but I know it won't last forever, and I'm pretty well convinced that Vista isn't for me.

Heck, I first ran PCLinux on a 466mhz, 128M ram HP Pavilion. It was a little slow but rock-solid with an uptime of months.

I'm not saying it's been all roses, I've installed this Linux a half-dozen times now, but I'm learning and it's settling down. I like it, and it's quite fast, certainly faster than Vista is so far reputed to be.

I've been seeing articles, several of them, on the internet with titles like "Why I'm switching from Vista to (enter distro) Linux". These are people who use computers, who depend on them. When I start seeing stuff with titles like "Why the new Windows OS works better for me than (whatever) Linux" then I'll be back to check Windows out again. I'm also curious as all heck to see how that "kernel protection" thing pans out..

To conclude: I believe Linux is offering me a much better return on my investment than Microsoft is offering with Vista.

Again, I thank you for your time and effort. You write remarkably well, it makes me a bit envious. I do wish you'd qualify some of your statements just a bit, but that's a subject for a different thread.

l_p

 

I think you've hit the nail on the head. No amount of security in the applications can make up for the tenacity and determination of an ignorant user.

Case in point: My wife's friend. I watched her do it. I warned her. And she did it anyway: New email with a .exe attachment. She knew the person who'd sent it. When she clicked on it, her anti-virus kicked in with a box warning her that it contained a virus. I told her not to open it. She clicked "Ignore." Another screen: "Are you sure?" Yes, she was sure. And almost immediately her machine was overrun with malicious junk.

The sad thing is, most people are ignorant users. They don't want to know how the clock works; they just want to know what time it is.

These are the same people who buy the new car with the best safety rating, then drive while they yak on the cell, check their makeup, mess with the radio, read the newspaper, and program the Tom-Tom. With a cup of coffee in the other hand. Oh, and the seat belt is too uncomfortable and it wrinkles their shirts.

One more anecdote: A co-worker told me he was shoveling snow a couple of weeks ago when his next door neighbor, an old retiree who had recently purchased his first computer, came out. They talked. The old guy was on his way to the bank to send a cashier's check to Nigeria.