How to make your Windows machine more stable and secure

[Refalm]

Talking about different things and pretending they're about same subject doesn't further discussion either.

This whole thing started from jtpenrod's comment: "It takes a crowbar and a case of dynamite to pry Inter-nut Expl-Horror from Win-Doesn't". I was trying to argue that this isn't the case, and that any issues that result from removal of IE are not specific to IE but rather apply to all library type entities.

You're welcome to ditch IE, but third party apps might expect it's there. Microsoft doesn't want you to remove it because of these dependency issues, so you have to do some little work to get rid of it.

Yes, a lot of Windows applications depend on Internet Explorer.
But, it's wether they decide not to start at all, or simply give you an error and start anyway, to decide if you want to remove Internet Explorer from Windows XP or not.

But luckily, I don't have to make that choice.

[MrX]

chances are, if the program relies heavily on IE and it doesnt make any effort to work with other browsers (for example the download managers used with the firefox exstension flashgot , they can still be used after scrapping IE) so basiaclly it means that the programs are cheap and shouldnt be used.
 especially when i get windows programs, and it is like a $30 program, so i get a crack for it and then use it for a week to see how it is and it ends up like being a piece of crap that has so many errors. except things from macecraft, they are great.

Mr X

[Calum]

You're welcome to ditch IE, but third party apps might expect it's there. Microsoft doesn't want you to remove it because of these dependency issues, so you have to do some little work to get rid of it.

whatever.

i don't see how this proves either:

a) IE is not too heavily integrated into the system

or

b) the reason microsoft does not want you to remove it is because you would then be using a competing product.

neither does it convince me that:

c) IE is secure.

[muzzy]

Oops, forgot that this thread existed, sorry for not responding earlier.

Regarding IE and "integrated to system", this completely depends how you define those words and what they mean. The way I see it, IE isn't very deeply integrated at all.

About competing products, I don't know about marketing issues that might be around it, but there's a real technical reason why it's a bad idea to remove it. You can still use a competing product without removing it, so I cannot see how this is related at all.

My point doesn't try to "prove" anything, it just states how I see one specific thing. Does the IE "integration" issue prove that gravity exists, or that earth has an atmosphere? Ofcourse not. Does this IE design prove that IE is secure or works at all? Ofcourse not. They're totally unrelated issues. Regarding the whole design of IE, the only security issue associated with the design is when people use the component to display their own HTML stuff, not realizing the exact consequences of using such a mechanism (regarding tainted input, for example)

[Calum]

Oops, forgot that this thread existed, sorry for not responding earlier.

Regarding IE and "integrated to system", this completely depends how you define those words and what they mean. The way I see it, IE isn't very deeply integrated at all.

i thought we weren't going to worry about what words actually mean, instead preferring to make up our own definitions to suit the moment (and our own opinions). i know it bores you when i define the words i use, but my last post simply lets you know that you haven't said anything of substantial content to convince me of the three points that i mentioned.

About competing products, I don't know about marketing issues that might be around it, but there's a real technical reason why it's a bad idea to remove it. You can still use a competing product without removing it, so I cannot see how this is related at all.

because of potential/perceived problems related to alleged spyware, and unnecessary network traffic generated by IE. I don't know about this but plenty people seem to be worried about it. Also, it sets a dangerous precedent that people have no control over how their system is set up. If i want to replace mozilla with opera on my system, i can uninstall one and install the other, easy. There's no technical issue stopping this, why should there be one with IE? there shouldn't. if there is one, it's either through design or bad implementation.

My point doesn't try to "prove" anything, it just states how I see one specific thing.

ok, then we're both cool.

Does the IE "integration" issue prove that gravity exists, or that earth has an atmosphere? Ofcourse not. Does this IE design prove that IE is secure or works at all? Ofcourse not. They're totally unrelated issues.

ok, as i said: whatever.

Regarding the whole design of IE, the only security issue associated with the design is when people use the component to display their own HTML stuff, not realizing the exact consequences of using such a mechanism (regarding tainted input, for example)

so bad html causes a windows system security problem? this gets better! and this from somebody that thinks IE is secure? am i misunderstanding you or are you blaming a system's insecurity on its users again?

[muzzy]

goddamnit you just love twisting words do you? if i could punch you over the internet i damn sure would. right now. you just refuse to understand what i'm saying, don't you?

your comment about the word definitions is heavily offensive. i have no idea why i'm bothering to reply to you at all, since you clearly show NO INTENT TO DISCUSS THE SUBJECT but instead just want to mock me. you keep saying things that have nothing to do with the subject, and are not related to it except through a common item (in this case, IE). it makes my blood boil.

then you try to thwart the discussion by making some statements, again unrelated to the subject, and say that my on-topic discussion doesn't address these off-topic issues. no shit, sherlock! IE security issues have nothing to do with "integration", thus my views on the integration don't address security.

and finally, the last paragraph in your previous post, you ask "bad html causes windows system security problems?". You obviously had no fscking clue about what I said in the text you're replying to. That, or you're defining "system security" to mean something else than it means. If application uses a library which lets you do more than you intend, and then you use that library, it's not a system security issue. It's an application issue. That application acting like that can be a system security issue, but ITS NOT FAULT OF THE LIBRARY!

... time to go get something cold to drink, i need to cool down. if you keep replying with your bullshit, i wont bother continuing this discussion further.

[Orethrius]

I'll be brief in the rationale behind a microkernel implementation: a module "integrated" (cutely quoted, as you put it) so tightly with the system kernel that the system cannot run properly without it is a security breach.  Likewise, a secure module - by design - cannot integrate with the system kernel.  Forget for a moment that LiteStep and whatnot exist, we're talking about the rationale of the LCD (lowest common denominator) - the most clueless possible user.  They're not going to take the time to remove IE and secure the system like they should when they're told the opposite is "just fine" at every juncture.

[Aloone_Jonez]

You need IE to do system updates, and I would presume that the IE library is a different module than the one that's displays the Internet Exlporer window. They could easily make a different update manager and at least romove the code responsible for displaying the Internet Explorer window. You can't tell me that they didn't start shipping Windows with Internet Explorer to put Netscape out of bussiness and to remove all of the competetion.

[muzzy]

I'll be brief in the rationale behind a microkernel implementation: a module "integrated" (cutely quoted, as you put it) so tightly with the system kernel that the system cannot run properly without it is a security breach.  Likewise, a secure module - by design - cannot integrate with the system kernel.  Forget for a moment that LiteStep and whatnot exist, we're talking about the rationale of the LCD (lowest common denominator) - the most clueless possible user.  They're not going to take the time to remove IE and secure the system like they should when they're told the opposite is "just fine" at every juncture.

First of all, Windows NT isn't exactly pure microkernel. Second, neither the native core kernel, nor the win32 executive subsystem depends on IE for functionality. The whole system up to that level works great without IE. The issues only come on top of win32, in the actual shell implementation.

Now, you're doing a nasty logic error there, I think. You are assuming that the system is not going to be configured and the defaults are used. If you make such assumption, you cannot conclude the same thing and have it mean anything. If you assume that user won't install alternative browser, then it means nothing to conclude that it's unlikely that alternative browser gets installed.

So, what's your point exactly and what are you trying to say? I'm not quite following your thoughts with either the microkernel thing nor the idiot user thing. You're talking about system core design with the microkernel issues, yet you refer to the whole userland and user experience as a "system" as well when you talk of IE. I don't see how they relate, as the scope of "system" is different for both cases.

[Calum]

goddamnit you just love twisting words do you?

not as much as you enjoy spouting bullshit (apparently)

if i could punch you over the internet i damn sure would. right now. you just refuse to understand what i'm saying, don't you?

nope, i don't, but you appear not to be too keen on talking what is known to the rest of us as "sense".

your comment about the word definitions is heavily offensive.

not really, it's a rough summation of your attitude towards defining what you say. I find it offensive that you continue to say generalised and contrary comments while expecting people to instinctively know what you are talking about. now for a REAL offensive comment, try this:

Go and fuck yourself you moron.

See? totally different from what i said before.

i have no idea why i'm bothering to reply to you at all,

well you'd be best placed to answer that, don't  you think? if you don't know, i certainly don't!

since you clearly show NO INTENT TO DISCUSS THE SUBJECT but instead just want to mock me.

firstly, mocking you is a lot of fun, however i only do it as a byproduct of attempting to communicate with you. Your communication skills seem to be throttled one way, so you can output a tremendous amount of information (or a good imitation thereof) but you're not too good at  taking it in. contrary to your accusations, i'm happy to discuss any subject here, so long as i know something about it, so pick up your toys and let's get back to it.

you keep saying things that have nothing to do with the subject, and are not related to it except through a common item (in this case, IE). it makes my blood boil.

oh so terribly sorry. do people in finland stick to the point 100% of the time? if so, then why have you just wasted an entire paragraph to air your frustrations publicly?

then you try to thwart the discussion by making some statements, again unrelated to the subject, and say that my on-topic discussion doesn't address these off-topic issues.

jeez! usually when you start a new paragraph, it means you are finished with the point at hand. why do i have a feeling of deja vu here?

no shit, sherlock! IE security issues have nothing to do with "integration", thus my views on the integration don't address security.

aha! now some sort of substance (finally). ok, smartass, SOME people think that the two ARE connected, and you getting your underwear in a knot is NOT going to change their OPINION. get it?

and finally, the last paragraph in your previous post, you ask "bad html causes windows system security problems?". You obviously had no fscking clue about what I said in the text you're replying to.

oh how dumb of me. HEY EVERYBODY, COME AND LAUGH AT ME, I COULDN'T UNDERSTAND ONE OF MUZZY'S POINTS! how is this a problem? simply explain yourself C-L-E-A-R-L-Y and this problem will disappear of its own accord. do you seriously think you can waltz onto these forums, spew a load of confusing shit about how windows is the best operating system (except windows xp, and windows ME and every other windows up to windows ME) and expect everybody to understand what your unreasoning gobbledygook means? not everybody will, surprisingly, and even more surprisingly, i am one of them.

That, or you're defining "system security" to mean something else than it means.

whatever. but i think you are dangerously close to going off topic here.

If application uses a library which lets you do more than you intend, and then you use that library, it's not a system security issue. It's an application issue. That application acting like that can be a system security issue, but ITS NOT FAULT OF THE LIBRARY!

ok, again, this is NOT what i was talking about. how come if i don't understand you, it's my fault, but if YOU don't understand ME... it's ALSO my fault?

dumbass.

... time to go get something cold to drink,

i would recommend sulphuric acid.

i need to cool down. if you keep replying with your bullshit, i wont bother continuing this discussion further.

oh no! how would i live with myself.

the same does not go for you, i actually enjoy replying to your bullshit, even though it saddens me that you have gone so far off topic in this "post" of yours.

[muzzy]

Word to word responses, mud slinging eh?

The way you discuss about IE, you just throw random things at the table, and when I point out how these things work, you're saying I accuse some third party for the problems you're experiencing while you'd prefer to blame Microsoft for their design decisions.

Technical issues aren't opinions, technical issues are FACTS. You cannot argue about facts, unless you're arguing about validity of them. If people have differing views, they're either discussing opinions or only one of them is right. I've been trying to discuss facts about the design of IE and its implications on security. Either I'm right or I'm wrong, other people's opinions can't change FACTS. If you don't believe me, there's no need to. Just say so, it's ok if you don't have solid knowledge about the subject, but I really really dislike it when you don't understand what I'm saying, and attack some interpretation of yours and expect me to defend it, or simply refuse to comment and instead say something completely unrelated.

And could you PLEASE read this post through a few times before you choose to reply? If you just grab on words sentence at a time, you're guaranteed to just annoy me again and not contribute to discussion (as if there's any discussion left here anymore)

[Calum]

while i think it's great that you have calmed down enough to communicate effectively again, i really think it's better if i don't reply specifically, since i am not an expert on how IE works, but also because as you say, there's little to no discussion left, if there ever was any in the first place, given that the subject is primarily factual, rather than interpretational.

[Aloone_Jonez]

Flamebait aside two people have replied to this thread in a reasonable manner, why not just respond to them?

[muzzy]

I tried respond to orethius above, and what comes to system updates, I wasn't aware that the autoupdated depends on IE. Is this the case? I could do some research later.

Regarding the windowsupdate site, yeah, IE dependency there is kind of an issue, traditional approach to writing a standalone update application in the first place would've been better. I don't think there's any malice involved, though. Someone just thought it'd be good to have a kind of "application service provider" type of approach there.

[Aloone_Jonez]

But yo can't despute the fact tha Microsoft put Internet Explorer there push Netscape out in the first place.