All Things Microsoft > Microsoft Software
How to make your Windows machine more stable and secure
Kintaro:
Ohyeah. Since linux apps are so hard to install, there won't be an issue of running untrusted applications. Or if they're ran purposedly, they're being trusted huh? Nice way to get out of the real issue.
Well this isn't a big issue for a Fedora User, all the applications come from a trusted source with apt-get. And on my server, it runs trustix which users a similar system exclusive to trustix called swup which uses gpg signed sources. However if any of the servers got cracked themselves.
Nonetheless, snort provides very advanced protection against all these vulnrabilities. Including even those for Windows if you run it on your router/firewall which is a bonus.
Hardware or driver issue. I cannot see how this is different from using linux and running a proprietary driver. Due to how modern operating systems are designed, drivers have a little bit too much freedom to operate. I have a kind of "dream OS", which would involve a Xen-like approach of separating the guest OS and host OS, with drivers being in the simple host OS layer. And here, the drivers would run under some sort of JIT VM, bytecode, so they couldn't crash the damn system. Well, one can dream. Perhaps in future, once the .NET implementations get stronger, this kind of approach will become viable as well.
Tried updating the drivers several times, and other things. However now that I have no Windows on my laptop, its not an issue, it is fine in Linux. It seems the kernel maintainers can differentiate between STABLE and UNSTABLE, Microsoft have given me a lot of unstable drivers in the past, so, not an issue.
Besides
SELinux > Microsoft.
muzzy:
Well this isn't a big issue for a Fedora User, all the applications come from a trusted source with apt-get. And on my server, it runs trustix which users a similar system exclusive to trustix called swup which uses gpg signed sources. However if any of the servers got cracked themselves.
Apt is nice, but what if you want to install some third party cool monkey that will run around your desktop doing cool stuff? And don't tell me it's ridiculous that anyone would want such a thing, practice proves otherwise.
There will always be countless amounts of software out there that won't be in known repositories. Then you have to get it yourself, from untrusted source, assuming you want to run it in the first place. A lot of the time you can apt-get everything you need, and if you can't get your favourite text editor "pico", you only need to whine about it to your geek friends and they'll tell you to get "nano" instead.
Anyway, I've understood that "normal" users just tend to go around and try whatever software they can find. They'll download and run anything, to find cool stuff. If such people were to use linux, and knew how to do what they want to do, you'd have a security disaster right there and then.
Security isn't just something a system provides, it's more about the users than about the systems most of the time. Good systems enable users to make informed security decisions, but uninformed users can't make good security decisions no matter the system.
jtpenrod:
I thought reading sourcecode was geek territory already. Also, your use of the term "user-land" is slightly confusing since it typically means something different than what you imply.
Here is what you said: "Bad experiences tend to be because something unexpected and frustrating happens. If you understand the system, there will be significantly less of such experiences."
What does this have to do with anything? Three years ago, these friends of the family bought a brand-new Sony Viao with Win-XP installed. They didn't really care what they were running until the wife lost two weeks' worth of work needed for her college graduation. XP ate the whole damn thing at 2:00AM the morning it was due at 8:00AM. Of course the professor wouldn't take: "XP ate my homework" for an excuse. She failed the course, and this delayed her graduation for six months. The day after, they practically begged me to install Linux on their system and show them how to use it. This, I did. So far, there have been no further incidents of this sort. How would their having a "greater understanding" make them more forgiving towards Win-XP? All they care about is that XP trashed valuable work at the worst possible time, and that Linux doesn't.
The backwards compatibility solutions in windows are indeed a hack, however the whole linux kernel is one big hack. I've had a plenty of lovely experiences regarding it. Few years ago at work, I had to investigate how to let processes keep more files open. Turned out, the constant that defined it in the kernel was redefined in userland as a different value, but only if you included the headers in a specific order. No explanation whatsoever for this was provided anywhere. They've fixed that since then, but all sorts of various kludges exist all over the place.
You make this sweeping generalization: "...the whole linux kernel is one big hack." You have nothing more substantial to back that up other than: "Few years ago at work, I had to investigate how to let processes keep more files open. Turned out, the constant that defined it in the kernel was redefined in userland as a different value, but only if you included the headers in a specific order. No explanation whatsoever for this was provided anywhere. They've fixed that since then, but all sorts of various kludges exist all over the place."
Key words here: "A few years ago...", and "They've fixed that...". This nullifies whatever point you thought you were making. One incident of some variable getting redefined, or someone's being less than diligent with their forward declares hardly damns the entire kernel as "one big hack". That's pretty weak.
Not being exactly a Ruby programmer, I can't take guesses at what might be going on, but "couple of seconds" sounds like it's not just Ruby's fault. Highlevel languages can be just as fast as C++, for example Ocaml has been claimed to generate code that rivals Intel's C++ compiler.
Ruby isn't the peppiest language out there. It has some bitchin' features, but those features slow it down. The idea that these interpreted languages can be as fast as C/C++ is just not right. They are not. To say: "Ocaml has been claimed to generate code that rivals Intel's C++ compiler." does not imply equality of speed.
Will these geeks also go clean up everyone's systems? Didn't think so. When something like that happens in windows, there are various anti-virus companies and a lot of geeks as well to check it out.
Yes, they will. So far as the turn-around time for Open Source and bug-fixes goes, Open Source is way ahead of Microsoft.
You are making some wild assumptions here, and I think it's because of the TCPA FUD that's been going around. You know, pretty much everything TCPA does can ALREADY be done with software. You don't think so? See Xen and what it does: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ ... this same approach could be used to implement a lot of the TCPA functionality. However, a hardware support on some level is needed to make things straightforward. What's I've read about TCPA, it seems to be damn good stuff, and I can't wait to get to play with it.
So far, I'm witholding judgement on this. Like any technology, it's neither good or bad per se. However, I don't trust that Microsoft won't attempt to use this to lock out other soft and operating systems.
Regarding your comment about application providers, I agree that the idea of them is somewhat flawed, but not as horrible as you'd think. Can you imagine buying for a linux shell, where someone else takes care of the software upgrades and patching and stuff? Yeah? Why is the same thing with windows any different?
It's different precisely because no one is trying to lock you into Linux. Indeed, the Linux and Open Source communities have been far better about this than has Microsoft. You can run: Firefox, Mozilla, the GIMP, BASH, X, for starters on Windows. So far, this has been purely a one-way street. What Microsoft apps run natively on Linux?
muzzy:
Here is what you said: "Bad experiences tend to be because something unexpected and frustrating happens. If you understand the system, there will be significantly less of such experiences."
What does this have to do with anything? (... story snipped ...). How would their having a "greater understanding" make them more forgiving towards Win-XP? All they care about is that XP trashed valuable work at the worst possible time, and that Linux doesn't.
So, how exactly did it happen? What went wrong? There's always an immediate reason for why everything happens. It could've been user error. Also, depending on what exactly happened, that data could've still been recoverable. I greatly suspect this wasn't fault of Win-XP itself, unless the filesystem just mysteriously went wookoo. Not knowing what really happened, I don't have further comments about the incident.
You make this sweeping generalization: "...the whole linux kernel is one big hack."
Yes, I didn't provide very good reasoninig. By same logic, your story above about Win-XP eating people's work is equally worthless. :)
How about the 2.6.x kernel tree, then? Weren't even branches supposed to be stable? I tried compiling 2.6.9 recently with scheduling and stuff, and even with days of debugging, I couldn't get it to work. When the scheduling stuff was compiled into the kernel, the network cards wouldn't get recognized anymore, or wouldn't just work. Reading around, I found I wasn't the only one having problem, and that 2.6.x had plenty of experimental crap in it. It wasn't a stable tree by any means. On my primary shell, we had an incident with bittorrent causing kernel panic on 2.6.x kernel, again google reported various similar incidents having happened to others. Mysterious bugs, all sorts of strange things going on.
My linux experience starts from around 1.2.x times, and I mainly administrated boxes during 2.0.x kernel tree. Back then, people were already bashing microsoft all around and moving to linux, although bsd system would've been a lot lot better choice for everyone. Well, Linus has been doing unbelievable job at having the damn thing working and keeping it together, but from my perspective I have to say it looks like one huge mess. I'd pay more attention to the more recent kernel trees if they actually worked.
Ruby isn't the peppiest language out there. It has some bitchin' features, but those features slow it down. The idea that these interpreted languages can be as fast as C/C++ is just not right. They are not. To say: "Ocaml has been claimed to generate code that rivals Intel's C++ compiler." does not imply equality of speed.
Dynamic languages don't need to be interpreted. Also, ocaml isn't just an interpreted language. It can be compiled to native code, and I know people who say it's really damn fast. No, I don't have personal experience, that's why I said it's been claimed so. Obviously, benchmarking against C++ compilers would suck because the two languages are just so different. However, let's make those comparisons anyway:
http://shootout.alioth.debian.org/benchmark.php?test=all&lang=all&sort=fullcpu
Go ahead, you'll see that ocaml ranks quite high in the list, even though you can question the methods of benchmarking. You'll also see that Ruby scores quite low :)
It's different precisely because no one is trying to lock you into Linux. Indeed, the Linux and Open Source communities have been far better about this than has Microsoft. You can run: Firefox, Mozilla, the GIMP, BASH, X, for starters on Windows. So far, this has been purely a one-way street. What Microsoft apps run natively on Linux?
So, wouldn't the best approach to solving the problem be user education? Software lock-in can be expensive, and businesses understand money. However, GNU is an evil empire when it comes to lock-in as well. Everyone's writing their "sh" scripts with bash syntax nowadays, m4 is backwards incompatible, gcc has language extensions that are widely used, etc. How are these not lock-in issues?
Also, how many GNU apps really run NATIVELY on windows? Don't a lot of them use the cygwin api wrapper to implement signals and *nix apis for them? I know there are a lot of native apps, but a lot of them aren't. For a long time, GIMP didn't use native widgets on windows either. It'd go on implementing its own damn scrollbars and buttons. Talk about bloat and inconsistencies.
Calum:
--- Quote from: muzzy ---
I know linux, and it's a horrible mess. Just because the source is available doesn't make it any better technically, it's just a matter of freedom.
--- End quote ---
i have to disagree with you about this. the concept behind open source software is peer review.
basically, and i am sure you know this, if the source code is open, then potentially thousands upon thousands of people are looking over it, with a view to wiping out any holes, malware, inefficiencies et cetera. with closed source code like mswindows, only the microsoft developers get to see it, therefore only they get to bugfix it. thousands versus perhaps one floor (at the most i suspect) of nine-tofivers.
and there's my second point. these open source coders are all (well, mostly, this brings up the issue of companies contributing to GPL stuff because it benefits them to do so, which i will ignore for now since it does not weaken my point) doing it for the love of it, while the coders at microsoft are being paid a salary to do it. amateurs will naturally have a more personal interest in fixing bugs and making stuff work right. people who have to file paperwork and who will collect their paycheck whatever happens are less likely to be quite so ambitious and successful from the point of view of "good" code, in my opinion.
Basically, and i am sure you know this too, the whole thing is explained *perfectly* in ESR's book "The Cathedral and the Bazaar" which i cannot recommend enough, if you are not familiar with it already.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version