Jason Edwards wrote: [Gibson]
But Windows is written in C, and the API is in C (beside the funny decision of Microsoft to have Pascal calling convention in the DLLs).
Of course, if he wants to do it, why not? I for myself only are hacking assembler code, if there is no other way to achive what I want to do.
;-)
Yours, VB.
And I think that's one of its biggest problems, however I'm not suggesting that there's a simple way to do anything about that. Rewriting Windows from the ground up would be good for security but bad for any other reason I can think of. So I think we're stuck with things as they are, no matter how many people offer web sites with tools designed to improve security. The people who need those tools will never find them, and even if they do find them they will not be able to download and use them, no matter how simple it is.
Christmas will be here soon. I wonder what the effect will be on the number of broadband connected Windows PCs waiting to be owned.
Jason
[cut]>
Can you give an estimate of the number of Windows PCs connected to broadband which do not have XP SP2? Not that I think it would make a big difference if they did.
Information is only useful to those who can make sense of it.
For the reasons I've already given. Try teaching your cat to do this, at least it will keep still and purr, but it won't listen to a word of what you're saying.
Try teaching them then. There will only be a few differences between them and the cat. They won't purr but they will listen because it would be rude to do otherwise. A microphone also listens, even if it's not connected to anything.
I think Microsoft think that they have to solve these problems too, but without breaking any existing applications.
It's because people want to buy it because other people told them they need it. Have you logged on to a banking site recently? Were you warned that you should be using anti-virus and personal firewall software? Were you offered a discount on one of the two products you can find in the high street?
Jason
I cannot see, why this would be a bad idea at all. Perhaps, Microsoft introduces .NET also for this purpose ;-)
Many people find it. And many people are able to use it. But not enough, though.
Oh, usually it is. The only thing, the home user should have, is Windows XP SP2 and some information, why not using Internet Explorer or Outlook Express, but some alternatives - and keeping those up to date. Also the home user has to be teached, that he should be careful with stuff he gets per email from unknown sources.
Yes, of course. I don't know, for what Gibson's stuff is worth - in fact, I like
Such tools like
Yours, VB.
------------------------------ schnapp -----------------------------------
Here you're compairing (or at least the author of the article is compairing, and you're referencing it) human beings with crockroaches.
This is not a starting point we could discuss, sorry.
Not at all. Just try, please.
I don't think that "Personal Firewalls" are "limited but useful tools". The "Personal Firewalls", I saw, are completely useless and even counterproductive tools for security purposes.
This is the reason I'm arguing against them, what perhaps you mean with "zealous" ;-)
Yes. And they could buy a Macintosh, perhaps a MacMini.
No, not at all. Quite the contrary, I'm working on the topic to offer quick solutions for such users in my sparetime for free, and I'm trying to help building the awareness in the public for solutions for this topic, including the most important approach: making Microsoft solving those problems.
Sorry, this is not true. The "anti-personal firewall position" has its origins in Usenet in de.comp.security.misc, and in the work of Frank Kaune and Torsten Mann as well as Ansgar Wiechers and Urs Traenkner. All of them, without exception, are Windows users, and Windows experts AFAICS.
Yours, VB.
Unfortunately, I don't have such numbers. It would be interesting to know, though.
Yes, of course.
;-)
I don't have the bad experiences with end users as you seem to have ;-)
I'm doing this.
;-)
I'm trying to use multiplicators in this game, though. I.e. PC Professional and other magazines. Of course, this is a difficult task, and it's difficult to teach the magazine writers first. But, perhaps it would be a good idea, if I would not do this alone?
I don't think, that thi really is the problems. We had some technical discussions about this topic on de.comp.security.misc yet, and it seems to be less problematic than what I thought first.
As a bigger problem I see, that Microsoft is a very heterogenous group of people not only but also in terms of security knowledge.
One person is calling any trial to remove malware from your PC if it is already infected an impossible task (what usually is true, it's not possible to do this in a secure way usually), while the other person is advertizing malware removal tools from Microsoft at the same time.
Yes, of course.
Yes.
No.
Yours, VB.
I'd give it up if I were you. Unless you want to do it Steve Gibson style. Otherwise you won't get enough people following your message.
Professional
Do it Gibson style then. Get your followers to spread the word. Make sure they believe that it's the only true way to security.
I think Microsoft might put it something like this: Because Microsoft must respond to changing market conditions, you shouldn't expect anything we say to imply a commitment to do anything in any particular way.
Market conditions may not have much to do with educating users or having any concern for their security. It may have much more to do with how many copies of your product you've sold and what the bottom line is.
Microsoft could no doubt spend more money on educating users if they wanted to, but why don't they? Is it because they know that most home users cannot begin to understand what's inside the box and what the best system configuration is?
One of my friends bought a new mouse a few fays ago because the mouse pointer on the screen kept freezing. I only found out after he discovered that the new mouse did exactly the same thing.
Jason
"controlling
Oh, no problem. I'm not thinking, that I will make the world spin the other way around or something ;-)
But of course, this does not keep me from saying what I'm thinking.
No, thank you. I will try to keep in this reality and not to tell nonsense. Perhaps, discussions like this one help me with it...
I don't want to do this, sorry. That also may have to do with the fact, I'm not a prophet and I don't have followers ;-)
;-)
Then the new mouse is b0rken, too. :-P
Yours, VB.
It's an analogy, Volker, not a comparison. Analogy: "A similarity in some respects between things that are otherwise dissimilar." A favorite 'keep-em-awake-and-attentive' tool of motivational speakers.
Flaws aside, I thought the piece echoed some of what you've been saying, and makes an especially good point about the futility of enumerating badness.
My 'favorite' dumb idea: "Just get it working, we can get it working right later." Which reminds me of an analogy: If the foundation is flawed, the overlying structure can't possibly be stable.
"When it comes to being a pansophist, there is no 'do', only 'try'." - nf
nutso fasst wrote: [Relation between cockroaches and human beings]
Analogy or comparison - could we abstain from it, please?
Hm... yes, of course. What are you trying to tell me?
Yours, VB.
(Hmm, methinks any such attempt would be futile.) T'was not for you, just a statement I think bears repeating (clearly there are managers who don't subscribe to it). Sort of like replying with "use the Windows firewall" when that's not the answer to the question. Or using a sig with the same quote again and again, assuming some stranger will relate to the generally-irrelevant verbiage. An analogiser might say I was just pissing into the wind, but that is not literally correct.
nf
I wouldn't want you to not say what you're thinking, but if we're going to prevent malware running on home users' PCs then it may take more than nntp and http are capable of.
Perhaps I should have told him that :)
Here's a story about what happens when many people use the same PC, without any of them having a clue what's inside the box.
Jason
Yes, perhaps you're right. But I cannot see, _how_ we should achieve this goal.
Yes, of course ;-) And, surpise surprise: really _every_ mouse, one could buy today, is b0rken - what a sh*t!
That reminds me of another user with a b0rken mouse I know, using a Macintosh:
"My computer freezes!!11!!111" - "Can you move the mouse any more?" - "Yes, I can." - "OK, then try pressing Ctrl+Cmd+Esc. Is there a Task, which hangs?" - "What Task?!" - "When you press this, a window appears..." - "No. Nothing happens!!!11!111" - "Hm... is your mouse pointer really moving any more?" - "No, the mouse pointer is not moving, but you asked me, if I'm able to move the mouse..."
;-)
Yours, VB.
Why should _we_ achieve this goal? It is a goal for Microsoft to achieve is it not? Either that or go out of business. So perhaps they will achieve it somehow. Time will tell.
appears..." -
So passengers can't fly an aircraft unless they know something about how it works. When I fly I insist that there's a pilot on board.
Jason
[and other offenses]
People, who're offending others without arguments, lost the debate.
VB.
Yes. Asking another way: how do you think a situation could be achieved, that Microsoft has to move?
Hm... If I'm looking at the balance sheet of Microsoft, I cannot see, that they're risking their business. ;-)
People are buying Microsoft's products if they're very secure or not, because they don't know that the security problem is with Microsoft's products (it's because so many people have the same product, because of the "evil hackers", because of a lack of extra special toolz, because of accident or somehow... - and, yeah!, because of those pupils in German^W^W^Wmost wanted criminals, which are a big danger for the computer infrastructure of the world, and are pursued by bounty hounters and class-mates^Winsiders!!1!11)
Yes. Are you advertizing to buy a Macintosh? :-P
To conciliate: With Windows XP SP2 Microsoft showed, that they want to move now. Fortunately this is the very first step.
Yours, VB.
Perhaps they don't have to move in any way different to the way they are currently moving.
No need to change then. So the answer to the above question is that Microsoft don't have to change at all. They just have to continue to produce security updates until they reach an approximation to a system which was designed to be secure in the first place. People will, as you say below, keep buying the products anyway.
No doubt Microsoft has many people who can be persuaded to believe that the problems are not Microsoft's fault but are the fault of the evil hackers.
If you produced a car which kept crashing, how would you go about saving your reputation as a car manufacturer? Would you immediately admit that the car needs a complete redesign and withdraw it from the market? Or would you try to find a way to blame it on someone else? Thus deflecting blame away from yourself. It's even better if you can blame it on someone who has obviously broken the law by getting unauthorized access to another computer. It's better still if you can persuade law makers to make hacking an offense. Then you don't need to fix the problems at all. Just put all the evil hackers in prison. Problem solved.
So as I said previously we're stuck with the present situation. I don't have any simple answer to it.
Jason
I've long wondered why the Dells and the Gateways, etc., haven't designed and released high security desktops. I dunno what their contracts with MS block them from doing.
Back in 1999 when I first started using using Win 98 and became interested in security isues. I soon made up my mind to try a long term experiment. I was used to using Free Agent and Netscape so I lucked out and never used OE or IE. I disabled services and made sure only TCP/IP was bound to my adapter(s). I never used a firewall or realtime antivirus. After awhile I got DSL service and continued on the same way for years ... taking the same approach with Win ME and then Win 2K Pro. I dropped Netscape in favor of Mozilla, Firefox and Opera. Later on , I started using IE very sparingly only for trusted sites that didn't render well otherwise. I've never experienced any problems at all with spyware or malicious code of any kind.
So I wonder what stops PC vendors from offering a safe and sane PC for home users who just want to get work done, d/l POP3 email, and do research on the web. As long as users "keep their noses clean" and avoid the crap high risk users get involved with like P2P and p*rn ... they should have no problems.
What I'd like to see is a machine that's safe to put on the internet in its default condition, equiped with alternate internet apps, and a spare drive for use as a cloned backup. It should also have the backup/restore sw (I always used XXCOPY with Win 9X/ME). And a nice convenient registry backup/restore such as ERUNT that I use with Win 2K. It should _not_ have any System Restore doing any kind of automatic backups. That sucks :) Users must take at least take complete control and responsibility for backing up.
Art
I'm not sure exactly what you mean by high security desktops.
They already offer it. Provided the user, like yourself, has a clue.
Most users are not like this. They bought the PC to grab what they can from P2P while P2P still exists. Security is not even something they will associate with a home computer.
This PC would be fine for you, me and the other 50 people who read this group. No vendor will target a PC at only 52 people for economic reasons :)
Backup?? This word is not even listed in the average home user's vocabulary.
Jason
I meant to give an example by the things I mentioned. I didn't mention patching the OS though. That's important too, of course. Basically it just means shipping the machine with a OS and internet apps safe to go online with. That's all.
"High security" is admittedly a poor choice of term. "Improved security out of the box" is actually what I have in mind.
I'm not a typical user. I'm a retired electronic engineer who has worked for computer oriented companies since 1959. Even at that, I had a steep learing curve since I had no networking or Windows programming experience. Still don't.
Do you have good studies to support your claim? I really have no idea what "most" users are interested in or what they do online. All users I know personally just use PCs for legit purposes. They have no clue whatsoever about how to harden their PCs. They view their PCs as a appliance that should just work safely without any bother. I'm saying that a machine can easily be produced for such people ... and such a machine is unfortunatley unavailable for the mass home market.
I believe your estimate of the market potential is _way_ off. However, since MS has sold the public on LANs and file/printer sharing, there would have to be a LAN version with a firewall to suit this MS created market. No big deal. It just means that the LAN version would be shipped with NETBIOS activated (but no other unnecessary services).
True. There should be instructions on Page 1 of the user manual, and on the screen during a install.
Art
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.