I was just wondering what people here would say about this:
Imagine if all of a sudden, Gates decided to do a major overhaul of their upcoming windows vista OS. If he did the following:

1) Added a "sudo" type thing, so that you would need to type in a password for administrative priviliges (like ubuntu)

2) Eliminated Internet Explorer, and used Mozilla Firefox as its main web browser

3) Included a built-in complete malware detection and removal software, that had an awesome and configurable firewall, anti-virus, anti-spam, anti-spyware and it was all included with the default install

-How much would windows' security actually increase? Would it really be that much better? (since everyone targets windows pc's for malware)

-Do you think people would become less disillusioned with windows? Would a lot of recent linux converts convert back to windows?

-Would you like windows more?

1. I think it would annoy the crap out of the everyday windows user :) and viruses would be made to target it and change the password causing a lockout. Also some programs are poorly designed and require administative rights in windows already, so a major overhaul would be needed so that all applications follow a specific format to avoid a program unnecessarily gaining "root" access and causing harm.

2. I would be cool with that, save me a few minutes after every win install :)

3. All those would be good, may have some anti-trust on thier hands though. And the user would have to keep them updated or ms would need a way to auto update without being a nuisance.


I think the security would increase quite a bit, but we must remember alot of computer users put themselves unnecessarily at risk by being uneducated and ignnorant to the internet. You can only do so much to protect them.

I think a few may switch back over if the get annoyed with linux, but those that are happy would stay.

I like windows now as a gaming os, just not a production os.

1. I think it would annoy the crap out of the everyday windows user :) and viruses would be made to target it and change the password causing a lockout. Also some programs are poorly designed and require administative rights in windows already, so a major overhaul would be needed so that all applications follow a specific format to avoid a program unnecessarily gaining "root" access and causing harm.

2. I would be cool with that, save me a few minutes after every win install :)

3. All those would be good, may have some anti-trust on thier hands though. And the user would have to keep them updated or ms would need a way to auto update without being a nuisance.


I think the security would increase quite a bit, but we must remember alot of computer users put themselves unnecessarily at risk by being uneducated and ignnorant to the internet. You can only do so much to protect them.

I think a few may switch back over if the get annoyed with linux, but those that are happy would stay.

I like windows now as a gaming os, just not a production os. i agree with you.
Keep 'em coming!!! :D

1) It kind of already exists and has since at least 2000. runas is the command. Of course, since everyone has administrative priveleges (sp?) by default, there isn't a lot of use for it. (on a domain controller or server it can come in handy though)

1) It kind of already exists and has since at least 2000. runas is the command. Of course, since everyone has administrative priveleges (sp?) by default, there isn't a lot of use for it. (on a domain controller or server it can come in handy though) I can tell you right now that the "Run as" command is crippled at best.

You can't successfully install Windows Updates with "Run as."
You can't use Explorer with "Run as."

I was just wondering what people here would say about this:
Imagine if all of a sudden, Gates decided to do a major overhaul of their upcoming windows vista OS. If he did the following:

1) Added a "sudo" type thing, so that you would need to type in a password for administrative priviliges (like ubuntu)

2) Eliminated Internet Explorer, and used Mozilla Firefox as its main web browser

3) Included a built-in complete malware detection and removal software, that had an awesome and configurable firewall, anti-virus, anti-spam, anti-spyware and it was all included with the default install

-How much would windows' security actually increase? Would it really be that much better? (since everyone targets windows pc's for malware)

-Do you think people would become less disillutionized with windows? Would a lot of recent linux converts convert back to windows?

-Would you like windows more?

1. They currently having an annoying prompt when you run an app.

http://arstechnica.com/reviews/os/vistab2.ars/6

2. LOL, if they toss out IE, why stop there?

3. Again in the link I referenced. There is a firewall, windows defender thing. MS will offer paid anti-virus too. I know it seems like a conflict of interest...Oh well...

The security may be better, but the user is still the weakest link. Not to mention the closed source nature of windows, so no telling when some flaw will be discovered...

I think the additional measures seem irritating, and shelling out cash for something that really should included free. Here buy this OS, it might have holes though, pay a fee, and we'll plug those holes...

As for Linux converts switching back. I think that depends on why they switched in the first place.

I had pretty much taken care of my surfing with privoxy (which I still use in ubuntu, great gpl and browser agnostic adbusting proxy). Had no virus issues, hardware firewall in router... It was an ideologicial choice to switch. No reason to stay, and I get better mileage from my PC with Ubuntu (not to mention using 64-bit, even if the benefits aren't noticeable ;) )

Windows or OS X aren't even on the radar for me. When people say this or that is better...
It never will match my definition. I don't want DRM. I don't want a black box. GNU/Linux is the best for me in that respect, currently there is nothing better (hurd? ;) ). And it doesn't burn a hole in my wallet...

Between the awesome repos/apps, easy updates, easy to set up build environments (for those cvs/svn apps I have to have), all that great stuff, plus... I don't have to defrag... That just rocks.

One of the things when these conversations come up that always seems to get missed is Linux is free, even if microsoft made windows every bit as good if not better than Linux, which aint ever guna happen, I still would not want to pay money to turn my pc on, there is a principal behind that and theres the fact that im poor student scum with 3 computers you do the sums on that one.

If microsoft took a BSD and replaced parts of it with there own then windows could be considered quite good but only problem is that they would be undoing their vendor lock in.
Networking would actually work correctly then, stronger security for the user.
They could layer their apps around it like apple have done but windows might integrate itself too well.

Windows, without a registry, uses xml config files, a better filesystem so it doesn't need to be defragged 24/7.

If microsoft took a BSD and replaced parts of it with there own then windows could be considered quite good but only problem is that they would be undoing their vendor lock in.
Networking would actually work correctly then, stronger security for the user.
They could layer their apps around it like apple have done but windows might integrate itself too well.

Windows, without a registry, uses xml config files, a better filesystem so it doesn't need to be defragged 24/7.

The windows tcp/ip stack is from BSD code (http://www.kuro5hin.org/?op=displaystory;sid=2001/6/19/05641/7357 ). They wouldn't really undo vendor lock-in since the BSD code can be locked up.

To be fair to Microsoft (though they do not deserve it), even if they make Vista with very tight security, the biggest security flaw in Windows is the user. Windows users include most people and nearly all the idiots.

i can say one thing about windows xp. for downloading certain files and like yahoo messenger and the webcam with it it is a night mare to use linux. i mean setting it up is a total pain. windows was alot more conveniant. espcecially for the computer illiterate like me....

i thought MS was heading in that direction already. they are developing their one care thing and locking out third party venders with kernel patch protection.

all that makes their OS weaker, alot of security venders aren't going to support Vista and more of the protection will come from MS, that's a bad thing in general.

here's an article about it
http://www.agnitum.com/news/kernel_patch_protection.php

In order for Windows to be stable and secure, it needs to be rewritten. Their best bet would be to do what Apple did and use BSD as a base.

The kernel patch may be a necessary evil for them. Thier are many 3rd party programs that are more milicious then what they are supposed to protect against. People worried about security who use them could do more harm then good.

Its just unfortunate that reputable vendors could be harmed by it. And it shows hints of monopolistic tactics :-k


So where does this leave legitimate security software developers?

Microsoft seems to be saying that it is enough to use just standard built-in protection tools. Agnitum and other third-party security developers would strongly disagree with that position. Third-party security solutions create a much-needed additional level of protection, and having a variety of these tools available empowers the user while handicapping the hacker. Simply put, it is much harder for malware writers to adapt malicious code for different protection mechanisms from multiple vendors than it is to attack a single-vendor solution that purports to be a universal fix.


That quote says it all. It is easier for hackers now since they just need to break one protection algorithm. Imagine if every copy protected cd/dvd used the same encryption? Think of how secure that would be.

All the hackers can combine forces to break the one and only protection and then who knows what kind of hacks could be cooked up to exploit the vulnerabilites, which their will be.

I don't know much about what Vista will really offer, but I do know Microsoft's history of insecurity. (Software-modded Xbox, anyone?)

Just implementing a "gksudo" won't necessarily heal the ills. Vista needs to have a permissions system, at least for the "execute" permission. Microsoft needs to encourage software developers not to create files with the execute permission in place (for instance, if you recieved an .exe file through the e-mail, the e-mail client wouldn't automatically make it executable).

Gksudo also has a feature where it checks that the keyboard and mouse are not being intercepted or controlled by another process, and warns the user if that is so. Vista would need the same thing, and I'm worried that it doesn't.

Also, Microsoft would have to develop some kind of D-BUS for Windows. Right now, many Windows programs use sockets for their interapplication communication, and shockingly these programs always accept remote connections. This nonsense has to be stopped, and Microsoft must be the one to put a stop to it.

Some kind of AppArmour for Windows would also not go astray, providing that the specifications of what a program was and wasn't allowed to do was set by the developer, and implemented at kernel level.

And that goes for the rest of Windows. The security features should be implemented at kernel level, not user level. Unfortunately, as many of these security suggestions will inconvenience users who don't consider computer security, Microsoft will not implement them.

MS would have to do alot of overhauling for Windows to make it a useable and secure OS.
1) Rewrite the entire codebase to be modular (was supposed to be a microkernel to begin with but ended up being somewhere inbetween) and utilize very strict QA standards to make as bug free as possible.

2) Get rid of the mother$&*^ing registry, that is one of the biggest vulnerabilities in Windows. It's fine if they made a registry like interface to config files but each config has to be it's own file.

3) Won't need an antivirus/antispyware software if it is written right.

4) Revamp the user controls, as of right now they are barely enforced.

5) Unlink services, wtf were they even thinking making services interdependant. In 2K you could get rid of services you didn't need and it was fine, tried the same in XP and half the crap turned off. Also make them NOT listen on the network unless explicitly told to (like Ubuntu does).

6) IE needs to not be integrated and file manager should not be relying on it's engine.

7) Adhere to gorram (Firelfy w00t) standards instead of creating it's own.

8) Not be a huge resource hog, sys rqs for Vista are more than some of the recent games.

9) SELinux like kernel hooks for easy rootkit discoverability.

If they do that then MAYBE Linux people would switch. I been considering it myself because of battery life issues (nVidia driver on Linux doesn't support GPU throttling) and bluetooth not working (yes I posted on the forum but it seems Ubuntu isn't recognizing the hardware) and of course games. But all the problems that I don't want to deal with keep me from doing it.

And that goes for the rest of Windows. The security features should be implemented at kernel level, not user level. Unfortunately, as many of these security suggestions will inconvenience users who don't consider computer security, Microsoft will not implement them.
Not even that. Windows was never designed with security in mind, it was a hobbyist OS back in 3.11 days and up till NT wasn't really meant for organizational use. With NT when it was at early stages security was of little concern because the net wasn't as widespread as it is now and dial-up was the common access method. Not to mention that most companies ran some flavor of Unix on their mission critical systems. At the point where NT evolved into 2K (XP is really just a 2K SP IMO) there was all that legacy stuff that had to be kept there (registry anyone?) and MS wanted to drop the 9x line for the home user so they wouldn't have to program for 2 different platforms so they put in stuff to make it easier to use for regular security unconsious user.

I was just wondering what people here would say about this:
Imagine if all of a sudden, Gates decided to do a major overhaul of their upcoming windows vista OS. If he did the following:
...
3) Included a built-in complete malware detection and removal software, that had an awesome and configurable firewall, anti-virus, anti-spam, anti-spyware and it was all included with the default install

Surely it would end up deleting the OS itself.

In fact, this did happen - CA antivirus deletes Windows 2003 file (http://news.zdnet.com/2100-1009_22-6112241.html)


To be fair to Microsoft (though they do not deserve it), even if they make Vista with very tight security, the biggest security flaw in Windows is the user. Windows users include most people and nearly all the idiots.

As MS themselves know - Open source gets results, while Microsoft blames malware on 'stupid users' (http://blogs.zdnet.com/Burnette/?p=65)

As MS themselves know - Open source gets results, while Microsoft blames malware on 'stupid users'
Just to play the devil's advocate. That is a highly debatable statement. There is a huge number of MS users who are not very technically proficient. When it comes to FOSS (Linux in particular) the number of non tech users is very low making it a very bad platform to target malware at.

Notice that I am not talking about the userbase here, in the server market Linux is very high profile but the nontech userbase is very tiny.

Just to play the devil's advocate. That is a highly debatable statement. There is a huge number of MS users who are not very technically proficient. When it comes to FOSS (Linux in particular) the number of non tech users is very low making it a very bad platform to target malware at.

Yes, I was agreeing with their statement.

I also found out that a spyware checker actually did delete a bit of windows (see my updated post above)

Yes, I was agreeing with their statement.

I also found out that a spyware checker actually did delete a bit of windows (see my updated post above)

Yeah I took it in the other light.

After reading the article I do have a bit to add though (previously replied w/o reading it). Security issues have been debated to death and there is no question that Linux is a more secure OS out of the box but there are so many grey areas (such as patch introduction) that it is near impossible to make a good judgement. The author said that FOSS puts out patches much quicker than MS does but at the same time we have no idea about the testing process. Sure it takes MS a while but it is likely that a FOSS patch was coded up by one person tested on what computers he/she has and then released. As I said I am no fan of MS and Windows but there are too many grey areas.

There are areas where Windows is superior to Linux from a technological point of view. Sound and driver installation are probably the biggest pains of Linux.

There are areas where Windows is superior to Linux from a technological point of view. Sound and driver installation are probably the biggest pains of Linux.

This is hardly the kernel's fault, it is the hardware manufacturers.

Also, if hardware is supported by the Linux kernel, no drivers have to be installed seperately. In Windows, the kernel supports very little, so (rubbish) 3rd party drivers need to be installed.

A case in point is my new mobile phone. I connected it in Ubuntu, and everything was fine right out of the box, I could transfer files etc. Even when I unmounted it, the phone came up with a message saying "You can now remove the device".

In order to get it to work* in Windows, I had to install drivers first, and even after that the wee unmount message doesn't appear.

*In this case, it would pop up a message prompting me to install drivers when I plugged it in. It would work if I selected no however, but I gave in and installed them.

-How much would windows' security actually increase? Would it really be that much better? (since everyone targets windows pc's for malware)

-Do you think people would become less disillutionized with windows? Would a lot of recent linux converts convert back to windows?

-Would you like windows more?

No. I never had a big problem with security (unless you count WGA-type "features") in Windows. The same is true for most people competent enough to switch to Linux on their own. These issues aren't even factors for me. For me, it's all about ownership and control.

This is hardly the kernel's fault, it is the hardware manufacturers.

Also, if hardware is supported by the Linux kernel, no drivers have to be installed seperately. In Windows, the kernel supports very little, so (rubbish) 3rd party drivers need to be installed.

A case in point is my new mobile phone. I connected it in Ubuntu, and everything was fine right out of the box, I could transfer files etc. Even when I unmounted it, the phone came up with a message saying "You can now remove the device".

In order to get it to work* in Windows, I had to install drivers first, and even after that the wee unmount message doesn't appear.

*In this case, it would pop up a message prompting me to install drivers when I plugged it in. It would work if I selected no however, but I gave in and installed them.

[Lumbergh mode] Yeah, I'm gonna have to go ahead and disagree with you there. [/Lumbergh mode]

Sound is not an issue of the kernel itself but of the GNU/Linux OS. There are 3 or 4 different subsystems and each programmer picks one he/she likes for one reason or another. Flash having sound issues, or inability to have multiple sounds in Breezy were all because of that. Windows is much better when it comes to sound because there is only one sound API. Choice is good but for some things there needs to be one standard.

Driver installation is not only the kernel's fault it is Linus Torvalds's personal fault. He refuses to allow pluggable drivers they all have to be compiled both nVidia and ATI's proprietary drivers basically compile themselves on install (it's a bit more complicated than that but basically). If a driver is in the kernel that is great and awesome and there is no need for anything else. However if the driver is not you are a SOOL. Installing Lexmark drivers was a nightmare on Breezy and took alot of thinking. Not all drivers can be included in the kernel and 3rd party drivers are hardly always crappy. For the most part they suck because MS's ABI/API's are incomplete.

It will never be possible to include every single driver in the kernel for both technical and ideological reasons. Driver installation should not be difficult and require compiling kernel modules that IMO is a huge issue and should be addressed. There have been a push lately with the kernel devs to run drivers in userland, which would make them a bit easier to install but.....