Do you hate Windows XP

[VirtualLarry]

Originally posted by: EndGame
Then stop using your computer!

LOL! If you have no trust in anyone/anyplace scanning your system for needed updates, etc., you need to unninstall all your AV software, Mozilla browser, Anti - Spam software, Spyware Detectors, etc. since they all scan for updates and also scan your system!

Also, you better watch it.. you don't know what info PAyPal, EBay, Amazon, even NewEgg have to gather to do a transaction. Stop using those also and forget about ever using a credit card online.

Interestingly, I don't run any AV scanners, I don't enable any auto-update features, and I don't conduct any sort of financial transactions online, either.

 

[VirtualLarry]

Originally posted by: STaSh

Yes, but what I was talking about was an actual software defect. Booting to the Recovery Console, on any system, is supposed to prompt your for the Admin password. The fact that it apparently does not, when booting a W2K Recovery CD on a system with an XP NTFS partition, is a flaw, because it is not functioning as designed.

It's not a flaw, it is working as designed. The 2000 recovery console does not recognize the XP SAM, which is why you don't get prompted. I can put a knoppix CD in a 2000 or XP system and it won't prompt for any password either, because knoppix could care less about the SAM. Is this a flaw too?

The key difference, and what makes it a bug, is that the system was designed to prompt for a password before access.

If you walked up to an NT workstation, and hit C-A-D to access the login dialog, and were able to hit CTRL-ALT-SHIFT-WinKey-F12, and Windows would magically let you login without a password, is that not a flaw? I mean, hell, you had physical access to the machine, why should there be any attempt at secure authentication at all? (Btw, that was a hypothetical made-up example, I have no idea what that key sequence does - hopefully nothing special.)

Originally posted by: STaSh
Likewise, I can put the same knoppix CD in a linux system and have the same access. This is not a flaw! This is security 101.

It *is* security 101, but that does *not* mean that it isn't a flaw - it is.

Originally posted by: STaSh

It wasn't FUD, you just mis-understood what I was saying - that MS's "most secure OS ever" had a silly little defect, that let people trivially bypass the password (as opposed to making them work for it by having to hack the SAM and bypassing it that way).

It is FUD, or at least ignorance. Why would any one with physical access to your drives hack a SAM file? If you had physical access to a linux box, would you be wasting your time trying to brute force the root password? Sensationalist journalism that crows "HUGE NEW XP HOLE! RUN FOR YOUR LIVES!!" does not make this an actual vulnerability.

It most certainly was not ignorance, and it was truthful, hence not FUD either. How is it ignorance to point out that the software is apparently NOT working "as designed". The security implications of that are another matter entirely.

(However, in your above hypothetical example, if Linux supported EFS in the same manner that W2K/XP does, then yes, you would still need to brute-force the user's pasword, in order to decrypt their EFS cert., in order to decrypt the file keys, in order to decrypt the files, in order to access them. But please don't misunderstand me again - crypto is about the only step that you can take to protect your data, when the attacker has physical access.)

But while a wooden door may not be able to prevent a determined attacker with a crowbar from entering, it's still better than no lock on the door at all.

Or should car doors not have locks either, because it's simple for someone to just smash the window and let themself in to the vehicle?

Security is not about absolutes, it never was, there is nothing that is "absolutely secure". It is a spectrum of tradeoffs, between the cost of sucessfully breaching security for the attacker, and the inconveniences during operation for the defender. That software bug lowers the cost to the potential attacker to zero. I would say that is still more-or-less a security vulnerability, in the same manner as choosing a weak password. Except in this case, it's MS's doing, and you can't change that.

 

[VirtualLarry]

Originally posted by: STaSh
I find it amusing that you equate not having yet been certified with being insecure.

After so many years of MS insecurities, pardon "us" for not giving MS the benefit of the doubt in this matter. ("us" collectively being the users of MS software that have been affected by prior security problems, in general.)

Originally posted by: STaSh
Applying for, being evaluated, and achieving Common Criteria certification is a very long process. It took over two years for Windows 2000 to achieve EAL4.

Quite frankly, color me surprised that they were able to do so. I would be interested in finding out more about the exact tested configuration used.

Originally posted by: STaSh
Both Windows XP and Windows Server 2003 are being evaluated under the Common Criteria. There is absolutely no reason to assume that they will not achieve at least as high a certification as 2000.

I will be even more surprised if that ever happens. If it does, then I would be willing to bet that it would only be under a cut-down minimal configuration of those OSes, like XP Embedded with the bare basic set of drivers and limited user-mode tools.

 

[VirtualLarry]

Originally posted by: JackNaylorPE
On the memory comparison issue, I wasn't using a simplistic approach. We have done bench test comparisons using AutoCAD on an NT4 box and and NT5.0 box (haven't done full scale NT5.1 tests yet cause the machines available at this point are too far apart in hardware). The NT5.0 box had a 15% faster processor but everything else was the same. Yet the NT4 box, despite having the slower CPU) kicked butt on the NT5.0 box.

Compile on a Windows XP-Based Computer Takes Longer to Complete Than on a Windows NT-based Computer
http://support.microsoft.com/?kbid=816073

When you try to compile a program on a Microsoft Windows XP-based computer, it may take approximately 30% to 40% longer to complete than it did when the same computer hardware was Windows NT-based.

 

[stash]

The key difference, and what makes it a bug, is that the system was designed to prompt for a password before access

Yes, but the point that you cannot seem to grasp is that the 2000 recovery console does not recogize an XP SAM file. When you are not prompted for a password, it does not mean you are automatically being logged in as an administrator. On the contrary, you are not being logged on at all! That's not a bug, that's exactly what it should do.

Because of this, the amount of things you can actually accomplish are somewhat limited, especially compared to using a third-party boot disk.

 

[VirtualLarry]

Originally posted by: Phoenix86

I don't recall MS ever announcing with XP SP2 "we broken localhost IP routing!

Are you an app dev.? If not, why would you know? If so, was there no documentation available, or did you just not know about it? (all serious Qs)

I'm not sure that I understand the point of your response; about a month after XP SP2 was released, MS provided a patch to fix the bug. It was a software bug, the brokenness of localhost IPs wasn't entirely by design, or if it was, it was very poor non-RFC-compliant design that was quickly reverted. Really, it didn't gain anything security-wise, and only introduced unnecessary network-using app bustage.

 

[VirtualLarry]

Originally posted by: STaSh

The key difference, and what makes it a bug, is that the system was designed to prompt for a password before access

Yes, but the point that you cannot seem to grasp is that the 2000 recovery console does not recogize an XP SAM file. When you are not prompted for a password, it does not mean you are automatically being logged in as an administrator. On the contrary, you are not being logged on at all! That's not a bug, that's exactly what it should do.

Because of this, the amount of things you can actually accomplish are somewhat limited, especially compared to using a third-party boot disk.

http://www.briansbuzz.com/w/030213/

According to that, you actually get *more* access, than an Administrator logging in with a password would have. How is that not a bug?

 

[stash]

After so many years of MS insecurities, pardon "us" for not giving MS the benefit of the doubt in this matter. ("us" collectively being the users of MS software that have been affected by prior security problems, in general.)

Funny you would say that, when not a single Linux distribution has achieved that level of certification according to the Common Criteria website. And slight correction on my part, Windows 2000 is certified at EAL4+. There are number of Unix's at 4 or higher and certain versions of Solaris are at 4.

http://www.commoncriteriaporta...sumer/index.php?menu=4

Quite frankly, color me surprised that they were able to do so. I would be interested in finding out more about the exact tested configuration used.

There are two PDF files for Windows 2000 at the link above. More information from Microsoft:
http://www.microsoft.com/techn...cs/issues/w2kccwp.mspx
http://www.microsoft.com/press...9CommonCriteriaFAQ.asp

I will be even more surprised if that ever happens. If it does, then I would be willing to bet that it would only be under a cut-down minimal configuration of those OSes, like XP Embedded with the bare basic set of drivers and limited user-mode tools.

Ok, so 2000 achieves EAL4+ without resorting to a minimal configuration, but for some reason 2003 and XP will need to do so to pass?

Server 2003 and XPe entered evaluation for EAL4+ in August 2003. Given that it took over two years for 2000 to be certified, it will probably be a few more months before it is official. Stay tuned....

http://niap.nist.gov/cc-scheme/in_evaluation.html#w

Maybe you would like to read a primer on Common Criteria:

http://niap.nist.gov/cc-scheme...cs/cc_introduction.pdf

 

[VirtualLarry]

Originally posted by: STaSh
Funny you would say that, when not a single Linux distribution has achieved that level of certification according to the Common Criteria website. And slight correction on my part, Windows 2000 is certified at EAL4+. There are number of Unix's at 4 or higher and certain versions of Solaris are at 4.

And... WTH does Linux have to do with anything that was being discussed? Color me confused how XP software bugs turned into Linux Common Criteria certifications. Personally, I'm not a Linux user, so I don't really care.

Although, what about SELinux, the NSA's very own Linux distro, specifically hardened for security? You would think that would pass whatever certification criteria the NSA uses to judge, since, well, they're the ones behind it.

Originally posted by: STaSh
Maybe you would like to read a primer on Common Criteria:
http://niap.nist.gov/cc-scheme...cs/cc_introduction.pdf

Yes, I would, actually. Thanks for posting the first actual links to this stuff in this thread.

 

[stash]

Yes, I would, actually. Thanks for posting the first actual links to this stuff in this thread

I figured that someone who has a rebuttal for every post would've found that information on their own by now. Silly me.

 

[EndGame]

Originally posted by: VirtualLarry

Originally posted by: EndGame
Then stop using your computer!

LOL! If you have no trust in anyone/anyplace scanning your system for needed updates, etc., you need to unninstall all your AV software, Mozilla browser, Anti - Spam software, Spyware Detectors, etc. since they all scan for updates and also scan your system!

Also, you better watch it.. you don't know what info PAyPal, EBay, Amazon, even NewEgg have to gather to do a transaction. Stop using those also and forget about ever using a credit card online.

Interestingly, I don't run any AV scanners, I don't enable any auto-update features, and I don't conduct any sort of financial transactions online, either.

OK...Whatever.

I can believe the auto-update part, the A/V part is just stupid, and the part about no transactions online, I tend to doubt also. Even if what you say is true, you are part of about 1/2 of 1% of the people out there whom do not do any of those things and run Windows.

I'll admitt, I didn't run A/V either until about 2001 and never had a bad problem. Then I found Panda A/V and been with them since. I don't have to worry, it takes little resources. Running without A/V protection these days is like not wearing protection while playing the dating scene......it just isn't smart!

 

[imported_Phil]

Originally posted by: RobCur

Originally posted by: deathkoba
MacOS 9 is THE BEST. XP crashes ALL THE TIME.

It's IE taking down the whole system, it kills every icon often and have to reboot.
FVCKING MS SHI^ Product, piece of crap. worthless os, over bloated. has extra junk that I don't need
looks nice on the outside but like garbage inside. sloppy crappy os written by college dropout

You are an enormous tool.

 

[DonPMitchell]

The big issue at Microsoft with Windows XP was applications compatability. Up until Win2K, they were supporting two completely different operating systems, written by two teams: the NT kernel developed by Dave Cutler, and the "Win 9x" team.

NT was the first major operating system developed in a long time, and represented a good selection of 1990's technology. So you saw a lot of features like async I/O, critical sections, I/O concentrators, both kernel and user layer threads, and event handling. It would be some years before these features migrated into UNIX (remember, prior to BSD, UNIX didn't even have semaphores!). The goal was mainly the support of server applications, and to start a path to the next generation OS.

Win 9x had a different goal entirely. It was smaller, and oriented toward interactive client applications. It let applications pretty much do whatever, and adopted new features and standards very rapidly. We all know the price paid for that rapid evolution of course, Win 9x was nowhere near as stable as NT.

Merging the two functionalities in Windows XP was a technical task of enormous difficulty. People who haven't worked on large software projects may not appreciate who hard this is. Its all transparent to the end user.

Windows 98 did unbelievable things to adapt itself to important-but-crappy applications. It had three VM systems, two of which only engaged when certain applications ran (not necessarily MS applications!) to work around their sloppy behavior. I remember seeing a section of code that pushed a bubble onto the stack when running a popular email program, to prevent a bad pointer reference from crashing it. The memory bubble was named "EUDORA_PIECE_OF_CRAP". Hehe.

Anyway, applications compatability in XP is technical marvel. NT kernel merged with hundreds of thousands of application support features in Win 9x, but with without allowing the applications to violate the integrity of the kernel as Win9x had. People moaned about the delays, the last minute release of (crappy) Windows ME. But I am not surprised at all that it took many years.

 

[JerkyBoyz0]

You hit it right on the head. A lot of people dont understand how to make an operating system work flawless with all these applications. Its funny it reminds me of a time i was working in IT in a school, and we had our linux boxes for network storeage and other things. Anyways we had a brand new linux box i forgot the distro, but we were trying to install coldfusion on it. It took them about 3 months to get it to work correctly. There were so many problems getting it to install its not even funny. Now based on that it is VERY hard to get certain apps to work on certain OS's and i think Microsoft and their windows line has done it better then linux and their software apps. Of course it IS an opinion. I dont not support it with any facts so dont jump all over me. Microsoft didnt get to where they are by making crappy products. Linux is an excellent operating system for networking and things along those lines but Windows is the best choice for home use and for the end-user. People dont want to know how it works , they just need to use the computer to type a report, and check e-mail, and loads of other things. I think Microsoft has made all their products easy to use with little or no knowledge of computers at all. Anyways have a good holiday everyone.

 

[Bassyhead]

XP

 

[h2]

Hate XP, have quadruple boot machine, 2 w2k's, 1 xp sp2, just 'upgraded' tonite, with some idiotic problems caused by sp 2 overwriting the old xp ntldr/ntdectect.com files that worked fine with new ones that cause boot error on w2k sp 4, go figure, anyway, hate xp, never use it except for testing, just installed xp sp2 just to see how it works for support calls and the like, but never have used xp, prefer clean/relatively simple w2k, don't run IE or Outlook type products, all firefox/thunderbird so security isn't that much of an issue, although protecting the system from Microsoft f#$k ups is, nice waste of time tonite on that.

Never play games, life's too short, so that's not an issue. Have never found anything w2k doesn't do that I need done, except maybe the cute xp slideshow viewer feature in windows explorer, that's literally the only thing xp has that I like, everything else about it I dislike sufficiently to have decided to make w2k my last MS workstation OS for real work, it's linux from here on out.

Microsoft didnt get to where they are by making crappy products.

Ha ha, good christmas humour, you must have missed the last 5 years or so of lawsuites, they got where they are by intimidation, illegal monopolistic practices, very much like a high tech mafia, you talk to the feds, we make sure you go out of business.. most major guys were unwilling to testify against ms unless 2 or 3 others also would, catch 22 since no one wanted to be the first, ms would wipe them out, read all about it, it was very well documented, dos isn't done until lotus won't run, etc....

they got where they are by driving all competitors out of business, or forcing them to let them take them over, buy them out, outright steal their algos etc. read more and you might not say something this silly again, happy holidays

 

[JerkyBoyz0]

Well ya they drive companies out of business. Thats a basic business practice. Wal-Mart is doing it all over. Microsoft is a business, they dont like competition. I personally dont like Microsoft products, but i am a computer technician. If it wasent for Microsoft we wouldent have jobs. We make a business off of Microsoft's blunders. Keeps us in business, so we sorta like Microsoft. When SP2 came out we had like 10 customers in a week because SP2 crashed machines. Yes that sucks. H2 do you think microsoft is the only company that does illegal things? I am not a moron but u have to respect Microsoft, they are a business. They make good business decicions. Mabey not in the past 5 years. Ya they do bad things, but so do 99% of other corporations.

Trust me h2, i am on your side. You dont need to attack me. Just I dont "hate" microsoft. Hate is a strong word.

I would also suggest to anyone not to use IE or Outlook Express. They are the most targeted programs on the internet.

As h2 suggested firefox/thunderbird are great products. I like XP over W2K. I like the feel of XP. W2K has a lot less crap on it, its nice and clean.

 

[Link19]

Then stop using your computer!

LOL! If you have no trust in anyone/anyplace scanning your system for needed updates, etc., you need to unninstall all your AV software, Mozilla browser, Anti - Spam software, Spyware Detectors, etc. since they all scan for updates and also scan your system!

Also, you better watch it.. you don't know what info PAyPal, EBay, Amazon, even NewEgg have to gather to do a transaction. Stop using those also and forget about ever using a credit card online.

You can blow this out of proportion all you like but the truth is, unless you have some trust in mankind, you might as well stop now, sell off everything and move into a remote mountain region, live off the land, halt all contact with anyone in any way and shoot everyone whom comes within 1000 yards of your little settlement.

See, it's just as easy to blow things out of proportion from both sides! All I'm saying is, I have no problem with my system being scanned for software updates. If you do, perhaps it's you whom have the problem because a little hint.......it is being by some software right now or a few minutes from now, and it has been before....!

Well, that's not the point I was trying to make. The point I was trying to make is that protecting your privacy is important no matter how you look at it. This isn't about trusting no one anywhere at anytime. This is about ensuring that you should only trust the people you want to trust and that no one (be it an individual, corporation, organization, government agency, and/or whatever) should have the right to just radnomly snoop on what people do with their computers. When you do credit card and other finincial transactions online with places like ebay, Paypal, and such, you are explicitly giving them authorization to collect some personal information in order to sucessfully pay for what you order online. But they are the only ones who know about it and nobody else is allowed to watch what you do or collect that personal information for an online transaction you complete with a specific individual or organization. That's the point of your privacy.

I also agree with VirtualLarry on the aspect of trust regarding some of these large corporations. I am with VirtualLarry on the fact that I don't use Windows Update either because I don't trust Microsoft because I am very suspicious that much more information is collected about what's on your PC than what Microsoft claims. I just download security updates manually from the MS security bulletin and every time I install one, I scan my PC with Spybot and Ad-Aware just to be sure. I even disable any services that send any information to MS such as driver information. I do it all with my LAN cable unplugged and then plug it in when finished. Fortunately, I am lucky enough to not have to deal with Windows product activation because I got a legal copy of the corporate version of Windows XP from my workplace.

 

[h2]

<< If it wasent for Microsoft we wouldent have jobs. We make a business off of Microsoft's blunders. Keeps us in business, so we sorta like Microsoft. When SP2 came out we had like 10 customers in a week because SP2 crashed machines. Yes that sucks. H2 do you think microsoft is the only company that does illegal things? I am not a moron but u have to respect Microsoft, they are a business. They make good business decicions. Mabey not in the past 5 years. Ya they do bad things, but so do 99% of other corporations. >>>

I've said the same thing many times, part ot if anyway, I like viruses, they keep my clients terrified, great for business. As to the rest, no, sorry, MS is not just like any other business, dream on. There are many car companies, many gas companies, etc. These businesses understand that they are in an environment that has competition. MS has never been able to grasp this simple concept, they want only one company running your computer, them. This is what makes them fundamentally different than other businesses, it's like it was years ago with IBM and ATT, Standard oil earlier in the united states, finally the state came in and said, no, you are a monopoly, you can't keep abusing your position, and forced breakups. MS avoided this possibility by making a huge campaign contribution to the Bush campaign, the penalty was gutted, they walked away. Not like a normal business at all, in any way. Standard profit margin of 30% year in and year out, 50 billion dollar cash resevoirs. No other business around can claim that type of performance, that's because they are a monopoly, not because they practice good business. That's why IBM, Sun, Apple, Novell etc are increasingly supporting Linux/Open source, they are fully aware of the problem, and are working hard to rectify what the state should have but didn't correct.

Don't believe the MS hype, MS doesn't provide jobs, Open source stuff does, locally. High skilled jobs too, not the cookie cutter junk you learn with MS, I've gone that route, it's one of the biggest regrets I have, wish I'd learned basic Unix instead of wasting my time with MS Windows, I'll rectify that this year, but Windows getting worse and worse.

By the way, what I despise is the fundamental programming philosophy that underlies not just MS products, but most commercial large scale apps, the direction this stuff is going in is getting more and more annoying, Norton AV slices out bigger chunks of possible configurations, user friendliness makes stuff less and less useable. Etc. It's a philosophy that strikes me as becoming dated though still very profitable, but other philosophies are more powerful, and are attracting the best and brightest, firefox, tbird, linux, etc, are just the beginning, that's why MS is beginning to stockpile patents, they know they can't win this one by fighting fair.

 

[JerkyBoyz0]

Ya u have very good points. I think is MS dosent do something soon, i think you might see some other OS come mainstream. Now how soon i dont know but I know a lot of people are fed up with MS. Longhorn is a very scarry OS. I heard some crazy stories about it. I am not going to elaborate because i dont know how true they are. I am not gonna comment on the things you said about MS because I dont know how true all that is. I have to disagree on the MS dosent provide jobs because they really do. I think we gonna just agree to disagree. Unix is a good OS to learn. I dont think MS Windows is a waste of time. 90 Percent of computers have windows (I think, its around there). I will agree windows is getting worse but u gotta know it.

 

[skrivis]

Win 2K seems to be superior in terms of having less extra junk. It's pretty rock solid and I wouldn't advise anyone to upgrade to XP unless they need some of XP's extra features.

XP Pro _does_ seem to have less problems with dll hell, although I've heard that it isn't perfect in this respect.

I run XP Pro at home because it has Cleartype and I have an LCD monitor. This is one major reason (for me) to upgrade.

I've turned off a lot of the extra junk, but I still think XP is more sluggish than 2K. (I need to upgrade my computer hardware!

OS X is really fun to use and is very well done. Linux and Solaris can also be very fun to use, although OS X is probably better for general desktop use.

My Mac is an older one, but OS X seems "snappier" than XP Pro on more recent hardware. Linux usually performs better than XP, but the newer versions with a full Gnome or KDE setup have a higher hardware requirement than used to be the case with Linux.

Isn't it great that we have so many choices?

 

[Randabis]

I perfer Windows 2000 over Windows XP.

Reason 1: For some odd reason, my boot times are actually faster in Win2k than in XP. I don't know why, but the difference is significant. My system is only about a year old, and is a decent gaming system, so it isn't because I have crap hardware.

Reason 2: Everything feels much snappier in Win2k. After running XP nonstop, especially after a few days time, it seems to become more sluggish, to the point of needing a reboot. I don't get this problem in 2k, and often leave it running for weeks at a time.

Reason 3: No activation. I don't really have a problem with activation per se, but if I can avoid having to do it, then I'm a happy camper. Plus, XP has an annoying habit of requiring you to reactivate the product if you make any major hardware changes, and sometimes won't even boot up, causing you to hage to reinstall.

Overall, I perfer Linux to Windows (especially ubuntu, god I love ubuntu), but when I need my gaming fix, I need Windows, and win2k just does it better for me. I am however keeping an open mind, and in fact just acquired a copy of the new MCE 2005 to try out. If I find I like it better, then my opinions will change, but I'm definitely not getting my hopes up.

I say just use what you are most comfortable with, and what accomplishes the tasks you need to accomplish. There's no reason to war over things so trivial as operating systems.

 

[Chaotic42]

Originally posted by: LeadFrog
Linux > *

You like a kernel better than an entire OS?

 

[h2]

JerkyBoyz0, it's all true, straight out of the Wall street journal, they covered this stuff intensively during the main trial, a lot of stuff came out. None of this is a secret, it was all documented very well, you're just not going to be reading it on msnbc anytime in the near future.

Windows isn't going anywhere soon, it's got a huge lock on how people perceive computers and working with computers, that's part of the problem, people are losing the ability to distinguish the MS way from other ways of doing things. that's what happens when you have a monopoly. All telephones in your house in USA used to be ATT, period. Long distance rates were very high. ATT got broken up, competition happened again, rates dropped massively. Back then it was hard to picture a world where all calls didn't go through ATT, that's because they had a consumer monopoly. Just like MS does today, in fact, MS was so worried that they would get 99% of the desktop market that they actually funded Apple at one point when Apple was having financial problems. They needed to keep the illusion of competition going at that critical point in their legal games.

Obviously MS creates jobs, they just aren't very good jobs, or very interesting. This is the problem with proprietary systems in general, they are good for the companies making them, but not so good for the rest of us, except aunt milllie, who will happily run whatever OS Redmond throws at her for years to come, as will many corporate networking guys who don't want to deal with learning how to do things differently.

 

[Randabis]

Well, I must say, I eat my words...I made a custom XP install CD using NLite, and now XP beats the pants off of win2k.

My previous reasons 1 and 2 are now null and void, and number 3 is taken care of also.

XP is so much better without IE and all the other bloat.