What is it about Windows that everybody likes? (A rant)

[ControlD]

This thread went way farther that I expected.

I have many issues with Windows. My main concern is that it is becoming a normal occurrence for major systems to be hacked and much private data being stolen. I don't know what these systems are running, but with Windows controlling 92% of the market I think that it is safe to say the vast majority of them are running Windows. This seems like a problem that needs to be addressed to me.

Do you think if Linux or OSX were the operating system with 92% control of the market that the tables wouldn't be turned?

 

[Skaendo]

Do you think if Linux or OSX were the operating system with 92% control of the market that the tables wouldn't be turned?

Hard to say.

It is a lot harder to hack a *nix system. Not that it cant be done. But there has never been a widespread hack, virus etc on linux ever like is common on Windows.

 

[saratoga172]

Hard to say.

It is a lot harder to hack a *nix system. Not that it cant be done. But there has never been a widespread hack, virus etc on linux ever like is common on Windows.

A recent bash bug would beg to differ with you. Not a virus per se but an exploit much like what windows systems often have.

If the tables were turned OS X and Linux would very much have similar issues to what Windows is having. Can't say if it would be as prevalent or more since that's not the case. The simple fact is people try to hack the most commonly used software. There's no or little money in hacking Linux builds (plus there are lots of them) or hacking os x.

It's been proven at hacker conferences over the years that os x is easiest to hack, then Linux then windows. I attribute that less to security of the os and more to necessity based on use.

 

[Skaendo]

A recent bash bug would beg to differ with you. Not a virus per se but an exploit much like what windows systems often have.

If the tables were turned OS X and Linux would very much have similar issues to what Windows is having. Can't say if it would be as prevalent or more since that's not the case. The simple fact is people try to hack the most commonly used software. There's no or little money in hacking Linux builds (plus there are lots of them) or hacking os x.

It's been proven at hacker conferences over the years that os x is easiest to hack, then Linux then windows. I attribute that less to security of the os and more to necessity based on use.

Can you tell me where I can find more information on these hacker conferences?

 

[saratoga172]

Here's the event I was referring to above.
http://www.dailytech.com/Apples+OS+X+is+First+OS+to+be+Hacked+at+This+Years+Pwn2Own/article21097.htm

There are a few different conferences each year. I think the pwn2own is the most common for os level and mobile device exploits.

 

[Skaendo]

Here's the event I was referring to above.
http://www.dailytech.com/Apples+OS+X+is+First+OS+to+be+Hacked+at+This+Years+Pwn2Own/article21097.htm

There are a few different conferences each year. I think the pwn2own is the most common for os level and mobile device exploits.

I dont know anything about Apple products or their Unix system. Does the system have a root acct. and user accts. as with a linux OS? Or does the user acct act like a admin acct like most Windows users tend to set theirs up.

Pwn2Own is a HP event. Hilarious.
What they dont tell you is that these 'hackers' are working for a year finding a hole and then setting things up so that they can show you that he 'hacked a MacBook in 5 seconds'.

These are not true hackers. More like script kiddies.

I also didn't see anywhere anything about hacking into a Linux system.

 

[sweenish]

I dont know anything about Apple products or their Unix system. Does the system have a root acct. and user accts. as with a linux OS? Or does the user acct act like a admin acct like most Windows users tend to set theirs up.

Pwn2Own is a HP event. Hilarious.
What they dont tell you is that these 'hackers' are working for a year finding a hole and then setting things up so that they can show you that he 'hacked a MacBook in 5 seconds'.

These are not true hackers. More like script kiddies.

I also didn't see anywhere anything about hacking into a Linux system.

No, you're just ignorant to how these conferences work. Hint: they're almost all like that.

 

[Skaendo]

No, you're just ignorant to how these conferences work. Hint: they're almost all like that.

I also didn't see anywhere anything about hacking into a Linux system.
http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/
http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/

2 vulnerabilities were against Google Chrome
2 vulnerabilities were against Internet Explorer
1 vulnerabilities was against Apple Safari
4 vulnerabilities were against Mozilla Firefox (wow, even I thought this was safer than IE, thank god I don't use it)
2 vulnerabilities were against Adobe Flash
1 vulnerabilities was against Adobe Reader

While some of these apps are available to Linux users most use alternatives, most of these are Windows apps.
These are also the apps most used to exploit.

From Pwn2Own Site:
The largest single prize not awarded was the $150,000 for successful demonstration of the grand-prize Exploit Unicorn, a triple-play puzzle specifically designed to provide the greatest challenge for researchers. Though no entrants made that attempt, the record-setting number of entrants and the diverse and creative approaches taken to crafting attacks made this a Pwn2Own for the ages.

A real hacker would have attempted and succeeded.

Edit that, No real hacker would go to this 'Show'.

 

[kiriki]

I also didn't see anywhere anything about hacking into a Linux system.

Chrome, Firefox and Flash can all be installed on Linux. So I don't see how that's not against Linux as well as Windows. Just because the itinerary doesn't actually explicitly say "exploit xyz against Linux kernel 1.2.3.4.5.6" doesn't mean that there's nothing against Linux.

The point is, Linux security is at least helped by the fact that it's obscure.

Think about it as a scenario. Let's say that you are writing some software that seeks to make money by doing something illegal to people's computers. For simplicity's sake, let's say that you have the same chance of nailing any given computer regardless of which OS it runs. Simply by looking at market share and with the goal of making money, it makes no sense for you to try for Linux computers.

So if very few people tries for Linux systems... you would naturally expect that there will be little to no known or well publicized exploits.

No real hacker would go to this 'Show'

It's a conference. An event where people within a specific industry gather to talk about new developments, exchange ideas, network, etc. I don't suppose you've heard of the term "white-hat"?

Skaendo, I'm getting the impression that you care less about how the differences in OS stack up against each other and more about how awesome you are for using Linux on your main machine. I really hope that isn't the case. Please prove me wrong.

 

[Skaendo]

Chrome, Firefox and Flash can all be installed on Linux.

Said that in post directly above yours, did you not read it all, or just what you wanted to?

So I don't see how that's not against Linux as well as Windows

Again I refer you to my post directly above yours when I said: "While some of these apps are available to Linux users most use alternatives"

And none are installed with the OS (Debian at least)

It's a conference. An event where people within a specific industry gather to talk about new developments, exchange ideas, network, etc. I don't suppose you've heard of the term "white-hat"?

It's a show put on by HP. Not a show for you and me, for themselves to say look how cool I am.
How many HP applications were tested? Kind of one sided too.

I have never heard of a conference with 8 'contestants' in competitions.

http://www.pwn2own.com/2014/03/pwn2own-2014-lineup/

 

[Skaendo]

Pwn2Own 2014: Rules and Unicorns

http://www.pwn2own.com/2014/01/pwn2own-2014-rules-unicorns/


The 2014 targets are:
Browsers:

• Google Chrome on Windows 8.1 x64: $100,000
• Microsoft Internet Explorer 11 on Windows 8.1 x64: $100,000
• Mozilla Firefox on Windows 8.1 x64: $50,000
• Apple Safari on OS X Mavericks: $65,000

Plug-ins:

• Adobe Reader running in Internet Explorer 11 on Windows 8.1 x64: $75,000
• Adobe Flash running in Internet Explorer 11 on Windows 8.1 x64: $75,000
• Oracle Java running in Internet Explorer 11 on Windows 8.1 x64 (requires click-through bypass): $30,000

“Exploit Unicorn” Grand Prize:

• SYSTEM-level code execution on Windows 8.1 x64 on Internet Explorer 11 x64 with EMET (Enhanced Mitigation Experience Toolkit) bypass: $150,000*

 

[kiriki]

It's a show put on by HP.

Seems we're both suffering from the same lack-of-reading syndrome. The about page clearly states that it's a contest that takes place at a security conference. If you do some additional reading, you can find additional info on registration. They obviously will be vetting people that want to sign up. So, no, this contest isn't for you and me. However the reason why it isn't for you and me is because we aren't in the software security industry (although.... if you are very good at this stuff, are you entering to win some nice cash?).

Also, what's wrong with HP putting on a contest that gets them good PR and helps out the industry some? You can't tell me that there is absolutely zero benefit to the industry as a whole. That's why corporations sponsor contests / events / charities to begin with! They get good PR for some money.

Lastly, please answer the point about security relying on Linux not having a large enough user base to be worth trying a widespread attack.

 

[escrow4]

What I like about Windows is that I don't have to go dig thru forums for command lines to do even very simple things. Or have to deal with dependencies whatsoever.

That said, OSX is the best desktop operating system right now. Elegant, easy to use, with the best user interfaces even for 3rd party software (developers actually taking the time to make them look and work native rather than the cornucopia of different styles on Windows). Takes a bit of work getting it running on the PC though.

3rd party software quality is the biggest difference between the three. If OSX is more user oriented, Windows software is more often than not "built by engineers" (no eye for ease of use - as long as all the feature checkboxes are ticked) and Linux software is "built by engineers for engineers" (downright ugly user interfaces with many features just missing "because you can just change it from the config files").

None are perfect - Windows has that awful program installation procedure and old version baggage, OSX has poor support for games (and the ones ported usually run worse) and Linux's GUI (no matter which window manager you pick) always seems like a work in progress. Just to name a few, there are many more on each one.

OS X is horrible. It still has no Foobar alternative (STILL), it has nothing remotely similar to DXVA (OS X as a HTPC - ????), Itunes is a massive bloated ad pig that still doesn't support folders by directory view as you have organized them, you are tied until death to Apple's overpriced locked down ecosystem - shall I go on?

Apple OS X:

http://macperformanceguide.com/AppleCoreRot-intro.html

http://www.extremetech.com/computing/147105-is-the-core-of-apples-os-x-rotting-from-within

Windows is not only functional it actually works. Period.

 

[Skaendo]

Lastly, please answer the point about security relying on Linux not having a large enough user base to be worth trying a widespread attack

Might be so, but security issues in Linux are generally found and addressed faster. Also Linux is harder to actually attack due to lack of root access while running as normal user, Windows users tend to set up their account as administrator giving access to more resources to applications that they normally wouldn't have.

Thought this was interesting to read. Hmmmm, malware on a *nix system? Oh, it's BSD/Unix (Mac), Old News.
http://www.extremetech.com/computing/125019-mac-botnet-grows-to-600000-274-of-them-in-cupertino

 

[oynaz]

If linux had the gaming support I'd like it more.

A very valid point. A reason that MS should take SteamOS seriously.

 

[BD2003]

Might be so, but security issues in Linux are generally found and addressed faster. Also Linux is harder to actually attack due to lack of root access while running as normal user, Windows users tend to set up their account as administrator giving access to more resources to applications that they normally wouldn't have.

Thought this was interesting to read. Hmmmm, malware on a *nix system? Oh, it's BSD/Unix (Mac), Old News.
http://www.extremetech.com/computing/125019-mac-botnet-grows-to-600000-274-of-them-in-cupertino

This hasnt been a problem since vista introduced UAC.

 

[Demo24]

I've never run out of room updating Debian, installing other misc crap on Debian, yes, yes I have run out of room. To be fair I have 50GB partitioned off for OS on a 250GB 2.5". The other is not my Home partition, but a NTFS partition with all my files on it.

Not plain Debian, but Ubuntu I have, and frequently. The reason being that it sets up way to damn small of a /boot partition, and then does an absolutely horrible job of cleaning up anything from routine updates. So every so often you have to run an apt-get autoremove and autoclean. Course, that doesn't really clean up /boot 90% of the time, so you have to go in there and manually figure out what kernel related packages to purge. If you either a)don't have a specific /boot partition or b) have a very large one, you'll end up with gigs and gigs of unnecessary update files hanging around.

Hard to say.

It is a lot harder to hack a *nix system. Not that it cant be done. But there has never been a widespread hack, virus etc on linux ever like is common on Windows.

I think you are thinking back to the original XP days, that hasn't been common since Vista (or really SP2 in XP). Mainly because Microsoft throws their software into sandbox testers (I forget the term right now) and finds a lot vulnerabilities not easily discovered by the original coders. A lot of servers on the Internet run on Linux, and if you think that all these data breaches are just from companies running Windows servers you'd be mistaken. It's not hard at all to setup a Linux box improperly and leave yourself wide open.

--

To me Linux's place is on the server. Run it with or without a GUI and either deal with community support or get behind Redhat which has been doing quite a lot of work to get it more compatible and easy to just 'use'. On the desktop....that's another story. I've used Linux for years as a primary on my laptop in college, and then primary on my desktop at work. Every single time something about it just pisses me off. Something doesn't work, something breaks, it has annoying incompatibilities, or the most stupid error messages 'Ubuntu has detected a problem!' and I rarely figure out what they mean. I had a pretty standard setup, i7, 16gb ram, Intel video, and a SSD. Doing an update, which happens every damn day, frequently meant that if I rebooted the video wouldn't load and it would throw me into recovery mode or the command line. Nothing I did would ever fix that, so I just stopped rebooting until necessary. Oh, not to forget that Ubuntu only has Trim support on a few select SSDs...really? It's 2014, they've been out for a long time now. Or the GUI, which subsystem has needed to be rebuilt (and yet hasn't) for a decade now.

I got so fed up with the stupid little crap that Linux would keep throwing at me I switched back to Windows 8.1 for my primary at work. Thus far, absolutely 0 problems, everything works like it should, and I can get work done without dealing with the problems of my PC first. Plus, it's been faster than Linux was.

On the server I get using the command line for a lot of things, I still find it annoying but it works. On the desktop, I despise having to drop into command line regularly just to do basic things. Why they still haven't figured out how to easily install things is beyond me (yes yes, rpm's are nice buy only on fedora based, and don't even bother with Ubuntu's 'software center' it only has a few random things in it), and even after years of experience with it the file structure still confuses me. I've rarely an idea of where things install what.

Basically, Linux just ends up annoying me. It's free and all, which I guess you get what you pay for. With Windows at least I know it will work, and I've paid Microsoft for that ability and the support it brings as well.

 

[dave_the_nerd]

Video games and MS Office.

/endthread

 

[Eric1987]

If you're a gamer is there a reason to use Linux? I can't find one even though I love Linux.

 

[BD2003]

If you're a gamer is there a reason to use Linux? I can't find one even though I love Linux.

SteamOS might change that.

 

[kmmatney]

Might be so, but security issues in Linux are generally found and addressed faster. Also Linux is harder to actually attack due to lack of root access while running as normal user, Windows users tend to set up their account as administrator giving access to more resources to applications that they normally wouldn't have.

Thought this was interesting to read. Hmmmm, malware on a *nix system? Oh, it's BSD/Unix (Mac), Old News.
http://www.extremetech.com/computing/125019-mac-botnet-grows-to-600000-274-of-them-in-cupertino

I think that is what prevents me from using Linux. I started using computers in the DOS, and have always had full control of everything. I really can't imagine ever using a computer with being an administrator. I wouldn't let our IT guy touch my work computer either - I'm an automation engineer/programmer and need low level access to the hardware. I only keep a normal user account to test that some of my software (other programs that don't control hardware) work on it. I don't really get the whole non-root access with Linux, and that maybe why I stumble with it.

Normal users just don't always work that well in Windows. I tried setting up my son's computer so he was a normal user. This was so I could setup hours he could log in. However several games (Spore, Skyrim and Oblivion) wouldn't run properly form a Normal account, and I ended up having to make him an admin user. Everything else worked OK, it was mainly games that had issues.

 

[ControlD]

SteamOS might change that.

Yep, and I have really been seriously thinking about building a Steam box recently. I hope it gains some traction.

 

[Eric1987]

SteamOS might change that.

It needs to support all the main games that come out not a select few. If it had that I would never look at windows again.

 

[Skaendo]

Yet another victim, or should I say 76 million victims. JPMorgan's system has been breached. What OS do they use?

 

[ControlD]

Yet another victim, or should I say 76 million victims. JPMorgan's system has been breached. What OS do they use?

Does it matter what OS JP Morgan is using in this case? The system was compromised by an employee handing over their username and password in a phishing scam. I don't think any OS is going to protect you against that.

I think a lot of these data breaches are the result of such attacks.