In comp.os.linux.advocacy, nessuno@xxxxxxxxxxxxxxxxxxx
on 7 Aug 2006 02:53:23 -0700
> Microsoft would like people to believe that their cheap and widely
> available OS made the expansion of the internet after, say, 1995,
> possible. It's part of their Microsoft=computers campaign. What
> would have happened if there had been no Microsoft (only Apple, say)?
> But let's not engage in historical what-ifs, since nothing can be
> proved. Let's just look at the facts. It's true that both the web and
> Windows usage have grown in the last 10 years. Microsoft was late in
> appreciating the importance of the web, but they did use brilliant
> marketing plus an assortment of dirty tricks and misinformation to
> defeat competitors with technically superior products.
Grammar alert: I'm assuming you meant here
'defeat competitors which had technically superior products to Windows'
as opposed to
'defeat competitors using technically superior Windows products'.
Of course this has happened before; IMO Amiga had an excellent product
at one point, but it got blown away by a combination of poor marketing
on Commodore's part and far better marketing on IBM's part -- plus the
Microsoft spent millions developing IE and almost wiped Netscape out
(they had to mutate to Mozilla) by giving IE away for free.
I for one hope Linux is the exception here. At the moment, it's
> Those products
> were superior not only in ease-of-use (Apple) but also in security
> (unix). In fact, just as Microsoft missed the boat on the importance
> of the web, they totally missed the importance of security, which had
> long been a fixture of the unix world. And it is a fact that the sorry
> state of the web today is a direct consequence of these decisions of
> Microsoft to ignore security and to push buggy, shoddy
And for them highly profitable.
> software onto
> the market.
> Since we're talking history, allow me to quote Kelsey Bjarnason from a
> 2004 posting to cola:
> Microsoft, however, isn't satisfied with simply having bugs. They have
> raised vulnerability production to an art form. Scripting enabled in
> e-mails, for God's sake. Hiding URL displays. Application, scripts
> the like executable by default. Hidden file extensions. All of this
> designed to make it that much simpler to get exploits to run.
And for example applications sent by Email to run, but as
everyone well knows, the law of unintended consequences
bit *very* hard.
> But hey, that's okay. After all, the OS comes bundled with all the
> secuurity tools you need - AV software, firewalls, intrusion detection
> more, right?
Maybe *now*. Not back then.
> Plus protection of system files, a very strong influence
> have users not run with administrative privileges and the like?
> Linux, BSD and before them Unix have been doing that sort of thing for
> Windows hasn't done it _yet_, apart from finally bundling a
> half-functional firewall... then leaving it disabled by default and
> it at best difficult to find for non-experienced users. Still no AV
> software. Still no intrusion detection tools. Still nothing to deal
> the underlying problem of, in essence, "everything is executable".
> Microsoft had a working example to build on, thanks to Unix. They
> not to. Fine, that's their choice and maybe they could do a better
> Except they haven't.
Actually, they have, though not in the security realm. They've done
very well in the actual financials, which indicates that their OS
is well entrenched. (They have better margins than Exxon-Mobil,
I have no idea what this tells me, but I doubt it's good...
> They've known about the virus problem since
> Windows even existed, although it really started to become a nuisance
> around the time of Windows 3.1. That's better than a _decade_ of
> there's a fundamental risk involved in using their approach... and not
> doing a single thing to resolve it.
> Win95, with all its attendant changes, would have been the perfect time
> to introduce the notion of user versus system accounts and start to
> users awasy from running as admins. They didn't. For the desktop
> it took until Win2K before there was any realistic combination of
> OS and security model... but even there, there's nothing, anywhere,
> setup or runtime, to even hint that running as an administrator is
> dangerous. XP doesn't add it; people still run as admin, blissfully
> unaware of the risks.
> So what else does MS do that's just this side of insane? How about RPC
> and Windows File Sharing, which seem to end up enabled automagically if
> you have networking support - whether you need them or not? Both of
> pose a security risk, both are enabled... and not a firewall or a
> or anything to tell the user "Ya know, this is really, really stupid
> dangerous... go turn on your firewall. And disable these, unless you
> really need them."
> I don't run AV software - I don't need to. I don't worry about scripts
> emails - I don't need to. I don't worry about bogus links in emails or
> web pages which hide the actual URL contents - I don't need to. My OS
> came bundled with firewalls and intrusion detection, it doesn't need AV
> tools primarily because it doesn't assume files are executable just
> because of their name, and so on. This alone avoids the vast majority
> such problems.
And here's what's worse. Windows *may get away with it*. This is not
because of anything Windows is doing, but because of external items.
For example, my DSL system now has a built-in firewall. (It actually
did before the upgrade, so now I actually have *two* -- and that's not
counting Linux's iptables capability.)
> My OS also offers something Windows doesn't: bugfixes. Sure, Linux and
> Linux apps have bugs and vulnerabilities; they get fixed. Most of them
> get fixed in hours or days. Occasionally, one will take as long as
> several months, but that's fairly rare. Windows? Microsoft has
> that the issues in NT *cannot* be fixed. They've admitted that shatter
> *cannot* be fixed in any reasonable time frame. IE bugs - which, in
> several cases, also translate to OE and Outlook and other tool bugs -
> been around weeks, months, without fixes.
> What all this tells me is that Microsoft has absolutley no interest in
Is there profit in it?
> They make a lot of noise about it in regard to Trusted
> Computing... but let's be honest; TC isn't about security,
Ah, but it *is* ... Microsoft's financial security. It will enable
them to take over.
Yeah, that'll go over *real* well.
> it's about
> putting in MS's hands the ability to control what software you're
> to run.
> I couldn't have said it better. Of course, Microsoft *is* interested
> in security these days---it has a lot to do with the delay in Vista.
It's the Noise Of The Month(tm).
> But to say that we should be grateful to Microsoft for making the web
> possible---yucch! I'm with Roy Schestowitz on this, every hour I waste
> cleaning spam emails out of my inbox is a Microsoft tax that I'm forced
> to pay, even though I never use their products.
I'll admit to wondering. Of course, the instigation of the Web may very
well have been someone else -- Mosaic, Spyglass, and CERN. The
Internet, of course, was started by DARPA (now ARPA). Microsoft and IE
became very popular, but were they necessary?
Windows Vista. Because it's time to refresh your hardware. Trust us.