Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Discussions

William Kempf wkempf
  • Symantec says 'Windows is most secure OS'

    OK, now you're at least trying, no matter how unsuccessfully, to argue technical points.  That's a step in the right direction, but so far you're proving nothing but that you don't know what you're talking about.

    Windows has the concept of an "excutable bit".  On 2K3 machines, for instance, when you download an executable and attempt to run it, you'll get a security dialog preventing it from running unless you tell it to (and which point you can permenantly set the bit).  I'm pretty sure Vista is the same.  So, you're ignorant about Windows.  You're just parroting what you've heard.

    Then on the Linux front, you're also parroting what you've heard.  Hardened linux systems, and Ubuntu might be one of these, may act as you describe, but most distros do not.  And I'd argue that such a distro isn't really usable as a desktop, any way.  An end user wants to be able to make choices about what they run and what they don't, and do so easily.  Warning them that they are doing something potentially dangerous is a good thing.  It gives them the knowledge to make an informed choice.  But making them only run "approved" and signed applications, or to dig down into the internals of the OS in order to bypass the security, is simply going too far with no added benefit.  It's like MS's activation schemes meant to stop pirates.  It doesn't stop the pirates (or the clueless user), it only makes the legitimate (or informed) user pay a heavy price.

    People are giving UAC a bad rap, but what you describe is 1000 times worse.

  • Symantec says 'Windows is most secure OS'

    Refrax wrote:
    
    AndyC wrote: 
    sirhomer wrote: 
    There is no possible vectors for executable code to enter a machine if you use a gpg'ed package manager to install software..


    chmod +x <insert filename>


    i like this one better
    http://www.crn.com/security/198001305


    I hate drive by postings.  You leave us having to make assumptions about what your point is.  In this case, if it was to show that there's vulnerabilities in BSD, I'd have to point out this is only the second vulnerability found in the last decade.  That's a darn nice track record, even if their market share is small enough for them to not be a target.

  • Since we have so many Linux users in here: a nice converstion

    sirhomer wrote:
    
    wkempf wrote: 
    corona_coder wrote: People here dont run Linux.  They think of it as a toy.  Serious Linux users dont come to Channel 9.  No serious computer scientist uses Windows.


    Interesting.  I've been using Linux for nearly 10 years now.  I do development on Linux boxes.  I've a CS degree and am very serious about applying it.  Yet my preferred platform is Windows.


    I find that a little scary.  But whatever floats your boat.


    What's scary about it?

    I appreciate the power and flexibility of a *nix system.  But they simply are not user friendly.  I could go on for days explaining why, but Linux zealots won't agree and won't argue intelligently about the point.  So, for "fun", I'll dig deep into a Linux box (I'm a total geek, so learning this stuff is fun for me), but when it comes to day to day usage I'd really rather be able to just get the job done.  That counts *nix out, sorry.

    Back on the originally topic:

    I first used RedHat, way back when.  Hated it.  Completely.  Then I switch to Mandrake for a while (that gives you an idea of the time frame), because it was a fairly easy system to get up and running.  However, frustrations with package management drove me away.  DLL hell has nothing on RPM hell.  I then switched to Gentoo.  If you want to learn the ins and outs of Linux, there aren't many distros that are better.  Slackware would get your hands even dirtier, but portage was too nice of a package manager for me to not prefer Gentoo.  However, I later found myself wanting to "just get things done", which for me meant installing new packages, which despite the very flexible and nice interface of portage, was still too time consuming in Gentoo because all packages are source packages.  (Yes, I know there are binary packages for Gentoo, but no one uses them, for a reason.)

    Last distro I used was SUSE.  I liked most things about SUSE.  It really did make many things easy to do.  However, for me there were still two issues.  First, a lot of the services I run didn't have management consoles in YAST (putting make in the drudgery of fighting config files) unless you were running the enterprise version, which I couldn't justify the cost of.  Second, and a bit more important, I wound up back in package management hell.  I wanted to run packages that weren't in the main distribution, but were available in the numerous public contrib repositories advertised by the SUSE web sites.  Shouldn't have been a big deal, then, right?  Wrong.  I'd find that package A from one contrib site would conflict with package B from another, and eventually even the supported packages would have broken dependencies.  All just from using Yast and advertised repositories.

    I plan to try Ubuntu at some point, but I've been too busy this past year.  I'm also planning to give one of the BSDs a whirl.  If nothing else, I'm hoping the user community there will be more intelligent.  I can do with out the Beers of the world, and I've had to deal with a lot of them over the years while using Linux.  And before said trolls attack me here... I belonged to a LUG for nearly 3 years, developed cross platform software using Linux, and probably know the system better than most of the trolls that would be here.  So don't bother.

  • Since we have so many Linux users in here: a nice converstion

    corona_coder wrote:
    People here dont run Linux.  They think of it as a toy.  Serious Linux users dont come to Channel 9.  No serious computer scientist uses Windows.


    Interesting.  I've been using Linux for nearly 10 years now.  I do development on Linux boxes.  I've a CS degree and am very serious about applying it.  Yet my preferred platform is Windows.

    Now, do you want to stick to facts, or do you want to continue being political.  Continue being political, and you'll find yourself banned.

    I really hate trolls with out a brain.

  • Symantec says 'Windows is most secure OS'

    sirhomer wrote:
    
    wkempf wrote: Oh, and I've known a lot of Linux boxen that have been taken over by hackers, further proving this to be a non-fact.


    Bahahahahaha.  I love how everyone keeps condemning me "for not backing up my points" and then throw their two cents in somewhere.


    Other's have pointed out how the comparison is weak.  Me, I'd just like to point out that you totally failed to address any of the points in my post.  So, I assume you admit you've failed to provide any facts?

    See, I'm not going to let you divert the topic.

  • Symantec says 'Windows is most secure OS'

    sirhomer wrote:
    
    Fine you want simple facts? There are no major viruses for Unix operating systems in the wild.


    Logical fallacy known as "Argument from ignorance" (http://en.wikipedia.org/wiki/Argument_from_ignorance).  So even if we believed this "fact", it wouldn't help your case.

    sirhomer wrote:
     
    There is no spyware.


    See above.

    sirhomer wrote:

    In most distrubtions, no one runs as root.


    Hmm... you can't prove this.  What you could say is that by default most distributions install with non-root accounts for users.  Nothing stops anyone from running as root, however, and in fact the message boards are full of posts from users who run as root.  I'll admit that I believe "most" users don't do this, but that's not "no one" and I don't have evidence proving this assumption.  So, you fail on providing facts here.  Not to mention, this is now true for Vista, though Vista goes further with UAC.  So even if this were a fact, it would be a pointless one.

    sirhomer wrote:

    There is no open ports in most distros.


    Really?  I've yet to run a distro (granted the last one I ran was a year ago) that installed a firewall by default.  After all, which firewall do you wish to run?  In any event, this isn't much different from Windows, so again, pointless.

    sirhomer wrote:

    Even in server distros, ssh is normally disabled for root.


    Great!  Of course this is true for Windows as well (assuming remote desktop instead of ssh).  In fact, it's disabled for non-Administrators as well.  So, again, pointless.

    sirhomer wrote:

    There is no possible vectors for executable code to enter a machine if you use a gpg'ed package manager to install software.. making completely impossible to compromise a system in ways which is typically used to compromise a Windows system.


    Interesting claim, that's totally false.  If there are "no possible vectors for executable code to enter a machine" then there are a lot of admins wasting their time with SNORT and other intrusion detection systems.  Oh, and I've known a lot of Linux boxen that have been taken over by hackers, further proving this to be a non-fact.

    Now, do you care to back up your claims with FACTS, rather than talking points?

  • Salary Discussions in Public

    ScanIAm wrote:
    

    Then, at what salary level does it stop becomming rude?  It seems ok to discuss the salaries of top executives, musicians, etc.  Why is this not just as reasonable in the arena of regular people?

    I'm aware that it is considered rude, but it makes no sense that this is the case.  We are (mostly) a capitalistic society (and where we aren't, people still want money).  Is it because we don't want the less fortunate to know how much we make?  Or is it that we are embarassed of how little we make? 

    And, it's nothing like sex, because if I got a good deal on a car, telling you that I paid less for a car is normal.  If I got a good deal on a date, telling you I paid less is crass.


    It never stops being rude, actually.  Some public figures make their "salary" known for various reasons, or they are outed by the media (said media is crass about a lot more than people's salaries... just look at all the tabloid esque stories about Brittney Spears lately).  But in general, even millionaires don't discuss their worth, and asking them will get you thrown out on the street rather quickly.

  • Salary Discussions in Public

    ScanIAm wrote:
    

    But this idea has bled into society to the point that asking someone how much money they make is considered rude.  It's considered normal to drive a big car or own a big house if you wish to display your wealth in a vulgar way.  If, however, you walk around town shouting "I made $104,000 last year" you are somehow breaking a social taboo.



    There is a huge difference between me deciding to tell someone how much I make, whether it be verbally or by driving a big car, and with someone asking me how much I make.

    Why is it rude to ask or even speculate?  Because it's none of your damn business unless I offer the information.  It's no different than asking me who I've had sex with.  It has NOTHING to do with corporate practices of trying to get "the best value for their dollar" when it comes to wages.

  • Vista Security : This can't be true.

    MrJay wrote:
    
    AndyC wrote: Program Files isn't meant to be user modified, that is the whole point. Applications that have to keep modifying it are broken, simple as  that (and no Explorer doesn't prompt you under normal usage).

    Yes but when logged in as an Administrator, I should not be prompted regarding these issues.  When I modify files in /etc while logged into a Linux system as root, I don't take any grief do I (excluding of course SELinux)?

    UAC has effectively removed the Administrator level of privilege from Winodws.  Everything now requires use of a second-guessing approval system.  It doesn't take long for this to get really old really fast.


    The added level of security even for an Administrator, is IMHO a good thing.  Read a Linux forum and you'll very frequently see people being chastised for running as root, and that's in an OS that assumes a level of knowledge for normal usage that's beyond the majority of Windows users.

    And it's fairly trivial in Vista to achieve the same level of control as proper usage in Linux gives you: i.e. I'm prompted only once when I move into "root mode" where I can then do everything I want.  For instance, your example with copying a directory into Program Files, while a bad example because you're doing something you shouldn't be doing even as an Administrator, can be easily achieved with one UAC prompt.  Use runas to run explorer as an Administrator.  There, you can now do what ever you want to the file structure and it required a single UAC prompt.  Instead of complaining, learn to use the tool first.  Then if you still have complaints we can intelligently discuss the topic.

    In my day-to-day usage of Vista, I'm rarely presented a UAC prompt, and in every case in which I am, I'm glad the prompt is there.  If you're experience is different, the first thing you should do is ask yourself why, before complaining.

  • Vista Security : This can't be true.

    JasonOlson wrote:
    
    Rossj wrote: 
    AndyC wrote: The problem of "too much prompting" is not UAC though, it's the whole slew of apps on Windows that require admin rights when they shouldn't.


    Create a new folder in program files, rename it - you have the uac prompt twice.  Not a very common occurrence I'll grant you but annoying none-the-less and nothing to do with third-party apps.


    I honestly wish that UAC would behave at the session level. For instance, if I have windows explorer open and it needs to elevate, prompt me once and then for the rest of the session it is elevated (isn't this the way that sudo behaves?).


    No, it's not.  And it's a terrible idea.  I don't log out often enough for such a scheme to be "secure".

    UAC works just great.  We just need to get the applications to run properly under UAC.