Coffeehouse Thread

36 posts

Security - XP & Longhorn

Back to Forum: Coffeehouse
  • User profile image
    jamie

    lars wrote:

    Exactly what is so bad about SP2, and which rights does it take away?

    /Lars.



    i just find everything about it rude and demanding. Forced reboot - no Cancel - nag every 5 min till you do - no turning it off

    updates that start downloading while your working - saying nothing of what they are doing with no option to stop and hogging alot of resources ( when i have like 80 photos open and frontpage and corel)

    "You are not allowed to run this on your computer it may not be safe" - click bar:  ok - what is not safe?
    Go to "About this error" option - goes to a lame help page - with nothing about whats on the page thats causing the error ie; "SP2 will not let you run the "make this your homepage" script anymore because its javascript and we are sticking it to Sun" Line 23 .

    So you say - OK OK OK OK allow - it says "are you sure cause it can wreck your machine" - it does this everytime with again..NO OPTION to say "Dont bug me about this" - without disabling it entirely

    The big red X in my notification area - because i dont have a virus program installed ( have had like 2 virus's in 10 years) and i cant remove it or again say "I no i dont have a virus program DONT ASK ME THIS AGAIN"

    i could litterally go on about this for a week.

    MS use to be famous for user empowerment - not NO OPTIONS

    in regard to loss of rights - thats all the Fullscreen / kiosk mode they have removed/buggered up so as to make it next to impossible to build your own interface on top of windows - like ie 3,4,5,6 have always allowed. In the name of "security" we now have a status bar - even when its off in XP) and a stupid toolbar at the top like poopy Mozilla does fullscreen

    (* ps - i run sp2 default - non-customised - as a normal unadvanced user would)

  • User profile image
    Charles

    Jamie,

    Your frustrations are certainly understandable. Unfortunately, the Internet connected world is not a very friendly place and you can bet people are out to get onto your system and take advantage of you every single time you connect to the Internet. Sasser is is just one of several examples of bad people doing bad things.

    Operating systems need to account for this dark side of the Internet. This means, as an operating system company, we need to make it really hard for hackers to exploit you (this includes making it hard for them to successfully get you with social engineering hacks).

    Of course, the unexpected and sometimes frustrating things you are experiencing in UI are but a fraction of what was done to protect your system at the core level. Much of what has changed is not visible to you in the shell.

    We've made the bet that making it hard for users to make themselves vulnerable to attack is the right thing to do even if one of the consequences of this is an increase in "annoying" warning and information dialogs and changes in default behaviors.

    We really don't want people getting on to your system and doing bad things to you. Certainly, an OS can't protect against you installing some evil program, but it can warn you about the potential consequences of doing this. But that's just one part of the equation. With SP2 your system will be secure by default and the bad people out there who want to take advantage of you will have a very, very hard time finding holes to exploit. That's the basic goal.   

    Charles

  • User profile image
    GooberDLX

    Why not.. change their wallpaper, screensaver and default internet explorer home to some "hacked" page that says something like...

    "This is your computer, this is your computer being hacked" .. it sorta worked for the drug arena! Wink

    Also.. send a page to their printer and a popup saying the same thing when they log in..

    Possibly not even let them log in and say that their password has changed, possibly by a hacker.

    hehehe

    Jake

  • User profile image
    Steve411



      Thing is, you say that like your blaming the home users that haven't patched... I think if people are not patching that means you haven't done your job.



     
    NO, not really, you see.
      It is the users fault, they have to get their lazy butt up and download the patch if they do not have autoupdate enabled. They make a mistake like that and they blame Microsoft for it, it makes no sense at all.. 
       That also is a matter of security..
      You want more free stuff as based on security?
      I would not even think about that, if they leave the security to you, i bet that your computer would go dead in a few seconds, there are lots of ppl out there who are just waiting to get in and mess you up for good. Microsofts response to that is to block those people as much as possible, so that they would NOT GET BLAMED FOR YOUR MISTAKES! AND YOU ARE WRONG ABOUT SP2! YOU JUST WAIT TILL IT COMES OUT! YOU WILL BE GLAD THAT YOU HAVE IT! Since most attacks come from online webpage scripts, such as ASP, and install 'secretly,' it gives you a GREATER CHANCE OF LOOSING DATA! MICROSOFT RESPONSE TO THAT IS ADD A 'SCRIPT BLOCKER' TO SP2! THEREFORE PROMPTING YOU IF YOU DO OR IF YOU DO NOT WISH TO ALLOW SCRIPTS TO ON THE PAGE! With the little information bar at the top of the window.
      Security to you may not matter, but that is only one person, just think for a second dude, if Microsoft did not increase its security to greater limits, then everyone could have access to your computer, and to business computers as well, and they would ALWAYS TAKE THE BLAME FOR IT!
      You say that you do not need security, and that you can manage without it, well, guess what, i'am one of those people who say that you ARE WRONG!
       Your bro in Christ, 
     /Steve
      Think about it!

  • User profile image
    Steve411


       I think that, with a full retail price of $300.00 (U.S.) for WinXP, each registered user of an operating system should receive a annual replacement disk with a fully updated version (all patches, SP's and updates), Until a more current operating system is released. You could drop it in and be offered the option of updating or boot from it for a full regular install. OEM's could be responsible for part of the cost.
     


    Then how do you expect microsoft to get money for further copies of XP? As well as for further projects.....

  • User profile image
    Steve411


       I think that, with a full retail price of $300.00 (U.S.) for WinXP, each registered user of an operating system should receive a annual replacement disk with a fully updated version (all patches, SP's and updates), Until a more current operating system is released. You could drop it in and be offered the option of updating or boot from it for a full regular install. OEM's could be responsible for part of the cost.
     


    Then how do you expect microsoft to get money for further copies of XP? As well as for further projects.....

  • User profile image
    Shining Arcanine

    lostdude wrote:
    I think that, with a full retail price of $300.00 (U.S.) for WinXP, each registered user of an operating system should receive a annual replacement disk with a fully updated version (all patches, SP's and updates), Until a more current operating system is released. You could drop it in and be offered the option of updating or boot from it for a full regular install. OEM's could be responsible for part of the cost.


    That is called slipstreaming. It can be done but isn't as easy as it could be. Maybe Microsoft could make it easier to create a slipstreamed disk, that would be easier than creating them itself and then handling the task of distribution.

    Steve411 wrote:
    Then how do you expect microsoft to get money for further copies of XP? As well as for further projects.....


    Maybe my suggestion might be more feasible.

  • User profile image
    Steve411

    Shining Arcanine wrote:

     
    Shining Arcanine wrote:

    That is called slipstreaming. It can be done but isn't as easy as it could be. Maybe Microsoft could make it easier to create a slipstreamed disk, that would be easier than creating them itself and then handling the task of distribution.



     I'v slipstreamed SP1 before, got to go through all of the 'create this directory create that directory begin from run, blah blah blah..
       MS Should make some sort of software that does that all in one function..

  • User profile image
    eddwo

    I really want a slipstreamed install disc as well. With things like blaster and sasser out there it won't be safe to do a vanilla XP install and then go online to download the updates to SP2 level.
    It'd be cool if you could take your retail copy of XP back to a store and they would replace it with an updated version. If you've got an official hologramed disc its pretty obvious that you've actually paid for it.




  • User profile image
    surferdude

    We've made the bet that making it hard for users to make themselves vulnerable to attack is the right thing to do...

    Excellent. Wonderful. Thank you! Smart!!! 99.999999% of the users out there are far from power users for sure! This is your core market and the source of the problem!!!

    - surferdude

  • User profile image
    jamie

    none of you get the point...

    yes - all idiots - run sp2

    if your a developer - its a nightmare

    yell at me all you want

  • User profile image
    Charles

    Back to the original question, what are we doing in terms of security for Longhorn.  

    Here's a quote from Jim Allchin. He runs the Windows division and is directly responsible for the success or failure of our operating systems. You better believe he is serious about security which means Windows will just get more and more secure with each iteration as well as more and more stable and reliable. To me, those three factors are among the most important aspects of any good operating system.

    Security. Stability. Reliability.


    "The one thing about Longhorn is that the quality is going to be there. Security is going to be addressed. We have done a very good job with Windows XP SP2, and we are redoubling, tripling, our efforts to ensure that the quality base is beyond anything we've ever done." -Jim Allchin


    Charles

  • User profile image
    jonathanh

    jamie wrote:
    none of you get the point...

    yes - all idiots - run sp2

    if your a developer - its a nightmare

    yell at me all you want


    As far as I can tell, we knew that the various security lockdowns in SP2 would cause pain to developers, and we've been pretty upfront about, releasing documents showing what the changes would be (the latest is a bunch of code and demos).  But where security is concerned there's really no way to keep BOTH developers AND customers happy, and right now it's pretty clear that customers have to come 1st.

  • User profile image
    jonathanh

    As a followup, we spent part of today tracking down why one of our demos had stopped working.  Yup, it was caused by an SP2 security lockdown.  So we do feel your pain.

    But don't worry, it was easy to fix and the demo will be ready for a TechEd keynote Smiley

  • User profile image
    jamie

    haha - cut to crowded conference hall ... and a box popping up every 5 minutes through the presentation "You need to reboot now!"  cancel...    5 min later ... "You need to reboot now!"  cancel ... 5 minutes later...  you get the picture

  • User profile image
    jonathanh

    Oh great, now you're giving me nightmares!

    Smiley

  • User profile image
    Charles

    Jamie is referring to the auto update reminder that aggressively reminds users to reboot a system that requires a reboot after installation of a patch or new feature via Windows Update (which is the service auto update uses too).

    It would be great to never have to reboot again, but that's not gonna come for a while. We're working on it...

    In SP2 Auto Update does a MUCH better job of figuring out if a reboot will be needed after update installation. Thing is, this is a really hard problem. See, when you are prompted to reboot it is generally due to some dll that needs to be upgraded being locked by another process ( or some exe that is running that needs to be upgraded(replaced) )when the installation of the patch is happening.
     
    Sometimes people forget to reboot. This means their systems are not patched, for example.

    We want to make it hard for you to do things that will make your system vulnerable to attack (like forgetting to reboot a machine that ran a reboot-required critical security update installation).


    Thanks for the feedback.
     

    Charles

  • User profile image
    sbc

    Perhaps dll's should work like they do in ASP.NET - when you update a file, it is replaces the already existing one in the cache when it has finished doing it's task.

    Also what would be good is when a program wishes to load a dll that needs to be replaced, it instead uses the new version that is to replace it. That way, when programs have finished with the file it is replaced.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.