Glass panels: what OS?

In article , C J Campbell wrote:
Fine, if you have a huge corporation that can afford a bunch of well-paid
admins. Your argument is beginning to sound an awful lot like you don't
think most people should have computers and that you think that the general
public is a menace.

No, I think Windows as it currently stands is unsuitable for the general
public. Windows as it stands is fine in an environment where a corporate
admin can look after the network. It's not the users fault, it's the
fault of Microsoft because the configuration is insecure by default.

Windows as it stands should have at
least the software firewall on *by default* and almost all services
(most services which home users will never use) *off* by default.
Finally, MS has decided to listen and will have the firewall on by
default in Service Pack 2. Security researchers have been saying this
for *years*, and only now is it being done.

In this instance, Windows 98 is better than Windows XP. The real
problems didn't start happening until XP came out. Windows XP was a
retrograde step for home users on the internet - it just allowed them to
be 0wn3d because of all the additional potentially exploitable (and as
it happens, actually exploitable) services that were running.

It's not a problem with the users. It's entirely a problem with Windows.
The users are essentially decieved - it's a nice easy to set up system,
but they've been tricked into having a system that claims to be easy to
use and maintain, but really requires an expert system administrator to
make secure.

That isn't the fault of Windows.

But it IS the fault of Windows. Having a number of insecure services
turned on by default which the vast majority of home users will *never*
use on a network is purely the fault of Microsoft. The PC manufacturers
also have some responsibility to bear - they could have at least thought
about it and set up a reasonably secure disk image when they duplicated
the hard disk loads for their PCs.

In any case, the Macintosh has been easy to set up since the 1980s
(including setting up a Mac LAN) so ease-of-use is hardly a Microsoft
innovation. It's just a pity that the hardware platform wasn't open.

might start asking yourself what would happen if you really got your way.
Maybe you are a bigger threat than the public you despise.

Gosh, you're reading an awful lot into my post that I didn't write. I
don't think I've seen a non-sequitur like that since Lord Tebbit managed
to turn a radio interview on obesity into how the Government was
encouraging buggery!

--
Dylan Smith, Castletown, Isle of Man
Flying: http://www.dylansmith.net
Frontier Elite Universe: http://www.alioth.net
"Maintain thine airspeed, lest the ground come up and smite thee"

"Dylan Smith" wrote in message
...
[...]
Finally, MS has decided to listen and will have the firewall on by
default in Service Pack 2.

Yes, they have. And it will cost them a lot of money, because now every
user that winds up wanting to do something that the firewall won't allow by
default (because it locks down the system by default) will cost Microsoft
money so that they can have their questions answered because they can't be
bothered to RTFM.

Online gaming will be a big area of support, but there are plenty of other
applications that look like end-user client applications but which wind up
hosting at least one "server" port.

By blaming Microsoft only, you are starting to sound like those rabid
anti-Microsoft people CJ was talking about. Microsoft had genuine economic
motivation to make their operating system easier for dumb people to get
working and it's unreasonable to lay all (or even most) of the blame at
their feet for catering to their audience.

In this instance, Windows 98 is better than Windows XP.

That's like saying "in respect to high-speed crashes, the Ford Model A is
better than the 67' Mustang".

Windows 98 was insecure in plenty of other ways, and since the vast majority
of computer security problems have more to do with social engineering than
software engineering, those insecurities in Win98 more than trump XP's
issues.

As long as you allow a human being access to the operating system, there
will be problems. Windows had a very specific, and very different set of
requirements from any other operating system on the market today, and it
evolved in a very predictable way. Sure, there's room for improvement, but
the blame game doesn't help anyone, and frankly, because the anti-Windows
rhetoric has always been so blatantly religious, with little rational
justification, it's not surprising that tiny nuggets of truth have been
ignored for so long.

I know if I had some zealot in my face all the time about my unholy
lifestyle choices, I probably wouldn't pay much attention to him if he told
me my zipper was down.

Pete

Peter Duniho wrote:

Yes, they have. And it will cost them a lot of money, because now every
user that winds up wanting to do something that the firewall won't allow by
default (because it locks down the system by default) will cost Microsoft
money so that they can have their questions answered because they can't be
bothered to RTFM.

Microsoft charges for user support. They'll *make* money on this deal.

George Patterson
None of us is as dumb as all of us.

"G.R. Patterson III" wrote in message
...
Microsoft charges for user support. They'll *make* money on this deal.

First of all, they only charge for phone support. Secondly, even with the
charge, product support is not a profit center.

I can't tell if your tongue is in cheek, but if not, you're way off base.

Pete

In article , Peter Duniho wrote:
Online gaming will be a big area of support, but there are plenty of other
applications that look like end-user client applications but which wind up
hosting at least one "server" port.

I doubt gaming will be a big area of support - all the games I play
online work through my hardware firewall without the need to open any
ports. If you want to run a game _server_ it will affect you, but most
Internet game servers are on co-located boxes because of the bandwidth
requirements. It will affect LAN parties, but since LAN parties tend to
be hosted by geeks anyway, it won't really be a problem.

There are very few end user applications that need to listen on a port.

By blaming Microsoft only, you are starting to sound like those rabid
anti-Microsoft people CJ was talking about. Microsoft had genuine economic
motivation to make their operating system easier for dumb people to get
working and it's unreasonable to lay all (or even most) of the blame at
their feet for catering to their audience.

I'm not blaming them for catering to their audience, they could have
easily done that without leaving so many services the vast majority of
users don't use open and vulnerable to attack without lessening the
usability of the system. Windows XP Home Edition, out of the box, is
like a poorly-configured *server* and it's supposed to be a home user's
OS.
It's not just Microsoft, it's the PC manufacturers. It often takes them
forever to pre-patch their default load of Windows with the security
updates Microsoft puts out. It wouldn't surprise me if PCs are still
shipping without Service Pack 1. Machines we recently got had SP1 but no
critical patches, which have been out for quite some time.

--
Dylan Smith, Castletown, Isle of Man
Flying: http://www.dylansmith.net
Frontier Elite Universe: http://www.alioth.net
"Maintain thine airspeed, lest the ground come up and smite thee"

"Dylan Smith" wrote in message
...
I doubt gaming will be a big area of support - all the games I play
online work through my hardware firewall without the need to open any
ports. If you want to run a game _server_ it will affect you, but most
Internet game servers are on co-located boxes because of the bandwidth
requirements. It will affect LAN parties, but since LAN parties tend to
be hosted by geeks anyway, it won't really be a problem.

There are very few end user applications that need to listen on a port.

You obviously do not spend a lot of time playing a wide variety of computer
games online.

A number of games on the market today support online, peer-to-peer
multiplayer gameplay. And with every single one, every time someone has a
firewall or NAT router in the mix, there's trouble getting it set up. A few
gamers are also network-savvy, but most are not.

Just as for-example: why don't you go check the Neverwinter Nights forums at
http://www.bioware.com and see whether you think there are "very few" people
playing Neverwinter Nights that don't need to listen on a port or otherwise
figure out their firewall configuration.

It is simply not true that "most Internet game servers are on co-located
boxes". Most Internet game is done peer-to-peer, which means one of the
players is actually the server. To make matters worse, Gamespy (to name a
popular "meeting place" game server, used by Neverwinter Nights as it
happens) uses a variety of ports, and so for a person to host a game there's
not even just a single port they need to configure, there's a whole slew of
them (or slough, if you prefer ).

It's hard enough getting Gamespy (and similar) to work with a NAT router
hardware box, but once XP SP2 comes out, there's going to be all sorts of
new "how do I do this?" questions from gamers.

I'm not blaming them for catering to their audience, they could have
easily done that without leaving so many services the vast majority of
users don't use open and vulnerable to attack without lessening the
usability of the system. Windows XP Home Edition, out of the box, is
like a poorly-configured *server* and it's supposed to be a home user's
OS.

Again, you simply do not understand the number of operating system
components that act as servers, even if the user has not intentionally
decided to be a big-time Internet server.

I will agree that more than 50% of users (significantly more) never use
those services. But enough do, and of those, most will complain that they
can't figure out how to get it working, even if all that's required is to
click a checkbox to turn it on. Users are dumb and lazy, and rather than
try to figure things out and RTFM, they will just make the phone call or
send the email and ask someone else to fix it for them.

In any case, I've run out of ways to relate this back to aviation, so you'll
have to carry on the debate without me from this point on. I *will* suggest
that you do a little more research (Googling is sufficient if you use the
right search terms) so that you actually understand what multiplayer games
require of their users to get them to work behind a firewall or NAT router
(like Windows Internet Connection Sharing). It's not nearly the non-issue
you claim it is.

Pete

In article , Peter Duniho wrote:
A number of games on the market today support online, peer-to-peer
multiplayer gameplay. And with every single one, every time someone has a
firewall or NAT router in the mix, there's trouble getting it set up. A few
gamers are also network-savvy, but most are not.

All recent games take into account the fact there will probably be a NAT
router somewhere along the line because they are so common. *ALL* the
ISPs here recommend a NAT router for their broadband connection, and
when I lived in the US, NAT routers were certainly not the exception on
a broadband connection even a couple of year ago.

It is simply not true that "most Internet game servers are on co-located
boxes". Most Internet game is done peer-to-peer, which means one of the
players is actually the server.

I have not played a single peer-to-peer FPS, undoubtedly one of the more
popular genres of online games since FPS games stopped using IPX.
I have not come across a single public gameserver or clanserver for
games like UT, RTCW, Enemy Territory et al. hosted on a home server.
Game companies will have to *adapt* if they want to listen to a port.

Again, you simply do not understand the number of operating system
components that act as servers, even if the user has not intentionally
decided to be a big-time Internet server.

Yes I do. They should be off by default.

What's more of a problem: someone having to ask in a forum about how to
forward 45835/udp, or the massive problem with spam and trojaned boxes
we're stuck with now? It seems like the OS was far too usable for trojan
writers, too. Again: games are not a huge problem. Especially compared
with the ongoing problems with owned boxes.

--
Dylan Smith, Castletown, Isle of Man
Flying: http://www.dylansmith.net
Frontier Elite Universe: http://www.alioth.net
"Maintain thine airspeed, lest the ground come up and smite thee"

On Sat, 26 Jun 2004 08:23:44 +0000, Dylan Smith wrote:

In article , C J Campbell wrote:
Fine, if you have a huge corporation that can afford a bunch of well-paid
admins. Your argument is beginning to sound an awful lot like you don't
think most people should have computers and that you think that the general
public is a menace.

No, I think Windows as it currently stands is unsuitable for the general
public. Windows as it stands is fine in an environment where a corporate
admin can look after the network. It's not the users fault, it's the
fault of Microsoft because the configuration is insecure by default.


This is true. Security has never been a significant priority for MS.

Windows as it stands should have at
least the software firewall on *by default* and almost all services
(most services which home users will never use) *off* by default.
Finally, MS has decided to listen and will have the firewall on by
default in Service Pack 2. Security researchers have been saying this
for *years*, and only now is it being done.

Rumor has it, that they will be making such changes in the future. Worth
noting, that I believe I read the XP SP2 will even make the firewall start
BEFORE the interfaces go live. Which means their software fire will
become more than worthless. Keep your fingers crossed.

It's not a problem with the users. It's entirely a problem with Windows.
The users are essentially decieved - it's a nice easy to set up system,
but they've been tricked into having a system that claims to be easy to
use and maintain, but really requires an expert system administrator to
make secure.

This is true. Which certainly does create many problems. Just the same,
in fairness, it requires an expert on any system to properly maintain and
keep secure.


That isn't the fault of Windows.

But it IS the fault of Windows. Having a number of insecure services
turned on by default which the vast majority of home users will *never*
use on a network is purely the fault of Microsoft. The PC manufacturers
also have some responsibility to bear - they could have at least thought
about it and set up a reasonably secure disk image when they duplicated
the hard disk loads for their PCs.

This is a fair complaint. Along those lines, many Linux distros had some
problems because newbs would select every service under the sun and enable
them without knowing what was going on. So, while having available the
shortest path to stupidity stinks, it still boils down to making sure you
have an administrator that's worth a dang. This is true, no matter what
OS you have. Granted, a bad admin, from a security perspective, might be
able to hide easier on non-Win platforms, eventually, they will get caught
with their pants down without regard for the platform that they admin.

Cheers,

Greg




Greg

"Dylan Smith" wrote in message
...

No, I think Windows as it currently stands is unsuitable for the general
public. Windows as it stands is fine in an environment where a corporate
admin can look after the network. It's not the users fault, it's the
fault of Microsoft because the configuration is insecure by default.

Windows as it stands should have at
least the software firewall on *by default* and almost all services
(most services which home users will never use) *off* by default.

Actually, it is home users that tend to use those services the most, for
things like on-line gaming and such.

Now, I know a lot of Windows users. I realize that most computer admin types
have real problems with trusting the general public with anything more
complicated than an Etch-A-Sketch, but I tend to believe that the general
public is a little smarter than that. All the home users I know have
personal firewalls, anti-virus software, etc.

The vulnerable computers that I have seen are the office computers which are
maintained by so-called professional administrators who have turned off all
these protections for their own convenience.

"C J Campbell" wrote in message
...

Now, I know a lot of Windows users. I realize that most computer admin
types
have real problems with trusting the general public with anything more
complicated than an Etch-A-Sketch, but I tend to believe that the general
public is a little smarter than that. All the home users I know have
personal firewalls, anti-virus software, etc.

Considering that something like over 80% of "general public" people run
their internet connection with no firewall and no virus protection, that's
interesting.

The vulnerable computers that I have seen are the office computers which
are
maintained by so-called professional administrators who have turned off
all
these protections for their own convenience.

Really? How many have you seen?