NYT Security Tip - Choose Non-Microsoft Products 298
Giorgio Maone writes "The New York Times article 'Tips for Protecting the Home Computer' follows a story we recently discussed about the proliferation of botnets, and contains some statements which may sound quite unusual from mainstream press, especially if targeted to home users: 'Using a non-Windows-based PC may be one defense against these programs, known as malware ... Alternative browsers, like Firefox and Opera, may insulate users ... NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC'."
Re:ah yes... (Score:5, Insightful)
Re:ding! (Score:5, Insightful)
Users don't like having to make choices about the innards of their computer; they just want shit to work.
Re:ah yes... (Score:5, Insightful)
Same is true for biological systems - diversity is a good thing as it is less likely to be infected with a disease. Genetic diversity implies a more robust "operating system" species that's harder to destroy. Remember all the hell around the blaster worm. Imagine that MS, Apple, RedHat, Ubuntu... only had 10% marketshare each... it'd be bad, but not nearly as bad as it was.
If you're talking about a focussed professional attack on a specific system: to be honest, the OS you're running is probably pretty insignificant; the chances are there's a simple admin error somewhere along the line.
Re:Noscript is one of the best reasons to run Fire (Score:5, Insightful)
Re:ah yes... (Score:2, Insightful)
Re:So Markoff Doesn't Care for Microsoft (Score:5, Insightful)
While we all want people to run Free Software (at least a Free OS) all the time, it's just not practical right now. His advice could mean, use a Mac, which is what I have been recommending to people I've fixed computers for, despite the fact that Linux/BSD/GNU may be better for the long run. iTunes works with Mac, so does quite some other programs (not talking about DirectX games). The common sentimental for people who switched from Windows XP to OS X is usually, why did I used that crap before? Especially when they went to a Windows based computer for whatever reason. I recently got my mother set up on a computer (who never used one before) and I installed Linux, and she thought it was easy enough to use. For a non-power user who just casually browse the web, email, maybe Skype for VoIP, Linux is good enough. For people who are used to proprietary software and not wanting to change, OS X might be a better choice.
Using a non-Windows-based PC may be one defense... (Score:4, Insightful)
May be? MAY be? MAY BE?
<SARCASM>Sure, I have to worry about my Mac getting co-opted into a botnet 24/7, because we all know how many active threats there are to Macs! </SARCASM>
Man, talk about "understating the case."
The honest way to put it is that running Windows is the #1 way to get yourself into trouble. Adware, outright co-opting of your resources, virus problems... Windows boxes are insecure and risky, more so than any other machine, right out of the packaging.
You want security and simplicity of use? Mac isn't just "an" answer, it is the *only* answer. You want security and not too worried about simplicity? Linux or a Mac. You willing to re-work of all Microsoft's incorrect settings, patch all the browser vulnerabilities, play the target role in the hacker version of whack-a-mole, reboot your PC every few days because MS has discovered another severe vulnerability in their spaghetti code? Buy a Windows PC. Endless entertainment for puzzle solvers who don't care about their data security or computer availability. Been there, done that, found the solution, not going back.
Re:Alternative browsers = more secure? (Score:5, Insightful)
Is this really true? Anecdotal pronouncements like this never seem to come with any references. Everyone says the sky is firmly in place, but how many have looked up recently? It's falling at an amazing speed!
Re:ah yes... (Score:5, Insightful)
Re:So Markoff Doesn't Care for Microsoft (Score:5, Insightful)
Let me put it to you this way: I sell Windows software for a living. Not Mac-ware. Not yet. . Still, I recommend to everyone I know that they get a Mac. I can't, in good conscience, recommend Windows. Malware, yes, that's certainly a huge problem. DRM issues in Vista are another (such as degrading audio if unsigned.) Ridiculous license terms are another (no virtualization for home? Change your hardware, lose your authorization? ridiculous!) Constant reboots and restarts are another. Incorrect configuration out of the box is another - not just privileges, but what is running and what is not, what is turned on and what is not. As near as I can tell, the key Microsoft OS policy is "Wreck the user's day. Every day."
Re:So Markoff Doesn't Care for Microsoft (Score:3, Insightful)
1 GPL
2 not GPL but has a Linux version or has source downloadable (+half points)
3 site has massive ads and or flash based ads (- double points)
4 site mentions in a positive way Gator/Claria Bonzi buddy weatherbug or any of the KOS programs (warm up the BGF9000 and pick up a QD glyph)
Re:So Markoff Doesn't Care for Microsoft (Score:4, Insightful)
> Microsoft software. So what?
What benefits?
I am not totally convinced that automated silent virus/malware installation is a "benefit".
Re:ding! (Score:2, Insightful)
Most users never really even wanted a computer as they were sufficiently happy with snail mail and sticky notes. Wall Street in the early nineties was pretty dull and the politicians of the day really wanted something to spark up life (and profits) so the computer industry went from the realm of scientists, mathemeticians, and hobbyists to a consumer necessity nearly overnight--and not because the population (as a whole) really wanted computers. If one thinks back to the dawn of the home computing windfall, at least from what I saw, it really was a case of nothing else being hyped as much as the computer was. From a business perspective I can see ulterior motives behind this and how those motives have played out over the years. Maybe you can as well.
Once people had computers (and had sunk the $1500 into their first home system), well, now it's just a necessary evil that played better solitaire than the kitchen table.
"Honey! We paid $1500 for that thing and it's too heavy to just throw away!"
So, yes, it follows logically that people don't really want to know about the innards of their computer because, truthfully, most people never really wanted the computer to begin with. Now they're like kudzu [alabamatv.org]--they're everywhere, and they're not going away, and there's so much money in the infrastructure around them that we have to take care of them.
Re:So Markoff Doesn't Care for Microsoft (Score:5, Insightful)
For some people that's the only benefit they care about.
Re:Alternative browsers = more secure? (Score:4, Insightful)
No, the reality is most non-MS products are more secure by design.
The fact is that years ago MS adopted an insecure architecture, at the time was roundly criticized for this, and has spent the years since being every malware's convenient bitch.
It's not "'cause that is where the money is", it's "'cause the front door is open".
Furthermore playing the numbers games is a fool's contest: MS doesn't publish their problems. Other folks have partial lists (we can assume MS knows of more) and every so often MS deigns to fix some of their problems and release patches, but that in no way is equivalent of maintaining a public bug tracker. Oh, and don't for a moment delude yourself MS's public documentation covers a tenth of their errata, not even MS pretends that.
So please, next time you post, let it not be burping up this old, well debunked, trope yet again. As sad has /. has gotten recently the standard still remains well above the old smaller-target argument.
One thing, that's easy. (Score:3, Insightful)
[using anything but M$] is a steep learning curve, and a lot of people think why bothered [sic].
So M$ shoved IE 7 down their throats as a forced update. Borat voice, "Is nice!" If you want a consistent interface instead of, "change for change's sake" use free software.
Back in the real world, my five year old girl is happy with Firefox. I like that her system does not have to be replaced every two years and that it does not catch porn spam or American Express pop ups. Mepis took me all of 20 minutes to install and it works with all of her favorite PBS toy sites, and many more demanding A/V playthings. I'm sure, in time, she will master other tools and that they will be nice free ones that don't change all the time.
Think about it (Score:5, Insightful)
The 2'nd part is compare bank robberies to 7-11 robberies. Back in the 60's, banks were robbed. BWhy? because they were easy and had lots of money. But then in the 70',s the banks took actions and made it difficult. They still had the money, but it became very difficult to rob them. So the robbers turned to convinence stores who had say a thousand dollars (acceptable), and were easy. At first 7/11 ignored it, but then their ppl were being killed. So they made it very hard for robberies to get a thing. Now, banks and 711 are == difficult, so the robbers are back after banks. WHy? Because if you are going to risk it, then go for the big score. Interestingly, the banks now limit how much money is available to the tellers as well as every teller has a loaded stash.
So what does that mean for Windows vs. OSS. While Windows is easy to crack, everybody will hit it. If ever it becomes >= to *nix in terms of security, then *nix will be hit, because overall, there is much more money on the *nix systems. And if *nix and Windows become better than mainframes, then they will turn to there because there is REAL money.
obscure, like published source code? (Score:3, Insightful)
The old "security through obscurity" solution rears its head yet again..
Sounds like you bought the popularity lie [slashdot.org].
Re:Noscript is one of the best reasons to run Fire (Score:5, Insightful)
Re:Yeah, right (Score:3, Insightful)
This claim that security holes are strictly an effect of popularity is blatantly wrong.
It's true that more security holes are exposed in popular software, but some software just has less security holes to be exposed. Building secure unix-like operating systems is a topic that a lot of people have put quite a bit of effort in to - for much longer than Windows has even existed. Both GNU/Linux and Mac OS X can take full advantage of that work, since they're Unix-like systems. Windows cannot.
Re:obscure, like published source code? (Score:4, Insightful)
Meh. (Score:1, Insightful)
Re:Wow! Talk about missing the point (Score:3, Insightful)
I see you are having reading comprehension problems. Read again. Slowly. You may be able to determine that those are two different statements, with two different sets of requirements.
You know what? I don't have to "educate" users I point at Macs, because Macs work and are secure out of the box. Also, I don't mind in the least being characterized as a fan of systems that work. Don't worry too much about my technical abilities; I've been writing code and designing computer hardware since the early 1970's. One of the consequences of that is I am quite familiar with Windows, *nix, old Apple systems, OSX, and a bunch of earlier operating systems as well. And if there's one constant that's been the same since day one, it is that the less the user needs to know to use the computer safely, the better off they are.
You like Windows? Fine and dandy. I don't. I won't recommend the OS as a primary operating environment any longer under any circumstances. Virtualized in a sandbox, yes - when you need a particular application. Otherwise, no.
Re:ding! (Score:3, Insightful)
Then why isn't the world using a Mac?
They're slowly catching on but consumer's brains don't move as fast as the market. They still think Macs are stupendously expensive (they aren't) and they think Macs aren't "compatible" (whatever that means) and they think they'll be viewed as an alien outsider (which is happening less and less) and they think there's no software for the Mac (yeah, right!) and they don't think they can learn a Mac (it takes 10 minutes) and they don't think there's an alternative to the PC (stupid consumers).
I know several of people who have told me these excuses recently and they won't even (literally) walk across the street to the Apple Store to see for themselves. They don't want to know. On the other hand, after introducing a few dozen Macs to my workplace of 80 people a few years ago, about half the company has drop kicked their home PCs and bought Macs for themselves. We have more Mac owners now than PC owners in the company and most had never touched a Mac before. The only element that will actually change people's minds is experience with the product and you can watch all the old excuses quickly disappear from their comments. The number one reason they switched to Macs turns out to be "it just works".
For the ones that yell "but you can't play games", I tell them "fine, then use a PC or buy fucking Xbox - see if I care". They're the ones who criticize my preference for a Mac while I'm helping them fix their PC.
Re:ding! (Score:3, Insightful)
Your average user doesn't know what they need a computer for, they just know they need it. So they'll just look at what the salesmen point them at, try to find something cheaper, and get it. They won't care whether or not it runs Windows or Mac (though if they think they're savvy they might swing towards one or the other).
Re:ah yes... (Score:4, Insightful)
These are the people who click OK just to get the box to go away. No operating system is going to save them from themselves without removing the luxury of convenience they insist on keeping.
Re:While on the surface..... (Score:3, Insightful)
As a matter of fact, I've probably spent more time looking at Windows source than most people outside of Microsoft. I'm the developer of a major Windows application, easily in the top 1% in terms of complexity and sophistication and 100% compatible through considerable effort across the various large scale Windows platforms, not just the ones you're probably familiar with, but also including all three of the RISC Windows versions, PPC, MIPS and Alpha. Apple's source has been comparatively easily available, and of course, linux source is 100% in our faces all the time. I've spent tons of time in all of them. We've successfully ported to all three operating systems - OSX/intel, OSX/ppc and linux - from Windows, and each time, we had to get a decent grasp on some fairly complex issues that required hundreds of hours of study of the OS code. As well as deal with Windows various problems. These range from various incarnations of Windows graphics UI's working backwards from one another across concurrently available versions to memory leaks and Microsoft's multi-year long failure to institute a check bounds on such prosaic items as the bloody system file dialog multiple-select results despite being told repeatedly about the problems. All of which nastiness we managed to navigate, and fix for them, since they couldn't get their act together enough to act responsibly. So yes, I have some vague idea what is going on inside these operating systems, thanks for asking.
Also, because of developing an application of such size and broad incarnation OS-wise, I have experience with a wide range of users. And that is what leads me to advise against Windows if at all possible. Users don't need extra problems. Computers are complex enough, and the idea that a user wants to tussle with OS design shortcomings has been false from the beginning. The subset of technical people who want to do that isn't even all that large, and in the application end-user space, they're just about non-existant. The absolute best answer at the present time is OSX. Buy the computer, turn it on, answer a few reasonable questions (like, What Is Your Name?) and you're running. Safely. Reliably. Enjoyably.
Are there more complex, more functional security models than *nix? Sure. Do we need them? Now that is another matter. When (actually if, because it hasn't been demonstrated yet) OSX is getting multiple disastrous hacks a day as is Windows, when Apple machines are being pwned right and left, Apple demonstrates it can't keep up a 'la Microsoft, and the *nix security model itself is shown to be insufficient to the task of keeping the user safe, then we can have a productive conversation about the security model perhaps needing a good thrashing. Until then, to drag out a really tired one, OSX apparently isn't broken and there's no indication it needs fixing.
Re:ah yes... (Score:3, Insightful)
I beg to differ. The product is only as secure as its default settings. Windows XP, pre-SP2 had some very insecure default settings, allowing for these botnets to proliferate. SP2 addresses this issue to some extent, and Vista goes further. You'll find that a lot of compromised machines were hacked because they're running pre-SP2 Windows XP.
Maybe its just me... (Score:3, Insightful)
In otherwords, my question becomes where the hell do you (you being the individuals who've had these issues) go to get these problems? I want to actually see one for once, because I personally believe that its either a bunch of "bravo sierra" or the users truly have no clue on what to do (or not do) on a computer.
I'm not saying Windows is necessarly better, as for my own personal knowledge, I'm cutting my teeth on Fedora Core 6, and hating positively HATING the fact I've had to do 4 installs (1 initial and 3 re-installs) just to get it up and running, but I'll try it because I always like being fair) but having said that I do not see really any viable alterative software that Linux provides that 1) looks as nice as Windows, 2) operates in a relatively simple manner -- this can be chalked up to my not knowing the system however, and 3) not having to touch the command line or reworking source code. EVER.
In the end while I believe the author is well intentioned, for individuals who just want the computer to work (with a minimal learning curve), Windows is still the champ in that area (even though, some individuals / groups claim it makes it easier for malware authors to operate as well).
Re:Noscript is one of the best reasons to run Fire (Score:4, Insightful)
Re:Wow! Talk about running as administrator! (Score:3, Insightful)
Apparently resolving this isn't that simple. Otherwise, ad-aware (not to mention its innumerable brethren) wouldn't be one of the single-most downloaded applications for Windows, now would it? Norton and all the other "security vendors" wouldn't have anything to do either, would they? Do you see tons of users running for adware prevention or virus checkers or third party firewall software on the Mac/OSX the first day they get it? Or later? No - you don't. And why? Because it isn't needed. Those who have opted for the very few programs in those categories on the Mac have been scammed: because there is no such set of problems. Those problems are Windows problems.
And that is why that today, at least, OSX is better for the vast majority of end users. Not because it is better looking, though it certainly is. Not because it is easier to use, though it is that, too. Not because the hardware always works, though it does, and without any fussing around, too. But because it is easy, reliable, and doesn't continually force the user into a state of pissed-off fugue.
It used to be that because some applications were only developed for windows, that the Mac was accurately seen as a poor choice for some based on app availability. Today, with Parallels running exquisite sandboxed virtualizations on totally kick-ass hardware, you can run the serious windows apps you have to and then kill windows, tossing the OS state completely, keeping only user filesystem data and chopping off most Windows security problems at the neck while muttering, "Die, you #$%^er!" There's never been a better time to go OSX and say goodbye to the black hat hacker community.
This guy needs to be silenced! (Score:1, Insightful)
As a long time Linux user I have to say...
Honestly, what does he think he's doing giving people dangerous, top-secret information like this? Alternative operating systems should be kept secret from the standard computer user! The less people that know about Linux the better - that way my computer will not be targeted!
Seriously though, while Linux and Mac OS X are inherently more secure, they have their fair share of (in some cases rather bad) exploits. So recommending this to people seems like it will only ever be useful in the short term. Firefox is a great product, and while I recommend it to most people, I'm very wary when I tell them it is more secure. I'm no expert on the statistics, but it's market share is certainly growing. As more people use it, it becomes a more viable target.
It seems like a paradox to me. It's secure partly because less people use it. Security is desirable, so more people use it. It becomes no longer as secure.
Whilst I love to spread the Tux joy, I very occasionally find myself hoping the software I use never becomes too mainstream - it's a purely selfish desire to have an easy worm-free computer life! It's security through obscurity, but at the moment it's working...
I suppose if there's one thing going for the Windows security model, it's that most people are aware that malware is all to easy to pick up; at least they're aware of the security problem. If people switch to something else and think that they're safe, that attitude may undo any good from them using a more secure system.
"Waiter, waiter! There's Linux on my PC!"
"Quiet sir, or everyone will install it."
Re:Think about it (Score:3, Insightful)
Umm... where did you pull that out of? Everything I've ever read says exactly the opposite of this. In fact, there are more security incidents with Apache every year than with IIS strictly because it is so much more popular. We can all agree Apache is more secure but only if you know what you're doing.
Here's a link [theregister.co.uk]
I would say that the logical thought process does indeed hold true. It makes a lot of sense for people to target Apache since that's where the majority is. Setting up Apache servers that do anything beyond basic static web serving is indeed difficult, like configuring PHP and getting the whole thing to talk to Oracle when you can do the whole thing with IIS is half the time and assuming IIS6 or IIS7 you have yourself a reasonably secure site out of the box.
Re:ah yes... (Score:5, Insightful)
Re:Ultimate Firefox Add-Ons for Privacy/Security (Score:3, Insightful)
Re:Interesting.. (Score:3, Insightful)
Is not even supported by the article you have quoted. It is claiming that 57% of server hackings are on Linux boxes, but Linux servers were cruising around 75% of all servers & M$ around 21% (according to netcraft) back in 2004 when this article was excreted so adjusting for % active servers hacked... Linux still wins. Great way to prove your point. Also from the article:-
Well, they would wouldn't they given the comparative vulnerabilities of the two O/Ss to worms... Thus invalidating anything they try to claim. Also they give no indication of the "market share" breakdown of the subset of servers they examined. It could be 10,000 Linux Servers vs 10 IIS servers for all we know.
Another B/S M$ funded story that's over two years out of date to boot.
Re:So Markoff Doesn't Care for Microsoft (Score:3, Insightful)
I have no objection at all to closed (or open) systems. Just poorly crafted ones. If I feel that linux ever gets to the level of quality and consistency that OSX has, I'll be happy to recommend it. I use it every day, so I'm sure I'd notice were it to ante up, as it were. Today, as far as I'm concerned, the only OS I am as comfortable recommending to a technical person as to my grandmother is OSX.
You're so wrong (Score:4, Insightful)
- Most OEM installations of Windows will have administrator as the default user, not requiring any logon at startup. In most Linux distros, you are disuaded or even cannot do this (e.g. Ubuntu), instead you work as a non-root user and sudo to do admin tasks.
- Even with SP2 Windows XP enabled the infamous NetBIOS file and print services, just for one example. Nice summary of this and other "features" here [theregister.co.uk]
- A Windows user can readily execute an EXE or VB script etc, e.g. a dodgy email attachment or download from a shady website, simply by double-clicking it from Explorer. Depending on the level of access to resources (see 1) the system may be totally compromised. In Linux by contrast, executing anything beyond what can safely be installed through the software repository requires knowledge of setting file permissions (and often how to build and install from source).
- Similarly for ActiveX, given the user confirms they want to run it, the system is left totally open to abuse.
Small wonder all the spambots, key loggers, spyware and viruses out there in the real world live in Windows, right? Its not simply because of Windows' popularity, doesn't the Mac have 5-10% market share?