NYT Security Tip - Choose Non-Microsoft Products 298
Giorgio Maone writes "The New York Times article 'Tips for Protecting the Home Computer' follows a story we recently discussed about the proliferation of botnets, and contains some statements which may sound quite unusual from mainstream press, especially if targeted to home users: 'Using a non-Windows-based PC may be one defense against these programs, known as malware ... Alternative browsers, like Firefox and Opera, may insulate users ... NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC'."
So Markoff Doesn't Care for Microsoft (Score:5, Interesting)
I must admit that initially I was a bit humored by the idea that a New York Times author had a right to caution me about computer usage. But when I looked up his credentials [wikipedia.org], he seems to be a qualified and experienced tech writer who probably has good advice for the general public. Granted, his last recommendation: "Don't click if someone offers you something too good to be true. It is." worries me that people may be wary of certain open source projects but in the end, I'd agree that I'd tell my sister and friends just not to install anything and to ask me for specific links to programs that solve problems or fill needs.
In the end, it's a very short article and doesn't provide a very comprehensive picture of security for a home user. You may think its news that Mr. Markoff decided to push people away from Microsoft but he's only telling you the facts about the numbers. You won't have as many problems with Linux but there's no way your daughter's iPod will work with iTunes Music Store on your computer anymore. If he wanted to make this a notable article, he should have delved into trade offs and better coverage of issues.
So Markoff doesn't like the benefits of running Microsoft software. So what?
Microsoft Astroturf (Score:5, Interesting)
Re:While on the surface..... (Score:4, Interesting)
Sure, everything is exploitable, but some things are a lot harder to exploit than others, and both linux and OSX are poster children for this. To imply that OSX is, or ever will be, as vulnerable to hacks as Windows is puts you well into the "disingenuous" category, I'm afraid.
Microsoft would love everyone to think that OSX is just as vulnerable as Windows is, but the fact is, it isn't. It's a lot better organized operating system code-wise, and patches come swiftly and surely from Apple whenever anyone finds anything. Which is quite a contrast to Microsoft's approach, even if they do have a harder time patching Windows.
Deep Freeze (Score:2, Interesting)
Re:ding! (Score:2, Interesting)
Consumers are relatively stupid that way, but I think it's true that consumers in general are creating a change in the wind. Ever notice how all the consumers demand "choices" in the market, yet whenever there are multiple competitors, consumers do their best to kill off all except one and accidentally create stagnating monopolies? (see 8-track/Cassette, VHS/Beta, PC/Mac etc). Very few people will embrace more than one technology (obviously) but everyone tries to convince everyone they know to also choose the same thing they've chosen. Funny, though.
Re:Alternative browsers = more secure? (Score:2, Interesting)
Re:ah yes... (Score:4, Interesting)
I don't agree: I run Gentoo; since every app I run is compiled from source for the processor architecture I am running, some classes of exploits cannot target me because even if they knew which version of a given app I am running, they can't know precisely the layout of the binary because of the personalized compilation flags I use.
It doesn't rule out exploits, but it does make it a bit harder on them.
With Windows, most of the code you have running is the exact same binary for every x86 machine.
I guess that that is a situation where LINUX is making use of "security through obscurity" and Windows is incapable of doing the same.
Ironic, isn't it?
Interesting.. (Score:1, Interesting)
MS Should have put out Windows XP Second Edition (Score:4, Interesting)
The last big Windows worm was quite a while ago. They are still alive thanks to the unaware. Windows has a lot of ports open compared to other machines mostly because it was designed to operate in a operate in an Active directory enviornment...and because RPC is overally relied upon. Yes you can get a virus delivered by email, but this is true of any OS where the user is running as root ( admin ( if the os even supports it ) ) and opens up an attachment. Windows users are bombared with viruses that Mac users get and can safely ignore...heck if you tried to run the exe it would just fail. Mail virsuses are getting less and less as well as email providers and spam firewalls are blocking them. A properly written virus ran on Linux or Mac OSx can get thru the protection. Linux and Mac OSx have had plenty of exploits to get a file install things.
While other OSes interact with each other, they don't quite do it with the built in way MS does. This is good for the end user and bad for security. SMB setup has gotten a heck of lot easier on Linux in the last few years, but compared to Windows it'll never be quite as easy. There are products out there like Groupware, but Active Directory is by far the simplest and most useful for setting up a small to massive network. Thousands of companies use it every day to share files and get work done. Install a printer from the active directory isn't super easy, but I ca'tn see a Linux product comparing.
Mac interaction with AD isn't that bad. I wish it had an Active Directory client from the get go, but my Mac users can print, share files, and a few other things okay. Nobody likes to mention that Windows file security is far more advanced then Linux's will be for quite sometime. The ability to permission a file to individual users at varying levels is absolutely crucial. It is a pain for my Mac users to have to remember their NT passwords and visit a NT machine to reset it every once in a while, but it is good enough so they can run Photoshop...with the Mac keyboard.
I won't be suprised to see a mac mode in Vista sometime soon. It wouldn't really be that hard for Windows to stick the file menu up on the top of the screen when a Window takes focus.
The fact of the matter that no ones wants to talk about is MS is becoming fairly secure if installed with it's patches and stuck behind a firewall. This is true of practically all OSes. The big problem MS has it that it doesn't update it's install disks and most of it's vendors don't update their freaking images. If I get a new Dell I would expect not to have to install a single patch that was over two months old, but alas they don't do that for you. Imagie you installed Redhat 3.0 and then put yourself on the network. I'm sure someone out there could right a worm for Redhat 3.0 right? There isn't one port in the default install with a buffer overflow issue? It be an interesting expierement to write worms for older versions of OSs and see how they take. My guess is that there are more Windows 98 boxes running today then RedHat 3.0 boxes ever ran.
The point is OSx or Linux get the marketshare that Windows has you'll see 1000's of older versions of the OS. As it sicks MAC users generally upgrade fast, and Linux users are practically religous about it outside of the server scope. And on the server side it is likely the machines are protected via firewalls.
The browser hole is getting plugged as we speak. Firefox, Opera, and IE are all plugging away. The big issues is that HTML and Javascript t
Heh (Score:5, Interesting)
Never mind the recent story that Firefox was vulnerable to a critical (one where "visit bad web page" == pwn3d), unpatched, published exploit for all of 9 days last year (IE was vulnerable for 9 months). This is called a "vulnerability window" and is an important part of any security assessment attempting to measure how secure bits of software are without having to rely on vendor claims. Obviously, that's too quantifiable for use with such a reasoning process. Then we have to reason about all the exploits that aren't public, as if people can silently exploit computers en masse with private exploits and no one will notice. Sure, if they're not interested in a botnet of random computers, they'll stick to targeting specific people and keep their exploits quiet, but that doesn't really impact the security of the population in general. It's also funny that people have this perception sometimes that they only visit "safe" sites. Even assuming they're not one of the porn viewing public, and that they never install smilies or screen savers (great way to get infected) or other such crap, that ignores that we've seen major advertising networks get compromised and serve up exploits. Not to mention the shady ad networks that do that deliberately...
Ironically, when it comes to open vs. closed source, it's usually argued that open source helps make the vulnerabilities more public, so that puts things even more in Firefox's favor. So to argue that IE is even as secure as Firefox requires you to use ridiculous metrics touted only by PR departments in media releases.
So yes, it's true--Firefox does have bugs. There were even 9 days last year when you could've been 0wn3d by an unpatched exploit (assuming you haven't learned to use the noscript extension). But there's no way to hide the sheer magnitude of the difference: 9 days vs. 9 months. Yeah, they can improve. Maybe they'll even manage to do things a lot better. And maybe you can find a few things to quibble with in that story. But the fact is that Microsoft has a terrible security record. Period. No one else is perfect, sure, but let's call a spade a spade here instead of being distracted by a dirty hoe [wikipedia.org]
Marketshare != Bette Target (Score:3, Interesting)
This is a BS argument. Here is one example of a program with larger marketshare but fewer cracks, both attempts and percentage successes:
Apache [apache.org]
IIS [microsoft.com]
Just because it's a bigger target doesn't mean it's a better target. Windows is a good target because it's big AND because it has a shit-ton of security flaws. You need to be a security expert to properly safeguard Windows, and most people don't have enough security expertise.
Weylin
Re:ding! (Score:3, Interesting)
The IBM PC-Compatible of the 80's got the job done quickly and cheaply when the Mac was the high-priced spread.
Windows 95 swept in on the perfect storm. It ran on entry-level hardware. It arrived at a time when services like AOL were driving towards mass-market acceptance.
The Mac is typically available only in a half dozen or so standard configurations while the Windows PC can be customized endlessly for every environment from the auto body shop to your kid's basement playroom.
The Mac holds the same niche markets it claimed in 1984, both sustained and burdened by its identification with an upscale urban lifestyle.
Windows remains solidly middle class. The gamer's PC. The office workhorse.
Re:Marketshare != Bette Target (Score:3, Interesting)
Furthermore, we should see more successful attacks against Apache than against IIS, since the implication of the myth is that the problem is one of numbers, not vulnerabilities.
Yet this is precisely the opposite of what we find, historically. IIS has long been the primary target for worms and other attacks, and these attacks have been largely successful.
From my experience dealing with server exploits most site defacements aren't because of Apache flaws, it's insecure php scripts that upload exploits to writable directories. Mod_security helps a lot with this though as it will block 90% of exploit attempts with a decent rule set.
Re:So Markoff Doesn't Care for Microsoft (Score:2, Interesting)
> store (WalMart, Best Buy, whatever), pick up software or a
> peripheral device and see that it is supported and can run
> on your home machine?
>
> For some people that's the only benefit they care about.
It has been my experience that all hardware that I have installed into my desktop box has been supported perfectly without the need to look for any manufacturer-provided driver.
It has also been my experience that all the commercial software that I have purchased from stores such as Dick Smith Electronics, or Noel Leemings (I can't offer any comment about software sold in specialty stores such as WalMart or "Best Buy" because they don't exist in my country) has ended up either not being very good - ie very buggy - or has been too expensive for what it was.
It is my experience that Microsoft Windows and Microsoft Office are overpriced - not to mention essentially unusable on the 64bit platform; and this is one of the reasons why I don't use them on any computer in my home (the other being that I like the Unix design philosophy).
I also find that I am more productive when using the K Desktop Environment than using the Redmond GUI - I know that things will just work without fault.
And then, I don't play the computer games - they're more for kids than adults, and I would prefer to encourage use of the board games and other puzzles that are in the cupboard - they're much more fun and socially interactive around the table.
Again - I am not totally convinced that what you are suggesting is a "benefit" of "Microsoft software".
Don't forget to complain to the merchant (Score:3, Interesting)