Forgot your password?
typodupeerror
Security The Media IT

NYT Security Tip - Choose Non-Microsoft Products 298

Posted by Zonk
from the wise-people-over-there dept.
Giorgio Maone writes "The New York Times article 'Tips for Protecting the Home Computer' follows a story we recently discussed about the proliferation of botnets, and contains some statements which may sound quite unusual from mainstream press, especially if targeted to home users: 'Using a non-Windows-based PC may be one defense against these programs, known as malware ... Alternative browsers, like Firefox and Opera, may insulate users ... NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC'."
This discussion has been archived. No new comments can be posted.

NYT Security Tip - Choose Non-Microsoft Products

Comments Filter:
  • ... some statements which may sound quite unusual from mainstream press, especially if targeted to home users: 'Using a non-Windows-based PC may be one defense against these programs, known as malware ...
    I don't find it that unusual. I mean, I recall a bunch of articles in other newspapers talking about and recommending Firefox. I've also read many magazines & seen television news on the lack of viruses on an Apple.

    I must admit that initially I was a bit humored by the idea that a New York Times author had a right to caution me about computer usage. But when I looked up his credentials [wikipedia.org], he seems to be a qualified and experienced tech writer who probably has good advice for the general public. Granted, his last recommendation: "Don't click if someone offers you something too good to be true. It is." worries me that people may be wary of certain open source projects but in the end, I'd agree that I'd tell my sister and friends just not to install anything and to ask me for specific links to programs that solve problems or fill needs.

    In the end, it's a very short article and doesn't provide a very comprehensive picture of security for a home user. You may think its news that Mr. Markoff decided to push people away from Microsoft but he's only telling you the facts about the numbers. You won't have as many problems with Linux but there's no way your daughter's iPod will work with iTunes Music Store on your computer anymore. If he wanted to make this a notable article, he should have delved into trade offs and better coverage of issues.

    So Markoff doesn't like the benefits of running Microsoft software. So what?
    • by DJ Rubbie (621940) on Sunday January 07, 2007 @07:15PM (#17502218) Homepage Journal
      In the end, it's a very short article and doesn't provide a very comprehensive picture of security for a home user. You may think its news that Mr. Markoff decided to push people away from Microsoft but he's only telling you the facts about the numbers. You won't have as many problems with Linux but there's no way your daughter's iPod will work with iTunes Music Store on your computer anymore. If he wanted to make this a notable article, he should have delved into trade offs and better coverage of issues.

      While we all want people to run Free Software (at least a Free OS) all the time, it's just not practical right now. His advice could mean, use a Mac, which is what I have been recommending to people I've fixed computers for, despite the fact that Linux/BSD/GNU may be better for the long run. iTunes works with Mac, so does quite some other programs (not talking about DirectX games). The common sentimental for people who switched from Windows XP to OS X is usually, why did I used that crap before? Especially when they went to a Windows based computer for whatever reason. I recently got my mother set up on a computer (who never used one before) and I installed Linux, and she thought it was easy enough to use. For a non-power user who just casually browse the web, email, maybe Skype for VoIP, Linux is good enough. For people who are used to proprietary software and not wanting to change, OS X might be a better choice.

    • by fyngyrz (762201) * on Sunday January 07, 2007 @07:30PM (#17502342) Homepage Journal

      Let me put it to you this way: I sell Windows software for a living. Not Mac-ware. Not yet. . Still, I recommend to everyone I know that they get a Mac. I can't, in good conscience, recommend Windows. Malware, yes, that's certainly a huge problem. DRM issues in Vista are another (such as degrading audio if unsigned.) Ridiculous license terms are another (no virtualization for home? Change your hardware, lose your authorization? ridiculous!) Constant reboots and restarts are another. Incorrect configuration out of the box is another - not just privileges, but what is running and what is not, what is turned on and what is not. As near as I can tell, the key Microsoft OS policy is "Wreck the user's day. Every day."

    • Re: (Score:3, Insightful)

      by RobertLTux (260313)
      easy way to have the Luserbase understand how to tell if a free program is good/safe

      1 GPL /uses Sourceforge as a mirror farm (+points)
      2 not GPL but has a Linux version or has source downloadable (+half points)
      3 site has massive ads and or flash based ads (- double points)
      4 site mentions in a positive way Gator/Claria Bonzi buddy weatherbug or any of the KOS programs (warm up the BGF9000 and pick up a QD glyph)
    • by Helldesk Hound (981604) on Sunday January 07, 2007 @07:32PM (#17502366) Homepage
      > So Markoff doesn't like the benefits of running
      > Microsoft software. So what?

      What benefits?

      I am not totally convinced that automated silent virus/malware installation is a "benefit".
      • by Anonymous Coward on Sunday January 07, 2007 @07:40PM (#17502426)
        I am not totally convinced that automated silent virus/malware installation is a "benefit".
        How about the benefit of being able to waltz into your local store (WalMart, Best Buy, whatever), pick up software or a peripheral device and see that it is supported and can run on your home machine?

        For some people that's the only benefit they care about.
  • The only usable way to control Javascript is site by site, and turning it off by default slashes a whole army of exploits out of your life. Every browser should have this functionality built in.
    • by Nasarius (593729) on Sunday January 07, 2007 @07:09PM (#17502152)
      NoScript is nice, but it could use a large default whitelist, something like the AdBlock Plus subscription options. It gets pretty tedious to allow every site manually, especially when some only break in subtle ways.
    • by Bob54321 (911744) on Sunday January 07, 2007 @07:57PM (#17502602)
      I use NoScript but my wife found it very annoying that all the sites she wanted to visit would not work without having to allow them first. I don't think recommending it to the average home PC user is very helpful because they will just think that it broke Firefox.
    • by El Cubano (631386) <roberto&connexer,com> on Sunday January 07, 2007 @08:34PM (#17502928) Homepage

      The only usable way to control Javascript is site by site, and turning it off by default slashes a whole army of exploits out of your life. Every browser should have this functionality built in.

      Amen to that. I use noscript and I have lost count of how many sites fail completely or outright refuse to load if JS is disabled. The number of sites which degrade gracefully is sadly quite small. If every browser had this, maybe web developers would finally get it through their thick skulls that JavaScript is best utilized to enhance the user's experience. Obviously, there are some exceptions, like AJAX applications and the like. It bugs me so much that I have never developed a site that did not degrade gracefully in the absence of JS. In fact, the only way the user would notice something was different was if they had first seen the site with JS and then later without or vice versa. Some of the worst offenders are the "major" tech companies. Try logging into Yahoo webmail with JS turned off to see what I mean.

      • by Professor_UNIX (867045) on Sunday January 07, 2007 @09:02PM (#17503180)
        Amen to that. I use noscript and I have lost count of how many sites fail completely or outright refuse to load if JS is disabled.
        I love news sites that require you to turn on Javascript. I'll click on a link, the article will load and look absolutely fine and formatted just dandy for reading and then boom, a second or two later it'll redirect to some page saying "Javascript is required on this site" and won't even let me read the article. What on Earth would I need Javascript for in order to read TEXT on a page? The only thing I can think of is for them to handle their advertisements.
        • Whenever I'm unable to purchase something from a web store because their website requires Javascript, I always make it a point to send the sales department or webmaster for that company an email explaining that I was unable to purchase from their website because of the Javascript requirement and/or because their web site is incompatible with my FireFox web browser. I hope everyone else also does this, because although news websites probably don't really care much whether you visit their site or not, merchan
  • NYT is out of touch. (Score:4, Informative)

    by twitter (104583) on Sunday January 07, 2007 @07:04PM (#17502110) Homepage Journal

    Not use Microsoft? That's unpossible! They must be Mac or Linux users and are completely out of touch because they don't have the problems in the first place.

    Seriously, it's good to see the message getting out. Another widely read, "mainstream" source, the BBC, has said the same thing already, like this [slashdot.org]. Of course, everyone without a vested interest in M$'s welfare has been saying enjoying the same for years. Sooner or later, despite billions of advertising dollars and bullshit studies, people are going to get it and real OS choice will happen. Seeing this in the NYT makes me think this is sooner than later.

  • Uh oh (Score:3, Funny)

    by neuro.slug (628600) <neuro__@ho[ ]il.com ['tma' in gap]> on Sunday January 07, 2007 @07:08PM (#17502142)
    I hear Steve Ballmer got the news while visiting a chair factory. Remember to duck and cover!
    • by IANAAC (692242)
      I hear Steve Ballmer got the news while visiting a chair factory. Remember to duck and cover!

      That joke never gets old.

      Thanks again.

  • by 8127972 (73495)
    .... This advice seems sound, the reality is that EVERYTHING is exploitable. OSX for example hasn't got a lot of exploits, but you can be assured that they are coming. FireFox has exploits (or at least bugs that are exploitable) and as their user base increases, exploits will appear. All that using non-M$ products gains you is time until exploits appear in the products you choose.

    Perhaps the thinking should change to using products that are reasonably secure (regardless of vendor) and using some common sens
    • by fyngyrz (762201) * on Sunday January 07, 2007 @07:22PM (#17502280) Homepage Journal

      Sure, everything is exploitable, but some things are a lot harder to exploit than others, and both linux and OSX are poster children for this. To imply that OSX is, or ever will be, as vulnerable to hacks as Windows is puts you well into the "disingenuous" category, I'm afraid.

      Microsoft would love everyone to think that OSX is just as vulnerable as Windows is, but the fact is, it isn't. It's a lot better organized operating system code-wise, and patches come swiftly and surely from Apple whenever anyone finds anything. Which is quite a contrast to Microsoft's approach, even if they do have a harder time patching Windows.

    • the reality is that EVERYTHING is exploitable

      Oh really? Is that why there's only been one remote hole in the default install of OpenBSD in more than 10 years?

      Sure, software has bugs. That doesn't mean that good programmers can't write software with less bugs. Further, it doesn't mean that they can't write their software in such a way that any bugs are unlikely to be security holes.

      • by leenks (906881)

        If you wrote an operating system that did nothing out of the box by default I'm sure you could make it bug free too ;-)

      • To be fair, a big part of the reason OpenBSD has only had one remote root hole (not one remote hole, by the way, they don't say how many remote-arbitrary-code-execution-as-an-unprivilege d -user holes they've had) is that, by default, OpenBSD runs almost no services. I think OpenSSH is turned on (it was responsible for the one hole), but things like Sendmail and Apache are not. They have had, for example, remote root vulnerabilities in Sendmail that are exploitable if you are running Sendmail for anything
    • by nurb432 (527695)
      The trick is to get the effects of an exploit to be nil.

      Sure, you can get in, but if you cant do any damage ( like a ROM based OS for example ) then its not worth their time.
  • by fyngyrz (762201) * on Sunday January 07, 2007 @07:16PM (#17502224) Homepage Journal

    May be? MAY be? MAY BE?

    <SARCASM>Sure, I have to worry about my Mac getting co-opted into a botnet 24/7, because we all know how many active threats there are to Macs! </SARCASM>

    Man, talk about "understating the case."

    The honest way to put it is that running Windows is the #1 way to get yourself into trouble. Adware, outright co-opting of your resources, virus problems... Windows boxes are insecure and risky, more so than any other machine, right out of the packaging.

    You want security and simplicity of use? Mac isn't just "an" answer, it is the *only* answer. You want security and not too worried about simplicity? Linux or a Mac. You willing to re-work of all Microsoft's incorrect settings, patch all the browser vulnerabilities, play the target role in the hacker version of whack-a-mole, reboot your PC every few days because MS has discovered another severe vulnerability in their spaghetti code? Buy a Windows PC. Endless entertainment for puzzle solvers who don't care about their data security or computer availability. Been there, done that, found the solution, not going back.

    • Buy a Windows PC. Endless entertainment for puzzle solvers

      Good point. This weekend's anecdote - you would think a current model Microsoft webcam would install easily on a up to date Microsoft Windows XP - I did and was wrong. Admittedly all it took in the end was a download of another version of directx instead of the one on the CD - but that took several hours on dial up on that computer. Installing stuff really is a puzzle sometimes - I have many examples but things are getting better as a rule.

      Most p

  • by PavementPizza (907876) on Sunday January 07, 2007 @07:18PM (#17502238)
    There's only been 9 comments on this story at the time of this writing, and yet the following tags are already up: "flamebait, nytfud, troll". These guys work fast, don't they? What's flamebait, trolling, or FUD about this article? Avoiding Microsoft products is a perfectly prudent move, if you can. Is it untrue to say that Mac and Linux users are safer on the internet than Windows users, or that Opera or Firefox users are safer on the internet than Internet Explorer users? Far from it. It's demonstrable fact.
  • Deep Freeze (Score:2, Interesting)

    by Anonymous Coward
    Our school installed Deep Freeze and all the virus/malware problems just went away. Basically, users can't install programs. If they try, the programs go away when the computer is rebooted. All the computers reboot themselves at midnight. So, a virus might last a few hours but it's gone the next day. A couple of years ago the network was down for a few days while the IT guys eradicated a virus. Since Deep Freeze there have been no such problems. I'm surprised that more people don't use it.
  • The article runs to five, short, selectively quoted, paragraphs. There isn't a lot of meat on these bones, nothing, really to raise the spirits of those posting here.

    The essentials, with emphasis added:

    Botnet programs and other malicious software largely take aim at PCs running the Microsoft Windows operating system, because Windows' ubiquity makes it fertile ground for network-based attacks.

    Using a non-Windows-based PC may be one defense against these programs, known as malware; in addition, anti-malwar

  • by straponego (521991) on Sunday January 07, 2007 @07:35PM (#17502396)
    Microsoft wants to empower its users, and everyone else, for that matter. Don't you see how convenient it is that MS products execute treat every piece of data they ever come into contact with, no matter where it's from or whether it's a video, sound file, Office document, image-- whatever!-- as an executable? It's just like how you pick up every piece of garbage you see and put it in your mouth because it might be food. That's the taste of Freedom!
  • by Progman3K (515744) on Sunday January 07, 2007 @08:03PM (#17502636)
    This is where the animated characters take on faces like donkeys and go "well, DUH!!!!!!!"

    On fark, They'd be paging Rick Romero...
  • by trawg (308495) on Sunday January 07, 2007 @08:04PM (#17502646) Homepage
    .... probably 80%-90% of the websites I visit REQUIRE me to enable scripting before I can use things like navigation elements, which are a little crucial. Some of the more lame ones (like http://www.channelgo.com.au/ [channelgo.com.au]) actually successfully load all the content, then it detects I don't have Javascript, and redirects me to a page telling me I need to reenable Javascript!

    I like the extra feeling of security I get using NoScript, but I'm pretty close to ditching it because the pain of having to enable and reload every website I visit just to do something like be able to click on an 'about' or 'FAQ' link is too much.
  • by MBC1977 (978793) on Sunday January 07, 2007 @09:01PM (#17503172) Journal
    but I've never had malware attack (trojan, virii, worm, spyware, etc.) that I have not done myself (and I've been using Windows OS computers since 1991). My computer has never been owned or any other stupid idiotic nonsense. Perhaps I know not to open unsolicited emails or go to websites I am not sure of... perhaps its just plain common sense.

    In otherwords, my question becomes where the hell do you (you being the individuals who've had these issues) go to get these problems? I want to actually see one for once, because I personally believe that its either a bunch of "bravo sierra" or the users truly have no clue on what to do (or not do) on a computer.

    I'm not saying Windows is necessarly better, as for my own personal knowledge, I'm cutting my teeth on Fedora Core 6, and hating positively HATING the fact I've had to do 4 installs (1 initial and 3 re-installs) just to get it up and running, but I'll try it because I always like being fair) but having said that I do not see really any viable alterative software that Linux provides that 1) looks as nice as Windows, 2) operates in a relatively simple manner -- this can be chalked up to my not knowing the system however, and 3) not having to touch the command line or reworking source code. EVER.

    In the end while I believe the author is well intentioned, for individuals who just want the computer to work (with a minimal learning curve), Windows is still the champ in that area (even though, some individuals / groups claim it makes it easier for malware authors to operate as well).
  • by Twillerror (536681) on Sunday January 07, 2007 @09:08PM (#17503234) Homepage Journal
    Windows really should have put out a new build of XP before releasing Vista. Just SP2 with a new installer that mimics Windows server 2003. If you've ever installed Windows Server 2003 it can be quite secure. It turns off all inbound connections until you can install patches. It turns off IE so you can't surf anything without explicity telling it you are ready to. Server 2003 was going down the right path, I'm not sure why they never ported some of these basics to a new XP back in 2004. I guess it's too late now.

    The last big Windows worm was quite a while ago. They are still alive thanks to the unaware. Windows has a lot of ports open compared to other machines mostly because it was designed to operate in a operate in an Active directory enviornment...and because RPC is overally relied upon. Yes you can get a virus delivered by email, but this is true of any OS where the user is running as root ( admin ( if the os even supports it ) ) and opens up an attachment. Windows users are bombared with viruses that Mac users get and can safely ignore...heck if you tried to run the exe it would just fail. Mail virsuses are getting less and less as well as email providers and spam firewalls are blocking them. A properly written virus ran on Linux or Mac OSx can get thru the protection. Linux and Mac OSx have had plenty of exploits to get a file install things.

    While other OSes interact with each other, they don't quite do it with the built in way MS does. This is good for the end user and bad for security. SMB setup has gotten a heck of lot easier on Linux in the last few years, but compared to Windows it'll never be quite as easy. There are products out there like Groupware, but Active Directory is by far the simplest and most useful for setting up a small to massive network. Thousands of companies use it every day to share files and get work done. Install a printer from the active directory isn't super easy, but I ca'tn see a Linux product comparing.

    Mac interaction with AD isn't that bad. I wish it had an Active Directory client from the get go, but my Mac users can print, share files, and a few other things okay. Nobody likes to mention that Windows file security is far more advanced then Linux's will be for quite sometime. The ability to permission a file to individual users at varying levels is absolutely crucial. It is a pain for my Mac users to have to remember their NT passwords and visit a NT machine to reset it every once in a while, but it is good enough so they can run Photoshop...with the Mac keyboard.

    I won't be suprised to see a mac mode in Vista sometime soon. It wouldn't really be that hard for Windows to stick the file menu up on the top of the screen when a Window takes focus.

    The fact of the matter that no ones wants to talk about is MS is becoming fairly secure if installed with it's patches and stuck behind a firewall. This is true of practically all OSes. The big problem MS has it that it doesn't update it's install disks and most of it's vendors don't update their freaking images. If I get a new Dell I would expect not to have to install a single patch that was over two months old, but alas they don't do that for you. Imagie you installed Redhat 3.0 and then put yourself on the network. I'm sure someone out there could right a worm for Redhat 3.0 right? There isn't one port in the default install with a buffer overflow issue? It be an interesting expierement to write worms for older versions of OSs and see how they take. My guess is that there are more Windows 98 boxes running today then RedHat 3.0 boxes ever ran.

    The point is OSx or Linux get the marketshare that Windows has you'll see 1000's of older versions of the OS. As it sicks MAC users generally upgrade fast, and Linux users are practically religous about it outside of the server scope. And on the server side it is likely the machines are protected via firewalls.

    The browser hole is getting plugged as we speak. Firefox, Opera, and IE are all plugging away. The big issues is that HTML and Javascript t
  • by GaryPatterson (852699) on Sunday January 07, 2007 @09:44PM (#17503496)
    Hmm... according to Secunia...

    OS X has 9 unpatched vulnerabilities of 87 listed, plus 1 partial fix. Oldest unpatched is Nov-2006.
    Win2K Pro has 24 unpatched vulnerabilities of 145 listed, plus 3 partial fixes. Oldest unpatched is Oct-2002.
    WinXP Home has 29 unpatched vulnerabilities of 154 listed, plus 3 partial fixes. Oldest unpatched is Sep-2002.
    WinXP Pro has 32 unpatched vulnerabilities of 169 listed, plus 2 partial fixes. Oldest unpatched is Dec-2002.
    Linux 2.6.1 kernel has 19 unpatched vulnerabilities of 107 listed, plus 9 partial fixes. Oldest unpatched is May-2004.

    My interpretation is that based on these numbers, OS X looks pretty good! Of course, this month of Apple bugs might see the numbers rise somewhat.
  • by Dark Coder (66759) on Sunday January 07, 2007 @09:51PM (#17503556)
    As someone who actually AM worried about impending javascript exploits carrying trojans, I have within my Firefox the following Add-Ons (which comes pretty close to perfect security), but still requires a modicum of user awareness during web surfing.... The following Add-Ons are good for Windows, Linux and supposedly MAC OSX.
    1. CookieSafe [mozilla.org]
    2. Adblock Plus [mozilla.org]
    3. Flashblock [mozilla.org]
    4. httpOnly [mozilla.org]
    5. SafeHistory [mozilla.org]
    6. SafeCache [mozilla.org]
    7. IDND [mozilla.org]
    8. Link Alert [mozilla.org]
    9. BlockSite [mozilla.org]
    10. Master Password Timeout [mozilla.org]
    11. no-referrer [mozilla.org]0
    12. NoScript [mozilla.org]
    Other useful support Add-Ons are:
    1. SwitchProxy Tool [mozilla.org]
    2. User Agent Switcher [mozilla.org]
    3. Adblock Filterset.G Updater [mozilla.org]
    For Linux users, I also have this useful add-on:
    1. MediaPlayerConnectivity [mozilla.org]
    • Re: (Score:3, Insightful)

      by jesdynf (42915)
      Links to pages rather than links to installer packages would've been about a million times more helpful -- although I suppose I /could/ just go ahead and click okay and install them without knowing what they do. d:
  • by t14m4t (205907) * <weylin.piegorsch@Nospam.gmail.com> on Sunday January 07, 2007 @10:53PM (#17504016) Homepage
    I've seen a lot of comments sugest the WIndows is easier to target because it has a larger marketshare.

    This is a BS argument. Here is one example of a program with larger marketshare but fewer cracks, both attempts and percentage successes:

    Apache [apache.org]
    IIS [microsoft.com]

    Just because it's a bigger target doesn't mean it's a better target. Windows is a good target because it's big AND because it has a shit-ton of security flaws. You need to be a security expert to properly safeguard Windows, and most people don't have enough security expertise.

    Weylin
    • by Vancorps (746090) on Sunday January 07, 2007 @11:40PM (#17504328)

      Your example is flawed as Apache is more targeted and more successfully hacked specifically because it is far more popular even though it can be much more secure. Link for your reading [theregister.co.uk]

      I know you want your opinion to be right but the logic and the math works. Accept it and move on.

      • Re: (Score:3, Interesting)

        by Blackknight (25168)
        Did you even read the page you linked to?

        Furthermore, we should see more successful attacks against Apache than against IIS, since the implication of the myth is that the problem is one of numbers, not vulnerabilities.

        Yet this is precisely the opposite of what we find, historically. IIS has long been the primary target for worms and other attacks, and these attacks have been largely successful.


        From my experience dealing with server exploits most site defacements aren't because of Apache flaws, it's insecure
    • by I'm Don Giovanni (598558) on Monday January 08, 2007 @12:37AM (#17504652)
      According to secunia.com, IIS6 is way more secure than Apache2.x. Hell, IIS 6 has a near-perfect security record. 3 flaws since it was released in Jan 2003, all fixed, none of them major. While Apache 2.x has had over 30 flaws, some critical, some unpatched or only partially fixed, during the same time period.

      So I'm not sure what your point was. I don't know which of Apache and IIS is targetted more often. And I don't know which would be a more lucrative target (Apache serves more hosts, but IIS might serve "wealthier" hosts regarding commerce). But Apache is no more secure than IIS, so if IIS is targeted more often, it's not because it's less secure, but for some other reason (like maybe anti-MS fanboy hackers target IIS to make a political point of some sort).

God may be subtle, but he isn't plain mean. -- Albert Einstein

Working...