Black Screen of Death Not Microsoft's Fault 583
Barence follows up to the ongoing Black Screen of Death Saga by saying "Microsoft says reports of 'Black Screen of Death' errors aren't caused by Windows Updates, as claimed by a British security firm. The software giant claims November's Windows Updates didn't alter registry keys in the way described by Prevx, which said that the Microsoft Patches caused PCs to boot with just a black screen and a Windows Explorer window. Microsoft is now blaming the problem on malware. Prevx has issued a grovelling apology on its own blog."
Comment removed (Score:5, Funny)
Re: (Score:3, Funny)
Re: (Score:2, Informative)
Re:malware... (Score:4, Informative)
Not really a surprise though. All the things I've read about Prevx come to just marketing their shit, somewhat like Symantec is. Not really a surprise they'll make shit statements like this and then just 'sorry' afterwards.
Re: (Score:3, Informative)
Unless you make above 500k a year, then he was the best president ever.
Re: (Score:3, Insightful)
Except, of course, when the roots of the problem can be traced back further than the year he's been in office.
Easy fix, or fixed easily? (Score:4, Interesting)
TFA says a piece of malware can knock out the null-terminator in a required string, which Explorer relies on to load properly.
While it's good to know that a simple problem can be solved quickly (and the root cause discovered, damn you malware), and it's also good to see that Prevx can apologize when the make a mistake-- but I have to wonder if Microsoft would have been attended to as quickly as they had had Prevx not complained as loudly as they did.
Re:Easy fix, or fixed easily? (Score:4, Interesting)
Historically speaking? no.
That said, MS is actually changing.
Of course, the root of this problem is the registry.
Re: (Score:2, Informative)
It's not really the registry per se; it's the fact that the Win32 API uses NULL-terminated strings while the underlying NT API uses Pascal strings. You can run into similar problems with the file system for the same reason. This dilemma can't really be fixed due to backward compatibility concerns, so this problem will continue to exist in all versions of Windows into the foreseeable future.
Re: (Score:2, Insightful)
How would this be any different if the configuration settings were stored in a flat file?
Re: (Score:3, Interesting)
Citation needed.
There is no problem with the registry in principal. Acting like their is just shows your ignorance.
There have certainly been implementation issues with the libraries to access it. There almost certainly will be more in the future.
This is no different than any library that provides the same sort of functionality.
The problem could be the same if we used ini files, or xml files, or some random file format.
The only thing the 'registry' actually is, is a set of defined API calls to access data.
Is that any better excuse? (Score:2, Insightful)
So, Windows 7 is much more susceptible to malware than previously claimed? This is the big win for Microsoft? Sorry, but if that large enough of a percentage of folks are experiencing the problem, then it's a real issue that MS needs to address. It sounds like they are just saying "not my problem", and forgetting about it. Meantime Windows 7 will be completely destroyed by the time it gets decent marketshare.
Maybe MS turned their attention to Windows 8 a little sooner than claimed.
Re:Is that any better excuse? (Score:4, Insightful)
Re:Second Edition (Score:2)
Microsoft kinda brings up the car analogy here; Like CalTrans, the highways will probably handle last year's traffic volume within the decade.
Re:Is that any better excuse? (Score:5, Insightful)
Any OS is susceptible to malware. Malware is what users explicitly run, and then it does bad things to their system. You can't secure against that, and no OS on the market today does that. You can pop up tons of prompts, but then it's the "dancing bunnies" problem - depending on how enticing the malware author can make it sound, the user can be convinced to click "Yes" on each and every prompt.
Re:Is that any better excuse? (Score:4, Insightful)
Since switching to Ubuntu, I have had no need to install weird things off the internet. I just go to Ubuntu's software repositories, and I can download thousands and thousands of pieces of software that have been tested just for my operating system. No malware, no viruses, no attention seeking software that wants to embed a brand in my brain, no nagging to buy additional products, nothing.
I consider it to be the case that my free OS does indeed protect me against malware, where proprietary offerings that cost hundreds of dollars more do not.
Re: (Score:2)
Re:Is that any better excuse? (Score:4, Funny)
Ubuntu protects you from malware in the same way that a Geo protects you from carjackers.
Re: (Score:2)
And here I was thinking that a post could never be simultaneously Flamebait, Insightful, AND Funny at the same time. Bravo, sir!
Re: (Score:2, Insightful)
Re: (Score:2, Insightful)
So you're saying that because you go to Ubuntu's repositories and download applications that you are secure from malware?
Pass the pipe sir, I think I need a toke to make sense of that.
Re: (Score:2)
Microsoft could create a repository of software that users could download but I can only imagine the screaming that would develop from all the 3rd party developers. When you have less the 1% of desktop market share and 3rd party companies don't have any money tied up in your OS, you can make repositories. Microsoft does give away free Anti Virus and Anti Malware and put in UAC. There is probably little else they can do.
Re: (Score:2)
I agree with the sentiment of your post; however, you and other Linux-distro users are fairly savvy when it come to the installation of software devoid of malicious intent. However, as soon as Linux is "ready-for-the-desktop" and being used regularly and widespread by female teenagers and grandmas alike, things will steadily go down hill from that point forward for Linux' rather clean history of being malware free.
Do I really need to point out that great adoption of any one OS will yield malware targeting t
Re: (Score:2)
Since switching to Ubuntu, I have had no need to install weird things off the internet. I just go to Ubuntu's software repositories, and I can download thousands and thousands of pieces of software that have been tested just for my operating system. No malware, no viruses, no attention seeking software that wants to embed a brand in my brain, no nagging to buy additional products, nothing.
On the other hand, this makes you susceptible to the "Google syndrome" - if it's not in your repositories, then it doesn't exist. That's a fairly limited world view, don't you think?
Also, while we're speaking about Ubuntu... I'm glad that they finally found the time to update the package for Eclipse to 3.5 in 9.10, but for the previous 5 (!) major Ubuntu releases it was stuck at 3.2 [launchpad.net] (so in 9.04, it was 2 versions behind upstream out of the box). The result was that virtually everyone who needed Eclipse on U
Re: (Score:2)
Don't blame the software for stupid users.
Re:Is that any better excuse? (Score:5, Insightful)
Some folks don't mind being given the freedom to determine what is going to be bad for them and what is going to be good for them...and some folks want their hands held for them. Linux does give you both options, it just makes it a PITA for "ordinary folks" to do it one way and thus, guides them into the repos.
Microsoft announcing that they'd be the absolute gatekeeper for software installs would probably be like dropping an atom bomb on a lot of legitimate software companies along with a lot of illegitimate companies that produce badware. They had a little experience with this already, what with Palladium and Trustworthy Computing. Didn't go over too well, did it?
Re:Sure it does (Score:5, Insightful)
Actually you can, to some extent. Anything the user runs on OS X for the first time after download issues a warning, and then you need an administrator password beyond that to modify the kinds of system level files we are talking about here.
Vista/7 do both things (warning about launching of binaries that originate from the Net, and requiring a confirmation to elevate to admin) as well. This doesn't solve the "dancing bunnies" problem, however, which is the source of vast majority of infections out there. Why bother with security vulnerabilities at all, if you can trivially convince the user to run the payload himself, and click through all the prompts?
The base issue is that in Windows 7 Microsoft weakened UAC, so even if you have it disabled a program can do some system level things without warning if you are logged in as administrator.
The "weakened" UAC in 7 doesn't let any random programs do any system level things without warnings. The only thing that's weakened is that certain (effectively whitelisted) programs that come with OS can change system settings without elevation - most notably, built-in screens in Control Panel.
Re:Is that any better excuse? (Score:5, Informative)
DId you rad the link? this is not being reported by very many people at all.
And in fact, it isn't their problem.
Re:Is that any better excuse? (Score:5, Insightful)
Just out of curiosity, shouldn't Microsoft be responsible for ensuring that only valid data makes it into the registry? If this is the core information source for the system, it would seem that there should be checks in place, at the OS level, that prevent changes to core items.
Re: (Score:2)
Re: (Score:3, Insightful)
KB976036 has conflict with Comodo Firewall (Score:2, Interesting)
We have a bunch of machines that can't properly shut down after this update (time zone update) is applied. It takes me few hours to isolate this thanks to some instant recovery software.
Re: (Score:2)
Prevx had pointed the finger at, but then exonerated, KB976098 and KB915597. Are you sure that you mean 976036? MS' site doesn't seem to know about it.
Re: (Score:2)
Comodo is not only a firewall but an excellent intrusion prevention system (bundled with a crappy antivirus). It *is* a great product to have for free and it is not comparable to a hardware firewall. The point of Comodo is to prevent new executables from performing malware related activities (such as monitoring the keyboard) or even running without your permission. Of course its also a firewall. But Comodo, unlike the built in Windows Firewall, won't let applications change its rules without user interventi
Groveling? (Score:5, Insightful)
Since when does apologizing to someone for your own baseless accusations amount to "groveling"?
From the post in question:
Having narrowed down a specific trigger for this condition we've done quite a bit of testing and re-testing on the recent Windows patches including KB976098 and KB915597 as referred to in our previous blog. Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor
. . .
We apologize to Microsoft for any inconvenience our blog may have caused.
Wow. Way to kiss ass.
You know what would be even more pathetic and embarrassing than this kind of "groveling"? Standing behind claims that you know to be false.
Re: (Score:2)
Maybe when you can get sued so bad that your business dies. Would you grovel then? I thought so.
Re:Groveling? (Score:5, Insightful)
So what's your point? Mine is that apologizing != "groveling." If more IT types could learn how to admit they're wrong gracefully, the world would be a better place IMHO.
Re: (Score:2)
Did you even read his posting ?
Do we have to be nasty? (Score:5, Insightful)
Grovelling? How sad it is that an honest apology gets an insult. If you find "We apologize to Microsoft for any inconvenience our blog may have caused." as grovelling, then I feel very sad for you and your vision of how people should relate to each other.
Re: (Score:2)
Yes, that's why data centers are administered by professionals.
Let your average user inside a data center and you'll see what happens.
Re: (Score:2)
What I don't understand is why people aren't still ripping Microsoft for this. They make software with an exploit that can prevent your PC from booting
You're kidding, right? Go rm -rf /etc, /boot, /etc/password, or /etc/shadow and see what happens.
I don't understand why people aren't ripping on these stupid Linux distributions have such easily exploitable flaws!
Users with root/administrative privileges can preform (directly or via a software proxy) destructive actions to their operating system. This is not
Re:Do we have to be nasty? (Score:4, Insightful)
And my automobile (sorry, obligatory automotive analogy) has a steering wheel that allows me to turn the car toward pedestrians and kill people. This happens far more frequently, and has been happening since before the computer was even invented.
The PC was invented because people wanted to have a computer under their control that they could load anything they wanted to. Trick someone into thinking that the cute little fluffy sheep walking around on their screen is something they want, and they'll install it, and they'll answer the "Do you want this program to have access to core system functions?" and they'll have no clue what a core is except they don't own an Apple, and they'll say "sure, whatever it takes to just stop bothering the piss out of me and show me the fuzzy sheep".
The only way to really solve the problem is to prevent the computer from executing anything until it's been signed by a local administrator. And then the average "computer is appliance" user is going to click the "allow everything forever" button because they just want the poppy things to get out of the way of loading their new fancy cursor or BonziBuddy.
The user can control the computer, or they can't. If you give them control, they can and frequently will load things that will cause problems. If you don't give them control, they'll take it back to Wal-Mart because it can't do what they bought it for.
I intend no insult to inexperienced users here. It would be nice if computers were designed to slowly unlock functions as people get more experienced and knowledgeable with the operating system, but that just ain't gonna happen. Like ladders, chainsaws, hammers, and lathes - there's only so much safety you can design into something and still allow someone to get the work done they want with it.
System Registry (Score:5, Insightful)
Maybe one day Microsoft will get rid of the Windows Registry. It's like putting port holes on the bottom of your boat. Sure, they let you see the fish, but sooner or later one is going to break and sink your ship.
The Windows registry has always been a bane of Windows use since it's inception.
Re:System Registry (Score:5, Insightful)
What do you want them to replace it with? hundreds of .conf files scattered randomly about the filesystem, with no standard format? That will be much easier for the user than a centralized, standardized configuration system.
Actually yes (but no). OS X is an excellent model (Score:5, Informative)
What do you want them to replace it with? hundreds of .conf files scattered randomly about the filesystem, with no standard format?
After having used Linux and Windows and OS X systems for years, OS X does this right.
Yes there are "hundreds of conf files". But they are not scattered around, they are all in ~/Library/Preferences.
And they are usually named via the company name + app convention, like com.apple.mail.
And as opposed to being in "no standard format", they are all plist files (which are basically XML).
So it's easy to find where they are, easy to figure out what plist file belongs to what, and easy to edit or remove them as needed. If there is corruption (which I have never actually seen in practice) it would be limited to a single file - and an app encountering a preference file it could not read would simply replace it with a new default version. You would at worst lose a few custom settings for one app - and even then only as long as it took you to pull a backup of that single file out of Time Machine, since it's easy to restore the preferences for a single application from any backup.
However, I have to add that even if you went with a Linux system where the conf files are scattered all over in many different forms, I can say with confidence it is still 100% better than the nightmare of the registry. In practice the files are very easy to edit regardless of format, it's really only the question of the location that gets annoying.
Well, no registry cleaning to begin with (Score:5, Interesting)
I have 700-800 plist files in my Preferences directory. All those widgets I tried, apps I installed, removed, run one time.
It must be like 1 line of command on Terminal or basic "Finder" order by date to find the old/unneeded ones and delete them but I don't bother. Why? Because it has zero effect on OS X. OS X wouldn't really care if there were 1000000 pref files there since it is not its business to maintain them let alone read them.
On Windows, while I hate the idea from the beginning, if you don't clean up your registry, OS will do it for you. Last time it was like 20% overhead required to clean it up at boot. If you get enough junk on that already huge, complex file, it will effect the entire performance of system. Windows _has to read_ that gigantic database to function and find its way in it.
ps: Now you understand why Windows technical user switchers insist on having "uninstall tool" or be amazed at "no add remove programs" on OS X? They generally think having redundant, old files, needless files will somehow effect their system. You can even add "universal binary haters" to that camp. I don't blame them, I blame Windows.
Re: (Score:3, Insightful)
Yes! Because that is the *nix way! It has been around for 30+ years so we know it is the best way evar! /sarcasm
Re: (Score:2)
Do it the Mac way. Standardized XML format (property lists) stored in a standard location (~/Library/Application Support/ApplicationName). Each app has its own file to work with, and completely removing an app and its detritus is as simple as trashing the folders.
The registry was a bad idea from the start. I imagine MS wants to get rid of it, but it has become too entrenched and backwards compatibility requires it to still be around.
Re: (Score:3, Insightful)
Re:System Registry (Score:5, Interesting)
The reason why the registry exist is that the filesystems on Windows OS' have historically been lock on read (more than one program using the same file at the same time is a no-no.) Meaning that having a place where this was not the case was VERY meaningful to lessen access bottlenecks, thus enter the registry.
Having hundereds of conf files in /etc or having them in a registry "hive" is "same same but different" that's ALL. Gnome has a form of registry hive as well... organizing data whether being direct in the filesystem or special filesystem (DB or what have you) is the same.
I have to say that it is easier to edit a config file with vi/edit/ed/sed IF one knows where to go. Regedit command line tools sure... GUI... not efficient... Gnome registry either conf-editor or command line... I personally stick to CLI.
I agree that Windows should "drop the registry..." but only because they should drop the ancient approach of their locking behavior on the filesystem... this would also cure the reboot till you drop at update times. Later OS-X versions have started to reboot machinery after updates just to be more like Windows because that's what users EXPECT. It is painful!
false dichotomy (Score:2)
hundreds of .conf files scattered randomly about the filesystem, with no standard format?
False dichotomy. Why did you present the conf scenario as files with no standard format? They could be, and most likely would if it was presented as a replacement for the registry. Be intellectually honest, and present the option of a *de*centralized, standardized configuration system.
Re: (Score:3)
/etc
($HOME)/Library/Preferences
Please, enough really... Especially on Mac. Mac _always_ had Preferences in some sensible place, even in Pre OS X times.
If you want to trust your entire settings to a single bulky file which is also known to fragment&get redundant over time, it is fine but please stop this "random files" bullshit... No, nothing is at random place. Especially on OS X. Put your .plist file to some "random" place and see what happens.
Re: (Score:2)
"What do you want them to replace it with?"
Two registries. Number 1 for the system settings. Locked down. Number 2 for apps. This also makes it backwards compatible.
Are you saying "two wrongs make a right"?
Re: (Score:3, Insightful)
Agreed. I have been saying this since it was announced.
Yes, they need a place to put shared data, but nothing that is critical to the operation of an OS or application should ever be put there.
Re: (Score:3, Insightful)
Not to rain on your hate parade, but in addition to the comments about the CONF files, the registry also makes Windows much easier to manage on an enterprise scale.
I can create an application, put its settings in the registry, and boom -- I can manage it through an MMC for thousands of computers with only the creation of a policy template to change settings.
The misunderstanding of the registry's use is always what people hated about it, sadly.
Same difference (Score:4, Insightful)
I can create an application, put its settings in the registry, and boom -- I can manage it through an MMC for thousands of computers...
If you can control one file, you can control many. Which is why a separate preference file per app would work just as well. Only moreseo because a user HAS to be able to write to the registry, where you can totally lock down a single file. Yes I know you can theoretically lock down sections of the registry but that to me seems like a weaker system, not to mention the danger of registry merges corrupting something.
Re: (Score:3, Insightful)
Re: (Score:2)
Not to rain on your hate parade, but in addition to the comments about the CONF files, the registry also makes Windows much easier to manage on an enterprise scale.
I can create an application, put its settings in the registry, and boom -- I can manage it through an MMC for thousands of computers with only the creation of a policy template to change settings.
The misunderstanding of the registry's use is always what people hated about it, sadly.
Because its nearly impossible to edit a file remotely through scripting. Right..
Besides if Microsoft went this route they would modify the interface so you could still use policys to edit it just as you always did.
Re:System Registry (Score:5, Informative)
Maybe one day Microsoft will get rid of the Windows Registry. It's like putting port holes on the bottom of your boat. Sure, they let you see the fish, but sooner or later one is going to break and sink your ship.
The Windows registry has always been a bane of Windows use since it's inception.
Because Malware would clearly have trouble modifying the config files that would be used instead?
Re:System Registry - how it ought to work (Score:4, Insightful)
Actually, the Registry is a good concept. The Registry is just a file system for little data items. The trouble is that any application can write to any part of it. It lacks a security model. (Yes, you can attach security restrictions to registry keys, but nobody does this, because Windows 95 didn't have that, [microsoft.com] and applications didn't have support for it.)
The big problem with Windows security is Microsoft never put a security model in place under the concept of program installation. The way this ought to work is that there should be several classes of things one can install. Call them "applications", "plugins", "middleware", and "system modifications".
Installers of "applications" should be limited to writing to the application's subtrees in Program Files, Documents and Settings, and the Registry. Uninstalling an application consists of removing those subtrees. Applications cannot install anything that runs at startup or runs periodically. Most programs (especially games and entertainment apps) should be applications. Under these restrictions, installation of applications is relatively safe, and should be allowed with Power User privileges.
"Plugins" are sub-applications which affect one application. They go in their own subtree under the appropriate application. The application controls their installation, and they can't do anything the application can't do. Browser plug-ins fall in this category if the browser is an "application". If the browser is "middleware" (IE is, but Firefox is not), more privileges are required.
"Middleware" is programs run by other programs, like Java. Changing middleware can affect multiple applications, so that requires more privileges. Code signing is appropriate.
"System modifications", which modify the OS itself and may require a reboot, should require both code signing by a clearly identified party and administrator privileges to install.
Of course, if we had something like that, app developers would bitch that they couldn't load their "phone home for update" service or "prelauncher". Tough. You don't really need to know if ZowieApp needs an update until you run ZowieApp again. And if your app needs to be "prelaunched" because it loads slowly, maybe the problem is that it loads slowly.
Re: (Score:3, Interesting)
And /usr/local/etc /usr/local//etc, /usr/local//conf, /usr/local//data...
and
Comment removed (Score:5, Funny)
Malware, still? (Score:2, Insightful)
In other words, this problem will never be solved until people finally get over the baseless notion that they need administrator rights to check their email and read the news online.
Re:Malware, still? (Score:5, Insightful)
In other words, this problem will never be solved until people finally get over the baseless notion that they need administrator rights to check their email and read the news online.
Not quite...
Were those the only applications required, the notion would indeed be baseless, but...
There is still a huge raft of Windows software that will not perform properly without admin rights. Until that is fixed, the problem will never be solved.
Even that won't solve it (Score:2)
Two reasons:
1) Malware can be plenty problematic on just a single user's account. After all most people aren't running multi-user systems. For them, the system is their data, their account. As such even if the malware can't infect the whole system, infecting their account is all it needs to do. The only consolation to that is that virus scanners could remove it easier, but then that presumes they'll bother to run one.
2) People will give the malware admin permission. By default, Windows Vista and 7 make nobo
Crock of shit (Score:2, Interesting)
How is malware not microsoft's fault? (Score:2, Interesting)
Perhaps if their operating system properly separated and sandboxed applications, malware
would have a harder time crashing the whole OS?
Just a thought. Last time I checked my watch, it was 2009, and we've known how to do
that sort of OS design for probably two decades now.
Re:Really? (Score:5, Insightful)
When users are happy to type "sudo rm ...", it doesn't really matter how impervious the system is.
Re: (Score:2)
Re:Really? (Score:5, Insightful)
Does the sudo part really matter anyway? The most important files on my system are those in my home directory and they're owned by my own user account, thus no privilege escalation is required to touch them.
Having great security around the base OS is a good thing but if you don't also provide good security for the users' files, it's kind of like getting a bunch of guards to protect a bank but leaving the vault in an unprotected building next door.
On the other hand, I really don't want to have to deal with UAC/sudo/etc. every time I edit one of my own documents, so it's kind of an unwinable situation that only good backups can protect against.
Re:Really? (Score:4, Funny)
so, is that why
$ touch ~/privates /home/some-other-user/privates
works, but
$ touch
gives me a rights error!?
Re: (Score:3, Informative)
Does the sudo part really matter anyway? The most important files on my system are those in my home directory and they're owned by my own user account, thus no privilege escalation is required to touch them.
Furthermore, running with no special privileges you can still:
- Start a process on an unprivileged port (>1024)
- Establish a connection to another system.
- Put a process in the background so it'll still run after you've logged off.
- Subject to permissions, write to network-mounted filesystems.
- (depending on cron configuration) Set up a process to run periodically without leaving anything tell-tale to the casual observer in the output of ps unless by sheer blind luck they hit ps when your process is exec
Re: (Score:3, Insightful)
You are forgetting that Linux is multi-user. When you do stupid things, like run a trojan because it will give you free midget pr0n, I don't want my files, or the OS upon which I am running molested by your new midget friend.
Newsflash (well, more accurately, "Oldsflash"). The world is no longer filled with green-screen trminals connected back to a central, professionally managed mainframe. The vast majority of computers in the world are single user, even though they are running multiuser OSes.
Also,
Re:Really? (Score:5, Informative)
Re: (Score:3, Informative)
In fact, that's one of the main advantages of *nix over Windows. The reason that you have to re-boot windows so much during installations is that you can't delete / replace files while a process is accessing them.
In *nix you can delete a file while a process is accessing the file, and the process continues to see the file until it finishes, while other, new processes can't see the file.
Of course, once I started a five-hour database export job, then deleted the target file without realizing it, and after the
Re: (Score:2, Funny)
When users are happy to type "sudo rm ...", it doesn't really matter how impervious the system is.
I get "rm: cannot remove `...': No such file or directory"
However, I'm just trying "sudo rm ../." though and it s
Re: (Score:2)
openSUSE 11.2 ships with AppArmor and is stable today.
It is a very capable OS and extremely secure.
I'll even give you a free copy. Just don't tell anyone.
http://download.opensuse.org/distribution/11.2/iso/ [opensuse.org]
Re:Really? (Score:4, Insightful)
Its the users, not the OS (Score:2)
Maybe if Windows was a little more impervious to malware, they wouldn't have this problem.
As much as I hate to come to microsoft's defense, this problem is at least as much the fault of the user. Think of the windows users you know - how many of them log in to their computer with full uninhibited administrator rights every single time they user their computer? The vast majority of malware, rootkits, spyware, viruses, etc that plague windows so severely are completely dependent on having administrator rights. If windows users would join the rest of the computing community in the present centu
Re:Its the users, not the OS (Score:4, Insightful)
There are several linux distros that won't let you log into gdm/kdm as root. Windows was designed for users to login as administrators.
Microsoft is trying to change that mentality with Vista and 7, except too many applications are having issues with UAC. What Microsoft should have done is said, "you're not allowed to claim your application works with Vista and 7 unless it behaves nicely with UAC."
Even better, it should be following a proper UNIX-esque security model. It could create users/groups for specific escalation. Apps shouldn't ask to escalte to administrator level. They should ask only to escalate the rights they specifically need, such as writing to C:\Program Files\Foo\.
Microsoft is happy to blame the users, but it is Microsoft who established the industry standards. They set the table. They tell the users how to use their OS, and they tell developers how to develop for their OS. If Microsoft shipped a more secure design from the get-go, we wouldn't have as many issues. I'm sure malware authors would still target the market-share king and eventually find chinks in the armor, but right now it is so easy to target Windows that every script-kiddie on the planet pulls it off with ease.
Re: (Score:2)
it is Microsoft who established the industry standards. They set the table. They tell the users how to use their OS
Although I'm not certain aboutthey tell developers how to develop for their OS
Because there is a great deal of heterogeneity regarding the rights requirements for applications in Windows. Plenty of very good applications do not require administrator rights, while others (including others for the same purpose) do. Unfortunately because for a long time all windows users had full administrator rights, it became a fundamental assumption amongst some
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Windows was designed for users to login as administrators.
I have to disagree with this. That might be true for the 9x line, but Windows 2000 and beyond has the structure to allow users to log in as normal users with their own environment. HKCU is their own personal registry hive and they have their own 'home' folder at %userprofile%.
The real problem is programs are not built with this in mind. Installers have been designed to put files, by default, into C:\Program Files and HKLM\Software rather than %use
Re:Its the users, not the OS (Score:4, Informative)
When performing a Windows 2000 or XP install, it prompts you to name a user, which is an administrator account.
So it is designed by default to log you in as an administrator.
Re: (Score:3, Insightful)
You are confusing designed by default with default behaviour. They are two different things. Default behaviour in the Win2k/XP timeframe was poor - Vista & Win7 change this.
I also suggest that you read the Windows 7 logo program requirements: http://go.microsoft.com/?linkid=9668061 [microsoft.com]. One of the guidelines is around proper behaviour with UAC, and another is around programs putting data in the right place.
Comment removed (Score:5, Informative)
Re: (Score:2)
Someone correct me if I'm wrong, but Windows defaults new users during setup to full administrators. There isn't an option to change it during the installation.
How is this the end users fault?
That's a terrible answer. If you have a user who knows no better, then the design of the OS should be changed to prevent simple mistakes. Blaming the user is foolish.
To be more generic, safety standards are designed to prevent accidents, regardless of and with full knowledge of a persons likely mistakes. An OS should b
Re: (Score:2)
Microsoft is suffering the fruits of it's previous bad behavior.
Now they have this overwhelming legacy issue.
This is why you don't do stupid things to begin with and then fix them as soon as you can as soon as you realize what you've been doing wrong.
Suffering the fruits! (Score:2)
Maybe it's because I haven't had my coffee yet, but reading this, I almost bust a gut. All I can think of is that scene in Time Bandits [slashdot.org] where Michael Palin and Shelley Long are in the middle ages and have been held up by the band of midgets and tied to a tree, and Palin begins shouting,
Suffering the fruit! Hee hee!
Cheers,
Re: (Score:2)
As much as I hate to come to microsoft's defense, this problem is at least as much the fault of the user.
One of the biggest failings of computer security is this idea that figuring out who can be blamed is part of it. It doesn't matter whose fault it is, just that the security has failed. Heck you could create Linux distro that prefaces every command with a warning that taking any action might result in the computer being compromised. Then it's the users fault, right? It's absurd. You have to take normal user behavior into consideration when designing a security architecture.
Think of the windows users you know - how many of them log in to their computer with full uninhibited administrator rights every single time they user their computer?
Most of them because most Windows
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
"Please, Stop Defending Microsoft"
i'm defending objectivity and reason.
"Linux distros do this. In fact, much of the same code runs multiple processor platforms with great success."
By what measure of success? Effectiveness, sure. But what is the market share of all the Linux distros put together? What is the ratio of Windows to Linux boxes globally or in the US?
"This is not a valid reason to forgive Microsoft."
Says you. You're omitting how many devices don't work on Linux due to a lack of drivers or simp
Re: (Score:3, Insightful)
Re:" Microsoft is now blaming the problem on malwa (Score:2, Interesting)
I asked for them to get rid of the BSOD, they got rid of the BSOD -- that's Windows 7.
Re: (Score:2, Flamebait)
To the rabid anti-Microsoft crowd, any apology is "groveling", regardless of who was wrong.
Re: (Score:2)
Well, if it's that obvious, then your post should be rated -1 Redundant...
Re: (Score:2)
Can you cite where they said that? I've seen "most secure version of IE" and "most secure version of Windows" but I've yet to see "most secure product on the market."
Re: (Score:2)
So, don't run Windows with administrative privileges either. It wasn't easy in the early years of Windows 2000 but it is very easy now and almost all major applications work in restricted user privilege level.