Microsofts secret files....is it right?

[Capt.Ridley_s_Shooting_Party]

Ever watched a new user try to install Linux? Yeah right.

Yes, I have. Suse Linux 8 Pro installs quicker and with less hassle than Win XP, Win 2k, Win 98 and Win 95. It auto detects the Windows partition (if present) and resizes it for you. It then goes about installing itself in a similar fashion to Windows, apart from the fact that on my machine at least Linux detected and correctly identified all my hardware, automatically installing the relevant drivers (apart from my WinModem, natch), which, sadly, I can not say is true of the “more user friendly” Windows.

The best you can say for Linux is, “yeah, it works i guess”.

What modern Linux have you used?

[D.E.S.K.Top668]

No comment on the OP, except to post a link to an article about Windows Hidden Files so those who don’t know about them can find out. Please note, the site’s name uses the F-word, be careful accessing at work.
As pretty much a computer moron, I respectfully request that this not degenerate into an OS debate. I’d be interested in learning more about the possible reasons Microsoft could have for doing this.

Peace-DESK

[rjung]

*Originally posted by alterego *
Microsofts staff of 25,000 tests retests and triple tests every piece of software that goes through.

That sound you just heard is 300 million Windows users reading your post and laughing at your ignorance.

I gay-run-tee that if Linux magically had the market share that Windows currently has - it would collapse from the pressure of hackers and its non-user-ability.

And what computer science credentials do you use to “gay-run-tee” that prediction with, son? Because from where I’m sitting, you’re talking FUD out of your hat.

Originally posted by D.E.S.K.Top668
As pretty much a computer moron, I respectfully request that this not degenerate into an OS debate. I’d be interested in learning more about the possible reasons Microsoft could have for doing this.

Gathering information about your personal preferences to sell to marketers comes to mind.

[Netbrian]

*Originally posted by Tejota *
**These files are only hidden from GUI users. For the very good reason that anyone who is using the GUI doesnt’ have any business messing with these files.
**

I’ve never understood why prefering one way of interacting with one’s system over another makes one inferior or computer illiterate.

[LostOne]

Wow… talk about FUD…

As tourbot so kindly explained… the gnu.org root was not a matter of ‘inferior sysadmin’ but a matter of an exploitable situation. Of course… if the people at gnu.org can’t make a linux system secure WHO THE HELL CAN!!! They are the center of the entire movement… more so then linux itself. This is akin to microsoft.com being rooted. RMS didn’t try to sweep it under the rug or blame a lame sysadmin, the readme clearly states the vulnerability used, I see no reason why we should try to blame anything but the software itself.

*Originally posted by alterego *
rjung, your kidding right? Microsofts staff of 25,000 tests retests and triple tests every piece of software that goes through. I’d say its safe to say that just one of Microsofts OS’s, Win XP for example, has already endured a longer and more complete test life than Linux has in its entirety.

Excuse me if this sounds rude but this has got to be one of the silliest things I’ve ever heard. A brand new OS based on the Win2k kernel has had a longer more complete test life then linux? Where do you get THIS from? Linux has been around for some ten years now, far longer then 2k and XP. As for complete… you realize that we have THOUSANDS of users who aren’t just using linux… but are reading the code line by line. Thats pretty damn complete if I do say so myself. If you read the link I gave you’d realize the hole that allowed gnu to be rooted lasted A WHOLE WEEK! That’s a very quick turnaround. It’s incorrect to say linux is totally secure… but it’s foolishness to claim it isn’t secure at all. Indeed it is still more secure the WinXP… not enough to be religiously so, but alas the facts remain.

Indeed it is true that as more users migrate to linux we will see exploits worms and viruses increase. It is also true that admin ability is a huge factor and as more ‘desktop minded’ users switch to linux the exploitablity will increase exponentially. This will make it a lot less safe then it is now, but to say it will be less secure the WinXP is stretching reality. Linux STILL has a more complete testing process with a bigger emphesis on security. It still has an architecture designed with security as a priority. And it still has kernel hackers staring at every line of code and actively trying to hack it solely to make it unhackable.

**I gay-run-tee that if Linux magically had the market share that Windows currently has - it would collapse from the pressure of hackers and its non-user-ability. **

Gee… Windows hasn’t collaposed from the pressure of hackers… why do you expect linux to? You’re assuming that at it’s heart Windows is more secure and just a bigger target. This is incorrect, and if you’d like to argue otherwise bring some evidence. More users will give us more bugs per exploit but it won’t give us more exploits, and linux still has a ways to go before it can equal windows on that score.

Furthermore, as mentioned… linux installation and use just isn’t as complicated as it was a few years ago. A Mandrake install isn’t harder then a WinXP install and setup is about the same. Anybody who says otherwise clearly hasn’t tried it recently enough to have a valid opinion. Hell I use slackware and I STILL don’t have to compile a kernel if I don’t want to. As for setup… yes some users won’t know what they’re doing and won’t lock down their system. This is quite common in the windows world and it will spread. Luckily for the linux users their OS is designed so that insecure services won’t necessarily lead to an insecure root. Yes linux will suffer more as time goes on, anybody who claims linux is the answer to your problems is lying. But to claim that it is less secure the windows is going to take some proof duder…

In the end… as we all know, a secure system is not about linux or bsd or winxp or apt-get or windows update… it’s about having an admin who knows what s/he’s doing. A properly setup firewall will do you more good then an OS switch. Linux does have an advantage in that the updates come a lot quicker… with windows we have to wait for Microsoft to a) admit there’s a hole and b) fix it for us. Of course if said linux user doesn’t bother to apply those quickly received packages then my bets go on the Win2k user who does. This is the stupidest damn argument on the internet… so forgive me if I bow out now. I don’t care what you use, I just hope you use it well

[rjung]

And in a related vein, here’s a layman’s explaination of why a UNIX-based operating system (such as MacOS X or Linux) is harder to exploit than a Windows OS.

[Nomadic_One]

Good ol’ OS debates… Well for a while I had a dual boot with 98 and Red hat and I eventually switched back to just 98 (now i have xp), because linux although good for the hard core programmers and the like, was not what I was looking for at the time. I like linux for programming not for everyday use. I hope to get back to the question at hand as the ethnic basis of Microsoft putting folders such as these where the everyday user gets a false sense of security.

[SPOOFE]

That sound you just heard is 300 million Windows users reading your post and laughing at your ignorance.

Of course… because if Rjung makes a statement about operating systems, it’s infallible gospel. :rolleyes:

Are you claiming, then, Rjung, that Windows doesn’t put its software through ANY testing at all? Wouldja care to provide a cite?

[rjung]

*Originally posted by SPOOFE *
Are you claiming, then, Rjung, that Windows doesn’t put its software through ANY testing at all?

No, son, put your strawman away. I’d certainly love to see a cite from alterego about how Microsoft “tests retests and triple tests every piece of software” they release, though. Maybe you should ask him?

Wouldja care to provide a cite?

Here’s something to ponder, SPOOFE: Back at the beginning of 2002, Microsoft – in an attempt to prove themselves dedicated to computer security – stopped all software development for two months so everyone could focus on security and make their products secure. For two months, 9,000 geeks in Redmond did nothing but poured over their source files, squashing security problems like a Qaeda on a runaway jhiad. And after that effort was done, Microsoft stood up, beamed to the world, and declared that their stuff was absolutely secure and bug-free and we could use their products without any worries whatsoever.

And we all get smacked with the SoBig.F virus anyway. :smack: Or, as The Inquirer puts it, “Microsoft cerebrates fifteen years of poor security”

You want a cite for sloppy programming and insecure bugs in Windows? Pick up a newspaper.

[Ms2001]

The vulnerability that SoBig.F exploits is one that exists between the chair and the keyboard: Some people, apparently, are addicted to clicking on attachments. Blaster/LovSan would be a better example.

[alterego]

rjung if I send you a trojan through e-mail and you are stupid enough to open it is it suddenly Microsofts fault?

[mecaenas]

*nix fan-boys always miss the point and get sidetracked by arguing about stability or security or whatever, thus proving why their favourite OS is doomed to insignificance on home users’ desktops. *nix is fast, stable, blah blah blah if your time is totally worthless and you enjoy battling with your computer to perform everyday tasks. Most people have more to their lives than tinkering with every little annoying piece of crap in their computer, they just want it to be easy to do what they want; most people don’t care about the things that the fan-boys are harping on about.

How do I know this? Where’s my cite? I don’t need one. Windows is easy to use and *nix is harder. Microsoft has the lion’s share of the market and *nix doesn’t. Enough said.

[Dreaming_of_Maria_Callas]

*Originally posted by mecaenas *
***nix fan-boys always miss the point and get sidetracked by arguing about stability or security or whatever, thus proving why their favourite OS is doomed to insignificance on home users’ desktops. *nix is fast, stable, blah blah blah if your time is totally worthless and you enjoy battling with your computer to perform everyday tasks. Most people have more to their lives than tinkering with every little annoying piece of crap in their computer, they just want it to be easy to do what they want; most people don’t care about the things that the fan-boys are harping on about.

How do I know this? Where’s my cite? I don’t need one. Windows is easy to use and *nix is harder. Microsoft has the lion’s share of the market and *nix doesn’t. Enough said. **

So essentially, you’re saying that the vast majority of people are ignorant of computers and not willing to learn. Duh. *nix users understand that. We also understand that that is a bad thing. Windows has the vast majority of the market because it allows users to remain ignorant. *nix at least teaches users new things about how computers function everyday.

UnuMondo

[E-Sabbath]

Lion’s share of which market, mecaenas? There are a few. But that’s not important.

Windows is inherently, as currently used, less secure than Linux/Unix family systems because of how the associated programs work.
A Unix operating system runs with something called privledges. There are many subtle shadings of those, but the basic breakdown is user and administrator. Users have access to some but not all files, like the core operating system files. Administrators can manipulate anything. Unix programs are designed to run in user mode. You may need to shift to administrator to install them, but you will know when it happens.

Since NT4/2K came out… okay, since NT came out, but it wasn’t usable till 4, the potential to run a Windows OS like that has been possible, but it has not been practical without much hard effort, as most major programs for Windows, down to and including Office, request adminstrator mode to work properly.

(Office, for example, has to reinstall itself, every time you switch users on the machine. Need admin for that)

Win98 and earlier machines, with the DOS underpinning, are always in administrator mode.

This means that once someone accesses your system, they control your computer. With Unix, they have to crack into administrative mode first. This is much harder. With Windows, all they have to do is exploit your browser or a running service.

Pretty simple, when you get down to it.

Today’s Fun and Educational Tool for Windows Users: In order to make yourself immune to .vbs “e-mail” viruses, all you have to do is change their default behavior. Right now, they’re set to run whenever you double-click on them. That’s bad.

For 2K and XP, what you need to do is: Open My Computer. Tools. Folder Options. File Types. Scroll down to VBS. (Hey! There’s a .WMD extension. Funny. Windows Media Download package. Appropriate) Select VBS. Choose Advanced. Click on the word “Edit” Select “Set Default” button. Edit is now bold. Click “always show extension.” Click OK. Up one should be VBE. Select VBE. Choose Advanced. Click on the word “Edit” Select “Set Default” button. Edit is now bold. Click “always show extension.” Click OK. Click Close.

Now, if you accidentally click on a e-mail virus script, you will simply be treated to the code as a word or wordpad document. It will not run. Unless you right click on it and choose “open”.

It’s not a perfect solution, as .vbs is used for other things in this world, but it certainly appears to be a good 90 percent solution.

[rjung]

*Originally posted by alterego *
rjung if I send you a trojan through e-mail and you are stupid enough to open it is it suddenly Microsofts fault?

Great, it’s the geek equivalent of “blame the victim”: :rolleyes:

“Hey, boss, look at this. There’s a bug in the Remote Procedure Call service’s DCOM.”
“Yeah, so?”
“Well, there’s a chance someone could write a trojan that exploits this bug and installs malware without the user knowing about it. We should fix this.”
“What, and push the schedule back even further? Forget it! Besides, if someone’s stupid enough to open a trojan, that’s their fault.”

So, yeah, all you folks who got hit with Blaster and SoBig.F, it’s your fault. :rolleyes:

As for your earlier (still unsubstantiated) bullstuff claim about how Microsoft “tests retests and triple tests every piece of software”, consider this – the DCOM exploit was first introduced in Windows NT 4.0, which was released in 1996. That’s right, it took seven years before anyone at Microsoft even found this bug, and that’s after that two-month-long company-wide security initiative they went through last April. Blows a big hole in your claim, I’d say.
And to add to ** E-Sabbath 's** message, another reason why Windows is more vulnerable than other operating systems is because a default Windows installation has lots of security measures disabled. Firewalls aren’t initialized, ports are left open, preferences to run scripts without warning are set, etc. As a counterexample, MacOS X ships with only the minimal amount of services and ports open, and leaves it to the owner to turn on things as needed. It’s damn hard to exploit a file server if the server isn’t running, after all…

[E-Sabbath]

And don’t get me started about service packs that turn on IIS. Blew the heck out of our Citrix server.

[Alereon]

SoBig.F is ENTIRELY the fault of the user. Administrators could have taken some steps to mitigate the damage, such as blocking mails with certain subjects lines, but in the end users CHOSE to run the virus code. Admins could also have prevented users from executing attachements, either by use of system policies or dropping attachments at servers. Outlook Express already warns you before allowing you to click on an executable attachment, I don’t know what more people could want.

Blaster/Lovesan exploited an existing security problem in windows, thus making it Microsoft’s fault. However, a heavily publicized critical security patch was released two weeks prior to the worm appearing in the wild. Two weeks is plenty of time for admins to patch their entire network. Home users should have just left the AutoUpdate service running, and listened when it told them a critical update was available.

[Dewey_Cheatem_Undhow]

*Originally posted by UnuMondo *
**So essentially, you’re saying that the vast majority of people are ignorant of computers and not willing to learn. Duh. *nix users understand that. We also understand that that is a bad thing. Windows has the vast majority of the market because it allows users to remain ignorant. *nix at least teaches users new things about how computers function everyday. **

This is the kind of superior arrogance that drives people away from *nix systems.

Most people don’t give two shits about how computers work, and they don’t care to learn “how computers function” every day, any more than they want to learn “how cars work” every day when they leave for work. They just want to put their keys into the ignition and go, and when they arrive, they want to spend their time thinking about the tasks they are paid to do, not how to make their computer jump through hoops to accomplish those tasks. I’m a lawyer; I want to spend my time at work thinking about my client’s legal problems and how best to address them; I don’t want to waste time learning about how my computer is managing the tasks I use it for.

FTR, I don’t have a dog in the OS fight. I don’t really care which OS is tops. But I have come to loathe the *nix fanboys who insist that their system is better because it teaches people more about the inner workings of computer systems, and who decry Windows as encouraging ignorance on the same grounds. Dude, nobody cares. I don’t care how the photocopy machine works as long as it makes and collates my copies. I don’t care how the fax machine works as long as I can transmit documents to my clients. And I don’t care how my computer works so long as I can just get some fuckin’ work done.

[Scarf-Ace]

One phrase to the windows lovers: “buffer overrun”

Oh and Dewey, I don’t believe most “*nix fanboys … insist that their system is better because it teaches people more about the inner workings of computer systems”.

As a Linux user and fan i’d say of Linux fans:
I think they insist its better because; A) its more stable B) its free C) its the best viable alternative for home users in a monopolised market D) The typical distro contains an enormous amount of powerful and free, commercial quality software E) Users are not hooked into an expensive upgrade cycle F) Users are not forced to buy packages like SMS or ISA Server which compensate for flaws and deliberate lack of features in the existing OS and applications G) There are less viruses that target Linux. H) Linux courses don’t cost £750 for 3 days…

Your point is going to come in pretty far down most “*nix fanboys” list.

[rjung]

*Originally posted by Dewey Cheatem Undhow *
I don’t really care which OS is tops. But I have come to loathe the *nix fanboys who insist that their system is better because it teaches people more about the inner workings of computer systems, and who decry Windows as encouraging ignorance on the same grounds. Dude, nobody cares.

I don’t think a majority of *NIX users have this attitude – most of the *NIX folks I know (and I know quite a lot, honestly ) simply prefer *NIX for its maturity (30+ years), stability, and security. There are some issues with the user interface, most notably on the Linux side, but the idea that a teeming horde of *NIX advocates want to drag everyone back to the days of recompiling kernels and compiling your own software is silly.