Glass panels: what OS?

"Dylan Smith" wrote in message
...
[...]
Finally, MS has decided to listen and will have the firewall on by
default in Service Pack 2.

Yes, they have. And it will cost them a lot of money, because now every
user that winds up wanting to do something that the firewall won't allow by
default (because it locks down the system by default) will cost Microsoft
money so that they can have their questions answered because they can't be
bothered to RTFM.

Online gaming will be a big area of support, but there are plenty of other
applications that look like end-user client applications but which wind up
hosting at least one "server" port.

By blaming Microsoft only, you are starting to sound like those rabid
anti-Microsoft people CJ was talking about. Microsoft had genuine economic
motivation to make their operating system easier for dumb people to get
working and it's unreasonable to lay all (or even most) of the blame at
their feet for catering to their audience.

In this instance, Windows 98 is better than Windows XP.

That's like saying "in respect to high-speed crashes, the Ford Model A is
better than the 67' Mustang".

Windows 98 was insecure in plenty of other ways, and since the vast majority
of computer security problems have more to do with social engineering than
software engineering, those insecurities in Win98 more than trump XP's
issues.

As long as you allow a human being access to the operating system, there
will be problems. Windows had a very specific, and very different set of
requirements from any other operating system on the market today, and it
evolved in a very predictable way. Sure, there's room for improvement, but
the blame game doesn't help anyone, and frankly, because the anti-Windows
rhetoric has always been so blatantly religious, with little rational
justification, it's not surprising that tiny nuggets of truth have been
ignored for so long.

I know if I had some zealot in my face all the time about my unholy
lifestyle choices, I probably wouldn't pay much attention to him if he told
me my zipper was down.

Pete

On Sat, 26 Jun 2004 08:23:44 +0000, Dylan Smith wrote:

In article , C J Campbell wrote:
Fine, if you have a huge corporation that can afford a bunch of well-paid
admins. Your argument is beginning to sound an awful lot like you don't
think most people should have computers and that you think that the general
public is a menace.

No, I think Windows as it currently stands is unsuitable for the general
public. Windows as it stands is fine in an environment where a corporate
admin can look after the network. It's not the users fault, it's the
fault of Microsoft because the configuration is insecure by default.


This is true. Security has never been a significant priority for MS.

Windows as it stands should have at
least the software firewall on *by default* and almost all services
(most services which home users will never use) *off* by default.
Finally, MS has decided to listen and will have the firewall on by
default in Service Pack 2. Security researchers have been saying this
for *years*, and only now is it being done.

Rumor has it, that they will be making such changes in the future. Worth
noting, that I believe I read the XP SP2 will even make the firewall start
BEFORE the interfaces go live. Which means their software fire will
become more than worthless. Keep your fingers crossed.

It's not a problem with the users. It's entirely a problem with Windows.
The users are essentially decieved - it's a nice easy to set up system,
but they've been tricked into having a system that claims to be easy to
use and maintain, but really requires an expert system administrator to
make secure.

This is true. Which certainly does create many problems. Just the same,
in fairness, it requires an expert on any system to properly maintain and
keep secure.


That isn't the fault of Windows.

But it IS the fault of Windows. Having a number of insecure services
turned on by default which the vast majority of home users will *never*
use on a network is purely the fault of Microsoft. The PC manufacturers
also have some responsibility to bear - they could have at least thought
about it and set up a reasonably secure disk image when they duplicated
the hard disk loads for their PCs.

This is a fair complaint. Along those lines, many Linux distros had some
problems because newbs would select every service under the sun and enable
them without knowing what was going on. So, while having available the
shortest path to stupidity stinks, it still boils down to making sure you
have an administrator that's worth a dang. This is true, no matter what
OS you have. Granted, a bad admin, from a security perspective, might be
able to hide easier on non-Win platforms, eventually, they will get caught
with their pants down without regard for the platform that they admin.

Cheers,

Greg




Greg

On Sat, 26 Jun 2004 13:09:44 +0000, David Reinhart wrote:

I'm not a big fan of SCO anymore, and I haven't had to work with the SCO UNIX
for about 10 years, but I used to be the SA for the SCO box that ran the plant
that produces all the chemicals used by a major chip maker. I had that system
so tweaked that when I quit they didn't bother to replace me and the system
kept running fine until it was replaced about five years later. They only
called me in "on contract" once in that whole period and that was for a
hardware problem.


Ya, I hear ya. I've used SCO's "Always Stopped Clustering" and it left a
bad taste in my mouth. Their support was worthless. It seems that
it's the user's fault that a single application instance can DESTROY
every node in the cluster (including the filesystem), by simply starting
it up. When I say destroy, I mean go get your install disks and reformat
from scratch. Oddly, there was nothing wrong with the application, but
they still refused to support it. I've also used SCO on some X.25 private
switched networks, where we aso had some stability issues there. Granted,
it might of been an Eicon driver issue or something like that. Just the
same, I've never, personally, been impressed with SCO uptimes. So, perhaps
my persional bias is showing.

Cheers,

Greg

"Dylan Smith" wrote in message
...

No, I think Windows as it currently stands is unsuitable for the general
public. Windows as it stands is fine in an environment where a corporate
admin can look after the network. It's not the users fault, it's the
fault of Microsoft because the configuration is insecure by default.

Windows as it stands should have at
least the software firewall on *by default* and almost all services
(most services which home users will never use) *off* by default.

Actually, it is home users that tend to use those services the most, for
things like on-line gaming and such.

Now, I know a lot of Windows users. I realize that most computer admin types
have real problems with trusting the general public with anything more
complicated than an Etch-A-Sketch, but I tend to believe that the general
public is a little smarter than that. All the home users I know have
personal firewalls, anti-virus software, etc.

The vulnerable computers that I have seen are the office computers which are
maintained by so-called professional administrators who have turned off all
these protections for their own convenience.

"Dylan Smith" wrote in message
...
In article , C J Campbell wrote:
Fine, if you have a huge corporation that can afford a bunch of
well-paid
admins. Your argument is beginning to sound an awful lot like you don't
think most people should have computers and that you think that the
general
public is a menace.

No, I think Windows as it currently stands is unsuitable for the general
public. Windows as it stands is fine in an environment where a corporate
admin can look after the network. It's not the users fault, it's the
fault of Microsoft because the configuration is insecure by default.

Windows as it stands should have at
least the software firewall on *by default* and almost all services
(most services which home users will never use) *off* by default.
Finally, MS has decided to listen and will have the firewall on by
default in Service Pack 2. Security researchers have been saying this
for *years*, and only now is it being done.

Besides, what does any of this have to do with aircraft displays? Who gives
a hoot whether an Apollo MX-20 has its firewall turned on or not?

"David Reinhart" wrote in message
...
Gives a whole new meaning to "the blue screen of death", doesn't it? ;-)


You are going to die if your MX-20 fails?

Greg Copeland wrote:


This is, of course, a valid point. Just the same, a *mostly* moot point
given the openess of today's open source compilers. GNU's compilers, for
example, are self hosting. That means it compiles a compiler, which
it then uses to compile a new compiler. Then, the new compiler is used to
compile another compiler to compare with the previous compiler, to ensure
that everything is built properly. So, about the only way you're going to
get a surprise there is **if**, your current compiler is trojaned AND it's
smart enough to pass the trojan on to the new compiler. That means it
would have to know when it's compiling a new compiler.

Which method of propagation has been discussed (rather famously) in the
past, no?

grin

- Andrew

C J Campbell wrote:


"Andrew Gideon" wrote in message
online.com...
C J Campbell wrote:

You could not even go back to the days when only
research facilities and the military had Internet access.

Considering the economic damages caused by each major worm run, that
might
not be a Bad Thing. We'd lose a *lot*. But it might be better, in the
long run.


Better for whom?

You'd have to ask the economists that produce these numbers.

I submit that your protests are essentially the same as
those of the priests when Gutenberg started printing Bibles. Your high
priesthood is threatened now that the unanointed masses have access to
computers and networks.

That's foolish. Once upon a time, I was a software engineer with a nice job
that paid reasonably well. Then, this tool I'd used for year exploded in
popularity. As a result, my income surged. Despite the "hard times" and
"burst of the bubble" neither I, nor my other "long time in technology"
friends, were adversely impacted.

In other words, the exploion of personal computing, esp. involving
networking (my particular area of interest has always been in network
computing) has been *wonderful* for me.

So by what am I threatened?

No, what I see is a picture larger than myself. I see people that have
years of work lost because they don't do proper backups. I see people that
have monies and "identities" stolen do to poor system security (ie. the
latest IE spoof, or just the sniffers installed at a Kinkos). I see
reports of millions+ in damages cited for each of these major worm runs.

All of these are, in theory, preventable. But this would require education.
This would require that people understand that these are not toasters, but
machines of enough complexity that ongoing care and maintenance is
necessary. Unfortunately, that education could work against some company
bottom lines, and so a lie is put out instead.

Is the cost worth the benefit? I cannot say. So I *don't* say. But I
certain don't opine that the introduction of the Internet to the masses is
an unmixed good. There has been a definite cost. Worse still, it is a
cost that need not have been paid.

If you're looking for a priesthood protecting its own, I think you're
looking in the wrong direction.

- Andrew

C J Campbell wrote:

Besides, what does any of this have to do with aircraft displays? Who
gives a hoot whether an Apollo MX-20 has its firewall turned on or not?

You know, this is a very good question. It caused me to have a sad thought.

Today, GA avionics is much in the same place that PCs (not just MSFT
environments) were in the late 80s: mostly stand alone, perhaps with a
local LAN (ie. MFD, simple weather download, etc.). What if avionics take
the connectivity leap that general computing has taken?

For example, one of the problems with MSFT environments is that they ship
with all "discover all devices on the net" mechanisms enabled and insecure.
This is terrific for ease of constucting a network. Just plug it in, and
it works.

Avionics manufacturers could take the same path: standard protocols for
discovery and then communication would make plugging a new device into the
avionics "bus" cheaper/easier.

Of course, add one device which communicates between avionics buses (ie.
perhaps a TCAS or some nifty function riding a mode S), and we've MSFT
machines on an internetwork all over again...except we'll be airborn at the
time.

Scary.

- Andrew

David Reinhart wrote:

It's already happened.

Really? Wow. Have you a citation I could read? I'd like very much to
learn more about this.

- Andrew