Microsoft warns of 'critical' Windows security flaws

[MojoJojo]

I have a dual boot set up at work (XP/Debian)
At home our router runs debian linux
Our mini-itx/divx player in the living room run Gentoo (another Linux distribution, where you compile everything from source).


At Work, the only thing I use XP for is Powerpoint. (Only and also checking my tuff runs under windows too),I use LaTex for writing papers etc (also available on Windows). And programming gcc stuff is a bit nicer in Linux.

The Router is Linux because: it runs properly (fairly crap old PC)
It runs a decent firewall with connection tracking and priorities (Quality of Service)
(The default XP one is pants, cost lots of money to get a decent one for XP I believe)
Runs HostAP, so acts as an wireless access point without us haviing to buy an Access point. Not sure if can do this in XP, although I believe Macs do it for free.
Runs a Virtual Private Network (PoPTop), which would cost lots of Money on XP.

The TV/divx player is gentoo, as better software for doing this sort of stuff (menuing, infrared etc). Works a lot better on mini-itx board, can network boot so no need for noisy hartddrive. Finally, a XP license would pretty much double the cost of the basic system!

So, Linux can do lots of stuff a lot cheaper than XP (in terms of hardware and licensing costs), and it can do a few things XP can't. (I believe to network boot a windows PC, you have to go up to Windows Terminal Server, which costs in the region of £10000, although the licensing arrangements are a bit complicated). However, most people couldn't of got all this stuff to work. Its helps having 3 computing graduates with lots of free time in the house...

[Purple Tentacle]

(The default XP [firewall] is pants, cost lots of money to get a decent one for XP I believe)

Yes, the default Firewall is absolute shite.

However I swear by ZoneAlarm, which is a free download, although some people swear by Kerio, also free. Never got on with that one though.

Anyway, they're both very good.

(and anybody without a firewall should be shot in the face for being a danger to others, zeig heil!)

[MojoJojo]

Ah, but they're personal  firewalls (actually don't know about Kerio, ZoneAlarm was last time I saw it). They're great for individual PCs, but we want a more powerful system for networks. Basically all nasty stuff gets blocked at the router, and we have three zones, covering the internet(untrusted), wired network (trusted) and wireless network (untrusted but with access to the VPN server, which puts you on another trusted network, in effect).

[gazzyk1ns]

[disclaimer, I haven't installed or used Linux, other than Final Scratch software which has it's own installer, runs from CD, easy peasy]

I don't understand why people want to get away from using Microsoft O/S.

You know I hate XP so I'll talk about 2000 here. Personally I want to get away from Windows now because I think everyone who doesn't want to pay for most PC-related things in the future will have to, because of Palladium technology. I don't know if anyone has a link ot a good article? No doubt you've heard of it anyway.

How many of you using/wanting to use a Linux distro instead of Windows XP or 2000, want to do so, as you are going to try and achieve something of worth, maybe programming, or for the purpose of getting a job due to having Linux experience?

Nah not anything of worth, but I don't use my Win2000 partition (which I'm on now incidentally) for anything of worth either.

I'd have thought Linux would be quite limiting for a lot of things, ok, it'll no doubt have it's own players for music and movies, it's own office software and the likes, but in terms of support, updates, and future development, it's surely more limited than Windows?

Nah the opposite really, in that it's open source and so will be developed as users demand, as opposed to being a money-making/monopolisation exercise for various massive companies. XP might install your modem instantly, but after I'd taken an hour or so to properly configure mine with Mandrake it now initialises and connects silently on booting, I never even have to think about it under Linux.

My biggest pet hate is bloated software and the software written for Linux certainly is not bloated, as opposed to XP and most software designed to run on it. You also never have to worry about cracks and keygens. Incidentally, the Soulseek client for Linux (Nicotine) is better than Nir's, it appears to be (marginally) less buggy and has loads of handy details. Timestamps in the chatroom are especially useful, you never worry about replying to someone who's been away from their PC for five hours. The chat client I use on Linux, GAIM, is good too... it connects to all IM proggies (AOL, Yahoo, MSN, ICQ) if you want it to and has useful little novelties like telling you when someone closes their chat window, hehe you can see when someone really can't be arsed to talk to you or you might be pissing them off etc.

One of the major beefs I saw people had with Linux was the NTFS-related difficulties. I've never really seen any advantage of Using NTFS. The security advantages are irrelevant on home PCs, and it's marginally (admittedly, probably imperceptably) slower than FAT32 with most tasks. NTFS also poses a problem if your Windows system goes tits-up and you need to do the old thing of booting from a floppy into (simple) DOS, and then starting fresh... DOS can't see NTFS either and so if your primary partition/HD is NTFS and you're wanting to start afresh then you'll lose all your files on there without a lot of fuss. FAT32 is obviously supported without any fuss. So I'd say that it's fairer to say  "NTFS is incompatible with many things" rather than "Linux has compatibility issues with NTFS".

Check out Microsoft's own article about the advantages of NTFS:

http://www.microsoft.com/windowsxp/expertzone/columns/russel/october01.asp

...The guy basically says there "Well NTFS has these incompatibilities, you might want to create a FAT32 partition for when it goes belly-up...but....NTFS is more 'powerful'....". More powerful? How can a file system be more powerful? That's technobabble designed to make you want to use a certain file system with no real advantages and several minor disadvantages.

I think there is a set of 4 or 5 boot disks which is creatable with 2K/XP which might do the trick, and I dare say there are customised boot disk sets which might get you NTFS support but your whole argument for using Windows here is ease of use from the off, so don't throw that back at me!

So that's why I am in the process of switching to Linux.

[Dusty Gozongas]

It did offer me a nice thought though "Try downloading a driver for it" - through what?

Assuming that the modem worked ok with XP, you could've downloaded the Linux drivers that way.  Then, create a small FAT32 partition (no need to do this if the XP partition is already FAT32) and put the file there.  After that, boot into Linux and mount the FAT device... BINGO.

I had a Red Hat/Win 98 setup a while back and would often transfer files in this fashion 'cos of the fact I had a winmodem.

[blue jammer]

Interesting reading there gazzyk1ns, and yes I've encountered NTFS problems using Final Scratch, as that has to read/write to the windows partition, and it wouldn't, the bad bugger. I got a laptop specifically for that job, and it came with win2k on, I don't have a win2k disc, and for some reason partition magic wouldn't make a FAT32 partition, so I ended up formatting it, to stick XP on, just so I could sort out a FAT32 partition (god what a load of guff saying that a few times)

Re programs on Linux, sounds tempting, especially for things like soulseek and emlue type stuff, which I think is called mldonkey on there, but I fear change, and haven't the time to bugger about learning new O/S'.

[gazzyk1ns]

Of course, and like you're always saying you've gotta use what works for you and all that...

[Timmay]

I'd hardly say that Linux's inability to write to NTFS out the box, is Windows' fault. And strangely you pretty much list that as a reason to switch *to* Linux. Although I may have misunderstood what you meant there. :S

And if you're on Windows, and don't like NTFS, don't bloody use it! A (nearly) perfectly good alternative is already there in FAT32. How is not liking one of the options in Windows, a reason to switch?

As for the applications you mentioned, having nicer features on Linux - it's a bit of a non-argument really. I'm certain Windows would have better apps, if you looked for em. For example, for your chat program - how about Trillian in Windows? It can communicate with any of the networks you listed.

It's funny, I've previously been arguing why *I* want to switch to Linux, and now I find myself defending Windows! I'm not particularly, I just find your reasoning sometimes misplaced.

Oh, I'm not deliberately picking holes in your post (well, I am, but you know what I mean!), but as for getting to a DOS type prompt or something with XP, if it goes fucky, if you're using NTFS, you can just bung in your XP CD, boot off that, and go to the Emergency Repair Console. Got me out of many a pickle! If you're using FAT32, you can of course use any old recent bootable floppy. But then you knew that already.

[MojoJojo]

I'd hardly say that Linux's inability to write to NTFS out the box, is Windows' fault. And strangely you pretty much list that as a reason to switch *to* Linux. Although I may have misunderstood what you meant there. :S

I think you have misunderstood his point, which was NTFS doesn't work with anything, not just Linux.

However, it is Microsoft's fault that it doesn't work with Linux or anything else, since they have tried pretty hard to make sure nothing does work with. TI think NTFS does work almost fully in Linux, it's just no one is willing to take responsibility for saying this, 'cos people get pissed off if it does mess their data up. And if it did start working, MS would change NTFS so it doesn't work (probably in the most catestrophic way possible).

And if you're on Windows, and don't like NTFS, don't bloody use it! A (nearly) perfectly good alternative is already there in FAT32. How is not liking one of the options in Windows, a reason to switch?

I think you missed what was bein said.

As for the applications you mentioned, having nicer features on Linux - it's a bit of a non-argument really. I'm certain Windows would have better apps, if you looked for em. For example, for your chat program - how about Trillian in Windows? It can communicate with any of the networks you listed.

Sort of right, in this case, for the wrong reasons. The free version of Trillian is a bit pants, compared to Gaim. However, Gaim is available for windows, and is pretty much the same. Applications is a very hard area to compare. I'd guess that Windows does have better applications for many areas, but you have to pay for them ot nick em. And infratructure stuff... Linux basically provides most of the features of Windows Terminal Server, which costs in the five figure range, (may be wrong, haven' looked at pricing myself...)

[no_offenc]

If I had more memory I'd love Linux.  That and HardDrake doesn't like my soundcard........so no Mp3s for me, until I get that sorted.

Once it's done though......it was so satisfying getting the nVidia graphics drivers working FINALLY.  And it's a new experience....compared to Windows' "click, click, crash, click, work, click crash" experience.

I like GNOME.  More than KDE at any rate.  Although the browser is fucking guff.  Firebird........will work, probably.

[Timmay]

And it's a new experience....compared to Windows' "click, click, crash, click, work, click crash" experience.

Does this *actually* happen though? Honestly? If it does, I swear either you're machine is fucked, or you're doing all sorts of shit to it that makes it crash. Either that or you're using something pre-2000.

I'm no MS fanboy, but my PC with XP has crashed (and I don't just mean bluescreening) *once* in the 12 months I've had it. That's ONCE. And that was just after I'd installed it, and was fucking about with updated OpenGL drivers or something. And I've got a lot of shit on it. And I've got a lot of ands in this paragraph. Fuck. And.

[Gamma Ray]

I don't understand why people want to get away from using Microsoft O/S.  It feels to me like a lot of people do it to be 'cool' or 'different' somehow, maybe that is a huge sweeping statement, but it's what I think.

I can't speak for everyone, but that's certainly not why I'm switching to Linux. It's a simplistic way of looking at things, but I'm a simplistic kinda guy ... Windows is a commercial product, ultimately made to make money. Linux is open source, and not for profit. It's programmed by people who want to programme it, to the point where they'll do it for free. And if you're into it, you can get involved too. I think that ultimately this will make for a far superior operating system. Scientists will scoff, but I think that it'll make for an O/S with a little soul, because that's what people will have put into it.

Yes, the default [XP] Firewall is absolute shite.

I don't understand this. As I see it, a firewall is a firewall. It's a simple piece of software or hardware that allows or disallows access to specific ports or services. The XP firewall does not deal with outgoing requests, but as far as I can see you can configure incoming requests as you like. I think that it is useful to monitor what processes are requesting access to the internet from your PC, but if you have a secure enough incoming connection you shouldn't get infected anyhow. This not only involves having a firewall, but includes patching your O/S on a regular basis, having up-to-date AV software, and using your common sense, such as not opening attachments that you don't recognize.

Sam Spade doesn't rate personal software firewalls at all, just look here. Like this article says, he overstates the case a little. Still, there's a lot more to internet security than just installing a firewall.

I have Kerio on my PC, but that doesn't have an internet connection at the moment. I am posting this from my friend's PC, which is on a broadband connection pretty much 24/7. It only uses the XP firewall, but I run a full virus check at least once a week (using the most up-to-date virus profiles) and I have never picked anything up.

Still, like I say I only have a simple understanding of these things. Please feel free to correct me - that's what a forum is for, ¿no?

[gazzyk1ns]

Generally, the nasties which populate an un-firewalled system (assuming, as you say, that you're not double-clicking on "britney spears fuck sex metallica whore cum.mpg.exe") are going to be things like tracking cookies, data miners, porn diallers (harmless on ADSL, and I think cable too) and other "less terminal" stuff like it... ad-aware and spybot should do the trick there. In Spybot S&D,  make sure you initiate the "constant protection" or whatever they call it, it doesn't make itself apparent apart from when a site is about to impose something annoying on you.

[Gamma Ray]

In Spybot S&D,  make sure you initiate the "constant protection" or whatever they call it, it doesn't make itself apparent apart from when a site is about to impose something annoying on you.

Do ya mean the 'immunize' function? Yeah, the guy that wrote that article I linked (not the Sam Spade one) mentions those kind of things. I do have Spybot installed, and I do recommend it. I have it installed on the firewalled PCs at work and it's picked up some awful shite on them.

[gazzyk1ns]

Yeah the immunize is what I was on about. It's strange how things are nowadays, not so long ago I was without a firewall and anything else, but regularly updated my antivirus software, and also regularly scanned with it even though I know what I've opened... I've not had any AV software on here for about a year now, but I rely on a Firewall and Ad-Aware/Spybot to keep me safe in Windows.

[blue jammer]

Just to mention (whilst were on the subject of all things virii)

Norton A/V 2004 (hated by a lot of you, I know) now does Spyware & Adware, as well as all the stuff 2003 did, and script blocking too.

I like this, as it's an all-in-one, so I don't have to keep updating Adware/Spyware progs, when Norton does it all with it's auto-updater.

The only thing I would say that niggles me about the new version of Norton, is that it likes to be in on everything, if you copy a .rar file from a network drive on your local network, it takes a little time to copy it, Norton scans it like a bastard, thinking it's something suss.

Still, that's just a small niggle, and I'd rather it was fussy, than let something slip through!

[Timmay]

Microsoft source code has been leaked onto t'internet

"It is thought to comprise parts of the source code for Windows 2000 and Windows NT."

What I don't understand, is if Linux's source code is free to view by anyone, and that's fine, how can this leak of Microsoft's code have any bearing on security like they suggest...

"Hackers with the code could exploit the operating system and access machines running Windows."

[MojoJojo]

Because Microsoft believe in Security in Obscurity ... that its better to hide security flaws so they can't be exploited, than it is let people see the code and spot & correct flaws, and gain some level of confidence in the code.

They use it as an excuse to not share source, and it has been suggested this is because it would be an embarrassment to share the horrible bloated mass.

Could go on about Security in Obscurity verses Confidence in Openess, but I got a presentation in half an hour. But I would point out source code leaks sort of blow the entire Security in Obscurity argument out of the water.

[Timmay]

boxed versions like Xandros are now EASIER to install thatn WinXP.

Well, many thanks for the recommendation SH. I'm on it at the moment, and I must say - for once - it was a rapid and painless install, even detecting my nvidia card straight off!

Not sure if I'll stick with it - XP does me lovely, just curious really - but you never know...

Ta muchly again!

Oh, and I didn't actually buy it, so my argument for wanting to use it cause it's free and legit is kinda nullified at the moment!

[no_offenc]

I'm on 98.  Everything after it doesn't like my computer.  Linux likes it about as much as 98 does.

And now I've finished getting my graphics to work, I need to figure out how to make it see my onboard sound.  I'm not arsed if it takes me a week to sort it....I like making things work myself.  Like my computer is rigged together so it runs faster than my girlfriend's P4 2.2GHz machine because hers is full of spyware and shite and junk and mine isn't.  Mine's a K6/2 333MHz box.  Goes to show.