[Leaplist] A letter to my Windows friends...

[Fred Moore]

Ray I contend this has absolutely nothing to do with the end user..  When the 
average life expectancy of a new unpatched windows box sitting on the net is 
less than 30 minutes...   this is without an user running it..   It has been 
tested..man times..  Don't make an assumption that the average user knows how 
to patch windows.. The security model is just broke.   And because the 
registry has to be R/W by design I find it unlikely it will ever be fixed..   
We don't know about vista..   I suspect it will just be a linux promoter..   
if not it will place a lot of very good machines on the market as people by 
newer hopped up stuff just to support vista..   Anyway.. my life has been 
much simpler since I just quit supporting windows.. Fred


On Wednesday 29 November 2006 20:47, Ray Brunkow wrote:
> Chris wrote:
> > I'm sending the following to everyone in my address book. Yeah,
> > I'm having an old fart grumpy moment after spending my "Holiday"
> > cleaning up three friends/relatives PCs - sheesh.
> >
> > ----------
> >
> > What's wrong with this article?
> >
> > http://www.cnn.com/2006/WORLD/europe/11/27/uk.spam.reut/index.html
> >
> > Here's what's wrong - nowhere in this article is Microsoft, and
> > their products, such as Internet Explorer, Outlook, Outlook
> > Express and Windows mentioned. And that's just wrong. Because
> > Microsoft is largely culpable for the plague of spam infesting
> > your email. And your Windows PC is helping.
>
> As much as i detest MS I fail to see the ire you are directing at this
> article from CNN.  CNN, like many news agencies in the USA, run on
> WINDOWS.  The use of
>
> -----------
> Experts blame the rise in spam on computer programs that hijack millions
> of home computers to send e-mails.
> -----------
>
> home computers, please keep in mind that MS still has no less then 85%
> of the market share world wide for home computers.  To state "home
> computers" is the same as stating MS Windows in a generalization.
>
> > ----
> >
> > Computer columnist Robert Cringely wrote, back in 2001:
> >
> > "The wonder of all these Internet security problems is that they are
> > continually labeled as "e-mail viruses" or "Internet worms," rather
> > than the more correct designation of "Windows viruses" or "Microsoft
> > Outlook viruses." It is to the credit of the Microsoft public relations
> > team that Redmond has somehow escaped blame, because nearly
> > all the data security problems of recent years have been Windows-
> > specific, taking advantage of the glaring security loopholes that
> > exist in these Microsoft products."
>
> To an extent you are correct, but the real problem is not the security
> loopholes, but the fact that 99.9% of home users run as Administrator
> when running Windows.  This means that no matter how secure or insecure
> the OS, software, service is, if you are running as Administrator, root
> level, then anything you do to the computer can and WILL compromise it.
>
> Now again i am NOT supporting MS in any way shape or fashion with that
> statement, just pointing out the real issue is the way EU use the
> computers, not the over all name scheme of things or the overall lack of
> sound code.
>
> Please do keep in mind it is MS who has continued to break any kind of
> security model they may have with MS Office requiring administrative
> rights to install or run, top that off with thousands of other
> applications like all of the Intuit software packages or Adobe packages
> and you have a complete break down in any kind of user level security,
> or use level isolation of security issues.
>
> > ----
> >
> > In November of 2003, John Dvorak wrote:
> >
> > "The [Outlook Express] product has been under fire since its
> > release, and almost every major virus uses Outlook's open-door
> > security policy to turn individual mailboxes into spam-o-matic
> > emailing machines."
>
> the entire Outlook line is one big virus IMHO and when ever i can i try
> to encourage people to use Thunderbird instead of Outlook anything.
> Sadly as MS Exchange is so powerful, easy, and abundant in the corp.
> world Outlook is the #1 e-mail client.  Now if some other e-mail client
> could tie in directly with MS Exchange things could change.  So again do
> not narrow your look when it comes to the problem.  The real problem is
> the corp world reliance on MS exchange, or to be more specific the fact
> that there is NOTHING in the FOSS world that can do EVERYTHING as easily
> as MS Exchange does for the corp. world.  If there is something out
> there that is FOSS, i would love to learn about it so as a consultant,
> not a great one mind you, i can at least offer alternatives to MS
> Exchange when corp. are in need of all of the features that Exchange
> offers to its clients.
>
> > ----
> >
> > The mainstream media seldom makes the distinction between
> > "computer" trojans/viruses and "Microsoft" trojans/viruses. The
> > mainstream media maybe don't know any better. Or maybe, the
> > mainstream media gets a heck of a lot of advertising revenue
> > from Bill Gates.
>
> I will take this one step further in clarification.  the USA mass media
> does not make the distinction between virus, or MS virus.  If you read
> the BBC, or F-Secure blog, or slashdot or any of the "IT friendly" sites
> out there, you will see the distinction between MS and standard virus,
> or platform specific malicious code for that matter.
>
> > Look, it's this simple. Windows desktop PCs are a disaster on
> > the Internet that have cost literally billions of dollars of damage
> > to computer users.
>
> See John Simpson's page about viruses and the internet with IE...  great
> read and some very good links.
>
> http://www.jms1.net
>
> > You didn't know this - and that's not your fault. But the fact is,
> > you were sold a PC that had severe security problems in the
> > fundamental design of it software, and even worse problems
> > in its default setup. If it weren't for the agreement you made
> > in the form of  the MS EULA (Yes, you agreed to it) you'd have
> > the right to a class action lawsuit.
>
> Again, let me point out the real culprit here is not ONLY MS and its OS,
> but every company out there that mandates their software be installed or
> run with Administrative rights.  THAT IS THE REAL problem with MS OS.
> Since win2k, and even to a lesser extent NT, there have been distinct
> user level security rights.  The problem here is that MOST software
> requires elevated security rights to install or worse to run.  Intuit is
> a prime example, without Administrative rights you can not even START
> QuickBooks.  You will get an error stating you must run this application
> as administrator.
>
> That is NOT, i repeat, NOT an OS issue, but a software maker issue.  MS
> Office is always the first one to be guilty of this so that does not let
> MS off the hook either.
>
> > But it's time to grow up. Now you know better. And my message
> > is simple - run something besides Windows - at least when you're
> > connected to the Internet. Chances are, your machine can run
> > Windows and Linux. I'll even help you set it up. Use Linux to surf
> > and do email. Run Windows for what it's safe for - playing games.
>
> Sadly for the average user, this is not an option.  WHOAAAA!!!!!! hold
> on, i am not saying that Linux is not something the average EU can not
> use.  What I am saying is that the average Linux distro IS NOT READY for
> the average user when it comes to installing, configuring, etc...  I am
> no linux guru, but I do know my way around a windows computer VERY VERY
> VERY well and can install and configure both Linux and Windows and set
> up dual boots when i need to.  I AM NOT the average EU.  I promise you
> my wife, who is very much so in the average group of users, could not
> install XP, or Linux for that matter.  It would be even worse if my wife
> were to try to install Debian for example.  she would have NO CLUE what
> 90% of the directions were telling her.  Same would go with XP, but at
> least that is a bit more GUIish.  Yes there are some GUI based distro
> installers like the FC line and others like that, but again when it
> comes to picking the right options she would be lost.
>
> Here is a big problem.  most mass producers of computers are so deep in
> bed with MS that they CAN NOT SELL alternative OSs on their hardware or
> MS will jack up the price of Office and OS on them to the point they can
> no longer be competitive in price for their computers.  With the price
> of hardware being so small of a margin for markup for profit the ONLY
> real profit mass makers of computers have a chance of getting is on the
> software side.
>
> Example:
>
> winXP Pro OEM = $149
> Dell price could be as low as $35 for XP Pro, but as soon as Dell were
> to start offering Linux or BSD on their hardware, their price for XP
> could jump up to $75 or to $100, or even higher, thus cutting deeply
> into their profit margin.  This is NOT good business for anyone and MS
> is squarely to blame for this.  granted those are not 100% accurate
> numbers as i have no clue what Dell is paying, but i do know a local
> company that deals with millions of licenses for XP and they pay  $50
> for XP Pro and $35 for XP Home.  So I can only guess that Dell is in
> that range too.
>
> > Or buy a Macintosh. But please, don't sit there, and wonder
> > why your inbox is flooded with spam while running five zombie
> > tasks on your PC that are spreading viruses and flooding the
> > Internet with spam without your knowledge.
>
> Sadly most EUs have NO CLUE their system is compromised unless it is
> with some kind of adware that puts pop-ups all over their screen.  As
> most bot-net type worms/viruses try to HIDE from the user, they do a
> very good job of that.
>
> > Are you afraid to learn how to use Linux or a MacIntosh?
> > Don't be. You weren't born knowing Windows, and the
> > transition is easier than you think. Personally, I'd be a LOT
> > more afraid of passing out my credit card numbers, my
> > social security number, my address. I'd be a LOT more afraid
> > about giving out all my bank account information and passwords.
> > I'd be a LOT more afraid of the FBI knocking at my door wanting
> > to know about the kiddie porn I've been emailing out.
>
> As far as converting to Linux, see above, I think it is a great idea,
> but not enough EUs know it exist or even what an OS is.  As for MACs
> most people think they can not afford a MAC, this is very true for the
> most part, and they do not think it runs all of the applications they
> may want/need.
>
> > Awwww, it couldn't be that bad, could it? Consider, in 2003,
> > the Norwegian telco provider, Telenor shut down a server
> > controlling a "bot-net" of 10,000 "zombie" PCs.
> > http://www.theregister.co.uk/2004/09/09/telenor_botnet_dismantled/
> >
> > But 10,000 PCs - that's nothing, right? OK, how about this:
> > In September of 2005, Dutch police arrested a trio controlling
> > a zombied network of 1.5 million (yeah, million) PCs.
> >
> > The currents levels of spam, viruses and trojans points to even
> > bigger networks. Much bigger. And none of the people using
> > these millions of PCs even know anything is wrong with their
> > computer.
>
> That is my point from above.  the EU has no clue 90%+ times that they
> are infected.  I talk with people all the time who claim to never have
> had a virus or bit of spyware on their computer and all I do is LAUGH at
> them for being so nieve.  if they are running MS, they are infected at
> some point in time if they are connected to the internet.
>
> > Look at it this way. You worked hard. You saved. You bought
> > your PC. You thought you owned it. But Bill Gates gave it away
> > to some Ukrainian criminal organization. They're running your
> > PC, and the only reason you can use it at all is because you
> > have their permission. And you still want to surf the web with
> > Windows?
>
> Please keep in mind, it is the security mind set of XP and older OSs
> from MS that are the problem, not just Bill and his friends, but Intuit,
> Blizzard, SoE, and the list rolls on and on and on for mandating that
> the software used in Windows is run or installed as Administrator.
>
> > Be my guest. But when you get tired of wondering why your
> > browser doesn't go where you want it to, when you get your
> > fill of the slow machine that used to be fast, when you start
> > wondering if your entire identity isn't for sale on a foreign
> > website... give me a call.
> >
> > Cheers,
> >
> > Chris
> >
> > _______________________________________________
> > Leaplist mailing list
> > Leaplist at leap-cf.org
> > http://lists.leap-cf.org/mailman/listinfo/leaplist
>
> that last bit is what i do for people.  i gladly take their money when i
> come out to FIX their computer, i educate them to the best of my ability
> without sounding to holier then thou type or to much of a zealot against
> MS, just enough to point out that there are major flaws in IE,
> Outlook(and express) and XP and that running anything as the
> administrator is never a good idea unless you are doing something that I
> should be doing for you.  If it is something like replacing hardware, or
> installing new software, or drivers for a printer, then you should run
> as administrator in Windows, but other then that, you should be running
> as USER when possible.  sadly that is not possible most of the time in
> the windows world thanks to all of the 3rd party vendors and their
> software that mandates Administrative rights just to open up and run.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.leap-cf.org/pipermail/leaplist/attachments/20061129/e3aeab58/attachment-0001.bin