Discussion in 'Windows Desktop Systems' started by Mainframeguy, Apr 6, 2004.
dunno if this was posted or in news, but see here
Is a week old now, but a good read never-the-less
they always make yopu feel "hey, they are finally doing something..", but then soon enough, another virus exploits the service pack and the whole world screams...
The fact still remains that Microsoft is NOT to blame for this.
The people who create viruses and trojans are obviously the first ones we need to point their fingers at...I've often wonder what kind of sadistic mentalities these people have. Think they need to go out of the house more often.
Apart from that, in fact, it's also more often than not the fault of the end-user. XP has an automatic update service that downloads and installs critical patches on a regular basis. But then you have people who, in their infinite wisdom, choose to turn it off, claiming that it's "phoning home" - which is, again, utter rubbish spread by anti-MS propagandists who think it's the "in-thing" to bash the company at every chance they get.
If we look back at the time of the infamous MSBlast worm, we realize that Microsoft did, in fact, release a timely patch that could have curbed the spread of the worm. The only reason it blew out of proportion was because of neglect on the part of end-users. They chose to circumvent the automatic update cycle. They were careless not to manually check for and download the patch. When the worm hit, they got what they deserved. Plain and simple. Shockingly enough, there are millions of people out there who still haven't bothered to install SP1, even though it's been out for ages.
I'm not saying MS is a perfect company with perfect products. No company is, and no product is. It's just that it makes no sense blaming them for things they are not responsible for.
By the way, the post wasn't directed at you falcone.
Just felt the need to get it off my chest...Microsoft-bashing just starts to sound immature and foolish after a while.
Hmmm, lets see.
Programmers list of todo's:
Bug in ssl code in Windows (Status: Fixed; Time: 6 months)
Patch for MSSQL (Status: Fixed; Time: 2 Months)
Ah, i could keep on going.
Also, Netryder if it is it the users fault, then MS doesnt take any of the blame, however they are to blame. They wrote buggy code, and untested released it to the public. The same happens with free software, and they always take the blame for it. They always say, sorry we were wrong, here is the patch, please update your systems.
Whereas with Windows everyone just pushes it onto the end users instead of MS, which in this case did release a patch, but didnt even bother to test the product before releasing it. Even the open source movement makes stupid mistakes, but none as big as Nimda, Code Red and varies others. There is no exploit yet to automatically thru some bad coding install a backdoor and start mass mailling and take out an entire internet backbone cause of the flooding of traffic. I have yet to see thousands and thousands of boxen hitting each other with all kinds of reqeusts on the MySQL or PostGreSQL port cause its vulnerable.
And the windows auto update feature breaks as well. I have had a box grab an update that was available for something, installed it, and a few hours later it was pulled and then a new one was put up cause the old one was broken. In the mean time i had rebooted and my box wouldnt come back up again. THAT is why a lot of poeple turn it off as well. And the phoning home part. I dont know what to think about it. I personally like to know what is doing what at what time and where it is going on the internet. Personally, i also like to install the updates myself so i know what is going on, i like to be in control.
Also note, that in an business enviroment you dont suddenly just roll out a patch. You first test it on the dev boxes, put it under stress to make sure all works correctly, and most boxes that ran MSSQL and others cant be taken offline, they are mission critical servers, and thus the patches are mostly on a 6 month cyle. Every 6 months all the new patches and everything are installed, and then it wont be touched for another 6 months.
But NR, M$ is to blame. Most of the exploits, security holes are exposed months [some years] before they are exploited and only after the hole is publicly exposed is it fixed. [note eEye.com]
When exploits in unix/linux systems are exposed, usually a fix/patch is released within days [even hours, note recent SSH vulnerability].
I like Windows [a little] and it is great as a workstation but isn't and wasn't designed as a server, period.
My M$ pet peeve list
COM+ application [what a grand idea]
ActiveX [nice to have a browser control that can mod system files]
uPlug and Pray [DoS vulnerability, who needs hotplug network devices anyway]
Default administrator usage, you dont login to slack as root now do you?
Both of you brought up some excellent points (and some of which I didn't think of while posting earlier).
As I mentioned earlier though, it would be stupid to say Windows is anywhere close to perfect...more so when you look at the security aspect of it. And I will agree with the fact that Microsoft has often taken ages to fix quite severe potential-exploits in the past. But things have been changing for the better during the last few months. There is clearly a greater awareness and they are definitely taking steps towards plugging holes in the OS. The fact that they're releasing a whole service pack that focuses almost solely on security does say something.
However, the point I was trying to make (and in retrospect, it seems like my wording wasn't too clear in my post) is that Microsoft is not solely responsible for all the problems an end user has. Very often, the user is equally responsible for not keeping up-to-date, especially when updates are posted right there on WU. You see people bitching about the fact that they have to download a few more updates each month. I think of it as a good thing. It shows that something is being done...that Microsoft is taking proactive steps to make the OS a little more secure, if anything.
Now regarding servers and business environments. That was something I did not consider in my post, and I will completely agree with the points both of you brought up in that respect.
Windows isn't meant for servers, it's true. Too much maintenance involved.
Managing IT for Business Value
I often wonder on which planet these people reside. They are always s going on about a new technology that will provide solutions to what in effect are incompatibilities between their systems and existing systems and beliefs.
Only yesterday I was in PC World (UK) and upon arriving at the check-out to pay for my ten blank CD’s looked at the operator’s cash till screen which can only be described as something lost in the nineteen sixties or seventies. How can a modern company expect to make any money using such out-dated software? My wife works for the Co-op (UK supermarket) they also base their modern EPOS systems straight out of the nineteen-seventies.
My own company still uses a text only database system called “image” by HP. This was placed in the skip by me about twelve years ago but they run their entire operation on it and within it. They even have recently spent £1.2 million on an application that runs only on the image database system. It runs under an emulator on a PC so what on earth are Microsoft going on about. Most large companies in the UK are still in effect on MSDOS V 5 and don’t know any better as they are all computer illiterate at the board level only using XP and Office applications for “typist and accounting (excel) functions.
They use their IT department as middle-where engineers so that these applications can somehow talk to each other over a 64Kb line, madness.
How can any modern company still be using the old “client server” model which is as you point out, mission critical. The distributed database model incorporating peer to peer and client server is the way forward (like the internet). Clustered servers and the centralised view of data storage is by design, just to expensive to take further without the huge bandwidth required for the com’s links in large companies operations.
Centralised server operations are proposed by IT departments in order to retain control over their domain. They are in effect not the answer for a modern and flexible international company as all they provide is empowerment to the centralised server site/ethos/model and hence the IT department in their ever ending goal of total control over their own company and it’s operations. This will all change as directors and CEO’s get educated in IT.