Windows virus?

This is a discussion on Windows virus? within the A Brief History of Cprogramming.com forums, part of the Community Boards category; Thanks for the detailed breakdown. I am no way knowledgeable with Linux. I am just a user. Not even a ...

  1. #46
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,167
    Thanks for the detailed breakdown.

    I am no way knowledgeable with Linux. I am just a user. Not even a "power user" at that.

    I am just comparing Windows to Linux. Windows requires knowledge to make it safe. Linux doesn't.

    Sure, you can't do too much in Linux being a complete newbie, but you are safe, with all settings at safe defaults. That cannot be said for Windows.

  2. #47
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Portugal
    Posts
    7,406
    Nah... I'm not that safe on Linux when being a newb. In fact, there's nothing more dangerous to Linux than a newb with computer knowledge, as my latest menu.lst edit revealed when I realized I couldn't boot the computer anymore.

    That's more devastating than what many computer virus can do these days.

    If there is a price for newbness, on Windows you pay it in network security, on linux I pay it in system integrity.
    The programmer’s wife tells him: “Run to the store and pick up a loaf of bread. If they have eggs, get a dozen.”
    The programmer comes home with 12 loaves of bread.


    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  3. #48
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,167
    Well... a newb that messes with system files... you can kill any OS that way

    on Windows it's both network security and system integrity . If you go around changing random settings in Windows being a newb... I don't think it will be better than Linux.

    By newb, I mean the average Joe, that surfs the web and checks emails.

  4. #49
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,139
    Quote Originally Posted by cyberfish View Post
    Hmm. Ubuntu installation takes ~ half an hour on my machine. I spend an additional hour or so installing programs I need. I don't need to consciously do anything to improve security.
    But you have paid for this extra security over a Windows system with user friendliness. Just for a second, be my mom. Go to your local library, grab a 7-year-old WeightWatchers CD with a leaflet read so often you are afraid it will turn to dust if you touch it, take the CD, insert it into your drive and have it running in 5 minutes without any knowledge about your computer, sudo, a root password or even the fact that just because it's a "computer CD", it doesn't have to work on every computer/OS.

    Yes, the fact that autorun is enabled because she wouldn't know how to start the executable on the CD otherwise and the fact that she is running as administrator because I won't give a three-hour-lecture about running a system with different users are tearing a security hole in the system that's the size of a small moon. But that's the price people pay.

    On Windows, especially before Vista, it's practically impossible to use a limited user account (the UNIX way), simply because programs were designed assuming the user has admin priviledge.
    That's true. But don't blame the OS. The operating system itself is safe. Applications are crappy. And your desire to run them is greater than your desire for security. Your email client is running arbitrary code and requires admin priviledges ? Well, throw it in the bin and get a better mail client. But people don't want that. Because running OEx is so simple right ?

    Windows (NT upwards) wasn't a bad operating system. It was pretty secure. If you used it. If you abused it, you'd experience the same problems you'd have with a *nix system having a totally clueless user running as root all time installing buggy software.
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

  5. #50
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,167
    But you have paid for this extra security over a Windows system with user friendliness. Just for a second, be my mom. Go to your local library, grab a 7-year-old WeightWatchers CD with a leaflet read so often you are afraid it will turn to dust if you touch it, take the CD, insert it into your drive and have it running in 5 minutes without any knowledge about your computer, sudo, a root password or even the fact that just because it's a "computer CD", it doesn't have to work on every computer/OS.

    Yes, the fact that autorun is enabled because she wouldn't know how to start the executable on the CD otherwise and the fact that she is running as administrator because I won't give a three-hour-lecture about running a system with different users are tearing a security hole in the system that's the size of a small moon. But that's the price people pay.
    That I agree. It's the price one has to pay for having a secure system. If Linux is to be as easy as Windows, Microsoft will be out of business in no time . It has every other advantage - price, security, speed, stability, openness. Compatibility won't be an issue if people start trying it en mass. Software makers will have to adapt to that.

    That's true. But don't blame the OS. The operating system itself is safe. Applications are crappy. And your desire to run them is greater than your desire for security. Your email client is running arbitrary code and requires admin priviledges ? Well, throw it in the bin and get a better mail client. But people don't want that. Because running OEx is so simple right ?

    Windows (NT upwards) wasn't a bad operating system. It was pretty secure. If you used it. If you abused it, you'd experience the same problems you'd have with a *nix system having a totally clueless user running as root all time installing buggy software.
    Of course, but it's a practical thing. It is like that because it wasn't until recently (vista) that Microsoft promoted the idea of running as a limited user.

    Any half decent book on UNIX/Linux will tell you to run as a user and not root. All Linux installers I have used do that, too. The result? every program is written with that in mind, and only ask for admin priv when really necessary.

  6. #51
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,189
    Quote Originally Posted by matsp View Post
    Memory chips in themselves should last tens of years, but the connections can go old.

    --
    Mats
    Surface oxidation increases the resistance,. After a period of time, the SO reaches a point where it forms a contiguois barrier and acts as a dialectric. As the SO further increases the capcitance reaches the point where the slope of the edges can no longer reach the threshhold within the rated delay.

    First, pull the memory completely out of the socket, check the pins for a slight dicolooration, then reinstall them. If they show heavy discoloration, using extremely high grit (4000) sandpaper, or the fine side of a emery board or a cotton swab (has to be cotton, not polywhatever), very very VERY gently score the surface of the pins, not enough to remove any material, just enough to remove some of the oxidation. First timers, I recommend the swab as sanding too hard can reneder the chips DOA.

    If this fails, you can try declocking the memory if you have that option. This will give the memmory longer to ramp the output signal to an acceptble level.
    Until you can build a working general purpose reprogrammable computer out of basic components from radio shack, you are not fit to call yourself a programmer in my presence. This is cwhizard, signing off.

  7. #52
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,167
    Hmm thanks for the suggestion, but we have long established that is not the problem .

  8. #53
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,189
    Yeah I know, but I dont like leaving any topic un analyzed, especially when I just had my morning coffee extra strong columbian with heavy cream ( no fake crap for me thanks). Its a blessing and a curse. As a software engineer, it comes in handy when I theorize every possible errant situation. Sometimes people get annoyed though when they say something innocent and get a 2 hour lecture on the theoretical pros and cons of toilet paper versus corn cobs with diversions into the evolutionary basis for wiping versus not wiping.
    Until you can build a working general purpose reprogrammable computer out of basic components from radio shack, you are not fit to call yourself a programmer in my presence. This is cwhizard, signing off.

  9. #54
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,167
    Ah of course. I made the reply just in case you are like me and only read the first page of long threads . No offense intended.

    Nice information indeed. Learned something .

  10. #55
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,893
    Vista security is not user-friendly. Worse, it's not user-logical. By that I mean the following:

    1) I enter the control panel and go to the network settings.
    2) I change the network settings.
    3) I press OK.
    4) A dialog pops up, asking me to confirm my change of the network settings.
    5) I go, "Huh?"

    As a computer engineer, I know why this happens: a program could change those settings without user interaction, and the dialog is sent from the inaccessible security layer to confirm that it was really the user who did that, not some malicious program.

    As a normal user, I have no idea what the difference between normal programs and the security layer is, and I simply get annoyed that I have to confirm the action I just took. Sometimes, if the configuration dialog has its own extra confirmation, I have to confirm my changes thrice! (Click OK on the dialog, click OK on the confirmation, confirm for UAC.)

    Here's another example of user-unfriendly security, this one dating to XP: my uncle wanted to book a rental car via the web. Aside from the sites being extremely unfriendly (not Windows's fault), there was another subtle problem. The one my uncle went with wanted him to fill out a big form. He did, then got to the field that asked for the credit card details, so he went to fetch his card.
    While away, Windows Update decided to restart the computer, because that's what it does if you don't explicitly tell it to stay. Needless to say, the form information was lost.

    Sure, restarting the computer after a security update in the core OS is important, because if you don't, the update isn't in effect and you're still vulnerable. Still, that Windows will go for the destructive option by default and with a timeout is not nice.


    These are the times when I think that there has to be a better way.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  11. #56
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,420
    UAC was explicitly made to annoy and not as a security measure, though... Microsoft admitted that.
    Or rather, it is a security measure in such a way that it would force application developers to stop creating admin-only apps. But nothing other than that.

    Regardless, I hold no love for UAC. When I did test Vista, I always disabled it completely.
    And Windows Update is also something that I avoid like the plague. Want something from there? Then I go to the website, because it doesn't force stuff down your throat. Although it does demand a reboot after installing the updates which is pretty annoying.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  12. #57
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,167
    Sure, restarting the computer after a security update in the core OS is important, because if you don't, the update isn't in effect and you're still vulnerable. Still, that Windows will go for the destructive option by default and with a timeout is not nice.
    That I agree is just funny. Apparently Microsoft thinks Windows knows better than its users.

  13. #58
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,139
    Well, most of the time it probably does. It's just bad PR to tell.
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

  14. #59
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Portugal
    Posts
    7,406
    If Windows knows better than its users, depends on what its user knows. Because of this, the path has been taken to treat everyone equally dumb, with the option to turn it off in case that's just not true.

    The irony is that by making it easier to use by everyone, the operating system is making it considerably harder on itself. Because:

    a) This type of security features operating at an higher abstraction layer (that of the UI and of guess work) is falling down on the operating system, increasing its code size, changing usage patterns with very new version and making it considerably harder to use. Every attempt at mitigating the effects can only be done through lots of brain power being poured in, more code and more complex code, making the whole thing more expensive (money-wise too). All this energy could instead be diverted towards building security features at the core and delegating the rest to 3rd party tools.

    b) In other words, the operating system is calling on itself a responsibility it shouldn't have. On most cases this means protecting the users from themselves. As new threats are devised and new ways for these threats to operate are arranged (some targeting exactly the new security features) the need for new solutions accumulate and need to be addressed by creating even more code, even more complex code and eventually even more changes in usage patterns.

    c) Since the operating system demands less and less thought from the user, it creates less and less informed users, which only complicates matters since invariably this leads to more dumb down features to make up for the increased lack in computer expertise.

    d) Similarly, because the operating system calls on itself the task of protecting users from themselves (or provide at the UI level security features that should instead be present at the core where they would be more effective and future-proof), it gives birth to - this time rightful - complaints when those security features are not sufficient or fail to operate as intended due to bugs or new threats being devised. What I mean is that because it's now the operating system responsibility, it is also the operating system fault. So... ever increasing maintenance work, ever larger maintenance teams and, worst, an ever increasing need for post-sales support. Costs only tend to rise and consequently price.

    ...

    Necessarily that's more or less how things work. That is, one can't expect developments in the computer area to not be matched with more complexity. But the question remains if is there any effort to reduce the entropy. My personal answer is no. On the contrary, I think operating systems the likes of Windows are making things exceedingly complicated by blindly following the marketing pattern of "make it simple to use". The bubble will burst one day if it keeps moving this way. Bill Gates himself admitted Vista should have been given more thought. What's extraordinary, he did it before launch day.

    ...

    My opinion, and to finalize, operating systems security features should be made at its core as architectural features (for instance root on Linux). Any security features implemented at the UI level should reflect these core features and no more. Anything else being implemented at the UI level are usually nothing more than band aids meant to address an incomplete architecture. This isn't necessarily bad, but should be instead addressed either by 3rd party tools or OS tools that stay out of the way unless the user turns them on.

    Microsoft Windows has a long standing record of insecure features and insecure all around demeanor. Some well deserved, but most not really. Regardless, the thought of Windows being an insecure operating system has been popularized since maybe Windows 95 and yet it didn't stop it from remaining the most popular operating system and keep increasing its quota and sales.

    Will this change of heart change things? It definitely has for me since I lost all interest in Windows after around 20 years (I've arrived a little later in the scene Bubba, around 3.something) of using it, and have changed to Linux. The reason I'm writing this on Windows still is merely because a) Windows XP is still being supported until 2010 and b) I'm still in the process of switching from Visual Studio C++ and don't wish to throw away the considerable investment I made in C++ windows development applications in the past couple years.

    But all in all, I do everything else in Linux and am loving in it what I learned to love in Windows. I.e. It doesn't try to get in my way.
    Last edited by Mario F.; 07-17-2008 at 06:10 AM.
    The programmer’s wife tells him: “Run to the store and pick up a loaf of bread. If they have eggs, get a dozen.”
    The programmer comes home with 12 loaves of bread.


    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  15. #60
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,167
    I like the nice core and UI separation in Linux. All the UI stuff are just graphical wrappers around lower level stuff (eg, gksudo for sudo, iptables has several GUI frontends, file permissions can be changed in Nautilus, etc). In a sense, UI stuff is bound by lower level security features (the user priv system, sudo, etc). That makes the task of securing the OS easier. They only need to make sure the system is secure at the core level, as what one can do with UI is strictly a subset of what one can do at any lower level. There's a nice hierarchy here, and only the base needs to be secured.

    On the contrary, I think operating systems the likes of Windows are making things exceedingly complicated by blindly following the marketing pattern of "make it simple to use".
    Very well put and I agree fully.

    As I see it, the problem is, there are overwhelmingly more computer illiterate people than literate ones. They don't care about how good/secure an OS is, and just want to get their current job at hand done as easily as possible. And they are willing to pay big bucks for that (paying for Windows, and hiring people to reformat their harddrives when their PCs catch virii). Microsoft is simply trying to appeal to that market, and ignore the tiny group of computer literate people, for obvious reasons.

    For computer literate people, though, I think Linux/UNIX are more user-friendly and intuitive to use. Because, as Mario said above, it doesn't get in the way. It always assumes the user knows better. When the assumption is false, it offers sensible defaults/recommendations.

Page 4 of 7 FirstFirst 1234567 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Trojan horse generic
    By crvenkapa in forum Tech Board
    Replies: 8
    Last Post: 06-04-2007, 08:49 PM
  2. how to make a windows application
    By crvenkapa in forum C++ Programming
    Replies: 3
    Last Post: 03-26-2007, 09:59 AM
  3. Question..
    By pode in forum Windows Programming
    Replies: 12
    Last Post: 12-19-2004, 06:05 PM
  4. IE 6 status bar
    By DavidP in forum Tech Board
    Replies: 15
    Last Post: 10-23-2002, 05:31 PM
  5. Manipulating the Windows Clipboard
    By Johno in forum Windows Programming
    Replies: 2
    Last Post: 10-01-2002, 09:37 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21