Mad As Hell: Metaphor 1.42

The reason Windows people think they're just as safe is because they're the victim of a propaganda war about the existence of Security By Design. Microsoft tries to play both sides of Security By Design, and most people don't even notice.

When Microsoft (and their apologists) want to explain why they're OS seems to be a miserable piece of technology ridden with problems, they *deny* the existence of Security By Design, and say that the problem is because they are so wonderfully popular. They tell everyone that Security By Design doesn't exist and they'd be safe "if only they weren't so wonderfully popular!" They want you to believe only the gospel of Security By Obscurity.

But when Microsoft (and their apologists) want to explain how Longhorn will be better than the sucky situation now, suddenly Security By Design exists! Alleluia! Suddenly, you hear angels singing lofty ideas about "secure code" and "built with safety in mind". Microsoft leaders and evangelists swear Longhorn is a godsend because "security needs to be part of the design, not a bolt-on". Bill Gates had the chutzpah to tell the BBC that with Longhorn, he can personally promise no more malware ever again! (see http://news.bbc.co.uk/2/hi/business/4516269.stm )

So that's the story of the propaganda myths of Security By Design. The truth is, and even Microsoft admits it, is that Security By Design is real. And Windows is an old product, poorly designed, repeatedly patched and patched and patched, with an incestuous tangle of subsystems that interact directly with each other and get full access to everything they need whenever they want to.

Once upon a time, in a world full of yucky bugs and evil burglars, there was a house named Windows, and it had many doors and many windows. And they were all left open. (These are called "ports" and "services".) All the bugs and burglars in the world could just go right in. Only a few experts know how to close the doors and the experts just couldn't around often enough to prevent lots of bad problems. Bugs and burglars in the house! Bugs and burglars in the house! [Yes, XP SP2 helped this problem, but it's not perfect, and lots of people run other Windows variants]

And even worse, in order to let the townspeople actually use the house, in other words to actually live in the house, Windows was designed to let anyone create new windows or doors whenever they wanted. And you didn't even have to be in the house to create new windows and doors! You could be across town! Or if you read the newspaper, someone in another town could suddenly create problems in your town! [Browsing the Web with Internet Explorer exposes you to hackers across the world because of bugs, and also ActiveX "features"] The great power behind the risk is Administrator Privileges. With this power, it's especially easy to create secret hidden and *permanent* doors (automated self-propagating worms/viruses and spyware) with Admin Privs. And so bad people all over town were creating new big holes in the house every hour! Bugs and burglars in the house! Bugs and burglars in the house!

Some people said "You don't have to give people Administrator Privileges simply to live in the house!" But all those people who said that were geeks and wizards who have special knowledge of how to control big companies. The truth is that if they weren't around to help their mother and grandmother, they would *need* all this power day-to-day (to configure the OS, to install software and drivers, etc). They would all use Administrator privileges because it's too complicated and restrictive and confusing for average folks not to. It's just plain hard to live in the house called Windows like without that destructive power at your fingertips.

And to make it worse for the house of Windows, it was an old house. You see, it originally was a small cottage, but over the course of many years of tubes and hammers and some scrap metal, the house's "walls" today are really weak body armor pieced together over a period of several decades.

Way across town, there was a house called Mac OS X. In that house, there is exactly one door and really thick strong walls made from rebar and reinforced concrete. Those are called the built-in firewall and a well-designed-and-tested UNIX BSD communications security architecture. No gratuitous doors or windows (ports and services).

It's not impossible for Mac OS X residents to create new doors and windows (opening ports, creating services), but it can only be done carefully in cooperation with whoever is keeping track of the front door and whether it's safe right now (configuring the firewall). And even in those cases, only certain types of objects can come in (opening specific ports) -- no bugs and no burglars in general. No bugs! No burglars!

When the Mac OS X residents were building their house, they realized they don't need to be able to make doors and windows *all* the time -- they don't need Admin Privs.

So the house called Mac OS X is designed that no one can simply just *create* doors and windows whenever they want in a split second on their own. Even the mighty geeks are suddenly prompted for their password, and then they have more power temporarily only, and only for what they are doing right then. This makes it much easier to prevent people from accidentally creating new doors and windows in the house! Also, it makes it harder for bad guests (malware) to create new doors and windows. Also, it makes it harder for to trick the residents of Mac OS X into creating new doors and windows, because the password must be magically said before such destructive big things happen. So, it's harder to create secret hidden and *permanent* doors (automated self-propagating worms/viruses and spyware) to sneak people into the house of OS X. (This approach is called "well-designed and user-friendly Privilege Escalation system and subsystem compartmentalization, while avoiding the *need* for normal average users to constantly wield dangerous Admin privileges". The idea that OS X Admin users don't *actually* wield root/Admin power full-time is often misunderstood, or lied about, by Windows apologists.)

The people living in the house of Mac OS X were happy. They had to keep track of their front door, and had to think carefully before announcing their password when something asked for it, but it was a good house, and a good world.

The people living in the house of Windows were riddled with bugs, and always had mosquitoes in their teeth. And burglars constantly entered their house and took everything, and they usually had 5-10 unwelcome visitors secretly watching them, eating their food, and learning all their secrets (spyware).

At the end of the day, the people in the house of Mac OS X gathered around the dinner table, talking of fun they'd had together as a family that day.

And the people suffering in the house of Windows said to all their friends "Yes, it's an awful life, and our homes are full of bugs and burglars, but it's only because our house's design is really so wonderfully popular!!!"

The Windows users who come on the Blog and make comments such as "Windows is perfectly capable of being secured if you just...a,b,c,d, and e, after you start it up", just as you did, ignore the fact that most people who buy a computer to surf the net, get email, print a few photos, haven't the foggiest idea that they even NEED to do those things much less HOW.

But, again, they're expected to adapt to a whole new OS, software suite, hardware package, etc. As well as bring all their old files over a multi-OS network to their new computer, with which they're utterly unfamiliar.

I walked my 84-year-old grandfather through what he needed to do to fully secure his Windows box in about ten minutes over the phone. He's a smart guy (ironically, a long-retired Tandy executive) but has no idea about computers beyond what my father and I tell him. He manages to work a word processor, the web, and email, and beyond that doesn't know or care how to do anything else. And yet it was so easy to secure his system from long distance. I'd hate to ask him to learn a whole new OS just for the same security that I gave him over the phone.

No, but it's so easily and freely accessible that it's hardly worth complaining about.

Sure it is. I shouldn't have to download a multitude of programs simply to ensure that my computer doesn't crash and burn.

An even bigger problem is that the casual computer user simply doesn't know about this stuff, which makes it even more imperative that the core OS ship in as secure a state as possible. OEMs should be doing something as well. Just shipping a box with McAfee products isn't working.

Sure it is. I shouldn't have to download a multitude of programs simply to ensure that my computer doesn't crash and burn.

Well, I don't want to call the whaaambulance for you or anything, but I don't think people should have to learn an entirely new operating system to get the security that is actually now available with Windows.

An even bigger problem is that the casual computer user simply doesn't know about this stuff, which makes it even more imperative that the core OS ship in as secure a state as possible. OEMs should be doing something as well. Just shipping a box with McAfee products isn't working.

The casual user also hasn't been exposed to some Mac OS, which I can't even figure out despite having well over a decade of experience. Again, I make the point that you're expecting the casual user to adapt to an entirely new OS, hardware package, and software suite, while at the same time assuming they're too dumb to secure their existing system in little time and for no cost.

"Again, I make the point that you're expecting the casual user to adapt to an entirely new OS, hardware package, and software suite, while at the same time assuming they're too dumb to secure their existing system in little time and for no cost."

Again, again and again...it won't make a difference to them. Your point is valid, however, as well as fatal to the notion that even the dippiest Windows user has any reason to switch over to the Mac platform.

This whole issue is essentially moot. Not only are there a huge number of tools available to secure Windows, but users can prevent infection from spyware simply by running a Limited User Account (LUA). Windows Longhorn is going to require that OEMs install LUAs by default. But users don't have to wait for Longhorn to get that kind of capability in XP. Takes about 1 minute to set up a LUA in XP. With limited permissions, spyware can't install itself, access the registry, modify the filesystem, etc. But you're not going to hear this from Mac bigots because they simply don't know how easy it is to lockdown Windows. As you've rightly pointed out, they'd rather that users spent thousands of dollars to replace their hardware and software investments in order to save a few minutes. Ridiculous. It's no wonder people tend to ignore them. They're like Moonies selling flowers at the airport.

They're like Moonies selling flowers at the airport.

Again you weigh in with insults and ad hominem arguments.

Windows Longhorn is going to require that OEMs install LUAs by default.

And WHEN is that going to happen, Bush? Microsoft could start requiring that right now.... as you said, it only takes about a minute to set it up. They just have to include instructions on how to temporarily escalate the user level to let the limited users install software while working in a LUA.

But you're not going to hear this from Mac bigots because they simply don't know how easy it is to lockdown Windows.

And security experts state that 70-80% of Windows users haven't the foggiest idea how to do it... and 90%+ are running their current boxes in Administrator mode and are vulnerable. You might be surprised at the number of "newbie" users I have encountered that haven't even enabled the free anti-virus apps included with their newly purchased computers... or even know its there!

Why doesn't Microsoft at least ship Windows XP with MS Anti-spyware installed and turned on by default?

PS, I ran MS Anti-Spyware last week on a client's computer after installing FireFox... MSAS identified FireFox as a very high risk spyware under the name MozillaFF... and declared it a Browser Hijacker! How many un-aware users will accept the default choice MSAS offered... deletion of the "offending" files? LOL.

Again you weigh in with insults and ad hominem arguments.

I will remind you, little man, of your comments at the beginning of this thread:

"The comments on the Blog are interesting too... especially the clueless Windows users."If you're going to complain about insults, at least try not to be such a blatant hypocrite.

And WHEN is that going to happen, Bush? Microsoft could start requiring that right now....

Yes, they could. But the real problem is that Dell and Gateway and others (ie. the OEMs) know that having users run as anything other than Administrator will cause a large number of support calls when users can't install software. Dell et al are merely acting in their own self-interest and, as we've found out during the MS antitrust trial in 2000, MS isn't in a position to tell OEMs how they're going to deploy XP.

And security experts state that 70-80% of Windows users haven't the foggiest idea how to do it...

Which means that the best way of implementing LUA is by starting fresh in Longhorn.

Why doesn't Microsoft at least ship Windows XP with MS Anti-spyware installed and turned on by default?

Because it only recently acquired Giant Software. It's beta-testing the software. It isn't production yet.

MSAS identified FireFox as a very high risk spyware under the name MozillaFF... and declared it a Browser Hijacker! How many un-aware users will accept the default choice MSAS offered... deletion of the "offending" files? LOL.

Considering FireFox's current rate of vulnerability, it is very high risk spyware.

"The comments on the Blog are interesting too... especially the clueless Windows users."

He we not calling all windows users clueless, he was saying that someone who is a clueless windows user would find this interesting. Are you denying that there are clueless windows users (the ones who dont use non admin accts, who dont install anti-virus, ....)

Which means that the best way of implementing LUA is by starting fresh in Longhorn.

To help clueless users right?

Maybe thats what you got out of it, but I read that windows users who are clueless... If I say white Linux users I am not saying all Linux users are white am I?

And you're right there to carry his water. Are you guys roommates, by any chance? No doubt sharing a toothbrush.

Typical b2k attack..

The casual user also hasn't been exposed to some Mac OS, which I can't even figure out despite having well over a decade of experience.

You gotta be frickin' kidding me. I've got over a decade of experience with Macs, and I troublshoot my mother-in-law's windows machine all the time (or should I say constantly)

Protecting your dad from having to "learn" the Mac OS is like protecting a bushman from civilization.

Maybe thats what you got out of it, but I read that windows users who are clueless...

Of course you think that: You're not fully in touch with reality. Here's what he said:

"The comments on the Blog are interesting too... especially the clueless Windows users."Now, that may be confusing to you but those of us with an objective view of reality understand that he was calling Windows commentators on the blog "clueless". You can deny that all you want -- but it's right there in black and white.

Typical b2k attack..

What's next? Get me banned? Go for it. Jousing with you really isn't that interesting, anyway.

"The comments on the Blog are interesting too... especially the clueless Windows users."

People here where I work need a tan... especially the really white employees

What am I saying there... Am I saying

A) Everyone where I work is white and the all need a tan?

B) The white people where I work need a tan?

You gotta be frickin' kidding me. I've got over a decade of experience with Macs, and I troublshoot my mother-in-law's windows machine all the time (or should I say constantly)

To be fair, I've only played around with the new version (10.x) for a few minutes, and it just didn't feel very intuitive. Since I didn't have the need, desire, or interest to learn the OS, I gave up. It's been a number of years since I used Macs on a regular basis, so that experience probably isn't germane.

By the way, if you're troubleshooting your MIL's system "constantly" either you or she is doing something wrong.

Protecting your dad from having to "learn" the Mac OS is like protecting a bushman from civilization.

That exaggeration is a bit ridiculous, don't you think? In any case, my dad has no problem using and maintaining his home computer and the networked computers at his small business, all of which are Win XP. It's my grandfather, with no need or interest in doing anything beyond the very basics with his computer, who I think would rather spend five minutes on the phone with me securing his system than buying new, expensive hardware and learning a new OS.

By the way, if you're troubleshooting your MIL's system "constantly" either you or she is doing something wrong.

And as for "exaggeration," hardly. I shouldn't have to do periodic maintenance on my can-opener, no matter how easy it is, and owning a Mac proves to me I don't have to. I don't know about the little old people in your life, but many of the rest of us have old people in our lives that tend to get a bit panicy when something the price of their first car doesn't do what it's suppose to, and no one seems to think that's a problem.

Horse hockey. Not like I didn't expect you to come back with a comment like this, but so far as people that aren't trying to avoid being confuted go: you're wrong. If it screws up, and we get it to do what it's suppose to, it's fixed. If keeping it from going wrong again requires some archane procedure, its the fault of the OS, not the user. But judging from your demeanor on this entire thread, you would have no problem claiming to own the same axe for thirty years, except three new heads and two new handles.

I don't know what "confuted" means, but if a problem recurs, you never fixed it in the first place; you worked around it. I use Windows on a daily basis and know it fairly well; I'll readily admit it's been a number of years since I was competent to troubleshoot Macs. I don't know what this ego thing is with Mac users, but at least you could admit that the Mac is your platform and you're not necessarily expert on how to handle Windows issues.

And as for "exaggeration," hardly. I shouldn't have to do periodic maintenance on my can-opener, no matter how easy it is, and owning a Mac proves to me I don't have to. I don't know about the little old people in your life, but many of the rest of us have old people in our lives that tend to get a bit panicy when something the price of their first car doesn't do what it's suppose to, and no one seems to think that's a problem.

You obviously know much more about Macs than I do, so I'll concede to your superior knowledge that 1) a Mac is no more functional or adaptable than a can opener and 2) they still cost as much as one's first car. I just expect cheaper and more useful out of my own computers.

I assumed you'd mistyped "confused" and tried to make a sarcastic comment. Having checked the dictionary, I find "confuted" is a word, and though I disagree with your use thereof, it wasn't grammatically or orthographically incorrect. I apologize and accept public embarrassment for my ignorance, though I still stand by the remainder of my post.

I don't know what this ego thing is with Mac users...

Gee, could it have something to do with supercilious comments like: 1) a Mac is no more functional or adaptable than a can opener and 2) they still cost as much as one's first car. instead of admitting the only people who should be using windows are those that make their living off it.

Of course I've come to expect that level of pettiness from windows wonks... and pre-pubescent girls.

but at least you could admit that the Mac is your platform and you're not necessarily expert on how to handle Windows issues.

Uhm, did ya NOT read my first post? I was quite explicit about being a Mac guy, and I have to wonder if you're being purposefully obtuse about the import of my comment.

Both my mom and my mother in law are windows users, but they can't fix their own problems, so they come to ME to figure out their problems, because I never have any. Hell, I don't know anything but the rudiments, but that makes me a computer geek as far as they're concerned.

The point is if some windows wonk, who's nowhere to be found now, hadn't sold them on frickin' windows to validate his own choice, I wouldn't have to deal with this crap.

You like windows? Fine. I can respect that...but if you will recommend windows to someone you KNOW is a functional illiterate with computers, and KNOW they don't want it for anything but email, web surfing, printing tuna casserole recipes, and digital pictures...ya ought a be horsewhipped.

Gee, could it have something to do with supercilious comments like: 1) a Mac is no more functional or adaptable than a can opener and 2) they still cost as much as one's first car. instead of admitting the only people who should be using windows are those that make their living off it.

No, because you had your Mac ego before I ever stepped in, and because those comments were based on your own post and not anything new I interjected.

Both my mom and my mother in law are windows users, but they can't fix their own problems, so they come to ME to figure out their problem

But rather than admit you don't know how, you malign the entire system. It's nothing to do with Windows; your family wouldn't be able to resolve Mac issues either. It's that you can't take care of their problems based on your lack of familiarity, but that's somehow the platform's fault.

You like windows? Fine. I can respect that...

No, be honest with yourself, you really can't. You can't accept that someone doesn't jive with your idea of what computers "should be". Every comment you make indicates your disgust with Windows. Maybe it's a subconscious hatred of the commercial success of Microsoft, or a frustration that you're not up to speed on the operating system used by 90+ percent of the planet. But don't try to convince anyone that you're "fine" with Windows.

Incidentally, I work in industrial automation. Many of my customers lose tens of thousands of dollars for every minute of downtime. They'd literally pay millions of dollars if a new computing platform offered them more stability, and they'd be forced to pay millions of dollars in a lawsuit if their safety platforms failed and caused injury to employees. Yet everything they use on the industrial level is Windows-based. So either every major manufacturer on the planet is run by utter morons, or there's something to this Windows thing that you just can't see with those Mac blinders on.

Okay, well now I know your obtuseness is intentional. My analogy to a can-openner is adeqate to communicate the desireable operating characteristics of an appliance, but you have to turn it into an criticism about function and adaptability. Now bear in mind YOU are the one dismissively using the "locked car" metaphor, which would work just fine if you had admitted the owner has to go out and buy his own locks and hasps and bolt them onto the car.

My ego has nothing to do with it; you are intellectually dishonest.

But rather than admit you don't know how, you malign the entire system. It's nothing to do with Windows; your family wouldn't be able to resolve Mac issues either. It's that you can't take care of their problems based on your lack of familiarity, but that's somehow the platform's fault.

If my family would have bought Mac, there wouldn't BE any issues!

I don't malign the entire system. I was quite specific about who I thought needed to stay away from windows, but you have to conflate (conflate |k?n?fl?t| verb [ trans. ] combine (two or more texts, ideas, etc.) into one : the urban crisis conflates a number of different economic and social issues.) the two in order to justify your petulance.

You're right about one thing though...it's not the platform's fault. It's the fault of all the IT doyens that think nothing of talking little old ladies into buying something they can't reasonably be expected to maintain.

You can continue to tell yourself there's something wrong with me, but I'm not the one who actually said what you have to do to maintain windows isn't worth considering....as opposed to not having to do anything at all.

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.