Other posters have already answered all this well, but here's a few additional snippets...


(To summarise! The 'pressures' and support for Linux guide it far more favourably than the very aggressive pressures driving MS. Consequently, the resultant OSes are developed to very different standards and quality and thoroughness...)


Rich wrote:

Martin replied:

[...]

Note that certain OSes are more vulnerable by _design_ due to their marketing compromised design philosophy...

I'm not sure I understand what you are saying. Are you saying that
Marketing tells the OS group to design the OS to be vulnerable?

In effect, yes. And deliberately so... There's also a historical bias.

The MS OSes were hacked up from a shell running on DOS with the idea of a single user on an isolated machine (eg the pre Win95 stuff).

A _lot_ of the single user ideas remain entrenched in the OS structures. Add on top of this the very aggressive marketing requirements to add features and unfettered freedom in rapid increments to keep the cash flowing in... Very severe compromises continue to be made and some rather poor design decisions have been forced which has made the present very successful mess (note the puns (:-))...

Note also that the OS design has been skewed on occasion specifically to lock out 3rd party competition. MS has been fielding multiple anti-trust law suits for over a decade!


Unix and thence Linux has been multi-user with a well defined security model right from over 30 years ago... It has also had an incredibly rich and diverse development path.


[...]

Flawed design? How do you differentiate between implementation and design?

'Design' as in how the functional units and layers are defined and then how those different parts interact to provide a platform from which users and applications can get something done.

For example, do you have one functional unit that has authority over the printer port, or can any piece of program access it directly unfettered?... (BTW: all the hierarchy for a printer spool queue is a Very Good Idea!...)

The designed structure of the MS OSes have very poor security that as an aside help ease implementing bodge fixes. Also, the structure helps maximise freedoms and speed up rapid feature development. These freedoms also consequently permit easy abuses. All is good enough on an isolated machine. However, communication to it opens up the vulnerabilities.

The 'restricted users' on NT and W2K and later are half a security fix at the expense of requiring being 'administrated'. Fine in business circles, but expensive and convoluted in how it is done.

Linux cheated BTW, it took the design from another OS, lock, stock and
barrel.

Yes, and quite right too! Linux has however had its code written from scratch by some very able dedicated programmers. (No marketing deadlines!)

Windows grew out of DOS, which was a cross-compiled version of
CP/M designed by Gary Kiddal (RIP). Unix also owes it's legacy to
another existing OS. Both have their roots in history.

Yes, so?
Very different beginnings in very different contexts.


[...]

Especially when marketing puts on pressure to leverage value from that updating, including deliberate feature breakage and EULA ransoms.

Can you document this? And what do you mean by ransoms?

Google for WPA, driver certification, office document formats, java, xml, MS adopted standards in general... MS have a policy of 'embrace and expand' to ensure proprietary lock-in of your data. And then you have to pay to upgrade.

A recent essential security update also forcibly updated your EULA if you wanted to be saved by the update!

An unrelated example soon coming up is that of the internet chat protocols. (Not seen any comments as to _why_ the changes.)


Aside: http://www.lowendmac.com/musings/microsoft.shtml
gives a terse MS history. Skip down to Micrsoft 402 for the juicy bits.


[...]

The Chinese choice. Not sure if this is a good thing or not.

Sorry, I don't understand. Please expand.

The story's a bit old but I found this...

    http://www.ale.org/archive/ale/ale-1999-11/msg00310.html

    Linux, the official OS of Red China
    http://www.ga-source.com/linux/news/bits/10+10+1999/16:54:2.shtml

    The Chinese government is so enthusiastic about the community ethos
    behind the open source community that it is making Linux the official
    operating system of the Peoples Republic of China, thanks to a deal

[...]

Yes, and a fair few other _countries_ and states have adopted Linux. Some are freely contributing to it too.

The Chinese regime may even be influenced for the better as the more open culture of Linux permeates through (:-P)


[...]

I think this is more of a problem. Which distribution do you choose? If you
don't know the difference, how do you decide?

Much better than 'take it or leave it' and being held to ransom also with aggressive proprietary lock-in.

The choices available can be an education, and then also they can be simplified. My local group are doing just this for a Linux 'awareness day'.


[...]

Using third party firewalls is just a kludge to patch up the OS holes for the many exploits available in MS products.

I don't know af a major company which does not have a dedicated firewall
between themselves and their intranet. Your fanaticism is quite fascinating.

Passionate rather than fanatical I hope! Then also, you sound very well indoctrinated in the 'MS' religion.

Seeing that there are alternatives could be described as being akin to those in the film 'The Matrix' waking up to their new reality. The MS marketing machine is deep and devious and pervasive and very effective.

So much so, there are suspicions of newsnet postings from supposed MS zealots whom are in fact paid employees of whatever PR consultants hired by MS...


[...]

Good security can be considered as a layered 'onion' approach.

You don't seem to like some layers. ...

With MS Windows you pretty much only have the firewall to rely upon!

[...]

The layered onion model of security assumes that you will have significantly more than _just_ the one outer layer!


[...]

    The "Linux.Slapper.Worm" targets Linux servers running Apache Web

[...]

    By Monday morning, Slapper had infected 11,249 machines.

    "For reference, Code Red -- which is known as the worst Web worm so far
    -- managed to infect only a couple of hundred servers within a similar
    time frame," Hypponen said. "Code Red then went on to infect over
    300,000 Web servers during its peak in July 2001 and is still alive
    today."

[...]

No systems are perfect. But then, how do the numbers above compare to the multiple really rampant MS worms of the last few weeks? There's likely two or more orders of magnitude difference!

Linux is a very much harder nut to crack than MS systems...

I understand that you don't know how to make a Windows system secure,
I don't understand that this makes Linux secure.

I've got very good experience of making MS Windows systems as secure as is reasonable. Linux is much less opaque and easier to work on and with.

(And I've wasted far too many hours on the various MS security and updates issues...)


[...]

And open source is a dual edged sword. It's trivial for a hacker to examine
the source code to find vulnerabilities, you don't need to black-box it.

There's more eyes all-round to do the scrutinising. Human society works as well as it does because more of those eyes have good intent behind them than the very few mal-contents. Also, the evil doers tend to be too blind ignorant to do much other than be opportunistic. The evil-superbrain 'Moriarties' of the world are vanishingly few.

Now imagine what effect on the net of a linux virus that infects China.

Possibly cause no more than a "Was that it?" of insignificance...

(Unless the regime includes a general security hole in the name of empowering 'central control'... But then this sounds like the MS updates that themselves have been exploited...)

...And then there's the suspicions of various 'phoning home' tricks. Whether really true or not, we cannot easily know or find out or trust the marketing misinformation.

I don't understand what you are talking about here.

Unpublished data snooping/ spying/ monitoring for 'marketing' purposes. Already done on the web by some advertising companies at least.



[...]

Very true. Bill Gates made a very aggressive business out of selling deliberately buggy software.

Can you document this "deliberately buggy" part?

MS have a well known policy of getting their code out of the door. It is just a question of how aggressive their marketing is as to how honest they are about known bugs and fixing whatever bugs.

No code is perfect. However, there is a wide spectrum of how honest companies are...

There's the classic story of his first BASIC interpreter being sold with known trig function errors...

[...]

Summary:

All the above systems mentioned have their place. However, I feel that MS have significantly upped the ante with their latest EULAs, and have been a detriment to Computer Science in general over the last few years with their marketing driven product and subsequent misplaced efforts...

I quite agree about the EULAs. But I don't see how computer science is
affected.

I believe that all the expense and distraction of MS and their marketing driven GUI and work methods have slowed the development effort for a much improve Human-Computer interface. We now have monolithic competition consuming almost 'one-way' that has stifled alternative developments.

And there are very good useful alternatives available...

Depends, usually it's the applications that drive the platform, which was
why the killer app for the original mac was desktop publishing. If you

[...]

And killer apps still leverage the market.

A unique point of Linux is that it is following very different guiding pressures.


A good article for showing one side of MS is:

Windows XP Shows the Direction Microsoft is Going
http://www.hevanet.com/peace/microsoft.htm

And a more extensive article is:

2003 And Beyond
http://www.aaxnet.com/editor/edit029.html#mspath

(Note, a beer or few required to aid digestion of the above (:-))


Phew!

Regards,
Martin