OT: windows oneCare Live

[Fairlight]

On Thu, Oct 06, 2005 at 10:35:28PM -0400, Bob Stockler may or may not have
proven themselves an utter git by pronouncing:
> 
> I'm pretty happy with Windows XP Professional on my IBM ThinkPad.

And I'm happy with Win2000 Pro on our two desktop systems, inasfar as
actually using it, and as far as overall stability compared to 95 and 98.
Doesn't mean it's secure though.

Kelly and I -never- let mail touch an MUA under Windows.  I archive whole
gzipped folders to the boxes for distributed safe-keeping, but I only
extract them over SMB in linux with gunzip and look through them with mutt
on the linux system.  Mail -never- touches an MUA on our Windows systems.

We replaced IE with Firefox as our default browser.  We've been quite
pleased with it.  The only time IE's DLL is used is when I use the fP Room,
or when Valve's Steam Engine or other IE-hardwired software has something  
to say that's web-based.  We never really visit web sites we don't know
ahead of time--we don't blindly chase links.

And yet...yet...Kelly, who practises just as safe computing as I do,
has managed to inherit a copy of the Java/ByteStream virus, and we both
cleaned a slew of spyware crud.  Most of the spyware was inert and very low
threat, but she had an active spyware infection on her system as well--one
that was portscanning a friend of ours, which was my first tip.  I got
us PC Tools Spyware Doctor and got rid of all the cruft.  I disabled the
active scanner, same as with AVG--they just suck bandwidth, and we scan
downloads anyway.  99.99999% of the time, active scanners are a waste of
CPU on our systems because of how we [don't] use them compared to "normal
users".  My system was 100% clean, but I don't browse nearly as much as she
does.  Pretty much ssh, games, and multimedia for me.  She actually browses
graphically--something I believe is not safe even under Firefox, although
it's better than IE.  I'm ready to uninstall the JRE though, or at least
disable Java and remove ActiveX under Firefox.

Still, careful as we are, even behind a firewall, we managed to get
infected--a fact I find extremely galling.  If we're doing -everything-
we're doing (I even UNinstalled IE Express, and I never use Outlook from
Office!), and we can still get infected, it's the sign of an insecure OS.
It's not like we don't patch it immediately every time there's a patch.  We
do.  Promptly.  They're fully patched systems, and it still manages to get
holed.

It's cleanable, but that's not the point.  The point is that it shouldn't
have to be cleaned to start with.

And yet, my linux box running 2.0.36 + vendor patches (that is ancient as
the hills) has run longer than Kelly's system (and has an ssh port through
the firewall!), has longer uptimes, and I have -never- had a security issue
with it.  It's not for lack of use, either.  I use it every day I touch a
computer.  Actually (touch wood!), I've never had a security breach on a
*nix system of which I was the sole administrator.  The last bit is an
important qualifier.  And I put in far less time auditing and maintaining
them, to boot.

It's just night and day.  No matter what version of *nix you have, the
basic OS was designed to be secure from the ground up.  Windows has gained
security through catch-up patches both large and small, and still isn't
there.  And before anyone points to XP SP2 as some paragon of security,
I just got done cleaning a virus off my in-laws' XP SP2 system two weeks
ago--and they're also firewalled, although they use both IE and OutLook
Express.  They've caught three viruses in less than a year.  And we taught
them better than to open email attachments, etc.  We configured it to be
reasonably safe--as safe as 'doze gets, anyway.  Doesn't matter.  Holed.
They do precisely four things with it:  Solitaire, Pinball, IE to browse
the web, and OutLook Express for mail.  That's it.  Still holed, even when
they -call- me to make sure they're not doing anything unsafe.

It's frustrating.  And I can tell you right now that my TCO for a linux
system (pick a vendor--any vendor...even Mandrake, which I hate with a
passion) is 1/100th that of a Windows system in reboots and driver conflict
resolution alone, nevermind setup or the actual security maintenance.  I
couldn't even guesstimate the total TCO difference, but it's absolutely
huge.  I also know what I'm doing, however--linux isn't for everyone,
admittedly.

That said, I prefer Win2K Pro on the desktop over X11.  I liked AfterStep,
but they shot that to hell.  WindowMaker is okay.  But the main problem
isn't the window managers.  We're still lacking in applications.  For
example, we have none that peg -all- the multimedia formats.  The xanim
program, for example, is far more robust than years ago, but I can pull
MPEG files off the net that it can't play at all, even with tweaking.
You can almost totally forget playing WMV crud.  GIMP still isn't even
(now) Corel Painter, much less Photohshop.  The list of app types MIA
(or just plain started or conceptualised on SourceForge or elsewhere but
never finished [or sometimes never really started]) is absolutely huge.
Linux boxes make GREAT servers, but they still make mediocre desktops.  My
biggest gripe is the lack of game ports.  At one point, games -were- being
ported.  Doom, Doom 2, Quake, Quake 2, Descent--all had linux ports.  There
were others.  No longer, however.  So there as well, there's a huge hole
in what you can do on linux compared to 'doze.  There's a reason my best
friend (an admin at a large, internationally known gaming company) has a
home cluster of over 11 linux boxes--but maintains a "Wintendo" system for
things like Pacific Fighters.

So yeah, I have reasons to be running Windows, in spite of my security
and maintenance gripes.  If I didn't, I wouldn't bother.  Actually, Win2K
reminds me a bit of Mac OS System 6 or so, which was decent enough.  It
only took MS over a decade to catch up. :) I like it well enough, except
for the security side.

Incidentally, the PC Tools Spyware Doctor was pretty good.  Seemed thorough
enough, and did the job.  Pretty inexpensive, too--$49 for two systems.

> The only email it gets is bounced to it (using Thunderbird) from my
> SCO OSR 6 system. which uses smail and mutt.

If you have mutt, why use a 'doze mail agent at all?  Fire up mutt under
FacetWin.  What am I missing that you need Thunderbird at all?

> PS - My bitch with Microsoft is the Registry thingie.

As Jay would probably point out, a registry isn't necessarily a bad
concept.  It's Microsoft's execution that blows chunks.  The thing never
should have been in binary, for one thing.  For another, it never should
have been one humongous file.  It's pretty much designed to give lousy
performance.  I mean, my win95 registry grew to 6MB+ before the system was
retired.  Absurd.

It should have been a tree heirarchy of discrete files, similar to the
terminfo database, but with ALL ASCII files.  That would have made it
bearable.  It would have been far more easily editable, and it would have
been a hella lot faster.

>      Did that come frome CP/M or where?

Not that I'm aware of.  I ran CP/M on an Apple with a Z80+ card from
Applied Engineering.  No such creature as a registry there. Not even
remotely.

mark->
-- 
There is no "I" in TEAM.
This would be the primary reason I've chosen not to join one.