How To Avoid Future WannaCry Style Ransomware Attacks

This is very simple, and it has more to do with the philosophy and marketing of operating systems than the technology of the operating systems themselves, though the technology does matter a great deal as well. First, lets have a look at how this ransomware attack was allowed to happen to begin with.

The vast majority of affected systems in this latest world wide cyber attack were Windows based computers that were not updated with recently available and easily deployed patch. The attack did not affect other operating systems, and Windows systems that had a recently released security patch were not affected. (I was going to put a link here to direct people to the Microsoft web page with info on what to do if you were attacked, but a minute or two of perusal on the Microsoft site mostly told me about Microsoft's new products, and I did not find any such page. If you have a link, please place it in a snark free comment below.)

Why was the patch not deployed on so many computers? For several reasons.

Some of the operating systems were running under administrative policies that did not allow patching for some reason or another. I've only heard rumors of this but it sounds like a blind-future style pre-decision, in the same category of other bone-headed human processes like no tolerance policies for knives in schools and three strikes you are out sentencing policies. It works like this: You remove thinking from the process by making all decisions in advance, and then get the heck out of there with limited liability and whatever happens happens. If you do this you are probably a member of congress or a school board member planning on retiring soon. It never goes well. Telling security IT people in advance what they can and can't do because of HR or personnel regulations is like going to a doctor and telling them what your diagnosis and treatment is going to be, in advance. You will die of something curable, eventually, if you do that regularly.

Some of the operating systems were running on computers that are, in theory, never supposed to be turned off. This is similar to the first reason in its stupidity level. For one thing, making it impossible to patch an OS ever is really not smart. For another thing, that computer you plan to never turn off is going to turn itself off now and then. But it is also bad at another level, the level of the operating system. Windows has operated, for years, under the principle that when enough stuff goes wrong, you turn off the computer and start again, and if that does not work you reinstall the operating system from scratch. Now, I know, you Windows lovers will jump in at this point and tell me that "Windows doesn't work that way any more" but you know what? After decades of hearing how Windows Past is not Windows Present, when it really is, I don't care what you say. Also, actual on the ground Windows users have been trained, by Microsoft policy, to reboot or reinstall for decades. Anyway, the point is, Windows can not be updated on the fly, and thus, the system utterly fails in a situation where updating is critical, which by the way is all the time and all machines, because even computers you use for nothing but curating recipes for muffins, if hooked to the Internet (where all the good muffin recipes are), can still be the platform for launching a secondary cyber attack.

Some of those operating systems were in health related fields (referring here to both of these first two excuses) and that is why so many health related facilities were hit initially.

Another reason, which is a bit tricky, is the problem with updating stolen software. If you stole the OS it might be hard to get an update or patch. It seems like a good idea for the company making the OS to do this, as it encourages buying the product and discourages stealing it. Yet, many tens of thousands of computers, maybe hundreds of thousands, are currently locked down by WannaCry because they were pirated, and not updated. This becomes a public health (cyber-health, eHealth) risk. It is like vaccination. We all suffer because so many others get the disease, even those of us who did not fail to do the right thing.

This is a moment when we look at something like computer operating systems and realize that they are actually a public good as much as, or more then, they are a commercial product. Think of roads and canals in the old days. Roads and canals were often privately owned (as were fire departments and police forces in many cases) and eventually it became apparent that these are all public goods, so they were essentially taken over by the government. Similarly, power companies and railroads. Not exactly taken over but made into quasi public entities through integration with public agencies and heavy regulation.

I've often argued that things like Google, Amazon.com, Facebook, Twitter, etc. have become the equivalent of public goods, like roads and the post office, etc., in a similar way. To some extent, this is also true of operating systems.

There is of course a solution to all of this. What we need is an operating system that is made by the public itself. If all interested parties simply became involved, and maybe large companies with a lot of stake in computers would put aside a meaningful amount of their own software development resources, and a few public and private agencies would provide some grants and bounties and stuff, we could have an operating system that was free, easily installed, updated every week with common updates (like, maybe, on Sunday evenings or something) with a very easy and easily automated system of updating, that would be great.

Ideally most software would come from well maintained and secure repositories that were checked for malicious code. There could be several different such repositories more or less redundant with each other but maybe tweaked to cater to different types of users. The added advantage of several different but similar repositories is this: even if some bad code gets into one repository, the fact that across users, many different repositories are used, would slow its spread.

By making the operating system free, easy, effective, powerful, flexible, and easily updated almost every one of the limitations in the way we do things that allowed WannCry to spread and ruin everything would simply not have happened. A few people would be hit, it would be a minor story.

On top of this, let's make this new operating system have a few other security related features.

For instance, monitoring code. The way it works now with Windows, is that a finite number of paid and I'm sure brilliant individuals are in charge of coding and maintaining the operating system, and updated and patches, while a much larger number of criminal-minded nefarious but also brilliant individuals are focused on breaking the security. This means that there is an uneven arms race where day to day Microsoft will always be a step ahead of the bad guys, except every now and then when the bad guys jump ahead and make a huge mess.

I propose that this ratio be reversed, that the arms race between the good and the evil become totally one sided in the other direction. Have a very large number of individuals, a proportion of the above mentioned community of private individuals and interested corporations and agencies, working on security, swamping out the nefarious bad guys. There would be very few moments when the bad guys got very far ahead of the good guys.

In addition, the operating system itself could have other security related features. For example, the basic tools inside the operating system could be well maintained, highly traditional, really clean and neat code, and free to use. So, for example, basic tasks that any new software might use are figured out, so you don't have to add your own new version of the code to do them. This means that new code will generally be fast, effective, clean, easier to maintain, and more secure.

Also, the operating system can work more like a prison than, say, a food court. In a food court, you do what you want to do (eat, meet your friends, hang out) in a rather chaotic environment where you can move freely from place to place. Someone puts their food down on a table to go back to the Azian Kuizine window to get the chopsticks they forgot, and you can grab their pot stickers, sit down at a nearby table, and no one can really figure out that you just sole their food. And so on.

In a prison, you can theoretically leave your cell and walk down the hall to the gym, then go to the cafeteria, then the law library. But, the entire route is blocked by a series of doors that only specific people have permission to open, at specific times, for specific reasons. Everything you do requires having permission at every step of of the way, and it is all constantly being carefully watched.

Life should be more like the food court. What happens inside computers should be more like the prison.

Of course, by now, most of you have figured out that I'm talking about Linux. Linux is an operating system that is already widely used when certain conditions pertain. Since the Android OS is based on Linux, and the majority of servers run Linux, and Linux is becoming the preferred desktop in China, it may well be that Linux is more widely deployed right now than any other operating system, though most Westerners think of it as nearly non-existent on desktops.

Critical tasks are often trusted to Linux or similar operating systems (Unix, BSD, etc.) because of reliability and security. When efficiency is required, Linux is often tapped because it can be deployed in a very efficient manner. Linux acts internally like the prison, not the food court. The system itself is constantly monitored open source code, and most of what runs on it is openly monitored as well. Software is usually distributed via secure repositories. The system is free and easily updated, there is no such thing as a pirated copy of Linux. There is a regular schedule of updates, they come out every Sunday.

Another important feature of Linux is the separation of the operating system and the surface appearance of the system. The operating system itself comes in a number of varieties, but most people use one of two: Red Hat or Debian (there are others). But the surface of the OS, the part the user sees, is not related to that at all. Most people use a "desktop" which provides the windows and stuff, the parts that you interface with, and there are several versions of this, from which users can more or less pick and chose.

Here is why this is important: The desktop provides the user experience, and the user experience sells the product. If you develop a proprietary operating system like Windows, many of your decisions, including when to produce major updates, etc. is driven by the marketing department. The development and deployment of the operating system is a complex process where designers and marketing gurus are at the same table, essentially, as security experts and developers concerned with efficiency.

In the Linux system, the security people and efficiency and functionality developers work most of the time independently from the equivalent of "marketers" or "designers" because of this two layer aspect of the system. It is quite interesting to visit the communities of desktop developers and hear what they are saying to each other, then visit the community of system developers and hear what they are saying to each other. They are pretty much two distinct conversations. There will never be a marketing or design decision about Linux that impacts security.

Linux is the female operating system in a patriarchic world. Refer to the appropriate John Lennon song for a starker analogy. It does a lot of the work, maybe most of the work, but is usually not recognized. When people make comparisons, Linux has to dance backwards and in high heels.

If I say, like I just said here, that "if Linux was widely in use, the WannaCry attack would have been much less severe" people will respond "Linux can be attacked too" and that will be taken by others, and possibly meant to begin with, as stating "Linux and Windows are the same, its just that attackers attack Windows and not Linux." That is a pernicious falsehood that feels a lot like many sexist comments about the limitations of women. Yes, Linux could in theory be attacked. No, Linux is pretty much not attacked very often or ever, so your fantasy about how it can be attacked has no empirical back up. No, Linux and Windows are not the same in which they are developed, designed, maintained, deployed, updated, or secured, and every single one of those differences gives Linux a huge leg up on security and Windows one or more disadvantages.

If a cyber attack is a mugger, Windows is a physically small drunken person with wads of money sticking out of his pockets, staggering down a dark ally near the convention hall during a mugger's conference, while Linux is a hundred sober and smart well trained Navy Seals each driving a separate armored car in undisclosed locations.

Yes, you can attack the Navy Seals. But if you do that, they'll make you wanna cry.

Categories

More like this

Three (or more) operating systems times three (or more) versions of software with bugs unique to one or systems (that I don't have) means too many systems for me to manage teaching. Thank the FSM they're not using Linux, too. (Let me see that would be Ubuntu Linux, RedHat Linux, Debian Linux,…
Vedran Vucic (voo-tcheech) is a Linux afficionado in Serbia. He and his organization have gone all around Serbia, wired up the schools, taught the teachers and students how to use Linux, taught the teachers and students how to use various online educational resources ranging from blogs to ATutor,…
The other day, I wrote that I wanted to make things easier for my students by using the kinds of software that they were likely to have on their computers and the kinds that they are likely to see in the business and biotech world when they graduate from college. More than one person told me that I…
This came up in a question in the post where I started to talk about π-calculus, but I thought it was an interesting enough topic to promote it up to a top-level post. If you listen to anyone talking about computers or software, there are three worlds you'll constantly hear: parallel, concurrent,…

Whilst I'm generally in favor of Linux being used in corporate environments such as the NHS, I would mention..

IT departments are often wary of their PCs automatically updating with the latest patches and upgrades. This has been known to break things, and having things suddenly break with no prior warning is an IT debt nightmare.

And Windows is still a better consumer OS than any Linux version, and that's after extensive use of both.

By Andrew J Dodds (not verified) on 15 May 2017 #permalink

I've been using Linux for many years and I've never seen an automatic update break anything.

Windows updates break things all the time. This idea that the automatic updates break things comes from windows, not Linux, yet is being used to put Linux in its place. I blame the patriarchy!

Also, Linux does not automatically update automatically, and IT departments can more easily adjust how updates happen on Linux than on any other operating system, and also, they can know exactly what every update does rather than having to hope Microsoft tells you or to guess.

No, in the area of updating and maintenance, Linux is lightyears ahead of Windows in every respect.

Regarding the consumer OS, after extensive use of both, I totally disagree. But then, some people think Windows is better than OSX, and some people thing the opposite.

There are two factors that determine the user experience: What system you use for a period of time, and personal preference. Modern linux desktops are diverse and fantastic, and between Gnome, Mate, KDE, etc. there is a style for everyone. It may well be that if a user uses each of a few Linux desktops for six months each, OSX for six months, then Windows for 6 months, that in the end they'll prefer Windows. Or, they many not. It is very personal and experience based, and the vast majority of people have never used Linux for a period of time sufficient to test the experience.

So, no, you can't really credibly state that Windows is better than Linux for the end user.

There are, however, objective reasons to state the opposite. For example, both generally require a password to sign on. Windows requires that the password be linked to a Microsoft account, and since this brings the whole password thing into a new realm, Windows has special password requriements. If you've ever used an email to establish this account, you are now stuck with the history of what you've done before wrt user names, etc.

So, when I tried the other day to set up a small Windows tablet to carry out a specific task (monitoring the acivity of a robot, not one other thing, just that one task) it took me a half hour of dicking around just to establish the account. So I switched to a Liunux system and set up my user name and password as I wanted on that machine in five seconds.

Objectively, a large percentage of the things people using Windows call their IT people about are Windows-specific problems that do not exist on LInux. I know this from using both systems as well as sitting for year on numerous IT committees and hearing all the complaints.

So, I'll allow for the use experience to be mostly subjective, but to the extent that there are objective differences, wrt to using the operating system, Windows has some serious flaws.

No, windows is a worse consumer OS than any current Linux version.

And that is after extensive use of both.

Morovere, since it's under your control, even to fixing it (or as a business owner, getting someone to fix it), I get to control whether I actually DO need to upgrade.

Tell me, if Windows was so easy to use, why is the industry spending on average 5% of their budget on training for it???

For Samba it's part of the SUSE and RHEL panel to set it up, which version you use. And that's been the case since at least 2005 when I used YAST rather than ignored it and edited /etc and told YAST to leave it alone.

Not so easy to do it in Windows

"I blame the patriarchy! "

See, if more feminists took the piss out of its over-use, it would disarm the lunatic fringe (and there's always one to find on the internet) and show one very easy method to tell the "feminists" from "feminists".

Hell, it works better than railing against the over-use of blaming patriarchy, most likely.

I can understand, at some level, a corporate policy that prohibits individual users from upgrading their system. Anything that depends on a bunch of computers having the same operating system, including in many cases patch level, will break if users can install their own software.

It makes no sense for the HR people to tell the IT people that the latter cannot upgrade operating systems. The job of the IT department is to make sure systems are up-to-date and secure. If the IT department cannot or will not do that job, then sooner or later somebody will attack their systems. It's true that Windows operating systems are most vulnerable to this problem, but give it enough time and Linux or MacOS systems will be hacked, too.

Unfortunately, there have been too many lazy programmers in the Windows world who exploit undocumented features of the operating system. Every now and then one of those undocumented features will turn out to be the basis of a vulnerability, and the security patch disables it, along with any and all software that depends on it. I can't blame Microsoft for not having the resources to do this for every Windows program out there, but sometimes Microsoft Office products have used these undocumented features. This is the reason why some IT departments are reluctant to keep their OS patches current. My understanding is that this is not an issue for Linux, mainly because everything there is documented, and much less of an issue for MacOS than Windows because MacOS is Unix-based.

By Eric Lund (not verified) on 15 May 2017 #permalink

Some old machines are no longer patchable but still needed for applications where it still works but it can't be fixed, changed or replaced.

So two things, both coming from closed source.

1) Windows pre-XP is still "copyrighted" and still closed source, refusing to be used to educate the next generation of OS gurus in how Bill Gates and his company solved the problems of writing a consumer OS. Despite being unusable for sales, and therefore impossible to lose sales over, the only goddamned reason why copyright is even there.

2) All apps, pretty much, written specifically for windows is closed source, so now the company is gone there's nobody who CAN update it or even do the few little fiddles that might make it work. E.g. if it still wants to write to sys.ini.

Copyrights should not exist for compiled object code. It doesn't fit the "expressive works" and any display of art it gives is a performance art between the operator and the program AS IT RUNS. So it should never have gotten copyrights.

You should be allowed copyrights only if you give out the source code. One of the limitations then has to be about creating derivative works (the object code).

And when a work is abandoned and not supported, you lose all copyrights. After all, if it isn't working 15 years later and still needs a patch, either you still owe the customer the fix so they have what they paid for, or you stole from them the cash they paid. But if they can fix it themselves, you can point to that fact as why you don't have to run full codewarrior on Win95OSR2.1 to make it work.

And if you use copyprotection, you don't get to use copyrights too. Either it's intended to be ineffective protection, or it replaces copyrights agreements and puts its own private law on the product.

"Unfortunately, there have been too many lazy programmers in the Windows world who exploit undocumented features of the operating system"

As just such a programmer, I had to. It would not work and the bug HAD to be worked with or the product would never have worked and sold.

Then when, four years later, they DO fix the bug, it's not fixed in a sane way most of the time and it needs a switch to work with the bug as it was AND detect if it's patched and work it a different way (and inevitable it will introduce other bugs that we need to code to).

Sometimes, as with UEFI or ACPI, the actual implementation given by Microsoft to code against for our application DISOBEYED THE STANDARD IT WAS SUPPOSED TO BE IMPLEMENTING. So we either code against the standard, in which case our product worked only when some manufacturer implemented THEIR product by the actual standard, or MS changed their hacks around it for their OS to run so that it could also co-exist with the standard implementation. Or we code up against what the current misimplementation (IOW bug) MS used and shipped.

Linux will never be a successful consumer OS so long as users need to use the CLI - that's why Windows and OSx are better consumer systems. For Windows the way to prevent these attacks is for the user or system administrator to use application whitelisting. If you haven't got access to Windows Group or Local Policy Editor to do this, or don't know how, then you can use the free CryptoPrevent tool at http://www.foolishit.com/download/cryptoprevent/ to do it for you

see http://support.microsoft.com/kb/310791
http://technet.microsoft.com/en-us/library/cc786941(v=ws.10).aspx

By Dougl Alder (not verified) on 15 May 2017 #permalink

"Linux will never be a successful consumer OS so long as users need to use the CLI "

So Windows will no longer be a successful consumer OS because it has Power Shell?

Looking at the lack of uptake of Win Vista, 8, 10, you may be right.

Nah, you're talking shit. What you mean is "as long as there is some way to say there's a CLI, I'll insist you have to use it on Linux!".

"For Windows the way to prevent these attacks is for the user or system administrator to use application whitelisting."

And that is why Windows is worthless as a consumer OS. Hell, it's fucked as an OS for the corporate IT infrastructure, except as a honepot and training test.

And if there's one thing this incident tells us all, it's never download something from some random fuckwad on the internet's post.

":I can understand, at some level, a corporate policy that prohibits individual users from upgrading their system. Anything that depends on a bunch of computers having the same operating system, including in many cases patch level, will break if users can install their own software."

That's a common policy and a good one. It does not stop administrators from settng the policy on the user's machines to upgrade regularly.

If regular upgrades are a problem for an OS, and regular upgrades are necessary for the entire world to not get hacked by nefarious code, then that particular OS is not usable at all. I don't think that is the case ... I think admins can set this up to work, in fact, I know they can.

"It makes no sense for the HR people to tell the IT people that the latter cannot upgrade operating systems."

It certainly is a problem, and now perhaps people will think about it and solve that problem.

"" It’s true that Windows operating systems are most vulnerable to this problem, but give it enough time and Linux or MacOS systems will be hacked, too.""

That is exactly what I regard as a very dangerous and incorrect sentence. Technically it is not wrong, but it implies an equivalence between Windows and *nix based systems that is simply very very far from the truth, as I explain in the post. Given the fact that most people will interpret it as an equivalence, I reject it and object to it.

""Unfortunately, there have been too many lazy programmers in the Windows world who exploit undocumented features of the operating system. Every now and then one of those undocumented features will turn out to be the basis of a vulnerability, and the security patch disables it, along with any and all software that depends on it. I can’t blame Microsoft for not having the resources to do this for every Windows program out there, but sometimes Microsoft Office products have used these undocumented features. ""

See my discussion of the food court vs. prison analogy. Not only is it commonly the case that code is done badly in Windows, but it may be the case that to get some things done you have to do that.

Linux development over time has the annoying feature that old stuff gets scrubbed and upstream repair is a constant need. This is actually how a secure operating system is used. There is no old lurking dangerous code everyone forgot about in Linux. Again, a fundamental qualitative difference.

". This is the reason why some IT departments are reluctant to keep their OS patches current. My understanding is that this is not an issue for Linux, mainly because everything there is documented, and much less of an issue for MacOS than Windows because MacOS is Unix-based."

Indeed. I am actually not sure how things go with Macs. Much of the code that matters is proprietary and Apple has an approach to honesty roughly in line with, say, airlines. They don't have a corporate rule to be honest and forthcoming. So, I imagine there are some similar problems, but the OS itself is better designed, similar to Linux.

Wow #6:

I didn't mention in the post, but yes, Linux runs in patchable maintainable form on most machines, and even after 32 bit machines get left behind by a lot of applicants, it will still be maintainable because Linux is supposed to be available for very low power and legacy machines.

Doug: #8: that ship sailed.

Until recently and it is probably still true, to fix certain things on Mac OSX or Windows, you need the CLI. I know this is true on OSX. Not esoteric things. For example, turning off and on that stupid spotlight thing, that's a CLI job.

That is and always will be true, I think for al operating systems. So, this is an example of Linux having to dance backwards and in high heels. You can deploy a Linux desktop and use it all the time and not touch the command line. Really. You can. People do it all the time.

The Command line is used more than it need to be because, simply put, it is sometimes easier to copy and past a line of code some tech person emailed you on any of these systems. It is possible that some realy bad things that hapen require the CLI, in Linux, but if you look at instance of that, it is almost always become someone who was too smart for their own good messed with stuff you shouldn't mess with and broke something. In Windows, the way to fix that is to reinstall. In Mac systems thew way to fix that is to buy more hardware. In Linux the way to fix that is a simple command line.

So, by this criterion, Linux is ready for the desktop!

Skip a couple of letters, it speeds it up...!

Windose is a Windose does

last month i went on holiday to Sydney. I took a 25 year old laptop.

I mostly used my android device for everything but the laptop was useful for somethings

25 years old! 1 slow single core CPU. A tiny 60GB drive. A real dog of a machine.

But i had installed Linux Lite

anyone who thinks Windows is better than Linux is in the same category of people who prefer iPhones over android

MS Office over google docs

and Gucci bags over a K2

it's a no-brainer

except for no-brainers

By Murray Hobbs (not verified) on 15 May 2017 #permalink

Greg - I guess it depends on what you as a user are doing with the OS. I can't remember the last time i HAD to use the CLI in Windows, and that's what I was referring to. Sure I do use it for somethings that are not native to Win - such as WHOIS. or because I know how and can't be bothered to install apps to do it for me run tracert and ping commands. As you said to me the last time this came up Greg - Linux is for smart people. I'm sure the overwhelming vast majority of Windows users have no idea what the CLI is, how to access it, or what it is used for and if they do run across it are afraid to do anything with it. That, at least, was my experience with them when doing tech support. Can't speak for Apple OS on that. Linux, you're going to need to know.

WoW #9 - do you make a habit of misrepresenting what people say so you can diss them? Just asking because I didn't say Linux was not a consumer desktop because it has a CLI but because users have to use it. That's is not eve close to saying that because Win has Power Shell it's not a consumer OS. But I'm pretty sure you knew that.

By Doug Alder (not verified) on 15 May 2017 #permalink

"Sure I do use it for somethings that are not native to Win – such as WHOIS. "

Whois is part of the tcpstack operating. ftp too. Never used that, either, hmm?

"or because I know how and can’t be bothered to install apps to do it for me run tracert and ping commands."

You just googled that shit, didn't you? Come on 'fess up!

" I’m sure the overwhelming vast majority of Windows users have no idea what the CLI is,"

The vast majority of Ubuntu users have never used the CLI. It's not for me, though I've used it at times, but I HAVE passed it on to three people.

Not one of which EVER used the command line.

And that was right back in the early releases before they started with the schedule the LTS and it was all about the branding EVERYTHING brown.

And, no "your OS is for smart people" doesn't work because SMART people know shinola when it happens.

"...and if they do run across it are afraid to do anything with it"

Then why did you promote earlier that to solve this issue, they

use application whitelisting. If you haven’t got access to Windows Group or Local Policy Editor to do this

And then asked them to download some random executable from a site URL that calls itself "foolish shit/download"?

"on that. Linux, you’re going to need to know. "

No you aren't. Not at all. Not even vaguely. There are advantages to the command line, but it's as necessary as hitting "Win+F2 regedit ENTER".

"WoW #9 – do you make a habit of misrepresenting what people say so you can diss them?"

Do you make a habit of making claims up so you can whine and make out you're the victim?

"I didn’t say Linux was not a consumer desktop because it has a CLI"

No, you said,

“Linux will never be a successful consumer OS so long as users need to use the CLI ”

and I pointed out this was bullshit.

"but because users have to use it."

But that's bullshit. You know, like I said. They need to use it as much as you need to use PowerShell. Less, even, since there's more tools built in to do what PowerShell was "invented" to do. Many of them because UNIX doesn't try and hide everything from you. For example _$XXX$ files, IIRC, but it's something like that pattern, are AUTOMATICALLY HIDDEN since WinXP in Explorer. Sony's CD Rootkit relied on a file with that pattern. Drop to Dos and the command line (either cmd.exe or command.com, depending on the version), and you can see it. Got a hidden file stoping uninstalling an application with a file like that? You NEED the command line. 100% ABSOLUTELY NECESSARY.

"But I’m pretty sure you knew that."

Nope, but I'm pretty sure you know you're talking bullshit.

You need the CLI on UNIX LESS than you need PowerShell. But if having to use the command line was the death knell, then you have it "proven" in Windows7+ and PowerShell.

But you;re talking bollocks.

As I said:

Nah, you’re talking shit. What you mean is “as long as there is some way to say there’s a CLI, I’ll insist you have to use it on Linux!”.

And we BOTH know you read that, and BOTH know why you ignored its existence: that it DESTROYS your claims against me.

#2 "Windows requires that the password be linked to a Microsoft account"

No it doesn't, this is optional - and can be prevented entirely by admins.

By Andrew Gillett (not verified) on 15 May 2017 #permalink

If it's on the store it does. And some apps are store only. Some are just sold and are linked to the Store (much like some purchases from Amazon are only a code for STEAM activation).

And please let us know which homeowners of PCs at that home have an admin staff?

Hard to tell how secure is Linux because the virus writers will target Windows. It is basically security through obscurity.

No, it;s quite easy to tell how secure it is. there;s the code right out there and scores of high quality tools to assess security.

It's a fallacy to claim that windows is popular because popularity does not mean easier. And there can be no security through obscurity, but even if there were, then you'd be maligning windows closed source, not linux openness.

Think of this: most of the internet infrastructure is unix based, today mostly linux. Smart TVs usually use Linux and Busybox today. And most of the valuables is behind a linux firewall, while home PCs contain cat pics and your porn history (or private browsing settings).

Which do you go for?

Stuff that hides important valuable stuff?
Stuff that holds cat pics?

Part of what does make linux secure is that it is not a monolith, unlike windows. There's no absolute required system content for all of them apart from the very basic stuff (the stuff that used to be on the three A labeled floppy disks you downloaded for Yggdrasil), and some general closed source stuff post-added on, such as flash from Adobe.

Even though half may be close enough to similar to be counted affected, there will be enough changes even among all RHEL2016 that your surface to attack is too small to replicate efficiently, slowing it down so it will be noted and guarded against.

Doesn't always work, but it's the closest you'll get to "security through obscurity" in Linux. And that isn't all that close because this security works (a variant of opposite of monoculture vulnerability: diversity based resistance)

Doug, I think we are in basic agreement here: All operating systems can be run by the average user without the CLI, all operating systems have some sort of CLI that is either a) convenient for those so inclined or b) available when the tech support person tells you do do something special.

"Hard to tell how secure is Linux because the virus writers will target Windows. It is basically security through obscurity."

Once again: Good grief.

security in an operating system?

is linux inherently more secure than windose?

when i was studying operating system design at uni i was working on VAX systems and i was running very early versions of linux as well as older OSs, and of course whatever Microsoft and Apple had at the time. We also studied IBM systems architecture. When i say studied i mean real study - not just playing with systems to be familiar with their interfaces CLI or otherwise.

then i went working all over the world on various operating systems

since then i've used whatever has been around for one thing or another

any system is only as secure as the human element

if someone send you a link to a RedHat RPM and you install it (as root) and incapacitate the SE system

if it's malicious then you're fucked

same on windows

probably the same on any system commonly in use

there are attempts to design systems that can't be compromised with various degrees of success - and concomitant usability

want something that can be used for anything anytime you want it?

i'd say you've got problems

want something that does just one job and nothing else?

buy a toaster but not a smart toaster

By Murray Hobbs (not verified) on 15 May 2017 #permalink

No, I won't touch Linux with a barge pole, for two reasons:
1/ I have a life. I do not have time to decipher an OS that appears to have been designed by a teenager with a bad case of aspergers and no concept of ITIL. I have 2 Linux machines and I do my best to never touch them because I simply do not have the time to teach myself in-depth technical details about something I really shouldn't need to know.
2/ It's not a serious OS for a corporate environment.

I was interested to see that the NHS trust where I worked (70-hour weeks) to help bring it into the 21st century has a big notice up on its web page saying, "We are unaffected by the cyber attack, please come to your appointments as usual". We implemented patching, endpoint security, eliminated admin accounts and generic accounts and got rid of all the junk that was crippling the IT teams' ability to be proactive (Apple computers and other unmanageable OSs) and got rid of all the rubbish that was running on a "server" under people's desks.

The real issue is as Greg notes in his images: people, procedures and equipment. Do this right and Microsoft gives you the kind of low-maintenance and smooth-running computing environment you can never have with that Linux stuff.

By Craig Thomas (not verified) on 15 May 2017 #permalink

Well, yeah, that diatribe was a load of bull.

No, Linux does not appear to be written by a teenager. One day go and ask a grown up to get a book on computer design for operating systems and run through it a bit.

It really doesn't matter what else you blew out your piehole there since the opener was 100% sufficient to determine whether the content further was going to be of any value whatsoever.

So if you want a crumb of comfort, at least you didn't do as other blowhards are liable to do and circle around making any point for ages before giving the plot away.

I do not have time to decipher an OS that appears to have been designed by a teenager with a bad case of aspergers and no concept of ITIL.

Okay, ignorant and offensive. No surprise.

I have 2 Linux machines and I do my best to never touch them because I simply do not have the time to teach myself in-depth technical details about something I really shouldn’t need to know.

Lazy and not at all interested in learning.

I don't think the system is the problem.

A fair article giving criticism where due, there's a lot of these articles going round after Wcry.

The thing missing from all I have read so far regarding situations where people cannot update due to the need for legacy support is the simple fact that: The legacy part of the system can be run in a virtual environment on top of an up-to-date operating system.

This does not mean more work for IT administrators as some might believe

Simon: Interesting point.

Also, in regards to Linux, as mentioned in the post, the legacy hardware is not much of a problem and because of the separation of different layers of the Linux system, it isn't much of a problem for software either.

Craig: LOL. I'm calling you on this. You've not sat at a Linux desktop in ten years or you would not have said what you just said.

I'm never quite sure when I see anti-Linux misinformation like that, what the heck I'm looking at. Certainly not a cogent, up to date, informed analysis !

Speaking as a non-technically inclined user, someone who needs stuff to just work, I too am dubious that Linux would be that great of a system for most end-users (though it may well be superior for behind-the-scenes stuff).

I haven't made an attempt at Linux in a long while, so my knowledge of hands-on use is cursory at best. But reading Greg's post and others my sense is that you, Greg, are a tom more tech-savvy than I am. When I was young (in the 80s) and computers were more technically difficult for most users to manipulate I would spend hours learning the ins and outs of an OS. I liked IBM-based machines because you could get into the guts, and Macs looked boring to me.

Since then I have reversed, because I have stuff to do and a limited number of hours in the day. Since most popular office programs aren't native to Linux (Word etc) it seems to me that you're adding an extra step every time I need to write an article. That's just inconvenient and guaranteed to drive me nuts.

Again, I am a stupid user. I need to turn the computer on and not have to think about what I am doing because my work -- the stuff that feeds me -- has zero, nada, bubkes to do with operating systems. Where once I loved coding (if primitively) now all that stuff just frustrates the heck out of me.

I use Mac OS now, and I suspect newer versions of Windows would be as easy (though having used both I did not find them so, but that was a few years back) but as you say YMMV.

But my question would be for those of us that see computers as effectively mysterious black boxes that are magic, can Linux function?

Understand, I do know a bit about how systems work -- I write about computer security on occasion, and technology. But in terms of my day to day get-work-done stuff, I have to be as a babe in the woods, as it were. (Just like getting yourself to work you can't be worrying about how your car works; you need it to get you from point A to B with a minimum of fuss. I know how to replace brake pads and spark plugs and a lot of that, but I simply no longer have the time to do it anymore).

So looked at from that perspective, would a massive switch to Linux be that beneficial? (In its current form, anyway). Again, I am not doubting the technological superiority of Linux here.

Am I making sense?

I'm safe. The chances that my wife will ever read this comment are very tiny.

My wife is pretty much totally inept on computers. Our 18 year old daughter taunts her about her phone never having its notifications cleared. that she can't use the remotes for the TV, that she can't do anything technical.

But she has a small laptop/notebook she's been using for about 4 years. That's pretty much the only computer she ever uses though sometimes, if she needs lots of screen space she'll use our daughters desktop because it has two big screens.

her notebook is linux - that's all she uses though she can find her way around windows well enough to find chrome

that's all she needs you know - a browser - once she's in she can do everything she needs to do

these days kids are no longer taught Microsoft at school - they are taught google - google docs, google search, youtube, - everything

no more windows

anyone who looks at an operating system with doubt is obviously old, or (sorry to say it) very ignorant, or very very indoctrinated by either their workplace or their out of date schooling

most people on planet earth get by with an android hand held using facebook, some chat app variant, and maybe google and one or two other apps especially games if they are young

chromebooks are what everybody buys (unless they are an idiot or have more money than sense)

when you install linux onto a computer the most you need is a bowser and possibly 9though i doubt it these days) open office

with the associated icons on the desktop

that's about it

the ONLY exception is if you are running either bespoke or specialist software - which incidentally you also launch from a desktop icon

if my wife can get by using linux every day for 4 years then anybody can - and i mean anybody

all those who fear it do so because they are lazy, old, probably heavily overpaid and probably a waste of taxpayers money

By Murray Hobbs (not verified) on 15 May 2017 #permalink

In reply to by Jesse (not verified)

It was a long time ago, but this discussion came up at work, and a manager described how Linux is susceptible to viruses. The security thru obscurity is not that the code is obscure like Windows, but that it is so little used that hackers will target Windows. If I wanted a secure system, I would choose Linux or Mac, but I suspect if everyone started using it, a Mac would fail quickly. Not sure about Linux.

It doesn't help that Microsoft's update tactics, littered with malware-type behavior, has put their own customers/clients on the defensive. MSs deserves a good deal of the blame.

Greg I agree we are pretty much in agreement here. I was just pointing out a difference as I see it. I do confess though that other that an older version of Ubuntu I have loaded on an old 32 bit laptop so that I can run BOINC on it I haven';t played with a Linux Desktop for quite awhile now - it's all been CentOS on my server.

"Whois is part of the tcpstack operating. ftp too. Never used that, either, hmm? "

WoW you are making a big fool of yourself . Tell you what take a fresh Win install (8.1 or below I haven't tried this on 10 yet) and open up the CLI and type whois - you won't get anywhere. Tracert and ping commands work but whois does not, you need to install something (like Whois v1.14 from Sysinternals) but you'll have to know how to modify your path command like I did if you want it to work from the CLI

I've been doing this shit since 1992 when I started my own 300 user BBS so get back to me when you have a clue.

By Doug Alder (not verified) on 15 May 2017 #permalink

You kind of lost me at "This is very simple". As someone who as example dealt with updating OpenSSL libraries on a small production environment and knows how much planning, scheduling and effort that took I cannot agree that security is simple.

OS has nothing to do here. Every system (and this goes not only for software or IT) is vulnerable at some extent in time and some vulnerabilities are far reaching.

By Hristo Radkov (not verified) on 15 May 2017 #permalink

Craig thomas wrote:

"Do this right and Microsoft gives you the kind of low-maintenance and smooth-running computing environment you can never have with that Linux stuff".

If you think it is Low-maintenance then you simply never dealt with the back-end stuff.

In general Microsoft environment is much harder, involved, convoluted and legacy heavy, overall difficult to harden in comparison to Linux and BSD.

Linux is no good for a corporate environment only when corporate environment is not serious about IT.

By Hristo Radkov (not verified) on 15 May 2017 #permalink

This is interesting, because what made me abandon Linux (Ubuntu) in it's role as a consumer OS was when applying updates trashed the graphics driver to the extent that the system would no longer boot to the GUI.

Obviously the games library was restricted, and the graphics performance was not as strong as on Windows. This is based on my direct observation. Note that games are a MAJOR consumer application for PCs.

Also used SUSE linux extensively at work (admittedly an earlier version), which again would frequently do bizarre things.

Now, IF I am doing stuff that relies on account management, requires long term stability, has 'server' in the name, does lights-out single-function stuff.. in these areas and others I would obviously choose Linux.

As far as automatic updates go.. no sane IT department of a large corporation has their computers of any sort automatically update. Because updates can and do break installed applications, on all systems. A good IT department will have test systems set up so that they can verify patches as they come out, then roll them out across the organisation. An underfunded IT department will block them and hope..

By Andrew Dodds (not verified) on 15 May 2017 #permalink

Greg, your claim that automatic updates never break things on Linux is (unfortunately) untrue. Look, I love Linux, would like nothing more than to live in your rainbows-and-unicorns-everyone-uses-Linux hypothetical future, I even once made a pledge to never again get a Windows machine.

Problem is, about twice a year I would find myself spending a day hacking around to fix stuff because, yes, an automatic update broke some stuff. I got sick of it, because I'm the kind of user who just wants shit to work, and now all my machines are Windows 10, because that's *almost* as good as Linux when it works, and it doesn't randomly break every six months.

Now, this is Ubuntu we're talking about, and I'm sure there are distros that are more stable or whatever, but at this point we're playing No True Scotsdistro. Bottom line is, Linux *does* sometimes auto-update-break.

By Ketil Tveiten (not verified) on 15 May 2017 #permalink

You might want to try openSUSE Linux. I've been using it since 1997 and while occasionally in the past an update or version upgrade would glitch a program or two, it has been years since that has happened (and I support around 100 openSUSE users). I can't remember for sure how long ago I experienced an update glitch but I think it has to be at least four or five years ago. Ubuntu appears to be significantly buggier than openSUSE, so I would recommend giving openSUSE a try.

By openSUSELinuxFan (not verified) on 15 May 2017 #permalink

"The legacy part of the system can be run in a virtual environment on top of an up-to-date operating system."

It can also be run under WINE.

But then again, you need a full audit of the scenario, testing and compliance with laws, etc. And some things require hardware access that virtualisation and WINE don't allow (copy protection dongles for example)

And with emulation, you may still find yourself buggered by the exact same problem, since that is still the full OS there with all its flaws.

At least with WINE you have a different OS library call and therefore it's unlikely, unless the bug is part of the protocol, to be vulnerable.

"Greg, your claim that automatic updates never break things on Linux is (unfortunately) untrue. "

Uh, it wasn't said never. It is vastly less likely, and the system does the breaking only for hardware that isn't open source.

"Problem is, about twice a year I would find myself spending a day hacking around to fix stuff because, yes, an automatic update broke some stuff."

What stuff? How? And what fix worked?

It's pretty easy to fluff around with vague accusations, but I'd like to hear from the rare unicorn fart how it really exists.

"“Whois is part of the tcpstack operating. ftp too. Never used that, either, hmm? ”

WoW you are making a big fool of yourself "

MOrON CanT KeEp caPitAls WorkIng. Nope, tht statement there doesn't make a fool of me, it makes one of you. You could claim it DOESN'T make a fool of you and fails, but it doesn't make one of me.

Sorry.

"and open up the CLI and type whois – you won’t get anywhere. "

Ah, right, so since WinXP Windows has been even less of an operating system than anything else on the market except toys.

Well, I guess they want to sell you the actual tools you need to get it working rather than include them any more.

This is only a good thing if you like less for more money.

"I’ve been doing this shit since 1992"

Yeah, what? Trolling and making shit up since 1992, hm? Cool story bro, but you're talking bollocks. I can safely make this claim because there have been several claims from you that were absolutely fake and there's no reason to take anything else you claim as being any more based in reality.

"The security thru obscurity is not that the code is obscure like Windows, but that it is so little used that hackers will target Windows"

Well your manager was talking bullshit. And not even their own, they were copypasta-ing the FUD and BS from Microsoft.

He was wrong and you, like the good little cog you are, accepted your role to grind it on.

"I haven’t made an attempt at Linux in a long while,"

Then you're wrong. Your assertion is about as correct as claiming WinNT 3.0 will not be a successful home OS.

"But my question would be for those of us that see computers as effectively mysterious black boxes that are magic, can Linux function? "

Yes, and far easier and more securely than Windows, since it doesn't require you to piss about in the internals if there's anything that isn't allowed to be easily visible and touched by you, the user, that Microsoft thing is a braindead moron unable to get past the idea of the retractable cup holder.

You don't have to work against the OS to do things. Makes it a lot easier to use safely than Windows.

"So looked at from that perspective, would a massive switch to Linux be that beneficial?"

It depends on what your current system isn't doing. It works at least as well and your worries are vapour.

"but that it is so little used that hackers will target Windows"

No, they target windows because it's so easy.

And when you hack it, the OS is so petrified of letting anything "scary" be visible to the owner of the computer that MS believe to be a dangerous moron only capable of being terrified by plaintext and computer terms, that the virus is hidden from the owner by the OS making it much harder to find, let alone remove.

How many worms were of the form "nakedbutts.jpg.exe" but windows dropped off the extension because such things were "too technical" for the briandead sheeple that use windows, yourself included along with your manager, and that's not just ME saying it, but the designer of the OS you're using saying it, so they hide it in case they scare you off with this jargon. So, thinking this a piccy of booty and not a dangerous random executable, it was opened and all it needed to do to spread was display a picture of a butt so you'd pass it on to the rest of your work colleagues to infect.

jpg files were safe. And the OS told you it was a jpg.

"Operating Systems"

Once, there was a marvelous species of ape on planet Earth.

They were fearless, and adventurous, and performed incredible feats of engineering. A few even strapped themselves to the top of a giant rocket and landed on the moon, and returned.

And all of these wonders-- great cathedrals and bridges, harnessing electricity, and even learning the secrets of the atom-- were carried out with pencil and paper, and log tables, and slide rules.....

Some say there is a natural cycle of growth, and then decline, in all things....

Jesse #31:

My advice to everyone these days is, "Linux is for smart people, so maybe you want to avoid it."

That of course is meant as a joke, and smart people laugh. So, if someone doesn't laugh ...

Well, anyway, the point is that Linux has a handful of things that make it difficult for the average person to use. But, so does Windows. In fact, Windows has more. People who use windows instead of Linux specifically because Windows is easier than Linux to install, update, operate, fix, etc. are simply operating under a misconception.

Both Linux and the Microsoft operating system were once "CLI" only. The, Microsoft added a GUI that made it easier to use but that sapped the hardware so much that it was essentially useless, and for a very long time people avoided it (Windows 3.0 and 3.1) preferring the command line.

During the six month period of writing my thesis, I used Windows 3.1 now and then, in order to run Word for Windows, in order to make certain tables and print them out because I had more fonts. At the same time, I used a Mac in our lab to do half of my graphics. The other graphics were made using qPro or Harvard Graphics, all running from DOS. The text itself was produced and printed using WordPerfect for DOS. I left spaces on the printouts to literally cut and paste (using tape) the graphics produced using other methods.

What has happened in the years since then is that all three OS's, Windows, Mac, and Linux, have evolved fully functional GUI front ends that work very well and that do everything as each other. Each and every one of the three OS's has software that runs better on it than on other OS's, so no OS can claim to have some functionality that makes it the best or only choice for everyone. For me, I find Windows to be counterproductive, while Linux and Mac OSX get my jobs done for me. This is using zero fancy technical skill. When I want to apply fancy technical skills to, say, operate a robot or scrape web sites for data or whatever, I generally use Linux or I get an OSX machine to emulate Linux, essentially. There, it is really mainly a matter of which desk the computer is on in physical relationship to key variables such as where I'm sitting or where various hardware is.

Andrew #40:

First, a clarification on updates. A good IT department will do what you say. But from the end user's point of view, having things fed to you by an IT department, or being instructed to do things, is roughly the same thing as an end user having thier own process automated. In any event, I don't know how it works with Windows, maybe it is either all automatic or zero automatic, but for an IT manager managing Linux updates, there are a number of different and very good ways to make this automatic for the end user but controlled by the IT department.

Regarding the idea that updates cause problems in all systems, really, no.

This is extremely unusual for Linux. Yes, it can happen, but it very very rarely does. You had a problem with your driver and your graphics card, not with the OS. In any event, you can always start Linux after it has been trashed at the level you describe. Had that been Windows, your system may have been toast for real, but in your case, unless your boot drive was corrupted (which would have been a separate issue) you could have recovered, you just didn't know how to do it.

What you've done here is to eliminate from further consideration an entire operating system because you had a problem with it. I promise you this: If Windows was eliminated by each user, one at at time, because they had a serious problem while using it, there would be very few Windows users. You are, in fact, asking Linux to dance backwards and in high heels exactly as I describe in the post!

You are totally correct about games. As I say above in a comment, each OS has different things it is good at vs. not so good at. That is NOT something that applies only to Windows (for the good things) or Linux (for the bad things). It is true in both polar directions for each of the three main OSs.

As you say, if the main reason for using a computer is to play certain games, then by all means buy into Windows. If your main reason to use the computer is be be all smart and stuff, consider Linux!

"People who use windows instead of Linux specifically because Windows is easier than Linux to install, update, operate, fix, etc. are simply operating under a misconception. "

It's a misconception because they're being lied to by those who want to have some hippy anti-capitalist "free open communist software" thingy buried because, well, microsoft is everything good about the free market: you can just vote with your dollars and leave if you don't like it!

Of course if you DO leave, you're whined and moaned at for being an unrealistic commie hippie who wants everyone in caves and hair shirts and if only you used it you'd see it was fine.

You know, the same hypocrisy with free speech. All fine until the speech inconveniences someone, then you are disruptive and must only speak where nobody can hear.

"You are totally correct about games"

This, however, is just as true of Windows when it came out. And go to Steam or GoG to find there are a shedload of games. It's just that there's no way to buy a system without windows or hardware without windows drivers and if you aren't using it in windows, even if it's clearly an electrical fault, they'll weasel out of it and blame linux, so you have to have windows anyway.

A lot like anti-cyclists who complain about the cyclists without even caring that 90% of them have cars too, so pay for those roads.

So most of them already have Windows, 99% of the games that run on Linux also run on Windows, and the FUD bandied about really does make Linux undeservedly a niche.

But the games work, generally, BETTER because the OS is more efficient than windows so despite having to go through a translation layer to proffer Windows syscalls and then route them to the Linux syscalls that can implement them and no JIT compilation to optimise out redundant syscals or reorder them to fewer ops, it still frequently works faster on Linux.

WoW servers have been generally Linux and most of Bethesda's games where they have servers to download have been available on servers, because Linux is just faster and better at it and the lack of a driver for the latest GPU is irrelevant.

omg... where to start. Doug and others bashing ease of use for LInux desktop. My 70 year old dad, who isnt in IT but a expedite driver, has been running linux mint since version 6. He doesnt have windows on anything. He never has to go to the cli for anything. He is almost completely self sufficient. When he had windows, i was constantly helping him. Now it so long between he actually needs help, I have to study his setup just to remember how it is set up. So take your FUD elsewhere and maybe actually install a modern linux distro before you make a fool out of yourself again.

" when applying updates trashed the graphics driver to the extent that the system would no longer boot to the GUI."

This would have been a lie.

The driver would have had to be the propriatory one for NVidia. The open source one that doesn't have the latest support or the Intel driver gets tested.

You also get the VESA driver too, the fallback.

And when windows goes into rebootcycle you're even more trashed because the OS won't let you in any how.

You could, for example, hit Alt=F1 to get a command line AT ANY TIME. And it won't stop the GUI. You can swap back to that with Alt-F7. Alt-F10 is usually the kernel log where you can see it complain. And during the boot you can change from that progress bar to the text output of the bootprocess which would tell you.

So, no I don't buy the story. Not without a lot more than blank assertion, because there's either a lie or it's Nvidia's fault, which is highly unlikely.

Greg--
Thanks, that helps. Though I bristle at the "Linux is for smart people" thing a bit. I think of myself as a reasonably intelligent person, and so are you, but I would bet money that there are skills I have that you do not, and skills you have that I do not, and it's not indicative of intelligence.

Personally I find Windows to be a bit kludgy, because after 30 years I see it as still fundamentally a GUI tacked onto a CLI-type interface. IME it still behaves this way, even though theoretically Microsoft has revamped the code a lot. And the architecture of Windows made it really hard to diagnose problems.

My Mac OS is easier to run, I find problems that occur are easier to deal with. But that could be a function of more experience.

I think the issue that people like myself would have with Linux is similar to the issues with PGP, which is a perfectly servicable email encryption system. (Won't stop the NSA if they really want to read it, but it will slow them down). PGP was a big honking hassle to use, until recently when finally some good folks started writing apps that were intuitive for non-techies like me, that minimized the f-ing around when you want to send a goddamned email.

Linux I think is in a similar spot. I've seen the interface and used it a bit, and frankly I think it just needs a bit of work. Windows has things that make it tougher for average users also, but I suspect they are different things (I'd have to be more systematic about it at some point to articulate it better). But sometimes the kinds of problems Windows creates are the kinds of problems that nontechs can deal with, or at least work around, whereas Linux mayn't be in that position.

More scientifically, it'd be interesting to do some focus group / user tests with people who are not super into tech, just average people who use computers for various work tasks.

Again, I submit that it may be that behind the scenes, Linux is superior (the mac OS is based on Linux-like architecture, no?). But that doesn't matter for most people. My computer isn't as fast as a comparable Windows machine but I am not data crunching or gaming, so I don't notice. I suspect that Linux needs a tweak to its interface, and once it's something that anyone can just sit down and use without too much prompting (just as anyone can sit down at a Mac or PC and usually be fine) then it'll be in a position to really capture some end-user market share.

"Obviously the games library was restricted"

So how is your playthrough of the Windows version of The Last Of Us going? How about the Zelda series? The latest one looks great! And it'll be better on Windows with the extra hardware!

They're all restricted.

Partly because people keep trash talking Linux with lying memes.

When Win10 is the only game to play in town and people happily using a Win7 they can FINALLY work with have no choice, then Linux will come in and replace the library of games with the same things but for Linux and they'll find out that the NVidia driver is just as fast as the Windows one, the AMD one as flaky and unpredictable as the Windows one. Seriously, AMD have some quality issues with their testing. Not entirely their fault since Intel just keep undercutting and predatory pricing AMD into the ground and this leaves very little money on the also-ran stuff like graphics.

Indeed the Intel/AMD problem is a good mirror of the Windows/Linux one. Or USA/Cuba.

The problems pointed to are almost entirely due to the other agent deliberately ensuring the bad things happen to them.

Sans interference, we could actually decide if it did or did not work, but with it, we might have it that it would work, but sabotage works easier.

"Thanks, that helps. Though I bristle at the “Linux is for smart people” thing a bit."

Did you read the

ironic

description? Thin skinned and unwilling to read past what you want to see there.

This is not someone who can be trusted to use windows. It's the sort of process that leads to this worm promulgating, because they read something and then stopped when they read as much as confirmed what they wanted to see.

"More scientifically, it’d be interesting to do some focus group / user tests with people who are not super into tech, just average people who use computers for various work tasks. "

It's been done many many times. Mark Shuttleworth did it. RH do it, Mandriva did it. And would it change anything if it turned out (as it often does) that windows or the windows version is worse to use, would it result in Windows being scrapped? Hell no. People would use it "because that's what I'm used to". Because if you're used to it and therefore NOT that group you want to test against, it's harder to learn a different way than to remember the ways to avoid the pitfalls of this one.

GIMP generally pounds Adobe PS with users who have used NEITHER. But if you've used PS a fair bit, the disjoint in the way a SDI like PS and MDI like GIMP work is shocking. It's EASY to get over it, but those who use PS WANT to use PS and are primed by PR and fluffery to expect GIMP to be bad and then stop with the confirmation bias satisfied.

The problems for usability are not within the control of Adobe, though, except in so far as they have to keep adding more tickboxes otherwise they'd not sell any new versions. And each change has to supply more "eXperience" so ease of use is in competition with marketability. GIMP doesn't have that problem and it could be without that inimical influence PhotoShop would be better and easier to use than GIMP.

Then again, if GIMP had a serious amount of backing and support in industry (e.g. pantone patents GPLd), it could be better than THAT.

All we have is what we have.

And at the moment, GIMP is easier to learn if you haven't used anything like either program. If you've used either, the other one is a bit of a nightmare at best.

The discussion ultimately comes down to this linchpin:

Linux had a security architecture baked-in from the beginning. It has been shored up as needed, over time, but it's always been there.

Windows security was added only as an after-thought, requiring all kinds of retro-fits in both the kernel and applications, in order to maintain backward compatibility.

And for all you Linux-haters who talk about how "inconvenient" Linux is to the casual desktop user: My elderly mother has used Linux exclusively on her PC for 16 years and counting. She doesn't miss the instability or insecurity of Windows at all; she simply shakes her head at every proclamation that "Microsoft finally did it right!"

it;s more Linux has the design paradigm of UNIX, where the machine was a shared resource and you didn't own any of it yourself, you had to play with others and the system had to be secure against anyone even accidentally disrupting the work of others. So it had preemptive multitasking, mutliuser, "roaming profiles", network transparency, network access, accounts and privileges, and all those other things that Windows didn't even bother because

a) It was your computer and if you pegged the CPU at 100% in a bug, then you only hurt yourself, just switch it on and off again.
b) It had all resources local. A HDD, printer, keyboard, monitor, all of them local and YOURS
c) All that stuff was "scary geek", and avoid it, and if you can't avoid it, hide it, bury it deep, never to be found

They tried with NT3.5 to get an actual multiuser system working, but to market it to the crowd that wanted "It's my computer, my printer, my HDD, my desk, MY STUFF" crowd, it had to be twisted into another single-user system but this time with "privilege" as an added problem, which "had to be solved" by making anyone logged in superuser.

I can see that there were attempts to do it right but marketing overruled every attempt by the tech geeks and those who know how to make an OS to make the damned thing work better.

And since marketing were burdened with having to generate quarterly sales and easy pitches, they really didn't have a choice to do it differently either.

Understanding the problems of the people involved who may have been genuinely trying, however, doesn't change the fact that the eventual result was just a clusterfuck of bad choices.

It works DESPITE the design results, not because of them, is about the best you can say for Windows. The worst you could conclude is it works the way it does because that's how they designed it.

Mac OSX is basically a microkernel (ish) and a BSD, hence UNIX, userland, and therefore it inherits the same OS design choices.

There's a good goddamned reason why UNIX has lasted this long. And it's not fear of change.

James @#35

It doesn’t help that Microsoft’s update tactics, littered with malware-type behavior,...

You must be thinking about how MS forced a 'free' Windows 10 onto unsuspecting Windows 7 and Windows 8 users. I could explain fully what happened here but that would take too long and be familiar to anybody who suffered so I'll keep it brief.

I will say one thing, on the Windows 7 box (my wife's - she is not that computer savvy) we kept refusing Win 10 until one day a different dialogue popped up on start up asking to install or not. And not wishing her printer and scanner to be rendered unusable to make sure 10 stayed out of it and as the 'refuse' button seemed ambiguous I closed the dialogue with the close cross at top right. Now sneaky MS had programmed that to be a tacit request to install Win10 at next power up. Which it did. Luckily I was on hand to intervene and managed to roll back to Win 7 OK but then there where loads of copies of Win10 invitations waiting in the wings to install themselves including one update that kept installing itself and which triggered further Win 10 activity. After many hours of removing triggers for installing and hiding KBnnnnnn updates that could invoke an install of Win 10 some sanity exists with a small bug red flagging every time Windows update is opened.

My WIN 8 box, just about a year old and for which I had recently obtained software to make my orphaned film scanner work, was not so badly affected, but then I was watchful.

I completely agree about the respective security measure of Windows and Linux I have Ubuntu on an older PC here, 32 bit architecture so the latest version will not be installed.

The Linux limitation for me is with graphic software - Photography and vector graphic creation. Sure I have some apps on Ubuntu but they don't quite have the functionality.

The vector graphic software I use on Win 8 had one key useful feature when I first moved to XP, because it developed out of a vector graphic software on Acorn's RISC OS architecture (which had a much superior GUI at the time to anything else - font rendering was the best too) I could transfer DRAW format files across. That is of less importance now.

I used to run Win 3.1, 3.11, MS-Dos, PC-Dos and Win 95 sessions (with an Intel compatible co-processor) on my last Acorn RISC OS box (within RISC OS windows too) with scanners flatbed (OCR too) and film, external hard rives on SCSI with a CD writer, graphics tablet and modem. But that was late 1990s. The StrongArm processor didn't have the data volume handling capability for large image files and the graphic card capacity was limited.

The problem with Windows is the orphaning of peripherals which deters movement to the latest version because that is where the expense lies buying new kit and also software too. Not exactly an eco-friendly mode of operation. Good for business, for MS etc. that is but not for the planet. Just considering all those vulnerable computers upon which financial transactions take place gives pause for thought.

What sort of vector package? Inkscape is pretty much an industry standard, though not the only one.

And KDE should still have, if not as part of the default desktop in the days of the 2GB iso image, at least part of the repository, Digicam, which is a darkroom photo app that pretty much is the beginner level but actual darkroom photopress application. There are others more advanced, but I don't need more than Digicam and I'd have to look it up to point you to others with things like built in HDR compositing from a bracket image, etc. And Digicam may have that now, for all I know.

And one of the Photoshoppers' complaints about GIMP being unusable is the result of an ideology and design perspective that arose from vector programs: you have to define the stroke then ink that stroke to get a line, unlike make a line of a certain width like in PS. The system is still raster but it's operated in many cases like a vector design.

But maybe it's not drawing but layout? I can't remember the applications I've used in the past off the top of my head.

There are solutions out there, but you have to poke around a bit. Keep an eye out for Linux mags when shopping and take a look through for anything about interesting applications: most mags have at least one comparison test for "program to do X" with several of the current biggest contenders for it, and include them on the issue's DVD.

For anyone who hasn't used Linux or not for a while, an occasional purchase of a linux mag gives you usually a few live boot DVDs and several different applications to play around with.

Wow, you're correct that a lot of design decisions in Windows were influenced by marketing (something Bell Labs was forbidden to do with Unix), but Microsoft already knew the Unix security model, having licensed Unix in 1978 and marketed it as Xenix in 1980.

The constraints of the PC architecture had nothing to do with forcing such insecurity on users. The original Unix ran on 8K of RAM; SCO managed to port Xenix to the PC/XT by 1983. It's simply that Microsoft deliberately chose to push insecurity over security, as far as the eye could see. (The conspiracy theorist would then say Bill Gates cashed out and left before the folly of this decision was exposed.)

LionelA, you mention "eco-friendly." Windows comes in dead last in that regard, too. Between compatibility checks, privilege management, and DRM, running Windows consumes much more electricity than either Linux or MacOS to accomplish anything beyond simple math. Copying a file, fetching from the network, drawing on the screen, typing text, moving the mouse, everything takes more complicated code paths (ergo more electric usage) in Windows than in any other OS out there.

"The constraints of the PC architecture had nothing to do with forcing such insecurity on users."

No, it was the other way round. The constraints (design goal) of the PC forced such insecurity on users. When you only have one user, there's no difference between logged in and being admin, for one example. When there's no networrk, there's no need to protect against foreign computers.

And so on and so forth.

The design choice of windows as "your computer on your desk that only you use in isolation from all other computers" allowed insecure design choices to be benign, and these design choices were never undone (except as said before with WinNT 3.5, which was scrapped because "it was too complicated to sell (to the morons who buy our stuff)".

That has always been MS's design paradigm: you're too dumb to be allowed to use the computer, and everything should be hidden from you if at all possible.

Including file types.

"The constraints of the PC architecture had nothing to do with forcing such insecurity on users."

So, yeah, you're right, but I was saying it wasn't that either. I was saying it was the other way round.

On "Green", one way in which MS gets ahead, but really doesn't deserve to, is that ACPI is a defined standard, but pretty much every PC motherboard manufacturer ignores it and only writes to the current MS OS version's bug infested bastardisation of it instead.

So frequently, since each M/B has a different way of writing to the MS closed ACPI driver demands, linux finds itself unable to use some of the powersave features or unable to do one of the more esoteric suspend options.

When it comes to actually operating, it's better in pretty much all categories, because the design is more efficient, but ACPI is a moving and deliberately obscured target, and it can and does fail in some areas to deliver.

“but that it is so little used that hackers will target Windows”

No, they target windows because it’s so easy.

Hackers target Windows for the same reason Willie Sutton robbed banks: "That's where the money is." For the last 20 years or so, Windows has been the most widely installed operating system, so successfully hacking Windows gets the hacker access to more machines than successfully hacking Linux or MacOS. If either of the latter two OS's ever became a majority of installed OS's, they would get a lot of the attention that Windows gets.

That said, it's a lot easier to find and exploit vulnerabilities in a Windows machine than in Linux or MacOS. So I expect that, were the numbers reversed, you would still see script kiddies attacking Windows machines. The professional/criminal hackers would go after Linux boxes, and accept the lower success rate as a cost of doing business. The one benefit for Windows users in this scenario is that, because the script kiddies are mainly in it for the lulz rather than the money, they would be slower to identify and exploit previously unknown vulnerabilities.

In the actual world, only a few hackers find going after *nix boxes to be worth the effort. Your risks are not zero, but if you keep your system up to date and you get hit anyway, it will mostly be a matter of bad luck. Your chances of getting hit if you run an up-to-date Windows system are much higher, and if you don't keep your system up to date, your chances of being hit rapidly approach 1, much faster than they would for other OS's.

One more thing: Unix systems have been connected to the internet almost from the time Unix was first developed. I can remember a time when, to do anything nontrivial with the internet, you had to be on either a Unix or a VMS box. (Telnet existed for MacOS and MS-DOS, but you used those machines as a gateway to the Unix/VMS box.) The latter OS was a proprietary system, and mostly disappeared after Digital Equipment Corporation was bought out. So Unix had some of its more blatant vulnerabilities identified and patched early on. (Read The Cuckoo's Egg for more on this point.)For Windows, and pre-OS X Macs, internet connectivity was an afterthought. Apple solved many of those issues by switching to a Unix-based kernel for OS X, but Windows had to go through finding its vulnerabilities the hard way. And is still going through that process, because unlike Unix, Windows does not have a history of people outside of Microsoft looking at OS source code to figure out just what the problem was.

By Eric Lund (not verified) on 16 May 2017 #permalink

"Hackers target Windows for the same reaso"n Willie Sutton robbed banks: “That’s where the money is.”"

Actually, the money is behind everything BUT windows.

Sun, HP, Linux, RISCOS, the several types of RTOS, CISCO et al.

THAT is where the money is. But Windows is much easier to hack.

Look at any previous hackathon.

"gets the hacker access to more machines"

Full of cat pics, porn browser caches and muffin recipies.

Lotsamoney! LOL!

Oh, what you can do with them as a Botnet, yes, you can then use them to threaten where the REAL money is, but the fact of the matter is the money isn't in the windows machines, it's behind linux firewalls, CISCO routers, HP servers and so on.

The constraints of the PC architecture had nothing to do with forcing such insecurity on users.

Gus is correct on this point. I'm not 100% sure that Linus Torvalds wrote Linux to run on an x86 box, but Linux was running on x86 boxes pretty much from the beginning, back when Windows was on version 1.0 or thereabouts.

It was the software design of Windows, not the PC architecture, that treated security as an afterthought.

By Eric Lund (not verified) on 16 May 2017 #permalink

I bought a new Sony VAIO desktop on Dec 29, 1997. It had Win95 on it. I got it to replace the Win3.11WFG running in the DOS box that OS//2 offered, that I had been using
to write custom software for my clients. That Sony was crashing several times an hour and to get any work done I had to save my work every five minutes to avoid re-writing lost code. Between Jan 1 and May 1 of 1998 I had to reinstall Win95 FIVE times. I thought Sony was a piece of trash, despite its reputation for quality. I decided to return to OS/2 and Win3.11WFG and went to Barnes & Nobel to buy the most recent version, Warp, IIRC. There I saw a book by Bill Brush titled "Learn Linux in 24 Hrs". It had a RH5.0 CD in the back. For $25 how could I go wrong? It took me about 30 hours to get the hang of RH Linux. I also noticed that the Sony never crashed once. I missed the Win95 look & feel and when in September of 1998 I saw that SuSE 5..3 had KDE Beta 1.0, which had an even better GUI than Win95, I switched. I used SuSE to earn a living for the next five year, without a crash, until Novell bought them out. After a couple years trying various distros I settled on Kubuntu for six years and then two years ago I install KDE Neon with Btrfs on two drives running RAID1, which I have been using for the last 2 years. I can't recall ever having a single crash while using Linux.

This thread reminds be of the "uptime wars" of the late 1990s and early 2000. Win95 users were countering Linux user claims of several hundred days of uptimes with similar times, always in a one-up-manship response. Then, Microsoft released the patch that fixes the clock bug which automatically rebooted a Win95 machine after 47 days of uptime. it revealed that all the two & three year uptime claims of Windows users were pure malarkey.

Because of my background many of my friends who run Windows would ask me to "fix" their machine. I would. But after a while it was obvious that I was repeatedly fixing the same problems, most of which were not under their control. So, I told them that I would no longer do Windows and if they wanted my help they would have to switch to Linux. Over a dozen took me up on the offer. Support requirements declined to near zero requests for help. Only one, whose Windows machine I cleaned up several times, went back to Windows because of the WinOnly games he was playing. Since then he's paid hundreds, if not thousands, of dollars to get his box sanitized or the Windows reinstalled. The rest continued to use Linux until they died. The youngest of the bunch, and the only one of the dozen still living, is still using Linux. The only time he's called me is when he moved and needed help in setting up his laptop, printer and wireless at his new home.

I'm 76 years old and have used Linux for the last 19 years. It is even easier to install and use now than it was when I first began using RH 5.0.

By Jerry L Kreps (not verified) on 16 May 2017 #permalink

"I’m not 100% sure that Linus Torvalds wrote Linux to run on an x86 box"

Oh, be 100% sure, Eric. He wanted Solaris x86 and its license was horrendously expensive and minix was only allowed as a teaching aid, and BSD was not ported and still mired in patents, so Linus started off with the GNU toolchain and the GPL license to write his own UNIX system for his own personal used, and released it for public participation in the pre-alpha coding stage as Linux 0.1.

It was not ported to any other architecture until, IIRC, about 0.3.1, where MIPS was added and the arch subdirectory added to the Linux source tree to contain all the bits that were supplying things like memorymapping and the CPU register access methods.

I wasn't saying the PC design did it, I was saying Windows. The use of PC means personal computer, not the IBM PC compatible architecture which was the hardware including the BIOS. Therefore PC and Windows is used interchangeably, as is common when talking about the IBM compatible software system.

Mind you the ISA architecture WAS badly designed, as was the memory management, leading to the "640k is enough for anyone", the ISA hole at 1M, EMM and XMM and the other 1M hole at 15M for the PCI bus MMU and register allocation, along with the lower register of 4 pages (16k), I think, that is unavailable to OS use and is today not even paged in.

Look, if you wish, at the old source code repositories for the bootup system for the DEC Alpha system. The MIPS is terrible, but x86 HORRENDOUS! Spark and Ultra aren't *great*, but x86 is insane!

Actually, the money is behind everything BUT windows.

As was noted upthread, one of the handful of good reasons there are businesses still running Windows is that they depend on software that only runs on Windows, and hasn't been ported to Linux or MacOS. There is probably less of that then there was ten years ago, but there is still a lot of business that runs on Windows.

And then there is inertia. Lots of IT departments insist on Windows because they don't want to change what they are doing. As of five years ago, that included the US Air Force: the people I know who worked at one nearby AFB who wanted to run anything but Windows had to get special permission to do so and jump through lots of procedural hoops. True, they had additional security measures, like key card access, but those were Windows machines. (That division was transferred to another base, so I no longer know anybody who works at that AFB.) I'm sure there are people who will pay good money to learn the Air Force's secrets. Insert standard jokes about military intelligence.

By Eric Lund (not verified) on 16 May 2017 #permalink

"This thread reminds be of the “uptime wars” of the late 1990s and early 2000. Win95 users were countering Linux user claims..."

My epiphany for the idiocy of MS proponents came when before the EU investigation, they were required to fess up to undocumented API calls in the OS used by, for example, Office. "No such thing!". And in the court case, when it concluded, and the API documentation fessed up, not a peep.

When later claims came about secret APIs, the same ones shouted out "But they've documented it all!!! The court case required it! PROVE that they have hidden API calls!".

Not having learned their lesson.

Then when an out of court settlement was the release of several more pages of API documentation that was never released to any developer, even pointing this out and their earlier protestations that no such thing existed (and twice) could even penetrate the rose tint of the specs they had embedded in their corneas.

"" Actually, the money is behind everything BUT windows."

As was noted upthread,..."

Eric, nothing that followed countered that. Not one thing. It was orthogonal, despite being true, had NOTHING to do with it.

Were you tacitly agreeing? Then why the segue? Why not post just what you put and NOT pair it to the comment I made in rebuttal to your intuit that there was money in Windows hacks?

Because what you posted had nothing to do with there being money or even anything particularly wanted in windows machines.

Power was run via Windows For Warships (tm), and possibly the fire control. But all that could be hacked was to turn the warship off. It couldn't be remote driven like Hollywood shows hackers doing.

Basically, there's no money there either.

" I’m sure there are people who will pay good money to learn the Air Force’s secrets."

They aren't held on Windows machines, and that's NOT a large target. WHATEVER machines they run, and most of their data doesn't reside or transmit via Windows boxen, there would be the same value in hacking them.

It's just and solely that Windows is EASIER to crack and, being spaghettid together to avoid the US antitrust getting IE out of Windows and avoiding fessing up, a shit-ton of userland was festered into the OS below the admin level and right down to ring-0 in some cases, so that they could claim it wasn't illegal bundling, it was a necessary part of the OS.

Therefore an error in IE was an error in the kernel.

And MS insisted on everyone using IE.

Homogenous monoculture vulnerability making it easier to crack, since one crack would infect the majority of machines, as long as it didn't require an additional install of a propriatory non-MS product, thereby making it possible the install doesn't exist to exploit.

More design decisions, and these ones not done for even vaguely reasonable reasons, that make it easier to hack windows.

It's hacked because it's easy, not because it's valuable or common.

Errata: it was SCO x86, not Solaris x86 that Linus tried to get a license for.

That was before McBride bought the trade name (but not the OS or the license or the coders, they were Tarantella) and drove it to the ground trying to do as MS directed and slow Linux adoption by a shakedown and scare tactics that it was all patented and unsafe compared to MS Windows...

If Linux were used as much as Windows,most of the interface and software issues would go away as more people are developing.

>Well your manager was talking bullshit. And not even their own, they were copypasta-ing the FUD and BS from Microsoft.\

I trust his competence over yours. He also would not be a Microsoft worshipper.

Question, what is the purpose of having autoupdates in Linux?

"I trust his competence over yours. "

Yes, but you trust your own competence over specialists in PCA or dendrochronology, so I really do not count your trust as being any value whatsoever.

Whether you trust him more than me or not, he was still talking complete and utter bollocks and was only parroting the MS FUD that they programmed him with and he swallowed for possibly ideological, possibly mental deficiency, reasons.

It's bollocks.

Fact.

"Question, what is the purpose of having autoupdates in Linux?"

So that the updates are done automatically.

Duh.

"If Linux were used as much as Windows,most of the interface and software issues would go away as more people are developing."

There aren't any interface issues, and you have not claimed any actual software issues.

However, the interfaces will still be varied and different, because there's no one place to define where you MUST place things. So each developer house is free to pursue their own decisions on what the interface should be.

I've put Linux into a number of large financial and government enterprises here in the UK. It's an easy sell; free as in freedom, and to keep the procurement team happy buy it from a reputable vendor (they don't like things that are free as in cash). I've spent many £millions in linux licenses over the years.

Often, IT depts don't want auto-updating systems - but that's easy to deal with by having various local rpm/dnf servers that will update virtual server pools as the patches are tested and so on.

The same principle can be used in IaaS with recipe driven instances that take updates from a controlled source. of course, Amazon offer their own AMI that updates using their own yum servers if that's your thing.

However, i've never managed to roll out a decent sized operation (i.e. more than a few thousand seats) to use Linux on the desktop. Might have more luck with Desktop As A Service in years to come.

We are perhaps 30 years behind development due to the PC Windows revolution. The billions of dollars wasted on the system is staggering. Academics warned everyone back in late 98 about this system and its vulnerabilities. Windows represesents one particular meme of American culture which I refer to as the "Used Car Salesman" marketing strategy. If you want to see a free market, go to China. If you want to see a closed market loop, go to the West. The western business model is the slowest economy to adapt to changes. Stick with Windows and all your proprietary business secrets will be an open book waiting to be taken advantage of. It's really that simple. Linux has far surpassed the desktop and internet experience of Windows. Those are a lot of blanket statements to throw out. To be fair, all windows needs to do is recompile all their product code under the Linux framework, create their own distribution specific version for users under a Linux, BSD or similar kernel and let the development therein move forward. Microsoft has managed to integrate some of there software products nicely in the last 5 years. People will pay for the value of good services and they would win hordes of developers for free if they actually opened up and got on the same page as everyone else. It's not a leadership trait to go against the entire social fabric of software development in the world, its a drag on progress and real competition would likely weed out the marketing of used car sales pitches which just repeat themselves over and over again. I decided to not invest any time in learning any Windows systems as of New Years Eve 1999. I do not reget that decision.

Greg,

Many thanks for your informative article, and for your thoroughly enjoyable writing style!

I started using computers circa 1972 during my formal education in applied science and mathematics. Luckily, we had a wonderful computer science lecturer whom instilled in us the importance of having our code properly peer reviewed (using code walk-throughs) before we even attempted to run it on a computer: which at the time, usage of mainframe computers was charged at the rate of tens of £ for each CPU second, or part thereof.

What I learnt way back then was that the more people we have to peer-review our work, the fewer errors will end up being in the output/outcome of our work; and that any remaining errors will be identified much faster.

I can see good reasons for charging customers for proprietary application software [problem-solving tools], but I've never been able to find an adequate justification for charging money for the computer operating systems on which these tools run. To me, copyrighting then insisting on payment for, a bug-ridden insecure non-open-source operating system is akin to the absurdity of copyrighting each fundamental particle that is discovered in the universe, each element in the periodic table, and each discovered sequence of DNA.

Intellectual property, my ass! Under some jurisdictions, ideas cannot be patented; only properly-working, via adequate proof of concept, instances of an idea can be patented.

Readers may have gathered from the above that I've long been a proponent of open-source operating systems, and many other types of mission-critical kernels and tools. Unfortunately, the Heartbleed security bug in the OpenSSL cryptography library somewhat shattered my long-held belief in the security advantages of open-source systems:
https://en.m.wikipedia.org/wiki/Heartbleed

However, I shall always be extremely grateful to Linus Torvalds, without whom I would not have been able to provide solutions to some of my clients' problems.
https://en.m.wikipedia.org/wiki/Linus_Torvalds

Thanks again for your article, Greg. Best wishes,
Pete

By Pete Attkins (not verified) on 16 May 2017 #permalink

I think the worst thing about it was the fact that it has drained the talent. It's frequently more profitable for the market top dog to buy up talent and opposition and keep them doing nothing than to compete or let the talent work elsewhere.

MS should never have fought the breakup. It would have helped them produce better products instead of letting them fixate on a broken ideal of overwhelming and unremitting control of everyone's computer.

IMO fear kept it. Fear that in change it wouldn't work. A "Can't risk it" attitude that is is antithetical to the can-do that the USA had in the 50s and later (even if the country was as regressive as the UK had been at their worst and had been part of the reason for the collapse of the empire.

Lose top spot and you'll stop worrying about losing that position.

It's like a brand new car before the first dent: you're terrified of damaging the car. Once it's been pranged, however, you're no longer worried about it.

No, Greg, not 10 years, more like 2. Last time I logged into one of my Linux machines to do something very simple, I lost 3 days of my life. Complete waste of time. For me the OS is a platform, not a playground.

St Bart's -which was "crippled" by ransomware - is the UK's largest NHS Trust.
Do you know how many of the next 17 largest NHS Trusts were affected by this ransomware?
None.

I almost certainly know the difference between the NHS where I worked and St Bart's - our Trust ruthlessly eliminated all the kludge so that the many thousands of machines on our network were all 100% under the control of our WSUS and endpoint security systems.
When we started, malware was widespread and viruses used to hit on a frequent basis. Departments/units/wards/clinics & users were buying whatever IT hardware they felt like and attaching it to the network.
A year later all that was all history. We reduced the number of protocols running on the network from 5 down to 2, eliminated all the OSs except for two versions of Windows and two Unix clusters. Thanks to this, our IT support service was closing 80% of support tickets within 4 hours (it was more like 8 days when they were chasing their tails trying to deal with non-standard hardware). We had time to develop and put in new systems to address various technical and clinical risks. This reduced mortality AND we were detecting zero-hour viruses the instant they hit and handing them over to our endpoint security provider.

I am willing to bet that St Bart's is packed full of people who are "too special" to do their work on a standard Windows desktop and St Bart's were too gutless to repatch them into the university network where they belong.

By Craig Thomas (not verified) on 16 May 2017 #permalink

" I lost 3 days of my life."

And nothing of value was lost.

I mean, cool story and all, bro, but it's a bloody fiction.

"I am willing to bet that St Bart’s is packed full of people who are “too special”"

I'm willing to bet that you will actually risk nothing on that bet. And it, too, is a load of bull.

Craig: ". Last time I logged into one of my Linux machines to do something very simple, I lost 3 days of my life."

You should definitely stay away from Linux machines!

Yeah, that crack cocaine really can hit some times. I remember a story from an older colleague and he lost 5 days once, just completely wasted, he still blames the booze!

Wow -

Just google 'login loop issue ubuntu'. Are they all liars as well? No, YOU are. How dare you go around calling people liars without the slightest bit of evidence. Idiot.

By Andrew Dodds (not verified) on 16 May 2017 #permalink

OK, so for some reason it's OK for one commenter (Wow) to lie, abuse people and spam threads to worthlessness, but anyone who complains about it gets their posts deleted?

I don't usually complain about such things - this coming under 'playing the ref' as some would have it, but the naked hypocrisy is not only annoying but flat out strange, progressives usually hold themselves to a higher standard and you must realize what you are doing. What gives?

By Andrew Dodds (not verified) on 16 May 2017 #permalink

OK, so Dodds is complaining about people who post on a blog are posting on a blog. And thats all he posted.

And while complaining about lying lies about its existence.

Apparently Dods is allowed to do this bullshit and lying and their posts aren't deleted. Nobody knows why, not Dodds anyway.

He usually complains about everything, but that was the first time he posted that actual post and this is somehow supposed to be significant and supporting something. But what that is is strange and nonexistent. And apparently this is something about progressives, but again, this is merely because dodds is really pissed off that there are people who don't agree with his politics and therefore they must do everything he says, even though he doesn't do any of that.

Nor, strangely, has this problem ever worried him before, at least accoeding to his current complaint by post, though he has frequently posted just the same sort of complaints against progressives not being better than he can't be bothered being himself on things he doesn't care about or even comprehend.

But you would have hoped that a party politcal line that relied on denigrating "snowflakes" and "safe spaces" and insist that there needed to be personal responsibility would have avoided being a snowflake demanding a safe space and eschew any personal responsibility.

They invent some excuse for that which they don't bother doing for anyone else unless they share the same political outlook.

Mind you a quick perusal of scienceblogs for dodds brings up why he's so salty: he's a pro nuke idiot who insists renewables are a dud.

So, really, he needs to be posting there.

Except there are far too many lies on there for him to bring himself to post that tired screed without being patently obvious as a hypocrite.

Duds, go to that link and collect a list of every claim of lie and count up who the accusation was from and about and total up the rate of lie claim. Then go through and find out each and every "misleading" deceptive claim made by everyone on that thread (remember, the thread was about renewables!) and get the full list.

Then denote how many of them are actually lies (whether outright lie or deceptive misleads).

Lastly go through each claim of moral superiority and find out if the outraged one is actually guilty of that same thing first.

You know, instead of picking out someone to silence because you don't want their view aired, actually do the work to find out of your preferred ideology is not blinkering you to your confirmation bias.

Humans are supposed to be better than you. Why aren't you?

The Cuckoo’s Egg

Now there is a blast from the past, I have just dug out my copy of Clifford Stoll's book and will give it another look over.

I recall the odure that was flying about in the late 1990s, when Win95 was revealing itself more as a revamp, if that, of Win 3.1 & 3.11 with the same old trouble from fragmentation of memory and lack of a concatenation routine with MS just increasing the amount of RAM in use for those housekeeping routines so that the problem took longer to surface. I cannot remember the jargon now (cardiac arrest and lack of oxygen made a hit) but this was all about the same time as the Halloween Documents came to the fore.

More here.

The proof is in the pudding, guys - the NHS Trusts that allow any old rubbish are dysfunctional. St Bart's failed because they let the ITIL-ignorant affect policy.
The Trust I worked at - and I was in meetings where Apple-ideologues were pretty much demanding a punch-up to defend their idiotic romance with overpriced and unmanageable machines - decided to switch off appletalk and cease providing network connectivity to any machine that wasn't on the single approved current Windows OS.That trust has not had any cyber security incidents since Nachi. 15 years later, St Bart's with their splatter of nonsensical OSes have been crippled by an easily avoidable threat.

By Craig Thomas (not verified) on 17 May 2017 #permalink

"The proof is in the pudding, guys – the NHS Trusts that allow any old rubbish are dysfunctional"

According to you, they let you work there, so, yeah, proof enough you're an incompetent idiot and the reason why the NHS got hosed.

" Apple-ideologues"

Ah, your issue is not that it's "open sores" but that it's not Microsoft.

Craig, your attempts to deflect attention from your admitted unwillingness to learn new things is getting old.

* are getting old.

I wonder if he'll tell us what Linux systems he had and what he tried to do and see if anyone here can, from memory, figure out what he could have done in less than three days....

I promise not to use google, though that promise may mean that the command name may have the wrong switch, or the actual GUI button to click is incorrectly described if he insists it must be done by GUI and never CLI. It WILL be from memory after all.

I would also like to hear how appletalk caused SMBv1 bugs to be exploitable.

I use Linux at home and it's so much better than Windows there's simply no comparison.

With every install Windows' registry gets more corrupt, and with Linux I can wipe out installs with no trace using easy package managers - also installs are far easier - Google search to find the package name & issue an apt-get install command. It downloads/installs in two seconds, done.

Windows breaks all the time. Linux rarely if ever randomly breaks. I rarely have to reboot if I don't want to (maybe I'll save some power when I leave home, etc).

Why have a company that doesn't respect your rights as a consumer, forcing updates down your throat of a completely new version of the OS without your permission, giving governments all over the world their source code but not you? Use open source and open your world back up.

By Jacob Johnson (not verified) on 17 May 2017 #permalink

I run Linux on my personal machines. I do have a Windows drive in a desktop at home that my brother uses to run certain games that only run in Windows. I run the same machine with Linux, and only ever log into Windows on it for maintenance tasks.

Here are a few observations regarding things mentioned in this thread:

I have set up Linux machines for several people who don't use the command line, but somehow still manage to use their Linux machines regularly. Ease of maintenance and good performance on old hardware are the things they like best about it.

A normal update in Linux (rather than a distribution version upgrade, which tends to be a more involved undertaking) is not very likely to cause problems on the system as long as none of your low level system software has been replaced by software from a third party. Translated, that means that basically anything other than running a proprietary video card driver that you got somewhere other than your distribution's repository (which you can do if you know what you're doing) or mixing software from a repository for another distribution is not likely to cause a serious issue with your system. In my experience, it is much, much less likely to cause a serious issue than a Windows update is.

Games have a negligible effect on the desktop computer market. Games follow users. Users don't follow games. There are users who are exceptions to this, but they are a smaller minority than a lot of people seem to think. If users followed games, the Commodore Amiga would have dominated the desktop computer market. (The game console market is entirely different of course.)

Craig, the bottom line when it comes to your story about places that have been kept free from malware problems is that any environment which is very tightly controlled is easier to secure than one which is not. That doesn't say much of anything about the operating systems involved (incidentally, when was the last time Apple computers needed Appletalk for network communication? My guess would be while they were still on 68xxx series processors in the eighties. They certainly haven't needed it since the introduction of OS X.) I think your stories about Linux difficulties would have to be more specific to be taken seriously.

Most people who aren't running some specific software that is not available for Linux could do OK on a properly set up Linux box. When it comes to Linux equivalent software you enter into complexities of what users need and what they want. Not every user will have equivalent software available. and some will not like the closest equivalent that exists.

By CFWhitman (not verified) on 18 May 2017 #permalink

Windows is easier to use if you don't care if your computer is part of a botnet, with all the resource and legal problems that means.

Because at base windows OS is predicated on the idea that the user is a moron (and they will learn to be one, if only out of a desire to fit in or merely avoid risking it "proven" to be true) and must be protected from anything going on in the computer. So as long as you only bow your head and don't try to do something that is computer-ey (and if it gets difficult, stop doing that and either buy a bit of extra software to do it or claim it's not needed to save the cash), windows is easy to use.

But that still doesn't make it easier to use than Linux.

Buy a Linux Dell laptop and it's EASIER to use than windows since you don't have to deal with the problems of having your computer used as part of a botnet, which will at least slow your computer down and use some of your bandwidth. But if you don't care about that either, then they're both equally easy to use.

It's just that Linux doesn't fight you when trying to use it in case you screw things up. It assumes you're smart enough to use it rather than assumes you're too dumb.

Problem for windows is there's no such thing as fool-proof.

If you said FU to MS and stuck to XP, you may be slightly better off since there's a tool which may decrypt your machine without paying the ransom. However this titbit from the slashdot story was interesting:

The recovery technique is also of limited value because Windows XP computers weren't affected by last week's major outbreak of WCry.

For one it makes it even weirder that Appletalk could have had anything to do with it, but it also makes it realy weird that it's claimed to be an old SMB v1 protocol bug.

But WinXP had SMBv1.

Bebox was cool. Let you power off the processors individually, including all of them.