931 posts • joined 28 Feb 2010
It's not it primary purpose - the purpose is to ensure a "secure" boot stack and make much harder for malware to start early in the OS boot process to hide himself better. But cracking Windows requires to alter some of its vital files - something secure boot will trap and thereby refuse to boot the OS. Sure, users with enough knowledge can disable secure boot and attempt to load the OS anyway, but still it will make cracking the OS harder, and installing cracked versions as well.
I've yet to check, but I hope even applications can be written to refuse to start if secure boot is disabled or the system compromised in some way. In many environments that can be highly desirable.
Being an IT professional I've seen enough "hardcore Linux fans" running pirated copies of Windows "just to run the games" - usually pirated as well. Probably I'm also from a country that always had a high level of piracy compared to others, but I've seen many complaining about "security" features just because they weren't allowed to run pirated software easily - while keygens and cracks are often attack vectors.
Too many users complain "Windows is not secure", when usually it's them making it unsecure running with admin privileges and installing pirated software often riddled with malware. No OS can protect you when you start cracking it and then install malware yourself...
Sure, Linux where the need to run pirated software is minimal, is far more secure from this point of view.
The only ones afraid of secure boot are all those "linux fans" attempting to run pirated copies of Windows on their systems.
Microsoft made the right thing to push a secure way to boot an OS allowing only verified code (after all that's how the Sony PS3 works), even if it's also trying to push it a bit too far to allow Windows only.
As long as any attempted by MS to hinder other OS installation is hindered, secure boot *is* a valuable feature.
If you're a sysadmin and you know nobody can boot your machines without an unauthorized OS (i.e. a live CD, a USB stick, whatever) you know you have a new good layer of security. And tha'ts true even if you're running whatever Linux you like and you don't want someone tamper with your machines.
If in your bedroom or basement you can't install a pirated copy of Windows to play some pirated games, well, I do not care.
They should have called it 8.1 SP1 and everybody would have been happy
Call it 8.1 SP1 and everybody will be happy, can't understand why MS can't follow old practices everybody was fine with. Even before some pre-SP versions were no longer updated, IIRC it was a long time XP RTM and XP SP1 no longer received updated, only SP2 and SP3.
Each SP is almost a separate version, it means mantaining each requires to fix different code branches and test them all - it may make sense do obsolete some.
If they had not to revok and replace or their digital certificates and change all passwords...
It's funny how those MS haters hastily upvoted your first post but never care to read your correction...
Re: I am paying for OpenSSL, via my Red Hat subscription
Why do you believe Google based its Android/ChromeOS software on OSS - "free" - software? Because it wanted to steal your data in a way that should have been easy and fast, it wasn't going to invest in delivering a new OS written from scratch which would have costed a good sum of its revenues stored in some paradise island.
They will invest money if and only if it helps to move software away from a competitor they may have to pay - if they find some free software they have not to pay at all, the better.
And when you buy Android, all you buy is the right that your data will be stolen by Google and not someone else.
Re: This explains it
Especially when the "shortened" link is longer than the one it refers too, LOL!
Re: Where have all the fanboyz gone
Guess many also didn't still learn how to use Active Directory and group policies to automate patch installations, and create group of machines with different policies. But some critical servers that need to be updated only after patches has been tested before being allowed, everything else is patched automatically - we prefer to have to pull a patch is some crappy app stops working, than being compromised for the lack of patch.
Re: no armageddon here thanks
But the memory allocator will also get and release memory to the OS - what you get from this bug can be anything depending on where the memory comes from, and what has been used for before.
"The difference is, once the problem is identified *I*, *you* or anyone else could knock up a patch in minutes and distribute it to the world. And that's pretty much what happened."
Oooh, soo naïve.... of course the patch is released at the same time the flaw is published - that's how proper vulnerability management work, open source or not. The only difference is you can really patch it yourself, if you know how to do it and know enough of the used programming language and toolchain to get the final executable - something not many users have.
"If you think that open-source = security"
No, I never thought it, but that what many OSS fans try to sell you.
Re: The real problem is C
The x86 protected mode architecture has a lot of checks (including the BOUND instructions) just OS and compilers don't use them because checks slow down operations...
Given the choices:
1) Fund OpenSSL development
2) Buy your own island
3) Buy your own 767 and use it to reach some tropical island
4) Buy a castle somewhere in Europe
What Oracle, Google, Facebook, etc. etc. CEOs do?
Ah, and then some executive will tell managers "get our developers use open source code, it's free...."
Often the problem lies in the IT department itself. Often the wrong applications are selected without understanding they are so badly written they will not sustain an OS update. Often buying shining new hardware to play with is were money goes, instead of planning for software obsolescence.
Then there's also the hassle of keeping applications up-to-date, it's always a risk, what if something breaks and everyone yells at you - let the ten years old application run, after all it run until now and no one complained...
And believe me - when Windows 2003 will reach its EOL, we'll see this again....
I wonder how many so called "system administrator" didn't learn yet to perform a "slipstream":
Re: Our last XP machine was, pretty much literally, taken behind the shed yesterday.
It's funny how many think a "firewall" (and I would like to see which FW and with which rules and how often the rules are reviewed and updated...), not even an IDS or something more powerful (i.e. software that locks down what you're actually permitted to do on a machine) is enough to protect them-
It looks they are still protecting themselves from last century worms that uses protocols listening on open ports as attack vectors - as if many Attacks today weren't performed over open ports (HTTP....) using very different attack vectors from browsers to Java to document parsing flaws, and old, always working social engineering trisk. All vectors a firewall won't stop.
But that's a trend I've seen in many IT departments. Securing a network fully requires work, a lot of, and unless performed by skilled people, it can create big issues. Thereby the trend is "let everything as it is, don't touch anything, do just the minimum needed to tell management we had secured the network". I guess there's will be a lot to "laugh at" in the upcoming months.
The issue with WiNRT is its "consumer-oriented" API
The main issue with the WinRT subsystem is it was designed for the "tablet consumer app" with a lot of restrictions. Security is OK, but many big, complex, expensive apps developed for the desktop needs to access the full Windows (or .NET) API - those that don't are probably already moved to some kind of web application which doesn't need WinRT already.
Unless WinRT becomes a real alternative to the full WinAPI, developers are forced to decide if their applications can be made working in the less powerful subsystem and within its restrictions - moreover those restrictions means only MS tools can often be used.
MS has to get out of the "consumerapps" hangover, and remember many Windows system are used by professional users for complex tasks, and developers needs to fulfill their needs, not only churn out instagram- or whatapps-like applications.
Re: What next?
My bet? Keep on dreaming...
Re: I'd guess none
I understand now why almost nobody ships PCs with Linux pre-installed... not everybody wants to be forced to supply all the GPL stuff also.
Re: No win.
The gay community is acting like McCarthy. Everybody not thinking the way they like must lose its job and be "ostracized". That's something US already underwent in the '50s, and it wasn't a nice period. Even McCarthy had the excuse it had to protect US from communists, but he did like a communist. Gays are acting like McCarthy... and maybe it's also a way to get to well paid jobs easily just crying "look! it hates gays!" - next everybody thinking gay marriages is wrong shall wear a yellow star? Or be sent to some cold place to be "re-educated"?
And if somebody next would like to marry his or her cat, dog or horse? Why not? Why gender is ok, genus is not? There are also many different type of marriages we think are not appropriate - think incest, polygamy, ecc. ecc. - beware of opening the Pandora Box just because some easy money...
Removed Firefox from my PC.
Re: Freedom of speech goes both ways here
I wonder if he campaigned against polygamy, combined marriages or children brides if that would have raised all this dust. There are countries were both are accepted social rights, and would not be happy it you remove them.
There's nothing as a "human right to marriage" as there's nothing like a "human right to have children".
But let's remove the finger, all this fuss about marriage is really about *money*. The right to "marriage" is really a right to "inheritance" and other ways to obtain easy money or advantages.
Re: Garage PC
"Give the admin user a simple password that you can remember - this is to stop simple "run as admin" actions."
Give admin user a "complex" password that you can remember. At least 16 characters long (disables unsecure NTLM hashes) - better, create another admin user, and disable the Administrator one (use gpedit.msc do to that). Beware that to change the XP home password IIRC you need to enter in safe mode or something alike.
Disable useless and unused services, especially if running as LocalSystem. Downloand SysInternal's Autoruns anche check what is started automatically - remove whatever you don't need.
Re: Garage PC
It's funny most still think malware is designed to crash or wipe your PC. Sorry, that's not 1987 anymore. Most malware is designed to infect you, and stay hidden, while stealing data silently, or perform operations on the bot C&C behalf (spam, DDoS, attack other machine, host illegal contents,do anything illegal you like on someone's else machine....), often even rented to someone else for a given task. Only crappy malware (there's that too) will do something you'll notice easily enough (yes, there's ransomware also, but that's a one-shot malware type). It make take years to discover a well hidden infection.
If AV and FW were really effective, we would not be here talking about vulnerable machines. And the more "0 day" XP will be vulnerable to, the less AV and FW will be able to protect you, there are dozens of effective techniques to avoid detection and make local AV and FW wholly useless - when you compromise a machine, you can also control the software running on it. You may sleep happily while someone else enjoys your machine and your data, or open your eyes and acknowledge that false security is usually equal to no security at all.
Re: Garage PC
Well, for that you have the far bigger problem of incompetent users and those used illegal copies which of course don't patch system because they're afraid of being identified and their system locked down. They could run the shiniest lates OS but will click on any "pOwn me" sign as long as it is pretty and colorful.
Re: Garage PC
As long as you don't have anything important on it, or do anything like using it to buy something over the Internet, you may accept the risk. But as soon as you read your email, buy some of those parts or something like this on that machine, log on to some site, or the like, you're accepting a not little risk. No FW or AV will protect you enough - and the problem is not what they may delete, is what they could steal without you even knowing it.
Maps can be already stored to SD on a Lumia.
You can already store maps on the SD car on a Lumia - you have to install Lumia Storage Check. It has an option (details section) to store maps on the SD - on a 620 I have more than 2GB of maps on the SD, while only 21MB occupied in the phone storage.
It's appalling how many people still think an OS is its shell, and vice versa. They look deeply stuck in the MSDOS/Win 3.x model, where Windows looked just a GUI atop DOS.
I thought Linux told most that an OS it's not a shell, but it looks it failed too. Well, after all most distros are identified by their desktop managers, not what's below, even if most Linux server use no X.
Windows 8 *shell* is broken by design (the OS below is even a little better than 7). But luckily for MS, that's the easiest part to fix, as long as someone in Redmond understand he has to swallow his ego fully and admit that shell was big mistake for non-tablet PCs, and Sinofsky was not the only responsible for it.
From many perspective Vista was a far larger mistake than 8, because the issues were deeply within the OS itself, not in the new GUI. It required to bring in people like Mark Russinovich to help iron them out.
Re: Under the hood?
That's exactly the mistake MS avoided and explains why Linux has risible desktop share well below OSX one, that 'strangely' enforces a single UI exactly like Windows does. Standardization is often a good thing.
It's wasted time. They do not understand how system programming evolved over the past thirteen years to support an evolving hardware, and they judge an OS just from the shell and widgets look.
Understanding the changes underneath requires knowledge not everybody has, it's an highly specialized kind of programming, and became pretty complex. Moreover, the mainstream development moved to web applications and managed/scripted languages, the less developers had to cope with an OS 'internals', and they give for simple and granted features that require a fairly complex management in the background.
Re: Wasting taxpayer's money again
"So their inability to plan ahead has cost us £5.5mill. Nice."
I wonder what the IT management was doing in the past 13 years. Didn't they see this coming a little earlier? Whatever the solution could be, finding and planning it before April 8th, 2014? No one fired for usch a blatant lack of proper management?
Re: Wasting taxpayer's money again
You may not believe it, but there are some workers who spend their whole working life producing documents.
Re: Wasting taxpayer's money again
Banks usually run higky skilled security teams to cover all the risks they have to face (IT and non IT ones), because money matters. They are also able to enforce their internal policies far better than other businness (but they are compromised anyway). When it comes to different type of businness, you can't rely on such level of competence and resources. You have to protect your businness in a different way. AV and FW won't protect you enough if you're a good target which can attract skilled attackers with ad-hoc techniques.
Re: Upgrade cycle
It's most lame developers who couldn't code a Windows application properly now moved to web development...
Before re-installing an old machine, always check for new drivers before....
When reinstalling an old machine with a new operating system, is always better to check in the old OS which devices are installed and were drivers are from. Then download the drivers for the new OS before clearing the old one. Not every vendor submits its drivers to Windows Update, and many devices are rebranded ones, the only hope you have sometimes its to look for the OEM. Also, some Vista drivers may work in 7 too.
For the matter, I recently got an ASUS motherboard that didn't even boot with a newer Intel CPU until I updated the BIOS - luckily that board allows updating the BIOS even without a CPU.
A female assistant good at sports results?
C'mon, that's impossible! This is pure marketing s**t!
Re: @ moiety -
Should we reminde Cook said "Apple is working to make the UNIVERSE better" (capital mine)? When it comes to marketing, they have no shame.
Re: It's not only Microsoft
But is this an MS fault? There's XP embedded for such systems, not plain XP. There are other industrial OSes available. The issue here is not they use Windows XP, the issue is they use NetBEUI instead of TCP/IP. Even if they had used some protocol over a serial link (RS-422), they would have no problem upgrading the OS. Instead they choose to use a protocol that was already obsolete because they didn't want/know to use a serial link or add TCP/IP to DOS.
If someone chose the wrong tool for the job, who's to blame? I guess there's also a lot of industrial handheld devices out there using PalmOS, Windows Mobile, and other mobile OSes... they're being replaced by Android ones, why nobody complains? I had to buy USB-serial adapters because some networking devices requires to be able to connect through a serial port if you can't access them via network, why nobody complains that most shiny new laptops have no more serial ports? Or maybe we should blame MS for this also?
They could send it to a maintenance group in India (if they didn't it already...) and have some lame, cheap developer working on it. That would be the best way to make people upgrade to a later version...
"What I said was you can patch a working system for security holes in virtually every case without changing versions"
Yes, in theory you could. But is it practical? No, it isn't, unless you're a company with the resources and the skills to backport every security fix, and test them, while the old codebase and the new one diverge more and more.
After all if you pay MS they will still support XP for your, so where's the difference? How much would cost you a developer, or more, and the infrastructure needed to backport and test?
Re: WHY because Why waste that old Hardware, its bad for Planet Earth.
"Debian, Slackware, SuSE, and RedHat have been going for 20ish years" Well, Windows is much older. But which *release* has been supported for thirteen years? Is Debian 5 still supported, for example? Earlier versions?
"Any personal experience? FUD that you've read?"
Sure, we ported our software from Debian 5 and 6 to Debian 7 in the past months. While I have Windows software written for Windows 2003 that works without issues with Windows 2012R2 - just install it, software written for Debian 5 needs work to be updated/recompiled for Debian 7 - or it doesn't work.
"The beauty of Linux is, if there's a peice of old software that doesn't work with a newer system.. you can update it (or hire someone to)"
The beauty, or the nightmare. If software is no longer mantained you are in deep waters - not everybody is a programmer able to mantain code, or can find one doing it - and you may not have the source code at all.
And, believe me, any software that doesn't run under 7 or 8 is software that would have not run even under XP if you ever tried to log in with a non-administrator account. Windows development guidelines are something most "developers" never took care to read and understand, and filled the world with crappy software, just to blame Windows when their bad written software have issues because they're no longer allowed to write everywhere in the filesystem or something alike.
Anyway I upgrade my software every four-five years at most, thereby I've no really issue with very old versions not running on latest OSes, although I see PSP8 running under 7 without issues, although I no longer upgraded it since X3 because it became too crappy and switched to Lightroom/Photoshop. BTW even older versions of Photoshop works under 8.1 with no issues.
Intranets that requires IE < 8? Install IE 11, press F12 select the desired document mode, and user agent string. So easy.... maybe if some of you takes some time to learn what's new in 7, 8, IE11... instead of just spending time spreading as much FUD as you can in forums about Windows...
Re: @LDS -- Irrelevant Here @Rob
I can't understand why people here who would be ready to kill someone to get a new mobe one day earlier than general availability - even if it just adds different colored icons, and even if they just bought the last model two weeks before, and just to do plain old tasks like messaging - complain so much because Microsoft is stopping support for a thirteen years old operating system because they want to keep on using their old PCs they love so much and would never change. It's totally a nonsense. I can't really understand what the problem is - but greed. Upgrading the OS is like your car or house insurance policy - you pay for it every year even if you don't have issue - but the day you need it to protect it you know you're safe. You can avoid it and face the risks - you can use an outdated version of Windows or Linux - nobody stops you - but the responsibility is yours. Just you can act risky and blame someone else because is not protecting your from risks without you paying for it.
Sure MS is a company and needs money, those money comes from selling products - selling a mobe is not different than selling an OS. Why an OS should be supported indefinitely so you don't have to pay for an upgrade, why is ok to make a mobe obsolete every year? Why can't you run iOS7 on the original iPhone? Why can't you run OSX on an older Mac? The latest update doesn't support models just a few years old. No one complains, why? While a ten years old PC can run 7 without issues. So, please, tell me what is the *real problem". Is you don't want to pay for Windows? Ok, no one forces you, plenty of alternatives around. Don't want to upgrade your hardware? Ok, stick with XP and face the risks, or again, choose an alternative. Just stomping your feet like children and crying "uaaaahhh, Microsoft must give us free XP upgrades" won't help you. Just make you look like children - and greed ones.
Re: Irrelevant Here.
"Honestly, desktop computers haven't really changed in the past decade"
Are you sure? Just open one of ten years ago, and a new one. It's easy to spot the differences. And there are even more you can't see. You see them if you actually code for them.
There's a lot you can do with an actual desktop you couldn't do ten years ago. Sure, an old PC still works. And XP still works. Keep on using it, nobody forbids it. Just you can't ask Microsoft to mantain it when it's no longer a viable business.
"I don't own a mobile phone. And to be cool, I've stopped wearing socks when I wear sandals (apparently it's not cool to wear it like that)."
Ahh, you're Stallman!
"Trying to aggressively put "
I was not the first one to be aggessive - and I was fully constructive - I explained what there's new in actual PCs older operating system can't support, but it looks people like you understand only new widgets as "improvemetns", and that's say a lot about what you know about IT.
Your post was totally irrrelevant and not constructive at all - frankly I do not care if you have a mobe or not, or if you wear socks or not. But I guess you're wearing the same socks for the last thirteen years and never thought to "upgrade" them...
Re: @LDS -- Irrelevant Here.
And if you knew what my job in IT is, you would stay very silent, believe me.
Re: XP Needs to Die
It looks a lot of people are after the latest mobe for status reasons, even if they have no real technical need for an upgrade. While upgrading an outdated operating system, because it doesn't make you cooler (but it does make you more vulnerable) is not interesting. Nobody is crying if Apple no longer updates the older iPhones - why? Because almost everybody switched to a "cooler" model.
When I buy a computer, I know I will have to replace it - or its OS - when the obsolescence cycle is completed. As when you buy a car you know it won't last forever, or a washing machine, a heating system, or an alarm system. You know when they are old enough maintenance costs and the risk of a sudden break could cost you more than "upgrading" them. Sure, there are those who blindly spend money in everuthing else, and when they found themselves in a cold winter with a broken heating system too old to be easily repaired, discover how silly they were....
Re: Irrelevant Here.
Matured? I see a lot of new technolgies entering now desktop PCs. Multicore CPUs, GPUs for high-speed parallel processing, SSD disks, 10Gb and higher networks, IPv6, and so on. Sure, you don't need them to update your FB page, you can do it with your expensive mobe which you of course need to update every six months to feel "cool", because it adds "exciting new technologies" like a fingerprint reader, or some more screen size, right?
It's you that understand nothing about IT, it's something more than what you do in your bedroom, so please, shut up, coward.
Re: XP Needs to Die
So why they replace their working mobes with the latest "cooler" version? I too have old PC still working, I've a 2005 one that has just been reinstalled with FreeNAS to be used as such. It was running 7 until a few months ago, when I got a new one.
XP will not stop working, it will keep on working, but of course the risk of being compromised will be higher and higher. You have to perform a risk assessment and assess how would cost you to be compromised over upgrading your OS and maybe your hardware - or switch to a different OS.
Is really new hardware so expensive? Many PCs today cost less than a "cool" mobe.
It's like when you have an old car still perfectly working, but finding spare parts becomes increasingly difficult, and maintenance expenses higher and not every shop may still accept it for maintenance - you may decide buying a new car is better, even if expensive. Sure, you can't crack someone else car easily...
Re: So does OSX and Linux...
AFAIK, no Linux distro is supported for more than five years. Then sure, you can patch it yoursefl (or find someone to do it) if and only if:
1) You have the skill and resources to do that
2) You have the source code available.
The problem with the article is that nor 1) nor 2) is true. Even with Linux, some proprietary tools and hardware may come with binaries only and no source code. The backward compatiblity of Linux is far worse than the Windows one - unless you have source code, can recompile it and fix issue that may arise by libraries and compiler changes... and again you need a good software developer to do it - something not everybody has at hand, especially if he has to work on proprietary hadware he's never seen before.
Sure, Linux is ok for your websites - but don't believe it's the solution to every IT problem...
Re: WHY because Why waste that old Hardware, its bad for Planet Earth.
Sure, even MS DOS can, guess Linux can do it as well. The problem is nobody cared to use it to do it...
Re: WHY because Why waste that old Hardware, its bad for Planet Earth.
"stay safe with Linux"
Which Linux distribution has been supported fro thirteen years? And Linux is not famous at all for backward compatibility - it you have software written for an old release of Linux and not mantained by anybody, there's a good chance it won't work on a newer release.
Here the main issue is not the software is not working with 7, it's 7 no longer support a really outdated protocol like NetBEUI. It would have happened if they had used AppleTalk as well, being the latter no longer supported by OS X since 2009. Just, nobody used expensive Macs to run industrial equipements.
"There is a very good chance Linux OS will run well with older hardware with lower specs"
And there's also a very good chance it won't run with newer hardware with higher specs (just being hit by Debian 7 not supporting Dell PCIe SSD disks...)
Re: Logic doesn't enter into it
But you miss a point: if MS had released a new FS XI with an improved flight (and ground) model, better GPU support (FSX still uses DX9, and only partial DX10 support), voice controlled ATC, better use of multithreading because of the number of cores now available (FSX SP2 makes only a limited use of multithreading), touch input support, ecc. ecc. I (and many others) would have upgraded instantly.
What is happening with XP is more alike users pre-FSX who didn't want to upgrade because the new, improved version was heavier (and required powerful GPUs and CPUs) and some of their add-ons could have not worked (and for a not small percentage, the need to look for new cracks and the like...)
MS Flight was more alike a Win7 -> Win8 RT shift than an XP -> Win7 upgrade - this latter is much more alike a FS 2004 - FSX upgrade, soon you understand the latter is much better. And add-on developers could deliver far better products when they could deliver FSX-only add ons.
Re: This is the fault of Trevor's clients
They should have used XP Embedded - which has a different lifecycle - or some other embeddable OS with different lifecycle support policies.
They choose to use an OS which was never designed for such tasks, because it was cheaper and easier, and of course their customers will now pay for it.
But you can't blame Microsoft because someone else made the wrong choice then. Microsoft products lifecycle are well laid out. You have to take them into account when you design a product with a much longer lifecycle.
For example there is specific hardware for system that needs to be available for many years - it's more expensive because the maker warrants that same hardware and spare parts will be available for many more years than plain commercial hardware, and it means it needs to store enough parts to fulfill its warranty.
"I know a company that tried to use Linux back then - it failed miserably due to the poor to nonexistent driver support in the 00's."
There's no driver until you write it. Again, it looks it attempted to go down a fast route without a proper investment. It should have had the driver written, isn't this the very meaning of Open Source? It's not "software I have not to pay for".
Don't blame someone else for very bad decision made by the management of those CNC supplier.
- Updated Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
- Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run
- Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Android engineer: We DIDN'T copy Apple OR follow Samsung's orders