[Thread split] Win98 anybody?

Because having a big fancy UI with lots of transitioning panels and effects takes up resources.

There is no financial incentive for open source projects to require more hardware. Linux has long strived for the opposite - to run on all hardware.

So maybe if Ubuntu still ran on 256mb of RAM with Unity I'd say Microsoft is bullshitting for profits. But it doesn't - they have same minimal requirements.

 

OSes written in assembly are impractical. IMO so is Puppy Linux (though more by virtue of bad design than bad concept). And even Puppy has serious usability problems for novices.

(Thus my use of Xfce for my example. That said, while I don't like Barry Kauler's OS - or, gods forbid, its community - I do appreciate what he's trying to do with it.)

 

That's probably the biggest difference between us. When you say it gets in the way, I have to assume that you change your system/software a lot. Classic HIPS get very annoying on those terms. Mine changes very little. Everything I use is already allowed. The other specific processes/permissions those apps need are already allowed. Everything else is blocked. I did the same with internet access, both directions. Normally I leave the UI for SSM disconnected, which automatically denies anything I'd be prompted for. Even if I leave it connected, I don't see any prompts from it or the firewall. It's only when I change something that I do. Most everything new I try gets run on a virtual system first. Some apps stay on virtual systems. The only real exception to that is some of the unofficial upgrades I try. Virtual systems don't quite do justice to some of that testing.

 

Not as often as I used to but I often will run some new script or some such thing to check it out.

I think most users are like this - they like to install new applications and try things out.

 

I wasn't suggesting Puppy or the floppy system as replacements for more complicated systems. It was more to point to what could be. Code used to be much more efficient and compact. Now code that performs the same tasks is many times bigger than before and uses more of the system. Coders don't bother being efficient any more. It makes me ask what would be possible if it was.

There's also quite a difference in how Windows and Linux run on "minimum specification" units. Linux doesn't run good, just OK. Windows barely runs.

 

Ugh, this thread is moving fast.

So... Why bother with useless eyecandy then?

I don't know... I'd say the functional Arch Linux install on my Thinkpad 600E, with Xfce and 192 MB of RAM, says Microsoft is feeding us rubbish.

P.S. Ubuntu with Unity 2D runs - from a live CD no less - on a Sempron 1.6 GHz machine with 384 MB of RAM. Not fast, but usable, and it would be more usable if they cut down on the transparency garbage.

 

The reasons I asked if you know of any XP-only exploits were

1) to point out that after Windows 7 was released, zero-day exploits surfaced. Therefore, having the latest OS is no guarantee that a vulnerability won't surface to be subsequently patched, as was the case with the previous OS, etc.

2) to ask how you secure against various types of exploits.

Your example of a fake AV wouldn't cause any concern here due to my own policies and procedures regarding email attachments.

But that is just me, and if a user is concerned that she/he might let a fake AV install, then certainly other security measures must be implemented.

This reinforces my previous statement that it does no good for anyone to advise what someone else should or should not do (choice of OS, security products, etc) because we all have our own level of secure feelings about how we have our system set up, and the potential threats we might be concerned about.

A good analogy is home security. Looking down any street, I see some people have a heavy metal screen security door, some have bars on the windows, etc. Others have nothing but standard windows and doors. In the same neighborhood, then, I see that people have different ideas about potential threats and different ways of dealing with them.

There is no right or wrong way, for ultimately we have to deal with our own level of fear and concern in a way that gives us the feeling of safety.


----
rich

 

Good points, Rmus.

FWIW - I don't think that having the Latest And Greatest software makes you invulnerable, or even necessarily less vulnerable. But I suspect there is a qualitative difference between OSes without DAC (Win9 and OSes with DAC (e.g. Windows XP). I'm betting the latter are much easier to secure.

As for my own security policy, it does bear thinking about. On Linux I rely on patches, common sense, and restricting my browser - by blocking stuff (Noscript), and/or sandboxing it (AppArmor, Chrome chroot sandbox, etc.) Oh, and I usually use iptables in case some dumb application opens a listening port. I probably could do better than this though.

(On Windows I haven't cemented a strategy yet. Windows NT security is untested waters for me - and 90% of people uses OSes in that family, so it's an intrinsically bigger target.)

Oh, re the fake AV - no, I'm not afraid of downloading and running one by accident. I was executing this one in Windows virtual machines, under Linux... Sadly it turned out not to contain a rootkit, or anything else interesting.

 

IMO, it's little more than an arms race. As fast as MS releases an "improvement" someone breaks or bypasses it. It's partly due to poor implementation on their part. Mostly it's still Windows default-permit design. Whether users want it that way or not, it is the problem. That's primarily the case because Windows has always been that way.

 

Default deny may work well for most users, but not for me - when your homework assignments consist of writing and testing a program, you need to be able to run arbitrary executables.

IMO it's a very good solution for end users. For people are actually in the IT business though (or working their way into it) it poses problems.

Edit: IMO the main job of an OS is to let me execute the arbitrary code I want, and not execute anything I don't tell it to.

 

@Gullible Jones,

Because users like it. The same reason no one uses CLI anymore - having something pretty to look at is nice.

Arch is a bad comparison. Arch aims to be a completely minimal system - there's tons of user configuration because of this. Microsoft aims to be the OS for everyone, like Ubuntu. That's why it's so much heavier.

You can shave Microsoft down to like 512mb of RAM if you're using something like Tiny7. but you end up losing 90% of the OS's capabilities.

I agree with this a lot. Not entirely, but for the most part yes.

@Noone_inparticular

There is no bypassing ASLR or DEP without:
1) specific exploits that allow for arbitrary read/write to memory
2) specific vulnerabilities that lead to information leak

There is no way around ASLR and DEP.

Of course, that's assuming proper ASLR and DEP usage. There are very few OS's that have this - only really PAX kernels and systems using hardened-toolchain on Linux.

ASLR is not some little hurdle, it doesn't just make things difficult. It makes many things, when implemented properly, just about impossible.

Microsoft has been implementing ASLR better in each version since Vista.

Default permit is literally always going to be the policy for any system that is aimed at a user.

If it weren't I've already discussed the technical issues with AEs in another topic - any "real" default-permit would be insanely convoluted.

Sandboxing/ containment will be were security moves to. Not default-deny.

 

CLI vs. GUI is different. CLI is less friendly, especially to users who aren't native speakers of whatever language the CLI is based on. MS-DOS to Windows 95 is a huge leap in usability, Windows 95 to Windows 7 not so much IMO.

And I don't agree that "users like it." Most users (who aren't die-hard obsessive computer geeks) want to get stuff done on their computers, not look at the pretty glassy window frames. In fact I'd argue that such eyecandy is harmful to usability - it's distracting, and in the case of transparency makes things harder to read.

Au contraire, Arch doesn't have to be minimal. It's designed with that in mind, that's all.

Partly because the Tiny7 guy doesn't seem to know what he's doing...

 

I think we disagree there - I think users appreciate a polished UI.

But you start with a very "ground up" approach - so only what needs to be installed gets installed. Hundreds of megabytes of library files will never touch the system even though they're there on Ubuntu.

Most of what he does is strip out functions people won't usually use as well as language packs etc. Things designed to make use of the system easier for *everyone* but things that aren't designed for an individual.

 

On the definition of "polished" as well. The Windows 2003 Server GUI is what I consider polished. The Windows 7 GUI (by default) is what I consider glitzy.

True, I'll concede that much. But the Arch desktop can be used to write a document, browse the web, view images and PDFs... With a bit more configuration (and the requisite hardware) it could print, scan, and connect to wireless networks. I'm not sure about bluetooth support, but the limit there would probably be hardware compatibility, not resources.

Stuff being included in Ubuntu doesn't mean it's actually necessary for full desktop functionality; only that the Ubuntu developers thought it was a good idea for whatever reason. In some cases (e.g. the global menu) there is clearly a difference between what I and the Ubuntu developers consider a "good idea."

I say he doesn't know what he's doing because he's included known dodgy software (e.g. Browzar) in some of his releases... And because I'm being charitable, and assuming that he's just a geek who likes to pirate custom Windows installers for some reason, as opposed to a blackhat operating a botnet or such.

 

I see. My point was that he's stripping out functionality and that's what's reducing the RAM usage - not improving the programming.

There's not a ton you can do to reduce RAM usage. IDK what languages you know but your compiler is going to end up optimizing it a lot anyways and usually its a matter of using consts and chars and ints.

You can reduce leaks through garbage control and lower overall usage by optimizing. Otherwise the biggest cause of a lot of memory is just a lot of code.