Researchers have determined that if you were to install Windows XP and connect it to the Internet to download the security updates, your chances of getting the updates before being hacked are slim to none.
If you want to use XP (as I and other computer security experts often recommend), use the following best practices when installing XP:
1) Don't install with the network cable attached. At least one commentor on the article cites a time when his windows 2000 (the basis of XP) was hacked during installation.
2) Get Windows Service Pack 3 which contains a cumulative patch of years worth of security updates. Download SP3 onto a second computer, move it to the new one, and install it offline [download here].
3) Install a virus scanner and a firewall prior to connecting the cable.
4) Download (on second computer) updates to Internet software such as Microsoft Office and Internet Explorer. While you can (and should) use Firefox instead of Internet Explorer, IE is integrated with the operating system so it's a good idea to keep it updated anyway.
You can also download incremental security patches from the Microsoft Download Center, but I couldn't tell you which ones are relevant and which aren't. I believe that Microsoft removes all security patches that are bundled into service packs already so, in theory, you should just download any security patch listed for XP on their site. If you can confirm this, please post it in comments.
A good story about a man who had terrible problems with a slow Vista computer that became so fast after downgrading to XP that it was more accurate to call it an upgrade.
This is funny and informative. I didn't know that the total number of Vista machines is near the same number of Macs out there. What's that? Under 5% market pentatration? Ouch.
(H/T to Digg.com for the link)
Vista apparently runs out of memory when copying over 13,000 files in one go without any warning. While that is a lot of files, this seems to be a fairly large bone-head mistake. First of all, why can't Microsoft figure out that file transfers should be pausable and resumable (same as when downloading from the Internet). Of course, even that was something they had to steal from Mozilla rather than figure out on their own.
Vista has been a rough release for Windows. I would say that it's probably the first time since Windows 95 that a new system wasn't better than the previous (other than ME, but that didn't last long). Some people think Microsoft's mistakes with Vista are such that they should just abandon it and move on.
Much talk has been given to Service Pack 1 and how this update should address many of the issues users have with Vista, but I simply don't agree. Will SP1 eliminate the ridiculous Microsoft licensing schemes? Will SP1 drop the price on the higher-end versions? Will SP1 eliminate the need for users to buy a new computer just to use the faulty OS?
People who would normally be forced to have Vista because of buying a new computer are now being given the option to "downgrade" to XP.
The article also says that the unpopular Vista operating system cost 6 Billion dollars to create. Ouch.
(H/T to Slashdot for the link)
Microsoft is announcing new service packs for both operating systems soon, but urges people not to wait and to "upgrade" to Vista now.
Yeah right. Unless Vista SP1 addresses the DRM and spyware issues, I will continue to avoid it and recommend that other people do the same.
As for XP service pack 3, I'll be watching to see if they try to add some of the bad "features" of Vista or some other thing that makes XP less attractive. In other words, beware any attempts to break XP in order to force people forward.
This is actually pretty clever. This kid was making bomb threats to his school and was doing a pretty good job at hiding his tracks until the FBI got involved.
By sending a small program to his Myspace page, they somehow managed to infect his home PC with a monitoring program that collected evidence of his crime:
…if the Bureau could get the CIPAV installed on the user's machine, it would be able to collect the machine's IP address, MAC address, list of running programs, operating system, Internet browser used, language used, the registered computer name, the currently logged-in username, and more. All of this information would be relayed over the Internet back to an FBI computer in Virginia.
That sounds just like Windows Vista.
Apparently, a recent update to Vista has disabled program uninstall. That sounds like a big problem to me, but so far, no word from Microsoft on the issue.
Spyware: Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else.
Because of the End User License Agreement of Vista, Microsoft arguably has the legal right to collect a large amount of data on you and report it back to their home servers. Some will say that they're not hidden, but is being buried in a giant EULA that most people don't have the expertise to understand really the same as full disclosure?
Microsoft says that users have the possibility to disable or not use the features and services altogether. But at the same time Windows update is crucial to the security of Windows Vista, so turning it off is not really an option, is it?
Not only that, but you have to know this a problem and then perform the immense amount of work required to identify all the various services and features that spy on you and disable them properly. By the time you're done, you won't really be using much of the software that came with Vista in the first place.
(H/T to Slashdot for the link)
Maybe this has been around a while, but it's the first time I've seen it. There are utilities to unlock files that Windows won't let you delete because they are "in use".
The main suggestion in the article is a free utility called "unlocker" which will probably work well for normal users and I might add it to my list of tools for that reason. However, a commenter said that the Process Explorer utility will let you find the exact program that's using that file so you can close just it instead of unlocking every process at once.
Once I've experimented with them, I'll have one or the other on my tools page. Until then, feel free to go to the article and check it out yourself.
This is an iteresting article about how Vista, with it's poor security, lack of compatibility, high price, and integrated features that users hate (like DRM and security alerts) might make people start to seriously wonder why they're still using Windows.
I don't personally buy the argument that Linux will be the system they run to because I haven't yet seen a version of Linux that could match the user friendliness of Windows (with the possible exception of SUSE). But I'm no Linux expert. We'll have to see.
(H/T to Schneier for the link)
And on that note, be sure to check out this link for an article comparing Ubuntu Linux VS MS Vista.
For it's incessant prompts to "allow or continue", it's terrible compatibility with older software, and for Aero not working on most machines even though Microsoft marketing always shows the Aero experience (which so many people don't actually get to see). PC World puts Vista as #8 on the top 20 most annoying tech products of all time.
It looks like there's a legitimate working hack for Vista that kills their bogus activation scheme. Microsoft is saying that they're not going to do anything about it yet because they don't know if it will become a wide exploit. But I think this commentor (from the source article) has it more correct:
They didn't think it through as a "hacker" (pirate more like it) would, and now they have a problem. Millions of legitimate users are out there with legitimate hardware sold with Vista. MS can't simply pull the carpet out from under these users. They will need to devise a way that all users can continue using their systems without having to do something drastic like reinstall or update the BIOS because many users simply don't know how to. Even locating the product key on the sticker would be difficult for some.
MS can't simply pull the OEM keys and try again.
But on MS's side, the number of users using this method is very low. And MS have said they'd prefer we pirate Windows than use MacOS or Linux.
Good news: Here's an article on how to use Vista's compatibility mode to run older software.
Bad news: According to all the comments on the article, it doesn't work at all (which matches my experience with the XP compatibility mode).
Though this is the first I've heard of it, a simple hack for any Windows machine since 2000 is to replace the executible file that run when you hit Shift 5 times (called sticky-keys). Since this can be run from the logon screen, as long as a hacker can gain root access to a machine once (say they're a legit user on a multi-user machine), they can use this to bypass logon.
This way, they can perform tasks on the computer without the accountability. There are a lot of possibilities with this.
In a nod to people who actually understand the consumer psyche, here's an article explaining that users are likely to find the User Account Control so annoying that they'll just turn it off.
There's buzz online about how a Symantec researcher has already broken Vista's firewall to pieces. This is hardly surprising, but what is surprising is how easy it was. While the firewall has a dialog box asking if a user wants to allow a program to access the Internet, Microsoft allows the program itself to click the OK button for the user. So basically, spyware programs can choose to get online or not. I wonder what they'll choose to do?