CD drive question

[Mxsmanic]

I buy a game with the expectation to be able to use it for
it's intended purpose- the code to play a game.

And you are able to do so. So no problem.

I don't
agree beforehand to do *anything* the box doesn't clearly
disclose. I can't just return games after disagreeing with
a EULA because most retailers won't accept returns for
refund.

In theory, you can return the product to the manufacturer for a
refund, although it's awkward (and vendors know this).

Their copy protection interferes with my desired use of
the product.

Their copy protection allows you to use the product for its licensed
purpose. As long as your desired use is a use permitted by the
license, the copy protection doesn't interfere with it.

So are CDs, it's a subjective call.

Yes. As I said, there isn't really a good solution at the moment. I
think that placing such requirements on a game that costs only $15 is
excessive, but then again, I suppose that every teenage boy in town
would steal a copy if there were no protection at all, and those same
boys are an important part of the target market for the game, so that
would be quite a loss.

Also subjective is
whether it's reasonable to require some sort of token if
they can't implement it any better. Good ideas only remain
good if they can be executed well.

The market decides. As long as the protection system does not
interfere with other programs or the operating system, and is not so
awkward that it prevents one from making legitimate use of the
program, there is little basis for consumer complaint.

I agree with this, but only until it means several pieces of
software require additional bits of hardware or discs. It's
not a reasonable solution (IMO) on a PC which is meant to
run multiple things... most of those things presumably
licensed.

I agree. Requiring special hardware conditions for every program
would be unworkable.

We can't very welll extend excuses for game
developers that don't extend to ALL software, and people
definitely don't want to have to fool with a disc every time
they (run the OS, or office, or whatever-else).

Yes, but the game developers aren't doing anything illegal under
current law.

I did abandon _Train Simulator_ because it somehow managed to crash my
XP system. Anything that crashes an XP system is doing something both
privileged and illegal, so the game had to go. It is _very_ poorly
written, a real mess.

I've had other games exit abruptly to the OS, which is annoying
(sometimes annoying enough to stop playing the game) but doesn't hurt
the rest of the system. A game that causes a system failure, however,
is a security breach.

... or simply "unauthorized use of a system", since we don't
agree to let a product do *whatever some coder decides they
want to do* rather than only that expected per the core /
described software function.

Same thing.

 

[Shep©]

I buy a game with the expectation to be able to use it for
it's intended purpose- the code to play a game. I don't
agree beforehand to do *anything* the box doesn't clearly
disclose. I can't just return games after disagreeing with
a EULA because most retailers won't accept returns for
refund. Their copy protection interferes with my desired
use of the product.

One game,can't remember which,but with it's constant access to the
required CD in the drive knackered an otherwise good CD drive.From
that day on I will NEVER leave a CD in the drive if I can hack it off.
That software company were never going to buy me a new Cdrom drive
were they?

 

[kony]

And you are able to do so. So no problem.

Nope, because every time I run it, it "would" require
inserting the disc. Box didn't specify that, I didn't agree
to that, and I certainly wouldn't want to devote a drive to
that lone purpose. Let them clearly spell out any such
manditory requirements.

In theory, you can return the product to the manufacturer for a
refund, although it's awkward (and vendors know this).

In theory, I can't. They haven't paid me for my time. I
dont' volunteer to go, buy, check, make one or more calls
and ship (plus pay shipping), receive refund and cash... all
because they are greedy and choose to hide basic
requirements. I'd pay $10 more per title to do without all
that nonsense IF there weren't an alternate way to
circumvent it.

Their copy protection allows you to use the product for its licensed
purpose.

No, it only hinders it.

As long as your desired use is a use permitted by the
license, the copy protection doesn't interfere with it.

It's permitted by the entire license as disclosed at the
time my money was taken. If they're willing to go to such
extra effort to cause problems, then certainly they can also
go to the trouble of linking an automated refund system that
sends me a postage-paid, pre-addressed padded envelope and a
refund check.

Yes. As I said, there isn't really a good solution at the moment. I
think that placing such requirements on a game that costs only $15 is
excessive, but then again, I suppose that every teenage boy in town
would steal a copy if there were no protection at all, and those same
boys are an important part of the target market for the game, so that
would be quite a loss.

I feel the opposite, that with a $15 game it's more
justified as they're barely making any money. The more
premium-priced it is, the less nonsense the buyer ought to
put up with. Even so, all things have balance- they can
choose ever-more restrictive measures and watch their sales
go down, or lesser measures and sales go up. Even if a game
can be pirated, if they sell more they make more.

The market decides.

.... decides to go to extra effort to circumvent it for
paying customers too.

As long as the protection system does not
interfere with other programs or the operating system,

It does interfere. We can't argue it's OK for them to do so
if not OK for other programs too. Typical box has only one
optical drive, therefore it is obviously interfering with
running other programs if each program (fairly) needed the
disc in. Apparently it interferes with OS too, hence this
thread exists.

and is not so
awkward that it prevents one from making legitimate use of the
program, there is little basis for consumer complaint.

That's subjective at best.

I agree. Requiring special hardware conditions for every program
would be unworkable.

That's exactly what you're arguing for though- it IS a
special hardware condition to require an available optical
drive and swapping out (some other game or app) discs for
each use. If they want hardware verification, let them
include a coupon for a free USB hub (since each user only
needs one for several games) and include a USB verification
dongle in every box. Swapping out discs though- no thanks.

Yes, but the game developers aren't doing anything illegal under
current law.

Perhaps they are, if they try to bind you to a EULA that
wasn't evident at time of purchase. One can't alter a
contract after-the-fact. The "fact" being payment, one of
the parties meeting their end of it.

The idea that a customer who has already paid can just
"take additional measures" for a refund is no more valid
than that the developer could take additional measures to
facilitate refund the first time a gaming attempt is made
without the disc installed. At that point, I concede it
might be necessary to insert the disc as proof of rebate
eligibility.

I did abandon _Train Simulator_ because it somehow managed to crash my
XP system. Anything that crashes an XP system is doing something both
privileged and illegal, so the game had to go. It is _very_ poorly
written, a real mess.

I've had other games exit abruptly to the OS, which is annoying
(sometimes annoying enough to stop playing the game) but doesn't hurt
the rest of the system. A game that causes a system failure, however,
is a security breach.

That's a bit of a catch-22 though, as you're running XP. It
was never meant to be secure, only to throw out some
buzz-words to make it seem as though they delivered on their
advertising, that they weren't blatantly lying to sell their
next OS.

Same thing.

Could be, but vandalism usually isn't treated so harshly.
People have been made examples of, in cases of unauthorized
use.

 

[Mxsmanic]

Nope, because every time I run it, it "would" require
inserting the disc. Box didn't specify that, I didn't agree
to that, and I certainly wouldn't want to devote a drive to
that lone purpose. Let them clearly spell out any such
manditory requirements.

You can return the software to the manufacturer for a refund if you
don't agree with the terms.

In theory, I can't. They haven't paid me for my time. I
dont' volunteer to go, buy, check, make one or more calls
and ship (plus pay shipping), receive refund and cash... all
because they are greedy and choose to hide basic
requirements. I'd pay $10 more per title to do without all
that nonsense IF there weren't an alternate way to
circumvent it.

You can insist that they pay your expenses. If they refuse, you can
sue. In theory, you can recover any costs associated with the
software prior to the point at which you accept the EULA.

It's permitted by the entire license as disclosed at the
time my money was taken. If they're willing to go to such
extra effort to cause problems, then certainly they can also
go to the trouble of linking an automated refund system that
sends me a postage-paid, pre-addressed padded envelope and a
refund check.

You can always sue to obtain it. I wish someone would.

I feel the opposite, that with a $15 game it's more
justified as they're barely making any money. The more
premium-priced it is, the less nonsense the buyer ought to
put up with.

Then the ultimate insult is Quark XPress, which cost me $2300 and
requires a dongle. But Quark isn't doing as well these days; I wonder
why?

That's exactly what you're arguing for though- it IS a
special hardware condition to require an available optical
drive and swapping out (some other game or app) discs for
each use.

I'm not arguing _for_ it, I'm simply listing the options for vendors.
I don't really think such measures are justified myself.

If they want hardware verification, let them

include a coupon for a free USB hub (since each user only
needs one for several games) and include a USB verification
dongle in every box.

USB is bad news. I don't trust it.

Perhaps they are, if they try to bind you to a EULA that
wasn't evident at time of purchase.

They can't do that. But someone has to sue in order to force the
issue ... and nobody ever does.

That's a bit of a catch-22 though, as you're running XP. It
was never meant to be secure ...

Actually it was. It's based on NT, which has a secure design (largely
preserved by XP).

You don't see the security features of XP because the standard OS
doesn't provide user-visible interfaces for them, but they are there,
and they are quite elaborate.

It is true, however, that DirectX compromises security. Microsoft
came up with it to satisfy gamers. Originally NT allowed no access to
hardware, period. DirectX is a compromise that trades security for
performance. I'm not too happy about it, but there weren't too many
options for MS, and the gamers were a significant market.

... only to throw out some
buzz-words to make it seem as though they delivered on their
advertising, that they weren't blatantly lying to sell their
next OS.

I've actually seen the source code, and it's a secure operating
system. The sophomoric knee-jerk bashing of Microsoft becomes tiring
after a while, at least for IT professionals.

Could be, but vandalism usually isn't treated so harshly.
People have been made examples of, in cases of unauthorized
use.

Yes, but I have yet to see a software vendor held responsible for
damage to a system caused by its copy-protection mechanisms.

 

[kony]

You can return the software to the manufacturer for a refund if you
don't agree with the terms.

That's just it, I don't volunteer to do anything more. Let
them go to the effort to correct their mistake in not
disclosing terms of a EULA.

You can insist that they pay your expenses.

How much time will that take? It's time I don't volunteer
to spend. If I'm spending the time, I want it cheaper.
Time or money is fine if the end result is not fooling with
a CD, but not fine if the end result is that I still have no
game.

If they refuse, you can
sue. In theory, you can recover any costs associated with the
software prior to the point at which you accept the EULA.

Yeah, sue. More time. If I'd wanted to sue I'd look for
excuses to do so. I just wanted a game without the hassles
imposed. Gaming is supposed to be about recreation.

You can always sue to obtain it. I wish someone would.

Me too, but that doesn't get me the game I'm willing to pay
for.

Then the ultimate insult is Quark XPress, which cost me $2300 and
requires a dongle. But Quark isn't doing as well these days; I wonder
why?

I think it was the price more than the dongle. I'd still
prefer they had a unique code and validation server, and
then IF they ever decide to shut that down after time
elapses, they issue a patch so it doesn't need the server
anymore.

If they want hardware verification, let them

USB is bad news. I don't trust it.

"Trust"? It is a bit buggy on some systems I've seen, and
reportedly insecure with some hacks, but IMO there are quite
a few systems where the security either isn't paramount or
there were far worse holes.

They can't do that. But someone has to sue in order to force the
issue ... and nobody ever does.

There are other ways to handle it, like being vocal about
it. If I know a game requires a CD/DVD, (in theory), that
the game can't be ripped to play from HDD, or used with a
no-CD patch, I won't buy it. They lost a sale. Lose enough
sales from the early adopters and there's no buzz about the
game outside of mag. ads.

Actually it was. It's based on NT, which has a secure design (largely
preserved by XP).

It's secure in theory... then patch after patch after
patch, we still see flaws that haven't been patched. Any
*fully* patched XP box can get infected online, if using IE
or OE.

You don't see the security features of XP because the standard OS
doesn't provide user-visible interfaces for them, but they are there,
and they are quite elaborate.

Matters not how elaborate it is, only that there are holes
being exploited and that it's a target for crackers. 9 out
of 10 boxes brought to me with patched XP, have at least 2
or more spyware/viri/trojans/etc on them, and some level of
antivirus. That's not secure.

It is true, however, that DirectX compromises security. Microsoft
came up with it to satisfy gamers. Originally NT allowed no access to
hardware, period. DirectX is a compromise that trades security for
performance. I'm not too happy about it, but there weren't too many
options for MS, and the gamers were a significant market.

I don't find DirectX to be much of a problem, in order to
get the game running the gamer already has no idea what's
ran. Click a shortcut to an EXE that could-do-anything....
doesn't matter much if it eventually uses DirectX, it's
still a matter of trusted code/developer.

I've actually seen the source code, and it's a secure operating
system. The sophomoric knee-jerk bashing of Microsoft becomes tiring
after a while, at least for IT professionals.

I'm quite content to bash till they stop monopolizing and
get rid of insecure features, fix IE and OE. Till the
things people complain about, change, why would the
complaining stop? Let's just have the justice dept break
them up, since they want to be anti-competitive then choose
for us. That goes against the basic fundamentals of a free
market. It's no free market where there isnt' a commercial
alternative OS with industry support.

Well I started a rant, but still I recognize there was a
certain need for modern society to have a standardized
platform to further PC growth. I'm just not at all
confident that MS was the company best suited to serve in
this capacity.

Yes, but I have yet to see a software vendor held responsible for
damage to a system caused by its copy-protection mechanisms.

Me either, but proving it to others can be a large hurdle.

 

[Mxsmanic]

That's just it, I don't volunteer to do anything more. Let
them go to the effort to correct their mistake in not
disclosing terms of a EULA.

It doesn't work that way. You went to the effort of buying the
software; it's not up to the vendor to come around and ask you if you
are happy with it.

How much time will that take? It's time I don't volunteer
to spend.

Then nothing will happen. Somebody has to compel or even sue the
vendor to change things, and though lots of people whine and complain,
nobody seems to take it to court.

Yeah, sue. More time. If I'd wanted to sue I'd look for
excuses to do so. I just wanted a game without the hassles
imposed. Gaming is supposed to be about recreation.

See above.

Me too, but that doesn't get me the game I'm willing to pay
for.

Neither does complaining about it.

I think it was the price more than the dongle. I'd still
prefer they had a unique code and validation server, and
then IF they ever decide to shut that down after time
elapses, they issue a patch so it doesn't need the server
anymore.

I don't like validation servers. Especially for a company like Quark.
They wouldn't issue a patch to eliminate the need for the server;
they'd use the server to force people to buy an upgrade.

"Trust"? It is a bit buggy on some systems I've seen, and
reportedly insecure with some hacks, but IMO there are quite
a few systems where the security either isn't paramount or
there were far worse holes.

USB is pretty high on the list of things that cause headaches and bugs
in PCs.

It's secure in theory ...

No, it's secure in fact.

... then patch after patch after patch, we still see flaws
that haven't been patched.

No more patches than one would normally expect for the circumstances.
And the few problems that have arisen are often related to features
that deviate from the NT line.

Any *fully* patched XP box can get infected online, if using IE
or OE.

Not everyone uses IE or OE. And if they are required for infection,
then obviously the problem is not XP.

Matters not how elaborate it is, only that there are holes
being exploited and that it's a target for crackers.

Every operating system has holes.

9 out of 10 boxes brought to me with patched XP, have at least 2
or more spyware/viri/trojans/etc on them, and some level of
antivirus. That's not secure.

In most cases, the owners of the machines, logged on as
administrators, authorized the installation of the malware. Technical
compromises of system security are very rare.

I don't find DirectX to be much of a problem, in order to
get the game running the gamer already has no idea what's
ran. Click a shortcut to an EXE that could-do-anything....
doesn't matter much if it eventually uses DirectX, it's
still a matter of trusted code/developer.

Obviously, but DirectX trusts applications a lot more than NT
originally did, with a corresponding decline in security (but
increasing performance for games).

I'm quite content to bash till they stop monopolizing and
get rid of insecure features, fix IE and OE.

The problem is that you are complaining about illusions, and people
who know the real story recognize that. It reduces your credibility.

Well I started a rant, but still I recognize there was a
certain need for modern society to have a standardized
platform to further PC growth. I'm just not at all
confident that MS was the company best suited to serve in
this capacity.

MS is no different from any other company. Be glad it wasn't Apple.

 

[kony]

It doesn't work that way. You went to the effort of buying the
software; it's not up to the vendor to come around and ask you if you
are happy with it.

It is up to the vendor to handle any issues arising from
terms not disclosed. Put simply, it's not optional for them
to add terms after I've fullfullied my end of it. Anything
not disclosed at time of sale is effectively adding terms.

Then nothing will happen. Somebody has to compel or even sue the
vendor to change things, and though lots of people whine and complain,
nobody seems to take it to court.

Right, because the goal isn't really to punish them nor
compel. It's only a game, therefor a reasonably quick and
easy solution is chosen towards the end of it being still an
entertainment, or another game is chosen instead. If we
were talking about some vital life necessity it'd be another
matter.

See above.


Neither does complaining about it.

No, but what I'd already mentioned, does solve the problem
even if you don't like the idea. There are two schools of
thought on opposition to laws- one is to crusade against
them, and the other is to carry on with your life as you see
fit, not letting that become even more of a problem than it
already was. If you let every little problem become a
large, time-consuming issue, pretty soon that's ALL there
is, a loss of time. Greed and stunts to create unfair
markets know no bound, it's not a mere double-digit $uit
that'll fix things.

I don't like validation servers. Especially for a company like Quark.
They wouldn't issue a patch to eliminate the need for the server;
they'd use the server to force people to buy an upgrade.

I don't like them much either, but I dislike them less than
I would having to use a CD. It's a bit beside the point
though, since I research games before buying specifically to
avoid this issue. I wouldn't buy Quark SW either unless it
was necessary. Any particular game certainly isn't
necessary.

USB is pretty high on the list of things that cause headaches and bugs
in PCs.

Perhaps, but does this mean you avoid cameras and printers
and webcams, joysticks, USB keyboards and mice, etc, etc,
etc? Like it or not it's here to stay.

No, it's secure in fact.

Impossible conclusion.

No more patches than one would normally expect for the circumstances.

Yes, tons more. Merely changing browser and email client
resolve a large percentage of the problems. They're not the
OS per se, but an integral part and the default, preferred
methods of data exchange for PCs. If changing to a
different browser and email client resolve security issues,
it is clear that normal circumstances are not what we are
facing.

And the few problems that have arisen are often related to features
that deviate from the NT line.

How can you claim a feature deviates from the NT line when
it's in an NT product?

Not everyone uses IE or OE. And if they are required for infection,
then obviously the problem is not XP.

But it is. XP is at fault for any and every default thing
it does before, during, and after installed. This is part
of the reason I feel MS shouldn't have been trying to
pseudo-bundle so much into it, since it seems they can't
secure what they did include.

What about Messenger? Have any idea how much messenger spam
my router blocks? It's by far the largest unsolicited
incoming traffic.

Every operating system has holes.

Yes but look at it this way:

You have two plants in your yard. The deer always eat one
of them to shreds but never touch the other one. Which
needs more protection?

Suppose you had made billions off of windows and had
specifically marketed it for it's security. What was SP2
all about then? Surely they wouldn't have sold an OS that
needed all of that since they marketed it for it's security.
It certainly was an OS service pack.

In most cases, the owners of the machines, logged on as
administrators, authorized the installation of the malware.

It's a nice theory but only holds true if you ignore
security holes.

Technical
compromises of system security are very rare.

You deny the patches MS has released?

Obviously, but DirectX trusts applications a lot more than NT
originally did, with a corresponding decline in security (but
increasing performance for games).

I"m not half as concerned about application trust once the
app is on the system as how that app got on the system. It
would be easy to just think a user installed it, but more
often it's email or browser. I'm not trying to condem the
entirety of XP, but for it to be "secure", it can't have
any blatantly insecure, integral features. A cracker does
not have to care that there's only two holes big enough to
drive a truck though, if they're only trying to drive one or
two trucks through. Alone, they make the entire product bad
enough it should've been recalled.

The problem is that you are complaining about illusions, and people
who know the real story recognize that. It reduces your credibility.

It's only an illusion to someone who denies plain evidence
all around them. Apparently you're only thinking in some
small context of what security is, then discounting anything
that doesn't fall within that context.

My credibility is just fine with anyone who has seen a
system get infected without their choosing to install a
virus. While there are many who do not practice safe
computing, there are far fewer that install something when
they have no idea what it is and weren't trying to install
anything at the time.

MS is no different from any other company. Be glad it wasn't Apple.

Of course they are, they acted anticompetitively and the
justice systems of multiple countries have already
established as much. They don't fix windows because they
have no motivation to do so.

 

[David Maynard]

On Wed, 03 Aug 2005 23:02:50 +0200, Mxsmanic



I feel the opposite, that with a $15 game it's more
justified as they're barely making any money. The more
premium-priced it is, the less nonsense the buyer ought to
put up with. Even so, all things have balance- they can
choose ever-more restrictive measures and watch their sales
go down, or lesser measures and sales go up. Even if a game
can be pirated, if they sell more they make more.

To say "if they sell more they make more" is begging the question.

What makes you think that the increase in 'demand' from "lesser [copy
protection] measures" would be satisfied by increased sales vs increased
copying?

 

[kony]

I feel the opposite, that with a $15 game it's more
justified as they're barely making any money. The more
premium-priced it is, the less nonsense the buyer ought to
put up with. Even so, all things have balance- they can
choose ever-more restrictive measures and watch their sales
go down, or lesser measures and sales go up. Even if a game
can be pirated, if they sell more they make more.

To say "if they sell more they make more" is begging the question.

What makes you think that the increase in 'demand' from "lesser [copy
protection] measures" would be satisfied by increased sales vs increased
copying?

Because as much as the various special-interest groups try
to cry wolf about it, their sales are generally good
compared to piracy rates. They've never been able to
establish that those who pirate, would've paid for titles
had there been no other way to attain them.

A more reasonable estimate of buyer-base would be those who
have the disposible cash, or ethics, and among that group it
is clear they will buy what they want in a free market...
and it's pretty clear nobody who pays for their software
wants to have to go to extra lengths to use it because of
others who don't pay.

I think lesser copy protection would increase sales AND
piracy. That means a larger user base which generates more
buzz about a game, free maketing which further increases the
user base, a large percentage of which are those who do pay
for their software. This escalating user base also, often
causes game add-ons, mods, dedicated game servers and a
whole array of support and value-added extras that the
developer didn't have to do anything to maintain, which once
again adds to the perceived value of a game.

Since this is a hardware group and a topic that could go on
and on forever, I'll not spend much more time on this
tangent of the thread but your thoughts are welcome.

 

[David Maynard]

I feel the opposite, that with a $15 game it's more
justified as they're barely making any money. The more
premium-priced it is, the less nonsense the buyer ought to
put up with. Even so, all things have balance- they can
choose ever-more restrictive measures and watch their sales
go down, or lesser measures and sales go up. Even if a game
can be pirated, if they sell more they make more.

To say "if they sell more they make more" is begging the question.

What makes you think that the increase in 'demand' from "lesser [copy
protection] measures" would be satisfied by increased sales vs increased
copying?

Because as much as the various special-interest groups try
to cry wolf about it, their sales are generally good
compared to piracy rates.

One might argue sales are 'good' precisely because of the protection
schemes you're seeking to eliminate.

They've never been able to
establish that those who pirate, would've paid for titles
had there been no other way to attain them.

I happen to agree with that, at least to the extent it almost certainly
isn't as large a number as the suppositions, but the same can be said for
the reverse. No one has established they would not have paid without a
'free' copy being available either.

However, you're seeking to 'reduce' the existing protection so the current
buyer set that might be tempted to pirate is the issue.

A more reasonable estimate of buyer-base would be those who
have the disposible cash, or ethics, and among that group it
is clear they will buy what they want in a free market...

Sure, if they can't get it for free.

Your theory has the implicit presumption that counter piracy efforts have
no impact, E.g., 'those who have money will buy' and that isn't clear at all.

and it's pretty clear nobody who pays for their software
wants to have to go to extra lengths to use it because of
others who don't pay.

And no one likes the myriad other security measures one suffers because
others behave improperly but that comes from living in a society full of of
human beings.

I think lesser copy protection would increase sales AND
piracy.

Even if so it's the ratio that's under consideration.

That means a larger user base which generates more
buzz about a game,

As if game 'buzz' were a problem. Dern things are louder than a swarm of
1950's sci-fi giant killer bees before the first CD hits the street.

free maketing which further increases the
user base,

That sounds like buzz words just strung together. How does copy protection
hinder 'free marketing'? Unless by 'free marketing' you mean "see my CD-R
copy?"

a large percentage of which are those who do pay
for their software. This escalating user base also, often
causes game add-ons, mods, dedicated game servers and a
whole array of support and value-added extras that the
developer didn't have to do anything to maintain, which once
again adds to the perceived value of a game.

This is essentially circular logic. All these 'benefits' presume that copy
protection schemes are useless and people who buy will buy regardless.

Plus the added presumption there's a whole 'market' of buyers doing without
for the sole reason they're 'irritated' by it.

But the biggest presumption that weaves through the entire 'complaint'
seems to be that companies employ anti piracy measure for no reason but,
whether you agree with their analysis or not they certainly have one and,
no company is intentionally irritating their customers, without due
consideration of the alternatives, for the very reasons you mentioned.

Since this is a hardware group and a topic that could go on
and on forever, I'll not spend much more time on this
tangent of the thread but your thoughts are welcome.

Sure. It's an interesting topic, though, that everyone has to deal with.

 

[Mxsmanic]

Perhaps, but does this mean you avoid cameras and printers
and webcams, joysticks, USB keyboards and mice, etc, etc,
etc?

As a general rule, yes.

Like it or not it's here to stay.

Just like the S-100 bus and ISA.

Impossible conclusion.

Not when the OS is truly secure.

How can you claim a feature deviates from the NT line when
it's in an NT product?

The code base is NT but various modifications have been made over the
years, most of them favoring convenience and compatibility/performance
over security ... because that's what the market wants.

It's a nice theory but only holds true if you ignore
security holes.

The vast majority of malware infections don't involve any security
holes. They occur when PC owners/operators logged in as
administrators allow malware to download and install itself on their
machines. This happens when they click on attachments, or when they
run browers with downloading of active content enabled, or when they
preview mail in HTML and allow scripts to execute, or when they
carelessly click on spoofed URLs, and so on. From the standpoint of
the OS, these are all perfectly legal operations, not security
breaches ... especially for system administrators, who must be allowed
to do anything by definition.

You deny the patches MS has released?

No, but not all of them correct technical holes in security, and even
those that do do not necessarily address _widely exploited_ holes.

I"m not half as concerned about application trust once the
app is on the system as how that app got on the system.

This conflicts with your implied concerns about system security.

It would be easy to just think a user installed it, but more
often it's email or browser.

E-mail and browser programs don't run by themselves.

I'm not trying to condem the
entirety of XP, but for it to be "secure", it can't have
any blatantly insecure, integral features.

It doesn't. I run XP and I have no security problems.

It's only an illusion to someone who denies plain evidence
all around them. Apparently you're only thinking in some
small context of what security is, then discounting anything
that doesn't fall within that context.

No, I've just been working in IT for decades and I actually know what
I'm talking about. I've been listening to the kiddies whine for all
that time and their voices just become more shrill and unrealistic
with each passing year. Truly, they have no clue.

My credibility is just fine with anyone who has seen a
system get infected without their choosing to install a
virus.

There are very few such infections.

While there are many who do not practice safe
computing, there are far fewer that install something when
they have no idea what it is and weren't trying to install
anything at the time.

People do it all the time.

Of course they are, they acted anticompetitively and the
justice systems of multiple countries have already
established as much. They don't fix windows because they
have no motivation to do so.

There's nothing wrong with Windows. And, as I've said, just be glad
it's not Apple in control, or Microsoft would look terribly innocent
by comparison.

 

[kony]

Not when the OS is truly secure.

.... which it isn't. The existence of patches alone, proves
this.

The code base is NT but various modifications have been made over the
years, most of them favoring convenience and compatibility/performance
over security ... because that's what the market wants.

Sure, but they "thought" NT was originally what the market
wanted too, so it's not any kind of deviation, just the
natural progression of their plan for NT.

The vast majority of malware infections don't involve any security
holes.

You're about to describe one...

They occur when PC owners/operators logged in as
administrators allow

There's one. "Allow" is nonsense. If something isn't
specifically chosen for download, that it downloads is a
security hole. For a user to have to take (any kind of)
action to counter act this, is a flaw in the OS.

... malware to download and install itself on their
machines. This happens when they click on attachments,

Another flaw

or when they
run browers with downloading of active content enabled,

another flaw (note flaw means it's insecure).
NT is not supposed to be a built-it-yourself security kit.

or when they
preview mail in HTML and allow scripts to execute,

Another flaw

"allow" an OS to do what it will and becoming infected,
means that what the OS WILL do is allow infection. That's
an insecure OS. You're trying to shift the burden to the
user when claiming THEY should reconfigure things to make up
for the already-present insecurities.

or when they
carelessly click on spoofed URLs, and so on.

Another insecurity.
Clicking on _A_N_Y_ link should not infect a system or
compromise security in any way. That's a flaw, a flaw
that's commonly exploited because it's been known but only
patched within a concept of "we won't get rid of the
insecure features, only trying to block each exploit when it
becomes popular enough that it is a problem for a "lot" of
people.

From the standpoint of
the OS, these are all perfectly legal operations, not security
breaches ... especially for system administrators, who must be allowed
to do anything by definition.

Doesn't matter. Adminstrators who do any of the
aforementioned things and end up exploited/infected/etc,
have revealed a flaw. Administrators are given full system
configuration ability, it is no arguement that suddenly a
system should be vulnerable from the outside UNLESS the
admin specifically changes default settings to open a NEW
hole.

No, but not all of them correct technical holes in security, and even
those that do do not necessarily address _widely exploited_ holes.

True, not all, but that must also be seen as a concession
that some do. When do we consider it secure? After a patch
3 months ago, or yesterday's patch, or one a year from now?

The flaws were there all along, it's only the kiddies and
whistle-blowers that announce them proudly and loudly
enough. Those USING those exploits aren't going to draw
attention to how they're doing it unless their sole purpose
was publicity or shaming MS.

This conflicts with your implied concerns about system security.

Not at all, system security as seen from the OS perspective
includes any and all aspects. If one portion of it is very
very secure but another isn't, it's fairly irrelevant that
the one portion was secure, the end result can be same
either way.

E-mail and browser programs don't run by themselves.

Nope, but the OS uses them, and shared code.

It doesn't. I run XP and I have no security problems.

Great. What you really mean though, is that you're not
aware of any breeches. Not being infected is not a sign
that it's impossible or secure.

No, I've just been working in IT for decades and I actually know what
I'm talking about. I've been listening to the kiddies whine for all
that time and their voices just become more shrill and unrealistic
with each passing year. Truly, they have no clue.

It's easier to ignore them if you discount valid claims?
I find it impossible for you to claim security when
so-called "critical" patches are released, let alone SP2.

I think you're only conceptualizing security within some
very narrow context instead of looking at the OS as a whole,
and without realizing that plenty of people don't _choose_
to become infected knowingly. It's true that they should
practice safer computing- but that is largely becaue of the
security holes present. If they have to take extra measure,
it should be to open holes, not prevent exploitation.

There are very few such infections.

An unfounded claim. Who chooses to install a virus?
Who chooses to get infected from an email attachment?
Nobody, you're claiming they should avoid default OS actions
else it's their fault. Nope, that is a clear sign of
insecurity.

People do it all the time.

People also get infected without doing it.
While many may not know the exact mechanisms in which
they'll get infected, few and far inbetween are those who
have no idea that there are viri, adware, etc, nor that
installing that which they have no knowedge about, is an
inherant risk. Over and over you could see examples of
people trying to clean such things off of their systems with
no action on their part that they can attribute to the
infection. Choosing to install it, would be an obvious
entry point, we can safely assume many didn't occur because
of it.

There's nothing wrong with Windows. And, as I've said, just be glad
it's not Apple in control, or Microsoft would look terribly innocent
by comparison.

"Nothing wrong"?

This is a hardware group and I can see we'll never reach an
agreement so I feel it's best to just end the discussion of
OS now.

 

[Franc Zabkar]

Is there any way to keep my CD-R and DVD drives from winding up every
time I open Windows Explorer? What makes Windows decide to start the
drives? They take 10 seconds to wind up (sounding like a jet engine
the whole time), and Windows won't expand a file tree until they come
up to speed. There must be some way to turn this off. I don't think
it's a hardware issue.

If you want to explore a particular drive or folder, say C:\Windows,
then go to Start -> Run and type "explorer c:\windows". You could also
create a desktop shortcut for your favourite drive or folder, and you
could assign it a shortcut key combination, eg Ctrl-Alt-C.


- Franc Zabkar

 

[Mxsmanic]

... which it isn't. The existence of patches alone, proves
this.

No OS is completely secure. The number of patches available for an OS
is not necessarily correlated with its security, since there are many
reasons to issue patches, and many motivations for doing so.

Sure, but they "thought" NT was originally what the market
wanted too, so it's not any kind of deviation, just the
natural progression of their plan for NT.

It's a deviation from the original notion of a secure operating
system. It turns out that customers are not interested in security
and will not buy highly secure operating systems. They want systems
that are happy and friendly and will run all their favorite programs,
particularly games.

There's one. "Allow" is nonsense.

Not if you're logged in as the administrator. When you're the
administrator, everything is allowed. If you don't want to allow
everything, you don't log in as administrator, period.

If something isn't
specifically chosen for download, that it downloads is a
security hole.

No, it may simply mean that your system is configured to download
active content automatically. As a system administrator, it's up to
you to look into such configuration issues.

If the system is configured that way by default, it's a marketing
decision, not a flaw in system security. The default configuration of
an OS isn't the same as the intrinsic security.

For a user to have to take (any kind of)
action to counter act this, is a flaw in the OS.

No, see above.

NT is not supposed to be a built-it-yourself security kit.

It wasn't. But customers complained about the system being secure by
default, so subsequent operating systems based on NT were more open.
Now the pendulum has swung the other way, slightly, but who knows
where the market will drive it in the future?

"allow" an OS to do what it will and becoming infected,
means that what the OS WILL do is allow infection.

The OS does what it's told, if the person doing the telling is the
system administrator.

That's an insecure OS.

No, all operating systems work that way.

Every operating system assumes that administrators are fully
competent. There are no controls on what administrators may do.

You're trying to shift the burden to the user when claiming THEY
should reconfigure things to make up for the already-present insecurities.

The burden IS on the user, and that's the real problem with computer
security today. You cannot compensate for stupid users with magic
operating system features. You have to assume that administrators are
competent.

Clicking on _A_N_Y_ link should not infect a system or
compromise security in any way. That's a flaw, a flaw
that's commonly exploited because it's been known but only
patched within a concept of "we won't get rid of the
insecure features, only trying to block each exploit when it
becomes popular enough that it is a problem for a "lot" of
people.

It's a configuration choice. A secure configuration will generate
more complaints than an insecure configuration, because most people
will whine when they cannot download active content automatically, but
relatively few will care if active content is downloaded silently and
automatically. These are choices made by the market, not the vendor,
and they are unrelated to the intrinsic security of the system.

Doesn't matter.

It matters a great deal. Rule 1 of computer security is that you
don't sign on as root if you don't need to be root. If you are root,
you take full responsibility for anything you do.

Adminstrators who do any of the
aforementioned things and end up exploited/infected/etc,
have revealed a flaw.

No. Administrators are allowed to these things. They are allowed to
do anything. That's why they are administrators. Every OS provides
for administrative access, because it has to. The OS has to trust
_someone_.

Administrators are given full system
configuration ability, it is no arguement that suddenly a
system should be vulnerable from the outside UNLESS the
admin specifically changes default settings to open a NEW
hole.

When you are logged on as administrator, it's up to you to make sure
your configuration is secure.

True, not all, but that must also be seen as a concession
that some do.

There are bugs in every OS.

When do we consider it secure? After a patch
3 months ago, or yesterday's patch, or one a year from now?

It's already secure. My XP system is secure.

The flaws were there all along, it's only the kiddies and
whistle-blowers that announce them proudly and loudly
enough.

Unfortunately, the kiddies don't really understand what they are
talking about.

Nope, but the OS uses them, and shared code.

The OS doesn't use e-mail or browsers. Only users do that. These
applications are userland processes to the OS.

Great. What you really mean though, is that you're not
aware of any breeches. Not being infected is not a sign
that it's impossible or secure.

Well, my machine has been secure ever since I started using PCs, so I
must be doing something right, and the OS doesn't seem to be a
problem.

It's easier to ignore them if you discount valid claims?

I don't discount valid claims. Then again, I don't often hear valid
claims, either.

I find it impossible for you to claim security when
so-called "critical" patches are released, let alone SP2.

I don't. Like I said, I know whereof I speak.

I think you're only conceptualizing security within some
very narrow context instead of looking at the OS as a whole ...

No, I'm doing just the opposite. I have a much broader perspective
than the kiddies, who have never seen anything except PCs.

... and without realizing that plenty of people don't _choose_
to become infected knowingly.

The fact that they don't choose it doesn't mean that it's not their
responsibility.

Some people don't choose to be hit by a truck, but if they cross a
busy street carelessly they risk being hit.

Computers are not for complete idiots. A minimum amount of competence
is required to keep a computer secure. People who don't have that
minimum amount of competence will regularly see their computers
infected.

It's true that they should
practice safer computing- but that is largely becaue of the
security holes present.

No, it's because safe computing is something that everyone needs to
learn, just as they learn safe driving, safe drinking, and so on.

An unfounded claim. Who chooses to install a virus?

The user. All the infections I've seen came from user actions.

Who chooses to get infected from an email attachment?

Anyone who double clicks on untrusted executable attachments.

Nobody, you're claiming they should avoid default OS actions
else it's their fault. Nope, that is a clear sign of
insecurity.

No, it's a clear sign of clueless users. It's it the fault of a power
saw that your hand will be cut off if you push it into the saw?

 

[Mxsmanic]

If you want to explore a particular drive or folder, say C:\Windows,
then go to Start -> Run and type "explorer c:\windows". You could also
create a desktop shortcut for your favourite drive or folder, and you
could assign it a shortcut key combination, eg Ctrl-Alt-C.

Hmm ... not a bad idea. I'll try that.

 

[kony]

No, it's a clear sign of clueless users. It's it the fault of a power
saw that your hand will be cut off if you push it into the saw?

If the saw is marketed as a device to put your hand into,
yes an argument can be made that it's the saw's (company's)
fault. Windows XP is that saw.

You argue over and over about what a USER is "supposed" to
be doing. That's not a sign of a secure OS, it's a sign of
user intervention to prevent an insecure OS from crapping
all over itself. Perhaps your argument would be more valid
if you had stated "it can be reconfigured to be secure so
long as you don't use it for it's advertised purpose nor the
default installed features".

As is though, a hypothetical about how NT "could" be, is not
the same as how XP "is".

 

[Mxsmanic]

If the saw is marketed as a device to put your hand into,
yes an argument can be made that it's the saw's (company's)
fault. Windows XP is that saw.

Explain the Windows equivalent of being told to put one's hand into a
saw.

You argue over and over about what a USER is "supposed" to
be doing.

Because the real problem with computer security is users. No matter
how secure you try to make a system, you cannot secure it completely
unless you can trust your users with whatever capabilities they are
given. (In the case of the administrator, by the way, that means 100%
trust.)

Most compromises of Windows and indeed of all operating systems depend
upon human intervention by users who are too stupid, dishonest, or
careless to properly respect security procedures. There is no way to
protect against this type of compromise through any technical feature
of the operating system alone. When I audit the security of a
computer system, I don't worry too much about the OS itself; I worry
about what the users are doing.

 

[kony]

Explain the Windows equivalent of being told to put one's hand into a
saw.

Never wrote "being told".
Rather, advertised features. Do you advocate using Windows
Update? Do you expect people to use IE for it?
How about Messenger, is it a running service by default?

Because the real problem with computer security is users.

Again, wrong.
MS sought to be the sole source of operating system on
PCs-for-the-masses. One can't argue these masses are
supposed to have advanced security oriented training, but
even if they did, it would be to CLOSE holes, prevent the
insecure features from infecting their system. That's the
opposite of secure.

No matter
how secure you try to make a system,

Exactly, you have to "try" to make it secure,
because it isn't yet.

you cannot secure it completely

True, and I never claimed any OS is 100% secure, but you did
imply as much about Windows (NT).

unless you can trust your users with whatever capabilities they are
given. (In the case of the administrator, by the way, that means 100%
trust.)

Yes, you're talking about managing them as much as
reasonable to minimize the insecurity that is in fact
present, and trusting them to not act in a way that makes it
likely they'll be exploited though these insecurities, or
trying to fix the holes left open so less trust is needed.

Most compromises of Windows and indeed of all operating systems depend
upon human intervention by users who are too stupid, dishonest, or
careless to properly respect security procedures.

Wrong. Most compromises are due to features that should not
be pre-configued to allow exploits. It should start out
secure and with lower functionality, requiring a user or
admin to OPEN any hole if they REALLY need the feature. At
least then it started out having lower risk, far fewer
commonly exploited features.

There is no way to
protect against this type of compromise through any technical feature
of the operating system alone.

Wrong. You keep thinking "feature". That's backwards. It
is not an added feature that makes it secure, it's
subtracting the insecure features, closing holes. This is
where MS keeps going wrong, thinking that piling on more
crap somehow makes it palatable. It's the equivalent of
building the great wall of china then putting up ladders
every 100 yards, only to find out later you have to install
guards at every ladder to keep people from using them.

When I audit the security of a
computer system, I don't worry too much about the OS itself; I worry
about what the users are doing.

I have never claimed a user can't wrongly act, but for the
most part a user does not seek to be exploited. It is
unreasonable to expect every user to have the same security
skills you do, and quite reasonable to expect them to use
the product for the intended purpose with default
configuration. You can administer to change that
configuration, and would have to because it wasn't secure.

Again I see we have different philosophies and won't meet on
common ground in a topic that isn't "hardware", so I'm done
with this sub-topic.

 

[JAD]

yeah yeah yeah should we wait for xinux? Give the rhetoric a
break.......You know what?, you all should have been around in the early
80's and 70's and used computers, with that experience behind you wouldn't
(shouldn't) be talking bulllshit. The problem with any OS is the element
that spends its every waking moment writing destructive code and use that to
make things insecure.

Too bad we can't see the what things would be like if MS never
was...........I would think that this forum wouldn't even exist. I have been
waiting for an usable OS since 1989, alternatives are all but dead. ANYTHING
that YOUR machine does, gets itself into, gets infected, won't boot,
crashes, or whatever the hell else your complaining about IS YOUR FAULT.
Instead throwing up all the same old rhetoric, why don't you learn to USE
and SECURE YOUR system.

Saws don't have hacks rewiring or putting false labels on it directing you
to put your hand on the blade while running. If you don't know how to use a
saw, don't touch it until someone shows you. Do you need to be shown how to
secure your system? Try a professional. All your promoting is a sterile and
lifeless internet. NO THANKS that is letting the criminal element have their
way and your turning and running. I won't go back to a cave after living in
a penthouse.

 

[David Maynard]

On Thu, 04 Aug 2005 20:29:53 +0200, Mxsmanic



People also get infected without doing it.
While many may not know the exact mechanisms in which
they'll get infected, few and far inbetween are those who
have no idea that there are viri, adware, etc, nor that
installing that which they have no knowedge about, is an
inherant risk. Over and over you could see examples of
people trying to clean such things off of their systems with
no action on their part that they can attribute to the
infection. Choosing to install it, would be an obvious
entry point, we can safely assume many didn't occur because
of it.

Pardon me but you waaaaaaaaaaaaaaaaaay underestimate what people will
'install' even when they 'know'. Most people know there are 'viruses' but
they haven't a clue how they work and no matter HOW much you tell them to
not install things they still do because they don't think whatever it is is
a 'problem' for the obvious reason that malware doesn't come with a warning
sign attached to it. In fact, it's just the opposite. Malware tries to look
as 'nice and legit' as possible and people fall for it over and over even
after being bit.

And that's before you get to "the kids are always downloading things" and
popups that fake the close X or reverse the <yes><no> or have them both a
yes regardless of what the button says, people who will never get it
through their head that "readme.TXT.js" is not a text file, fake 'security'
emails, and "your account needs renewing."

True, people do not intentionally infect their systems but they do it all
the time, in droves, by their own actions. And I assure you that when asked
they'll tell you they haven't done a thing because they don't know they did it.