MS Windows Security Update CD now available

[Hugh Candlin]

Allow me to kick things off.

#1 This CD is 6 months out of date

While this statement is [possibly] not true today,
it will be true by the time the CD hits your mailbox.

There is no implied criticism here. Just a simple heads up
that people need to be aware of, just like Gary stated.

Users (of all OSS) have been clamoring for such a CD (and extended support
for Win9x) for years and now that MS has heeded their wishes....

If you check my past posts you will see/learn that I was an advocate
of a similar release, although I wanted the whole enchilada, OS and all.

How do you expect beta testing to be conducted on updates not yet released?

How does that even remotely connect to what I posted?

 

[Hugh Candlin]

More like 4 months, but I get your drift.

I'm glad you did.

Bear has addressed that issue.

No, he did not. He ascribed a criticism to me that I did not imply,
and even took the time to point that out in my post.

You said "What should people be aware of".
I gave an example of one fact that they should be aware of.

Beta-testing takes time. The level of patching that is included
has been reasonably well debugged, something that can't be said for more recent patches.

I have no issue with the CD, the timing, the content.

NADA. Rien. Nicht.

Myself, I find this CD to be useful *if* a full and forced updating is desired (through Oct. '03.)
On Win98/98SE/ME systems, it's not a "Detect and Repair" operation--it's a forced installation/reinstallation.

Is that what it is? I didn't know that. I would cancel my order,
but I'll bet that they didn't think of that and include the option............

Personally, I'd have preferred a more intelligent "detect and repair" kind of system,
updatable with additional catalogs and patches, and with more (*any*) choices.

Let you skip the known problem areas, you mean, like the update
that clobbers the sound?

Such systems are available for newer versions of Windows,
and while they are too complicated for the average user,

It is amazing how fast one's blood can boil, isn't it?
I'm sory to disagree, but we are talking about a consumer product
designed for and intended to operate a consumer product.
Anything categorized as "too complicated for the average user"
should never make it out of the Redmond campus.

I was hoping for something more along those lines than what was produced.
This production is MS Idiot-Proofing at its best. (Yes, "best"--it does what it does quite well.)

I wonder if this thing went through the Usability Group?

There are definitely some things people will want to know and understand *before* running the CD.

Allow me to kick things off.

#1 This CD is 6 months out of date

While this statement is [possibly] not true today,
it will be true by the time the CD hits your mailbox.

There is no implied criticism here. Just a simple heads up
that people need to be aware of, just like Gary stated.

 

[Gary S. Terhune]

I'm glad you did.


No, he did not. He ascribed a criticism to me that I did not imply,
and even took the time to point that out in my post.

You said "What should people be aware of".
I gave an example of one fact that they should be aware of.


I have no issue with the CD, the timing, the content.

NADA. Rien. Nicht.

I would like to see the disagreement here ascribed to fast reading and less than fully well-formed responses. I see your point, though your statement "This CD is 6 months out of date" can easily be taken as criticism, disclaimer notwithstanding. I also see Bear's answer as addressing that point, if perhaps not as clearly as he might have.

Is that what it is? I didn't know that. I would cancel my order,
but I'll bet that they didn't think of that and include the option............


Let you skip the known problem areas, you mean, like the update
that clobbers the sound?

Hugh, I can't address that particular concern, yet, and it's not precisely what I was thinking of when I wrote the above, though it comes under a general category. Any further comment on my part will, alas, have to wait for just a bit longer, mostly so that I can be sure of my facts. I do want to clarify what I said, though--the "forced instaalltion/reinstallation" I spoke of is not the entire OS, just updates and patches. Without in-depth detection and analysis, this is the only way to be sure they are all installed and complete.

It is amazing how fast one's blood can boil, isn't it?
I'm sory to disagree, but we are talking about a consumer product
designed for and intended to operate a consumer product.
Anything categorized as "too complicated for the average user"
should never make it out of the Redmond campus.

There are many, many, many IT/Expert level apps and utilities provided by MS (and others) that are indispensible to a professional administrator, etc., yet would cause unmitigated disasters in the hands of average users. Hell, there are several such utilities distributed as *part* of the OS installations. You can have "Idiot-Proof", you can have "Expert Level", and you can have any number of things in between. To call any version of Windows a "consumer product" is to ignore reality. It depends on the environment in which it's installed and used. In this case, for the average, er, "consumer", its as good as it gets.

I wonder if this thing went through the Usability Group?

Didn't know there was such a thing. Certainly haven't seen much evidence of its existence, ;-)

 

[Artwilder]

I thought Windows 98SE was used by businesses as well as consumers?

I'm glad you did.


No, he did not. He ascribed a criticism to me that I did not imply,
and even took the time to point that out in my post.

You said "What should people be aware of".
I gave an example of one fact that they should be aware of.
recent patches.

I have no issue with the CD, the timing, the content.

NADA. Rien. Nicht.

I would like to see the disagreement here ascribed to fast reading and less
than fully well-formed responses. I see your point, though your statement
"This CD is 6 months out of date" can easily be taken as criticism,
disclaimer notwithstanding. I also see Bear's answer as addressing that
point, if perhaps not as clearly as he might have.
a forced installation/reinstallation.

Is that what it is? I didn't know that. I would cancel my order,
but I'll bet that they didn't think of that and include the option............ choices.

Let you skip the known problem areas, you mean, like the update
that clobbers the sound?

Hugh, I can't address that particular concern, yet, and it's not precisely
what I was thinking of when I wrote the above, though it comes under a
general category. Any further comment on my part will, alas, have to wait
for just a bit longer, mostly so that I can be sure of my facts. I do want
to clarify what I said, though--the "forced instaalltion/reinstallation" I
spoke of is not the entire OS, just updates and patches. Without in-depth
detection and analysis, this is the only way to be sure they are all
installed and complete.

It is amazing how fast one's blood can boil, isn't it?
I'm sory to disagree, but we are talking about a consumer product
designed for and intended to operate a consumer product.
Anything categorized as "too complicated for the average user"
should never make it out of the Redmond campus.

There are many, many, many IT/Expert level apps and utilities provided by MS
(and others) that are indispensible to a professional administrator, etc.,
yet would cause unmitigated disasters in the hands of average users. Hell,
there are several such utilities distributed as *part* of the OS
installations. You can have "Idiot-Proof", you can have "Expert Level", and
you can have any number of things in between. To call any version of Windows
a "consumer product" is to ignore reality. It depends on the environment in
which it's installed and used. In this case, for the average, er,
"consumer", its as good as it gets.

what it does quite well.)

I wonder if this thing went through the Usability Group?

Didn't know there was such a thing. Certainly haven't seen much evidence of
its existence, ;-)

 

[Larry Samuels]

Unfortunately!--They SHOULD have been using NT.

--
Larry Samuels MS-MVP (Windows-Shell/User)
Associate Expert
Unofficial FAQ for Windows Server 2003 at
http://pelos.us/SERVER.htm
Expert Zone -

 

[Artwilder]

Will there be new updates to the NT kernal to stop the new threats since
the NT and 2000 source code were leaked over the Internet?

 

[Gary S. Terhune]

With a nod to Larry's cogent and accurate observation, that was precisely my point, Artwilder. Win9x is used in many non-consumer-level applications, as workstations, network clients, etc., with persons other than the actual user responsible for configuration and maintenance. I would venture to guess that a majority of existing installations of 9x are in this category.

Are you ready for a major "the way I see it" speech? Here it is--"The Way I See It", by Gary S. Terhune

My reference to the Expert-level utilities (such as those used to analyze and manually configure security and state of patching, etc.) was intended to illustrate what I consider to be the essential if unfortunate but probably necessary divide in the MS mindset towards end-users.

"You are either an idiot who needs an IT to manage your machine (and take total responsibility for it), or you are an idiot who needs us (Microsoft) to do it for you. If you want us to do it for you, you gotta do it our way. We can't be spending millions to provide yet another maze of selections that only an IT can probably be trusted to maneuver through properly, anyway, and then *also* promise you an end result that is as secure as we can make it. Listen Up! We may be behind the curve on this one, but we've seen the light. Security is *all* we care about right now. If your system can't handle the updates we consider minimum requirements, well then that's your tough luck. We tried, we're trying, and we'll keep on trying. We're damned if we do and damned if we don't, and while we make mistakes, we do our level best to fix them, priorities, technology, time and resources permitting.

"Bottom line--You want our assurances with regard to Security, to the extent that we can even provide such assurances, you'll do what we tell you to do and live with the consequences."

I don't blame MS for doing it this way, even if I'd prefer some in-between solution. I don't happen to be the kind that rants and bashes MS for every little bug. Bugs are a fact of life. I'm constantly hearing about this or that major problem due to a patch. But in all my time in these groups, I've seldom seen any such problems that actually affected more then a small number out of millions of users. It's a matter of playing the percentages, folks. Even *if* a significant number of users are affected by a particular failing in an Update, while I expect MS to do what they can to ameliorate that bug, if it comes down to a choice between security and bugless living, I agree that the former is the proper choice for MS to promote. I may gamble and choose differently, you may wish to gamble and choose differently, but MS can't be expected to support us in that gamble.

The best I can do to contribute toward this change in Microsoft's mindset is to point out, whenever and wherever possible, the details that may be overlooked in this rush to lockdown--like suggesting automatic download and *notification* of Critical Updates instead of automatic download and *installation*, which ignores the very real probability that some preparation on the user end is likely to result in a more successful update operation then a ram-it-in-regardless-of-current-state procedure.

I knew Hugh, for one, was going to howl about this CD, along with many other regulars here (in Win98.Gen_Discussion), because they are the types who'd rather make their own choices (and gambles) when it comes to patching and updates. But Hugh, if you're honest about it, you'll agree that our type of end-user is not truly representative of the "typical" Windows end-user. Nowhere near.

I don't see this CD being useful to a person such as ourselves who already has their system well under control. But I *do* see it as being extremely useful to anyone who is performing a clean install of older Windows systems. In fact, I suspect that this CD will provide a way for persons to "over-install" an existing system, or "upgrade" from Win98 to 98SE, and be able to restore their system to a state of sanity that until now was not usually possible after such procedures. Probably still wouldn't pass my bench, but I'm betting it will suit most. It certainly improved on such machine I have sitting right here on my desk. It was messed up after a scrambling and reinstall of Win98SE that I performed around Thanksgiving (mostly in the name of science, <s>), and when I got the beta CD the first thing I did was run it on that machine. It went from being a dead hulk, waiting for me to make the time to rebuild it completely, to just being a cantankerous beast that can usually handle what I throw at it--even though I'm *still* going to rebuild it from scratch when I find my round TUIT.

As a consultant to many clients who are exactly the kinds of users I have in mind when I use that term, "idiots"--people who don't *want* to look under the hood, don't even want to know anything about it, and who are prone to ignore the potential damage they are doing to their "engines" by repeatedly installing crap, "deleting" programs, "fixing" and otherwise mangling their systems on a daily basis, knowing that when it gets hopeless, Gary will come over and fix it--with this CD in hand, I may not earn much more money, but I'll certainly save a lot of wasted time. I'll still have to go to the machine, and I'll still have to fix any glitches, but I certainly won't have to guess what's missing, or spend hours reinstalling updates and patches, and rebooting after each one, just in case, and praying that I get them in the right order... I'll arrive, clear the decks, clean up the garbage, then run the CD and top it off with whatever else might be missing (which I will also have on CD.) It's going to automatically do what I would do anyway, only a lot faster.

 

[Gary S. Terhune]

If there are, do you actually expect to be told about them before they're available? MS doesn't do things that way.

 

[Artwilder]

Great Speech, Gary Terhune! I was a little confused when you talked abut
our type of user in your speech? Were you referring to the fact that most
users have no clue what they are doing with their computers or that most
users do not care or what? Do you know if 98SE users will get any more
updates to Windows Media Player, Internet Explorer, or Direct X or will you
have to upgrade to XP if you are able or soon face dire consequences? I
enjoy keeping my computer up to date. I make sure to update graphic
drivers, sound drivers, virus-definition files, anti-spyware programs and
have flashed my BIOS. I like having a computer that runs well and is free
of viruses and spyware. How people manage without knowing the basics of
computing shocks me! I wonder if it should be required to take some
computer courses to prevent the stupidity that we see among some users.
Just my two cents. :>

 

[Gary S. Terhune]

Great Speech, Gary Terhune!

Thank you, thank you. I'd bow, but it might make both my forehead and this post look funny.

I was a little confused when you talked abut
our type of user in your speech? Were you referring to the fact that most
users have no clue what they are doing with their computers or that most
users do not care or what?

Most users only want to know how to do what they want to do, and either couldn't care less about how it all happens and how to *keep* it all happening, figuring they'll drive it until it dies--or they're afraid of the whole subject, or have decided that they haven't the time and will settle for someone else taking care of it. Or any or all of the above. I get a lot of, "Teach me how to do this, then go away!" My wife, who is in fact an accomplished user with many more years experience than I, is this type. Most of my clients are this type. Even my Dad, who had an Osborne 2 Portable as soon as it hit the market, is this type, once you get beyond DOS (in which he's a fairly accomplished programmer.) He just decided that Windows wasn't something he was going to learn in depth. Just enough to get by.

Do you know if 98SE users will get any more
updates to Windows Media Player, Internet Explorer, or Direct X or will you
have to upgrade to XP if you are able or soon face dire consequences?

No, I don't *know*, but I'm fairly certain that for versions earlier than ME, and maybe even for ME, you've seen the last of it on any of those accounts except for security-related patches.

I enjoy keeping my computer up to date. I make sure to update graphic
drivers, sound drivers, virus-definition files, anti-spyware programs and
have flashed my BIOS. I like having a computer that runs well and is free
of viruses and spyware. How people manage without knowing the basics of
computing shocks me! I wonder if it should be required to take some
computer courses to prevent the stupidity that we see among some users.
Just my two cents. :>

Even those who are do-it-yourself types tend to wait until some event forces them to look at upgrades of any type. And even such things as initiating new regimes of protective procedures tend to be stepped--you go along until some wake-up call smacks you in the face, and then institute a quantum change in habits and programming.

Myself, I'm not a fanatic, but I do take regular inventories and perform periodic checkups. I *used_to_be* a fanatic, but haven't the time, lately. I spend enough time doing it for other people, and the novelty has worn off.

 

[PA Bear]

Allow me to kick things off.

#1 This CD is 6 months out of date

While this statement is [possibly] not true today,
it will be true by the time the CD hits your mailbox.

There is no implied criticism here. Just a simple heads up
that people need to be aware of, just like Gary stated.

<snip>
PA Bear wrote:
How do you expect beta testing to be conducted on updates not yet
released?

How does that even remotely connect to what I posted?

Mind you, I'm playing Devil's Advocate here:

You stated the CD was already 6 months out of date. (Actually, it's only 4
months out of date.)

The CD contains all Updates through and including those released in early
Oct-03 (more or less).

The CDs to be used in the beta testing were prolly produced in
early-/mid-Nov-03. Distribution of and beta testing using the CDs began in
Dec-03.

Therefore, how could the CDs being released now (for free, worldwide)
possibly include any updates which post-date the production of the beta CDs
and the beta testing of its contents (e.g., MS04-004)?

 

[Hugh Candlin]

Are you ready for a major "the way I see it" speech? Here it is--"The Way I See It", by Hugh Candlin.

Security isn't something you dink around with, "solving" one problem at a time,
until you get it right, because you are never going to get it right that way.

Security should be integrated into the product to the extent that Security
is the base component of the product, and the features of the product
are built upon and around that solid, secure, transparent foundation.

There is NO other way, and NO other way should be considered.
ANY suggestion that this cannot be done is baseless and irresponsible.

If the current market leader cannot and/or will not accept that fact,
then the market will turn away from them to someone who will.

Many years ago, Bill Gates publicly agonized over the possibility,
that Microsoft would follow the normal corporate bell curve to oblivion.

Or was it probability?

I could add a disclaimer here that, despite the probability that this missive will be
perceived as a diatribe against Microsoft, nothing could be further from the truth.

I am perfectly OK with Microsoft maintaining its position as the supplier
of the #1 desktop operating system. But right now, that position is up for grabs,
and if Microsoft doesn't learn to innovate and think outside the box they are in,
then change is inevitable.

I could, but I won't.

It is easier to criticize me for being analytical than it is to address the fundamental flaws
that need to be addressed. And they WILL be addressed.

It simply remains to be seen, by whom.

 

[Hugh Candlin]

Allow me to kick things off.

#1 This CD is 6 months out of date

While this statement is [possibly] not true today,
it will be true by the time the CD hits your mailbox.

There is no implied criticism here. Just a simple heads up
that people need to be aware of, just like Gary stated.
<snip>
PA Bear wrote:
How do you expect beta testing to be conducted on updates not yet
released?

How does that even remotely connect to what I posted?

Mind you, I'm playing Devil's Advocate here:

You stated the CD was already 6 months out of date.
(Actually, it's only 4 months out of date.)

No!! I did not!!. I fully qualified my remark.

The CD contains all Updates through and including those released in early
Oct-03 (more or less).

The CDs to be used in the beta testing were prolly produced in
early-/mid-Nov-03. Distribution of and beta testing using the CDs began in
Dec-03.

Therefore, how could the CDs being released now (for free, worldwide)
possibly include any updates which post-date the production of the beta CDs
and the beta testing of its contents (e.g., MS04-004)?

I have no idea. You tell me, as it is your idea.
I never suggested anything remotely close to that.

You are obviously an intelligent person, so you should
be able to find the GST post that I responded to,
and note its context, and also interpret my responseout of that context and criticizing them, or putting words
into my mouth that I never even remotely hinted at.

 

[Gary S. Terhune]

Are you ready for a major "the way I see it" speech? Here it is--"The Way I See It", by Hugh Candlin.

Security isn't something you dink around with, "solving" one problem at a time,
until you get it right, because you are never going to get it right that way.

Ummm, Hugh... How long do you think folks are going to sit around and wait for this perfect OS to be developed? Solving one problem at a time is what computer science is all about. A computer system, secure or not, is worthless if it can't also perform tasks that are requested of it, using the technology available, and within the environment that is currently extant. We all have perfectly secure systems available to us. Pull the plug and you got one sitting right in front of you (so long as you can keep anyone else from plugging it back in.) I do not know of *one_single* perfectly secure computer system in the entire world that actually does anything or contains any data worth keeping "secure". So long as there is an interface with that data, it is not secure, almost by definition.

Security should be integrated into the product to the extent that Security
is the base component of the product, and the features of the product
are built upon and around that solid, secure, transparent foundation.

Dream on. "Solid, Secure, Transparent." Mutually exclusive conditions.

There is NO other way, and NO other way should be considered.
ANY suggestion that this cannot be done is baseless and irresponsible.

I do not consider myself irresponsible or lacking a base, and I categorically refute your premise. It CANNOT be done.

If the current market leader cannot and/or will not accept that fact,
then the market will turn away from them to someone who will.

There is no such system. Not even possible on paper. Thus there can be no such person or corporation, now or ever.

Many years ago, Bill Gates publicly agonized over the possibility,
that Microsoft would follow the normal corporate bell curve to oblivion.

Or was it probability?

Probability, based upon simple understanding of business dynamics. Also irrelevant to the subject at hand.

I could add a disclaimer here that, despite the probability that this missive will be
perceived as a diatribe against Microsoft, nothing could be further from the truth.

Diatribe, yes. One which I suspect is born of understandable frustration. But if you insist on speaking in absolutes, you put most realistic discussion beyond the pale.

I am perfectly OK with Microsoft maintaining its position as the supplier
of the #1 desktop operating system. But right now, that position is up for grabs,
and if Microsoft doesn't learn to innovate and think outside the box they are in,
then change is inevitable.

Change is always inevitable. But I see nothing even remotely resembling your dream OS anywhere on the horizon (which I guess is to be expected, since it's a mathematical impossibility.) Yup, the position is up for grabs, and always has been. And I don't see any better candidates for an even reasonably "Secure System", anywhere. Not any that are also even remotely within the realm of mass-production with braod consumer appeal.

I could, but I won't.

If you could, I suspect you would. But can you at least establish some reasonable discussion points?

It is easier to criticize me for being analytical than it is to address the fundamental flaws
that need to be addressed. And they WILL be addressed.

It simply remains to be seen, by whom.

I see no real analysis, only diatribe. Sorry, Hugh. I like and respect you, but we've found your blind spot. Yes, systems that are more secure will be developed, and paradigms will change, particularly those involving the definition and practice of computer security. But in the end, the PC world is as close to being purely democratic as anything else I can think of--and you know what they say about democracy.

 

[Hugh Candlin]

Are you ready for a major "the way I see it" speech? Here it is--"The Way I See It", by Hugh Candlin.

Fair's fair, <s>.

HC: Sorry, Gary. Tired. Lazy. Grumpy. Pick any 3 from 3.

Security isn't something you dink around with, "solving" one problem at a time,
until you get it right, because you are never going to get it right that way.

Ummm, Hugh... How long do you think folks are going to sit around and wait for this perfect OS to be developed?

HC: However long it takes. It is essential and inevitable. It isn't a question of IF.
It is merely 2 questions. When? And Who? Personal Computing has long
outgrown the pioneering, fly-by-night-and-the-seat-of-your-pants,
don't-bother-with-that-just-shove-the-product-out-the-door-and-sit-back-
and-look-cool-and-let-the-cash-roll-in-and-how-are-our-options-doing environment.
The only corporate entity that doesn't understand the enterprise, that doen't put the
customer first, that STILL thinks that THEIR way is THE way is, guess who?

Solving one problem at a time is what computer science is all about.

HC: No, no, no, no, no. A thousand times no. A billion times no.
Never, never, never, never, never. It is essential that the driving force
be capable of seeing the big picture and of conceiving, developing
and executing a plan of action accordingly, to address the relevant issues.

A computer system, secure or not, is worthless if

HC: If a computer system is not secure, it is worthless. That needs no qualification.

it can't also perform tasks that are requested of it, using the technology available,

HC: The technology is available.

and within the environment that is currently extant.

HC: You mean that Microsoft has a vested interest in maintaining the marketability
of the current cose base? It is obsolete. It is irrelevant. It is incompetent.

We all have perfectly secure systems available to us. Pull the plug and you got one
sitting right in front of you (so long as you can keep anyone else from plugging it back in.)
I do not know of *one_single* perfectly secure computer system in the entire world
that actually does anything or contains any data worth keeping "secure".
So long as there is an interface with that data, it is not secure, almost by definition.

HC: I agree here. A system administrator is a security risk. That is a given.
However, I am not demanding perfection. Just better. Much, much better.

Security should be integrated into the product to the extent that Security
is the base component of the product, and the features of the product
are built upon and around that solid, secure, transparent foundation.

Dream on. "Solid, Secure, Transparent." Mutually exclusive conditions.

HC: No, there are not. That is a defeatist attitude to which I will not subscribe.

There is NO other way, and NO other way should be considered.
ANY suggestion that this cannot be done is baseless and irresponsible.

I do not consider myself irresponsible or lacking a base, and I categorically refute
your premise. It CANNOT be done.

HC: Hold on there, cowboy. Let's disassociate the ideas from the proponents.
While we obviously disagree on the level of perfection to be attained by "it',
rest assured that "it' will be done. "It" is necessary. We are spending billions
upon billions of dollars, pounds, francs, marks, whatever, running around
like chickens, ping-ponging from one crisis to another. Chicken Run is OVER!!

I actually see a parallel here with standard application production support.
Visualize this. A bug in an application program creates a database problem.
Support personnel are given the task of fixing the issue. Let's say that it is
a hosed up order for the new Update CD. They do what they have to do.
Before they get done, another error pops up. Again, they fix it. Another
one pops up. And another. And another. Before they know it, they are
spinning their wheels, trying to keep the business running by getting the
orders fixed, one by one, while the error continues to cause problems.
The obvious correct course of action is finally forced upon them. They stop
the remedial activity on the data, and fix the application to stop the torrent
of errors. There is no other way, unless you have sufficient staff to do both
at the same time, which is ideal.

It CAN be done. It WILL be done. It MUST be done.

If the current market leader cannot and/or will not accept that fact,
then the market will turn away from them to someone who will.

There is no such system.

HC: That is painfully obvious.

Not even possible on paper.

HC: I'll just quietly bite my tongue here.

Thus there can be no such person or corporation, now or ever.

HC: We shall see.

Many years ago, Bill Gates publicly agonized over the possibility,
that Microsoft would follow the normal corporate bell curve to oblivion.

Or was it probability?

Probability, based upon simple understanding of business dynamics.
Also irrelevant to the subject at hand.

HC: We disagree here. Big time. Microsoft will stay in the driver's seat
only as long as they steer the wheels in the correct direction.
If they insist on taking their shortcuts against the wishes of the
majority, then the majority will seek another mode of transportation.

I could add a disclaimer here that, despite the probability that this missive will be
perceived as a diatribe against Microsoft, nothing could be further from the truth.

Diatribe, yes.

HC: No, it isn't. It just sounds like one when you are philosophically opposed
to the advocated change, regardless of the magnitude of the change.

One which I suspect is born of understandable frustration.
But if you insist on speaking in absolutes, you put most realistic discussion beyond the pale.

HC: I do not speak in absolutes. I just refuse to limit my vision.

I am perfectly OK with Microsoft maintaining its position as the supplier
of the #1 desktop operating system. But right now, that position is up for grabs,
and if Microsoft doesn't learn to innovate and think outside the box they are in,
then change is inevitable.

Change is always inevitable.

HC: Normally, yes.

But I see nothing even remotely resembling your dream OS anywhere on the horizon

HC: Maybe I can see over the horizon, then.

(which I guess is to be expected, since it's a mathematical impossibility.)

HC: Perfect security? Yes. What I envision? No. I do not conceive
mathematical impossibilities. That isn't how my imagination operates.

Yup, the position is up for grabs, and always has been. And I don't see any better candidates for an even reasonably "Secure
System", anywhere. Not any that are also even remotely within the realm of mass-production with braod consumer appeal.

HC: Perhaps.

I could, but I won't.

If you could, I suspect you would. But can you at least establish some reasonable discussion points?

HC: "Reasonable" is a matter of personal opinion, is it not?

It is easier to criticize me for being analytical than it is to address the fundamental flaws
that need to be addressed. And they WILL be addressed.

It simply remains to be seen, by whom.

I see no real analysis, only diatribe.

HC: I said that that would happen.

Sorry, Hugh. I like and respect you, but we've found your blind spot.
Yes, systems that are more secure will be developed, and paradigms will change,
particularly those involving the definition and practice of computer security.

HC: We are not as far apart as you might think, after all.
What we have here is a failure to communicate fully and completely.

But in the end, the PC world is as close to being purely democratic
as anything else I can think of

HC: The PC world is an anarchistic, back-stabbing, dog-eat-dog
maelstrom where anything goes and anyone is fair game.

--and you know what they say about democracy.

HC: The art of choosing between the disastrous and the unpalatable?

-------------------------------------------------------------------------
What you do is of little significance, but it is very important that you do it.
Mahatma Gandhi
-------------------------------------------------------------------------


..



-
Gary S. Terhune
MS MVP for Windows 9x

 

[PCR]

He admitted he's the Devil, Candlin! That's more than I could ever get
him to do! So, let it rest-- & better relocate to a cool spot in
Saskatchewan! Leboeuf may have a place for you there.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
|
....snip
| > Mind you, I'm playing Devil's Advocate here:
| >
....snip

 

[Gary S. Terhune]

I'm gonna have to let this one rest for a while. I need to get some work done. But I'll get back to you with a more detailed response. Short story--I think you are still engaging in hyperbole and ignoring several aspects of the always more nuanced reality. I understand your desires, but putting on the brakes and shutting down the world while somebody, somewhere gets it all fixed--ain't gonna happen. If *any* corporation or other entity is ahead of the game in eventually fulfilling your desires, it's Microsoft. But while developing the "perfect" system, they also have to pay attention to keeping the current one viable. Personally, I think they're doing a damned fine job. Not perfect, by any means, but that's democracy (and capitalism) for you.

Your description of the PC world is accurate. It's the natural order of things. Still, Anarchy is often the necessary prelude to a Democracy that works--the PC world is simply at that stage of growth where the participants need to realize that a responsible police force is preferable to having each house turned into a fortress, with complex alarm systems, guard dogs, and guns at every window. On the other hand, having a "perfectly safe", "idiot-proof" home necessarily implies an all-powerful, all-seeing government and a rigid socio-economic system--Big Brother style, complete with all the corruption that that implies. There has to be a medium ground, somewhere, but asking that the end-user--the individual--be totally responsible for her own well-being--that the PC platform be impenetrable--is just as unworkable as Big Brother is unpalatable. Do we need some benevolent dictators to get us through this patch? Perhaps. But I can't see any acceptable candidates for the position--yet.

Your description of Democracy is an interesting one, if rather dark. I was thinking of "The worst possible form of government--except for all the rest."

 

[Alan Edwards]

Just to be different:
Confirmation Number: 00000000002674
About 20 hours ago.

....Alan

 

[Gerry Cornell]

Gary

Your dialogue with Hugh and others was interesting to read <g>. May I single out part of one paragraph you wrote which, to me is the best justification I have seen, as to why the CD will be helpful.

"I *do* see it as being extremely useful to anyone who is performing a clean install of older Windows systems. In fact, I suspect that this CD will provide a way for persons to "over-install" an existing system, or "upgrade" from Win98 to 98SE, and be able to restore their system to a state of sanity that until now was not usually possible after such procedures."

Hugh's line "Security should be integrated into the product to the extent that Security
is the base component of the product, and the features of the product
are built upon and around that solid, secure, transparent foundation.

There is NO other way, and NO other way should be considered.
ANY suggestion that this cannot be done is baseless and irresponsible."

This is too puritanical for my taste. Changing "the" to an "a" before "base component" makes the first paragraph more palatable to me. With the benefit of hindsight I think Microsoft should have adopted Hugh's line on security but regrettably they did not so we need to move on. To say Microsoft acted irresponsibly, in my view, goes too far as it presumes that Microsoft were or should have been aware of the dangers and should have built in more security. The cost to them of their mistake, in terms of loss of face and rectification costs, must have been, and is continuing to be, colossal so one would hope / expect them not to make the same mistake again.


--

~~~~~~

Regards.

Gerry

~~~~~~~~~~~~~~~~~~~~~~~~
FCA
(e-mail address removed)
Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~

Are you ready for a major "the way I see it" speech? Here it is--"The Way I See It", by Hugh Candlin.

Security isn't something you dink around with, "solving" one problem at a time,
until you get it right, because you are never going to get it right that way.

Ummm, Hugh... How long do you think folks are going to sit around and wait for this perfect OS to be developed? Solving one problem at a time is what computer science is all about. A computer system, secure or not, is worthless if it can't also perform tasks that are requested of it, using the technology available, and within the environment that is currently extant. We all have perfectly secure systems available to us. Pull the plug and you got one sitting right in front of you (so long as you can keep anyone else from plugging it back in.) I do not know of *one_single* perfectly secure computer system in the entire world that actually does anything or contains any data worth keeping "secure". So long as there is an interface with that data, it is not secure, almost by definition.

Security should be integrated into the product to the extent that Security
is the base component of the product, and the features of the product
are built upon and around that solid, secure, transparent foundation.

Dream on. "Solid, Secure, Transparent." Mutually exclusive conditions.

There is NO other way, and NO other way should be considered.
ANY suggestion that this cannot be done is baseless and irresponsible.

I do not consider myself irresponsible or lacking a base, and I categorically refute your premise. It CANNOT be done.

If the current market leader cannot and/or will not accept that fact,
then the market will turn away from them to someone who will.

There is no such system. Not even possible on paper. Thus there can be no such person or corporation, now or ever.

Many years ago, Bill Gates publicly agonized over the possibility,
that Microsoft would follow the normal corporate bell curve to oblivion.

Or was it probability?

Probability, based upon simple understanding of business dynamics. Also irrelevant to the subject at hand.

I could add a disclaimer here that, despite the probability that this missive will be
perceived as a diatribe against Microsoft, nothing could be further from the truth.

Diatribe, yes. One which I suspect is born of understandable frustration. But if you insist on speaking in absolutes, you put most realistic discussion beyond the pale.

I am perfectly OK with Microsoft maintaining its position as the supplier
of the #1 desktop operating system. But right now, that position is up for grabs,
and if Microsoft doesn't learn to innovate and think outside the box they are in,
then change is inevitable.

Change is always inevitable. But I see nothing even remotely resembling your dream OS anywhere on the horizon (which I guess is to be expected, since it's a mathematical impossibility.) Yup, the position is up for grabs, and always has been. And I don't see any better candidates for an even reasonably "Secure System", anywhere. Not any that are also even remotely within the realm of mass-production with braod consumer appeal.

I could, but I won't.

If you could, I suspect you would. But can you at least establish some reasonable discussion points?

It is easier to criticize me for being analytical than it is to address the fundamental flaws
that need to be addressed. And they WILL be addressed.

It simply remains to be seen, by whom.

I see no real analysis, only diatribe. Sorry, Hugh. I like and respect you, but we've found your blind spot. Yes, systems that are more secure will be developed, and paradigms will change, particularly those involving the definition and practice of computer security. But in the end, the PC world is as close to being purely democratic as anything else I can think of--and you know what they say about democracy.

 

[=?iso-8859-1?Q?Ivan_B=FAtora?=]

Gary,

maybe this is clear from your posts, but I'm not quite sure: How does the CD work? Does it have all the individual patches where you can choose what you want, and does it also have all descriptive materials (KB articles, security bulletins)? Or is there simply one automatic option?
You'll probably advise me to order and see for myself?

Thanks,

Ivan



More like 4 months, but I get your drift. Bear has addressed that issue. Beta-testing takes time. The level of patching that is included has been reasonably well debugged, something that can't be said for more recent patches.

Myself, I find this CD to be useful *if* a full and forced updating is desired (through Oct. '03.) On Win98/98SE/ME systems, it's not a "Detect and Repair" operation--it's a forced installation/reinstallation.

Personally, I'd have preferred a more intelligent "detect and repair" kind of system, updatable with additional catalogs and patches, and with more (*any*) choices. Such systems are available for newer versions of Windows, and while they are too complicated for the average user, I was hoping for something more along those lines than what was produced. This production is MS Idiot-Proofing at its best. (Yes, "best"--it does what it does quite well.)

--
Gary S. Terhune
MS MVP for Windows 9x

There are definitely some things people will want to know and understand *before* running the CD.

Allow me to kick things off.

#1 This CD is 6 months out of date

While this statement is [possibly] not true today,
it will be true by the time the CD hits your mailbox.

There is no implied criticism here. Just a simple heads up
that people need to be aware of, just like Gary stated.