Why most run Microsoft, not RedHat

Thu Apr 19 12:55:56 UTC 2007

Anne Wilson wrote:

>>> You speak of "limited experience" - I deal with many Windows machines,
>>> all day long, day in and day out, in a business environment. Maybe that's
>>> the difference. We have an enterprise grade firewall behind the router.
>>> Each Windows box runs its own personal firewall. Each machine also runs
>>> anti-virus and anti-spyware. That's the price you have to pay - it costs
>>> money, and it takes time - it stinks.
>> And it doesn't help if you get the virus before your anti-virus vendor
>> has the cure.
>>
> In that case you very likely have the wrong vendor.  Any respectable AV vendor 
> will have a sample the moment anyone reports it.  You could be the unlucky 
> first victim, but the odds are slight, to say the least.

We used the 2 biggest vendors.  And clam.

>>> I prefer Linux but you can't tell me that Windows can't be run reliably -
>>> it's just not my experience over many, many years. I don't think it has
>>> anything to do with luck.
>> You can say that because you've been lucky.  We had 2 rounds of 0-day
>> exploits.  One took 3 days for the anti-virus vendors to come up with a
>> cure.
>>
> "I've often noticed that the harder I work, the luckier I get".  I can't 
> remember who said it, but....

We diagnosed the problem ourselves, sent the samples, both vendors took 
3 days to respond.  It was about a week before it was included in a clam 
update.

>> The problem is that so much of the system is opaque with undocumented
>> 'features' that are just waiting to be exploited.  It's not that the
>> users are clueless, it is that there is no way for them to have a clue.
>> How many people know the minimal set of ports needed to be open  for
>> Active Directory and Exchange server to work and what is supposed to
>> happen on each, for example?
>>
> How many people need to?  If they need those services their sysadmin or vendor 
> will have set it up for them.  Ordinary users never need to know this.

Not even those people know. Who knew about the current DNS exploit?

> My elder daughter is indeed clueless.  She wants a tool to do the job.  She 
> has been using a computer attached to the Internet for around 10 years, under 
> Win98 until last year, and now under XP.  She has used Netscape/Mozilla for 
> browsing and mail all that time.  She knows about dubious emails.  She 
> doesn't visit dodgy sites.  She has up to date AV and a firewall.  She rings 
> me if there's something unusual and worrying.  She has had neither virus nor 
> trojan in all that time.  The only installs have been done when I have 
> changed her hardware.

How do you know the machine isn't compromised? The current crop of 
viruses aren't obvious but let someone control it when they want.  Vint 
Cerf has estimated that 25% of all computers are - and I'd guess even 
higher than that.  Would  you know if it was sending a few pieces of 
spam email now and then - or making a few web site hits to run up 
someone's ad counters?

-- 
   Les Mikesell
    lesmikesell at gmail.com