Re: So... is Karmic Koala going to be usable?
I apologise if I have misconstrued your intent.
A lot of people think they can and a lot of people think they do.
However, as long as Microsoft keeps secret the security holes in YOUR Windows installation until such time as they deem it necessary to release the announcement of a hole, and the patch on the same day, NO Windows user can be sure that they are safe, or that their box isn't a zombie in some Windows bot farm. Microsoft has sat on some holes for months, and in the case of IE6, for years. Sometimes they NEVER patch a hole and recommend the user "upgrade" to a newer version, which is terrific for their bottom line, but not the user's.
While this is especially true for Joe and Sally Sixpack, it has become patently clear that even corporations, with their cadres of MSCE's administering the Windows desktops and servers connected to the Internet, are having a difficult time keeping them secure. Before I retired I programmed for the Dept of Revenue in the state where I reside. A year before I retired the new Governor. who campaigned on improving efficiencies and cutting costs, abandon the Dept's move from NetWare to Linux servers and forced the entire state to "standardise" on Microsoft software. He dictated that all department servers be moved to the State CTO office and placed under their control He's replaced an atmosphere of sharing and cooperation with one of territorial stakeouts (for job preservation) and snitching (which amount to mainly false accusations for poltical advantage). An amazing turn of events considering that the previous Tax Commissioner, who saw State tax revenues fall $700M under her watch, rallied the employees and lead by example, even doing work on the mail processing lines. The new, "more efficient" governor replaced one Tax Commissioner with two, and forced the abandonment of 10,000 LotusNotes licenses, to be replaced with Microsoft Exchange licenses, so that all 13,000 state workers would be using the same software. That decree also forced us to abandon nearly 200 integrated LN databases that could not be easily migrated to Exchange/SharePoint because they were too complex and relationally joined for Microsoft's tools to handle. Those tools which could do part of the job licensed out at $5K/copy. With tight budgets restricting purchases most of the migration, where possible, was done manually. But, efficiencies have dropped to 1/4th their previous level. Where previous directory browsing on NetWare or Linux servers were nearly instantaneous, browsing a directory under the control of "Active Directory" becomes painfully slow, even if you've browsed it an hour before. And, now in the fact of a $200 Million tax shortfall, his solution is to furlough or layoff workers, something the previous tax commissioner didn't consider when her problem was almost 3X bigger.
Now, to make matters worse, I read in yesterday's evening edition of our local newspaper that the Dept of Roads Windows network (the one with personnel information on it) was hacked into on Sept 6th, and they just found out about it last weekend. OVER TWO MONTHS that computer network was browsed at will by bad guys. How many Roads employees had their personal info stolen? All of them. The State CTO controls those servers. Obviously it takes more than a diploma from Westpoint, oir a Law degree, or $2,000 suits and $100 haircuts to make a computer network safe, but even with the best IT training and experience if you don't know where the land mines are hidden and Microsoft won't tell you, sooner or later you WILL step on one and it will blow you up. Oh, what wasn't mentioned in that news story was the possibility that information on that server might lead to compromises in other servers under the control of the State CTO. Tax information for 1,700,000 state citizens may have already been compromised.
While NO software, including Linux, is 100% safe, Linux has been designed from the ground up to be a secure networking OS. Since the source code is GPL it is open to all for examination and these examinations have revealed holes. The source for proprietary applications is not available to the public for vetting, like FOSS is, so holes are usually found by user reports to AV software companies whose vaccines didn't stop infections that crippled the users Windows installations. Here is where the Linux paradigm differs significantly from Microsoft's -- holes in the Linux kernel or FOSS applications are not kept secret. They are publicly announced, along with proof code which can be used to test subsequent patches. Patches are usually created within hours of the announcement if not at the same time, and the patched software usually appears in the repositories or on download sites very soon thereafter. Linux users aren't treated like mushrooms. So, when I hear about a hole in a FOSS application I use, I, ME, not some unethical corporation, can decide IF I want to continue using that software or refrain from using it until I install the patch. In other words, I can keep my system as safe as humanly possible.
Considering the financial and personal risks, it amazes me that folks continue to choose an OS (including win7) that continues to hang their financial future outdoors on the clothes line, along with their other personal laundry, and even their reputation. I am reminded of the substitute teacher who had her reputation, teaching certificate and finances destroyed because she couldn't stop a classroom computer running Windows from continuing to pop up porn pages on the display. Some JR Hi boys were using the display and from their giggles attracted her attention. She went over to the computer and clicked the "X" on the browser but instead of closing down it popped up more porn pictures. The more she clicked the more pics appeared. Of course, the boys said they weren't browsing porn. She was no computer expert. Neither was the detective who took a one week course in using a Windows "forensic" tool and leaped to all sorts of wild conclusions about his "discoveries" on that PC. The Judge refused to allow a REAL computer forensic expert to testify, and even though folks at Microsoft KNEW about the problem they continued to let her fry in the juices they cooked up with their security paradigm. On appeal she negotiated her way out of prison sentence by giving up her teaching certificate because she could no longer afford to fight the battle. I do not remember if they tacked the "pervert" label on her or not, but things couldn't be any worse for her right now.
I apologise if I have misconstrued your intent.
Originally posted by gregwalton
However, as long as Microsoft keeps secret the security holes in YOUR Windows installation until such time as they deem it necessary to release the announcement of a hole, and the patch on the same day, NO Windows user can be sure that they are safe, or that their box isn't a zombie in some Windows bot farm. Microsoft has sat on some holes for months, and in the case of IE6, for years. Sometimes they NEVER patch a hole and recommend the user "upgrade" to a newer version, which is terrific for their bottom line, but not the user's.
While this is especially true for Joe and Sally Sixpack, it has become patently clear that even corporations, with their cadres of MSCE's administering the Windows desktops and servers connected to the Internet, are having a difficult time keeping them secure. Before I retired I programmed for the Dept of Revenue in the state where I reside. A year before I retired the new Governor. who campaigned on improving efficiencies and cutting costs, abandon the Dept's move from NetWare to Linux servers and forced the entire state to "standardise" on Microsoft software. He dictated that all department servers be moved to the State CTO office and placed under their control He's replaced an atmosphere of sharing and cooperation with one of territorial stakeouts (for job preservation) and snitching (which amount to mainly false accusations for poltical advantage). An amazing turn of events considering that the previous Tax Commissioner, who saw State tax revenues fall $700M under her watch, rallied the employees and lead by example, even doing work on the mail processing lines. The new, "more efficient" governor replaced one Tax Commissioner with two, and forced the abandonment of 10,000 LotusNotes licenses, to be replaced with Microsoft Exchange licenses, so that all 13,000 state workers would be using the same software. That decree also forced us to abandon nearly 200 integrated LN databases that could not be easily migrated to Exchange/SharePoint because they were too complex and relationally joined for Microsoft's tools to handle. Those tools which could do part of the job licensed out at $5K/copy. With tight budgets restricting purchases most of the migration, where possible, was done manually. But, efficiencies have dropped to 1/4th their previous level. Where previous directory browsing on NetWare or Linux servers were nearly instantaneous, browsing a directory under the control of "Active Directory" becomes painfully slow, even if you've browsed it an hour before. And, now in the fact of a $200 Million tax shortfall, his solution is to furlough or layoff workers, something the previous tax commissioner didn't consider when her problem was almost 3X bigger.
Now, to make matters worse, I read in yesterday's evening edition of our local newspaper that the Dept of Roads Windows network (the one with personnel information on it) was hacked into on Sept 6th, and they just found out about it last weekend. OVER TWO MONTHS that computer network was browsed at will by bad guys. How many Roads employees had their personal info stolen? All of them. The State CTO controls those servers. Obviously it takes more than a diploma from Westpoint, oir a Law degree, or $2,000 suits and $100 haircuts to make a computer network safe, but even with the best IT training and experience if you don't know where the land mines are hidden and Microsoft won't tell you, sooner or later you WILL step on one and it will blow you up. Oh, what wasn't mentioned in that news story was the possibility that information on that server might lead to compromises in other servers under the control of the State CTO. Tax information for 1,700,000 state citizens may have already been compromised.
While NO software, including Linux, is 100% safe, Linux has been designed from the ground up to be a secure networking OS. Since the source code is GPL it is open to all for examination and these examinations have revealed holes. The source for proprietary applications is not available to the public for vetting, like FOSS is, so holes are usually found by user reports to AV software companies whose vaccines didn't stop infections that crippled the users Windows installations. Here is where the Linux paradigm differs significantly from Microsoft's -- holes in the Linux kernel or FOSS applications are not kept secret. They are publicly announced, along with proof code which can be used to test subsequent patches. Patches are usually created within hours of the announcement if not at the same time, and the patched software usually appears in the repositories or on download sites very soon thereafter. Linux users aren't treated like mushrooms. So, when I hear about a hole in a FOSS application I use, I, ME, not some unethical corporation, can decide IF I want to continue using that software or refrain from using it until I install the patch. In other words, I can keep my system as safe as humanly possible.
Considering the financial and personal risks, it amazes me that folks continue to choose an OS (including win7) that continues to hang their financial future outdoors on the clothes line, along with their other personal laundry, and even their reputation. I am reminded of the substitute teacher who had her reputation, teaching certificate and finances destroyed because she couldn't stop a classroom computer running Windows from continuing to pop up porn pages on the display. Some JR Hi boys were using the display and from their giggles attracted her attention. She went over to the computer and clicked the "X" on the browser but instead of closing down it popped up more porn pictures. The more she clicked the more pics appeared. Of course, the boys said they weren't browsing porn. She was no computer expert. Neither was the detective who took a one week course in using a Windows "forensic" tool and leaped to all sorts of wild conclusions about his "discoveries" on that PC. The Judge refused to allow a REAL computer forensic expert to testify, and even though folks at Microsoft KNEW about the problem they continued to let her fry in the juices they cooked up with their security paradigm. On appeal she negotiated her way out of prison sentence by giving up her teaching certificate because she could no longer afford to fight the battle. I do not remember if they tacked the "pervert" label on her or not, but things couldn't be any worse for her right now.
Comment