Topic: Microsoft: The Vista Bullying Stops Here  (Read 13211 times)

0 Members and 1 Guest are viewing this topic.

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Microsoft: The Vista Bullying Stops Here
« on: July 11, 2008, 08:43:45 am »
By Rick Whiting, Kevin McLaughlin, ChannelWeb
1:17 PM EDT Tue. Jul. 08, 2008 Windows Vista has been dragged through the mud by the bullies with which it competes, but those bullies are about to get hit with some long overdue retaliation.
That's the message from Brad Brooks, Corporate Vice President of Windows Consumer Products, who in a Tuesday keynote speech at Microsoft (NSDQ:MSFT)'s Worldwide Partner Conference in Houston attempted to swat away the negative mojo around the OS that has built up since its launch.

"There are a lot of myths around Windows Vista. We know the story is very different than what our competitors would like us to think," Brooks told the audience.

In a clear dig at Apple (NSDQ:AAPL) and it's 'I'm a PC, I'm a Mac' advertisements, Brooks suggested that Microsoft is preparing to retaliate against "noisy competitors" with a major new multi-million dollar advertising campaign, something that many channel partners have been hoping the software giant would do for months.

"You thought the sleeping giant was still sleeping. We've woken up and it's time to take this message forward. This is the true story of Vista," Brooks said.

Security is one of the areas in which Vista simply hasn't received its due, Brooks said.

Vista has actually had a cleaner security track record in its first year since launch than any other open source or commercial OS in history, Brooks said. Vista also had 20 percent fewer security problems than XP in 2007, and users running Vista are 60 percent less likely to get malware than those running XP SP2, he added.

"This is the real Vista story, and it's only getting better," said Brooks.

Acknowledging that Vista was a major break from earlier versions of Windows, Brooks said the market is beginning to realize that Microsoft made these changes with their best interests in mind. "Yes, the changes did cause a lot of pain. But customers are starting to see benefits," Brooks said.

Brooks noted that the same architectural changes that caused hardships in Vista are carrying over to Windows 7, which means that users make the transition will already be up to speed when Microsoft launches the next version of Windows sometime in late 2009 or early 2010.

"Make the investment [in Vista] now," Brooks exhorted channel partners. "Because when you make the investment in Windows Vista, you're not only making it in Vista, it's going to pay forward into the next generation of the operating system we call Windows 7."

Compatibility issues in Vista have also been exaggerated, and Microsoft's Windows Vista Compatibility Center, a database that shows the compatibility status of the most Windows popular devices and software products, is aimed at clearing the air on this front, according to Brooks.

Brooks also introduced the Vista Small Business Assurance program, under which Microsoft will offer free support and one-on-one coaching to small businesses.

"Windows Vista is a good product," Brooks told partners. "We need to make our voices heard."

http://www.crn.com/it-channel/208803174
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline Clark Kent

  • Captain
  • *
  • Posts: 6071
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #1 on: July 11, 2008, 09:34:01 am »
Yes, I can see how the company that holds 95% of the OS market would clearly be bullied by their competitors.  Personally, I think Vista isn't that bad, but the issues it has are largely because M$ screwed up on it.  I couldn't tell you how many IT people I know who would rather cut off their right arm rather than own Vista.  90% of the developer market doesn't want to touch it.  Businesses in general don't want to touch it.

Oh yes, i can totally see why people would want to invest in your crappy OS when the refined version is supposed to be out in 2009.   ::)

CK

But tell me, can you heal what father's done?
Or fix this hole in a mother's son?
Can you heal the broken worlds within?
Can you strip away so we may start again?
Tell me, can you heal what father's done?
Or cut this rope and let us run?
Just when all seems fine, and I'm pain free, you jab another pin,
Jab another pin in me
-Metallica

Offline Pestalence_XC

  • "The Terminator"
  • Commander
  • *
  • Posts: 2636
  • Gender: Male
  • "The Terminator" Pestalence_XC, Xenocorp
Re: Microsoft: The Vista Bullying Stops Here
« Reply #2 on: July 11, 2008, 10:26:24 am »
Actually, Microsoft has the Milestone 2 is due out Nov. 2008... Beta 1 release in May to July 2009.. Beta 2 in Sept. to Dec 2009 ... Retail version is set for release between April and Sept. 2010 depending on any last minute fixes to be done.

It is basically going to be Vista SP2 or SP3 .. Requires Vista SP 1 for upgrade.. XP won't be able to upgrade from what I have read.

Plus I don't think XP's hardware will operate on Windows 7 ..

Now Vista based systems or systems downgraded to XP will be able to run the OS.. but you have to have Vista SP 1 installed for an upgrade to Windows 7 to work.. Otherwise you will have to buy a Retail copy.

Upgrading Vista will be just like installing an IT version of a Service Pack.
"You still don't get it, do you?......That's what he does. That's all he does! You can't stop him! It can't be bargained with. It can't be reasoned with. It doesn't feel pity, or remorse, or fear. And it absolutely will not stop, ever, until you are dead!"

Member :
Xenocorp / Dynaverse.net Moderator & Beta Test Team
SFC 4 Project QA Coordinator
Taldren Beta Test Team
14 Degrees East Beta Test Team
Activision Visioneers SFC 3 Beta Test Team

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #3 on: July 11, 2008, 12:57:00 pm »
http://storefrontbacktalk.com/story/071108homa

Former Hannaford CIO: Avoid Microsoft And Change PCI's Encryption Rules
Written by Evan Schuman
July 11, 2008


Bill Homa, who just stepped down July 1 as the CIO for the 165-store Hannaford grocery chain, considers Microsoft's OS to be "so full of holes" and describes the fact that current PCI regs do not require end-to-end encryption as "astonishing."

But Homa's key point is that most retailers handle security backwards: Don't pour everything into protecting the front door. Assume they'll get through and have a plan to control them once they're inside.

One of the most frustrating IT security realities in retail today is the quintessential oxymoron: The more serious the CIO is about keeping data secure and the more sophisticated a defense is deployed, the more points of vulnerability emerge.

For example, an especially risk-averse IT exec might opt for multiple distant off-site backup locations, which only increases the number of potential places and subcontractors that could lose—or maliciously access—those data files. Or security specialists who install a wide range of cutting-edge and redundant security applications may find themselves at the mercy of any crash-causing glitch in any of them.

Consider PCI. The most dedicated PCI program is subject to the whims of a potentially careless assessor, who would also be a potential data leak. Then there's operating system changes for the sysadmin dedicated enough to immediately download and install every patch and security update, only to find that they open more holes. A less aggressive effort might have been spared that pain, as the community identifies the hole before it's installed.

This came to mind as I was chatting the other day with Bill Homa, who on July 1 could say for the first time in 12 years, "Today, I am not the CIO of Hannaford."

PCI-compliant Hannaford was, of course, the victim of an especially large data breach (data from 4.2 million payment cards grabbed).

Homa has become a fan of simplification in battling security. "We used a lot of Linux," Homa said. "None of the breach was anything related to Linux. All of it was Microsoft."

Asked whether he believed that Microsoft is less secure because it's truly less secure software or whether its overwhelming marketshare makes it a cyber thief target, Homa said it was the other way around. Microsoft's marketshare is not what attracts so many attackers. "Microsoft is so full of holes. That's why it's still a target," he said.

Would he counsel other CIOs to avoid Microsoft like the plague? "That's what I'd do. If you limit your exposure to Microsoft, you're going to be in a more secure environment," he said, adding that Microsoft's philosophy is decentralized, forcing IT to manage more points. That means more license fees for Microsoft and more potential security gotchas for the CIO. "Hence, you see my aversion to Microsoft."

As for the oft-repeated song that Hannaford was breached while PCI compliant indicates some sort of a PCI indictment, Homa said it comes down to two things: "Either the standards weren't strong enough or the assessor wasn't doing his job."

He finds particular fault in one aspect of the current PCI standard: "All debit- and credit-card transactions should be encrypted from end to end. That should be the minimum. It's astonishing that isn't the standard of PCI," which only requires encryption when transmitting over a public network such as IP.

The PCI rationale is that private point-to-point networks—such as the one Hannaford uses—are sufficiently secure that they don't need encryption. Homa disagrees. "Nowadays, encryption is not that expensive. And there's no such thing as a secure network," he said. "If you think your network is secure, you're delusional."

Homa has his own strong security strategy, which seems to be a minority view. It's futile, he said, to continually pour resources and time into securing the front door and windows of a house that is being relentlessly attacked by well-financed thieves with plenty of time. Instead of spending so much effort trying to keep the bad guys out, assume they'll get in.

"Most retailers have the philosophy of keeping people out of their network. It's impossible to keep people out of your network. There are bad people out there. How do I limit the damage they can do? If you don't do that, they'll have free reign to do whatever they want."
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #4 on: July 11, 2008, 02:30:39 pm »
Yes, I can see how the company that holds 95% of the OS market would clearly be bullied by their competitors.  Personally, I think Vista isn't that bad, but the issues it has are largely because M$ screwed up on it.  I couldn't tell you how many IT people I know who would rather cut off their right arm rather than own Vista.  90% of the developer market doesn't want to touch it.  Businesses in general don't want to touch it.

Oh yes, i can totally see why people would want to invest in your crappy OS when the refined version is supposed to be out in 2009.   ::)



Beside the devlopers I personally know, the boards I lurk on (www.codeproject.com) express just the opposite sentiment than you assert.

IT peeps. Bah! By nature they hate change. Vista has nothing to little to do with their unwillingness to accept new technologies.
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #5 on: July 11, 2008, 02:35:35 pm »
http://storefrontbacktalk.com/story/071108homa

Former Hannaford CIO: Avoid Microsoft And Change PCI's Encryption Rules
Written by Evan Schuman
July 11, 2008


Bill Homa, who just stepped down July 1 as the CIO for the 165-store Hannaford grocery chain, considers Microsoft's OS to be "so full of holes" and describes the fact that current PCI regs do not require end-to-end encryption as "astonishing."

But Homa's key point is that most retailers handle security backwards: Don't pour everything into protecting the front door. Assume they'll get through and have a plan to control them once they're inside.

One of the most frustrating IT security realities in retail today is the quintessential oxymoron: The more serious the CIO is about keeping data secure and the more sophisticated a defense is deployed, the more points of vulnerability emerge.

For example, an especially risk-averse IT exec might opt for multiple distant off-site backup locations, which only increases the number of potential places and subcontractors that could lose—or maliciously access—those data files. Or security specialists who install a wide range of cutting-edge and redundant security applications may find themselves at the mercy of any crash-causing glitch in any of them.

Consider PCI. The most dedicated PCI program is subject to the whims of a potentially careless assessor, who would also be a potential data leak. Then there's operating system changes for the sysadmin dedicated enough to immediately download and install every patch and security update, only to find that they open more holes. A less aggressive effort might have been spared that pain, as the community identifies the hole before it's installed.

This came to mind as I was chatting the other day with Bill Homa, who on July 1 could say for the first time in 12 years, "Today, I am not the CIO of Hannaford."

PCI-compliant Hannaford was, of course, the victim of an especially large data breach (data from 4.2 million payment cards grabbed).

Homa has become a fan of simplification in battling security. "We used a lot of Linux," Homa said. "None of the breach was anything related to Linux. All of it was Microsoft."

Asked whether he believed that Microsoft is less secure because it's truly less secure software or whether its overwhelming marketshare makes it a cyber thief target, Homa said it was the other way around. Microsoft's marketshare is not what attracts so many attackers. "Microsoft is so full of holes. That's why it's still a target," he said.

Would he counsel other CIOs to avoid Microsoft like the plague? "That's what I'd do. If you limit your exposure to Microsoft, you're going to be in a more secure environment," he said, adding that Microsoft's philosophy is decentralized, forcing IT to manage more points. That means more license fees for Microsoft and more potential security gotchas for the CIO. "Hence, you see my aversion to Microsoft."

As for the oft-repeated song that Hannaford was breached while PCI compliant indicates some sort of a PCI indictment, Homa said it comes down to two things: "Either the standards weren't strong enough or the assessor wasn't doing his job."

He finds particular fault in one aspect of the current PCI standard: "All debit- and credit-card transactions should be encrypted from end to end. That should be the minimum. It's astonishing that isn't the standard of PCI," which only requires encryption when transmitting over a public network such as IP.

The PCI rationale is that private point-to-point networks—such as the one Hannaford uses—are sufficiently secure that they don't need encryption. Homa disagrees. "Nowadays, encryption is not that expensive. And there's no such thing as a secure network," he said. "If you think your network is secure, you're delusional."

Homa has his own strong security strategy, which seems to be a minority view. It's futile, he said, to continually pour resources and time into securing the front door and windows of a house that is being relentlessly attacked by well-financed thieves with plenty of time. Instead of spending so much effort trying to keep the bad guys out, assume they'll get in.

"Most retailers have the philosophy of keeping people out of their network. It's impossible to keep people out of your network. There are bad people out there. How do I limit the damage they can do? If you don't do that, they'll have free reign to do whatever they want."


And this has what to do what with Vista?
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline Dash Jones

  • Sub-Commander of the Dark Side
  • Captain
  • *
  • Posts: 6477
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #6 on: July 12, 2008, 09:15:21 am »
By Rick Whiting, Kevin McLaughlin, ChannelWeb
1:17 PM EDT Tue. Jul. 08, 2008 Windows Vista has been dragged through the mud by the bullies with which it competes, but those bullies are about to get hit with some long overdue retaliation.
That's the message from Brad Brooks, Corporate Vice President of Windows Consumer Products, who in a Tuesday keynote speech at Microsoft (NSDQ:MSFT)'s Worldwide Partner Conference in Houston attempted to swat away the negative mojo around the OS that has built up since its launch.

"There are a lot of myths around Windows Vista. We know the story is very different than what our competitors would like us to think," Brooks told the audience.

In a clear dig at Apple (NSDQ:AAPL) and it's 'I'm a PC, I'm a Mac' advertisements, Brooks suggested that Microsoft is preparing to retaliate against "noisy competitors" with a major new multi-million dollar advertising campaign, something that many channel partners have been hoping the software giant would do for months.

"You thought the sleeping giant was still sleeping. We've woken up and it's time to take this message forward. This is the true story of Vista," Brooks said.

Security is one of the areas in which Vista simply hasn't received its due, Brooks said.

Vista has actually had a cleaner security track record in its first year since launch than any other open source or commercial OS in history, Brooks said. Vista also had 20 percent fewer security problems than XP in 2007, and users running Vista are 60 percent less likely to get malware than those running XP SP2, he added.

"This is the real Vista story, and it's only getting better," said Brooks.

Acknowledging that Vista was a major break from earlier versions of Windows, Brooks said the market is beginning to realize that Microsoft made these changes with their best interests in mind. "Yes, the changes did cause a lot of pain. But customers are starting to see benefits," Brooks said.

Brooks noted that the same architectural changes that caused hardships in Vista are carrying over to Windows 7, which means that users make the transition will already be up to speed when Microsoft launches the next version of Windows sometime in late 2009 or early 2010.

"Make the investment [in Vista] now," Brooks exhorted channel partners. "Because when you make the investment in Windows Vista, you're not only making it in Vista, it's going to pay forward into the next generation of the operating system we call Windows 7."

Compatibility issues in Vista have also been exaggerated, and Microsoft's Windows Vista Compatibility Center, a database that shows the compatibility status of the most Windows popular devices and software products, is aimed at clearing the air on this front, according to Brooks.

Brooks also introduced the Vista Small Business Assurance program, under which Microsoft will offer free support and one-on-one coaching to small businesses.

"Windows Vista is a good product," Brooks told partners. "We need to make our voices heard."

http://www.crn.com/it-channel/208803174


The problem is it isn't Apple that's the MS Bully...

It's EVERYONE (or a LOT) of those who got Vista that are giving it a bad rap.  In fact, I haven't heard that much from Apple, what I HAVE heard is from just about every business that I know that has changed over, including one that lauded Vista when it first came out, and told me how great it was and how easy it ran their programs.  Ironically, two weeks ago they informed me that Vista was making their electronic portion go caput, and they were having to switch out (at their own expense) to something other then Vista ASAP.

So what's MS going to do...start criticisizing their buyers for having a terrible time with Vista, because it's word of mouth that's making many avoid it as much as possible.  Yeah, that'll work great...

I got a better idea for MS...make a better OS and stop relying on what has previously been almost a monopoly to bully the people who may or may not buy your products.
"All hominins are hominids, but not all hominids are hominins."


"Is this a Christian perspective?

Now where in the Bible does it say if someone does something stupid you should shoot them in the face?"

-------

We have whale farms in Jersey.   They're called McDonald's.

There is no "I" in team. There are two "I"s in Vin Diesel. screw you, team.

Offline marstone

  • Because I can
  • Commander
  • *
  • Posts: 3014
  • Gender: Male
  • G.E.C.K. - The best kit to have
    • Ramblings on the Q3, blog
Re: Microsoft: The Vista Bullying Stops Here
« Reply #7 on: July 12, 2008, 10:21:55 am »
Brooks noted that the same architectural changes that caused hardships in Vista are carrying over to Windows 7, which means that users make the transition will already be up to speed when Microsoft launches the next version of Windows sometime in late 2009 or early 2010.

This is what bothers me about MS, the next version of windows due out in 2009 or early 2010.  They are always looking to pad their pocketbook.  Finish fixing at least one operating system sometime.

Heck if they keep puting out new operating systems at this rate I can skip probably 2 or 3 versions before I buy my next PC.
The smell of printer ink in the morning,
Tis the smell of programming.

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13067
Re: Microsoft: The Vista Bullying Stops Here
« Reply #8 on: July 12, 2008, 10:23:07 am »
Quote
Windows Vista has been dragged through the mud by the bullies with which it competes, but those bullies are about to get hit with some long overdue retaliation.

Just who is it that is big enough or powerful enough to bully the Microsoft 800lb Gorilla?  I can't think of any Microsoft competitors with the size and strength to directly bully them. 

Quote
"There are a lot of myths around Windows Vista. We know the story is very different than what our competitors would like us to think," Brooks told the audience.

In a clear dig at Apple (NSDQ:AAPL) and it's 'I'm a PC, I'm a Mac' advertisements, Brooks suggested that Microsoft is preparing to retaliate against "noisy competitors" with a major new multi-million dollar advertising campaign, something that many channel partners have been hoping the software giant would do for months.

If Apple or anyone is spreading lies or misinformation why hasn't Microsoft long since brought in the lawyers?  If they can demonstrate who is spreading lies and what the lies are then I for one will be cheering them on in winning the lawsuits.

Microsoft should also look at their own past and make sure they don't continue such actions of their own.  Some of us remember the misrepresentations in the Microsoft "Get the Facts campaign" and how they told Novells network customers that they should switch to Microsoft as they didn't know how much longer Novell would be in the networking business (they lost a lawsuit over that one).

With Microsofts history of bullying, "Knife the baby", "Cut off their air supply", "whack Dell" and so on and so forth maybe Microsoft is due for some bullying though I still don't see who has the power to do it and wouldn't approve of it in any case.  Who has that power?  Who is "knifing" Microsofts "baby"?  Who is "cutting off their air supply"?  Who is "whacking" them?  Who and how is what I would like to know and I don't see any clear examples in the article.
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."

Offline marstone

  • Because I can
  • Commander
  • *
  • Posts: 3014
  • Gender: Male
  • G.E.C.K. - The best kit to have
    • Ramblings on the Q3, blog
Re: Microsoft: The Vista Bullying Stops Here
« Reply #9 on: July 12, 2008, 10:35:51 am »
Smoke and mirrors my man, smoke and mirrors.  It's that vast right wing conspiracy going after MS now, (since MS Clinton is on the sidelines they need something to do).
The smell of printer ink in the morning,
Tis the smell of programming.

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #10 on: July 12, 2008, 10:45:09 am »
Brooks noted that the same architectural changes that caused hardships in Vista are carrying over to Windows 7, which means that users make the transition will already be up to speed when Microsoft launches the next version of Windows sometime in late 2009 or early 2010.

This is what bothers me about MS, the next version of windows due out in 2009 or early 2010.  They are always looking to pad their pocketbook.  Finish fixing at least one operating system sometime.

Heck if they keep puting out new operating systems at this rate I can skip probably 2 or 3 versions before I buy my next PC.

You could, and when you think about it, isn't that cool?
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13067
Re: Microsoft: The Vista Bullying Stops Here
« Reply #11 on: July 12, 2008, 11:08:15 am »
Smoke and mirrors my man, smoke and mirrors.  It's that vast right wing conspiracy going after MS now, (since MS Clinton is on the sidelines they need something to do).

:police: Lets try and keep the political stuff in Hot and Spicy please.   :police:
 :police: Right wing / Left wing doesn't matter. keep it in the appropriate forum  :police:
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13067
Re: Microsoft: The Vista Bullying Stops Here
« Reply #12 on: July 12, 2008, 04:33:26 pm »
Quote
So Bill Gates says to the Devil, "You mean I have to spend Eternity down here using Vista? Can't we just cut to the fire and brimstone?

To which the Devil replies, "Actually you don't have to spend Eternity down here. All you have to do is install Linux on your Vista machine and you can go to Heaven."

"No sweat, I'll be out of here in 20 minutes."

"But there's a catch," says the Devil with a grin.

"Catch? What catch?"

"You have to download and burn your own Linux install CD using only the tools that come with Vista".

:angel:
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #13 on: July 12, 2008, 06:30:10 pm »

And this has what to do what with Vista?


It's an excellent illustration of what can happen to you when you literally bet the life of your company on Microsoft's ability to deliver a secure product.  Of all the merits of Visa, Microsoft focusing on security is just plain dumb, to the point of being laughable.  They can't even secure their server products.
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline Pestalence_XC

  • "The Terminator"
  • Commander
  • *
  • Posts: 2636
  • Gender: Male
  • "The Terminator" Pestalence_XC, Xenocorp
Re: Microsoft: The Vista Bullying Stops Here
« Reply #14 on: July 12, 2008, 06:49:37 pm »
Well at the last OS hackers convention.. OS X for MAC and most Linux lines were wiped out the first day of a 3 day event.. leaving only Vista and Ubuntu .. Due to the makers of Adobe Flash Player and several other people helping, a flaw was discovered in Adobe Flash Player that allowed back door access into Vista (which Adobe fixed 2 days later) and Unbuntu won as being the most secure OS.. Vista was second only because many people (not the hacker by himself) broke in to it.. Ubuntu hacker recieved no help, but I am sure a Vunerability would have been found if he had the same amount of help that the Vista hacker had.


BTW :

The Top 5 Most Overlooked Open Source Vulnerabilities for 2007
For year-end 2007, we have compiled the Top 5 Most Overlooked Open Source Vulnerabilities encountered during 2007. We came up with this list after reviewing over 300 million lines of code and spending literally thousands of hours of analysis across a wide range of industries - including technology, financial services and government, among others.

So what do we mean by "Most Overlooked"? Well first, we mean that these are known vulnerabilities with a high-severity, Common Vulnerability and Exposure, (CVE) ranking found within open source projects that appear in code audits we perform. Secondly, and perhaps even more importantly, these vulnerabilities were found throughout 2007 in some of the most frequently used open source projects that customers did not realize they had.

It's sometimes dangerous to publish a list like this because it can so easily be taken out of context. Let me first stress that open source software is NOT any more vulnerable than commercial software - some folks even point to evidence that it's less vulnerable. The majority of open source projects provide a patched version for issues within hours of discovery.

What does put people at risk, however, is if you don't know that you're using open source components at all. When that's the case, as it so often is, then how can you retrieve the updated versions? When you don't have a system in place to to alert you to available patches or security issues, you put yourself at risk for introducing security vulnerabilities into your organization's code base

So here's our Top 5 Most Overlooked Open Source Vulnerabilities for 2007 in alphabetical order:

1. APACHE GERONIMO : CVE-2007-4548

PROJECT DESCRIPTION: A free software application server developed by the Apache Software Foundation

VULNERABILITY DESCRIPTION: The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.

PATCH INFORMATION: https://issues.apache.org/jira/secure/attachment/12363723/GERONIMO-3404.patch

2. JBOSS APPLICATION SERVER : CVE-2006-5750

PROJECT DESCRIPTION: JBoss Application Server (or JBoss AS) is a free software / open source Java EE-based application server.

VULNERABILITY DESCRIPTION: Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.

PATCH INFORMATION:http://jira.jboss.com/jira/browse/ASPATCH-126

3. LIBTIFF : CVE-2006-3464

PROJECT DESCRIPTION: (Library for reading and writing Tagged Image File Format) (abbreviated TIFF) files. The set also contains command line tools for processing TIFF's. It is distributed in source code and can be found (on the internet) as binary builds for all kinds of platforms. LibTiff is embedded multiple Linux distributions.

VULNERABILITY INFORMATION:
TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".

PATCH INFORMATION: http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz

4. NET-SNMP : CVE-2005-4837

PROJECT DESCRIPTION: Net-SNMP is a suite of software for using and deploying the SNMP protocol (v1, v2c and v3 and the AgentX subagent protocol).

VULNERABILITY INFORMATION: snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.

PATCH INFORMATION: http://downloads.sourceforge.net/net-snmp/net-snmp-5.4.1.zip?modtime=1185535864&big_mirror=1.
This issue has been addressed in the following (and later) versions: 5.1.3, 5.2.2, 5.3

5. ZLIB : CVE-2005-2096

PROJECT DESCRIPTION: Zlib is a software library used for data compression. zlib was written by Jean-loup Gailly and Mark Adler and is an abstraction of the DEFLATE compression algorithm used in their gzip file compression program.

VULNERABILITY INFORMATION: zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

PATCH INFORMATION: Upgrade to version 1.2.3. http://www.zlib.net/zlib-1.2.3.tar.gz

Vulnerabilities do NOT mean that you should avoid using these popular projects. To the contrary, the quick response and patch availability indicates that these are active projects which consider vulnerabilities a serious issue. Take these projects up on their hard work - and make sure you're using the latest stable version.

We're interested in what your versions of the Top Most Overlooked Open Source Vulnerabilities might be!

- Theresa Bui Friday



The list is partly a promotion of Palamida's Vulnerability Reporting Solution, which recently added 431 security alerts based on National Vulnerability Database listings. However, the list is also designed to draw attention to the lax practices surrounding the use of open source software in business, according to Theresa Bui, co-founder and vice president of marketing at Palamida.

To be precise, the vulnerabilities on the list are based on Palamida's audits of its clients. These audits vary from scans of a few hundred megabytes of code to hundreds of gigabytes in a company's complete software infrastructure. The list summarizes the results of scanning 3-5 million lines of code, representing a minimum of 30% of the software that Palamida scanned for clients, and, more often, at least 50%.

"We collect information on the most popularly used open source projects and versions," Bui says. But, although Palamida's database lists some 884,000 projects and versions, it is unlikely to be complete.



The top 10 vulnerabilities
Palamida provided Linux.com with a spreadsheet ( http://spreadsheets.google.com/pub?key=pzYJf2KSNyF17rP6mA-h0dA ) listing the software affected, what it does, the nature of the vulnerabilities, and the patches and updates that correct the problems. The applications affected include versions of Apache Geronimo and Apache Struts, JBoss Application Server, OpenSSH and Open SSL, and common libraries such as Libpng, LibTiff, and Zlib.

All these vulnerabilities have patches or later versions of the software, Bui stresses. The trouble is that many companies are not aware of the patches and updates -- nor, much of the time, even that they are using the software. Increasingly, the vulnerabilities are not in a company's infrastructure, or on users' desktops, but in the code that the companies are shipping.



For those that think that Linux has no security Vulnerabilities.. Here is Linux pride and Joy Ubuntu Vunerability

http://www.linuxsecurity.com/content/view/138787?rdf

How many fixes do you have to do? and recompile the OS or Kernel?



wow.. I'm glad Windows is here.. all I have to do is download an update.


I guess MS is not the only ones with security problems then, eh?
"You still don't get it, do you?......That's what he does. That's all he does! You can't stop him! It can't be bargained with. It can't be reasoned with. It doesn't feel pity, or remorse, or fear. And it absolutely will not stop, ever, until you are dead!"

Member :
Xenocorp / Dynaverse.net Moderator & Beta Test Team
SFC 4 Project QA Coordinator
Taldren Beta Test Team
14 Degrees East Beta Test Team
Activision Visioneers SFC 3 Beta Test Team

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #15 on: July 12, 2008, 07:16:38 pm »
But they're the ones using security for a marketing campaing.  Vista is a decent OS, but Microsoft isn't ready to run an ad campaign on security and be taken seriously.
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #16 on: July 12, 2008, 07:26:54 pm »
But they're the ones using security for a marketing campaing.  Vista is a decent OS, but Microsoft isn't ready to run an ad campaign on security and be taken seriously.

Which is so ironic when most of the problems that users complain about are related to the increased security features of Vista.
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #17 on: July 12, 2008, 07:53:16 pm »

And this has what to do what with Vista?


It's an excellent illustration of what can happen to you when you literally bet the life of your company on Microsoft's ability to deliver a secure product.  Of all the merits of Visa, Microsoft focusing on security is just plain dumb, to the point of being laughable.  They can't even secure their server products.

I guess this mean you consider the new sandboxing feature of WinServer08 and Vista worthless?
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #18 on: July 12, 2008, 08:11:10 pm »

And this has what to do what with Vista?


It's an excellent illustration of what can happen to you when you literally bet the life of your company on Microsoft's ability to deliver a secure product.  Of all the merits of Visa, Microsoft focusing on security is just plain dumb, to the point of being laughable.  They can't even secure their server products.

I guess this mean you consider the new sandboxing feature of WinServer08 and Vista worthless?


I don't care if it's an IBM mainframe, a sandbox is an infrasturcture partition, not an OS or logical one.  I realize it'll save smaller companies money, but from a PII perspective, I think it'll cause more problems than it will solve.

How do you think a sandbox would fit into a trusted computing model?  especially in an environment where trusted is defined at a circuit level?

Microsoft products don't rate above C1 on the Trusted Computing scale, so perhaps it's the definition of security that is at issue. 
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline marstone

  • Because I can
  • Commander
  • *
  • Posts: 3014
  • Gender: Male
  • G.E.C.K. - The best kit to have
    • Ramblings on the Q3, blog
Re: Microsoft: The Vista Bullying Stops Here
« Reply #19 on: July 12, 2008, 08:13:41 pm »
Smoke and mirrors my man, smoke and mirrors.  It's that vast right wing conspiracy going after MS now, (since MS Clinton is on the sidelines they need something to do).

:police: Lets try and keep the political stuff in Hot and Spicy please.   :police:
 :police: Right wing / Left wing doesn't matter. keep it in the appropriate forum  :police:

OG, it was a slight joke.  Sorry.  Shall not ever do it again.  :-X
The smell of printer ink in the morning,
Tis the smell of programming.

Offline Centurus

  • Old Mad Man Making Ship Again....Kinda?
  • Captain
  • *
  • Posts: 8505
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #20 on: July 12, 2008, 08:53:05 pm »
Smoke and mirrors my man, smoke and mirrors.  It's that vast right wing conspiracy going after MS now, (since MS Clinton is on the sidelines they need something to do).

:police: Lets try and keep the political stuff in Hot and Spicy please.   :police:
 :police: Right wing / Left wing doesn't matter. keep it in the appropriate forum  :police:

OG, it was a slight joke.  Sorry.  Shall not ever do it again.  :-X

You gotta do it in a fashion that's witty, hip, insane, and completely and permanently destroys any and all credibility to your sanity and mental stability.

You gotta say, "It's a conspiracy man!!!  Just like the gremlins that steal my socks from the dryer.  The sock industry is in league with the gremlins to make more money.  But, at the very least they recycle my socks by washing them up and selling them again."

*takes a bow and farts and grabs a gas mask*
The pen is truly mightier than the sword.  And considerably easier to write with.

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #21 on: July 12, 2008, 09:13:08 pm »

And this has what to do what with Vista?


It's an excellent illustration of what can happen to you when you literally bet the life of your company on Microsoft's ability to deliver a secure product.  Of all the merits of Visa, Microsoft focusing on security is just plain dumb, to the point of being laughable.  They can't even secure their server products.

I guess this mean you consider the new sandboxing feature of WinServer08 and Vista worthless?


I don't care if it's an IBM mainframe, a sandbox is an infrasturcture partition, not an OS or logical one.  I realize it'll save smaller companies money, but from a PII perspective, I think it'll cause more problems than it will solve.

How do you think a sandbox would fit into a trusted computing model?  especially in an environment where trusted is defined at a circuit level?

Microsoft products don't rate above C1 on the Trusted Computing scale, so perhaps it's the definition of security that is at issue. 

In the WinServer08/Vista instance they've extended the concept to a network level.

Can you drop me a link on who is determining the C1 scale? I'd like to read how they are testing and what criteria they're using...you know, the usual BS.

Microsoft is as good as most of the rest of them for keeping the casual hacker out of your machine and keeping you from joining a zombie network (they all suck, IMHO).  It is not, however, the OS of choice for securing highly sensitive data.

« Last Edit: July 12, 2008, 09:35:36 pm by Dracho »
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #22 on: July 12, 2008, 09:33:45 pm »

And this has what to do what with Vista?



It's an excellent illustration of what can happen to you when you literally bet the life of your company on Microsoft's ability to deliver a secure product.  Of all the merits of Visa, Microsoft focusing on security is just plain dumb, to the point of being laughable.  They can't even secure their server products.


I guess this mean you consider the new sandboxing feature of WinServer08 and Vista worthless?



I don't care if it's an IBM mainframe, a sandbox is an infrasturcture partition, not an OS or logical one.  I realize it'll save smaller companies money, but from a PII perspective, I think it'll cause more problems than it will solve.

How do you think a sandbox would fit into a trusted computing model?  especially in an environment where trusted is defined at a circuit level?

Microsoft products don't rate above C1 on the Trusted Computing scale, so perhaps it's the definition of security that is at issue. 


In the WinServer08/Vista instance they've extended the concept to a network level.

Can you drop me a link on who is determining the C1 scale? I'd like to read how they are testing and what criteria they're using...you know, the usual BS.




http://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria

http://en.wikipedia.org/wiki/Common_Criteria


You could maybe make a case that MS is B1, but it's unlikely.  Also, I misspoke, Server is C2 not C1.

Divisions and Classes
The TCSEC defines four divisions: D, C, B and A where division A has the highest security. Each division represents a significant difference in the trust an individual or organization can place on the evaluated system. Additionally divisions C, B and A are broken into a series of hierarchical subdivisions called classes: C1, C2, B1, B2, B3 and A1.

Each division and class expands or modifies as indicated the requirements of the immediately prior division or class.


[edit] D — Minimal Protection
Reserved for those systems that have been evaluated but that fail to meet the requirements for a higher division.

[edit] C — Discretionary Protection
C1 — Discretionary Security Protection
Separation of users and data
Discretionary Access Control (DAC) capable of enforcing access limitations on an individual basis
C2 — Controlled Access Protection
More finely grained DAC
Individual accountability through login procedures
Audit trails
Resource isolation
Required System Documentation and user manuals.

[edit] B — Mandatory Protection
B1 — Labeled Security Protection
Informal statement of the security policy model
Data sensitivity labels
Mandatory Access Control (MAC) over select subjects and objects
Label exportation capabilities
All discovered flaws must be removed or otherwise mitigated
B2 — Structured Protection
Security policy model clearly defined and formally documented
DAC and MAC enforcement extended to all subjects and objects
Covert storage channels are analyzed for occurrence and bandwidth
Carefully structured into protection-critical and non-protection-critical elements
Design and implementation enable more comprehensive testing and review
Authentication mechanisms are strengthened
Trusted facility management is provided with administrator and operator segregation
Strict configuration management controls are imposed
B3 — Security Domains
Satisfies reference monitor requirements
Structured to exclude code not essential to security policy enforcement
Significant system engineering directed toward minimizing complexity
A security administrator is supported
Audit security-relevant events
Automated imminent intrusion detection, notification, and response
Trusted system recovery procedures
Covert timing channels are analyzed for occurrence and bandwidth
An example of such a system is the XTS-300, a precursor to the XTS-400

[edit] A — Verified Protection
A1 — Verified Design
Functionally identical to B3
Formal design and verification techniques including a formal top-level specification
Formal management and distribution procedures
An example of such a system is SCOMP, a precursor to the XTS-400
Beyond A1
System Architecture demonstrates that the requirements of self-protection and completeness for reference monitors have been implemented in the Trusted Computing Base (TCB).
Security Testing automatically generates test-case from the formal top-level specification or formal lower-level specifications.
Formal Specification and Verification is where the TCB is verified down to the source code level, using formal verification methods where feasible.
Trusted Design Environment is where the TCB is designed in a trusted facility with only trusted (cleared) personnel.
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline marstone

  • Because I can
  • Commander
  • *
  • Posts: 3014
  • Gender: Male
  • G.E.C.K. - The best kit to have
    • Ramblings on the Q3, blog
Re: Microsoft: The Vista Bullying Stops Here
« Reply #23 on: July 12, 2008, 09:36:07 pm »
Smoke and mirrors my man, smoke and mirrors.  It's that vast right wing conspiracy going after MS now, (since MS Clinton is on the sidelines they need something to do).

:police: Lets try and keep the political stuff in Hot and Spicy please.   :police:
 :police: Right wing / Left wing doesn't matter. keep it in the appropriate forum  :police:

OG, it was a slight joke.  Sorry.  Shall not ever do it again.  :-X

You gotta do it in a fashion that's witty, hip, insane, and completely and permanently destroys any and all credibility to your sanity and mental stability.

You gotta say, "It's a conspiracy man!!!  Just like the gremlins that steal my socks from the dryer.  The sock industry is in league with the gremlins to make more money.  But, at the very least they recycle my socks by washing them up and selling them again."

*takes a bow and farts and grabs a gas mask*

Yeah, I know.  But heck I have been seeing a political endorsement for the last long time on a signature, figures alittle joke couldn't hurt.  

Hmm, been chewed out for commenting on a post because the thought wasn't finished even tho the post was done.  Chewed out over a few other little things.  Guess I go back to reading for the most part.
The smell of printer ink in the morning,
Tis the smell of programming.

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13067
Re: Microsoft: The Vista Bullying Stops Here
« Reply #24 on: July 13, 2008, 12:59:41 am »
Yeah, I know.  But heck I have been seeing a political endorsement for the last long time on a signature, figures alittle joke couldn't hurt. 

Hmm, been chewed out for commenting on a post because the thought wasn't finished even tho the post was done.  Chewed out over a few other little things.  Guess I go back to reading for the most part.

It was not intended as a "chewing out" but as a reminder, not just to you but to those who followed after you.  If I was to intend a chewing out it would be in a PM that went along with what was intended to be a polite reminder.  That didn't happen and no "chewing out" was intended, nor is one intended now.

Signatures are something else, they are not a part of the discussion itself and thereby don't fall under the same rules (unless they go TOO far).  Myself I would prefer less in the way of partisan politics and religion in the signatures but so far they are allowable by the rules.

Recently I have had to move threads that belonged in THIS forum to Hot and Spicy because people brought in irrelevant  to the discussion politics or religion.  Moving it like that makes it inaccessible to some people, even at times the original author of the thread (which has happened).  As a result of certain peoples (not you) repeated moving of topics towards unsuitable to Engineering discussions I have had to be more active at policing that type of comment to enable Engineering appropriate discussions to stay here where they belong.  Fire a warning shot if you will before they become actual rules violations that need to be dealt with.

Myself I'm politically centrist and found your joke mildiy amusing but I know from experience that some one would  take it seriously and the thread would end up transferred to Hot and Spicy so I chose to "nip it in the bud" so it wouldn't blossom into something that needed transplanting.   To nip it before it was a problem.
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #25 on: July 13, 2008, 08:53:24 am »

And this has what to do what with Vista?



It's an excellent illustration of what can happen to you when you literally bet the life of your company on Microsoft's ability to deliver a secure product.  Of all the merits of Visa, Microsoft focusing on security is just plain dumb, to the point of being laughable.  They can't even secure their server products.


I guess this mean you consider the new sandboxing feature of WinServer08 and Vista worthless?



I don't care if it's an IBM mainframe, a sandbox is an infrasturcture partition, not an OS or logical one.  I realize it'll save smaller companies money, but from a PII perspective, I think it'll cause more problems than it will solve.

How do you think a sandbox would fit into a trusted computing model?  especially in an environment where trusted is defined at a circuit level?

Microsoft products don't rate above C1 on the Trusted Computing scale, so perhaps it's the definition of security that is at issue. 


In the WinServer08/Vista instance they've extended the concept to a network level.

Can you drop me a link on who is determining the C1 scale? I'd like to read how they are testing and what criteria they're using...you know, the usual BS.




http://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria

http://en.wikipedia.org/wiki/Common_Criteria


You could maybe make a case that MS is B1, but it's unlikely.  Also, I misspoke, Server is C2 not C1.

Divisions and Classes
The TCSEC defines four divisions: D, C, B and A where division A has the highest security. Each division represents a significant difference in the trust an individual or organization can place on the evaluated system. Additionally divisions C, B and A are broken into a series of hierarchical subdivisions called classes: C1, C2, B1, B2, B3 and A1.

Each division and class expands or modifies as indicated the requirements of the immediately prior division or class.


[edit] D — Minimal Protection
Reserved for those systems that have been evaluated but that fail to meet the requirements for a higher division.

[edit] C — Discretionary Protection
C1 — Discretionary Security Protection
Separation of users and data
Discretionary Access Control (DAC) capable of enforcing access limitations on an individual basis
C2 — Controlled Access Protection
More finely grained DAC
Individual accountability through login procedures
Audit trails
Resource isolation
Required System Documentation and user manuals.

[edit] B — Mandatory Protection
B1 — Labeled Security Protection
Informal statement of the security policy model
Data sensitivity labels
Mandatory Access Control (MAC) over select subjects and objects
Label exportation capabilities
All discovered flaws must be removed or otherwise mitigated
B2 — Structured Protection
Security policy model clearly defined and formally documented
DAC and MAC enforcement extended to all subjects and objects
Covert storage channels are analyzed for occurrence and bandwidth
Carefully structured into protection-critical and non-protection-critical elements
Design and implementation enable more comprehensive testing and review
Authentication mechanisms are strengthened
Trusted facility management is provided with administrator and operator segregation
Strict configuration management controls are imposed
B3 — Security Domains
Satisfies reference monitor requirements
Structured to exclude code not essential to security policy enforcement
Significant system engineering directed toward minimizing complexity
A security administrator is supported
Audit security-relevant events
Automated imminent intrusion detection, notification, and response
Trusted system recovery procedures
Covert timing channels are analyzed for occurrence and bandwidth
An example of such a system is the XTS-300, a precursor to the XTS-400

[edit] A — Verified Protection
A1 — Verified Design
Functionally identical to B3
Formal design and verification techniques including a formal top-level specification
Formal management and distribution procedures
An example of such a system is SCOMP, a precursor to the XTS-400
Beyond A1
System Architecture demonstrates that the requirements of self-protection and completeness for reference monitors have been implemented in the Trusted Computing Base (TCB).
Security Testing automatically generates test-case from the formal top-level specification or formal lower-level specifications.
Formal Specification and Verification is where the TCB is verified down to the source code level, using formal verification methods where feasible.
Trusted Design Environment is where the TCB is designed in a trusted facility with only trusted (cleared) personnel.



I read through the material and I do not find anywhere in where the DoD rate all of Microsft at a C1 or C2.
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #26 on: July 13, 2008, 10:36:05 am »


I read through the material and I do not find anywhere in where the DoD rate all of Microsft at a C1 or C2.

In order to rate a B2, for example, a system (this rating is applied to hardware as well as software) would need to be able to perform covert channel analysis.  MS doesn't do that, so it can't fufuill the requirement of the label.  TCSEC and the Commonon Criteria (uses a 1-7 scale with 7 being the most secure, and is making its way into the ITSEC ISO) are evaulation processes, not evaulations in and of themselves.  You have to do the analysys yourself based on the security requirements put forth by the data owner.

I think you and I are meaning something different when we say "security".  Working in the financial processing world, "security" to me (and in the article I posted) falls much closer to the DOD model than what I would term as "casual security".  MS is ok at casual security (in that it is not much worse than anyone else), but it falls way short in financial systems.  For instance, most of my heavy work is done on an IBM mainframe with RAC-F. We had as very heated discussion on whether RAC-F was sufficient, or we needed to use Top Secret.  Microsoft never gets closer to my credit card data than generating reports from an SQL database that has had the card numbers masked before arrival.  Also, our POS (Point-of-sale) systems (cash registers, basically) use embedded XP.  One system has been found to be storing track data in violation of PCI, and another has had 15 security patches in 13 months.  3 others have been "sunsetted" by the vendor and are being replaced by Linux systems.

Also, watching the infrastructure guys use TCSEC can be.. amusing. For instance, in a quad-processor system the bus from processors 12&3 travels through processor 0, so processor 0 can be trusted, but 1,2&3 cannot because a compromise of 0 would invalidate their security assumptions.  Therefore, certain processing jobs must use an affinity for processor 0.
« Last Edit: July 13, 2008, 10:56:10 am by Dracho »
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13067
Re: Microsoft: The Vista Bullying Stops Here
« Reply #27 on: July 13, 2008, 11:03:24 am »
Now that Bill Gates won't be around as much Steve Ballmers secret plans for Redmond have been revealed.
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #28 on: July 13, 2008, 11:22:47 am »
Quote
Microsoft never gets closer to my credit card data than generating reports from an SQL database that has had the card numbers masked before arrival. 


It should be, but as in the case of TJMAX proper protocol were not followed and your CC information as well as PINs were broadcasted unencrypted from the POS to a server in the manager's office.

I am curios though, I wonder how many of the companies listed at this link complied with the DoD requirements: http://attrition.org/dataloss/
I'm pretty confident a number of them used other OS than MS technologies.
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #29 on: July 13, 2008, 08:47:14 pm »
Oh, probably almost none of them.  It's the classic "ease of operations" vs. "adequate" security conflict.  "adequate" security almost never happens until some breach event occurs and your replacement implements it.
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline Centurus

  • Old Mad Man Making Ship Again....Kinda?
  • Captain
  • *
  • Posts: 8505
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #30 on: July 13, 2008, 09:20:39 pm »
Smoke and mirrors my man, smoke and mirrors.  It's that vast right wing conspiracy going after MS now, (since MS Clinton is on the sidelines they need something to do).

:police: Lets try and keep the political stuff in Hot and Spicy please.   :police:
 :police: Right wing / Left wing doesn't matter. keep it in the appropriate forum  :police:

OG, it was a slight joke.  Sorry.  Shall not ever do it again.  :-X

You gotta do it in a fashion that's witty, hip, insane, and completely and permanently destroys any and all credibility to your sanity and mental stability.

You gotta say, "It's a conspiracy man!!!  Just like the gremlins that steal my socks from the dryer.  The sock industry is in league with the gremlins to make more money.  But, at the very least they recycle my socks by washing them up and selling them again."

*takes a bow and farts and grabs a gas mask*

Yeah, I know.  But heck I have been seeing a political endorsement for the last long time on a signature, figures alittle joke couldn't hurt.  

Hmm, been chewed out for commenting on a post because the thought wasn't finished even tho the post was done.  Chewed out over a few other little things.  Guess I go back to reading for the most part.

Could have been worse.  You could have been a giant piece of bubble gum.  Then not only would he have chewed you, but also blown bubbles that pop.

*misses bubble gum*
The pen is truly mightier than the sword.  And considerably easier to write with.

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #31 on: July 14, 2008, 08:47:38 am »
Toasty,

I'll bet you those organizations all have something else in common too, even more important than putting the wrong OS in the wrong role:  I'll wager you the majority of them took their security recommendations from the same people / organization responsible for operation readiness of their IT environments.  Operational readiness always trumps security, and admins will think up the most convoluted logical constructs to justify doing something the way that makes it easier for them, rather than IAW security best practices.

I also see a lot of names on that list where someone lost a laptop full of unencrypted data, so... well, we could have a long debate about whether or not the laptop OS should be part of the discussion.  Personally, I blame it on lack of disk level encryption, and specifically encryption not dependent upon the OS user credentials or Active Directory for authentication.
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13067
Re: Microsoft: The Vista Bullying Stops Here
« Reply #32 on: July 14, 2008, 09:50:08 am »
Link to full article

Quote
According to a study of 106 major U.S. airports and 800 business travelers published by the Ponemon Institute and Dell Computer, about 12,000 laptops are lost in airports each week. Only 30 percent of travelers ever recover the lost devices. Nearly half of the travelers say their laptops contain customer data or confidential business information.

The report offers a very different view from sources that collect breach disclosure information, such as Attrition.org, where only a few companies disclose laptop thefts each week. Many employees are embarrassed to report the loss of a laptop, and many companies don't report them, experts say.

"It’s staggering to learn that up to 600,000 laptops are lost in U.S. airports annually, many containing sensitive information that companies must account for," said Larry Ponemon, chairman and founder of the Ponemon Institute. "IT departments must re-evaluate the steps they’re taking to protect mobile professionals, the laptops they carry, and company data stored on mobile devices."


No wonder the laptop business does so well.

Each of these laptops is potentially a security breach. 
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."

Offline Clark Kent

  • Captain
  • *
  • Posts: 6071
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #33 on: July 14, 2008, 10:47:25 am »
Yes, I can see how the company that holds 95% of the OS market would clearly be bullied by their competitors.  Personally, I think Vista isn't that bad, but the issues it has are largely because M$ screwed up on it.  I couldn't tell you how many IT people I know who would rather cut off their right arm rather than own Vista.  90% of the developer market doesn't want to touch it.  Businesses in general don't want to touch it.

Oh yes, i can totally see why people would want to invest in your crappy OS when the refined version is supposed to be out in 2009.   ::)



Beside the devlopers I personally know, the boards I lurk on (www.codeproject.com) express just the opposite sentiment than you assert.

IT peeps. Bah! By nature they hate change. Vista has nothing to little to do with their unwillingness to accept new technologies.

Perhaps you are right- I read that in a cnet article a couple weeks ago (about 90% of developers not switching).  If my source was erroneous, then so was my statement, but not sure how I can verify it.

As for  IT professionals, yeah, they do resist change, because it increases their workload.  Still though, I don't remember this many IT guys being upset with XP (though I do recall hearing some griping).
CK

But tell me, can you heal what father's done?
Or fix this hole in a mother's son?
Can you heal the broken worlds within?
Can you strip away so we may start again?
Tell me, can you heal what father's done?
Or cut this rope and let us run?
Just when all seems fine, and I'm pain free, you jab another pin,
Jab another pin in me
-Metallica

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #34 on: July 14, 2008, 01:11:51 pm »
Ha.. I could take you to meet a room full of mainframe programmers who are holding out for Cobol's inevitable return to popularity.
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline GE-Raven

  • Lord God Emperor for Life of the Taldren SETI Group
  • D.Net VIP
  • Commander
  • *
  • Posts: 2621
  • Gender: Male
  • The cause of AND solution to life's problems
    • Raven's Nest
Re: Microsoft: The Vista Bullying Stops Here
« Reply #35 on: July 14, 2008, 01:13:42 pm »
As an IT guy of a meager dozen years or so... I can say that from "my" standpoint.  Vista is great as a home OS.  However it doesn't offer enough to make it worth the hassle yet to upgrade in our campus.  However I expect by this time next year it will.  That is how it goes with large institutions... It wouldn't matter at all how good the OS is... anything on this big a scale takes time!

I have had more trouble with OSX 10.5 than I care to relate... and that is on a whopping 8 machines.

GE-Raven

Offline Clark Kent

  • Captain
  • *
  • Posts: 6071
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #36 on: July 14, 2008, 01:59:29 pm »
As an IT guy of a meager dozen years or so... I can say that from "my" standpoint.  Vista is great as a home OS.  However it doesn't offer enough to make it worth the hassle yet to upgrade in our campus.  However I expect by this time next year it will.  That is how it goes with large institutions... It wouldn't matter at all how good the OS is... anything on this big a scale takes time!

I have had more trouble with OSX 10.5 than I care to relate... and that is on a whopping 8 machines.

GE-Raven


Interesting- my experience with OS X has been nothing g but pleasant.  I would be very interested in hearing the problems you've had.  I suppose that sounds like a taunt, but I promise you it isn't.
CK

But tell me, can you heal what father's done?
Or fix this hole in a mother's son?
Can you heal the broken worlds within?
Can you strip away so we may start again?
Tell me, can you heal what father's done?
Or cut this rope and let us run?
Just when all seems fine, and I'm pain free, you jab another pin,
Jab another pin in me
-Metallica

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #37 on: July 14, 2008, 03:28:10 pm »
Eww.. I just had a "getting a phaser printer to communicate over Appletalk flashback".  I need a drink..
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline Just plain old Punisher

  • Vice Admiral
  • *
  • Posts: 36927
  • Gender: Male
  • I'm not facist, I just like wearing jackboots
Re: Microsoft: The Vista Bullying Stops Here
« Reply #38 on: July 14, 2008, 05:31:45 pm »
As an IT guy of a meager dozen years or so... I can say that from "my" standpoint.  Vista is great as a home OS.  However it doesn't offer enough to make it worth the hassle yet to upgrade in our campus.  However I expect by this time next year it will.  That is how it goes with large institutions... It wouldn't matter at all how good the OS is... anything on this big a scale takes time!

I have had more trouble with OSX 10.5 than I care to relate... and that is on a whopping 8 machines.

GE-Raven


Interesting- my experience with OS X has been nothing g but pleasant.  I would be very interested in hearing the problems you've had.  I suppose that sounds like a taunt, but I promise you it isn't.

He's been brainwashed by that bastard Steve Jobs and his mystical turtleneck sweaters!!

DAMN YOU STEVE JOBS!! DAMN YOU TO HELL!!

"Sex is a lot like pizza.  If you're not careful you can blister your tongue". -Dracho

Offline Pestalence_XC

  • "The Terminator"
  • Commander
  • *
  • Posts: 2636
  • Gender: Male
  • "The Terminator" Pestalence_XC, Xenocorp
Re: Microsoft: The Vista Bullying Stops Here
« Reply #39 on: July 14, 2008, 08:41:39 pm »
My sister just bought a Mac with OS X..

For the first 2 weeks, she loved it..

Now that she is realizing that 95% of her software needs emulators to work them and WINE is incompatible with much of her software and Cross Over isn't working correctly as well.. she is considering taking it back and exchanging it for a PC...

Add on top of that, there is hardly any software market for OS X or Linux..

She is going to make her decision in the next 3 days and then she either has to keep the machine or exchange it.. the 30 return policy.. got to love it.
"You still don't get it, do you?......That's what he does. That's all he does! You can't stop him! It can't be bargained with. It can't be reasoned with. It doesn't feel pity, or remorse, or fear. And it absolutely will not stop, ever, until you are dead!"

Member :
Xenocorp / Dynaverse.net Moderator & Beta Test Team
SFC 4 Project QA Coordinator
Taldren Beta Test Team
14 Degrees East Beta Test Team
Activision Visioneers SFC 3 Beta Test Team

Offline knightstorm

  • His Imperial Highness, Norton II, Emperor of the United States and Protector of Mexico
  • Lt. Commander
  • *
  • Posts: 2106
Re: Microsoft: The Vista Bullying Stops Here
« Reply #40 on: July 14, 2008, 08:53:35 pm »
My sister just bought a Mac with OS X..

For the first 2 weeks, she loved it..

Now that she is realizing that 95% of her software needs emulators to work them and WINE is incompatible with much of her software and Cross Over isn't working correctly as well.. she is considering taking it back and exchanging it for a PC...

Add on top of that, there is hardly any software market for OS X or Linux..

She is going to make her decision in the next 3 days and then she either has to keep the machine or exchange it.. the 30 return policy.. got to love it.


The intel macs are capable of dual booting windows.

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #41 on: July 14, 2008, 10:04:55 pm »
Ha.. I could take you to meet a room full of mainframe programmers who are holding out for Cobol's inevitable return to popularity.

 :rofl:
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #42 on: July 14, 2008, 10:15:27 pm »
Yes, I can see how the company that holds 95% of the OS market would clearly be bullied by their competitors.  Personally, I think Vista isn't that bad, but the issues it has are largely because M$ screwed up on it.  I couldn't tell you how many IT people I know who would rather cut off their right arm rather than own Vista.  90% of the developer market doesn't want to touch it.  Businesses in general don't want to touch it.

Oh yes, i can totally see why people would want to invest in your crappy OS when the refined version is supposed to be out in 2009.   ::)



Beside the devlopers I personally know, the boards I lurk on (www.codeproject.com) express just the opposite sentiment than you assert.

IT peeps. Bah! By nature they hate change. Vista has nothing to little to do with their unwillingness to accept new technologies.

Perhaps you are right- I read that in a cnet article a couple weeks ago (about 90% of developers not switching).  If my source was erroneous, then so was my statement, but not sure how I can verify it.

As for  IT professionals, yeah, they do resist change, because it increases their workload.  Still though, I don't remember this many IT guys being upset with XP (though I do recall hearing some griping).

Just to be fair to you, it would be easy to skew the numbers when it comes to developers because there so many variables involved in development. They could've asked nothing by unix/linux developers, or asked flash/flex developers who would care less about developing for the Vista platform...
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #43 on: July 14, 2008, 11:11:01 pm »
well, the DX10 developrs for Cyrsis didn't do them any favors.
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline Clark Kent

  • Captain
  • *
  • Posts: 6071
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #44 on: July 15, 2008, 12:05:09 pm »
My sister just bought a Mac with OS X..

For the first 2 weeks, she loved it..

Now that she is realizing that 95% of her software needs emulators to work them and WINE is incompatible with much of her software and Cross Over isn't working correctly as well.. she is considering taking it back and exchanging it for a PC...

Add on top of that, there is hardly any software market for OS X or Linux..

She is going to make her decision in the next 3 days and then she either has to keep the machine or exchange it.. the 30 return policy.. got to love it.


This is a valid concern- I've been primarily Mac for long enough now that I forget about this issue.  The simple fact is that she has two options: install Windows on her Mac (parelles, or bootcamp, or some other incarnation) or she can reinvest in all new software.  In all fairness, this is something she should have thought of prior to her purchase.  There is plenty of softwre out there for her to choose from, but the simple fact of the matter is, it's a completely different OS witha completely different underpinning than any interation of windows. Having to buy softwarre that will work with it is a given.

Just to push the point, the ONLY time I've ever had an issue with finding software is if I'm looking for a specific game (i.e. SFC).  Other than that I've always been able to find a software that did most everything I needed. 

If you like, you can list out the software that she was using on the PC side, and I can throw it out to some mac zealots and try to find solutions for her (no promises if she wants free solutions).  If she returns the mac, I wouldn't blame her, but let her know there is a comunity of mac users out there happy (read: eager) to help her transition to macs full time, and I'd be happy to share info on some good places to start.    If it's not the right system for her, or reinvesting in new software isn't worth it for her though, that makes sense.
CK

But tell me, can you heal what father's done?
Or fix this hole in a mother's son?
Can you heal the broken worlds within?
Can you strip away so we may start again?
Tell me, can you heal what father's done?
Or cut this rope and let us run?
Just when all seems fine, and I'm pain free, you jab another pin,
Jab another pin in me
-Metallica

Offline Clark Kent

  • Captain
  • *
  • Posts: 6071
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #45 on: July 15, 2008, 12:06:55 pm »
As an IT guy of a meager dozen years or so... I can say that from "my" standpoint.  Vista is great as a home OS.  However it doesn't offer enough to make it worth the hassle yet to upgrade in our campus.  However I expect by this time next year it will.  That is how it goes with large institutions... It wouldn't matter at all how good the OS is... anything on this big a scale takes time!

I have had more trouble with OSX 10.5 than I care to relate... and that is on a whopping 8 machines.

GE-Raven


Interesting- my experience with OS X has been nothing g but pleasant.  I would be very interested in hearing the problems you've had.  I suppose that sounds like a taunt, but I promise you it isn't.

He's been brainwashed by that bastard Steve Jobs and his mystical turtleneck sweaters!!

DAMN YOU STEVE JOBS!! DAMN YOU TO HELL!!

I hate turtlenecks, I never did get that hippy bastards fascination with them.  On the up side, they did a good job: my brain has never been so clean.
CK

But tell me, can you heal what father's done?
Or fix this hole in a mother's son?
Can you heal the broken worlds within?
Can you strip away so we may start again?
Tell me, can you heal what father's done?
Or cut this rope and let us run?
Just when all seems fine, and I'm pain free, you jab another pin,
Jab another pin in me
-Metallica

Offline Centurus

  • Old Mad Man Making Ship Again....Kinda?
  • Captain
  • *
  • Posts: 8505
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #46 on: July 15, 2008, 12:12:33 pm »
As an IT guy of a meager dozen years or so... I can say that from "my" standpoint.  Vista is great as a home OS.  However it doesn't offer enough to make it worth the hassle yet to upgrade in our campus.  However I expect by this time next year it will.  That is how it goes with large institutions... It wouldn't matter at all how good the OS is... anything on this big a scale takes time!

I have had more trouble with OSX 10.5 than I care to relate... and that is on a whopping 8 machines.

GE-Raven


Interesting- my experience with OS X has been nothing g but pleasant.  I would be very interested in hearing the problems you've had.  I suppose that sounds like a taunt, but I promise you it isn't.

He's been brainwashed by that bastard Steve Jobs and his mystical turtleneck sweaters!!

DAMN YOU STEVE JOBS!! DAMN YOU TO HELL!!

I hate turtlenecks, I never did get that hippy bastards fascination with them.  On the up side, they did a good job: my brain has never been so clean.

*inspects Clark's brain and runs it through tests*  99.8% sanitized.  That's pretty damn clean to me.
The pen is truly mightier than the sword.  And considerably easier to write with.

Offline GE-Raven

  • Lord God Emperor for Life of the Taldren SETI Group
  • D.Net VIP
  • Commander
  • *
  • Posts: 2621
  • Gender: Male
  • The cause of AND solution to life's problems
    • Raven's Nest
Re: Microsoft: The Vista Bullying Stops Here
« Reply #47 on: July 17, 2008, 08:45:11 am »
OSX Problems so far...

General Flaky beahvior with Iprint Client (sometimes it works and other times it wont ask for credentials or worse yet it "thinks" it knows them)

Transfer of user settings.... sure the documents came over but the issue is Apple insists it is best to do this at first boot of the machine.  Yeah... great idea let me transfer all the settings for software that has yet to be loaded on the new machine!!!  End result... Office 08 thinks it is patched when it isn't... and give the brilliance of Mac doing things for you, you can't force it to upgrade without nuking the user settings, then uninstall, reinstall, update, then manually copy back the user settings. 

Keychains... borked on anything that isn't native Apple software (afp shares etc.)  Basically you need to delete them and re do them on every boot.

Adobe Illustrator Disk access... in 10.5 attempting to save crashes the program.... UNLESS you "export" as a pdf then once you have done that once Illustrator saves with no problem... until you reboot, then you must export one file to get it to work again.

This doesn't happen on every machine, but some.  You can also "repair" the disk security before EVERY run of Illustrator, which also fixes it.  Neat!

So yeah... this is just a sample of the fun I have had.  Mind you none of this happened with 10.4

Oh well... Luckily I only support a dozen macs.

GE-Raven

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #48 on: July 17, 2008, 09:09:39 am »
OSX Problems so far...

General Flaky beahvior with Iprint Client (sometimes it works and other times it wont ask for credentials or worse yet it "thinks" it knows them)

Transfer of user settings.... sure the documents came over but the issue is Apple insists it is best to do this at first boot of the machine.  Yeah... great idea let me transfer all the settings for software that has yet to be loaded on the new machine!!!  End result... Office 08 thinks it is patched when it isn't... and give the brilliance of Mac doing things for you, you can't force it to upgrade without nuking the user settings, then uninstall, reinstall, update, then manually copy back the user settings. 

Keychains... borked on anything that isn't native Apple software (afp shares etc.)  Basically you need to delete them and re do them on every boot.

Adobe Illustrator Disk access... in 10.5 attempting to save crashes the program.... UNLESS you "export" as a pdf then once you have done that once Illustrator saves with no problem... until you reboot, then you must export one file to get it to work again.

This doesn't happen on every machine, but some.  You can also "repair" the disk security before EVERY run of Illustrator, which also fixes it.  Neat!

So yeah... this is just a sample of the fun I have had.  Mind you none of this happened with 10.4

Oh well... Luckily I only support a dozen macs.

GE-Raven


We have 30 Dell Optiplex 645s and 58 Dell Optiplex 620s and we have only two semi-flaky machines. One that appearently is not a big fan of being ghosted/cloned (I think it's the NIC), and another that Excel 03 'enjoys' to freeze on (I think it's a ram issue). As all of these are teaching machines so you can imagine the pounding they take.
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Microsoft: The Vista Bullying Stops Here
« Reply #49 on: August 09, 2008, 02:31:57 pm »
For anyone honestly interested in seeing how the Mojave Experiment was done watch here: http://www.mojaveexperiment.com/
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista