Customers and partners who’ve been holding their breath waiting for Beta 2 of Windows Vista before getting serious about testing Microsoft’s next-generation operating system can exhale. There will be no single, catch-all Beta 2 of Vista, according to Jim Allchin, co-president of Microsoft’s Platform Products & Services Division. Instead, Microsoft is planning to rely increasingly on CTP builds to get its feedback from Windows testers. Elsehwere, Allchin said you should buy Vista for its security enhancements.
Nelson voice/
HA-HA!
/Nelson voice
w00t?!
>>Customers and partners who’ve been holding their breath waiting for Beta 2 of Windows Vista
all suffocated sometime during 2003. The rest of us are pretty “meh” about it.
wrote: >>Customers and partners who’ve been holding their breath waiting for Beta 2 of Windows Vista
all suffocated sometime during 2003. The rest of us are pretty “meh” about it.
Thats the funniest thing I’ve read all week. Thank You!
As a devloper you have public betas to a) weed out bugs your internal testing missed and b) reassure your customers. By skipping the second beta, Microsoft effectively tells its customers that they ae buying beta-grade software and shouldn’t be surprised if their servers and workstations blow up. I find this unacceptable, especially since Ms is trying toestablish some form of credability in the security and reliability leagues.
By skipping the second beta, Microsoft effectively tells its customers that they ae buying beta-grade software
Don’t talk nonsense. Just see the CTPs as betas and RCs. Just like Linux distributions. How many SUSE 10.1 alphas/betas/kappas have we seen? 23?
Thom, stop bashing Linux.
The guy has a point. CTPs are not beta-quality, just read the announcements that Microsoft makes when releasing them.
It is unacceptable that Microsoft does not offer a full beta.
The guy has a point. CTPs are not beta-quality, just read the announcements that Microsoft makes when releasing them.
How do you know these late CTPs won’t be of beta 2 quality? You know that for sure?
It is unacceptable that Microsoft does not offer a full beta.
Unacceptable to you, that is.
How do you know these late CTPs won’t be of beta 2 quality? You know that for sure?
My experience from Visual Studio 2005, WinFX, Team Foundation Server CTPs is that betas are higher quality.
From microsoft.com (SQL Server 2005 CTP): ” Unlike beta releases that receive a much higher level of testing and feature work, CTPs are intended to expose the latest working build to developers..”
WTF is this then:
“Customers do need significant milestones,” Allchin said. “But you could classify CTPs as betas, but for a different audience.”
Why don’t you go to CNET or eweek and actually RTFAs?
They just want to have more flexibility in terms of removing or putting back *EXISTING* fetures, based on users’ feedback.
As it stands now, Vista is **feature-complete**, Allchin said.
Vista IS feature complete at this point. They just need to decide what will be included, not included or included but not “in the face” feature. That’s what happened to Virtual Folders (they are still in Vista, but based on feedback, they decided to push them in the back seat – you can still use them if you want to).
If they had “beta 2” (read: “feature freeze”) this would not be possible.
RTFA.
First, you said:
You said:
My experience from Visual Studio 2005, WinFX, Team Foundation Server CTPs is that betas are higher quality.
But then, you also said:
Visual Studio 2005 is the buggiest major software release I have seen from Microsoft in the last twelve years.
Then, what are you complaining about?
So, you want another “buggiest major software release from MS in the last 12 years” ???
Get a life.
You should get a life and some glasses for your eyes, since you cannot read.
I said the first thing not the second, moron.
Well, look at it another way – CTP is equal to Solaris Express – a snap shot to see where Microsoft is heading, and allow ISV’s to test their software against the latest build of the operating system.
With the amount of work Microsoft have done to improve the relationship between Microsoft and developers, there shouldn’t be a single application out there not working with Windows Vista – if there is, someone has been VERY lazy that the concerned company.
Microsoft WILL release Windows Vista this year. They have to, and they’ll do whatever it takes to get it out the door.
However, in order to get it out the door, I think they are going to have to make even more sacrifices that are going to result in an extremely buggy product upon initial release. While they’ve been known for this throughout their history as a company, it seems to me that it’s gotten worse lately. The XBox 360 is notoriously buggy, and Visual Studio 2005 is the buggiest major software release I have seen from Microsoft in the last twelve years. It’s just chock full of obvious, right out in your face, how-is-this-in-a-shipping-product??? bugs.
Will I use Vista? Yes, but only because I’m so freakin’ BORED with Windows XP, and because my company is a Windows-only shop that is signed on with Micrsoft’s Extortion Agreement and they’ll buy it, along with a new computer capable of running it, for me. I definitely wouldn’t spend my own money on it, or even waste my time getting it off the torrent sites.
At home I have two Macs that I purchased for myself and a Dell laptop that my company bought me. I almost never fire up the Dell at home because Windows XP is just…depressing. Remember what it felt like to sit down in front of a Mac running OS8 or OS9 in the ’90s? That’s what Windows XP feels like now.
Microsoft WILL release Windows Vista this year. They have to, and they’ll do whatever it takes to get it out the door.
They have to? Or else.. what exactly??? Windows is going to be wiped out by competition if they release Vista in, say, January 2007, instead of, say, November 2006?
Yeah, right.
Did you read the news from just 2 or 3 days ago:
Microsoft Reports Record Revenue
Microsoft Corp. today announced revenue of $11.84 billion for the quarter ended December 31, 2005
Yeah, 2 months or so delay would kill them. Sure.
Not to mention that, not so long ago, Gates suggested to Allchin to “take more time for Vista”. Allchin refused and opted to get rid od WinFS and still deliver Vista as planned, in 2006.
Microsoft wants to come out with Windows Vista sooner to make more money!
Think about it. Right now, many people are using Windows XP & Microsoft isn’t happy with the amount of money being brought in by Windows XP.
They want to bring Vista to market, force consumers to upgrade (within the next 2 years) and make lots of money off of it.
Vista was supposed to come out earlier (in 2005), but got delayed and pushed back to 2006. Many years of development has gone into it. MS wants to cash in now and collect the rewards.
They’re skipping the Beta to achieve their release date – Winter 2006. Doing a 2nd Beta would push their release date into 2007 – which isn’t acceptable to Microsoft.
I really don’t see a need for Windows Vista (as of yet), Windows XP will keep me happy for a few more years.
They have to? Or else.. what exactly???
Or else all of the court imposed fines and payments to companies they have settled with may begin to affect their bottom line? (;
A new line of products will at least ensure they can pay and still keep their profits going up.
Or else all of the court imposed fines and payments to companies they have settled with may begin to affect their bottom line? (;
2-3 months delay wouldn’t affect them that much.
A new line of products will at least ensure they can pay and still keep their profits going up.
They just announced record profits, despite the fact that XP was released almost 5 years ago, so please..
Just to play devils advocate, you could say that all the software they release is beta, I work for a Library who was a Windows shop for I dont know how many years, but a day didnt go by where I had to restart a Windows machine because office crashed while printing, or somone stuck a usb stick in and pulled it out, just goofy stuff, I swear MS does it on purpose. Anyways, for a five year development cycle this is a pretty sad offering, I mean really they had five years to get this done, and all they did was copy Apple, again, (not saying Apple didnt copy anyone, it’s just the fact that redmond has bought some of the best minds in the world and all they did was copy Apple.)They cant really do what Apple does with the every year thing, I mean could you imagine trying to compare PC’s to see which one has the version you want installed, because you know some will just have the old version. Then again how much innovation can they really have? There are a lot of people that still use Windows because their afriad of change.
I won’t call anything secure that allows for arbitrary programs I, or another program, downloads to modify my files. Unless, does Vista have this?
MS is going to have to change their ways on security, their eventually going to have to adopt the Unix way of doing things I think, unless they can control every single program and make sure that none of it installs malware or viruses. And what about browsing? They should only let you install things you want this means prompting me when a site is trying to install malware, and letting me chose what I want to install.
No, the unix model is just as screwed up as the windows model; it’s slightly more secure in that it encourages running as a normal user, but it’s still very possible for a program to screw up files in the user’s home directory.
LOL, then somone is just going to have to invent a better way, what I was speaking of was the need for passwords before you install anything.
if it can be run without installing (easy!) then you can do all damage you want. the unix security will NOT help you at all.
In Ubuntu you really cant mess with files unless you go into the terminal and know specifically what you want to edit or mess up.
We’re talking about malicious programs, not the user. The user has the right to modify his files in any way he sees fit; unsolicited programs do not.
Lie. You can wipe all your files with any file manager.
the virus can delete all user data. no, not the system, it’ll boot – but you’ve lost all your user data.
or it could monitor your passwords. unix wouldn’t prevent that…
Thank you. I say this all the time, and people don’t understand. The unix model is only slightly better right now, mainly because it’s actually enforced (which Vista will hopefully do). Most people are more concerned with their files getting messed with, not the system files, and the unix model does nothing to stop a program that is running from modifying files in the home dir, nor does any other model I know of.
Well, actually, I’m not sure how System Restore on Windows handles user files (C:Documents and Settings<username>). Can anyone tell me if doing a rollback with system restore also rollsback those files?
Actually, you could run UNIX ACLs and have a username_restricted. Get most of your apps to su to username_restricted.
Alternatively, I have a Linux security module that restricts all applications to read-only unless configured read-write to certain directories (e.g. download).
I’m gonna see if i can make it production ready… basically a very simple, cut down SELinux.
Edited 2006-01-28 21:15
That sounds interesting. I wouldn’t mind taking a look at it, considering that I’m planning on implementing basically the same thing for my linux distro/OS.
Windows XP can be made Secure too, but most users won’t take the time to do the simple steps listed below.
Steps to increase security:
#1 Create & use limited account (most users log on with administrator accounts which gives access to system files).
#2 Restrict or Disable Active X in IE.
#3 Disable Java in IE.
#4 Restrict or Disable Javascript.
#5 Always scan program & application files for viruses. (Audio & Video files are ok, but shared programs files are high risk for viruses).
#6 Run spyware scanner regularly.
#7 Install Windows Security Updates to plug security holes left open by Microsoft.
#8 Use a router or software firewall.
#9 If you get an attachment which appears to be executable, then scan it for viruses (or better yet, delete it).
Doing the above steps will make your computer pretty secure – and ensure very low risk of getting hit by a virus or trojan.
Most newer viruses are installed through Active X or JavaScript when web browsing with IE, Opening up Email attachments or Downloading program files & running them.
Edited 2006-01-28 21:34
If windows was truly secure, you wouldn’t need to run a virus/spyware/whatever scanner in the first place.
Here’s what I do:
1) Don’t use IE except when I have to (which is only for some trusted sites)
2) Don’t run something unless I know what it does
3) Monitor my processes once in a while to see what is running.
4) Check my startup list periodically
No spyware or virus scanners, nor a firewall. People tell me I’m stupid, but I know exactly what’s going on with my system and I have never gotten a virus in XP and no spyware in 3-4 years.
No spyware or virus scanners, nor a firewall. People tell me I’m stupid, but I know exactly what’s going on with my system and I have never gotten a virus in XP and no spyware in 3-4 years.
If you have no scanners, how do you know that you don’t have a virus or spyware? I used to say this same thing, because I took all the same steps, but I found out the hard way that shit can get through anyway. Download AntiVir Guard and Spyware S&D, run them, and if you come up clean, then I’ll believe you. Until then, you really can’t know, unless you know what every process does 100% of the time, and that it isn’t a process with a name similar or the same to something else that should be there.
Actually I do have MS antispyware installed to run once in a while. But it’s only once in a while when I remember.
I know I don’t have anything ebcause I *know* how to check for that stuff. I’ve worked with someone who WROTE spyware (yes i know), so I have a slight idea of what they do to your system.
Malware writers really don’t care about messing up the user’s files in their home directory, believe it or not. They are interested in either adding the machine to a botnet, using it as a spam relay, or installing adware to pop up advertisements every time the computer is run.
None of these things happen under the MacOSX security model. Yes, the user could download and run a program that deletes all of the files in their home directory, but that’s the whole point, they would have to DOWNLOAD AND RUN IT, it wouldn’t just happen from turning the computer on and plugging it into the Internet, like how it happens on Windows.
Malware writers really don’t care about messing up the user’s files in their home directory, believe it or not. They are interested in either adding the machine to a botnet, using it as a spam relay, or installing adware to pop up advertisements every time the computer is run.
So just because nobody does it means you don’t have to protect against it? Believe it or not, virus writers like screwing up people’s computers, and I wouldn’t be surprised if there aren’t already a few viruses that delete all the user’s files.
None of these things happen under the MacOSX security model. Yes, the user could download and run a program that deletes all of the files in their home directory, but that’s the whole point, they would have to DOWNLOAD AND RUN IT, it wouldn’t just happen from turning the computer on and plugging it into the Internet, like how it happens on Windows.
Have you ever heard of an “exploit”? Yes, as hard as it is to believe, OS X has exploits just like windows does. If this where a perfect world, then yes, you would be right.
>>I wouldn’t be surprised if there aren’t already a few viruses that delete all the user’s files.
Then name them, right here, right now, for all to see.
>>Have you ever heard of an “exploit”? Yes, as hard as it is to believe, OS X has exploits just like windows does.
Then name them, right here, right now, for all to see.
Then name them, right here, right now, for all to see.
The byte virus is a virus that uses an RPC exploit to delete all accessable files on the victim’s harddrive. Yes, I just made this virus up, but it’s entirely possible.
>>Have you ever heard of an “exploit”? Yes, as hard as it is to believe, OS X has exploits just like windows does.
Then name them, right here, right now, for all to see.
http://secunia.com/advisories/11622/
http://secunia.com/advisories/11689/
http://www.unsanity.com/haxies/pa/whitepaper
etc…
Those are just specific OS X exploits. It also suffers from generic library exploits, e.g. wasn’t there an exploit in zlib/libpng a while ago that affected OS X?
I think you’re confusing “security advisory” with “exploit”. They’re not the same thing.
First comes the security advisory, THEN comes the exploit code, THEN comes the virus/worm.
All you’ve pointed me to are security advisories. Where are the EXPLOITS for the theoretical vulnerabilities described in those advisories?
exploit
<security> A security hole or an instance of taking advantage
of a security hole.
I’m not sure why you believe that just because nobody’s done it it’s not a threat. I’m trying to be impersonal here, but are you really that naive?
http://www.securityfocus.com/bid/13694/exploit
Took me about 40 seconds to find.
>Then name them (viruses that delete personal files), right here, right now, for all to see…
http://www.gatortechnologies.com/res-alerts.php
You needn’t even bother looking it up – here’s the relevant bit…..
“February 25, 2004 – A variant of the MyDoom virus deletes user files and is becoming increasingly widespread. Home users are especially at risk because home computers often lack firewalls, up-to-date antivirus software and backups.
This new virus arrives via email with subjects including: “Approved,” “Your Credit Card” and “You use illegal File Sharing…Your IP was logged.”. If the email’s attatchment is opened, it will delete random Word, Excel and media files, and try to propogate itself to other computers over the computer’s internet connection…..”
Also I believe the ‘googkle’ exploit a couple of years ago (mistyping http://www.google.com – easy to do, the ‘k’ gets hit on the way to the ‘l’) contained one payload that did the same, according to a friend who was hit.
yes, you are correct, to a point. the unix model also has “file permissions”, so in fact for real security, you can change ownership of individual files so that only root can delete/overwrite/corrupt them.
You will still be able to read these files, but you, or malware will not be able to screw them up.
ALSO…..
To actually get malware into a unix based system, you need to physically download it, change its permission to execute, (usually..) and then double click/terminal run it.
I have seen quite a few games that ask to be installed by root. This practise needs to stop, we are not on Windows, root is not needed to install a game.
yes, you are correct, to a point. the unix model also has “file permissions”, so in fact for real security, you can change ownership of individual files so that only root can delete/overwrite/corrupt them.
You will still be able to read these files, but you, or malware will not be able to screw them up.
You can also do this on Windows via the Security dialog on the file or editing policy.
To actually get malware into a unix based system, you need to physically download it, change its permission to execute, (usually..) and then double click/terminal run it.
The zone infrastructure makes this task similar on Windows. As mentioned by another poster, if you download an executable, it is prevented from running unless permitted by the user. The dialog that asks if you want to run the executable is basically a way of giving one-time execution rights without having to go to the properties dialog for the file. If you want to permanently enable execution rights for the file, you either uncheck “Always ask before opening this file” or you unblock the executable via its properties dialog.
But as a non-root user you cannot add other users accounts and modify groups.
As a user you only get all or nothing protections.
Thats bearable (sudo) if you’re also root, but sucks is sb else is.
Last time I checked, XP with SP2 asks you anytime smoething wants to install or run.
Of course, there are exploits, but IE7 and Vista are taking steps to address this and make sure even when something is run from IE7 (like through a buffer overflow), it has very limited access.
What a terrible system. What is the user supposed to do, say “no I don’t want this to run even though I double clicked on it to run it“? Basically, it boils down to this: applications should not have access to non-application data unless explicitly allowed by the user, either indirectly or directly. For example, consider a word processor. If the user double clicks on a text file and the default action is to open up the word processor, it should obviously have temporary rights to read/write that file, but nothing else. Even if a stray program does somehow manage to run itself on its own, it shouldn’t be able to modify anything because the user didn’t give it explicit permission to do so.
Sorry, I wasn’t clear. I meant anything you try to run from IE, that you download in it. Whether an app or an ActiveX control.
No OS does this because it’s really stupid. Word and many other programs (almost anything that’s big) uses many files at a time, including multiple files linked to the doc you’re working on, undo records, settings files, etc. They create a number of files too. A program is always associated with the user who runs it. If I can do something through the shell, the program can do the same thing through the OS APIs. The alternative would either perform terribly or be impossibly onerous for app programmers so they’d just find ways to punch holes through this system and directly read/write other files (like the programs that require running as Admin just because they’re not coded to deal with limited rights).
Did you not read what I said? Said office app would be able to modify the files it’s working with, obviously, and the other example files you listed fall under “application files.”
How does the OS decide what files Word can work with and what files it can’t work with? How can we really decide which executable images are even part of one application or two totally separate entities. What about apps that work together on files?
The only way this is possible is if the security privileges are associated with the executable that is running rather than the user who launched that executable. This model doesn’t really make sense to me. It would also totally break backwards compatibility and might make the system inflexible.
The only way this is possible is if the security privileges are associated with the executable that is running rather than the user who launched that executable. This model doesn’t really make sense to me. It would also totally break backwards compatibility and might make the system inflexible.
MS actually already does this with Code Access Security. Code is allowed or denied certain privileges not only based on the user token under which it runs, but also based on attributes about the code like where it came from, the functionality it incorporates, and what the developer has specifically allowed or restricted. More limited features for code trust are also available for unmanaged applications.
How does the OS decide what files Word can work with and what files it can’t work with?
The “OS” doesn’t. If you completely move file opening into the file manager, as it should be, the file manager knows exactly which files the word processor can modify.
How can we really decide which executable images are even part of one application or two totally separate entities.
I’m not sure what this has to do with anything. If you mean calling one app from another, permissions (obviously) carry over.
What about apps that work together on files?
Still not sure what you mean.
I dig what you say. But there are limitations on how far you can go with this until you really piss the user off.
What I imagine could be a good solution is that the OS would act as some kind of a layer between the app and the files. i.e. when double clicking a .doc file would mean that the OS gave Word a “copy” of the file to work with or the OS would keep a record of what (and at what time) modifications were made to the file – with that record beeingdeleted after you’d manually save the file again (or after some time period). I don’t really have a plan how exactly to work this out but eventually this kind of system would mean that no app could f–k with your files. Or if it did you would always have a record of what it did to the file to revert it.
Another good thing would be if the OS would have some kind of notification (like the XP firewall popup) if some app would try to mess with your files automaticly. Say you’re browsing the web and xyz.exe decides to delete your .doc files a popup would come up saying “this app is trying to delete your file (list files), what to do?”. So you could turn this off for apps that need that privilege (defrag, anti-virus apps) and block apps you don’t want messing with your files behind your back. Another thing could be that you could set flags on folders, so you could put Word on an allow list for ‘Documents’ folder which would grant it full access to those files to do whatever (and whenever) it wants.
Lot’s of ideas.
Prompting the user is a very bad idea. Most of the time he’ll just click right on through. The only thing necessary in the word example is to simply allow instances of ‘Word’ that are executed by the file browser to modify the file that they were launched with.
I might buy it but I’m waiting untill SP1.
Who else thought that was the funniest line in the article? Oh gee, I might buy it for the new account type?
Honestly from the start WinNT was designed correctly when it came to users. It is just that the application developers are actually allowed to not implement there programs correctly.
I am no expert but I believe Nero was coded correctly for multiple users and privileges.
Edited 2006-01-28 21:33
I am no expert but I believe Nero was coded correctly for multiple users and privileges.
Last I checked (version 6.x) wasn’t. You could download some shit off their website and install it and then it would work, but they should design their app like that in the first place.
It is just that the application developers are actually allowed to not implement there programs correctly.
Reminds me of how Microsoft decided to call the user’s folder ‘Documents and Settings’ – so developers would learn that there can be whitespaces in folders Needless to say, many apps broke…
I also remember reading in a magazine about this game they tried reviewing, but couldn’t install it to do the review, because the setup assumed their Windows partition was on C
I would have to say that “Microsoft To Skip Vista Beta 2” is a rather inflamatory title to the article and not representative of the content.
Not impressed OSAlert, not impressed at all. I expected better. A journalists job is to report and not interpret.
> If new features won’t get you to upgrade to Vista, security enhancements should,<
now thats funny that part
To those criticizing the Unix security model when compared with Windows’, all I have to say is that you do have a point when saying that the users files could be compromised but our point is that you can restrict the effects to that one user.
Consider that on most corporate scenarios (and even most domestic scenarios), a computer is shared by several employees (or family members) and therefore there will be multiple profiles on that particular system. Now imagine clueless user A downloading and running a malware from the Internet that ends up wiping all his files. Yep, that’s sad but the good part was that clueless users B, C, D and E’s files were saved. No system nor other users files were erased or otherwise compromised after that.
This is so much more than current Windows releases can claim. If Vista will change something on this regard, we’re yet to see.
Consider that on most corporate scenarios (and even most domestic scenarios), a computer is shared by several employees (or family members) and therefore there will be multiple profiles on that particular system. Now imagine clueless user A downloading and running a malware from the Internet that ends up wiping all his files. Yep, that’s sad but the good part was that clueless users B, C, D and E’s files were saved. No system nor other users files were erased or otherwise compromised after that.
This is so much more than current Windows releases can claim. If Vista will change something on this regard, we’re yet to see.
Windows would behave similarly in the same situation. Most corporate users run as limited users.
What – no alpha 2 ?????
Microsoft have had a hard time persuading customers to pay for upgrades. A lot of users still use older versions of Windows. But what if Microsoft downgraded the security upgrades to anything other than Vista?
“Look, the security technices and policies in Vista is much better. You need to upgrade to Vista if you want to secure your data.” I know that is a bit paranoid, but does anyone really think that Windows 2000 and Windows XP security will be a priority at Microsoft in the future?