Does our columnist have an axe to grind with Microsoft? Reader Andrew Idell took issue with a number of points (bolded) in James Mathewson’s column “Vista’s limited horizons?” [June 2006]. Here are some of his comments (AI), followed by Mathewson’s responses (JM):
1. “Those of us old enough to remember that Windows 95 actually shipped in 1996–to the horror of a breathless PC press.”
AI: Windows 95 was released on Aug. 24, 1995. At the time I worked as a manager at Babbage’s Software and had to deal with the onslaught of customers.
JM: It was released to resellers in August. The boxed copy was not released until January 1996.
2. “As in the old days of DOS, you can always go to the command line with Linux and a desktop UI program running on top of it. When Microsoft went to XP, it eliminated DOS and the ability to selectively fix problems by simply deleting files.”
AI: DOS has never been in an NT-based OS, all the way back to when it was first compiled in 1989 and sold in 1992. There has been the NT-command shell, which has several of the same commands, but the code is completely different. It is analogous to the various shells in UNIX, although not as powerful.
In fact, even Windows 95 and 98 were not layered on top of DOS. The last OS to do this was Windows 3.11 for Workgroups. Win95 and 98 had 32-bit kernels with the command shell running as an OS subsystem on top of the kernel. In this case, the command-line shell was a recompiled DOS called DOS 7.0. Windows ME removed this functionality. To say that Win9x-WinME were “based on DOS” is a very common misconception.
Windows 2000 and XP (and Vista) are NT-based operating systems, and have never had any form of DOS in them, other than the ability to run 16-bit applications within WOW/Windows on Windows.
JM: It has been proven that Microsoft’s consumer operating systems ran on top of DOS until Window XP, which is an NT-based OS. Whether you say that DOS was an administrative console as an add-on or the kernel of the OS is not really the point. The point is, you had a command line before Windows XP with which to diagnose and fix problems. And, yes, NT does not have DOS, but it does have a command line. Windows XP has no command line. That’s all I wrote.
3. “…the ability to selectively fix problems by simply deleting files…”
AI: No OS has this capability in the context of cleaning malware. If you are referring to cleaning startup programs, then yes, it is an issue to dig through the registry by hand. However, no one needs to do this anymore with the numerous spyware programs on the market.
JM: With a command line, you can run scripts or batch programs that search the directory for certain file types. When you find those file types, you can delete them. So a smart administrator can fix systems using the command line. Without a command line, the only fix is often to wipe and reload. That’s now standard operating procedure for administrators.
4. “So far, we haven’t seen too many results from this effort. According to reports by beta testers, there is reason to believe that Vista is much better than XP on security.”
AI: Several third parties, including Secunia.com, have tracked the number, rate, and severity of vulnerabilities in Windows since Trustworthy Computing. In every category, the numbers have dropped dramatically. In the cases where vulnerabilities have existed, XP Service Pack 2 and 2003’s SP1 often have a lower severity rating.
Also, who are these “beta users” making these statements? If they call beta testing installing the OS on a PC, then I would not call their opinions very informed.But, to be fair, only time will tell for Vista.
JM: I find it difficult to believe that the current operating systems benefit from trustworthy computing when I need to load three or four patches per week several years after the OS was released. Yes, only time will tell with Vista. But Microsoft has not exactly increased our confidence with its current OS offerings.
5. “I’m especially interested in the bidirectional firewall that pings you when a program attempts to access the Internet.”
AI: This is probably one of the greatest myths in the security field–that an outbound firewall is a relevant security feature. If malware is already on your box, it will go around or disable your firewall. This is true for any OS, especially in the case of rootkits.
JM: My results with Zone Labs are far better than the technote suggests. But firewalls are not a catch-all. We know this. The point is, if a bidirectional firewall is the most anticipated security feature in Vista, we don’t have a lot more confidence that Vista will be better than XP, do we?
6. “That is why the press sounded alarms on the latest Vista delay; even though it is only a few months, moving from November to January means no Vista PCs for Christmas.”
AI: For consumers this is true, but not for businesses. In fact, tens of thousands of businesses are already beta-testing Vista and will move to Vista as their limited production OS by Beta 3 as part of Microsoft’s early-adopter program.
JM: I believe that tens of thousands of businesses are testing Vista. I don’t believe that tens of thousands of businesses will roll Vista out throughout their enterprises within a year of launch, unless you count home-based sole proprietorships. The surveys I’ve read suggest that fewer than 30 percent of businesses worldwide even have Vista on their tech plans beyond beta testing. Of those that do, a small percentage have immediate plans for Vista.
7. “And it would enable OS X to manage system security by backing up, wiping, and reloading Vista without rebooting, making Vista much more manageable.”
AI: Vista has numerous deployment technologies that are all image-based, so these tools from Apple are somewhat redundant, although well packaged. OS X also has nothing to do with Vista’s security (or lack of it) because OS X is not loaded in this dual-boot scenario.
JM: The current plan is to have dual-boot mode. But, as Robert X. Cringely speculates, in the future, it is not out of the question that OS X could run Vista, which would improve security by allowing administrators to wipe and reload Windows on the fly as often as they like.
8. “The preferred way of dealing with a system clogged by a few months’ worth of adware, spyware, and quarantined viruses is to back up, wipe, and reload. This is time-consuming, either for the user or the technician, or both…Linux may not be as pretty, but it’s not as vulnerable… ”
AI: No matter what platform is infected by malware or compromised by a hacker, any competent security professional will tell you that you must wipe the system.
As far as Linux not being as vulnerable to automated malware such as worms and virus attacks, this is true. But to say that Linux is more secure for that reason alone shows the bias of the author.
At one point last year, the Linux KERNEL had more vulnerabilities by any measure (number, severity, etc.) than the entire Windows 2003 stack. Today the number is slightly greater for the whole stack vs the Linux kernel, but no matter how you slice the numbers the fact is that Linux security, in terms of vulnerabilities, has gotten worse, not better in the last five years.
JM:Every study I’ve read that is not sponsored by Microsoft suggests that Linux is much more secure than Windows. A large part of this is the architecture. Unlike Windows, it is not one huge monolithic stack. So vulnerabilities can be isolated and fixed much more easily. That is the point of the column, really. Do businesses want another monolithic OS from a vendor with history of insecure products or do they want something more modular and open? I think businesses are leaning towards more modular and open systems in part because it helps them manage security more easily.
9. “All this patch-as-patch-can maintenance has pushed some organizations to adopt Linux for the desktop.”
AI: There have been hundreds of patches for your average Linux desktop–far more than for Windows XP, especially with SP2. On Windows, these patches can be automatically installed via the Web, or by numerous tools from Microsoft–some free like WSUS, others more robust and payware like SMS.
JM: I installed more than 100 patches per year to Windows XP. I have lots of colleagues who run Linux on the desktop and they do not need to patch their systems much at all. So the evidence is anecdotal, but I would be shocked if Linux for the desktop required more patches than Windows XP.
AI: I would rather have read a pro-Linux article from James, who works for IBM, than a highly flawed, inaccurate generally anti-Microsoft piece.
He could have saved a lot of ink by just stating, “I think Windows sucks, and Vista even more so. I work for a competitor that has mostly chosen to embrace Linux, so why use Windows at all?”
JM: Yes, I work for IBM. We have more than 300,000 Windows clients in our company world-wide. We spend a considerable sum of money keeping all these systems working and relatively free of malware and other exploits. This experience, as a customer of Microsoft, led to many of these points. Also, IBM is one of Microsoft’s biggest partners. Most of IBM’s customers have Windows either in server environments or in desktop environments (or both). I would not do anything to jeopardize this delicate relationship by using the hyperbole you suggest, but I do have strong opinions. Our readers are smart enough to recognize my statements as opinions, and to make up their minds from there.
To start a discussion or ask a question, e-mail [email protected] letters may be edited for style, length, or content. writers’ e-mail addresses will be published unless requested otherwise.