

Journalists to Other Journalists: Call Out Windows - bensummers
http://techrights.org/2010/04/21/windows-rarely-named-and-shamed/

======
barrkel
I don't see a reason for news journalists to act as proxies for Apple etc.'s
PR departments. News is news because it's new; there's nothing much new about
the dominant platform being targeted by malware, and it's not because Windows
is intrinsically flawed, but because it's the big target.

Also, the article's site is an amazingly shrill opponent of anything relating
to MS or Bill Gates. "Author Calls for Action to Stop Bill Gates' Abduction of
US Education", "Microsoft Exploits the Poor", "Gates Foundation (and
Microsoft) Take the Libraries Takeover Global", etc. It reads like the
author(s) puppies got squished by MS early in life, or something. Definitely
personal, not rational.

~~~
itg
Since when does calling out Microsoft equal being PR for Apple? Reporters
should be attacking bad policies, no matter what the company. And wether the
arguments are rational or personal, they make some good points. Some of the
articles seem as if the guy is wearing a tin foil hat but then again, it is
well documented what Microsoft has done against Linux/Open Source movement.

------
tptacek
No company in the industry has spent more to address security than Microsoft,
in absolute terms or in figures relative to their size or market penetration.
I say this as an inveterate Apple customer who came up using Linux by way of
386bsd.

You see a journalist "calling out" Microsoft for insecurity, and you've got a
coin-flip's chance that that reporter has absolutely no idea what he's talking
about when it comes to security.

~~~
JoachimSchipper
Yes, Microsoft spent a lot of money on security, and this has paid off to some
extent (Win7 is _much_ better than, say, 98); but don't you think they still,
well, suck? In at least an absolute sense, if not a relative sense?

~~~
tptacek
Do I enjoy using Win7? No.

Would I trust Win7 code more than... other code? Very yes.

This is basically like asking me, "which would you trust more: code that
you're reasonably sure Mike Eddington fuzzed, or code that you're pretty
confident he hasn't."

~~~
JoachimSchipper
It's not that Microsoft has crappy coders: their programmers are good and
motivated. It's not that Microsoft doesn't care about security: they got burnt
badly enough that they learned their lesson. It's just that there is so _much_
code.

A good OpenBSD install, even one with lots of functionality, just has much
less trusted code (i.e. code which absolutely has to be correct). And while I
_do_ like OpenBSD, it's not unique: the other BSDs are also solid, and Solaris
- despite a somewhat bad reputation in some circles - is also pretty good.

I'm sure that there are some very smart people working on Windows security;
it's just that engineering everything for security beats "features first".

[EDIT: thank you for your reply! I'm happy to learn, even if we're unlikely to
convince each other...]

------
aidenn0
"What would it be like if Linux, or any real multi-user networking operating
system with a sane design, were the standard operating system? I bet money we
would not have tens of millions of Linux PCs in botnets, even with a large
population of unsophisticated users. No botnets pumping out phishes, spam, and
malware, no drive-by infections from merely visiting infected Web sites"

I call BS on this quote. I have no reason to believe that, e.g. firefox on
linux is any more secure than firefox on windows. There is no reason a botnet
needs root access on a linux hosts. The only reason we don't have huge swarms
of linux botnets is that hackers get more bang for the buck by targeting
windows.

~~~
blasdel
Firefox is just ridiculously insecure all around as a platform for extensions.

Instead of developing a new least-privilege extension API like Chrome did,
Mozilla put in an App Store style review process on A.M.O. for real extensions
and developed a new API just for lame themes. They have code signing baked in
but don't even use it for their own code, so an annoying 'unsigned' warning is
the expected default.

Even with all that, the extensions themselves have highly-exploitable
vulnerabilities: <http://lwn.net/Articles/348769/>

It's probably the best means to get remote code execution on Linux, especially
since extensions can bundle native NPAPI plugins.

------
smallblacksun
The entire premise is flawed. Microsoft gets called out all the time in the
press for bugs and security flaws.

~~~
bediger
Not very explicitly. When have you heard some journalist write an article
about a "Windows Worm"? They're always always always "PC Worms" or "PC
Viruses".

Microsoft gets big credit for releasing a patch for many "PC Worms" or "PC
vulnerabilities", but the vulnerability in never ever a "Windows" problem.

~~~
Semiapies
Because the standard reporter's assumption is that a "PC" is a computer
running Windows. Otherwise, it's a Mac.

~~~
smallblacksun
Not just reporters, everybody except a small group of techies. Just look at
the Mac vs. PC ads, which were really Mac vs. Windows.

------
adrianwaj
The publications may be worried MS will pull advertising. Sort of like
political campaign funding: fund only those who can and will support you. Sun
Microsystems got quite a bit of bad PR during dotgone because it wasn't
advertising as much, and when it did, the press improved. So it works both
ways, need to spend $$ to get good pr, or to just to avoid bad pr.

