A site devoted to discussing techniques that promote quality and ethical practices in software development.

Saturday, February 17, 2007

More and more reasons to stay away from Vista

I have been a big fan and great supporter of Microsoft's Operating Systems and products ever since I migrated from CP/M to MS-DOS 1.

Everyone that has been in the industry for a while will no doubt have seen a constant procession of operating systems from Microsoft. I, without exception, have been there in the front of the queue doing beta testing, developing software to exploit them; from Win 3.0, to Win3.1, from Win3.1 to NT3.1, etc.

Vista is the only one that I have not touched despite being invited to do development workshop, etc.

Initially I have doubt of my disinterest in this OS. Is it of age? But the more I look at this the more I've realised that it is caused not so much by its lack of technical brilliance but by the anti-consumer thoughts being put into it. It is an Operating System not for the consumer but to control the consumer.

An Operating System should be nothing more than doing what the consumer/owner of that piece of software directs it to do including breaking code where one should not. It should not be a law enforcement agent and much less being uses as a foot soldier of Microsoft to stealthily conquer a targeted empire.

If you disagree with that, then do you believe that WinZip should refuses to ZIP terrorists' contents, or things morally wrong materials? What is morally wrong in one country may be an acceptable culture in another.

This kind of feeling is now being supported more and more once the OS is available to the public and to allow researcher to do detail analysis.

The part that makes me uneasy with this OS is not so much about the Aero or the desktop is completely revamped from previous incarnation requiring new hardware. But all the protection systems that are an integral part of this OS. It makes the IE integration into XP like nothing. Not only to protect digital materials but its own operating system. No software should treat their customer as a thief by all the draconian software protection system - their second generation WGA, called Software Protection Platform.

Bruce Schneier, a well renown cryptographer and a long time doubter of the benefit of DRM has recently reported of view on the DRM issue in the Vista and the problem with this in his blog.

His blog message in part draws on Peter Gutmann's paper "A Cost Analysis of Windows Vista Content Protection".

The kind of things Microsoft tried to protect the "Premium Content" at all cost by controlling the hardware is nothing really new. When PlayStation (version 1) came out, it used CD and everyone knows how easy to copy CD. So Nintendo N64 came out trying to defeat piracy by using cartridge, which is a lot harder to copy. In fact, their Gameboy cartridge has also been pirated and enhanced with 10-in-1, 120-in-1 games cartridge that buying one will guarantee you never have to buy another one for a long time.

So what happen? Did every game console switch to cartridge? No. The end result is that there are plenty of N64 sitting on shops' shelf and fewer and fewer shops carrying the N64.

Another example is the PS/2. IBM wanted to control the MicroChannel bus and anyone want to build add-on board has to pay them royalty. The end result is no one build anything. I guess Microsoft's story may be different but no one should under estimate the power of disruptive technology that can do to the incumbent.

Microsoft should heed this advice:
"The sheer obnoxiousness of Vista's content protection may end up being the biggest incentive to piracy yet created"
Microsoft built its empire on open specification and as Peter said:
"A quarter of a century ago, IBM made the momentous decision to make their PC an open platform by publishing complete hardware details and allowing anyone to compete on the open market. Many small companies, the traditional garage startup, got their start through this. This openness is what created the PC industry, and the reason why most homes (rather than just a few offices, as had been the case until then) have one or more PCs sitting in a corner somewhere. This seems to be a return to the bad old days of 25 years ago when only privileged insiders were able to participate."
This is like waving a red flag in front of the bull by asking hackers to reverse engineer the damn thing and to have fun and then by-passing the mess. There is already report that the DRM inside Vista has been cracked. Hurray for consumers! As Bruce's famous saying goes, "it is like making water not wet". It is a waste of time.

Perhaps Microsoft saw the wonderful power of rootkit of Sony can do to control the consumer, it wants a bit of it and rather than carrying the stigma associated with rootkit, it legitimises its own rootkit but redeveloping their OS.

Perhaps it is time for the Linux camp to come to the forefront as Bruce reports
"Some researchers think that this is the final straw that will drive Windows users to the competition"
And this long time Microsoft supports is considering one such mission to survey the Linux landscape. Since I have lost interest in Vista, someone has to provide me with some queue to line up to satisfy my appetite for new OS.

The other sales pitch Microsoft uses to induce frightened PC users into upgrading to Vista is that is it:
Windows Vista provides better protection for your PC, your personal information, and your family than any previous version of Windows—with new security tools like Windows Defender, anti-spam and phishing filters, and Parental Controls. Automatic backups, Performance Self-Tuning, and built-in diagnostics help you keep your data protected and your PC running smoothly
Well, no doubt there is Windows Defender, etc and other new technology in the mix including the Windows Security model but Windows Security has been the core of Windows since Windows 2000. Microsoft in all those years have never chastised those developers that fail to adopt and to promote heavily the need to adhere to this model in order to protect the users from the attacks. You can search MSDN to see how many articles from year 2000 on LUA (Least Privilege Users Account).

In almost all their security brief on vulnerability, they always say that the attack can only gain the same privilege as the user's login account.

But in these years Microsoft has never spent much money in catching those violators and as result the majority of the users run their Windows with no security by running in Administrative Account. Many of these violators are not your Freeware stuff but big name stuff like Intuit's Quicken.

Why doesn't Microsoft publish a list of non-conforming applications to allow users who are interested in protecting their data to select the right tools? It should be like Bugtraq and I can guarantee you how effective this is in forcing rogue operators to conform.

Then all of a sudden as if Microsoft has the consumer's protection at heart and came out with Vista. If they are so concerned they could have done it in year 2000. Now they do not even report these violators to the Event Log in Vista but instead it introduces the UAC to allow these violators to run smoothly but at harms way. Because no event message is generated, many of these rogue developers would not know!

Oh! By the way, what about the default settings of Vista's firewall?

As for me, Vista can stay on the shop's shelf and WOW in the Microsoft's advertising campaign stands for Wrong Operating Windows in my life. Not until it has been analysed down to the last bit and that I am allowed to turn off things I consider a waste of resource to me, it will not be used and will not be recommended.

Microsoft should never forget about the statement made by the judge in the SonyBMG court case.

No comments:

Blog Archive