[DISCUSS] Critique of article on Microsoft and XP
craig at buchek.com
Tue Oct 1 01:05:59 CDT 2002
[Note that this email is going to the article's author and the SLUUG
DISCUSS list. I'm answering a DISCUSS member's question, but thought I'd
offer my critique to the author as well.]
>> "Windows XP Shows the Direction Microsoft is Going."
> Actually, I found the article to not be all that fair to Microsoft.
> There were several points of misinformation regarding things that
> Microsoft does that are completely justifiable or have valid technical
Jonathan Goldberg queried:
> Defenses of Microsoft are not common on this list. Would you go into
> more detail about what the problems with the piece are? I've been
> stewing over this, and feel underinformed.
Well, I hate to go read the whole article again. But I suppose I need to
back up what I've said. Note that I *do* agree with most of the gist of
the article. I just don't care for the tone in which it is presented, and
don't find it to be all that technically fair and accurate. So I don't
think it is that effective in what it tries to accomplish.
Disclaimers: I hold an MCSE (NT 4.0), Novell CNE, 2 Linux certifications,
and some others. (Google for my resume if you're that interested.) I've
worked with Microsoft products, but I prefer Linux, and use it almost
exclusively at home. I'm Chair of the St. Louis Linux Users Group and on
the board of the St. Louis UNIX Users Group. I've never used Windows XP,
because I dislike the EULA, but I think Windows 2000 is a pretty good OS.
"Microsoft Media Player (Tells Microsoft the music you like.)"
Lots of non-Microsoft CD player programs report to a web site what CD you
are listening to. There's really no way to ask for the info about the CD
you are listening to from one of the online CD databases without somehow
telling the database which CD you want the info for.
"Microsoft Office keeps a number in each file you create that identifies
your computer. Microsoft has never said why."
The GUID (Globally Unique Identifier) is unique to each system in order to
have every object in a networked application to have a unique ID. Unique
IDs are required to distinguish one object from another, and in order to
locate them. Not all applications store the GUIDs in their files, but it's
the lazy way out, and most Microsoft programs do.
"Microsoft mouse software has reduced functionality until you let it
connect to Microsoft computers."
Logitech mouse software has similar problems. (At least the last one I
bought.) You have to use the software supplied on the disk in the box to
get full functionality -- you can't download it. I've never figured out
why. It really sucked when I bought a mouse that was missing the disk.
"Microsoft has a history of using bug fixes and security fixes to change
the operating system settings."
That annoys the heck out of me too. But technically, you can get hot-fixes
from Microsoft to patch the bugs and vulnerabilities. But the service
packs are much more convenient.
"It also seems possible that there is a connection between the huge number
of bugs and the U.S. government's friendly treatment of Microsoft's
law-breaking [usdoj.gov]. The U.S. government's CIA and FBI and NSA
departments spy on the entire world, and unpatched vulnerabilities in
Microsoft software help spies."
That's a pretty irresponsible thing to say without any evidence. The DOJ
was aggressively pursuing the case until the Bush administration came in.
The Republicans are known for being more pro-business, so it was no
surprise that the DOJ became less aggressive when they gained control.
"Deliberately designed to crash.... Windows 95, Windows 98, and Windows ME
... were designed in such a way that it was inevitable that they would
It wasn't a deliberate design, it's a design limitation. No matter what
you are doing on what OS, eventually you are going to run out of
resources. There have to be arbitrary limits -- every OS has arbitrary
limits on various resources. Microsoft chose poor limits that look
unreasonable on today's hardware. The same thing happened in DOS with the
640K limit. Nobody claims that was a deliberate attempt to limit things --
it was merely a poorly chosen hard limit and a lack of foresight of future
"Windows XP becomes shaky when enough programs are loaded that all of the
installed memory is in use."
When you've used up all your physical RAM and start using swap, any OS is
going to perform poorly. My Linux system performs quite poorly when
Mozilla sucks up all the RAM. It often takes many seconds to redraw the
screen when I switch back to another program.
"Windows XP provides no security against an attacker who has physical
access to a machine."
This has nothing to do with the OS. An attacker with physical access can
circumvent security on any OS. It's a moot point, not worth mentioning.
"A product called Locksmith [winternals.com] can change the Administrator
password on any Windows XP, Windows 2000, or Windows NT system."
In fact, Linux makes it even easier -- just boot to the rescue disk.
"There is a fundamental security flaw in all Windows operating systems."
The Shatter Attack is controversial. Yes, it technically can be used to
escalate privileges on a machine. But it does not appear that it can be
scripted in any way. The only way I can tell that you could get it to work
is by having administrative privileges on an identically-configured
(hardware and software) system. It does not appear that the problem can be
fixed -- it is a fundamental design problem. Although the actual exploit
may depend on a buffer overflow in the implementation.
"Microsoft can control the user's computer without notice and whenever it
That's always been the case. See the article "Reflections on Trusting
Trust" by Ken Thompson (http://www.acm.org/classics/sep95/), where it is
demonstrated that the OS (and compiler) can always do whatever they want,
even if you have the source code. The only difference now is that
Microsoft can dynamically change the logic via the Internet to change how
it controls your PC. But the whole concept of an OS is to control the
computer at all times so you don't have to notice it.
"It has been estimated that the cost to U.S. businesses for only four
Windows-based infections, Nimda, Code Red, SirCam and Love Bug, was about
$13 billion. These infections were possible because of the unusually poor
security design of Microsoft Windows. No other operating system has had
First of all, these numbers are always wildly inflated. They assume that
the folks working on fixing the problem wouldn't have otherwise been paid,
and those whose systems were effected were unable to do anything else
while their systems were being fixed.
As I've stated many times, it isn't usually a poor Microsoft design that
causes problems, but a poor implementation. Windows NT (and 2000) actually
has a really good underlying security system. Unfortunately, the
higher-level implementation doesn't take very good advantage of it and
makes many mistakes.
Other OSes have had such vulnerabilities. They just haven't had their day,
and the lower market share of the others tends to make worms spread less
effectively. Users of other OSes are also generally more experienced, and
patch their systems more quickly.
"Microsoft is the computer industry's top contributor of political money"
Using this logic, Microsoft wasn't so bad a couple of years ago. Until
recently, Microsoft stayed largely out of the political arena. They got
burned when some of their competitors used their political clout against
"Support for Microsoft products may be affected by ongoing legal
All large companies have legal issues pending. I don't see how that
effects their products. The company isn't going to disappear. If anything,
the legal cases are likely to be advantageous to Microsoft's customers.
"In summary, Microsoft was found by the courts to have broken the law.
[...] Companies may want to evaluate the possible future problems in
partnering with, and being dependent on, a company that has broken the
It's unlikely that you'll find any large company you do business with that
hasn't broken the law in some way. Anyway, it's better to be a customer of
such a company than a stock-holder, employee, or lender.
"you may not use the Product to permit any Device to use, access, display,
or run other executable software residing on the Workstation Computer, nor
may you permit any Device to use, access, display, or run the Product or
Product's user interface, unless the Device has a separate license for the
This clause in Microsoft's license isn't all that unreasonable. Otherwise,
you could buy 1 Windows license for a bunch of people, run Windows on 1
PC, and then have a bunch of people run the programs on that PC but show
the programs on their own PCs.
"The registry file is a single very vulnerable point at which failure can
occur. Microsoft apparently designed it this way to provide copy
protection. Since most entries in the registry are poorly documented or
not documented, the registry effectively prevents control by the user."
There are plenty of "single" points of failure in any OS. The registry
isn't a bad idea. In fact, GNOME now has a small registry, and I believe
the MacOS X property lists are similar. It's just the way that Microsoft
implemented the registry wasn't all that great. The hierarchy is poorly
defined (there are lots of examples of Microsoft programs using it in
incompatible ways). And the possbility of corruption is inexcusable, given
modern database technology. But a registry is a much better solution than
a bunch of disparate config and INI files, all with different formats. I
don't know that preventing programs from being transferred to other
systems was a goal of the registry -- that can be accomplished just as
easily by keeping configuration and other files in system locations.
"Using a program called xcopy32.exe, which is supplied, Windows 98 can
copy all of its files to another, blank hard drive."
Nobody in their right mind would use XCOPY to back up their system.
"Microsoft Windows XP is crippled. It is designed to be unable to copy
some of its own operating system files."
Almost all OSes prevent copying files that are currently being written to.
Windows happens to leave several system files open for writing, so you
can't copy them via normal system calls.
"There is absolutely no need for Microsoft's Passport."
Actually, there is a high demand for something like Passport to provide
authentication services on the Internet. Passport is horrible, but it has
more advantages than just storing passwords. There are several competing
standards in the works.
"Palladium gives Microsoft the ability to prevent users from seeing their
own documents and data."
While Digital Restrictions Management is a terrible thing, it is unlikely
that they'll ever get away with keeping you from accessing your own files.
Generally the way it works is that the file has to have a watermark to
fall under the DRM restrictions. You wouldn't watermark your own files,
and if you did, you would get to decide how to restrict them.
"Microsoft Windows XP has reduced functionality."
Every upgrade to every program is going to have some regression problems,
where it performs worse in some border cases than the previous version.
And in big upgrades (or merged programs in the case of XP) there will be
some esoteric functionality removed that a few people will miss. Look at
MacOS X. There are a ton of things that are missing from MacOS 9.
Then the author goes into excruciating detail nit-picking about some minor
bugs. Every system as big as Windows is going to have tons of such bugs.
"Many people think the Windows XP user interface is poorly designed."
Many people think the Linux UI is poorly designed, even most Linux
experts. In fact, the XP GUI is quite good in many respects. Personally, I
think Windows 2000 had the best Windows GUI -- it's nice and crisp and
conservative. Of all OSes I've used, NeXTSTEP had the best GUI. MacOS X
(the current incarnation of NeXTSTEP) is good, but not as solid as the
original. Windows GUIs have generally improved over time, but the subtle
differences between similar versions are extremely annoying. (Things like
accessing the Network settings in 95, 98, NT 4, and 2000.)
"Microsoft is widely disliked."
So? I'm not sure how that should effect *my* decisions. A lot of people
don't like Ford, but that's not goint to keep me from buying a Ford
"in Windows XP, menus are sometimes 7 levels deep"
Lots of programs have poorly designed menus. There are a bunch of things
that are deeply nested in other products. (Unfortunately the only good
examples I can think of off the top of my head are Outlook, Word, and IE.
I'm sure FrameMaker has some good examples -- I just haven't used it
There are a lot of other small things in the article that I found to be
inaccurate or misleading. For example, it wasn't disclosed that ProComp is
made up mostly of Microsoft's competitors. And I've never heard of Brian
Livingston, "who is perhaps the best-known computer industry columnist",
even though I read a ton of industry articles.
For the article to be effective, I think it needs to be more even-handed.
And I don't believe the author when he claims not to be anti-Microsoft. If
so, he would likely have been more forth-coming in problems that
Microsoft's competition shares with them.
Personally, I find that people respect my opinions on Linux, etc. *more*
because I obviously know Microsoft ("the competition") very well and am
willing to point out the problems with Linux and the good points of
Windows. I gain a lot of points by being objective as possible, and
conceding that everything has its down sides.
All OSes suck. Linux just sucks less.
St. Louis Unix Users Group - http://www.sluug.org/
To unsubscribe from the SLUUG discussion mailing list, send a message to
discuss-request at sluug.org with the word 'unsubscribe' as the body
More information about the Discuss