the continual updates

Is there another system that has less problems?

os x

OS/2 :scared:

Dos 4.0

Ahhhhh...just in time for the next a new experience!! Coming the fall, maybe.

I'm running the Windows 7 RC and I like it except for a few minor bugs.

the continual updates

Is there another system that has less problems?

os x

Um, except for that part where OS X is constantly auto-updating as well, right?

So far this year, I've had to reboot my Mac due to updates more than I have my Vista desktop. Bad criteria for comparing OSes.

Just sayin'.

Windows Me

:duck:

I'm running the Windows 7 RC and I like it except for a few minor bugs.I've been thinking about upgrading. Do Vista device drivers still work in 7? There are a couple of Vista-specific hardware devices on my laptop that I don't want to suddenly not work.

Um, except for that part where OS X is constantly auto-updating as well, right?

So far this year, I've had to reboot my Mac due to updates more than I have my Vista desktop. Bad criteria for comparing OSes.

Just sayin'.

Haven't rebooted my Mac in months.

Just sayin'.

Windows Me

:duck:

Ducking stawberries won't get you out of that one, we'll aim better.
really.........lol:p

I'm running Fedora 10, on another machine. seems great.

Haven't rebooted my Mac in months.

Just sayin'.

Then you haven't installed the updates. Just in the past month I've had two updates that needed reboots.

Just sayin' (http://www.computerworld.com/s/article/9136311/Apple_patches_18_Mac_vulnerabilities_ships_OS_X_10 .5.8). ;)

I'm running Fedora 10, on another machine. seems great.

Fedora is a great (and under-rated) distro.

Just something to remember: complaining about updates isn't going to stop them from coming, and every OS has them. The OS with the fewest reboots would be BSD, with possibly Linux as a close second. OS X and Windows, however, get plenty of updates that require a restart. That's neither good nor bad, it just is.

I've been thinking about upgrading. Do Vista device drivers still work in 7? There are a couple of Vista-specific hardware devices on my laptop that I don't want to suddenly not work.

The majority of Vista drivers will work with Windows 7. I've used a few with zero problems.

I'm running Fedora 10, on another machine. seems great.

I'm dual booting Ubuntu but have serious issues with a USB headphones. Sadly, Ubuntu is, yet again, on the back burner.

Any USB issues with Fedora?

Plug-And-Probably-Play seems to be the main issues preventing these other O/S gaining popularity.

z/OS.

Windows XP Pro 64bit SP2 - with NO updates at all. I'm very careful with my security products and web browsing though.

CP/M


ETA:

Windows XP Pro 64bit SP2 - with NO updates at all. I'm very careful with my security products and web browsing though.


Well, if we're being serious, this would be my pick also.

God I miss the time when we had to do all our patching manually. Damn Microsoft and their auto-update feature!

God I miss the time when we had to do all our patching manually. Damn Microsoft and their auto-update feature!

If it were only so for most computer owners. The trouble is, it's not, and those who manage to use enough skill to avoid the updates soon have lots of phantom processes running on their computers, spewing out ack requests and spam far and wide. Hell, even back in the wooly olden times when a Vax was a Vax, the people who's jobs it was to keep a system up to date failed to do it. Then today your asking every other Grandma out there to be knowledgeable about virii and malware. It's just incredible.

And it isn't just Windows; UNIX/LINUX variants and Macs are just as vulnerable, just not as plentiful, so the trashers get more bang for their buck attacking Windows.

Then again, it is easily possible for you to do all your Windows updates manually, if you choose to do so. Have at it.

Windows XP Pro 64bit SP2 - with NO updates at all. I'm very careful with my security products and web browsing though.

I bet you are. Nothing will help you if some bright script kiddie manages to get past your firewalls and finds an unplugged hole; virus and malware scanners will be flatfooted. Without those holes patched you'd best not go out onto any iffy site (like porn or warez sites) or any site which has weak enough security to be tampered with (How are you going to tell?). I guess that limits you to jref and Microsoft (don't date misspell it!!), if you think you can trust the latter. And don't click on any email that the sender hasn't called you up on the phone to announce beforehand.

Why, pray tell, are you using SP2, but no other updates? Were the updates that made it into SP2 magically correct, while others aren't? Well, anyway, good luck. Since I used Windows XP Pro SP2 with updates, I'm in the same upgrade boat you are - pretty soon the buzzards are going to start circling us both.

the continual updates

Is there another system that has less problems?

All software of a significant complexity has bugs. It's just a given. You don't have to get the updates to fix the bugs, you can just turn updates off.

z/OS.
http://en.wikipedia.org/wiki/Hercules_emulator :)

Vista works fine for me--but I subscribe to PC World and like tinkering with my PC (which I would have to do with any Linux distro or Mac anyway).

I'll be getting a new laptop for my wife (she's on XP currently) when Windows 7 comes out, and I'm sure that will work fine too.

I find those that complain about OS's aren't willing to work on any other OS to make it worth their while. Better to learn a bit of MS's quirks and fixes. In this age of google there's no excuse for not being able to tweak Vista to your liking.

Why hasn't anybody said Ubuntu yet? :p
I hear Fedora's good too, as somebody has said above. Yes, there are updates, but they say what they're for and you can cherry pick them, or not have any at all.

ETA: Oh, I see a missed Ubuntu reference. Well, it suits my needs when OS X doesn't.

Vista works fine for me--but I subscribe to PC World and like tinkering with my PC (which I would have to do with any Linux distro or Mac anyway).

I'll be getting a new laptop for my wife (she's on XP currently) when Windows 7 comes out, and I'm sure that will work fine too.

I find those that complain about OS's aren't willing to work on any other OS to make it worth their while. Better to learn a bit of MS's quirks and fixes. In this age of google there's no excuse for not being able to tweak Vista to your liking.

My wifes experience of Vista on her laptop has been abysmal. It appears to be mainly due to random parts of the OS thrashing the hard disk so that performance is pathetic.

Why hasn't anybody said Ubuntu yet? :p
I hear Fedora's good too, as somebody has said above. Yes, there are updates, but they say what they're for and you can cherry pick them, or not have any at all.

ETA: Oh, I see a missed Ubuntu reference. Well, it suits my needs when OS X doesn't.

Ubuntu is OK, but there's always one or two things that makes me reinstall Windows every time. When the time I need to spend tweaking one OS exceeds the time I need to spend tweaking Windows I tend to default to windows.

My wifes experience of Vista on her laptop has been abysmal. It appears to be mainly due to random parts of the OS thrashing the hard disk so that performance is pathetic.

Turn off the Superfetch and Indexing services. Google how to do it if you don't know how. That will probably stop any thrashing of the hard disk.

Windows XP Pro 64bit SP2 - with NO updates at all. I'm very careful with my security products and web browsing though.




<snip for brevity>.


I bet you are. Nothing will help you if some bright script kiddie manages to get past your firewalls and finds an unplugged hole; virus and malware scanners will be flatfooted. Without those holes patched you'd best not go out onto any iffy site (like porn or warez sites) or any site which has weak enough security to be tampered with (How are you going to tell?). I guess that limits you to jref and Microsoft (don't date misspell it!!), if you think you can trust the latter. And don't click on any email that the sender hasn't called you up on the phone to announce beforehand.

Why, pray tell, are you using SP2, but no other updates? Were the updates that made it into SP2 magically correct, while others aren't? Well, anyway, good luck. Since I used Windows XP Pro SP2 with updates, I'm in the same upgrade boat you are - pretty soon the buzzards are going to start circling us both.


Oops. I've just realised my own initial response to this was incomplete. I meant to say that Windows XP Pro 64 bit was my OS of choice, but I always make sure all the patches and updates are incorporated.

I'm also unable to see any advantage in stopping at SP2.


Cheers,

Dave

the continual updates

Is there another system that has less problems?


Why don't you just disable automatic updates?

Well, every OS needs updates and fixes from time to time. Simply because stuff evolves, and bugs show up. Better safe than sorry.

Everybody should use the OS that gets his/her work done in a way the user feels it easiest to do. However, define "tweaking". I mean, what does someone on Linux have to tweak more than on Windows, or OS-X, to make it work? Most hardware nowdays works just fine on Linux, so not much tweaking needed there. Yes, there will always be certain cases where a certain piece of hardware won't work out of the box. But i wont call that tweaking, but rather installing.

Oh, and just recently a friend of mine decided to sell his Yamaha Audio-Mixer Desk, which used to have an USB/Midi connection, simply because the manufacturer decided to stop development of new drivers, rendering that piece of hardware unusable under anything newer than Windows XP. So, such things can happen on virtually any platform.

However, it's no myth that Linux or OS-X are more secure when it comes to malware. There simply isn't that much of these nasty things for them. So, for anything that uses the internet, i would recommend to use it instead of Windows. And hey, you can have Linux and Windows running at the very same time. Simply use Virtual Box (http://www.virtualbox.org/) on a Linux host and run a Windows inside it. Admitted, you won't get the super-duper performance when it comes to games. But for anything else that is just fine. And you can have it seamless, that means the Windows stuff doesn't run in a separate window, but the Windows applications and taskbar appear seamless on the desktop, making it look as if they were native apps.

That way you can have the best of both worlds and have a relatively secure system.

But in any case, use what suits your needs.

Greetings,

Chris

However, define "tweaking".

From wikipedia: Tweaking refers to fine-tuning or adjusting a complex system, usually an electronic device. Tweaks are any small modifications intended to improve a system.

I mean, what does someone on Linux have to tweak more than on Windows, or OS-X, to make it work? Most hardware nowdays works just fine on Linux, so not much tweaking needed there.

Working fine, and optimised, are two different things. Garmin products do not really work that well with Linux, and after tinkering for a long while I uninstalled Ubuntu and reinstalled Windows. At this point the Linux enthusiast will chime in with "why didn't you try [whatever freeware is favorite]". Bottom line is, I don't have the time to tinker anymore. I need to install something and have it work, and Windows--specifically Vista at the moment--does just that.

As far as security goes, rudimentary knowledge of internet surfing dos and don'ts protects folks just fine.

Vista isn't perfect, and I've had some not so fun times with it. And I love the open source software that's so easy to get with Linux. However, most of the free stuff I love from Linux is available for Windows, and Windows supports software and hardware that Linux does not without jumping through hoops and settling for sub-par performance.

I tried Ubuntu a while back and could not for the life of me get the wireless card to work. That was a deal breaker so I just wiped the partition and was through with Ubuntu. I've never had any sort of problem like this on Windows. On the rare occasion that it doesn't automatically install the driver, it's as simple as downloading and running it, five minutes tops. And this is on Windows 7, which isn't even out yet.

Amiga Workbench 3.1

Turn off the Superfetch and Indexing services. Google how to do it if you don't know how. That will probably stop any thrashing of the hard disk.

I have done that about a year ago, the current culprit seems to be lsass, IIRC.

Seriously guys - automatic updates are A Good Thing. Bad people are continually looking for ways to exploit operating systems. Fortunately, so are good people. When the bad people find a security hole, they write an exploit. When the good people find one, they write a patch. Regular patching is good, and it is important.

For me, my main problem with Vista is that my laptop bluescreens and reboots shortly after waking from hibernation. I've tried about nine different solutions to the problem but none of them have resolved the problem. Meh - it happens. I expect it now and can live with it. No other problems whatsoever.

Seriously guys - automatic updates are A Good Thing. Bad people are continually looking for ways to exploit operating systems. Fortunately, so are good people. When the bad people find a security hole, they write an exploit. When the good people find one, they write a patch. Regular patching is good, and it is important.


Agreed, it is important, tho I use linux on a dual boot, vista is there for if I happen to need to test something in IE etc, and do so a couple of times a week.

I must say, the most annoying thing tho with the patch/update process on windows/vista is the need to reboot :( I usually go to reboot into vista, it starts up, applies patches then has to reboot, applying patches as it shuts down as well :( it's vicious timewaster for me :(

I normally tell it not to reboot, and instead shut it down when I go to bed.

And the best bit is...Most MAC users have a shedload of viruses...and don't even know it...

DB

Ubuntu... Where shall I begin ?

I have tried to use the video player with the proper codec. Skipping frames. Not a good watch (quite bad actually)

I have installed VLC. Same things. It even decided to install some decoder on its own.

Switched back to XP. Installed XP codec pack. Perfect watch with the same MKV file.

So... While I appreciate ubuntu for many reason, mostly programming, file server , and torrent related, the day it is able to simply play a mkv video without skipping is the day I will recommend it. The way it is now, I would not dare recommend it to anybody.

And don't get me on the hassle of updating firefox for the newest version...

To the OP : use windows XP sp3. Really.

I should say, however, that I have a PC running Vista that is reasonably powerful (not high end by any means, just an E4400 cpu, and it runs perfectly (with 4gb RAM). Starts up very quickly, as well.

Currently it is csrss.exe that is doing all the i/o on my wifes laptop.

Upgrade to XP.

:ducks:

The reviews of Windows 7 suggest that it's probably going to be a good idea to upgrade in October when it's officially available.

I should say, however, that I have a PC running Vista that is reasonably powerful (not high end by any means, just an E4400 cpu, and it runs perfectly (with 4gb RAM). Starts up very quickly, as well.

This is my experience too. It seems Vista loves the RAM. I've got 3gb in a pretty ordinary Dell laptop and it runs like a dream. Fast to boot, fast to load up pretty much any program and fairly stable (the odd Windows Explorer crash).

Seems that 7 will run with less resource overhead too, which will be the first time that's happened in OS evolution I reckon.

This is my experience too. It seems Vista loves the RAM. I've got 3gb in a pretty ordinary Dell laptop and it runs like a dream. Fast to boot, fast to load up pretty much any program and fairly stable (the odd Windows Explorer crash).

Seems that 7 will run with less resource overhead too, which will be the first time that's happened in OS evolution I reckon.

Snow Leopard will get there first.

A month is still a month, after all.

Snow Leopard will get there first.

A month is still a month, after all.

And it's supposed to run with lower resource overhead? Color me the color of skeptical.

Heh, ironically the little bouncing icon for my auto-update just came up:The 10.5.8 Update is recommended for all users running Mac OS X Leopard and includes general operating system fixes that enhance the stability, compatibility and security of your Mac, as well as specific fixes for:
compatibility and reliability issues when joining AirPort networks.
an issue that could cause some monitor resolutions to no longer appear in Displays System Preferences.
issues that may affect Bluetooth reliability.

And just for good measure, at the bottom of the details window:Mac OS X Update: Downloaded

Restart will be required.

I do believe this makes twice so far this month for me.

And it's supposed to run with lower resource overhead? Color me the color of skeptical.

Snow Leopard is supposed to be smaller than Leopard in terms of footprint. It releases September, Win 7 releases October. Apple beats MS yet again.

Snow Leopard is supposed to be smaller than Leopard in terms of footprint. It releases September, Win 7 releases October. Apple beats MS yet again.

You seem to not understand what was meant with the earlier poster's comment about less resource use.

That's okay, Obvious Troll. I forgive you.

I've been running Windows 7 for free for like seven months. How long has Apple been letting people use Snow Leopard for free? Oh wait...

You seem to not understand what was meant with the earlier poster's comment about less resource use.

That's okay, Obvious Troll. I forgive you.

Take a chill pill. I was poking fun (see: satire) at the rivalry between Mac and PCs. Hence the 1-month-better joke.

Oh, and by smaller resources, I meant by dropping footprints. Both Windows 7 and Snow Leopard are drops from their respective predecessors. I don't know how you get "OS X is smaller than Windows" out of that.

It's like the Spectrum/C64 wars all over again... ahhh, the nostalgia...

Take a chill pill. I was poking fun (see: satire) at the rivalry between Mac and PCs. Hence the 1-month-better joke.

Oh, and by smaller resources, I meant by dropping footprints. Both Windows 7 and Snow Leopard are drops from their respective predecessors. I don't know how you get "OS X is smaller than Windows" out of that.

Resources != footprint. You conflated the two.

I'll be very happy if Snow Leopard comes in with lower resource requirements than Leopard. I'll be happy to stick it on my MBP. Since I've already tested the resource usage and general performance of Windows 7, there isn't any doubt I'll be putting it on my desktop (and Bootcamped partition) in October. I've had no such opportunity to test Snow Leopard, so chances are likely Win 7 will see my MBP before the next OS X does.

It's like the Spectrum/C64 wars all over again... ahhh, the nostalgia...

Amiga FTW!

Amiga FTW!

Still got my A4000 in the loft!

Been reading all the posts and thanks for all the advice.

It seems there is no such thing as a perfect OS so I guess I'll have to live with that fact.

I notice that many of the updates are security patches and I would be reluctant to turn them off. I post here so seldom that I had forgotten it until I got another update notice.

My specific issue is that one of the updates knocks Firefox off line, it seems that the Vista firewall doesn't like an operation that Firefox does. I've looked into it a little but changing basic parameters seems fraught with danger if you don't know exactly what you're doing and Windows really doesn't want you to do it.

So... While I appreciate ubuntu for many reason, mostly programming, file server , and torrent related, the day it is able to simply play a mkv video without skipping is the day I will recommend it. The way it is now, I would not dare recommend it to anybody.

And don't get me on the hassle of updating firefox for the newest version...

To the OP : use windows XP sp3. Really.

Vuze is on windows. Just sayin'

I have tried to use the video player with the proper codec. Skipping frames. Not a good watch (quite bad actually)

[snip]

...the day it is able to simply play a mkv video without skipping is the day I will recommend it. The way it is now, I would not dare recommend it to anybody.

Hmm, here i play .mkv files with absolutely no problem. SDTV formats have almost zero CPU load, while HDTV takes about 20%. No skipping, everything plays just fine. The same is true for every video file i came across by now.

Two possibilities: You have not loaded the proper driver for X-Windows. It may be that the autodetection during install failed, and thus you are using a VESA-FB driver. That means no acceleration for playback/drawing and the need for color-space conversion to be done in software.

Another possibility is that your CPU is not running at full speed. Install the "cpufrequtils" package and do a "cpufreq-info" on the command line. With "cpufreq-set" you can manually set the desired speed.

In any case, video playback should be no problem at all, if you have a properly working X-Windows setup using the correct drivers.

And don't get me on the hassle of updating firefox for the newest version...

Never had a problem there as well. Normal security updates come through the package manager, the version update can be installed from the package available on the Firefox homepage, or by adding the proper repository to /etc/apt/sources.list and do it via apt-get.

Greetings,

Chris

God I miss the time when we had to do all our patching manually. Damn Microsoft and their auto-update feature!
If only someone would think it out, it would be better. Open up the Automatic Update dialog.

Why are the scheduling boxes under the Automatic radio button, rather than separate from the buttons? Regardless of whether I pick Automatic, Download only, or Notify only, I still need to specify how often to check. It doesn't make any sense.

Possibly related to this is the fact that Download only doesn't seem to work. I'm never notified of any updates when I have Download only selected. I have to select Automatic to get notified and updated.

~~ Paul

The notification pops up as a tooltip in the bottom right corner. If you happen not to be watching it at the time, you often miss it, and the icon gets auto-hidden. Try going into Customise Notifications and setting the Automatic Update to Always Show.

Having endured Vista I can't wait to get rid of it. I much prefer XP. rightly or wrongly I found it easy to use and less prone to locking up. Like vista does. Linux OS seem to technical for the likes of me. I need a point and click Os not one that requires a brain.

Is Windows 7 as easy as XP to use?

Is Windows 7 as easy as XP to use?

I think it's easier.

Having endured Vista I can't wait to get rid of it. I much prefer XP. rightly or wrongly I found it easy to use and less prone to locking up. Like vista does. Linux OS seem to technical for the likes of me. I need a point and click Os not one that requires a brain.

Is Windows 7 as easy as XP to use?

I've used linux and the Windows7 release candidate through virtualization software, and I've found the former to be similar to vista insomuch as it has much the same user interface layout but with aesthetic improvements and improved overall performance, especially on computers with 1GB of ram or less. I use Vista without any problems at this point simply because I loaded it with 8GB of RAM and I often use about 2/3 of that maximum for my graphics work.

In my experience, Linux is easy to use until you have to install a program manually... in which case it's command lines which.... I've never bbeen good with even on windows...

I am quite satisfied with Windows XP Pro sp3. I haven't had any issues while using it and install updates when they become available. Updates help keep the system protected, so I have no problem with taking the time and rebooting; It's just part of the process.

Resources != footprint. You conflated the two.

I'll be very happy if Snow Leopard comes in with lower resource requirements than Leopard. I'll be happy to stick it on my MBP. Since I've already tested the resource usage and general performance of Windows 7, there isn't any doubt I'll be putting it on my desktop (and Bootcamped partition) in October. I've had no such opportunity to test Snow Leopard, so chances are likely Win 7 will see my MBP before the next OS X does.

PM Me or Terry. All you need is an ADC account and I believe you can get an evaluation copy from Apple. I don't remember the specifics.

Since I only use my mac for audio production, and Apple has a bad history with me of needing to wait for drivers/bugs to be sorted, I won't be upgrading to snow leopard until I see the all clear from other audio engineers.

http://distrowatch.com/

Fedora is a good choice, but I prefer:

http://www.pclinuxos.com/

Ubuntu... Where shall I begin ?

I have tried to use the video player with the proper codec. Skipping frames. Not a good watch (quite bad actually)

I have installed VLC. Same things. It even decided to install some decoder on its own.

Switched back to XP. Installed XP codec pack. Perfect watch with the same MKV file.
To the OP : use windows XP sp3. Really.
As to your video problems, who knows? Works fine for me with VLC on Ubuntu.


the continual updates

Is there another system that has less problems?

Fewer. That's the word you're looking for.

---
Aight.

I agree with people saying go to XP. If you like Windows but don't like rebooting it, XP SP3 is way more stable than Vista. You just have to fork out for a license for it. I have an XP SP3 install and have maybe rebooted once in the last four months due to updates (in fact I postponed it until bed time)

As to your video problems, who knows? Works fine for me with VLC on Ubuntu.


VLC + Windows 7 RC +Core2 U8400 + Intel videochip = still good playback
However it could be bad settings...

I installed Ubuntu a month ago, there are plenty of updates but they can run in the background and there is no need to restart.

I have only tried one mkv file, I ripped a dvd to a 1G file that played without problems.
I still have windows on the other partition for games.

Simply use Virtual Box on a Linux host and run a Windows inside it.

And you can of course do that the opposite way round too ;)

Using Virtual Box, or another similar hardware abstraction layer is also useful for security when using insecure networks like the Internet.

1. Keep a 'vanilla' backup copy of your Virtual Box
2. Use a second copy of that Virtual Box to do all your web surfing
3, If the Virtual Box that you're using gets infected with nasties just delete it and make a new copy of your clean 'vanilla' box.

Easy-peasy! :D

Yes, the main thing Linux has over Windows as far as automatic updates is that you rarely ever have to restart because of an update in Linux - generally the only need to do so is because of a kernel update.

Other than that the usual cultural OS assumptions apply.

Windows Me

:duck:


Ooooh! Now that was uncalled for.

However true.

Virtual machines, like VirtualBox and VMWare, provide a "snapshot" facility where you can save an intermediate state of the machine - such as a "known good" configuration - and revert to it when required. This is much more efficient than keeping a second copy of the virtual machine.

Some even allow a "non-persistent" setting, where any changes made are thrown away when you shut down the virtual machine (in effect, reverting to the snapshot every time). May not be desirable if you want to make bookmarks, though.

Virtual machines, like VirtualBox and VMWare, provide a "snapshot" facility where you can save an intermediate state of the machine - such as a "known good" configuration - and revert to it when required. This is much more efficient than keeping a second copy of the virtual machine.

True enough - but is it as effective?

ETA - in fact the only efficiency with the mechanism you describe is that you have one file rather than two. Not a big saving, unless you prefer to look at it as a 50% saving rather than a saving of a single file.

If you go down this route, applying patches, updates, additional software and re-saving the "known good" configuration as you go there's a risk that by the time you notice an infection it will be too late.

Or if you do the above but save a new "snapshot" each time you could end up with a number of snapshots which then reduces the efficiency somewhat.

Personally I prefer the K.I.S.S. principle

At least if you keep a single, good, vanilla image of your virtual box in it's own completely separate file you know it's always good.

Yes, the main thing Linux has over Windows as far as automatic updates is that you rarely ever have to restart because of an update in Linux - generally the only need to do so is because of a kernel update.

Other than that the usual cultural OS assumptions apply.

7 had improved it. (Same update as for XP,didn't have to reboot)

True enough - but is it as effective?

ETA - in fact the only efficiency with the mechanism you describe is that you have one file rather than two. Not a big saving, unless you prefer to look at it as a 50% saving rather than a saving of a single file.

If you go down this route, applying patches, updates, additional software and re-saving the "known good" configuration as you go there's a risk that by the time you notice an infection it will be too late.

Or if you do the above but save a new "snapshot" each time you could end up with a number of snapshots which then reduces the efficiency somewhat.

Personally I prefer the K.I.S.S. principle

At least if you keep a single, good, vanilla image of your virtual box in it's own completely separate file you know it's always good.

The issues you describe apply to a known-good copy too. When do you update it? What if your last copy contained malware?

As for a 50% savings, these files tend to be very big - multi-gigabyte. With enough software in your VM, it won't even fit in a single layer DVD (4.7 GB). That means that it's a lot of disk space, and takes ages to copy.

As for multiple snapshots, no, it is not terribly inefficient. If you want, you can have a snapshot for each time you install something, and can go back to any snapshot of interest.

It's like system restore - except that the "restore points" cannot get corrupted.

Virtual machines are pretty useless for day-to-day use because they have to emulate hardware. This is especially apparent when it comes to multimedia.

VLC isn't that great either. Windows 7 ships with built-in accelerated codecs for most formats, including all the MPEG-4 variants (xvid, divx, quicktime, h.264, etc). It doesn't support the MKV container, but all you need for that is Haali Media Splitter. I've stopped using anything other than Windows Media Player for video now.

Virtual machines are pretty useless for day-to-day use because they have to emulate hardware. This is especially apparent when it comes to multimedia.

I would imagine there are many people out there, including those who rely on things like Terminal Services and Citrix to earn their daily crust, who would disagree with you.

I doubt it. If anything, they'd agree with me.

It's like system restore - except that the "restore points" cannot get corrupted.

Well, I've only used three or four different types of virtual PC so I don't claim to be an expert, but of the ones I've used the virtual device, including any snapshots, was stored within a single file.

I've yet to come across a file that 'cannot get corrupted'.

I doubt it. If anything, they'd agree with me.

How do you know?

I would imagine there are users out there for whom this technology is the only workable alternative i.e. without it they couldn't do what they need to do and thus virtual machines are, in fact, very useful indeed.

:D

Well, I've only used three or four different types of virtual PC so I don't claim to be an expert, but of the ones I've used the virtual device, including any snapshots, was stored within a single file.

I've yet to come across a file that 'cannot get corrupted'.
System restore points can get "corrupted" in the sense that malware can (and apparently does, sometimes) insert itself into them. This renders system restore points more vulnerable.

System restore points also only contain a subset of the changes to a system.

Snapshots, conversely, are not accessible to the VM; as such, malware can't (in theory at least) modify a snapshot. Further, a snapshot covers all changes to the VM.

Snapshots are stored separately from the base file; they're a description of what has changed between the base file and the snapshot, basically.

In terms of performance, a VM is quite adequate for non-gaming use, such as web browsing or even document editing. We use it at work for build and test environments - and our business is medical imaging. We do not, however, do performance testing on VMs.

All good points very well made and it's also important to remember that malware is not the only potential source of file corruption :)

Debian

All good points very well made and it's also important to remember that malware is not the only potential source of file corruption :)No, there's also bit rot (http://en.wikipedia.org/wiki/Bit_rot).

And the best bit is...Most MAC users have a shedload of viruses...and don't even know it...

DB
?

Please explain or perhaps give an example.

?

Please explain or perhaps give an example.

OS X may not have any viruses in the wild that affect their core system, but they can still be carriers for viruses and pass them around. This happened to me twice when giving someone else some MS Office files or getting such files from them, when they had a Mac and I had a PC. Both times the Office files (Word files both times) came back to me infected after the Mac user had opened and copied them. When told of this and shown the antivirus warning on my computer after catching and cleaning the file, the Mac user said to me, "can't be. Macs don't get viruses."

I have a MacBook Pro now, but I still use antivirus. Viruses are viruses, and will replicate wherever they are made to replicate. More often than not they aren't made to replicate using core system files or processes, but to use 3rd-party or add-on processes, or in user-land and not system-land.

ETA: this is why Snow Leopard ships with malware protection (not unlike Windows Defender) now.

OS X may not have any viruses in the wild that affect their core system, but they can still be carriers for viruses and pass them around. This happened to me twice when giving someone else some MS Office files or getting such files from them, when they had a Mac and I had a PC. Both times the Office files (Word files both times) came back to me infected after the Mac user had opened and copied them. When told of this and shown the antivirus warning on my computer after catching and cleaning the file, the Mac user said to me, "can't be. Macs don't get viruses."

I have a MacBook Pro now, but I still use antivirus. Viruses are viruses, and will replicate wherever they are made to replicate. More often than not they aren't made to replicate using core system files or processes, but to use 3rd-party or add-on processes, or in user-land and not system-land.

ETA: this is why Snow Leopard ships with malware protection (not unlike Windows Defender) now.
That is what I figured, but I just like to make sure. I have an anti-virus software on my Mac because I work between a PC and Mac when creating animations.

Curious, since I get all growly and irate when in the same room as a Mac. Are there viruses which affect Mac software which isn't Microsoft H. Office? Because I can't help thinking that rather than bolt on anti-virus software, not using Microsoft Office in the first place might make more sense?

I'm dual booting Ubuntu but have serious issues with a USB headphones. Sadly, Ubuntu is, yet again, on the back burner.

Any USB issues with Fedora?

Plug-And-Probably-Play seems to be the main issues preventing these other O/S gaining popularity.

havent seen any usb issues with ubuntu, but havent used usb headphones either... good luck.

Regarding BSD, on a laptop, again, good luck getting all the drivers to be happy

Curious, since I get all growly and irate when in the same room as a Mac. Are there viruses which affect Mac software which isn't Microsoft H. Office? Because I can't help thinking that rather than bolt on anti-virus software, not using Microsoft Office in the first place might make more sense?

Moving goalposts aside-- and before you get defensive, I'm referring to the habit of the "Macs don't get viruses" crowd switching from Windows to all Microsoft software when Office macro viruses come up, not you specifically-- yes, there have been other viruses, but they've been relatively small and mostly due to stooges downloading and running what they thought was an app they were getting for free. I believe iWork was one such package that propagated a trojan earlier this year through idiots downloading a pirated copy, for example. So far, though-- and in an interesting parallel to Microsoft-- Safari has seemed to be the easiest to exploit on a Mac.

I once had someone try to tell me that using Linux was the solution to all viruses, trojans, crashes and spam.

I once had someone try to tell me that using Linux was the solution to all viruses, trojans, crashes and spam.

I have tried to tell the chief engineer that linux (openoffice) is the solution to the office getting new MS-office before us and sending out unreadable files.:D

havent seen any usb issues with ubuntu, but havent used usb headphones either... good luck.

Regarding BSD, on a laptop, again, good luck getting all the drivers to be happy

If you're particularly masochistic, you could get OpenSolaris with all hardware and media codecs working on a laptop.

But then, I think even that's easier than BSD...

Curious, since I get all growly and irate when in the same room as a Mac. Are there viruses which affect Mac software which isn't Microsoft H. Office? Because I can't help thinking that rather than bolt on anti-virus software, not using Microsoft Office in the first place might make more sense?

OSX/Inqtana.A, Leap.A .. but yes you are right, dropping outlook, IE etc etc will lower your profile to exploits.

Are we talking virus specifically or social engineering? Symantec and others have made announcements in the past, concerned over mac users thinking they are invulnerable. No system is invulnerable ..

Most of the issues with virus and platforms come about with regard the usage not just the platform, tho *nix based systems (and OSX is BSD based) are inherently more protected at a filesystem level with the permissions system, where Windows has a 'layer' to attempt to provide it. Most windows users are mid to low level users as well.

I use linux, do hosting etc, and have to constantly monitor applications and scripts for whats effectively 'crack' attempts, some successful. I don't see how any platform is protected against it, as mentioned, some systems are just better than others or less targetted as they are not as commonly used, and the demographic of the users is relatively noobish in general.

What I'm saying is, if the anti-virus software targets windows viruses being "carried" by Macs, it would make more sense for Macs to stop being willing carriers.
If anti-virus software is misnamed and is in fact targetting the sort of malicious scripts you are talking about, that's another matter...

anti-virus software is just band-aids for holes in software, rather than fixing the software so these issues in them can't be exploited.

It is not up to other systems to sort out the problems inherent in another operating system, why shouldn't those things be fixed at the Windows end?

My opinion anyway. (and saying that, I run anti-virus software on linux servers for mail destined for windows machines. Ironic really, but there you go.)

anti-virus software is just band-aids for holes in software, rather than fixing the software so these issues in them can't be exploited.

It is not up to other systems to sort out the problems inherent in another operating system, why shouldn't those things be fixed at the Windows end?

My opinion anyway. (and saying that, I run anti-virus software on linux servers for mail destined for windows machines. Ironic really, but there you go.)

That's not ironic. That's being a good neighbor. I do that as well.

No, there's also bit rot (http://en.wikipedia.org/wiki/Bit_rot).

Cosmic Rays. http://en.wikipedia.org/wiki/Cosmic_ray#Effect_on_electronics

anti-virus software is just band-aids for holes in software, rather than fixing the software so these issues in them can't be exploited.

It is not up to other systems to sort out the problems inherent in another operating system, why shouldn't those things be fixed at the Windows end?

My opinion anyway. (and saying that, I run anti-virus software on linux servers for mail destined for windows machines. Ironic really, but there you go.)

"Those things" are fixed, it's called a patch. In theory, systematically patching your software could replace the need of a A/V service, but in practice it's a much better idea to do both.

As for the existence of these bugs, it's highly unrealistic to expect Microsoft to deploy his software absolutely bug free, and this is true for absolutely every consumer software companies of importance in the world. Maybe in the future, more and more of these software will be written using more abstract languages designed to mitigate many of bugs found today, and maybe this will be the end of the A/V industry. But we can't simply blame the software developpers for the current situation, it's just way more complex than that.

The number one cause of the success of malware is user stupidity; the *nix world is ahead of that curve in terms of the barriers to entry to being a stupid user.

Cosmic Rays. http://en.wikipedia.org/wiki/Cosmic_ray#Effect_on_electronicsPhase of the moon: http://catb.org/jargon/html/P/phase-of-the-moon.html

The number one cause of the success of malware is user stupidity; the *nix world is ahead of that curve in terms of the barriers to entry to being a stupid user.To be fair, not everybody can be an expert.

To be fair, not everybody can be an expert.

Also to be fair, *nix does not stop user idiocy entirely. At some point there is a section of the learning curve (pretty early on, I may add) where you're dangerous enough to do some pretty stupid things, even if you have to sudo to do them...

True story, I had to fire a guy after he mistakenly misread a help prompt on a production NFS server and thought "If I type halt, it will end my shell session." while he was technically correct (it sure ended his and everyone's sessions, as well as trash network mounts for 5 major production platforms - outage costing tens of millions in lost revenues) I believe he actually wanted the word "exit."

There is no OS that can completely shield that, and while it may be that *nix can guard against it somewhat from a windows user's perspective, once they learn "sudo" all bets are off.

There is no OS that can completely shield that, and while it may be that *nix can guard against it somewhat from a windows user's perspective, once they learn "sudo" all bets are off.

Yes, but as we all know the command line is likely to induce brain haemorrhages in the average Joe: without the soothing effect of push buttons and menu bars in pastels the lesser mind simply fails to cope.

That alone thins the herd.

http://imgs.xkcd.com/comics/sandwich.png

:D

Snip...
There is no OS that can completely shield that, and while it may be that *nix can guard against it somewhat from a windows user's perspective, once they learn "sudo" all bets are off.

Yes, I reinstalled a couple times after troubleshooting with sudo and unqualified guesswork.:D

Mid-90's I was doing customer support for our 2D/3D application that ran on both Windows and *nix. *nix users could handle shell scripts and command-line intricacies. I had to explain to a Windows user how to double-click.

the continual updates

Is there another system that has less problems?

Windows XP. I'm serious.

http://www.geeksaresexy.net/2009/09/22/operating-systems-venn-diagram/

http://www.geeksaresexy.net/2009/09/22/operating-systems-venn-diagram/

Wow. I agree with that pretty decently (with some obvious caveats, like all three being able to qualify for the middle).

Here's the deal: The better the OS, the more people will use it. The more people that use an OS, the higher in the virus/trojan/worm/anal probe priority list it becomes. So, it's a double-edged sword.

Another thing is that all systems that aren't hugely popular, which is pretty much everything except Mac OS and Windows, are exactly like that old classic car in the garage that people mess with, refurbish and fix up, but rarely ever drive. If you actually want to get somewhere, you've got to go with Windows or Mac OS. Mac OS is like the BMW, in that you don't want to take it just anywhere. Windows is like the Japanese import. Windows XP is like the Honda Accord/Toyota Camry.

I've got several computers, one with Vista and the rest with XP. The XP ones are assaulted on a daily basis, and I've had at least 3 meltdowns on each of them - but luckily managed to get out of it. I've never had a problem with Vista in that area, but I think that has more to do with the fact that I won't let anyone else touch it than Vista itself. It's slow, because there are so many programs in the background challenging you for everything you want to do. It may be a Ferrari for all I know, but it's a Ferrari going through a school zone in a gated community.

The end.

Here's the deal: The better the OS, the more people will use it. The more people that use an OS, the higher in the virus/trojan/worm/anal probe priority list it becomes. .


Windows by design supports the execution of any random executable binaries that wander its way. System files are poorly-protected. There is no clear separation of kernel, system and userspace. Remote executables simply cannot infect a Unix or Unix-type system, because it takes deliberate action by the user to make them executable, and to give them enough permissions to do harm. The Internet runs on Linux servers - lot of prestige in infecting them - and it doesn't happen.

Windows by design supports the execution of any random executable binaries that wander its way. System files are poorly-protected. There is no clear separation of kernel, system and userspace. Remote executables simply cannot infect a Unix or Unix-type system, because it takes deliberate action by the user to make them executable, and to give them enough permissions to do harm. The Internet runs on Linux servers - lot of prestige in infecting them - and it doesn't happen.

Perhaps in XP and earlier. But Vista and 7 have significantly improved security.

System files are poorly-protected.
Untrue. In fact, they're better protected than on any other operating system I can think of. Not only do they have standard permissions granting full access only to administrators, but they also have an integrity system that tries to verify the integrity of system files and prevent changes to them (I say try, because once you've got administrator access, you've got full access to kernel mode, and thus it's technically game over).

There is no clear separation of kernel, system and userspace.
Incorrect. There most certainly is, although it's debatable what relevance this has to anything. It's not like you're going to be replacing parts of Windows (unless you're a Debian nut).

Remote executables simply cannot infect a Unix or Unix-type system, because it takes deliberate action by the user to make them executable, and to give them enough permissions to do harm.
Only partially true. Many of desktop environments have file types that will run without explicitly setting an executable flag, for the sake of user friendliness. These days Windows users tend to get infected when they intentionally run things they actually want to run, which makes the argument less relevant. It's also slightly unrealistic to expect users to manually change the ACLs for every single file they want to run to make them executable. I believe OS X makes the same compromise in the name of user friendliness.

As for permissions, Windows works much the same way as Unixy systems. An executable does not have access to the whole system, it only has access to what you have given it access to (which goes further than most of the Unixy world as well, since on Windows a process can to some extent be given permissions that are more restrictive than the user it is running as

The real advantage many open source systems have is that they have a central repository where one can get software, so there's less need to download arbitrary code from untrusted sources.

Remote executables simply cannot infect a Unix or Unix-type system, because it takes deliberate action by the user to make them executable, and to give them enough permissions to do harm. The Internet runs on Linux servers - lot of prestige in infecting them - and it doesn't happen.
It still happens, and it certainly happened years ago when I used Linux. The net was full of exploits and servers being taken over. "Linux" has improved since then, as has Windows. It's not even really a fair comparison, since the only thing that is going to infect a server is a remote vulnerability, which is a very different scenario from a desktop computer.

The Internet runs on Linux servers - lot of prestige in infecting them - and it doesn't happen.

Is this a joke? It definitely isn't a fact. Linux web servers are the most commonly-exploited machines on the internet.

Is this a joke? It definitely isn't a fact. Linux web servers are the most commonly-exploited machines on the internet.

not to mention it's not exactly true.

The internet runs on a mix of UNIX proper, linux and windows servers. The proportions of which change depending on who you ask.

However, at my company (an industry leader in ecommerce) most of our platforms run on Solaris, some on linux, some on windows. YMMV.

Ps: Linux exploits are rather common due to poor operator use/security etc. But if you want to know how prevalent rooting *nix boxes is, here is a list of root kits searched for in the base install of chkrootkit (GNU/GPL script distributed in many linux repositories):

(Note there are rootkits designed fro SunOS and BSD. Whether they are easy to implement from the hacker's point of view on the internet is not my pervue. There's scripts designed to root any OS, really.)

root@mcp:~# chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not found
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not found
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not found
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not found
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for rootkit HiDrootkit's default files... nothing found
Searching for rootkit t0rn's default files... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for rootkit Lion's default files... nothing found
Searching for rootkit RSHA's default files... nothing found
Searching for rootkit RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while...
/lib/modules/2.6.28-15-generic/volatile/.mounted /lib/init/rw/.ramfs

Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... lo: not promisc and no packet sniffer sockets
eth0: not promisc and no packet sniffer sockets
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted


And rkhunter (similar tool):

root@mcp:~# rkhunter --check
[ Rootkit Hunter version 1.3.2 ]

Checking system commands...

Performing 'strings' command checks
Checking 'strings' command [ OK ]

Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preload file [ Not found ]
Checking LD_LIBRARY_PATH variable [ Not found ]

Performing file properties checks
Checking for prerequisites [ OK ]
/bin/bash [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/cp [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
/bin/dmesg [ OK ]
/bin/echo [ OK ]
/bin/ed [ OK ]
/bin/egrep [ OK ]
/bin/fgrep [ OK ]
/bin/fuser [ OK ]
/bin/grep [ OK ]
/bin/ip [ OK ]
/bin/kill [ OK ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/lsmod [ OK ]
/bin/mktemp [ OK ]
/bin/more [ OK ]
/bin/mount [ OK ]
/bin/mv [ OK ]
/bin/netstat [ OK ]
/bin/ps [ OK ]
/bin/pwd [ OK ]
/bin/readlink [ OK ]
/bin/sed [ OK ]
/bin/sh [ OK ]
/bin/su [ OK ]
/bin/touch [ OK ]
/bin/uname [ OK ]
/bin/which [ OK ]
/bin/dash [ OK ]
/usr/bin/awk [ OK ]
/usr/bin/basename [ OK ]
/usr/bin/chattr [ OK ]
/usr/bin/cut [ OK ]
/usr/bin/diff [ OK ]
/usr/bin/dirname [ OK ]
/usr/bin/dpkg [ OK ]
/usr/bin/dpkg-query [ OK ]
/usr/bin/du [ OK ]
/usr/bin/env [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/GET [ OK ]
/usr/bin/groups [ OK ]
/usr/bin/head [ OK ]
/usr/bin/id [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/last [ OK ]
/usr/bin/lastlog [ OK ]
/usr/bin/ldd [ OK ]
/usr/bin/less [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/lsof [ OK ]
/usr/bin/mail [ OK ]
/usr/bin/md5sum [ OK ]
/usr/bin/mlocate [ OK ]
/usr/bin/newgrp [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/perl [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/rkhunter [ OK ]
/usr/bin/runcon [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/size [ OK ]
/usr/bin/sort [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/strace [ OK ]
/usr/bin/strings [ OK ]
/usr/bin/sudo [ OK ]
/usr/bin/tail [ OK ]
/usr/bin/test [ OK ]
/usr/bin/top [ OK ]
/usr/bin/touch [ OK ]
/usr/bin/tr [ OK ]
/usr/bin/uniq [ OK ]
/usr/bin/users [ OK ]
/usr/bin/vmstat [ OK ]
/usr/bin/w [ OK ]
/usr/bin/watch [ OK ]
/usr/bin/wc [ OK ]
/usr/bin/wget [ OK ]
/usr/bin/whatis [ OK ]
/usr/bin/whereis [ OK ]
/usr/bin/which [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/usr/bin/mawk [ OK ]
/usr/bin/lwp-request [ OK ]
/usr/bin/bsd-mailx [ OK ]
/usr/bin/w.procps [ OK ]
/sbin/depmod [ OK ]
/sbin/ifconfig [ OK ]
/sbin/ifdown [ OK ]
/sbin/ifup [ OK ]
/sbin/init [ OK ]
/sbin/insmod [ OK ]
/sbin/ip [ OK ]
/sbin/lsmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/modprobe [ OK ]
/sbin/rmmod [ OK ]
/sbin/runlevel [ OK ]
/sbin/sulogin [ OK ]
/sbin/sysctl [ OK ]
/sbin/syslogd [ OK ]
/usr/sbin/adduser [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/cron [ OK ]
/usr/sbin/groupadd [ OK ]
/usr/sbin/groupdel [ OK ]
/usr/sbin/groupmod [ OK ]
/usr/sbin/grpck [ OK ]
/usr/sbin/nologin [ OK ]
/usr/sbin/pwck [ OK ]
/usr/sbin/tcpd [ OK ]
/usr/sbin/unhide [ Warning ]
/usr/sbin/useradd [ OK ]
/usr/sbin/userdel [ OK ]
/usr/sbin/usermod [ OK ]
/usr/sbin/vipw [ OK ]
/usr/sbin/unhide-linux26 [ Warning ]

[Press <ENTER> to continue]


Checking for rootkits...

Performing check of known rootkit files and directories
55808 Trojan - Variant A [ Not found ]
ADM Worm [ Not found ]
AjaKit Rootkit [ Not found ]
aPa Kit [ Not found ]
Apache Worm [ Not found ]
Ambient (ark) Rootkit [ Not found ]
Balaur Rootkit [ Not found ]
BeastKit Rootkit [ Not found ]
beX2 Rootkit [ Not found ]
BOBKit Rootkit [ Not found ]
CiNIK Worm (Slapper.B variant) [ Not found ]
Danny-Boy's Abuse Kit [ Not found ]
Devil RootKit [ Not found ]
Dica-Kit Rootkit [ Not found ]
Dreams Rootkit [ Not found ]
Duarawkz Rootkit [ Not found ]
Enye LKM [ Not found ]
Flea Linux Rootkit [ Not found ]
FreeBSD Rootkit [ Not found ]
****`it Rootkit [ Not found ]
GasKit Rootkit [ Not found ]
Heroin LKM [ Not found ]
HjC Kit [ Not found ]
ignoKit Rootkit [ Not found ]
ImperalsS-FBRK Rootkit [ Not found ]
Irix Rootkit [ Not found ]
Kitko Rootkit [ Not found ]
Knark Rootkit [ Not found ]
Li0n Worm [ Not found ]
Lockit / LJK2 Rootkit [ Not found ]
Mood-NT Rootkit [ Not found ]
MRK Rootkit [ Not found ]
Ni0 Rootkit [ Not found ]
Ohhara Rootkit [ Not found ]
Optic Kit (Tux) Worm [ Not found ]
Oz Rootkit [ Not found ]
Phalanx Rootkit [ Not found ]
Phalanx Rootkit (strings) [ Not found ]
Portacelo Rootkit [ Not found ]
R3dstorm Toolkit [ Not found ]
RH-Sharpe's Rootkit [ Not found ]
RSHA's Rootkit [ Not found ]
Scalper Worm [ Not found ]
Sebek LKM [ Not found ]
Shutdown Rootkit [ Not found ]
SHV4 Rootkit [ Not found ]
SHV5 Rootkit [ Not found ]
Sin Rootkit [ Not found ]
Slapper Worm [ Not found ]
Sneakin Rootkit [ Not found ]
Suckit Rootkit [ Not found ]
SunOS Rootkit [ Not found ]
SunOS / NSDAP Rootkit [ Not found ]
Superkit Rootkit [ Not found ]
TBD (Telnet BackDoor) [ Not found ]
TeLeKiT Rootkit [ Not found ]
T0rn Rootkit [ Not found ]
Trojanit Kit [ Not found ]
Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Not found ]
X-Org SunOS Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]

Performing additional rootkit checks
Suckit Rookit additional checks [ OK ]
Checking for possible rootkit files and directories [ None found ]
Checking for possible rootkit strings [ None found ]

Performing malware checks
Checking running processes for suspicious files [ None found ]
Checking for login backdoors [ None found ]
Checking for suspicious directories [ None found ]
Checking for sniffer log files [ None found ]

Performing Linux specific checks
Checking kernel module commands [ OK ]
Checking kernel module names [ OK ]

[Press <ENTER> to continue]


Checking the network...

Performing check for backdoor ports
Checking for UDP port 2001 [ Not found ]
Checking for TCP port 2006 [ Not found ]
Checking for TCP port 2128 [ Not found ]
Checking for TCP port 14856 [ Not found ]
Checking for TCP port 47107 [ Not found ]
Checking for TCP port 60922 [ Not found ]

Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]

[Press <ENTER> to continue]


Checking the local host...

Performing system boot checks
Checking for local host name [ Found ]
Checking for local startup files [ Found ]
Checking local startup files for malware [ None found ]
Checking system startup files for malware [ None found ]

Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ OK ]

Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Not allowed ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]

Performing filesystem checks
Checking /dev for suspicious file types [ None found ]
Checking for hidden files and directories [ None found ]

[Press <ENTER> to continue]


Checking application versions...

Checking version of Exim MTA [ OK ]
Checking version of GnuPG [ OK ]
Checking version of OpenSSL [ OK ]
Checking version of OpenSSH [ OK ]


System checks summary
=====================

File properties checks...
Files checked: 127
Suspect files: 2

Rootkit checks...
Rootkits checked : 110
Possible rootkits: 0

Applications checks...
Applications checked: 4
Suspect applications: 0

The system checks took: 1 minute and 13 seconds

All results have been written to the logfile (/var/log/rkhunter.log)

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)



ETA: The warnings you see are false positives. mcp has not been infected with a rootkit or malware. I know this because it's not plugged into the internet - it is sequestered to my development network, which has no outside access.

System files are poorly-protected.
Untrue. In fact, they're better protected than on any other operating system I can think of. Not only do they have standard permissions granting full access only to administrators, but they also have an integrity system that tries to verify the integrity of system files and prevent changes to them (I say try, because once you've got administrator access, you've got full access to kernel mode, and thus it's technically game over).

There is no clear separation of kernel, system and userspace.
Incorrect. There most certainly is, although it's debatable what relevance this has to anything. It's not like you're going to be replacing parts of Windows (unless you're a Debian nut).

Remote executables simply cannot infect a Unix or Unix-type system, because it takes deliberate action by the user to make them executable, and to give them enough permissions to do harm.
Only partially true. Many of desktop environments have file types that will run without explicitly setting an executable flag, for the sake of user friendliness. These days Windows users tend to get infected when they intentionally run things they actually want to run, which makes the argument less relevant. It's also slightly unrealistic to expect users to manually change the ACLs for every single file they want to run to make them executable. I believe OS X makes the same compromise in the name of user friendliness.

As for permissions, Windows works much the same way as Unixy systems. An executable does not have access to the whole system, it only has access to what you have given it access to (which goes further than most of the Unixy world as well, since on Windows a process can to some extent be given permissions that are more restrictive than the user it is running as

The real advantage many open source systems have is that they have a central repository where one can get software, so there's less need to download arbitrary code from untrusted sources.

Remote executables simply cannot infect a Unix or Unix-type system, because it takes deliberate action by the user to make them executable, and to give them enough permissions to do harm. The Internet runs on Linux servers - lot of prestige in infecting them - and it doesn't happen.
It still happens, and it certainly happened years ago when I used Linux. The net was full of exploits and servers being taken over. "Linux" has improved since then, as has Windows. It's not even really a fair comparison, since the only thing that is going to infect a server is a remote vulnerability, which is a very different scenario from a desktop computer.


article on rooting OS X:

http://www.phrack.org/issues.html?issue=66&id=16&mode=txt


This is older (targeting 10.4, iirc), but general principles learned may still apply. I haven't poked at 10.5 or 10.6 in this manner.

Just found this surfing XKCD:

http://imgs.xkcd.com/comics/windows_7.png


NOTE FOR MODS ABOUT TO RULE 4 ME: XKCD provides links specifically for hotlinking and the following is explicitely stated by the author:

Can we print xkcd in our magazine/newspaper/other publication?

If it's a not-for-profit publication, you need no permission -- just print them with attribution to xkcd.com. If it's a for-profit operation, I will probably give you permission if you email me to let me know. You can post xkcd in your blog (whether ad-supported or not) with no need to get my permission.


Source. (http://xkcd.com/about/)

I'm pretty sure the mods already know about xkcd's hotlinking policy, but it's good to make sure. :)