Gawker on the Six Delusions of Google’s Arrogant Leaders

But the CEO’s remarks are just the latest in a series of prominent self-righteous statements from Googlers. There have been plenty of similar cases just in the past couple of months alone. It’s worth cataloging them, given Google’s deep relationship with its millions of users, and given that the Mountain View internet company doesn’t seem to be getting any more humble.

While so many are distracted by Google’s shiny “free” objects, it’s good that others keep an eye on what’s going on there.

Advertisements

IT PRO: 80 Percent Of Viruses Love Windows 7.

According to one leading security research lab, Windows 7 is vulnerable to an astonishing 8 out of 10 viruses it was exposed to during testing.

(via itpro.co.uk)

The author questions the test because no anti-virus software was installed, and new viruses were used to test the exposure. He seemed to think this might not be fair, but I strongly disagree.

This was the perfect way to test Microsoft’s claims that Windows 7 was über secure, hard to crack, etc. They’ve been bragging about security for Vista and Windows 7 for years, yet no one has done the obvious: test them on their own.

It should be obvious that anti-virus software masks the underlying operating system’s vulnerabilities. Such a test only shows how good the AV software — not the OS — is at protecting a PC.

What Sophos’ test proves is that MS was full of it regarding the security of Windows 7; that in point of fact an anti-virus solution is absolutely required to secure your system, because the OS itself is as vulnerable as ever.

Run the same test with a BSD, Linux, Mac, or other *nix system and they’ll kick Windows 7’s ass, and with no third-party solution as a band-aid. That’s because they’re already secure, thank you.

Posted via web from The Small Wave.

Thurrott Just Can’t Mention Microsoft Without A Crack About Apple

In a quick blurb on the Windows IT Pro site, Paul Thurrott states that Microsoft is sending a record number of security fixes this month. OK, fine, that’s probably a good piece of information for the “Windows IT Pros” the site is there to serve.

But we also get this little bit:

Although the volume of fixes Microsoft announced is reminiscent of what Mac OS X users face from Apple on a far more haphazard schedule

Sure, Paul. Whatever. You know what? The first commenter on your post is on to something. It seems kind of a “jacka$$” thing to say. I’m not sure how that’s supposed to serve the “Pros” you’re ostensibly speaking to.

The Microsoft Security Redefinition Campaign Rolls Onward.

ms_security.jpg

Just as they did at the 90, 180, and 270-day mark, Microsoft has cherry-picked and juggled statistics to arrive at the conclusion that Vista is more secure than XP, Red Hat, Ubuntu, and Mac OS X. Oh please.

That’s right, UNIX’s legendary reputation for security is all a sham — despite years of empirical evidence to the contrary. Vista is in fact the one, the true, perhaps even the only, truly secure OS. How could we have been so blind? Repent! Convert to Vista now.

In order to pull off this stunning revelation each quarter, Microsoft has to modify what might be considered reasonable measures of security. For example, attacks in the wild don’t play into it at all.

Luckily, some are calling Microsoft on their BS, but this thing will still get far more positive press (basically, just a repeat of Microsoft’s conclusions) than it deserves.

This is just reinforcement (for those who had forgotten) that Microsoft is still the 800-pound gorilla that can throw their weight around wherever they damn well please.

With all of Apple’s latest successes, there have been a few really stupid articles and discussion about how Apple is somehow the new Microsoft, has a monopoly, etc. That’s utter crap. Apple (and Linux) supporters would be well served to remember that they’re still only around 3% of the world’s computing platform. Microsoft still rules over 95%, still gets their press printed with little (or no) critical analysis, and still has the ear of most tech pundits and columnists.

I wrote about the Microsoft Security Redefinition campaign (MSRC) at the 180-day mark; that entire article is every bit as valid today. It appears MS will play this game every quarter, and continue to do so until enough people call them on this nonsense.

Apple’s Thinking Is Just Fine, Thank You.

thinkdifferent.jpg

TechCrunch’s Erick Schonfeld provides an indication of why Business 2.0 went under with a post on Apple that claims Apple is thinking like the phone company and Jobs should “think different.” For any writer to imply the iPhone is something the phone companies would ever have produced is reason enough to ignore the post completely.

It’s yet another post railing against not allowing unlocking or third-party apps apps on the iPhone. Yet, not only does the iPhone break many rules when it comes to the phone companies, Apple’s decision to not allow third-party apps also goes against the grain. After all, third-party apps are touted all the time for Windows Mobile, Palm, etc.

Let’s look at a few ways the iPhone broke the rules:

  • Activate the phone at home.
  • Easily sync contacts, calendars, pictures, media, music, videos, and other stuff easily using Mac or PC.
  • Uses WiFi and EDGE, automatically switches to WiFi when available.
  • Affordable plans that all include unlimited data.
  • Already been updated with new features twice, and obviously there are more coming.

And there are plenty more in just the software alone. My point is that the above, along with their differing views on third-party apps, are enough to make it clear Apple does not think like the phone companies. Not even remotely. How badly must you want to write an Apple screed to dream up such a ridiculous premise and then run with it? Maybe Erick had writers’ bloc, but then it would have been better to just not post that day.

Meanwhile, just as with Wil Shipley’s rant a few days ago, which I commented on, there are people jumping on this bus and leaving critical thinking at the station. Mathew Ingram has bought Schonfeld’s post completely:

“…I think people have grown used to the idea of Apple as a different kind of company — the company that makes things easier to use, not harder; the one that actually cares what people want and tries to give it to them. Was that idea just an illusion?”

Oh brother! So the iPhone is harder to use than other phones now? Just like Schonfeld, Ingram somehow doesn’t see all the phone company rules the iPhone changed, and how it’s actually — if there is such a thing — anti-carrier.

Plenty of people are jumping on this bandwagon. There’s a video on YouTube too pathetic to link to that actually “honors” iPhone hackers with the same monologue as Apple’s Think Different ad campaign. Are you people insane? Have you seen some of these apps that supposedly improve the iPhone? For all the screaming from the dev community about productivity and usefulness, I’ve seen Etch a Sketch, Popcorn Popping, Draw a Pirate Face apps, and similar. Please.

You wanna write apps for the iPhone? Use the web. You think you’re too good to use the web? Sucks to be you. A hack is still a hack. Even the legitimate web apps have a lot more chaff than wheat.

I’ll say this much: When third-party apps are allowed for the iPhone (and they will be eventually), there ought to be some killer apps from the dev community for all the crying they’re doing now. Sadly, I think the first thing we’ll get is Pirate Faces 2.0.

And no, I’m not anti-developer. In fact I have a very high regard for developers, and work with them every single day. Have for years. But that doesn’t mean they can’t pick the wrong fight. I think this is one of those times. I consider it misguided. Crying in your beer solves nothing. This has nothing to do with development, per se, but rather an illogical ranting, lack of patience, and loss of productivity (i.e., a developer railing against the iPhone is not producing something else).

shapeimage_1.pngMeanwhile, regarding “lock-in” with AT&T, why do people act as if this is some egregious thing? Palm just introduced a new “affordable” smartphone that’s exclusive to Sprint. Where is the outrage? They tout it as $99, but that’s only after a $100 mail-in rebate (6-8 weeks), only if you sign up for two years, only if you add a data plan in addition to voice, and only if that data plan is at least $25 a month. Hell, there are so many exceptions to the thing their lawyers needed a keyboard with two asterisks just to type the ad copy!

This new Palm, not the iPhone, represents normal thinking for the phone companies. IPhones were sold at one price (no asterisk needed), with two year plans that included unlimited data at lower rates than most. This was absolutely not thinking like the phone companies!

Most of the tech world knew what a game-changing device the iPhone was when it was introduced. How is it some have become so used to it that they’re either jaded or willing to believe the Telecom/MS pundits (shills?) and Apple-bashers who can’t recognize the future even when they hold it in their hands? They’re ticked off because Apple can’t act as fast as they can think.

Does anyone really think no third-party apps will ever be allowed on the iPhone? That’s just silly. The iPhone runs OS X, Apple is going to open it up. This is why I say the development community lacks patience. When third-parties (beyond web developers) are allowed to write for the iPhone they’ll probably pat themselves on the back for thinking they had a hand in it, but it’s obvious to anyone with a half-dozen brain cells that Apple will allow this in time.

Apple moves a step at a time because the music and cell industries are like huge tankers moving in one direction and it’s damn hard to turn those around. Still, Apple slowly makes progress, turns traditional thinking on its ear, and makes things that nobody saw coming a reality. Try doing that sometime and you’ll see why most people prefer to just sit on the blogging sidelines and complain.

Microsoft Windows security revisited: One reason I’m Macintosh bound.

I wrote about Microsoft’s latest security ploy last month (link at the end of this article). This is a “prequel” to that piece…

For the six years prior to January of this year, these were the perceptions about Microsoft Windows’ security:

1) It is weak.
2) XP SP2 is going to fix it.
3) It is weak.
4) Internet Explorer 7.0 is going to fix it.
5) It is weak.
6) Vista is going to fix it.

Those are simple, but they sum it up well.

Security of Windows began to be exposed when they put it on a network in the days of Windows for Workgroups. The kernel for Windows NT was not written with network security as a priority (Microsoft was not strong in networking, remember the horrid IP stack introduced in WfW?), and since Microsoft was late to the Internet party (another network boat they missed) that priority didn’t change much for Windows 2000 and XP. The result? Over 110,000 virus in the wild — those that actually infected user machines — and malware running rampant. It is absolutely mandatory to run anti-virus and anti-malware/spyware software to protect a Windows machine. No one disputes this.

Microsoft and the IT community have done a good job of brainwashing people to think this is “normal,” and somehow no big deal. Indeed, some Windows users have it so ingrained into their heads they can’t imagine not doing these things, much to the delight of anti-virus vendors. Many IT security professionals and analysts work hard to scare-monger and BS there way around the fact that other OS’s don’t require this kind of “protection” and “maintenance.” Who can blame them? Their very livelihoods depend upon it!

That UNIX (or UNIX-like) systems such as BSD, HP-UX, Linux, Mac OS X, Solaris and others do not require virus and malware protection tools is the biggest proof that Microsoft and IT are full of it. How many UNIX-based viruses in the wild, 700 in perhaps 30 years? Compared to 110,000+ in half that time it seems pretty clear to me. Microsoft apologists lately point to theoretical vulnerabilities or exposures developed in the lab as somehow equating to a bona-fide attack in the wild. Um, no. Only a fool would argue that the risk of attack on a Windows machine on the Internet, even with current anti-virus software, is the same as any of the aforementioned OS’s without anti-virus. The empirical evidence alone is sufficient to remove all credibility from anyone making this argument.

So how did Microsoft combat their security issues? For a long time, they didn’t. As I mentioned, for many years it had no special priority. Regular patches to keep up appearances, but no concerted effort to plug the holes in their leaky OS and Internet browser. Sooner or later, you’d think at least a few people would start to ask questions and demand a bit more. Well, it took years, but that finally did happen.

One reason Windows Longhorn (a.k.a. Vista) was late was that it was delayed for the effort expended by Microsoft on XP Service Pack 2. The infamous SP2 was almost exclusively a security patch, and a very large one at that. Microsoft was going to secure the OS and silence the critics springing up. It added the Windows Firewall, Security control panel, and many behind the scenes changes to help stem the security tide.

Further, Microsoft eventually took IE 6 and worked on it to improve its security. While initially slated for Vista, IE 7.0 was released to XP SP2 as a critical security patch, which tells you just how important Microsoft knew it was!

The problem is, even XP SP2 with IE 7.0 is not on the level of a UNIX-like OS in terms of risk of attack. Microsoft put on a brave face, but also claimed Vista would be much more secure. No big surprise — Microsoft always tells us the next OS will solve the problems of the current one — but what’s funny was Microsoft talking out of both sides of its mouth: “XP is secure, oh but Vista will really be secure.” Huh?

So how did Vista work out? Well, it did give us the vaunted UAC function, which tells you a lot of what you’re doing is “suspicious” so you can cancel or allow it. Like the user will always know! But, hey, if you allow it and your system is harmed, Microsoft is off the hook, which is what UAC was meant to do anyway. My previous article links to an article saying Vista and XP aren’t that different from a risk standpoint, here’s another article that agrees:

“So, what have we got here? An adequately secure version of Windows, finally? I think not. We have got, instead, a slightly more secure version than XP SP2…. The old problems never go away: too many networking services enabled by default; too many owners running their boxes as admins and downloading every bit of malware they can get their hands on. But MS has, in a sense, shifted the responsibility onto users…”

Vista’s already been nailed by the animated cursor bug that had claimed XP. With that one attack it’s had more in the wild in just six months than Mac OS X Tiger has since it was introduced over two years ago!

I’m not saying other OS users do not have to worry about security. That’s nonsense. Quite the contrary, any OS can be attacked, and I noted there have been UNIX attacks. But ultimately it’s about risk assessment. As a matter of cold fact, security is a strong reason to dump Windows and run an OS that doesn’t require third-party apps to help defend against attacks it’s not likely susceptible to in the first place. Put simply, I’m not moving to Mac OS X so I won’t have to worry about security, I’m moving to it because I do worry about security. In any rational risk assessment, Windows loses. The best “anti-virus” software doesn’t come from McAfee or Symantec, it comes from Apple, open source, Sun, etc. in the form of a more secure OS!

The jury is clearly out on Vista’s security, but given early results and Microsoft’s track record of delivering a secure OS, I wouldn’t put my money on it. Clearly, other people are not putting their money on it either, which is why Microsoft had to take another tack in their security propaganda, attempting to redefine how to measure it, which brings us full circle to my previous article

I’m back. A quick look at some events this past week.

Well, I’m back from the “out of town” portion of my vacation. I still have a few days off and some projects planned at home, but I’ll get to blogging as well. For my first post since coming back I’ll highlight some of the stuff that went on while I was gone. This is stuff I may have written complete posts about had I been here.

If you’re wondering why the The Street’s Scott Moritz’ garbage about iPhone production being cut back — and the resulting drop in Apple stock — is not in my list, it’s because it was covered so much elsewhere. Besides, most of the coverage ends with the sentiment that they wonder why Moritz has a job, or why The Street isn’t worried about its reputation. In my opinion the reason is simple: The Street and Moritz are doing exactly what they set out to do. Indeed, it’s difficult to think otherwise when the story had such huge implications but was published on the flimsiest of evidence. I’m sure we’ll see more of this, so get used to it.

OK, on to other stuff that occurred in my absence…

Apple to introduce new iMacs (and new Macs?) on August 7.
A special media event related solely to Macs, not iPods or iPhones. Is this the long-awaited refresh (and remodel) on the iMac line? Sure. Will it also include new versions of iLife and iWork? Maybe. But what else? I’ve seen others talk of a new MacBook Pro line, or at least a MacBook Pro ultra portable.

Personally, I think if Apple wants to knock our socks off — and really see sales spike — it would be with a new “headless” iMac. In other words, expand their computer quadrant to allow a slot between the consumer (iMac) and the professional (Mac Pro) desktop models. If Apple introduces such a machine, and prices it in line with what an expandable consumer machine should cost (something they did not do with the G4 cube), there’s a 100% chance I will buy one that very day.

AT&T and eMusic ink an OTA deal.
Now you can get your obscure music for six times as much! This announcement almost made me laugh when I read it, though it may not be the dumbest mobile music deal that went down this week (see below).

I love music, and I love eMusic. I’ve been a member for a year and a half and get 40 songs a month for $10. For the rocket scientists among you, that’s 25 cents a song. A quarter. Two bits. Yes, it’s all Indie stuff, and most people will not find the music they want here. For me, since I love all kinds of music, I have no issue with this and always seem to find stuff every month. Even so, it’s primarily worth it because each song is only 25 cents. But now, thanks to AT&T and eMusic, I can get those same songs for $1.50 each. This is a deal? I can’t believe any self-respecting eMusic subscriber would go for this at all. And if you’re not a subscriber, then you’re just gonna wonder where all the music is since you can’t find all the hot songs.

Look guys, if you must charge a premium for OTA downloads (not worth it, in my opinion), than make them 50 cents each. $1.50? No.

DOS was stolen. Who knew?
Paterson was foolish to even challenge this. Does this really even need further comment?

Info Week misses again on “eleventh hour” Apple patches for iPhone.
You gotta love Info Week. Apple releases an iPhone update, but IW says it’s really just a quick rush to avoid being slammed at Black Hat. Is there anybody who didn’t know Apple would be slammed at Black Hat regardless? So Apple should now hold off on patches, releasing them only at times when they might take less perceived heat? Oh brother. The only thing that should be held back is Info Week’s Mac coverage.

Thurrott almost impressed with iTunes sales of three billion.
Paul says it’s “big news” (of course) but then as usual knocks Apple for their success. What I really love is his slamming iTunes’ “lousy” 128K AAC format. Paul doesn’t seem to understand that not all 128K encoding formats are created equal. That 128K AAC file is on par with eMusic’s 192K MP3 file.

Oh, and Paul doesn’t “prefer” the AAC format anyway. Well, yes, Paul, I can see where a Microsoft apologist would prefer things stay the same as much as possible, but the fact is AAC was developed as the successor to MP3 (it is, after all, MP4) and has specific advantages over the older format. I’m just glad Paul can “live with” AAC nonetheless.

AC/DC goes the wrong way.
It’s not just the labels with their heads up their ass. Some bands’ skulls are positioned firmly up their rectal cavities as well. If AC/DC got all their money up front, more power to them, and Verizon will be taking a bath. No one, not even the most die-hard AC/DC fan, is going to select his phone and carrier based solely on the availability of 18 albums. And you have to buy them as complete albums! (This bit alone is likely why iTunes would have no part of the deal.) Morons. I buy albums most of the time, but am in the minority. An entire generation is coming up that sees no benefit from an album whatsoever, and who can blame them?

If AC/DC is getting their money as a percentage of sales, then they’re screwed. There won’t be any, boys. Not enough to matter. It’s P2P for you, just like it is now. You shoulda gone with singles as well as albums, and used the guy that’s selling songs at the clip of one BILLION every six months. Smaller piece of a larger pie, and all that.

Microsoft asks Mac users to try iWork instead of Office.
If iWork makes Pages a bit more Word processor friendly (it’s already layout-happy), and adds a decent Spreadsheet module, is there any doubt this will get people to consider a switch? They’d need some decent interoperability, but that shouldn’t be too hard (and even Microsoft never gets it right all the time). While it can be argued Office will benefit very little from being a Universal application, it’s revealing that Microsoft is the last major player to the game if only because it exposes their MBU for what it really is: A shell.

There are many Mac users looking to go Microsoft-free. Office was one of the few bullets left in Microsoft’s Mac gun, why shoot blanks now? Stupid. If you need Office for work, just consider it one of those Windows applications you need Boot Camp for until iWork (or neoOffice) can fill that role.

Mary Jo Foley thinks Windows home server has mass appeal.
Yes, because I know my friends are always asking me about when they can get their own server and setup their own storage networks, file sharing, and print server functionality. They constantly express their desire for a new PC running more Windows software. Something that’s $800, perhaps, that they’ll need to configure, and then try to hide in a corner of a room while training their ears to ignore the sound.

I don’t know who supplies what Mary Jo is smoking, but it must be some good shit. The truth is, Mary Jo, the best home server available today is called the Airport Extreme. Plug it in and set it up as your WiFi and firewall, then plug in a USB disk (or disks), and a USB (or Ethernet) printer, and all of these items are seen on your network (Macs and PCs) without configuration. The thing is tiny, quiet, and inexpensive.

If there is a market in the home for a file/print server, this is it. Microsoft’s mindset that every tech issue requires yet another PC running yet another variant of Windows is part of their problem, and why they can’t come up with solutions anybody really wants.

Enough for now. It’s good to be back.

Microsoft: Building better security through statistics.

Just as it did last quarter, Microsoft’s own security report says Vista is more secure than other operating systems.

In order to pull this off, Microsoft had to redefine how to measure security. In their world it isn’t about actual attacks, but rather a game of statistical juggling.

You know the saying: There are lies, damned lies, and statistics.

Can we get back to reality? What matters are actual attacks in the wild. Was my system compromised (applications act funny, popups from nowhere, lost data, system degraded, crashes)? That’s what users care about. By this obvious measure Windows has always been a virus and malware magnet. There’s no denying this. It’s why antivirus and anti-malware software is a requirement on a Windows system (including Vista). No reputable party disputes this. No wonder Microsoft had to redefine security metrics!

And so began what I’ll call the ‘Microsoft Security Redefinition Campaign’ (MSRC). This was a two-step process:

  • STEP 1: Write off existing Windows viruses as only a symptom of being popular. As if someone with malicious intent seeking machines cares what OS you’re running. If he could hack your system easily, he would. Windows is low hanging fruit because it’s easily exploited. If it was only a numbers game then Mac OS X’s roughly 6% share in the US would translate to 6% of viruses. Mac OS X has nearly 0% in the wild. Microsoft invented this argument solely to wipe the slate clean for comparison to Linux, Mac OS X, and others. It’s like saying “we’ve been readily exploited for years but let’s start over”. Other platforms don’t have to pick starting points from which to attempt to look good.
  • STEP 2: Turn the process of frequently releasing security patches into a statistical calculation. All OS vendors patch their systems, but Microsoft tallies them in their own way, creates some statistics, and then releases it as a “report” that makes them look good by comparison.

Sadly, the MSRC has had some success. Even though Vista’s security is only on par with XP, Microsoft released a 90 day Vista vulnerability report last March. Oooh, a PDF file with graphs, and it says that Linux distros are not doing as well as Microsoft. Neither is Apple. Amazing. Countering everything known about UNIX security, as well as demonstrable, empirical evidence of precious few Linux/Mac users getting attacked in the wild, Microsoft implies that UNIX systems are somehow less secure. Nonsense!

But the press bought it, especially to use as a gloating response to Mac users allegedly claiming they don’t worry about security. (If I had a cent for every article that began “Mac users should worry about security after all…” I’d have more money than the multi-billion dollar antivirus industry Windows sustains.) Apple users do not claim they don’t worry about security; they do claim they don’t worry about the 110,000+ known viruses on Windows PCs, which is absolutely true. But since step one of the MSRC attempts to wipe those viruses off the board, Windows apologists pretend they’re not relevant.

The MSRC Bus Tour 2007 is again in full swing, and coming to a town near you. They just released a Vista six-month vulnerability report. More graphs and (surprise!) UNIX bashing.

Luckily, not everyone is easily duped. Microsoft Watch was not impressed with the 90-day report, saying this at the time:

“Last week, Jeff Jones, Microsoft’s security strategy director, released a rosy report about Windows Vista’s security progress. Counting Jones’ way, Vista has a pretty good 90-day track record compared with other operating systems. But counting another way, the vulnerability number is much higher.”

Now they’ve published an article denouncing the six-month report as well, saying:

“[Microsoft] is once again counting security bugs, and possibly to a fault.There are some things you count and compare, and some things you don’t. Security flaws should be in the don’t category, not that Microsoft seems to get it. For years, the company has used number of flaws as a measure for touting security improvements. Counting is a great security by PR approach, but little more.”

“The point: Don’t count on security flaw counting. The real flaw is the counting.”

I hope other sites in the tech community will call Microsoft on this as well. Let’s not forget it’s Windows’ many vulnerabilities that wrought the long list of viruses and malware for which third-party protection and assistance is mandatory. An entire industry is built around it! Did Vista plug all those holes? Too early to tell. Did Windows 98? 2000? XP? SP2? Internet Explorer 7.0? It would seem Windows security is still very much a work in progress.

We must measure security by results in the wild. What is the likelihood of attack in normal use? Not in a lab, or think tank, or theory, or contest. Those have a place in terms of security research, but are not substitutes for the real world interaction of a user browsing web sites, downloading files, getting email, etc. Did we suffer through an attack? That’s the question that matters to users. You can brag about changing our door locks every week (and even claim to have “better” locks) while our neighbor’s stays the same, but if our house is the one usually broken into which one do you think is considered more secure?

Screw Microsoft’s report. It’s a marketing piece. The real security metric is to measure actual attacks against users. This was obvious before we let the MSRC orchestrate a change when we weren’t looking. It’s time to pay attention and get back to reality.