They still keep then turn-offable flag for Windows 7 hidden...

Joe, as you know I commented earlier in one of your other posts that M$ is going do this. While I think it is a step in the right direction, still, it falls badly short of what needs to be done.

The fact that M$ will still not let you totally uninstall (delete the files off your HD) these apps misses the whole point. The fact that these apps are still installed by default misses the point.

So is M$ to be commended for also letting users "disable" WMP? The truth is, this is just another tactic from M$ to preempt and get away with another fast one before the EU makes them do something. And who knows, even the US DOJ could have a consense attack after watching what the EU requires M$ to do, and make them do the same here.

Awhile back I posted on your site about how to remove completely IE, WMP and Outlook from XP. XP ran a whole lot better without those, BTW.

About the only program I noticed that depended on Internet Exploder, was Intuit Quickbooks Pro. And that program, did not really need IE for anything except to pop-up a IE advertisement. Still it insisted on IE being installed, and would not install unless IE was there, a huge bit of lockin. One wonders the motivation behind that. So if the EU forces M$ to remove IE completely, maybe Intuit would change its evil way$?

As a developer it sounds to me as though they will remove the Internet Explorer application only. Internet Explorer is only a thin wrapper and user interface around Microsoft's browser engine.

It seems unlikely to me that this engine will be removed as this is what developers rely upon, including browsers like Avant.

Thus in reality removing Internet Explorer will probably have little effect other than keep some people in the EU happy.

I agree that bundling the services has been a questionable benefit at best. How many security issues have been caused by bundling IE?
.
If anything, MS should have focused on bundling a security package that comes with Windows starting 15 years ago.

Mog's right. Firefox with IE Tab, an extension which is ONLY available on Windows, allows Firefox to properly render Outlook Web Access to Exchange, and to fully render web sites created with MS Publisher (yeah, they exist).

The damage has already been done. Microsoft has spread its non-standard Windows/IE-only tentacles all over the web and most Exchange severs, and now is offering IE removal, which puts it in the category of "too little, too late, who cares".

Philosopher says:
"Microsoft has spread its non-standard Windows/IE-only tentacles all over the web and most Exchange severs"
----------------------------------------------------
Absolute truth here, M$ has used it power of the monopoly to spread its "patented" non-standards as defacto standards all over the internet, including many multimedia files as well and Fat32.

There is really when everything is said and done only one good fix to this problem. The EU needs to make M$ opensource the code for these standards, and release them as "public domain," free to everyone to use. That should be additional punishment for the behavior of the monopolist, in addition to completely removing this "apps" from the Windo$e bundle.
--------------------------------------------------
AndresFreeLaptop says:
"If anything, MS should have focused on bundling a security package that comes with Windows starting 15 years ago."
--------------------------------------------------
More than Completely agree. Security should be the number one issue with Windows these days, but M$ does nothing.

BTW, I noticed your username here, should not that be plural form? LOL
--------------------------------------------------
www.distrowatch.com the place to go to download a free linux cd today, gets your out of the next expensive Window$ upgrade cycle, coming soon.

@Chips B Malroy :
"Security should be the number one issue with Windows these days, but M$ does nothing.

Get real. Vista includes numerous new security features. And yes, I use Vista SP1 every day, and it works just fine.

BTW, if Microsoft was to bundle a full-featured anti-malware program like Norton Internet Security with Windows, they would be sued for an antitrust violation.

@JohnJ :
Read the headline in Joe Wilcox article again, its talking about Windows SEVEN, not Vi$ta.

@JohnJ
-
Quote "Get real. Vista includes numerous new security features. And yes, I use Vista SP1 every day, and it works just fine."
-
So maybe you would like to explain why in recent weeks there have been cases of traditionally security conscious organisations (ie.the military)
falling victim to Windows exploits?
-
Why do the mainstream press constantly report exploits/warnings? and why do we see nearly every week another dire prediction of how much malware of unknown intent is on the net?
-
Maybe, since you are a supporter of Vista, you would be prepared to answer the question that no other supporter of Vista has, it only requires a yes or no answer:
-
Given that Microsoft has received years of feedback from XP, do you believe it took that on board and released Vista. Do you believe Vista represents the best of XP?
-
What I see in regards to Vista is many people supporting it via general comments, yet not one person is prepared to say that Vista is truly an upgrade to XP. I wonder if you will be different?
-
Quote "BTW, if Microsoft was to bundle a full-featured anti-malware program like Norton Internet Security with Windows, they would be sued for an antitrust violation."
-
Quite possibly, but then (IMO) if the system was fundamentally secure in the first place, you wouldnt need to and you wouldnt have 3rd parties making profit off providing security for a system, which I dont think it unreasonable of the consumer to expect to be secure from day of purchase.
-
Would you buy a new car that couldnt be locked and could be started without keys? Of course not, so why is it considered acceptable that people should spend more money on securing something they have already paid for.
-
Before anyone states the obvious fact that no system is secure and that Linux has less exploits since its penetration in the market place is considerably less than Windows, I would like them to consider that with the diversity in Linux distros (and the sheer number of them) that has traditionally been a point of scorn for the anti-alternatives club, it may well be the one thing that keeps Linux more secure.
-
Just an idea, but Id suggest that if Linux as a platform ever had the usage Windows does, the fact that a NimbleX exploit would probably be incompatible with a say Fedora one, would probably see stories of exploits being very rare.
The idea of hundreds of distros doesnt seem so silly now does it?

Joe, have a look at this page and the API comment should be more clear.

http://en.wikipedia.org/wiki/Internet_Explorer#Architecture

The DLLs listed here provide the APIs that Jack is talking about.

Internet Explorer is just iexplore.exe which is a very small shell that just brings all of those DLLs together.

Lots of Windows applications use MSHTML.dll, for example the explorer folder information in XP used HTML. The help system also uses it.

I looked at the link that billybob just posted and found the following gem:

"Accessing files marked as such will prompt the user to make an explicit trust decision to execute the file, as executables originating from the Internet can be potentially unsafe."

First, users are expected to be computer science experts with highly-developed skills in computer system and application security, experience with executable file disassembly, and have access to security warning databases.

Then, they must put their affairs in order and spend 10 ro 20 years in prison for violating the EULA and exposing Microsoft's Precioussssss IP.

Or they can just click "Yes" and not have the faintest idea if the EXE is trustworthy or not. Or else click "No" and view their computer as a worthless brick.

Advanced Basic. Microsoft Bob. Windows Security. Strike Three!!!

@Goblin,
Re: "consider that with the diversity in Linux distros (and the sheer number of them) that has traditionally been a point of scorn for the anti-alternatives club, it may well be the one thing that keeps Linux more secure."

Interesting. I've never quite thought about it that way. I wouldn't say it's the one thing that keeps Linux secure, but it sure would seem to be one of the things that keeps Linux secure. Thank you for the added insight.

Another major factor is that Linux follows the Unix philosophy. It doesn't copy its code, as some has-been derelicts have falsely claimed. But it does follow the Unix design philosophy, and that includes its security model.

Security is one of those things that must be in the design from the very start. Bolting it on after 2 decades of a operating system's evolution is too late. Reliability and security, and performance to a lesser (somewhat, but not that much) degree, are design points that must be considered when the piece of paper that starts an operating system's development is still blank.

Unix had its history in time-sharing systems and the security challenges they presented. Past ideas were adopted and refined over many decades. The GUI was a later development, but the security foundation was in Unix from the beginning. On the other hand, Windows has evolved from a GUI atop a tinker toy DOS kiddie plaything with no hint of security.

Dave Cutler was reported to have hated Unix, and so he shut out any serious understanding and learning from it. As a result, he designed NT's security system from the start, but without the guidance from past successes. And what has become of the complex and highly granular NT security model? Do we see it silently and diligently running in the background of XP, Vista, and W7, with nary a peep from viruses or spyware? No, we see GUI advances and .NET Framework advances, and viruses out the wazoo.

Unix isn't perfect. It has suffered over the years from DOS (denial of service) attacks, some spectacular worms, and the infamous ping of death (yes, it really did work. Yikes!) But its security was built in from the beginning, and its evolution only got better in ways that a johnny-come-lately bolt-on security model cannot do.

Dave Cutler and Linus Torvalds both provide support for the theory that "Those who don't understand Unix are condemned to reinvent it poorly." Dave reinvented Unix poorly, while Linus reinvented it well.

And for servers, Berkeley, though its BSD Unix, reinvented it best.

Agreed Philosopher, and whilst I didnt want to disregard the issue of Unix architecture or the "patch up and pray" ethos of other platforms, the point I was making was that "mainstream exploits" if you will, want to target the maximium number of users in the shortest time (IMO) if the Linux populas is spread between hundreds of distros that further challenges the malware creator.
-
Ive said on other threads about the EU, and whilst Microsoft can be challenged over the exploits of its platforms, I think some responsibility needs to be taken on by Government. We need a more robust global approach to tracking Malware/virus creators and tougher penalties for those convicted. We need to legislate (IMO) more precisely for these types of crimes since in the area of IT the legislation needs to constantly change in order to keep relevant with the tech.
-
I believe we've already seen the Theft Act added to in the UK, with the specific offence of Theft of Bandwidth, and I think governments need to take some responsibility and intiative in this area.
-
Maybe instead of the EU worrying about what browser is bundled with Windows, they should consider lobbying European Governments for a more collective tougher approach to tackling the route cause of these exploits, the dubious individuals that create them.

No, it’s not diversity in Linux distros that keeps Linux safe from malware attacks. They mostly offer the same software, after all. What keeps Linux safe is the fact that its developers (and users) take security seriously.

Remember the Ramen and Slapper worms that attacked Linux systems over a decade ago? Remember anything like that recently? Nope. Linux is the _only_ system that has suffered _fewer_ successful malware attacks as its popularity has gone _up_. Figure that out.

Clipped from the latest Secunia Weekly Sunmmary. The Unix/Linux figures include OS/X. Make of them what you will.

Platforms:
Windows : 10 Secunia Advisories
Unix/Linux : 24 Secunia Advisories
Other : 3 Secunia Advisories
Cross platform : 30 Secunia Advisories

Criticality Ratings:
Extremely Critical : 0 Secunia Advisories
Highly Critical : 9 Secunia Advisories
Moderately Critical : 28 Secunia Advisories
Less Critical : 22 Secunia Advisories
Not Critical : 8 Secunia Advisories

"The Unix/Linux figures include OS/X."

How does that make sense?

Also do the Windows totals include all Windows software as I am sure the Unix/Linux/everything else figures do?

Why is there no extremely critical advisories listed? We all know that there are at least 2 active-being-exploited-zero-day exploits in the wild for MS software, I am not aware of any for Unix/Linux/OSX/BSD/Be/Amiga/Haiku.

I love the cross platform column. We all know it is really Windows exploits, other OS's have a good level of user security so they cannot be exploited on anything else with any reliability.

There is no way that any of those 30 XP vulnerabilities could be used to install a rootkit on my machine. But installing one on Windows is childs play. You already have administrator access so it's easy to bury deep in the OS.

I say your stats are useless bunk.

@RightPaddock :

"Clipped from the latest Secunia Weekly Sunmmary. The Unix/Linux figures include OS/X. Make of them what you will.

Platforms:
Windows : 10 Secunia Advisories
Unix/Linux : 24 Secunia Advisories"
----------------------------------------------------
A few points here about the way they comply these advisories. Usually for Windows, they only test the Windows OS for exploits itself, with Linux they also test many of the applications that you would have installed if in windows, such as an office suite.

Advisories are about potential exploits, in the windows world, almost every exploits will have a least one, usually many, programs (malware) written and spread in the wild to take advantage of the exploit. And those malware programs for windows, will be wildly sucessful.

In Linux many of these advisories (exploits) that exsist, still are not exploitable, if the user is running as a limited user, if called overlapping protection, as Linux does not just rely of one form of security. Linux users run as limited users in about 98% of the cases, while Windows users run as full administrator accounts about 99% of users.

Also, the very few malware type of programs that were made for Unix/Linux, such as the Norris worm, have been patched eons ago, and as such, the Norris Worm is no longer for many years in the wild. Even if was to come back, there is no place for it to infect in current new Linux. There is less than 20 know pieces of malware for Linux, and all have either been patched, or are no longer in the wild (extinct). Do you know of any Windows malware that is extinct now, or not in the wild? Maybe some of the floppy based windows malware may eventually die, not from better windows security, but more likely from the floppy media dying and being replaced with cd, dvd, and flash drives.

@Lawrence
-
Quote "No, it’s not diversity in Linux distros that keeps Linux safe from malware attacks. They mostly offer the same software, after all. What keeps Linux safe is the fact that its developers (and users) take security seriously."
-
Firstly, Ill make it clear Ive had no experience with making malware type code. I really am "shooting in the dark" my "hobby code" if you will is more GFX related, so my understanding is theoretical, mostly (and possibly inspired from a drunken night watching The Matrix!)
-
My understanding is that if you have two separate distros (not a derivatives on another) then you have the core code that has been compiled with the distro in mind. Unlike Windows where pretty much everyone is using the same core code i.e XP, within Linux you have numerous distros all with their own way of doing things and unique code additions that the distro maker may have added/removed.
-
Look at say NimbleX then compare that to say Ubuntu-SE (based off 8.04LTS) Id suggest a generic exploit between the two would be harder to develop than one for say the XP or Vista platform specifically. Am I wrong in this? As I say my understanding of exploit code is limited. But id certainly suggest that the above reason is one of the things that could keep Linux more secure than Windows if/when Linux every reaches a significant market share.
-
I would be very interested if anyone could expand on this malware issue, and maybe confirm or deny my theory.

@Goblin and Lawrence D'Oliveiro :

Quote "No, it’s not diversity in Linux distros that keeps Linux safe from malware attacks. They mostly offer the same software, after all. What keeps Linux safe is the fact that its developers (and users) take security seriously."

I would basically agree with Lawrence's statement, as usual he adds to the discussion. But I also think that you are not completely wrong either. While many of the distro's do offer mostly the same software, some offer less, or different software. Linux would be vastly a moving target to hit for the malware writters. Not only that Goblin, but your reference to NimbleX as to opposed to Ubuntu,is a good one. NimbleX is based on Slackware, while Ubuntu is based on Debian. As far as I know, in Slackware based distro its tar.gz if you want to install additional programs later on. And most important, Slackware based distro's, up until recently were still using the 2.4 kernels. DSL also uses the 2.4 kernel, which is mostly for very old computers, and not so much a distro for new users.

Could the fact that Linus Torvalds has such a hard working team that turns out a new kernel maybe even every 2 to 3 months, has something to do with the fact that it would just be hard to write malware for all the kernels? A lot of patching done at kernel level by Torvalds team. Consider that when a windows NT kernel comes out its going last for 3 years without changes most likely, except Vista, which needed help (sp1 kernel). Seldom does Linus get the praise that is due, as his kernel team is another part of the reason that Linux can be patched so quickly and that hardware support and features can be added quickly.

As you know I always talk about the limited accounts in Linux and Windows, as its a major sercurity feature. But there are others in Linux as well.

I would also say, that the Linux distro's repositories themselves are a source of security, as opposed to the Windows way of getting software. The software in these distro's repo's, example Ubuntu and Debian, are open source (as in many eyes on the code) and checked for malware and bugs. In the windows world, at best users get their additional software from a cd, or off the internet, and some, get it off the P2P (not very safe and of dubious legality).