14 - Security.
Here's a few things to notice...
Windows?
* Allow-by-default! Execution of code without a thought! Need Software Restriction Policy (SRP) to flip this around...SRP not in all versions of Windows!
* First account is always Administrator-level user. (No discouragement of its day-to-day use!)
* If security hampers convenience; turn off security! => Computer "experts" say to turn off UAC!
* Administrator with reduced privileges is NOT the same as Standard User with Administrator access. (The former is still part of the Admin group. If an exploit takes that account; they take the whole box!)
* Unclear boundaries between Administrator and Standard/Limited User. (MS marketing says UAC isn't a mechanism related to security; when it clearly should be!)
* Install any old random thing without a thought!
* No centralised update mechanism for maintaining the system as a whole. (Added workload on end-user!)
* Anti-malware industry is built upon user ignorance of computer security.
* Internet Explorer. ("Remote Exploit" in MS Security Bulletins for this browser alone is as cliched as attractive women in Michael Bay movies.)
* ASLR and DEP poorly implemented. (They look great on paper and marketing...But there are well known methods to disable and work around these. Pwn2Own competition just highlights the situation in a more sensationalised way.)
* Bugs/exploits are categorised/evaluated; so that only what is considered seriously critical to the masses is addressed. (Or unless a security researcher threatens to release details of a bug that was reported 6 months prior!)...Often used by marketing to highlight how secure Windows is! =>
"This is the most secure Windows yet!"
* UAC default setting in Windows 7: RunDll32.exe is given automatic elevation to Administrator privileges without notifying user! (ie: You can get it to run any Administrator-privileged code
without UAC popping up!)...You MUST turn the UAC setting to
Always Notify to prevent this! So it behaves like it did in Vista!
* Why am I still able to create files and folders in the root C: drive when I'm a Standard/Limited User?!
* MS standard suggestion in the Security Bulletins; while waiting for a security patch. => Turn off or disable that feature! (Even though you need it to use the computer!)
Linux?
* Encouraged not to do stupid things. (User is put into a position where they must learn/understand things.)
* Clearly defined boundaries between root and normal user.
* Easier to lock down as it is more modular/flexible. (Remove crap you do NOT need.)
* Easier maintainence. (Package Manager is your friend!)
* Anti-Virus industry marketing tactics doesn't work. (Kaspersky Labs tried FUD in 2006, 2007, and 2008. It all failed!)
* Install/update apps from trusted repositories. Not any random untrusted sources!
* Direct interaction with developers. (Especially important with bug reports, etc.)
* A bug is a bug...It has to be fixed ASAP.
* Ability to add powerful security enhancements like grsecurity/PaX and RSBAC.
* Quick response...Find a bug? Report it, and expect a fix within the same day!
15 - Features are NOT used to segregate the market.
In order to maximise profit, MS intentionally uses features and functionality as a mechanism to segregate the market with multiple versions.
Example: While Windows 7 and Windows Server 2008 R2 are from the same code base...
Windows 7 => Starter, Home Basic, Home Premium, Professional, Enterprise, Ultimate
Windows Server 2008 R2 => Foundation, Standard, Enterprise, Datacenter, Web Server, HPC Server
Linux (Varies between distro.)
Debian/Fedora/RedHat/CentOS => Pick the role at install. Turn it into other roles later.
Ubuntu => Desktop and Server: Can turn one into the other and vice versa.
Arch/Gentoo/Sidux => Start off with a base OS. Install whatever you need for your computing requirements.
16 - Support for multiple architectures.
Windows CE based
=> x86, MIPS, ARM, SuperH (up to 6.0 R2).
Windows 7
=> x86 and x86-64 (AMD64/EM64T)
Windows Server 2008 R2
=> x86-64 or Itanium
Linux
=> x86, x86-64, ARM, MIPS, SPARC, DEC Alpha, Itanium, PowerPC (32bit/64bit), m68k, PA-RISC, s390, SuperH, M32R, Loongson.
As for the talk about graphical drivers...
(1) The Linux graphics stack is undergoing a
major overhaul.
It used to be separate pieces that needed to be coordinated. It made support for HD-playback and OpenCL impossible.
This will be gradually replaced with something more refined and thought out...Gallium3D.
It will allow the support of HD video playback, OpenCL, and advanced 3D features...Unfortunately, this means drivers need to be re-written to accommodate the new infrastructure.
For HD playback, VA-API will act as a front for Nvidia's VDPAU and ATI's XvBA. Some of Intel's IGPs are already supported in VA-API. S3 Graphics's says their Chrome 4xx and 5xx series is supported as well.
(2) Documentation specs.
It takes AMD a bit of time for their lawyers to comb through and remove and third-party patent related material.
Then, the specs are used as a guide for open driver development.
Without it, it would be like wondering around blind...An open driver would be developed, but it will take longer as there is more trial and error involved. (This is exactly what the Nouveau project has to face, as Nvidia simply refuses to release any specs.)
(3) Be patient...Open drivers are being worked on.
ATI cards
=>
http://www.x.org/wiki/RadeonFeature
Nvidia cards
=>
http://nouveau.freedesktop.org/wiki/FeatureMatrix
So until open drivers and the entire graphics stack is matured; Nvidia video cards are the only choice for trouble-free Linux installs.
You can't expect instant support for the latest hardware when some of the manufacturers won't support you!
It may support a greater volume of hardware, but that includes all of the hardware that should belong in museums - you can't really count the stuff that isn't used anymore.
Funny how Intel is making an effort...
Intel Sandy Bridge GPU Support Begins On Linux
=>
http://www.phoronix.com/scan.php?page=news_item&px=ODAxNA
