Windows Vista: the most secure Operating System

Disclaimer: I use Vista for testing and casual web browsing and Mac OS X for web and software development. I use both nearly every day. I’ve had no security issues with either. That said, Vista’s “allow or deny” behavior is probably about as annoying as spam or popups.

Various sites (e.g. ZD-net and Engadget) are essentially regurgitating some Microsoft press release (complete with graphs, it appears) on a Microsoft-funded “research” project which shows Vista to be the most secure OS ever released (with XP coming in second — which kind of screams credibility right there).

Secunia is my favorite (well, least loathed) security site for two reasons. First, even though like most security companies it has a vested interest in promoting Microsoft (since almost every Microsoft user pays for some form of virus protection and almost no-one else does) it seems to be relatively impartial. Scandinavian sensibilities, perhaps. Second, it gives you pretty nice graphs.

Apparently, according to Secunia, Mac OS X (versions 10.0 Public Beta thru 10.4, client and server) is one product while, say, Windows Vista is one product (and, more interestingly, Windows XP Professional is one product). This means that when you look for security problem statistics, Windows Vista is in its own separate category, while Tiger is lumped in with the 10 or so other versions of OS X. Secunia also tends to downplay the severity of Windows issues and overstate the severity of Mac OS X issues (yes, if you download a malicious script file, run it, and type in your admin password when asked, it can take over your system) — but we’ll let all that slide (especially since I’ve ranted about it in the past).

Here’s the story in pictures:

The gorey details are here.

And here is all of Mac OS X since 2003 or so for comparison:

The gorey details are here.

And finally, to give you a good laugh, here’s what this “research” claimed was the second most secure OS:

The gorey details are here.

This data is live — so it may change after I finish this post. But right now as I look at it, Mac OS X has a better record historically, and fewer issues since Vista’s release than Vista. And XP — which according to this same “research” comes in second to Vista and ahead of OS X — has a track record based on these statistics (and much personal experience) which is simply embarrassing.

Apparently, the “wow” has been delayed until October

Well, I can predict one of the surprises that will be in Leopard based on this patent filing and a bunch of similar, related patents.

Apple is going to offer procedural desktop pictures (essentually GPU pixel shader programs) that produce pretty animated abstract or image-processed desktop pictures. These will be gorgeous, stylish, and have the following virtues:

  • Unlike desktop pictures, they won’t take up memory in either system or video — beyond the images they use. Since many of the options will be purely abstract (think of iTunes visualizations or Motion samples) this will be a significant chunk of RAM freed up.
  • Unlike desktop pictures, these can be procedurally animated for free (essentially accessing a static pixel and accessing a computed pixel are pretty much identical operations for modern GPUs).

Just look at the kinds of things Motion does effortlessly and you can be sure this stuff will be gorgeous (quite possibly distractingly so) and make Windows Vista look like the pathetic, obsolete hunk of junk it is, but which its “me too Aqua” graphical wrapper partially conceals.

Incidentally, animated window frames could be done exactly the same way.

Copland, Revisited

Vista is turning out to be Microsoft’s Copland (rather than its System 8). The thing is that Apple was smart enough not to ship Copland.

Copland was Apple’s much vaunted successor to Mac OS that had all this revolutionary stuff under the hood but which didn’t actually (a) work or (b) run legacy software. After many delays it was axed.

After Jobs returned to Apple, System 7.6 was gussied up in Copland’s default theme and shipped as System 8 (which is what Copland would have been called if it had shipped). Anyone who had been following Apple knew System 8 was little more than System 7.6 with prettier graphics, but on the plus side it worked very well and was extremely compatible with older software.

After Longhorn’s many delays and feature purges, it seemed that anything revolutionary about Vista had been scrapped and that what we were in fact getting was Microsoft’s “System 8”, i.e. their last gen OS dressed up in their cancelled next gen OS’s graphics. This seemed like a rational choice: everyone likes XP, and no-one has any choice of OS when they buy a PC anyway, so sell them XP disguised as Vista and cry all the way to the bank.

Unfortunately, Vista seems to have all the vices of a revolutionary OS (it breaks almost everything) and very few of the virtues (it offers almost nothing new*). With the revelation that if you want Photoshop for Vista you’ll need to upgrade to CS3 Adobe has basically verified that Vista is less able to run legacy software than Mac OS X was. Another milestone!

So far, the only third-party application I’ve run under Vista flawlessly is Notepad++ (an open source programmer’s text editor) and pure web application (but bear in mind, I’ve had trouble with every browser, including IE, under Vista). Everything else from games to office software has issues.

Mac OS X — which was truly revolutionary — ran 32-bit clean pre system 7 apps flawlessly. (Actually, Apple’s switch to Intel was more painful… but nothing compared to Vista.)

How To Fix Your Current Memory Related Problems*

So I had a Blue Screen of Death (yes they still exist) after, apparently, a memory parity error occurred. (Not Microsoft’s fault — I guess.) This led to my spending 45 minutes on the phone with Dell “gold” tech support.

My memory parity issue may or may not be solved (depending on whether reseating a DIMM helped) but I was told the magic order in which to install all the drivers, and now my laptop’s 3D performance is … well not embarrassing. If I had a Mac mini or an Intel iBook I could comment on its performance versus a GMA 950 but I don’t so I can’t.

It still (mysteriously) takes about a minute to shut down.

And it still offers Microsoft’s equivalent of “instant on”, i.e. it pretends to turn on instantly, but then mysteriously locks up for 30s after you log in. (Apparently the process for checking your password requires the entire OS to load, so if you mistype your password you don’t find out for about 30s.) So the “instant on” experience is:

1) Open the lid.
2) Greeted by the CONTROL + ALT + DELETE screen.
3) Give machine the three-fingered salute.
4) Type in password, hit enter.
5) Wait 30s while Vista’s new blue ring of tedium spins.
6) Maha, my machine is awake. Start trying to interact with it and discover that actually no, it’s just decided to display the contents of its graphics buffer or something.
7) 10s later the screen flickers, and becomes *actually* live. Generally displaying one or more “Such and such is not responding” alerts in reaction to my previous 10s of frantic clicking and typing. Typically the application that didn’t react is Explorer and the alerts offer to kill it for you. Much as I’d like to kill Windows Explorer, I’ve found that doing so makes Windows even more useless.

Note that this is a vast improvement over Windows XP’s awake from sleep behavior.

a) So far, my Vista laptop always wakes up.
b) If the laptop’s lid is closed, opening it wakes it up. (Versus, having to press the power switch. Apparently, waking in response to keyboard or mouse activity is too hard.)

In closing this particular pointless rant, let me just say that the new Aero transitions offer a fascinating combination of:
i) Not being very pretty.
ii) Seeming to have been cut down from longer, but presumably more annoying, transitions (so that — for example — the window “grow in” and “shrink away” animations seem clipped).
iii) Getting in one’s way.

I suppose that if I wanted to somehow put a positive spin on this, I’d call the transitions “understated”, but putting understated transitions into Vista is kind of like putting a day-glo painting of Elvis on velvet in a plain black frame.

Footnote: * This was the heading (I believe verbatim) of a slip of paper included in our copy of Master of Magic (the fantasy followup to Master of Orion — great games by the way. It (correctly in most cases) assumed anyone running Windows 3.x or DOS 3.x-5.x would have memory problems after installing their software.

Vista, Continued

Today, I discovered that FireFox 2.0.0.3 doesn’t have Flash installed. So I attempted (unsuccessfully) to install it. Automatic installation failed (FireFox’s fault). Manual installation failed (Adobe’s fault?). Note that Internet Explorer (rendered unusable by requiring me to type URLs with a leading http://) is running Flash just fine. I thought FireFox was too.

Anyway, so I quit FireFox and try to install Flash again. (I’ve clicked “Continue” or “Run” or whatever approximately 50x by this point.) Flash’s installer is “automatic” in that “you can’t fix it yourself” and sometimes manages to spawn hidden windows or, occasionally, to appear to disappear (have no visible presence on screen) and then reappear. Anyway, no Flash in FireFox.

So I launch FireFox and it tells me that it needs to wait for an install to complete, and I should restart. So I do.

Vista takes about 60s to shut down (heck, Tiger takes too long to shut down too) and then I try FireFox again. Same error message.

So I download a new copy of FireFox (more “Continue” “Run” “Yes I really really mean it” B.S.) and it produces a horrible error message saying that it could do something it needed to do. (Definitely blame FireFox.)

So I uninstall FireFox (it’s still more-or-less in the same place in the control panel) and attempt to install again.

Oops, when I clicked “Run” rather than “Save” Windows tossed away the installer. It’s probably there … somewhere … but easier to download a fresh copy (and “Save” it this time).

I run the new installer and … same error message.

So, I download Opera, which appears to work. (I’m typing this in Opera.) Then I download FireFox 1.5.0.11 — which installs flawlessly — but still won’t run. It needs to allow a previous installation to complete.

Aaaargh.

P.S.

I tried to make a movie (using SnagIt) of the wonderful sequence of dialogs you get when you attempt to do more-or-less anything in Vista but … get this … the “Cancel or Allow” system modal dialogs that dim the screen do not appear in screen captures.

Aside from anything else — I don’t think this is sinister, just incompetent — it means that if you want to create instructional videos for users you can’t show them what actually happens without jumping through a lot of hoops (e.g. filming your videos with a camcorder OR mocking up a “Cancel or Allow” dialog and editing your videos in a serious video editing app).

Maybe I just need a more bloody-minded screen capture program (e.g. fraps).

P.P.S.

My laptop’s video adapter’s performance is absolutely abysmal (at least under Vista). Just how abysmal? Blender takes about one second to draw its splash screen (versus instantaneous on my near three year old iBook). Unity’s web plugin warns me that I don’t have any hardware 3d acceleration (um, supposedly the Quadro is roughly equivalent to a 7300 and far better than an Intel GMA 950). I noticed that the driver is written by Microsoft… Hmmm.

So I dutifully went to NVIDIA’s website to download their latest driver and install it. But their installer said I had no compatible hardware.

Double aaaargh.

Footnote: the Dell Latitude 620 I am using has 2GB of RAM, a Core Duo 2.0GHz, and an NVIDIA Quadro NVS 110M (64MB of dedicated RAM + shared). It should run a little slower than my wife’s MacBook Pro for everything except 3D (the MacBook has an X1600).