Your point is a good one; not everyone wants to get under the hood and mess with the guts. Just because someone doesn't want to learn what's inside, doesn't mean they're dumb, lazy, or foolish. Computers should work like TV's - turn it on, it goes, and you don't have to know a thing about what's going on inside.

The problem is that we're not really there yet. I have yet to find a computer that didn't require me to intervene in some way (I have no experience with the Mac; some claim it's worry-free). All the computers I've had required me to dig into whatever version of Windows I had, to correct dumb mistakes that Microsoft made, to change the defaults to suit my tastes, and to beef up the security. I've had to buy and learn to use anti-virus, firewall, and anti-spyware software.

Most people I know have not the slightest interest in learning about their computers. They just want it to work. Unfortunately for them, they don't "just work". All these people have had serious, sometimes catastrophic, problems that included malware, screwed-up programs, and loss of data. This happened because they weren't aware of the need for protective software, or they weren't aware of bugs in the software they were using that could cause data loss, or they had no idea they should back up their data.

I chose to install Linux on some of my computers. As I mentioned above, installing Linux was as simple (or as difficult) as installing Windows. When I turned on the computer, it did "just work", though I had plenty of things to twiddle with if I wanted to get into trouble. It's a matter of choice. The main difference was that when I installed Windows, I had to do it twice. I neglected to disconnect the network cable, and before I had Windows properly installed, the computer was infected with Nimda.

You made an interesting comment about your sister's experience: With effort, it's perfectly possible to secure an MS system, and I have done that for her. This is important. She had you to help her out with this vital process. Without your expertise, I suspect that she might have had security problems. Or at least, she'd have had to learn a bunch of stuff about security.

One final note: Ken Thompson created a truly devious hack in which the source code did not reflect what the compiler did (he compromised the compiler). So even if you *do* read every line of your source code, you might still wind up with a compromised system.

The main difference was that when I installed Windows, I had to do it twice. I neglected to disconnect the network cable, and before I had Windows properly installed, the computer was infected with Nimda.

Very strange. I've installed most versions of Windows at one time or another, most of them many times and on a variety of machines, but I've never had any of them initiate a connection to the network. Indeed, I don't recall ever having used a version of Windows that would allow me to connect to the internet until it (Windows itself), was fully installed such that I could (and had to), then install/configure the software required to connect to my choice of ISP.

It's only at that point, when installing or configuring the software for an ISP, either from CD or pre-installed by the hardware vendor, that the system becomes connectable, and therefore vulnerable.

It's hardly the fault of the OS vendor, if the ISP/hardware vendor supplied Internet connection software doesn't pre-install appropriate safeguards to protect the machine once it is connected. It is pretty much par for the course for MS to get blamed for the inadaquacies of these third parties.

I'm not for one moment suggesting that MS do not carry a burden of responsibility. If they would set up their OEM distributions configured for maximum security--ie. disable about half of the services that are enabled and open by default--then far fewer exposures would result. But not all exposures are as a result of MS action or inaction, and attributing them all to MS without considering the other parties involved in the distribution and configuration chain just clouds the issues.

You made an interesting comment about your sister's experience: ... She had you to help her out with this vital process. Without your expertise, I suspect that she might have had security problems.

Agreed, but again I'll point the finger at the hardware vendor who tailored the OEM installation of XP that came on her machine. They completely re-configured the OS; custom backgrounds; help facilties; machine specific utilities and extensions. They added a gob-load of 3rd part software packages; including 3 or 4 "sign-up on first use" Internet connections. She chose to use one of these when she first got the machine. Despite all the configurations they made, they failed to set the machine up with a firewall. They didn't even enable the XP built in firewall. Inadaquate as it may be, it would have been better than nothing. Who do you blame here?

Of course, MS could have enabled the firewall from the get go, but then 2 dozen firewall vendors would be launching law suites against them for "bundling" software with the machine and encroaching upon their marketplace. Sound familiar?

As I understand it, if you install Linux, you are still responsible for obtaining and installing a firewall, and will be vulnerable, until you do. I've no idea how you go about configuring Linux to connect to the internet (via dialup); whether you just type a command and enter the phone number and password; or whether you need to install some additional software first. The OS cannot come pre-configured for your ISP.

Either way, if you take those steps and then connect without having installed/configured/enabled a firewall (IPTables?), then you would also be vulnerable. Less likely to get found and exploited by virtue of obscurity--there are less dirtbags out there searching for and exploiting Linux vulnerabilities; at least so far--but still vulnerable.

And if you use (say) Firefox, then you are still responsible for keeping up to date on the fixes to it's vulnerabilities. Like the 21 recently discovered. The same is true for other browsers.

---

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

• Linux/BSD never comes preinstalled on standard computers
• Linux/BSD support from big hardware manufacturers is nil
• It is hard to interoperate with the standard Office formats

It offends me when I hear them, and the millions like them, being written off as "dumb".

But it offends me when my life quality is lowered by convicted criminals, which e.g. make systems that are designed to be too complex to interoperate!

Update: OMG, this was my first negatively voted post ever. It even ended up on Worst of the day. (My only other negative of all time is four levels below this.)

I will stay out of the classical holy wars (at least, those irrelevant to Perl).

Don't worry, sometimes post get downvoted for no understandable reason. Looks like some people can't even stand strong opinions (probably because they have none by themselves).

On the monopoly issue, I agree with you. It's a shame that the DoJ watered down their ruling so that it amounted to little more than a slap on the wrist. (Makes you wonder why? But that's a different conspiracy theory:). Maybe the EU will do something more effective?

I wonder if Apple, and Sony, and DELL and a raft of smaller players aren't moving in the same direction? I'm not a lover of government intervention in business, it usually just creates red-tape and costs that we consumers have to bear, but maybe it will take action and legislation by governments to sort out these issues in the modern world.

As for your "quality of life". Is that any more important (other than to you), than that of all those who's quality of life would be severely curtailed if they couldn't use their computers to conduct their lives as they currently do?

---

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

If business stopped intervening in government I might be a bit more sympathetic to government not intervening in business. :-)

I'm not a lover of government intervention in business

Only (some) politicians and lawyers are! :-)

But monopolies and oligopoles are generally harmful to consumers. (There would probably be attempts to go the regulation way even without Microsoft.)

About "Quality of life" -- I wasn't clear enough, it seems.

Microsoft systems are written to be too complex to be compatible with. Or even to interact with the document formats!! That is arguably bad for every user and programmer.