|
by Michael Jennings, Futurepower ® Computer Systems The latest version of this article can be found at
You have a right to know. You have a right to all the information you need to make an informed choice about any product you buy. The author wrote this article because of the need to give his customers fundamental information about the direction Microsoft wants to take them. Few people have the technical background to understand fully the advantages and disadvantages of software as complex as an operating system. Without fundamental information, it is difficult for non-professionals to understand the advice of professionals. The author is not anti-Microsoft in any way. There appear to be management problems at Microsoft, but the author would like any problems to be fixed, rather than have the entire world suffer through Microsoft doing poorly. Because he has spent considerable time trying to understand the problems, and because he cares deeply about fixing the problems, the author is, in that sense, "more pro-Microsoft than Bill Gates". This article is support for your own investigation. Use this article to support your own thinking and investigation. It is not intended as direct advice. If you don't have enough technical knowledge to evaluate the information presented here, please do not simply believe the author of this article. To avoid misunderstanding, find someone with technical knowledge who can help you. If you need help evaluating the issues here, the following remarks may be useful in choosing someone to help: Computer professionals are sometimes not computer users. Often those who know a lot about computers are not especially heavy users of their own computers. They may not have encountered some of the problems that are mentioned in this article. Often people who only use their computers for email, web browsing, and word processing wipe their hard disks clean and re-install everything every few months. This avoids some of the problems. Some of the problems mentioned below are most serious for companies that have thousands of employees who use numerous special applications. The seriousness of an objection is not proportional to its intensity. Sometimes there have been people who have complained very strongly about something written here. When strong objections have been evaluated, they have sometimes been found to be small in comparison to the intensity of their expression. There are people whose self-esteem is strongly tied to their knowledge of computers. When they discover something that they don't know they sometimes have a negative reaction that sounds like a serious objection. Consider conflict of interest. Consider whether the advice of a technically knowledgeable person is influenced by conflict of interest. For, example, if someone has spent many years taking expensive courses in administering Microsoft software, he or she may be very reluctant to say, or see, anything negative. This is particularly true if the person has a spouse and children and mortgage, and no other good way of earning money. Consider each issue separately and carefully. It's necessary to evaluate each issue carefully. If someone raises an objection that is discovered to be valid, that does not necessarily mean that other issues are without merit.
Notify the author of corrections. If you find a
mistake in this article, please write the author at the address at the end so
that it can be corrected. On September 22, 2002, for example, someone
mentioned that a section of a former version of this article could be
interpreted as more sweeping than it really is. That resulted in two
paragraphs being added the next day.
Hidden Connections Microsoft Windows XP connects with Microsoft's computers in hidden ways. It is expensive to evaluate the present privacy and security vulnerabilities of these connections and impossible to evaluate the future vulnerabilities. The issue is not that the connections are always bad for the user. The issue is that Microsoft has moved from making operating systems that are independent to making operating systems that are dependent on its own computers. Besides possible privacy and security vulnerabilities, this raises numerous concerns. For example, if Microsoft decided to remove the support for Windows XP, users might be forced to upgrade. Or, Microsoft could decide to ask for monthly payment for the use of its computers. Windows 98 does not connect to Microsoft's computers. Microsoft Windows 98 runs completely independently of other computers. Windows XP connects to Microsoft's computers in at least 18 ways. Microsoft Windows XP is dependent for its operation on other computers that the user does not own and cannot control. Here is a (probably incomplete) list of ways Windows XP connects each user's computer to Microsoft's computers:
This is not necessarily a complete list. There may be other connections. To generate this list yourself, disable Microsoft's firewall, and use the ZoneAlarm [zonelabs.com] firewall, which is free for personal use. When Windows XP tries to connect to Microsoft, ZoneAlarm will display a dialog box asking whether that is okay. If you say no to some of the requests, some functions of Windows XP will not work (such as networking). An article from Microsoft called Managing Automatic Updating and Download Technologies in Windows XP [microsoft.com] mentions 11 ways in which Windows XP components automatically download software from Microsoft computers. The article says, "Outlined below is a list of components, applications, and technologies discussed in this whitepaper that have the ability to automatically download and install updated software and information from the Internet." Note that this does not say that the 11 are the only ways that Microsoft XP connects with Microsoft's computers. It says that the 11 are the only ones "discussed in this whitepaper". The Microsoft article tells how to disable the hidden downloading. However, the disabling is very time-consuming. Also, Microsoft has a history of using bug fixes and security fixes to change the operating system settings. This means that all the settings would need to be checked after every bug fix or security vulnerability fix. Why so buggy? The fact that Windows XP makes your computer dependent on Microsoft computers is bad not only because you lose control over your computer, but because Microsoft produces buggy software and doesn't patch bugs quickly. For example, as of October 28, 2002, there are 32 security vulnerabilities in Microsoft Internet Explorer [pivx.com]. (Several more bugs have recently been discovered. On August 8, 2002, there were 22. On September 9, there were 19.) This is a terrible record for a company that has $40 billion in the bank. Obviously, with that kind of money, Microsoft could fix the bugs if it wanted to fix them. Since the bugs are very public and Microsoft has the money, it seems reasonable to suppose that top management at Microsoft has deliberately decided that the bugs should remain, at least for now. The bugs in Internet Explorer are examples in only one program. All of Microsoft's software seems to be of comparable quality. See, for example, the Microsoft Crash Gallery. The security vulnerabilities are often very public. For one of many examples, see the December 21, 2001 Associated Press article published by USA Today, XP flaw due to 'buffer overflow' [usatoday.com]. There are a variety of plausible reasons why Microsoft would allow so many bugs in its software. Since Microsoft has a virtual monopoly, it is enormously profitable to sell users sloppily written software, and then later sell them upgrades to that software. It also seems possible that there is a connection between the huge number of bugs and the U.S. government's friendly treatment of Microsoft's law-breaking [usdoj.gov]. The U.S. government's CIA and FBI and NSA departments spy on the entire world, and unpatched vulnerabilities in Microsoft software help spies. Another theory is that the quality of management at Microsoft is so poor that the company simply cannot motivate its programmers to do better. One of the causes of security vulnerabilities is called "unchecked buffer", in which a program takes input, but does not check the input before it is used. A search using the Google search engine for web pages at Microsoft sites exclusively about "unchecked buffer" shows hundreds of entries. This and other indicators suggest that Microsoft may be sitting on mountains of sloppy code. Deliberately designed to crash. Few people realize that Windows 95, Windows 98, and Windows ME (all closely related to each other) were designed in such a way that it was inevitable that they would crash. Windows 95 was originally designed with a 64 kilobyte limitation on some resources that would have caused it to crash sooner than it does. Protests by knowledgeable people caused Microsoft to increase that artificial limit to 128 kilobytes. At that time, memory was very expensive. When memory became cheaper, and it became common that people would run more than one big program at the same time, crashing became extremely common. Microsoft did nothing to solve the problem. It might not have been possible to fix the problem in an elegant way, but it was, and is, possible to fix the problem. Therefore, it seems reasonable to say that the crashing is deliberate Microsoft policy. The crashing is often given as the biggest problem users have with Windows 98 SE (Second Edition); if it were fixed with a simple patch, many people would not buy Windows XP. Here's a test you can do easily on a Windows 98, 98 SE, or ME system. Start the program called Resource Meter by clicking on Programs/Accessories/System Tools/Resource Meter. If you copy the icon and put it into your Startup folder, Resource Meter will start every time you start Windows. Resource Meter displays three quantities: System Resources, User Resources, and GDI Resources. It is the limited User Resources and GDI Resources that cause Windows to crash. No matter how much memory you have in your computer, if you use close to the limit of User Resources or GDI Resources, Microsoft Windows 95, 98, or ME will crash. For 16 bit programs, User Resources and GDI Resources are limited to 128 kilobytes each. That's 128,000 bytes (approximately, because of a different scheme of counting memory), no matter how much memory you have installed. For 32 bit programs, User Resources and GDI Resources are limited to 2 Megabytes each. These limitations are known to a few computer professionals, and are sometimes discussed in technical forums. However, very few users know about the limitations, and most don't know why their systems crash. If you run Resource Meter and watch it carefully, you can, usually, prevent crashes by closing a program whenever you get close to crashing. This doesn't work, however, when a program makes a request for memory that is unexpectedly large. Instead of refusing the request and giving a message to the user, Windows will crash. The resource design limits are especially cruel to users because they lose their work when their systems crash. They are also cruel because users often spend money to install more memory in their computers, not realizing it won't make a difference. Why would Microsoft design deliberate limitations? Apparently because it would be the only way to get users to spend more money to upgrade later. For most users, the only reason to buy Windows XP is because it crashes less. Windows XP doesn't crash, it becomes less usable. Windows XP doesn't have the artificial GDI and User resource limitations of Windows 95, 98, and ME. All of the installed memory is available to the Windows XP operating system when it needs it. However Windows XP becomes shaky when enough programs are loaded that all of the installed memory is in use. Windows XP has a feature called virtual memory that is supposed to put programs on the hard disk that are loaded but not being currently used. However, this feature does not work well. When the memory limit is reached, a Windows XP system takes a long time to respond and does a lot of disk access. Sometimes the disk access, called "thrashing" because it indicates something is not working properly, continues for 15 seconds after clicking on a loaded program to bring it to the top of the desktop, for example. The result is that Windows XP becomes less usable and eventually must be rebooted. In contrast, the virtual memory feature in the Linux operating system works extremely well. You cannot know now to what contract provisions you will be held in the future. Microsoft has changed the terms of the contract to which users are bound by including the new contract with some security and other bug fixes. Recent security patches require that the user agree to a contract that gives Microsoft administrator privileges over the user's computer [theregus.com]. (Administrator privileges give complete control over the computer and all data stored on it.) See also, Microsoft EULA requests root rights - again [theregus.com]. The contract says that if a user wants to patch his or her system against a bug that would allow an attack over the Internet, he or she must give Microsoft legal control over the computer. This article explains the issue in more depth: Microsoft's Digital Rights Management-- A Little Deeper [bsdvault.net]. It helps to think like a lawyer when you take apart the crucial sentence. The sentence, "These security related updates may disable your ability to copy and/or play Secure Content and [my emphasis] use other software on your computer" legally includes this meaning: "These updates may disable your ability to use other software on your computer." Note that the term "security related updates" is meaningless since some of the updates have no relation to user security. So, the sentence effectively means that Microsoft can control the user's computer without notice and whenever it wants. Since Microsoft can change the contract at any time and without control by the user, Microsoft can bind users to contracts that it invents in the future. This is a new development in contract law. A user is bound to a new contract if he or she wants bug fixes and security fixes. But this gives the user no control, since once security flaws are widely known, every computer must have the fixes or remain vulnerable. Users invest considerable money and time into their computers, and cannot avoid agreeing to the new contract without giving up their entire investment and disrupting their business and personal activities. Microsoft has abandoned its earlier successful business model. Previously, Microsoft did not try to keep control of its software after it was sold. Now it has invented numerous ways of keeping control. For example, there is in Windows XP a system called Windows Product Activation (WPA) that requires users to communicate with Microsoft on first installation and every time the user's hardware changes significantly. WPA gives Microsoft a way of preventing people from using Windows XP on a new computer, for example when they upgrade their hardware after several years. Instead, the user might be expected to buy new software. Microsoft has recently been saying that its products have a limited life. For example, see Microsoft's June 3, 2002 article, Windows Desktop Product Life-Cycle Guidelines for Consumers [microsoft.com]. The artificial limits may be much shorter than the length of time operating systems are used by customers, who often use the same software for 10 years or more. If an operating system is doing the necessary work, customers often feel there is no reason to buy new software. Note that WPA is used only on the Windows XP Home and Professional versions. The Windows XP Corporate version does not use product activation. Computer companies and consultants are required to disclose their customer information. Those who supply computer services involving Windows XP Corporate version can no longer keep the names of their customers private. The policy of forced disclosure abandons a tradition of business privacy that is thousands of years old. This may be an important fact for a large company to consider; possibly the fact that Microsoft forces disclosure will cause computer professionals to be less enthusiastic about supporting Microsoft products. This might become a big issue during the expected life of a computer system. If a system works well, there is no need to replace it. Sometimes companies keep their systems for 10 years or more. Microsoft requires that professionals give this information about their customers:
Microsoft, or even a disloyal Microsoft employee, could decide to make use of this information, and approach a customer directly. A government that uses Microsoft software is not an independent government. Any government that wants to be independent of the United States government, and any government that represents itself as controlled by its own people, cannot use Microsoft operating systems or other Microsoft proprietary systems. One reason for this is both the old and the new Microsoft methods of keeping control of software that it sells. It is very expensive to begin using an operating system, and once an operating system is in use, it is difficult to stop using it. Changes cannot be made quickly if some new undesirable aspect is discovered, as when Microsoft changes the terms of its licenses. Governments cannot bind themselves to unknown future limitations and invasion of privacy and remain free. Previously this subject was just too technical and complicated for government leaders and employees to understand. However, now governments are beginning to recognize the problems. Presently, the biggest problem is that a government cannot know what is in proprietary software. Accepting proprietary software is equivalent to accepting outside control. A bill introduced to the Congress of Peru, Bill Number 1609, Free Software in Public Administration [English translation at pimientolinux.com], gives several reasons why government software must be open. The reasons given in paragraphs 10, 11, and 12 of the bill have been re-written below to make them easier to read and to avoid problems with inaccurate translation. A government must guarantee that the citizens have free access to government information. To achieve this, it is necessary that the coding of the data [file format] not be tied to a sole provider. The use of standard and open formats guarantees this free access, making possible the creation of compatible software [and software that does not require paying money to get access]. A government must guarantee that public information is permanently available. It is necessary that the use and maintenance of software does not depend on the good will of the providers, nor on monopolistic conditions imposed by them. Permanent availability of public information can be guaranteed only by the availability of the source code of the software used to access the information. A government must guarantee national security. It is necessary to have systems that are devoid of elements that allow remote control or the secret transmission of information to third-parties. Therefore, it is required to have systems whose source code is freely accessible to the public, so that its inspection is allowed by the State, the citizens and a great number of freelance experts in the world. Introduction of the bill caused Microsoft to write a letter of protest [English translation at pimientolinux.com]. The English translation of the response to this letter [pimientolinux.com] stated the reasons for the bill more clearly in paragraphs 5 to 8. The letter of response to Microsoft also discusses what the Peruvian bill does not do:
Microsoft arranged that the U.S. ambassador to Peru tried to stop the bill. See the July 27, 2002 Wired News article, Microsoft's Big Stick in Peru [wired.com]. The article says, "Congressman Edgar Villanueva, the bill's chief sponsor, said he considers Hamilton's letter to be "overt pressure" on Peru by the United States and Microsoft. If so, the letter would continue the long-standing U.S. tradition of meddling in Latin American affairs, political analysts say." Information about the Peruvian bill is collected on a web page called Peruvian Activism. The government of the United Kingdom (England, Scotland, Northern Ireland, and Wales) is considering these issues, also. A policy called Open Source Software, Use within U.K. Government issued on July 15, 2002 by the U.K. Office of Government Commerce says, (Scroll down almost to the bottom of the page; there is no need to use the links.) "Security of government systems is vital. Properly configured OSS can be at least as secure as proprietary systems, and OSS is currently subject to fewer Internet attacks. A balance needs to be struck between the availability of security administration skills and the advantages of many diverse systems. In some cases mainstream proprietary products may be significantly less secure than open source alternatives (see Gartner report Nimda Worm shows you can't always patch fast enough dated 19/9/01 by John Pescatore)." The article about the Nimda worm mentioned above is available at Gartner's web site: Nimda Worm Shows You Can't Always Patch Fast Enough [gartner.com]. The Nimda work is a vulnerability only in Microsoft software. It has done enormous damage. About Microsoft's product IIS, the article said, "Thus, using Internet-exposed IIS Web servers securely has a high cost of ownership. Enterprises using Microsoft's IIS Web server software have to update every IIS server with every Microsoft security patch that comes out - almost weekly." However, the U.S. government seems to be taking little or no action to correct the problem. One reason may be that there is an unusually close relationship between Microsoft and top U.S. government agencies. For example, Howard Schmidt, vice chairman of the White House's National Critical Infrastructure Protection Board, was previously Microsoft's chief security officer. Scott Charney, Microsoft's current security officer, is a former federal official. Microsoft is one of the computer industry's top contributors of political money, according to the Top Contributors spreadsheet of the Center for Responsive Politics [opensecrets.org]. Microsoft contributed $2,520,669 to political campaigns for the 2002 elections. (That figure was from September, 2002. The figure on October 6, 2002 is $2,955,028.) There are people in the U.S. government who heavily favor the un-enlightened interests of U.S. businesses. For example, see the Computer & Communications Industry Association's [ccianet.org] July 24, 2002 news release, CCIA Opposes Hollywood Vigilante Legislation [ccianet.org]. Will Rodger of the CCIA has been quoted as saying, "The larger question, which the [U.S.] government seems to be ignoring, is, why aren't we looking at the problems caused by a monoculture, a single operating system which serves as a single point of failure on the Internet? If there are 60,000 Windows viruses, fewer than 100 Mac viruses, and maybe a dozen Unix viruses, why aren't the problems with Windows an issue?" Support for Microsoft products may be affected by ongoing legal vulnerabilities. The antitrust case against Microsoft is now 12 years old. See the timeline [washingtonpost.com] by the Washington Post. ABC News also indexes information about the cases; see Microsoft vs. DOJ: An Index to Microsoft Trial Coverage [abcnews.go.com]. A group called ProComp [procompetition.org] publishes a text-only timeline it calls Timeline of Events Surrounding Microsoft Antitrust Case [procompetition.org]. ProComp is an "umbrella organization for companies and groups supporting the Department of Justice's action against Microsoft". In summary, Microsoft was found by the courts to have broken the law. The case has resulted in considerable bad feeling toward Microsoft. Companies may want to evaluate the possible future problems in partnering with, and being dependent on, a company that has broken the law. For more information about the Microsoft anti-trust case, see the November 5, 1999 U.S. government document Court's Findings of Fact [usdoj.gov]. The 207 double-spaced pages of this document list abuses for which Microsoft was found guilty. There are numerous sentences like this one: 411. Many of the tactics that Microsoft has employed have also harmed consumers indirectly by unjustifiably distorting competition. A legal documents company, FindLaw, has better indexing of this document: Microsoft Antitrust Trial Findings of Fact [findlaw.com]. The U.S. Department of Justice maintains an index of the current case, United States v. Microsoft Current Case [usdoj.gov]. The case was decided on November 1, 2002. Section J on page 7 of the final decree, which begins "No provision of this Final Judgment shall", is interpreted by most technically knowledgeable people to mean that basically there is no penalty for Microsoft, because all of Microsoft's abusive behavior is allowed. For a list of all the official U.S. government documents of United States of America v. Microsoft Corporation, see the index of Judge Colleen Kollar-Kotelly's actions [uscourts.gov]. These PDF format files on the official U.S. government web site give the details: Final Decree, Memorandum Opinion, Public Interest Order, Opinion on the State Settlement, and State Settlement Order [all uscourts.gov]. The case is not over. There will be an appeal. Also, U.S. state governments and governments outside the U.S. are continuing to pursue legal action. Because of the common perception that Microsoft has broken U.S. law and yet not been forced to pay a significant penalty, there is considerable resentment of Microsoft. Microsoft is considered by many to have participated in corrupting the U.S. government, partly through giving money to politicians [opensecrets.org]. The outcome of the case may increase the distrust of Microsoft and hasten the rate at which companies change to other operating systems, such as RedHat Linux and Mandrake Linux, and other office software, such as the excellent Open Office [openoffice.org]. Companies don't want to use software from an organization that is not trustworthy because software can be programmed to have hidden operations. Mandrake and RedHat Linux and Open Office are publicly designed and supported software, and are completely free. The Washington Post discussed perceptions of the Court decision in the November 2, 2002 article, Microsoft Pleased; Foes Critical [washingtonpost.com]. The anti-trust case was started partly because of Microsoft's aggressive actions toward Netscape, a company that made an Internet browser and Internet server software. It is interesting to note that Microsoft lost that contest anyway. Many people consider that Mozilla is the best browser and e-mail software, and that Apache [apache.org] is the best Internet server software. These are both publicly supported, free programs. Apache server is the most popular Internet server software in the world. Microsoft restricts your software options. When you use Microsoft Windows XP, you are prevented by the license from using valuable software that competes with Microsoft's. See Brian Livingston's column [infoworld.com] in which this is discussed, beginning in the fifth paragraph. The license says: "Except as otherwise permitted by the NetMeeting, Remote Assistance, and Remote Desktop features described below, you may not use the Product to permit any Device to use, access, display, or run other executable software residing on the Workstation Computer, nor may you permit any Device to use, access, display, or run the Product or Product's user interface, unless the Device has a separate license for the Product." Although this restriction is probably illegal even in the United States where it was written, a large company might not feel that it could risk legal involvement with a rich company like Microsoft, even if it knew it would win. The license restriction apparently is partly directed toward preventing the use of VNC, excellent free software designed in the AT & T research labs that were formerly in England. An article on a web site that is very pro-Linux and open software gives another testimonial about the usefulness of VNC: "I used to work for IBM and one of my great achievements (ok, small achievements) there was to save a particular very large client a great deal of time and money by recommending and then implementing a remote control support option using VNC." The Registry is a single point for failure. There are many other big shortcomings in Windows XP. Windows XP, and all current Windows operating systems, have a file called the registry in which configuration information is written. There are several files which, all taken together, Microsoft calls the registry, but the one that causes most of the problems is, in Windows XP, called SOFTWARE. (The name is in all caps and has no file name extension.) On one machine, for example, this file is 25.69 megabytes; it is a huge file considering that it contains configuration information. If this one large, often fragmented, file becomes corrupted, the only way of recovering may be to re-format the hard drive, re-install the operating system, and then re-install and re-configure all the applications. The registry file is a single very vulnerable point at which failure can occur. Microsoft apparently designed it this way to provide copy protection. Since most entries in the registry are poorly documented or not documented, the registry effectively prevents control by the user. There are many areas like this where Microsoft's design conflicts with the needs of the users. Microsoft's documentation includes language that gives the proper sense of fear about corruption of the registry. The Microsoft Knowledge Base Article number Q318159, Damaged Registry Repair and Recovery in Windows XP [microsoft.com] says, "When a registry hive becomes damaged, your computer may become unbootable, and you may receive one of the following Stop error messages on a blue screen:
"CAUSE: Registry damage often occurs when programs with access to the registry do not cleanly remove temporary items that they store in the registry. This problem may also be caused if a program is terminated or experiences a user-mode fault." The article says, "The hotfix that is described in this article automatically repairs the registry during startup, ..." However, the article does not say that this only fixes one kind of damage, and cannot always fix this kind of damage. The registry is a primitive database that cannot always be repaired. There are many programs from other companies that try to repair registry damage, but they also cannot repair all kinds of damage. Putting the configuration information in one file has caused some of the best educated people on earth to lose time and money, all so that Microsoft can make a crude kind of copy protection. More Details about Registry Problems The problem with the registry is this. Suppose the registry becomes corrupted, but the software that the corruption affects is not used for a considerable time. After the corruption occurs, the computer is upgraded, perhaps with new application software, perhaps with new drivers. Then maybe new system preferences are applied. Suppose the company has saved backups of all previous versions of the registry on CD (an unlikely event). See the problem? Since all the software is connected to all the other software by the registry, corruption that goes unnoticed for a while can create an impossible situation. If the company goes back to the original, known good registry, they must give up all the time they spent upgrading the computer. This may be substantial, especially since they may not have complete records about what upgrading was done. In actuality the situations caused by the registry are far, far more complicated than this. For example, you may think that some failure you are having is caused by registry corruption. However, it may take far too much time to prove whether that is the case. If you think of all the combinations of difficult circumstances, you will see that having most configuration settings in one file is sometimes devastating for the user. Consider that the person who is using the computer probably has an important job in the company, and wants to use the computer, since only some functions don't work, but others do. Consider that a repair person must be supervised 100% of the time at some companies, because of security needs. There seems to be nothing like this in the Linux or BSD operating systems. First, there is no single file in which corruption can make an entire installation worthless, even if the user has backups. Second, there is far better error checking, so corruption of any kind is less likely to occur. With Windows XP, sometimes a faulty program can cause the entire OS to become unstable. (I have personally seen this at least 50 times.) My experience with Linux is that the OS just throws the faulty application out of memory and comes back and says, okay, what else do you want to do? With Linux, a software upgrade that you much later discover was bad causes you to re-install a known good version. With Microsoft Windows XP, because of the connection between all programs by the registry, you may have to start over with a re-formatted hard drive. This usually takes many hours, especially in situations in which a company employee uses a system with special adjustments or programs, as is often the case. Installation and configuration of all the programs used by a professional graphic artist, for example, may require 30 hours or more. A graphic artist might use numerous graphics packages and utilities, and also a word processor, an address book, accounting software, text utilities, color balancing software, and other programs, for example. Users have always had the option of making backups of the registry, but making useful backups is often difficult or impossible. Backing up the registry in Windows XP is even more difficult because the registry in now not in the two files system.dat and user.dat, but is spread to several files, with one containing most of the information. Windows XP prevents making copies of any of these files with the xcopy.exe program or any other copy program. So, you cannot create your own backup tools, as you could in Windows 98. Backup Problems: Windows XP cannot copy some of its own files. Windows XP cannot make functional backups of the Windows operating system or of the installations and settings of the applications. Microsoft Windows 98 can copy all of its own files. Using a program called xcopy32.exe, which is supplied, Windows 98 can copy all of its files to another, blank hard drive to make a fully working copy of all of the operating system and applications. Microsoft Windows XP is crippled. It is designed to be unable to copy some of its own operating system files. This article from Microsoft discusses the policy of not supporting the making of functional complete backups under Windows XP: Q314828 Microsoft Policy on Disk Duplication of Windows XP Installation [microsoft.com]. See the section, Microsoft Policy Statement, that says, "Microsoft does not provide support for computers on which Windows XP is installed by duplication of fully installed copies of Windows XP. Microsoft does support computers on which Windows XP is installed by use of disk-duplication software and the System Preparation tool (Sysprep.exe)." The meaning of Microsoft's policy, "Microsoft does not provide support" is also that, if you have tools from other companies for making backups, Microsoft could make changes that prevent those tools from operating. The wider significance of Microsoft's policy is somewhat hidden. Since almost all programs use the XP operating system's registry file, if you cannot make a functional copy of the operating system you cannot make a functional copy of all your application installations and configurations. There are other software companies that make products for creating functional backups, but these products don't work well. They cannot, for example, run under Windows XP, because XP actively prevents that. The backup tools from other companies must run under another operating system; to use them it is necessary to exit Windows XP, restart the computer, and load the other operating system. As was mentioned, Microsoft could break the third-party backup software at any time by issuing necessary software upgrades that also prevent the third-party backup software from functioning, as the company has done in other cases. See, for example, Sneaky service packs [infoworld.com], an August 26, 2002 column by InfoWorld writer Brian Livingston, who is perhaps the best-known computer industry columnist. Note that Microsoft's Sysprep software does not provide a workable backup method in most cases. Sysprep images are for preparation of initial installations of Windows XP only, and support only the exact hardware for which they were made. In cases in which there is a hardware failure a year or more after initial purchase, it would be unusual if the replacement hardware were identical. Because the configuration information for the motherboard and the configuration information for the applications are mixed together in the registry file, the registry tends to prevent you from moving a hard drive containing the Windows XP operating system to a computer with a different motherboard. That's another implication of the above Microsoft policy. So, if you have a motherboard failure, and a good complete backup that you made using tools you got from someone other than Microsoft, you may not be able to recover unless you have a spare computer with the same motherboard. "What is your name and address?" means "Can we invade your privacy?" Only technically knowledgeable people know how to avoid signing up for a Microsoft Passport account during initial use of Windows XP. Most people are honest and also intimidated by the complexity of a computer system. Apparently about 95% do whatever they are asked on the screen. They give their personal information to Microsoft. They don't realize that, if they feel forced to get a Passport account, they should enter almost completely fictitious information, since the real question is not "What is your name and address", but "Can we invade your privacy". The honest answer to this is "No, you cannot invade my privacy", and the only effective way to communicate that is to give completely fictitious information. Passport accounts are advertised as a way of making it easier to buy online, because the account identifies you to online sellers. In actuality, Passport accounts allow Microsoft to make money from every online transaction. Any money paid by sellers to Microsoft is ultimately paid by the buyer in higher prices, of course. There is absolutely no need for Microsoft's Passport. There is a free Internet browser called Mozilla [mozilla.org] that provides the same benefit to the user as Passport, but doesn't involve the extreme privacy invasion of the Microsoft method. Mozilla's Password Manager (under the Tools menu choice) remembers what you type when you supply any personal information, not just passwords. Next time you visit that web page, Mozilla asks if you want the web form information supplied automatically. If you want, Mozilla can encrypt all of your password and credit card and other form information; you then enter your master password to access the automatic data entry. The Mozilla browser is very highly regarded among computer professionals. It has other features that don't exist in Microsoft's Internet Explorer browser. Mozilla is open source software, which means that anyone can read the instructions that the program uses. The source code of Microsoft's Internet Explorer is hidden to anyone but Microsoft employees. Users may not want to give away their personal information to Microsoft, the company that has been the world's biggest source of Internet security risk. There are many, many examples of that risk. For example, Microsoft's Hotmail contained a bug that allowed anyone to read anyone else's email. For one of the many stories, see the August 30, 1999 article, Hotmail hole exposes free email accounts [CNET]. Microsoft's Passport is partly based on Hotmail accounts. See also the CNN article, Web site provides access to millions of Hotmail messages [CNN.com]. In an article titled Hotmail hole exposed free email accounts [abcnews.go.com] ABC News reported that one of the web pages that demonstrated the vulnerability was written on June 7, 1998, more than a year before Microsoft fixed the problem. Given the ease of using the vulnerability, and the wide publicity before it was fixed, it seems plausible that tens of thousands of people visited Hotmail email accounts without using passwords. Since it is the educated people who have computers, Passport accounts help Microsoft build a database of the personal lives of educated people. Microsoft knows when they connect and from what IP address (which tends to show the area), for what kind of help they ask, and information about what they are doing with their computers, including what music they like. It is not known, and there is no way to know, how much Microsoft or other organizations make use of this information, or their plans for future use. It is also not known if there are vulnerabilities that allow unauthorized people or organizations to access Microsoft's database. In the past, Passport has been shown to have zero security. See the Wired News article, Stealing MS Passport's Wallet [wired.com]. On August 8, 2002, the U.S. Government's Federal Trade Commission (FTC) ordered Microsoft to stop lying about its Passport service. The FTC's order is titled Microsoft Settles FTC Charges Alleging False Security and Privacy Promises [ftc.gov]. Microsoft's response to the FTC order was to lie about the significance of the order in an e-mail message. Palladium gives Microsoft the ability to prevent users from seeing their own documents and data. Not only has Windows XP definitely gone further in the direction of allowing the user less control over his or her own machine, but with Palladium, Microsoft apparently intends to finish the job: Microsoft will have ultimate control over the user's computer; users won't even be able to read their own data without permission from Microsoft. This Register article discusses where Microsoft wants to go: MS Palladium protects IT vendors, not you [theregus.com]. See this ZDNet article, also: MS: Why we can't trust your 'trustworthy' OS [zdnet.com]. Reduced Functionality in Windows XP In some areas, Microsoft Windows XP has reduced functionality. For example, the command line interface does less in some ways than the CLI in Windows 98 SE (Second Edition). The CLI is a big embarrassment because of its limited capabilities, but at least in Win 95 it worked. With every version since then it has worked less well. (There are two kinds of command prompt, and, according to Microsoft employees, the differences between them are not fully documented.) The command line prompt sometimes begins to display short file names. Microsoft employees say that Microsoft has no fix, although someone not connected with Microsoft did make a work-around. Cutting and pasting into a command line program often puts successive extra spaces before each line. Microsoft employees say that there is no plan to fix this. The fast paste mode that is in Windows 98 is gone in Windows XP. Microsoft employees say there is no plan to fix this. The DOS QuickEdit mode sometimes flashes wildly when trying to edit from a DOS box. When using the command line interface, Windows XP doesn't always update the time. After several hours, the time reported to command line programs can be several hours in error. There is a DOS program called START.EXE that can be used to start other programs. But it does not operate the same way as in other versions of Windows. It starts a program, but cannot be made to return control to the command line program as previous versions did. There is no technical reason for this; it is just one of the shortcomings that are allowed to exist. People often say that DOS has gone away. But Microsoft still calls the command line interface "DOS", and in Windows XP Microsoft has added new programs for configuring the OS that work only under DOS. There are many other insufficiencies in Windows XP. Sometimes when you press a key while using Windows XP, it is seconds until there is any response. Apparently there is something wrong with the CPU scheduler in XP, because there are a lot of complaints about this in the forums and MS people have said that they are working on it. On one particular fresh installation of XP, on an Intel motherboard with either a Matrox G550 or an ATI Radeon video adapter, it requires 18 seconds to display a directory listing of 94 items. This is apparently related to a bug in the video software, not the adapter drivers. Something is wrong with the taskbar and the Alt-Tab display of running programs under Windows XP. If there are a lot of programs, not all of them are displayed. The order jumps around in a seemingly random way. A reader sent a diagram showing that, when there are more than 21 programs loaded, the programs over 21 are shown, or not shown, in an order that is not easily guessed. Sometimes when a program is not represented on the taskbar is can look as though it is no longer loaded. This can be dismaying when the program contains a complicated setup, as when doing research on the internet and loading numerous web pages. Many people think the Windows XP user interface is poorly designed. As people use their computers more, they become more reliant on good design. Recently, Apple Computer released an operating system that has a version of Unix underneath and Apple's design for the user interface. Apple's article, Switch to Mac OS X (Macintosh Operating System 10) [apple.com], discusses the differences in user experience. The article is meant for software companies who are designing Apple versions of their existing Windows programs. The article gives a good idea of the flaws many people perceive in the Windows XP design. When companies pick an operating system, they are partly guessing the future. The investment in software is huge, not because of the cost of the software usually, but because of the training and maintenance. If a company makes the wrong guess, they may in the future need to spend a lot of management time, employee time, and money in switching to a new system. This makes it necessary that top managers understand the direction the industry is going. The combination of an excellent user interface and the power of Unix underneath has led computer professionals to consider Mac OS 10 presently the world's best operating system. Acceptance is slowed because there is no version what will run on Intel or AMD processors, the kind that most people have. Microsoft is widely disliked. It seemed that there were a lot of negative comments about Microsoft. Searches on Google for the words "hate Microsoft" or "hate Microsoft XP" returned many, many results. Not all these results are associated with disliking Microsoft, but the intensity and accuracy of the discussions on even the last page of the search results gives a general idea. (The plus signs in the search terms mean that the term is required.) Some of the web pages appeared soon after the introduction of Windows 95, such as So Why Hate Microsoft?? [tripod.com] and Why many Computer Lovers hate Microsoft: Questions & Answers [amazing.com] Some of the people who dislike Microsoft write for industry publications, such as Daniel Dern at Byte.com, whose August 6, 2001 article, Why I Hate Microsoft - This Week [byte.com], discusses his problems with Microsoft's licensing provisions. Some of the articles in general interest publications are surprisingly technical, such as the June 1999 article in the Boulder County Business Report (Boulder County, Colorado, USA), Why programmers love to hate Microsoft -- code out of control [bcbr.com]. The articles sometimes go into considerable detail, such as Why I hate Microsoft [euronet.nl] and The SMASH MICRO$OFT page [zip.com.au]. Apparently users are becoming much more technically knowledgeable, and beginning to resist practices that they previously did not understand. A lot of the dislike of Microsoft is caused by Microsoft's hostile behavior. Dislike of Microsoft first became strong among people who don't use computers when Microsoft's Bill Gates testified in the anti-trust case, and was perceived by many to be lying. Internal Microsoft documents such as those called the The Halloween Documents [opensource.org] discuss the impossibility of using FUD to compete with Open Source software. FUD stands for "Fear, Uncertainty, Doubt"; it is deliberate lying to take advantage of people who have less technical knowledge. See the section labeled "Key Quotes" in the Halloween Document I [opensource.org]. There have often been stories of Microsoft using its operating system monopoly to cause trouble for other software companies. An example is the August 1, 2000 WinInfo article Microsoft knew about, ignored SP1 [Service Pack 1] personal firewall issues [wininformant.com]. Here's a quote from the article: "Microsoft refused to fix the problem despite numerous complaints during the lengthy SP1 beta". Microsoft's behavior caused a huge amount of lost time. Merely documenting the problem would have saved many people many hours. It is difficult to evaluate what this strong negative sentiment toward Microsoft might mean to a company with 10,000 employees. Will it make Microsoft less able to hire good programmers, and therefore less able to fix security vulnerabilities? If an alternative to a Microsoft product appears, will the negative sentiment result in rapid movement away from the Microsoft product, making it less economically viable? Windows XP Service Pack 1 On September 9, 2002, Microsoft released Windows XP Service Pack 1 (SP1). This included, according to Microsoft, 311 kinds of fixes, involving more than 1,600 files. However, apparently none of the problems mentioned in this article were fixed. Although Microsoft says that there are 311 kinds of fixes in Windows XP SP1, industry writers have claimed that there are fixes that Microsoft has not documented. The Microsoft article, Release Notes for Windows XP Service Pack 1 [microsoft.com], lists the bugs that have been found in SP1 since it was released. Bruce Kratofil, an industry writer, said about Microsoft's automatic updating process: "There could be a whole lot of grief if this stuff gets automatically updated without you knowing about the issues ahead of time.". Automatic updating makes changes to the user's computer without the user's knowledge. Some people report major problems after installing SP1. For example, see the September 20, 2002 PC World article: Win XP Update Crashes Some PCs [pcworld.com]. (To put this issue in perspective, most users are not having problems.) Those who decide not to install SP1 must fix a very serious security bug immediately. See the September 28, 2002 Gibson Research article, Without XPdite, or XP's Service Pack 1, clicking on a simple, but malicious, URL can delete the entire contents of your directories. [grc.com] On one computer in which the author of this article installed SP1, the operating system power options were changed so that the system was allowed to go into Standby mode. The computer, which has an Intel motherboard of a type that is currently being sold by Intel, locks up when it goes into standby. All work is lost. Only someone quite knowledgeable would guess why the computer was ceasing to function. Microsoft has a history of allowing bug fixes to change the operating system settings without notice. Also, often installing new hardware, or a contact failure that seems to the system that hardware has been removed, or repairing the operating system by reloading, changes the system settings without notice. For example, in Windows 98 Second Edition, changing networking driver software resets the network to the least secure setting. There is no warning. Where is Microsoft taking us? There are many other indications of where Microsoft is taking its customers. People who buy Microsoft mice don't get the full functionality until they let the mouse software (!) connect to Microsoft's computers. Microsoft makes it quite difficult to upgrade a computer to fix bugs if it isn't connected to the Internet. Sometimes the downloadable updates lag behind those available with Windows Update, that requires that the computer be connected to the internet. The downloadable updates are not in an order that makes it easy to decide what you need. Windows Media Player reports your music choices to Microsoft. The EULA (End User License Agreement) for a security bug fix [bsdvault.net] to Windows Media Player gives Microsoft complete control over your computer: They own it, not you. That shows that Microsoft can and will be sneaky. (The EULA says that it is limited to Digital Rights Management, but Microsoft is trying, with Palladium, to extend Digital Rights Management to everything you do on your computer.) This gives an idea of the moral limits felt by Microsoft. See also the 12th paragraph of a comment about the settlement of the Microsoft anti-trust case [usdoj.gov], on the DOJ web site. Another indication of the direction Microsoft is going is that, in Windows XP, menus are sometimes 7 levels deep. This seems to show a lack of ability to manage the development of useable software. Unhealthy control leads to more unhealthy control. Managers at Microsoft seem to be trying to create a situation in which Microsoft operating systems are not independent software, but are dependent on Microsoft computers. They apparently feel that there is no limit to the control they should have, and are strongly determined to extend that control. The attempt to take more control, and to take more control without adequate explanation, is a huge gamble with investor's money. If it strongly alienates people from Microsoft, there may be a time when the company has difficulty selling even good products. Wanting more control, and a desire for control that cannot be controlled, is a common psychological problem. For example, dictators of governments often test the limits until they destroy themselves. Design effective resistance to abuse. Human society in general is not effective at stopping abuse. People have a difficult time being clear about abusiveness, and therefore about protesting it and stopping it. It is especially difficult for the average person to feel clear about something technical like software. People tend to blame themselves rather than the software that should serve their needs. Instead of efficiently moving to limit the destructiveness of the abuser, the abused people often begin to attack each other. Often technically knowledgeable people have the presumption that, if they know something another person doesn't know, that gives them a license to attack the other person, or to feel superior. The fighting among themselves of people knowledgeable about computers is part of the reason there has been very little effective resistance to Microsoft's abuse. Microsoft's self-destructiveness does not mean that the user should be self-destructive. There is no need to apologize for using Microsoft software, as many people do who know a lot about computers. The correct solution to abuse is persuading the abuser to stop being abusive. Rather than feel embarrassed because Microsoft is abusive, action needs to be taken to prevent the abuse. If you protest effectively against Microsoft abuse, you are not against Microsoft; you are more pro-Microsoft than Bill Gates. Michael Jennings E-Mail: MJennings AT myrealbox DOT com (Take out the spaces, change AT to @, and change DOT to a period to e-mail the author. The coded e-mail address helps discourage misuse of the address by computer robots that harvest email addresses for sale to those who send unwanted e-mail.) November 4, 2002, #1 (file micro06t.htm) The latest version of this article can be found at http://www.hevanet.com/peace/microsoft.htm. An equivalent address is http://www.futurepower.net/microsoft.htm. (Always select View/Reload on your browser, so you read the version on the web site, and not the version you read before, that was stored in your computer.) If you want other people who have an Internet connection to read this article, please send them this link, rather than sending the article by e-mail. That way they will read the latest version. This article may be sent to anyone by e-mail without permission from the author, provided that no changes are made, and provided you have some knowledge of the person to whom you are sending the e-mail. If you print this article with no changes, you may give it to anyone you know. Other use requires permission. Copyright 2002. Futurepower ® is a trademark worldwide. Please mention errors and shortcomings to the author so that he can correct them. Microsoft and Windows XP are trademarks of Microsoft Corporation. |