Author Topic: Windows 7 vs Windows 10??  (Read 53665 times)

0 Members and 1 Guest are viewing this topic.

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Windows 7 vs Windows 10??
« Reply #200 on: April 01, 2020, 01:56:28 pm »
PCBCAD51 yes.
PCBCAD360 anything after XP.
PCBCAD720 Win 7/10 only
7/10 but no 8.1? What oddball library is that?
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6867
  • Country: fi
    • My home page and email address
Re: Windows 7 vs Windows 10??
« Reply #201 on: April 01, 2020, 02:38:16 pm »
I think the idea with updates made the software much less secure.
I agree.

This is slightly off-topic, but for those same reasons, software should never be able to modify itself or its own configuration files; you should always separate privileges between normal operation and updates/configuration.

Most web thingies, like this here forum, are exploited via the lack of that privilege separation.  For example, the file upload mechanism might be exploitable so that it creates or modifies a script file; then triggering its execution lets an attacker execute arbitrary code with the service privileges.  Yet, there is basically never any need to allow users to upload scripts in server-executable form.  It is only needed if you insist on the service being able to self-update/upgrade.

I have designed a POSIX user/group scheme for separating privileges for a web forum between login/password management, uploads, downloads/normal web access, one or more configuration administrator, and system-level updates.  It works, and completely stops e.g. script drops/bombs.  Difficulty is, none of the existing web hosting schemes can support it (because the existing management apps do not support such schemes; only one user account per vhost, or one group and one or more user accounts per vhost; neither of which is enough), and nobody actually values the security enough to fund/support developing it further, especially when it requires at least a private virtual server (instead of just a standard web hosting account) to run.

We could do much better, we just choose not to, because it is not considered cost effective. >:(
« Last Edit: April 01, 2020, 02:41:15 pm by Nominal Animal »
 

Offline mrflibble

  • Super Contributor
  • ***
  • Posts: 2051
  • Country: nl
Re: Windows 7 vs Windows 10??
« Reply #202 on: April 01, 2020, 03:41:28 pm »
I have designed a POSIX user/group scheme for separating privileges for a web forum between login/password management, uploads, downloads/normal web access, one or more configuration administrator, and system-level updates.  It works, and completely stops e.g. script drops/bombs.
Awww, poor Bobby Tables. :(  He'll probably have a real rough time registering on that forum. ;)
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6867
  • Country: fi
    • My home page and email address
Re: Windows 7 vs Windows 10??
« Reply #203 on: April 01, 2020, 04:35:26 pm »
I have designed a POSIX user/group scheme for separating privileges for a web forum between login/password management, uploads, downloads/normal web access, one or more configuration administrator, and system-level updates.  It works, and completely stops e.g. script drops/bombs.
Awww, poor Bobby Tables. :(  He'll probably have a real rough time registering on that forum. ;)
No, because input sanitizing is a completely separate issue.  (And one that PHP's "magic quotes" just made a lot worse, because it only made it easier for poor developers create something that appeared to work, but could still be exploited.  You can write pretty secure PHP code, there just are a number of configuration settings and tunables that can make that code fail or become easily exploitable.)

Me, I've never had any issues with that, because I started my wet web work by making sure stuff like Ö and å were handled correctly by my server-side stuff, in the mid-to-late nineties.  My code would treat his full name, Robert'); DROP TABLE Students; --, as an opaque sequence of Unicode glyphs, and never try to parse any of it.

(Which reminds me: If you want to sort people alphabetically, you better use separate fields for their first names, last names, full names, and nickname.  Yes, it is repetitive, but any way to automagically split it will fail, at least for some people.  We humans are fun-ky!)

Privilege separation works on a much lower level.  (I do believe the same scheme would work just fine in e.g. Windows, too, I just haven't verified it.)
It moves the majority of exploitable security checks and lack of checking from the code to the OS/kernel.

Essentially, the web server (typically Apache or Nginx nowadays) handles the protocol (HTTP over TLS), and forwards each request to a worker process based on the URL.  Obviously, not every worker needs the same privileges, yet that is how they currently work; they all run at the administrator privileges.  I've happened to work on servers for a number of different organizations from small companies to universities, and worked out the worker privilege hierarchy that things like discussion forums need in practice.  It is just software engineering, with a lot of data and practical experience backing up the design.  I've also done things like design the user/group hierarchy for the human users modifying the content on the server, when you have a lot of sub-projects and partially overlapping privileges.  It's kinda like solving burr puzzles, really.  However, I do not know all the features the people running the forums need, the interfaces needed for effective moderation and so on, so I cannot build a web forum on my own.  I can do the underlying engine, but I'd need help from other people to build the user/moderator interfaces and so on.

Apologies for getting off topic.  UAC wasn't part of the first few versions of Windows, but definitely is part of Windows 7 and 10.  I wonder if there are still OS folks at Microsoft who do not see UAC the way I do, and just feel it is a necessary obstacle to be worked around?  Many current Windows applications seem to be designed to be self-upgrading, which does open the exact same security issues it does for web forums...  I dunno.
« Last Edit: April 01, 2020, 04:41:12 pm by Nominal Animal »
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15329
  • Country: fr
Re: Windows 7 vs Windows 10??
« Reply #204 on: April 01, 2020, 05:47:27 pm »
UAC wasn't part of the first few versions of Windows, but definitely is part of Windows 7 and 10.

UAC was just a fancy name for handling user account privileges/security, something that was already there in Windows NT AFAIR, so any Windows version starting with NT and derivatives (2000, XP, ... up to 10) implement a relatively proper user account management.

What is defined as UAC by MS was, I think, introduced in Windows Vista (and mind you, was one of the reasons so many people were put off by Vista at the time, how ironic), and the addition to just account NT management was, AFAIR, just the fact that you could create user accounts with bastardized privileges: meaning you could have administrator privileges, but the OS would still warn you and ask for confirmation for certain operations requiring escalated rights. In a way, it was akin to "sudo" rights in Linux, but with the added feature that typing your password to validate the operation was not mandatory - just a fricking confirmation dialog with an OK button to click on. Still, that was a progress from what Windows users were accustomed to, as a typical user account would run with restricted privileges all the time, and you could elevate privileges on demand. From what I remember, when Win2000 was released, it was in fact just Windows NT 5.0, but of course the targeted audience was not the same, so most people tended to create user accounts with Administrator privileges (to avoid constantly swapping between users) and that was not that great. But if you were not lazy, you could absolutely create an Administrator account to handle administration tasks - including possibly installings apps - and then user accounts for your daily tasks. MS just noticed that almost nobody cared to do that, so they had to find something intermediary.

I wonder if there are still OS folks at Microsoft who do not see UAC the way I do, and just feel it is a necessary obstacle to be worked around?

As I noted above, you need to define clearly what you mean by UAC.
User accounts with privileges exist starting from Win NT, which is a very long time ago. UAC was just added sugar on top of NT user accounts IMO, meant to make user accounts a bit less "painful" for the average joe.

Anyway, surely, dealing with possibly restricted privileges is often an annoyance for developers, so I wouldn't be surprised if many were still trying to work around them when possible instead of just doing with them.
 

Offline rdl

  • Super Contributor
  • ***
  • Posts: 3667
  • Country: us
Re: Windows 7 vs Windows 10??
« Reply #205 on: April 01, 2020, 06:06:16 pm »
The problem with UAC and user accounts on Windows was mainly that Microsoft didn't make much of an attempt to explain any of it to the user.
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6867
  • Country: fi
    • My home page and email address
Re: Windows 7 vs Windows 10??
« Reply #206 on: April 01, 2020, 07:59:37 pm »
UAC wasn't part of the first few versions of Windows, but definitely is part of Windows 7 and 10.
UAC was just a fancy name for handling user account privileges/security, something that was already there in Windows NT AFAIR, so any Windows version starting with NT and derivatives (2000, XP, ... up to 10) implement a relatively proper user account management.
Yup.  3.11, 95, and 98 had none.

As I noted above, you need to define clearly what you mean by UAC.
The general concept of user privileges, really.

Anyway, surely, dealing with possibly restricted privileges is often an annoyance for developers, so I wouldn't be surprised if many were still trying to work around them when possible instead of just doing with them.
That's who I was referring to, too; not the MS OS developers, but the MS application developers.  FWIW, I've never found restricted privileges annoying, because I use them to limit the reach of my blunders -- I have them working for me, not against me.

But, like I said, I can imagine that a developer who wants their application to be able to upgrade itself at run time, finds restricted privileges annoying; it's just that that model is basically impossible to secure in any meaningful way.  The problem is not in the OS, in the programming language, or really anything technical per se; it is just that many application and service developers use rather insane paradigms, like self-upgrading/self-modifying applications, without understanding their security implications.

(As an example, it is difficult for malware to infect your application program and spread, if your application cannot modify executable binaries.  Finding a simple buffer overrun/arbitrary code execution bug to exploit no longer suffices; you also need a kernel privilege escalation bug to exploit as well.  The latter are much rarer than the former type of bugs.)

This is what I mean when I say security cannot be applied on top afterwards; it must be designed in from the get go.  Security is part of the design process, not an optional feature.  Very few online resources talk about proper privilege separation in application design, however... I'm not familiar with the MS dev resources, but my understanding is that they too fail to make it clear to application developers how important privilege separation is, and how to do it right (in typical situations).

Thus, I definitely think that the design paradigm wrt. updates -- on one hand, letting users discover any issues, and on other hand, thinking that self-modifying/updating applications are perfectly reasonable in a general purpose operating system; or more generally that everything can be updated afterwards -- is a central source of security issues, just not an immediately obvious one.
 

Online nctnico

  • Super Contributor
  • ***
  • Posts: 27935
  • Country: nl
    • NCT Developments
Re: Windows 7 vs Windows 10??
« Reply #207 on: April 01, 2020, 08:32:36 pm »
The problem with UAC and user accounts on Windows was mainly that Microsoft didn't make much of an attempt to explain any of it to the user.
And it is also implemented poorly so lots of people run as administrator anyway because some software won't work (especially in the early days).
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline NorthGuy

  • Super Contributor
  • ***
  • Posts: 3246
  • Country: ca
Re: Windows 7 vs Windows 10??
« Reply #208 on: April 01, 2020, 09:46:06 pm »
The problem with UAC and user accounts on Windows was mainly that Microsoft didn't make much of an attempt to explain any of it to the user.
And it is also implemented poorly so lots of people run as administrator anyway because some software won't work (especially in the early days).

It also assumes that people know when to allow the access and when not. But they don't. So, they always agree, making the system totally useless.
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6867
  • Country: fi
    • My home page and email address
Re: Windows 7 vs Windows 10??
« Reply #209 on: April 02, 2020, 10:01:43 am »
The same problem is on Android phones, too: most people just grant the privileges requested, because otherwise the apps won't work right.

It is really not a technical problem per se, or at least one that you can blame the OS developers for, it is a problem in the human approach to privilege separation.  Like I said, many (most?) application and service developers do not seem to understand privilege separation at all, and rarely use it to their advantage, and feel it is an annoyance instead.  I guess we don't really have a good non-technical-human-understandable model for application/service privileges yet.  No wonder, then, that our software is so full of security holes...
 

Offline nigelwright7557

  • Frequent Contributor
  • **
  • Posts: 701
  • Country: gb
    • Electronic controls
Re: Windows 7 vs Windows 10??
« Reply #210 on: June 07, 2020, 04:01:44 pm »
I have used Win 10 since it came out.
It was a bit buggy and unstable to start with but is about 99.9% fine now.
I recently had a customer complain the software I sold him wouldnt run under Win 7 32 bit.
According to Microsoft it should.
So I installed Win 7/32 on my pc and indeed it doesnt even with SP1 and other prerequisites.
So I tried to install Visual Studio to find out where my code crashed out.
That didnt get past the installer before crashing out.
So gave up.




 

Offline nigelwright7557

  • Frequent Contributor
  • **
  • Posts: 701
  • Country: gb
    • Electronic controls
Re: Windows 7 vs Windows 10??
« Reply #211 on: June 07, 2020, 04:02:55 pm »
PCBCAD51 yes.
PCBCAD360 anything after XP.
PCBCAD720 Win 7/10 only
7/10 but no 8.1? What oddball library is that?

I choose to ignore Win 8 as its obsolete.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Windows 7 vs Windows 10??
« Reply #212 on: June 07, 2020, 04:05:23 pm »
I choose to ignore Win 8 as its obsolete.
Windows 7 and 8 are obsolete but 8.1 isn't.
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15329
  • Country: fr
Re: Windows 7 vs Windows 10??
« Reply #213 on: June 07, 2020, 04:51:13 pm »
Whereas "obsolete" is all a matter of perspective here and mainly depends on whether you're ready to "lose" some customers due to not supporting specific OS versions, the following figures tend to show that nigelwright7557's approach makes sense:

https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide/
 

Offline SilverSolder

  • Super Contributor
  • ***
  • Posts: 6126
  • Country: 00
Re: Windows 7 vs Windows 10??
« Reply #214 on: June 07, 2020, 04:52:56 pm »
The same problem is on Android phones, too: most people just grant the privileges requested, because otherwise the apps won't work right.

It is really not a technical problem per se, or at least one that you can blame the OS developers for, it is a problem in the human approach to privilege separation.  Like I said, many (most?) application and service developers do not seem to understand privilege separation at all, and rarely use it to their advantage, and feel it is an annoyance instead.  I guess we don't really have a good non-technical-human-understandable model for application/service privileges yet.  No wonder, then, that our software is so full of security holes...

The real issue is that the surveillance capitalist business model depends on getting access to as much data as possible...  they WANT access to your contacts, location, etc., even though it isn't necessary to do what the app does (e.g. show recipes for yorkshire puddings).

The primary purpose of many apps is to engage in surveillance, whatever function they do is just bait!
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Windows 7 vs Windows 10??
« Reply #215 on: June 07, 2020, 05:14:20 pm »
Whereas "obsolete" is all a matter of perspective here and mainly depends on whether you're ready to "lose" some customers due to not supporting specific OS versions, the following figures tend to show that nigelwright7557's approach makes sense:

https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide/
An OS is either supported or obsolete. Windows 7 is obsolete.
 

Offline SilverSolder

  • Super Contributor
  • ***
  • Posts: 6126
  • Country: 00
Re: Windows 7 vs Windows 10??
« Reply #216 on: June 07, 2020, 05:52:44 pm »
Whereas "obsolete" is all a matter of perspective here and mainly depends on whether you're ready to "lose" some customers due to not supporting specific OS versions, the following figures tend to show that nigelwright7557's approach makes sense:

https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide/
An OS is either supported or obsolete. Windows 7 is obsolete.

If you are on a special plan with Microsoft, it is not obsolete - it has another couple of years or so to go, with full update availability, if I remember correctly.

It will still be around in various terminals and fixed embedded systems for years after that...

There are still hundreds of millions of PCs out there running Win 7.

Win 7 is/was a well loved Windows version...
 

Online Nusa

  • Super Contributor
  • ***
  • Posts: 2417
  • Country: us
Re: Windows 7 vs Windows 10??
« Reply #217 on: June 07, 2020, 05:59:02 pm »
Whereas "obsolete" is all a matter of perspective here and mainly depends on whether you're ready to "lose" some customers due to not supporting specific OS versions, the following figures tend to show that nigelwright7557's approach makes sense:

https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide/
An OS is either supported or obsolete. Windows 7 is obsolete.

No, an OS is either supported or not supported. Obsolete is defined by different criteria.

In one sense, Win7 became obsolete when it was no longer being sold (but was still supported).
In another sense, Win7 may still not obsolete in certain applications. For instance, some medical devices are running Win7 and some new devices are probably still being shipped with Win7. Certifying stuff for a new OS is non-trivial for such things.
For that matter, I'm pretty sure there are still medical devices running XP in active use -- not long ago I watched an ultrasound scanner of the right vintage (CRT displays, even) being used to search for blot clots. One doesn't stop using extremely expensive devices that still work just because the OS is technically out of date.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Windows 7 vs Windows 10??
« Reply #218 on: June 07, 2020, 06:05:28 pm »
If you are on a special plan with Microsoft, it is not obsolete - it has another couple of years or so to go, with full update availability, if I remember correctly.

It will still be around in various terminals and fixed embedded systems for years after that...

There are still hundreds of millions of PCs out there running Win 7.

Win 7 is/was a well loved Windows version...
Mere mortals don't have access to extended support. We can go back and forth about specifics and people tend to regularly get very touchy when it comes to Windows 7 but the long story short is that it's obsolete.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Windows 7 vs Windows 10??
« Reply #219 on: June 07, 2020, 06:18:24 pm »
No, an OS is either supported or not supported. Obsolete is defined by different criteria.

In one sense, Win7 became obsolete when it was no longer being sold (but was still supported).
In another sense, Win7 may still not obsolete in certain applications. For instance, some medical devices are running Win7 and some new devices are probably still being shipped with Win7. Certifying stuff for a new OS is non-trivial for such things.
For that matter, I'm pretty sure there are still medical devices running XP in active use -- not long ago I watched an ultrasound scanner of the right vintage (CRT displays, even) being used to search for blot clots. One doesn't stop using extremely expensive devices that still work just because the OS is technically out of date.
Let me make it very clear I have no interest in another silly and senseless argument about OSs. People somehow tend to get ridiculously emotional so I'm sticking to what we objectively know. Windows 7 is past End of Life. Ancient versions of Windows on expensive devices have little bearing on this situation, for various reasons. Unless people are saying they're designing PCBs on ultrasound scanners. In that case I'm slowly backing out of the room and leaving people to their kinks.  ;D
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15329
  • Country: fr
Re: Windows 7 vs Windows 10??
« Reply #220 on: June 07, 2020, 06:30:07 pm »
Whereas "obsolete" is all a matter of perspective here and mainly depends on whether you're ready to "lose" some customers due to not supporting specific OS versions, the following figures tend to show that nigelwright7557's approach makes sense:

https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide/
An OS is either supported or obsolete. Windows 7 is obsolete.

No. As a software editor, you either support an OS or you don't, according to 1/ your customer base and 2/ your abilities. Given 7 still has a significant market share, wheras 8 and 8.1 don't, there is nothing else to consider here. As I said, all that matters is whether you want to lose customers or not. Everything else is wank.
 

Offline NorthGuy

  • Super Contributor
  • ***
  • Posts: 3246
  • Country: ca
Re: Windows 7 vs Windows 10??
« Reply #221 on: June 07, 2020, 06:34:48 pm »
An OS is either supported or obsolete. Windows 7 is obsolete.

Webster suggests that "obsolete" means "no longer in use or no longer useful". According to NetMarketshare, Windows 7 is used by 25% of the market (surpassing MacOS by huge margin). For me, it will forever remain the last useful version of Windows.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Windows 7 vs Windows 10??
« Reply #222 on: June 07, 2020, 06:35:25 pm »
No. As a software editor, you either support an OS or you don't, according to 1/ your customer base and 2/ your abilities. Given 7 still has a significant market share, wheras 8 and 8.1 don't, there is nothing else to consider here. As I said, all that matters is whether you want to lose customers or not. Everything else is wank.
Windows 7 is past End of Life. Anything else can be endlessly argued and debated and is indeed wank, though it does appear almost all relevant developers seem to follow suit.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Windows 7 vs Windows 10??
« Reply #223 on: June 07, 2020, 06:37:57 pm »
Webster suggests that "obsolete" means "no longer in use or no longer useful". According to NetMarketshare, Windows 7 is used by 25% of the market (surpassing MacOS by huge margin). For me, it will forever remain the last useful version of Windows.
It's no use arguing personal opinions as they will inevitably end up wildly varying. I don't think we need another one of those discussions.
 

Online Nusa

  • Super Contributor
  • ***
  • Posts: 2417
  • Country: us
Re: Windows 7 vs Windows 10??
« Reply #224 on: June 07, 2020, 06:39:34 pm »
No, an OS is either supported or not supported. Obsolete is defined by different criteria.

In one sense, Win7 became obsolete when it was no longer being sold (but was still supported).
In another sense, Win7 may still not obsolete in certain applications. For instance, some medical devices are running Win7 and some new devices are probably still being shipped with Win7. Certifying stuff for a new OS is non-trivial for such things.
For that matter, I'm pretty sure there are still medical devices running XP in active use -- not long ago I watched an ultrasound scanner of the right vintage (CRT displays, even) being used to search for blot clots. One doesn't stop using extremely expensive devices that still work just because the OS is technically out of date.
Let me make it very clear I have no interest in another silly and senseless argument about OSs. People somehow tend to get ridiculously emotional so I'm sticking to what we objectively know. Windows 7 is past End of Life. Ancient versions of Windows on expensive devices have little bearing on this situation, for various reasons. Unless people are saying they're designing PCBs on ultrasound scanners. In that case I'm slowly backing out of the room and leaving people to their kinks.  ;D
Let me be equally clear. While I still use Win7, that wasn't my point at all. The point is that you are using two words that are neither opposite or mutually exclusive.

Obsolete is not the opposite of supported. Supported products can also be obsolete.

And vice versa: Current is not the same thing as supported. There are plenty of modern products on the market that have absolutely no support -- caveat emptor!
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf