Windows XP Shows the Direction Microsoft is Going.
by Michael Jennings, Futurepower ®
Last updated February 16, 2003.
The latest version of this article can be found at
An equivalent address is
French version: Pour une version récente de cet article en Français, visitez
Spanish version: Para la última versión del artículo en castellano,
This article follows the settings of your browser.
Adjust your browser to a comfortable width for reading.
This article is frequently updated. If you have visited it before,
select View/Reload in your browser (or type Control-R),
so you read the version on the web site, and not the one stored
in your computer.
French version added December 31, 2002: Pour une version récente
de cet article en Français, visitez http://www.hevanet.com/peace/microsoft-fr.htm.
November 15, 2002: Bruce Schneier recommends this
article. Bruce Schneier, well-known computer security analyst, said in his November 15 newsletter [counterpane.com]
that this article is "A well-written analysis of the major security/ privacy/ stability concerns of Windows XP." Mr.
Schneier wrote the books Applied Cryptography and Secrets and Lies: Digital Security in a Networked
World, and other books
Spanish version added November 3, 2002: Para la
última versión del artículo en castellano, visite
You have a right to know. You have a right to
all the information you need to make an informed choice about any product you buy.
The author wrote this article because of the need to give his customers fundamental information about the
direction Microsoft wants to take them. Few people have the technical background to understand fully the advantages and
disadvantages of software as complex as an operating system. Without fundamental information, it is difficult for
non-professionals to understand the advice of professionals.
The author is not anti-Microsoft in any way. There appear to be management problems at Microsoft, but the
author would like any problems to be fixed, rather than have the entire world suffer through Microsoft doing poorly. Because he
has spent considerable time trying to understand the problems, and because he cares deeply about fixing the problems, the author
is, in that sense, "more pro-Microsoft than Bill Gates".
This article is support for your own
investigation. Use this article to support your own thinking and investigation. It is not intended as
direct advice. If you don't have enough technical knowledge to evaluate the information presented here, please do not simply
believe the author of this article. To avoid misunderstanding, find someone with technical knowledge who can help you.
If you need help evaluating the issues here, the following remarks may be useful in choosing someone to
Computer professionals are sometimes not computer users. Often those who know a lot
about computers are not especially heavy users of their own computers. They may not have encountered some of the problems that
are mentioned in this article. Often people who only use their computers for email, web browsing, and word processing wipe their
hard disks clean and re-install everything every few months. This avoids some of the problems.
Some of the problems mentioned below are most serious for companies that have thousands of employees who use
numerous special applications.
The seriousness of an objection is not proportional to its intensity. Sometimes
have been people who have complained very strongly about something
written here. When strong objections have been evaluated, they
have sometimes been found to be small in comparison to the intensity of
There are people whose self-esteem is strongly tied to their knowledge of computers. When they discover
something that they don't know they sometimes have a negative reaction that sounds like a serious objection.
Consider conflict of interest. Consider whether the advice of a technically
knowledgeable person is influenced by conflict of interest. For, example, if someone has spent many years taking expensive
courses in administering Microsoft software, he or she may be very reluctant to say, or see, anything negative. This is
particularly true if the person has a spouse and children and mortgage, and no other good way of earning money.
Consider each issue separately and carefully. It's necessary to evaluate each issue
carefully. If someone raises an objection that is discovered to be valid, that does not necessarily mean that other issues are
Notify the author of corrections. If you find a mistake in this article,
please write the author at the address at the end so that it can be corrected. On December 29, 2002, for example,
someone mentioned that there was a mistake in wording in a section of a former version of this article. He also asked a
question about something that was not well documented. Corrections were made and 14 new paragraphs were added the same
day. Not all corrections and additions are made this quickly. However, the article has been revised and extended more
than 50 times since it was first published.
Connections Microsoft Windows XP connects with other computers, or expects to be allowed
through the user's network protection firewall, in more than 16 ways. Network security is something the computer user
and the operating system supplier need to do together, but Microsoft seems to show little sensitivity to the user's
The issue is not that the connections are always bad for the user. The issue is that Microsoft has
moved from making operating systems that are independent to making operating systems that try to connect to Microsoft's
own computers, and are somewhat dependent on new ways of having access through the software firewall. Windows XP is the
first Microsoft operating system to challenge whether the user can have control over his or her own computer.
Windows 98 does not connect to Microsoft's computers. Microsoft Windows 98
connects to Microsoft's computers only by user request.
Windows XP connects with Microsoft's computers and expects to be allowed through the user's
firewall in many new ways. Each user has a responsibility to control what goes in and out of his
or her computer. Microsoft's new networking arrangements make this difficult. Here is a (probably incomplete) list of
ways Windows XP tries to connect each user's computer to Microsoft's computers, or expects to be allowed through the
user's software firewall:
- Application Layer Gateway Service (Requires server rights. "Server rights" means that this Microsoft software inside
your computer can set up an arrangement that allows other computers to control it.)
- Fax Service
- File Signature Verification
- Generic Host Process for Win32 Services (Requires server rights.)
- Microsoft Direct Play Voice Test
- Microsoft Help and Support Center (If you don't stop it, using "Help and Support" notifies Microsoft of the subject
of your search.)
- Microsoft Help Center Hosting Server (Wants server rights.)
- Microsoft Management Console
- Microsoft Media Player (Tells Microsoft the music and videos you like. See the February 20, 2002 Security Focus
article Why is Microsoft watching us watch
DVD movies? [securityfocus.com].)
- Microsoft Network Availability Test
- Microsoft Volume Shadow Copy Service
- Microsoft Windows Media Configuration Utility (Setup_wm.exe,
sometimes runs when you use Windows Media Player.)
- MS DTC Console program
- Run DLL as an app (There is no indication about which DLL or
which function in the DLL.)
- Services and Controller app
- Time Service, sets the time on your computer from Microsoft's computer. (This can be changed to get the time from
another time server.)
The new connections create three major issues for users:
1) The new Microsoft policy creates security concerns:
a) The new policy creates enormous difficulty in making the user's computer secure. How can someone
write rules about connecting for use with a firewall when Microsoft doesn't supply sufficient information about what
each service is doing? It is possible for a skilled professional to research what each service normally does. However,
even a professional cannot know the behavior of Windows XP in all unusual cases; the program is too complicated.
b) The new connections may have created new classes of security vulnerabilities. Microsoft software
has consistently been found to be extremely defective. (See the section, Why so many defects?)
There is apparently very little explanation from Microsoft and no review by security professionals outside Microsoft
concerning the new methods of connecting.
2) Microsoft has programmed Windows XP to contact other computers and transfer information from
the user's computer to the other computers:
a) If you have only three DVDs that your children watch sometimes on your home machine that is
always connected to the Internet (through a broadband connection), you may not care that Microsoft knows when they
watch them. If you seldom use the Windows XP help facility, you may not care that Microsoft is able to know the level
of expertise of the people who use your computer.
However, if you are using Windows XP in a large corporation or a government, the fact that another
organization believes that it can gather data from you may be completely unacceptable.
b) Even if, with an enormous amount of effort, professionals determined what information is sent to
other computers, it cannot be known what information is sent in unusual circumstances. As mentioned above, there are
simply too many pathways in complicated software to check all of them.
(Contrast this with the Linux and BSD operating systems: Changes are discussed intensively and
openly before they are made. The instructions to the computer [source code] are open for anyone to see and criticize.
Those who program open source software have no interest in collecting information about the people they serve.)
3) By changing the way its operating systems connect, Microsoft has created uncertainty about its
a) What is the purpose of the new policy? Where does Microsoft intend to go with this new direction?
We don't have answers.
b) Microsoft has shown it feels free to create new kinds of connections without any review by or
explanation to the computing community. Microsoft sees the user as someone who has no rights, apparently. Big companies
that must plan their computer use years in advance commit their companies to an operating system. With Windows XP they
cannot know what that commitment means; maybe if they accept Microsoft's behavior now, Microsoft will do something they
cannot accept in the future, making a costly change necessary.
c) Not only does the new policy show that Microsoft believes it can make changes to its software at
any time without review, but the company has shown that it believes it can force those changes on the user. For
example, sometimes Microsoft has used security upgrades to change the operation of other components of its software, or
to change the licensing terms. To get a necessary security upgrade, it is necessary to agree to whatever Microsoft has
decided. Even if it could be known that Microsoft Windows XP makes no objectionable information available to Microsoft,
and creates no new security vulnerabilities, that could change at any time.
To generate the above list of ways that Windows XP connects, disable Microsoft's firewall and use
the Zone Labs [zonelabs.com] ZoneAlarm
firewall, which is free for personal use. The free version is located at the link Download FREE
(You may not want to buy a spyware removal program, as ZoneLabs suggests. Spybot [kolla.de] is a good spyware removal program, and it is free. Also see the Spybot mirror site [ejrs.com]. The former best spyware remover, Ad-Aware [lavasoftusa.com], was not updated from September 2002 to
February 2003. Now there is a new version, but it seems sensible to wait to use Ad-Aware again until the new software has been
extensively tried and reviewed.)
Also, Tiny Personal Firewall is reputed
to be a good software firewall for Microsoft Windows. A software firewall is necessary, even for people who have a
hardware firewall, and the Microsoft software firewall that comes with Windows XP has very limited features.
When Windows XP tries to connect to another computer, ZoneAlarm will display a dialog box asking
whether that is okay. If you say no to some of the requests, some functions of Windows XP will not work (such as
An article from Microsoft called Managing
Automatic Updating and Download Technologies in Windows XP [microsoft.com] mentions 11 ways in which Windows XP
components automatically download software from Microsoft computers. The article says,
"Outlined below is a list of components, applications, and technologies discussed in
this whitepaper that have the ability to automatically download and install updated software and information from the
Note that this does not say that the 11 are the only ways that Microsoft XP connects with
Microsoft's computers. It says that the 11 are the only ones "discussed in this whitepaper".
The Microsoft article tells how to disable the hidden downloading. However, the disabling is very
time-consuming. Also, Microsoft has a history of using defect fixes and security fixes to change the operating system
settings. This means that all the settings would need to be checked after every defect fix or security vulnerability
Windows XP will operate without a connection to the internet. Windows XP will operate if the user
uses a hardware firewall that blocks unwanted connections. However, most users don't know how to block connections.
They are connected without being notified.
It is expensive to evaluate the present privacy and security vulnerabilities of these connections and
impossible to evaluate the future vulnerabilities. Not everyone can afford to pay.
If the huge change in direction from Windows 98 is continued, it seems reasonable to worry that
future versions of Windows could become more dependent on Microsoft computers than Windows XP is now. That would fit
with Microsoft's new policy of trying to convert customers to paying every year even if there have been no
Often there is other hidden operation, no notification, and/or insufficient or no
explanation. There are other ways that Microsoft keeps control:
- All versions of Microsoft Office keep a number that identifies your
computer in each file you create that includes Visual Basic macros.
Office 97 keeps an identifying number even if there are no macros. (The
free and excellent Open Office [openoffice.org] does not have this problem, even when it uses the Microsoft file formats.)
- The software that comes with some Microsoft mice has reduced functionality until you let it connect to Microsoft
The major issue in this section is that, to satisfy the legitimate needs of users, computer software
makers need to recognize a partnership between the themselves and the users. Microsoft, however, often devises methods
without fully explaining them and changes the operation of its software without notice.
For example, there are strange protocols. Try putting each of these links that Microsoft calls
"URLs" (Addresses are called Uniform Resource Locators.) in the address box of Microsoft Internet
Explorer running on Windows XP. To do this test, it is necessary to take the spaces out of each of the lines shown. The
spaces were inserted because unbroken lines prevent re-sizing the browser width.
- MS-ITS:C:\WINDOWS\Help\ tcpip.chm::/sag_TCPIP_pro_Ping.htm
(Remember to delete the spaces if you test this line.)
"MS-ITS:" is a Microsoft help protocol. To see other examples, right-click on a link in the
Windows XP Help and Support Center. Choose Properties. Note that in the screen image of a sample Properties window, Windows XP says that "MS-ITS:" is an "Unknown
Protocol". It is not unknown, it is documented in an untitled Microsoft article with the heading To link from a contents or index entry to a topic in another compiled help file [microsoft.com].
The article says that "MS-ITS:" is a new version of the "mk:@MSITStore:" protocol.
Note also that what Microsoft calls the "Address - URL" is not all shown. It is necessary to select the URL and scroll
down to see the last part. The window size chosen by whoever programmed it is not large enough to display the average address.
- mk:@MSITStore:C:\WINDOWS\ Help\whatnew.chm::/ idh_whatnew_tuneupwiz.htm
(Remember to delete the spaces if you test this line.)
The "mk:@MSITStore:" help protocol is the version that existed before "MS-ITS:", the above article says.
- ms-help://MS.VSCC/MS.MSDNVS/ vbcon/html/vbconMigrating VI60ApplicationsToVS70.htm
(Remember to delete the spaces if you test this line.)
The "ms-help://" protocol is a help protocol associated with Microsoft Developer Network.
- hcp://system/sysinfo/ sysInfoLaunch.htm
(Remember to delete the spaces if you test this line.)
For explanation of the "hcp://" protocol, see the May 23, 2000 Microsoft article, An Overview of PCHealth and Windows
Millennium [microsoft.com]. The article discusses "HCP automation objects" which it says allow help content to "be
located anywhere, including the local machine, the intranet, and the Internet." But the HTTP protocol allows this; why
a new protocol?
These four help message protocols allow help information to be linked to other help information. But standard web pages
do this using a world standard protocol, "HTTP://", the HyperText Transport Protocol, with HTML coding. Why
invent four new protocols when an excellent one was already available?
Of course, all of the new protocols can be used only in Microsoft's browser, Internet Explorer. This tends to lock
programmers and users to Microsoft Windows.
Consider the problem this creates for a computer
professional. Someone concerned with computer security may wonder about
the limits of these protocols. What is the definitive list of all the
ways Microsoft uses them? In 2002, 71 security vulnerabilities were
found in Internet Explorer. Are there bugs in the help protocols? Also,
for example, firewalls cannot provide protection if a protocol
tunnels through using the universally allowed HTTP protocol.
The protocols are implemented in a quirky way. They
are sloppily documented. There are no world standards. If you send
someone a URL in one of the Microsoft-invented protocols by email, you
have to remember to tell him or her to use Internet Explorer, or he
or she will only get an error message. It is difficult or impossible to
learn why Microsoft invented four new protocols, and ignored the
world standard. Whoever is served by having four new protocols, it does
not seem to be the customer.
This example of the help protocols is only a very
small one to illustrate an overall point. There are many, many quirky
implementations like this. Each one, considered separately, might be
accepted. When there are many it is a considerable burden for both
professionals and users.
It is important to understand the nature of what is
written in this section. Many people use software that only runs
under a Windows operating system; for those people, Microsoft has a
monopoly in operating systems. There is nothing in this section that
would cause such a person to give up necessary software. The point is
that the manner in which Microsoft manages its business creates
difficulties. Microsoft has many initiatives and purposes that are not
what its customers would choose.
Why so many
defects? The fact that Windows XP makes your computer dependent on Microsoft computers is
bad not only because you lose control over your computer, but because Microsoft produces defective software and doesn't
patch defects quickly.
For example, on December 9, 2002, there were 19 security
vulnerabilities [pivx.com] in Microsoft's internet browser, Microsoft
Internet Explorer. Some of these defects allow a malicious web site designer
to "execute arbitrary commands, read local files, and do anything the user
can ... do to his machine". These defects allowed an attacker to take control even if
the user had a perfect software firewall and a perfect hardware firewall. The attack could use the
HTTP protocol which all firewalls allow. This extreme exposure existed for years.
Here is the recent record. The list of defects has been
similar for years. Also, this is a record only of security defects, not all
- June 18, 2002: 18 vulnerabilities
- August 8, 2002: 22 vulnerabilities
- September 9, 2002: 19 vulnerabilities
- November 19, 2002: 32 vulnerabilities
- December 9, 2002: 19 vulnerabilities. (Microsoft fixed 15 on Nov. 20, but two new ones were found.)
This is a terrible record for a company that has $50 billion [biz.yahoo.com] in the bank. ("Total
Current Assets") Obviously, with that kind of money, Microsoft could fix the defects if it wanted to fix them. Since
the defects are very public and Microsoft has the money, it seems reasonable to suppose that top management at
Microsoft has deliberately decided that some defects should remain.
The defects in Internet Explorer are examples
in only one program. All of Microsoft's software seems to be of
comparable quality. See, for example, the
Microsoft Crash Gallery.
The security vulnerabilities are often very
public. For one of many examples, see the December 21, 2001 Associated
Press article published by USA Today,
XP flaw due to 'buffer overflow' [usatoday.com].
There are a variety of plausible reasons why
Microsoft would allow so many defects in its software. Since Microsoft
has a virtual monopoly, it is enormously profitable to sell users
sloppily written software, and then later sell them upgrades to
It also seems possible that there is a connection
between the huge number of defects and the U.S. government's friendly
Microsoft's law-breaking [usdoj.gov]. The U.S. government's
CIA and FBI and NSA departments spy on the entire world, and unpatched
vulnerabilities in Microsoft software help spies.
Another theory is that the quality of management
at Microsoft is so poor that the company simply cannot motivate
its programmers to do better. One of the causes of security vulnerabilities
is called "unchecked buffer", in which a program takes input,
but does not check the input before it is used. A search using
the Google search engine for web pages at Microsoft sites exclusively about
"unchecked buffer" shows hundreds of entries. This and other
indicators suggest that Microsoft may have for years allowed its
programmers to submit sloppy programming, and now problems are
difficult to find and fix.
Solve security problems: Don't let Microsoft connect. There
is a solution to problems with network security of Microsoft software
that involves using two computers for each user. Use an old computer to
connect to the Internet; it does not matter if it is slow. Run the
Linux operating system and the Mozilla browser and email client on the
Use a new computer for all other tasks. Use a KVM switch to connect one Keyboard, Video monitor, and Mouse
to both computers. Run both computers simultaneously. Remove the TCP/IP
protocol software from the new computer running the new Microsoft
operating system, so that it cannot possibly connect to the Internet.
For file sharing, network the computers together using a protocol like
NETBEUI or IPX, or other means. IOGear makes KVM switches that have no video degradation at high resolution.
Technical Support is
sometimes not available from Microsoft. When there is an
extremely technical problem with a Microsoft product, it is often difficult to get help.
A common problem with technical support staff in general, not just with Microsoft
technical support, is that they tend to work for themselves, not for the customer. Technical
support people have greater job security if they give less help. If they are
very efficient in reducing problems, it is likely that the company will reduce
its staff. Also, there is an enormous conflict of interest: Companies pay
their technical support staff less than $20 per hour, and they usually charge an average of
$120 per hour or more to provide help. Having software defects is extremely
A friend of the author was the chief computer support person for a
company with an annual gross income of $300 million. The company had purchased the most
expensive technical support available from Microsoft, but Microsoft was unable
to fix a problem in their SQL Server product for many months. SQL Server would
become unusable and only re-booting the server would cure the problem. (This
was several years ago. The problem has since been cured.)
Two programmers wrote a humorous article about difficulty
getting help from Microsoft that compares Microsoft Technical Support to Psychic Friends Network.
(Psychic Friends Network is a company in the U.S. that, in the author's opinion, takes advantage of poorly
educated people who believe that a stranger can fix their personal problems by
talking on the telephone.) The 1998 article, Microsoft Technical Support
vs. The Psychic Friends Network [bmug.org (Dec. 29, 2002: Server down?)] or Microsoft Technical Support vs. The Psychic Friends Network [netscrap.com], says:
"In terms of technical expertise, we found that a Microsoft
technician using Knowledge Base was about as helpful as a Psychic Friends
reader using Tarot Cards. All in all, however, the Psychic Friends Network
proved to be a much friendlier organization than Microsoft Technical Support."
That article is linked here because it reflects the
author's extensive experience, too. The author has sold Microsoft products as part of
complete business computer systems since 1983.
The author once reported several serious problems with Windows 98 to a Microsoft technical support
representative who seemed especially knowledgeable and kind, and he just laughed. He was unable to get any answers, and
he did not have any way of contacting someone who could get the answers. Some of the problems were never fixed. For the
others, the author got help from the technical support department of a large computer parts distributor. Of course,
these issues were much more difficult than those from average users.
The author reported the five problems in Windows XP mentioned below several months ago before the
release of SP1 (Service Pack 1). Only one was cured with the release of SP1. That fix was not documented.
Open source software suppliers are often fast to fix defects. On Sunday,
December 8, 2002, the author found a very minor defect in version 1.2 of the Mozilla [mozilla.org] internet browser. Mozilla is entirely free software and the author's favorite
browser. When testing fragments of HTML pages (not full web pages), the first line would sometimes be displayed in an
incorrect font. This was a very minor defect, but it caused minor problems for the author because he often tests
complicated HTML fragments to check how they look.
At 9:01 AM on Sunday, the author of this article used Bugzilla [mozilla.org], Mozilla's defect reporting web site, to report the defect. At 9:10 AM, 9
minutes later (9 minutes on a Sunday!), the author received an email saying that the defect had been already
been fixed in version 1.2.1 of Mozilla. The author had not yet installed the new version because it had been reported
that it only fixed one defect that the author had not experienced.
Recall from the section above that, on December 9,
2002, Microsoft's browser had 19 known unpatched security
vulnerabilities, some of them extremely serious. Mozilla has none. This
is different than would be expected, by a wide margin. In
one case, you pay money for the product (The Internet Explorer browser
is part of Windows XP.) and the service, and you get a
poor product and poor service. In another case, the product and service
are entirely free, and both are superb. The skepticism
experienced by the average businessperson when someone says, "The product from the big company is poor quality; the free
product is better", slows the acceptance of open source software.
Some web sites have been written to use proprietary Microsoft features, instead of the world standards. These
sites must be visited using Internet Explorer.
Deliberately allowed to
crash. Resource Meter, a Microsoft program supplied with Windows 98, is able to predict
most Windows 98 crashes. It would have been easy to integrate this program into the Win 98 operating system and program
it to prevent the running of additional programs or to provide an error message, rather than let the OS crash.
Microsoft did not do this. See below for information about how to run a test yourself.
Windows 95, Windows 98, and Windows ME (all
closely related to each other) were designed in such a way that
it was inevitable that they would crash. Windows 95 was originally
designed with a 64 kilobyte limitation on some resources that
would have caused it to crash sooner than it does. Protests by
knowledgeable people at that time caused Microsoft to increase
that artificial limit to 128 kilobytes. At that time, memory was
very expensive. When memory became cheaper, and it became common
that people would run more than one big program at the same time,
crashing became extremely common.
Microsoft did nothing to solve the problem.
It might not have been possible to fix the problem in an elegant
way, but it was, and is, possible to fix the problem. Therefore,
it seems reasonable to say that the crashing is deliberate Microsoft
policy. The crashing is often given as the biggest problem users
have with Windows 98 SE (Second Edition); if it were fixed with
a simple patch, many people would not buy Windows XP.
Here's a test you can do easily on a Windows
98, Windows 98 SE, or Windows ME system. Start the program called
Resource Meter by clicking on Programs/ Accessories/ System Tools/ Resource
Meter. If you copy the icon and put it into your Startup folder,
Resource Meter will start every time you start Windows.
Resource Meter displays three quantities: System
Resources, User Resources, and GDI Resources. It is the limited
User Resources and GDI Resources that cause Windows to crash.
No matter how much memory you have in your computer, if you use
close to the limit of User Resources or GDI Resources, Microsoft
Windows 95, 98, or ME will crash. For 16 bit programs, User Resources
and GDI Resources are limited to 128 kilobytes each. That's 128,000
bytes (approximately, because of a different scheme of counting
memory), no matter how much memory you have installed. For 32
bit programs, User Resources and GDI Resources are limited to
2 Megabytes each. These limitations are known to a few computer
professionals, and are sometimes discussed in technical forums.
However, very few users know about the limitations, and most don't
know why their systems crash.
If you run Resource Meter and watch it carefully,
you can, usually, prevent crashes by closing a program whenever
you get close to crashing. This doesn't work, however, when a
program makes a request for memory that is unexpectedly large.
Instead of refusing the request and giving a message to the user,
Windows will crash.
The resource design limits are especially cruel
to users because they lose their work when their systems crash.
They are also cruel because users often spend money to install
more memory in their computers, not realizing it won't make a
Why would Microsoft allow deliberate limitations?
Apparently because it be the only way to get users to spend more
money to upgrade later. For most users, the only reason to buy
Windows XP is because it crashes less.
Windows XP doesn't crash, it becomes less
usable. Windows XP doesn't have the artificial
GDI and User resource limitations of Windows 95, 98, and ME. All
of the installed memory is available to the Windows XP operating
system when it needs it. However Windows XP becomes shaky when
enough programs are loaded that all of the installed memory is
Windows XP, and all modern operating systems,
have a feature called virtual memory that is supposed to put programs
on the hard disk that are loaded but not being currently used.
However, this feature does not work well in Windows XP. When the
memory limit is reached, a Windows XP system takes a long time
to respond and does a lot of disk access. Sometimes the disk access,
called "thrashing" because it indicates something is not working properly, continues
for 45 seconds or 90 seconds or more after clicking on a loaded
program to bring it to the top of the desktop. The result is that
Windows XP becomes less usable and eventually must be rebooted.
In contrast, the virtual memory feature in
the Linux operating system works extremely well. There is disk
access, of course, but only what would be expected.
Microsoft seems to know about the problem.
If there are more than 21 programs loaded, the programs may be
presented out of order on the taskbar. Some programs may not be
displayed on the taskbar, and the ones that aren't displayed change
as you use them. This seems to be a way of discouraging users
from opening many programs at the same time, so that they won't
experience the problem with virtual memory.
Windows XP may provide no local
security. Managers are being allowed to believe that Windows XP is secure under conditions in
which it isn't secure. Since it is necessary to supply a password, the impression is created that there is no other way of
gaining access. That is not true. Neither Windows XP nor any other operating system provides security against an attacker
who has physical access to a computer and can start the computer with another operating system.
The administrator password can be changed. A product called Locksmith [winternals.com]
can change the administrator password on any Windows XP, Windows 2000, or Windows NT system. This means that an attacker
can have complete control over the computer.
There is free software for changing the password, also. For example, see the article, Offline NT Password & Registry Editor,
The problem here is not that Microsoft could have provided better local security in this case. Anyone
who has access to a diskette or CD-ROM drive attached to a computer and can run a different operating system can replace
the file that contains the password. The problem is that Microsoft allows people to think that there is more security than
Note that the attacker can change the administrator password, but cannot discover the password that
existed originally, because it is made inaccessible in a manner that is completely secure. It is possible, however, for the
attacker to 1) copy the file that contains the encrypted password, 2) change the password and gain access, and then 3)
change the password back to the original by copying the original file back to the system. Since the password would the same
as before, an unchanged password would not be evidence that no attack occurred.
A new copy of the operating system can be loaded. An intruder can load a second
copy of Windows XP or Windows 2000 in a different folder from the original, using an operating system CD that can be bought
at any computer store. After starting the computer using the new copy, the intruder is able to access, copy, and use all
files that have not been encrypted.
It is possible to use the Windows XP recovery console without a password. A
security flaw in Windows XP allows accessing the recovery console without a password. (The recovery console is a feature
intended to allow emergency access to files by someone who knows the password.) The article, XP passwords rendered useless [briansbuzz.com], shows how.
You cannot know now to what contract provisions you will be held
in the future. Microsoft has changed the terms of the contract to which users are bound by
including the new contract with some security and other defect fixes.
Recent security patches require that the user agree to a contract that gives Microsoft administrator privileges over the user's
computer [theregus.com]. (Administrator privileges give complete control over the computer and all data stored on
it.) See also, Microsoft EULA requests root rights
- again [theregus.com]. The contract says that if a user wants to patch his or her system against a defect that
would allow an attack over the Internet, he or she must give Microsoft legal control over the computer.
This article explains the issue in more depth: Microsoft's Digital Rights Management-- A
Little Deeper [bsdvault.net]. It helps to think like a lawyer when you take apart the crucial sentence. The
sentence, "These security related updates may disable your ability to copy and/or play Secure Content
and [my emphasis] use other software on your computer" legally includes this meaning: "These updates may disable your ability to use other software on your computer." Note that
the term "security related updates" is meaningless since some of the updates have no
relation to user security. So, the sentence effectively means that Microsoft can control the user's computer without
notice and whenever it wants.
Since Microsoft can change the contract at any time and without control by the user, Microsoft can
bind users to contracts that it invents in the future. This is a new development in contract law. A user is bound to a
new contract if he or she wants defect fixes and security fixes. But this gives the user no control, since once
security flaws are widely known, every computer must have the fixes or remain vulnerable. Users invest considerable
money and time into their computers, and cannot avoid agreeing to the new contract without giving up their entire
investment and disrupting their business and personal activities.
Microsoft Keeps Control: Microsoft
has abandoned its earlier successful business model. Previously, Microsoft did not write
its software in such a way as to keep control after the software was sold. This was an extremely successful way to do
business. Microsoft made hundreds of billions of dollars and became the largest software company in the world. In
recent years, however, Microsoft has invented numerous ways of keeping control:
You must have permission from Microsoft to install software you own. In
Windows XP there is a system called Windows Product Activation (WPA) that requires users to get permission from
Microsoft when first installing its software and every time the user's hardware changes significantly.
Note that WPA is used only on the Windows XP Home and Professional versions. The Windows XP
Corporate version is identical to the Professional version, except that it does not use product activation.
Microsoft pretends that software dies. Microsoft has recently been saying
that its products have a limited life. For example, see Microsoft's October 15, 2002 revisions of the June 3, 2002
articles, Windows Desktop Product Life Cycle Support and Availability Policies for Businesses and Windows Desktop Product Life-Cycle
Guidelines for Consumers [microsoft.com]. Microsoft calls these guidelines, but, for customers, they are rules.
Windows 98 dies on January 16, 2005. The most widely used operating system
in the world will be declared dead on January 16, 2005, according to a table at the bottom of the Life Cycle policy
pages mentioned above. The right-hand column says, "End of Life (effective date after end of online self-help
Microsoft often changes its policies. Note that Microsoft's policies can and
do change at any time without warning or discussion. There have been two versions of the "life-cycle" policy in a
little more than four months. The version as this is being written (February 6, 2003) is at least the third. The
articles say the policy was first published February 2001. Microsoft is also not required to make its policies clear;
in this example, the writing is confusing.
Microsoft's customers often use software for 10 years or more. Microsoft's
artificial limits may be much shorter than the length of time computer systems are used by customers, who often use the
same software for 10 years or more. If software is working well, customers often feel there is no reason to buy
There are, basically, two kinds of software. There is content creation software like word
processors, spreadsheets, and photo editing software. In the last several years, this kind of software has advanced
rapidly. There may be good reason to have the latest version of this kind of software. Then there is production
software for accounting and inventory, for example. With production software, someone does data entry and possibly
someone else runs reports. If the reports are sufficient, there is no need to change the software, even if it has been
used for 10 years or more. Since data entry speed is limited by typing speed, and report printing is limited by printer
speed, there is often no need for faster hardware when using production software.
There are many reasons not to change a computer system that works well:
1) The new software probably has defects. There may be defects in the new
system that did not exist in the old. It is usually possible to fix the defects, but that usually takes time. When
Windows XP was first released, the author had problems with crashing because of video drivers, for example. There were
severe problems with an Intel driver call the Intel Application Accelerator. Many scripts written for Windows 98 needed
to be re-written. The mouse software for both Microsoft mice and LogiTech mice did not work completely.
2) Do you want to pay for training? A new computer operating system requires
that staff be re-trained. This is more expensive than just the cost of employee time if the staff is already very
3) If it works, why change? It is wise not to change a system that has been
carefully audited and shown to work perfectly, such as an accounting system. The security that comes from knowing that
all the problems have been found has caused very large companies to continue to use an accounting system written in the
COBOL computer language for more than 30 years.
4) Sometimes old software won't run. Sometimes old software will not run on
a new operating system. There are many programs that run perfectly under Windows 98 that cannot be used under Windows
XP. At the time of this writing, February 6, 2003, the latest version of MAS 90, an accounting program for companies
with complicated accounting needs, does not run reliably on Windows XP, but works fine on Windows 98.
5) Seriously Reduced Functionality Sometimes the old software does things
the new software doesn't. Windows XP has very seriously reduced functionality:
a) Windows 98 can copy all of its own files, Windows XP cannot. The Windows
XP file system is artificially crippled; it cannot copy some of its own system files. This makes it difficult to make
functional backups. Microsoft apparently uses this crippling as copy protection.
b) Reduced Functionality: Hard disks cannot be moved. Windows XP, and
Windows 2000, make it very difficult to move a hard drive to another computer. Microsoft has written Windows XP so that
it cannot be easily moved to another computer. This article on Intel's web site describes the problem: Moving a Hard Drive to a New
Motherboard [Intel.com]. The article says, "Moving a hard drive with Windows 2000 or Windows XP already installed
to a new motherboard without reinstalling the operating system is not recommended." (This is a universal problem; Intel
motherboards are only being used as an example.) Note that the problem is not just moving a hard drive to a new
motherboard; the same problem is encountered when moving a copy of all software on a hard drive to a new motherboard.
It is thus impossible to make functional backups. Instead, it is necessary to re-install the operating system and all
the programs, progam updates, and security patches.
Note that the link in the intel article called "Microsoft's knowledge base article" is a dead link.
The other link, the one in the sentence, "For additional information, please refer to these instructions from
Microsoft", is also dead. This issue is apparently not seen as important by Intel; Intel will sell more computer
hardware if hard drive software organization cannot be moved from one computer to another. (It is possible to find the
Microsoft information, which merely describes the difficulty of moving a hard drive installation to another computer in
c) In some ways, even Windows 95 is better. In some ways, Windows XP has
less functionality than even Windows 95. For example, the command line interface (CLI, also called DOS) in Windows 95
is more responsive to shortcut keys. Sometimes when the user presses a shortcut key in Windows XP, the system does not
respond for 20 seconds. Windows 95 responds immediately, Windows 98 is sometimes slow, but the shortcut facility in
Windows XP is unusably slow.
WPA and software death can force users to pay more. The two schemes of WPA
and artificial software death together give Microsoft a way of preventing people from using Windows XP on a new
computer, for example when they upgrade their hardware after several years. It would work like this: WPA prevents a
customer from re-installing Windows XP on a new machine without Microsoft's permission. Microsoft may not give
permission after declaring that that the software has died. If Microsoft won't give permission, the user may be
required to buy new software; a customer could not move a working Windows XP system to new hardware.
Computer companies and consultants are required to disclose
their customer information. Those who supply computer services involving Windows XP
Corporate version can no longer keep the names of their customers private. The policy of forced disclosure abandons a
tradition of business privacy that is thousands of years old.
This may be an important fact for a large company to consider; possibly the fact that Microsoft
forces disclosure will cause computer professionals to be less enthusiastic about supporting Microsoft products. This
might become a big issue during the expected life of a computer system. If a system works well, there is no need to
replace it. Sometimes companies keep their systems for 10 years or more.
Microsoft requires that
professionals give this information about their customers:
- Contact Name ("Full name")
- END USER Company Name [Microsoft's emphasis]
- Address ("No PO Boxes please. Must be physical address.")
- Telephone Number
- END USER Email Address [Microsoft's emphasis]
- Purchase Order Number
Microsoft, or even a disloyal Microsoft employee,
could decide to make use of this information, and approach a customer
A government that uses proprietary software is not an independent
government that wants to be independent of other governments, or that
represents itself as
controlled by its own people, can use proprietary software only if
there is easy access to the source code. (The source code is the
original instructions in which the software was written.) This is
because it is possible for someone to put instructions in proprietary
software to spy on or to sabotage government operations.
The alternative to closed source, proprietary, software is open source software. It is difficult to believe
that so many people would be so charitable, but more than 100,000 programmers have donated their time to produce excellent free
operating systems and word processors and many other programs. Not only is the source code and the entire product completely
free, but the more popular programs get a lot of attention from programmers, so mistakes are found quickly.
The most popular open source, free operating systems are Linux and BSD. Linux, provided by companies like RedHat, SuSe,
and others, is useful for desktop computers and servers. OpenBSD, FreeBSD, and NetBSD, all
closely related, are very secure and excellent for server computers. Anyone can have as many free copies of this software as
desired. The companies who sell open source software make money by selling technical support.
There is a strong movement away from proprietary software. However, at present using Microsoft
software is sometimes necessary because there are many programs that users need that are not supplied in Linux or BSD versions.
Also, Linux and BSD are sometimes more difficult to configure.
Microsoft's shared source policy is not equivalent to open
source. On January 14, 2003, Microsoft announced in a press release that it would allow governments to look
at the source code of Microsoft products: A Matter of National Security: Microsoft Government Security Program Provides National Governments with Access
to Windows Source Code [microsoft.com].
Microsoft's policy of allowing government
programmers to see source code is not equivalent to having open
source code. A thorough review of the more than 40 million lines of
source code in Windows XP is far more than even a government
can attempt. It would be easy for someone to hide spy instructions that
could be controlled from outside. This is not unlikely.
The U.S. government's spy agencies, the CIA, NSA, and others, have an
essentially unlimited amount of money. They can and do
exploit any method of spying. The U.S. government has bombed 14
countries in 35 years. Organizations should not assume that those
who think killing is a way of solving problems will suddenly become
moral when they consider computer software.
Good programmers are not willing to sign the
non-competition and non-disclosure agreements that Microsoft
requires. They fear that would put them at risk of a Microsoft lawsuit.
Even if they were found in court not to have infringed on
Microsoft's contract, the cost of the lawsuit would be enormous. Also,
they could lose their jobs over any such dispute. It is
possible that the only real effect of Microsoft's shared source policy
is to cripple an organization's best programmers,
so that they cannot work in any field in which Microsoft has an
The article Why
isn't Microsoft's shared source a step forward? [linux.org.au] discusses many of the reasons why Microsoft's policy does not
solve the problems of closed source software. One section of the article, Question Time mentions
questions that can be asked of Microsoft representatives. The Summary suggests a way to score
closed source, open source, and shared source software based on your organization's needs.
Open source software provides the security that anyone in the world can see the source code, not just a few
government programmers. In practice, this means that there is a high likelihood that sneaky elements in software will be
It has occasionally happened that someone has hidden sneaky software in changes that were submitted to open
source software developers. The intensity of review of open source software is such that it seldom happens that destructive
changes are accepted, and, when it has happened, the corruption has been quickly found.
Microsoft could allow everyone to see its source
code. But most software companies, not just Microsoft, have
been unwilling to show anyone their source code because they feel that
would help someone else make a competing product. This is
not as big a problem as it might appear at first. For example, everyone
can see everything about the Star Wars movies. That has
not made Star Wars movies unprofitable. Everyone can borrow books at
the library. That has not meant that booksellers cannot sell
books. Intellectual property is not easily copied legally even when it
is completely open.
True open source would prevent Microsoft's monopoly. Microsoft
maintains its monopoly
by using hidden operations in the Microsoft Word word processor, and in
Microsoft's networking, for example. If Microsoft were to
allow anyone to see its source code, the monopoly would eventually
Cost is a small factor. Sometimes
organizations with thousands of computers have adopted Linux
or another free operating system. They have saved millions of dollars
in licensing costs. Surprisingly, however, cost is not a large factor
in choosing software. If the non-free software is slightly easier to
use, the time saved can easily be worth the purchase cost.
Microsoft keeps control. Another reason
that independent organizations cannot logically use
Microsoft software is that Microsoft has both old and new methods of
keeping control of software that it sells. It is very expensive to
begin using an operating system, and once an operating system is in
use, it is difficult to stop using it. Changes cannot be made quickly
if some new undesirable aspect is discovered, as when Microsoft changes
the terms of its licenses. Governments cannot bind themselves to
unknown future limitations and invasion of privacy and remain free.
A bill introduced to the Congress of Peru,
Bill Number 1609, Free Software in Public Administration [English
translation at pimientolinux.com], gives several reasons why government
software must be open. The reasons given in paragraphs 10, 11,
and 12 of the bill have been re-written below to make them easier
to read and to avoid problems with inaccurate translation.
A government must guarantee that the citizens
have free access to government information. To
achieve this, it is necessary that the coding of the data [file
format] not be tied to a sole provider. The use of standard and
open formats guarantees this free access, making possible the
creation of compatible software [and software that does not require
paying money to get access].
A government must guarantee that public
information is permanently available. It
is necessary that the use and maintenance of software does not
depend on the good will of the providers, nor on monopolistic
conditions imposed by them. Permanent availability of public information
can be guaranteed only by the availability of the source code
of the software used to access the information.
A government must guarantee national
is necessary to have systems that are devoid of elements that
allow remote control or the secret transmission of information
to third-parties. Therefore, it is required to have systems whose
source code is freely accessible to the public, so that its inspection
is allowed by the State, the citizens and a great number of freelance
experts in the world.
Introduction of the bill caused Microsoft to write a
letter of protest [English translation at pimientolinux.com].
English translation of the response to this letter [pimientolinux.com]
stated the reasons for the bill more clearly in paragraphs 5 to
The letter of response to Microsoft also discusses
what the Peruvian bill does not do:
- The law does not forbid the production of proprietary software.
- The law does not forbid the sale of proprietary software.
- The law does not specify which concrete software to use. [The
word "concrete" should probably be
- The law does not dictate the supplier from whom software will
- The law does not limit the terms under which a software product
can be licensed.
(The punctuation was changed to agree with the standards used in this article.)
Microsoft arranged that the U.S. ambassador
to Peru tried to stop the bill. See the July 27, 2002 Wired News article,
Microsoft's Big Stick in Peru [wired.com]. The article says,
"Congressman Edgar Villanueva, the bill's chief sponsor, said
he considers Hamilton's letter to be "overt pressure" on Peru
by the United States and Microsoft. If so, the letter would continue
the long-standing U.S. tradition of meddling in Latin American
affairs, political analysts say."
Information about the Peruvian bill is collected
on a web page called
The government of the United Kingdom (England,
Scotland, Northern Ireland, and Wales) is considering these issues,
also. A policy called
Open Source Software, Use within U.K. Government issued on
July 15, 2002 by the U.K. Office of Government Commerce says,
(Scroll down almost to the bottom of the page; there is no need
to use the links.)
"Security of government systems is vital. Properly configured
OSS can be at least as secure as proprietary systems, and OSS
is currently subject to fewer Internet attacks. A balance needs
to be struck between the availability of security administration
skills and the advantages of many diverse systems. In some cases
mainstream proprietary products may be significantly less secure
than open source alternatives (see Gartner report Nimda Worm
shows you can't always patch fast enough dated 19/9/01 by
The article about the Nimda worm mentioned
above is available at Gartner's web site:
Nimda Worm Shows You Can't Always Patch Fast Enough [gartner.com].
The Nimda work is a vulnerability only in Microsoft software.
It has done enormous damage. About Microsoft's product IIS, the
"Thus, using Internet-exposed IIS Web servers securely has a high
cost of ownership. Enterprises using Microsoft's IIS Web server
software have to update every IIS server with every Microsoft
security patch that comes out - almost weekly."
Many other governments are considering moving away from closed source
software. One of the state governments of India, for example, is considering a Memorandum Submitted by Members of the Free
Software Users' Group [symonds.net]. The memorandum objects to the planned purchase by the Kerala state government
of Microsoft Windows 98 software. The memorandum discusses several very serious reasons why closed source software
should not be used in the schools in Kerala state. The memorandum says, for example, "... by confining students'
training to a particular brand of software, the government would be giving undue preference to a particular vendor and
their software thus discriminating against vendors of other software. Thus, even by providing software free of cost to
the schools, the said company will make immense profits, ..."
In the United States, Microsoft has
considerable political power. It has been estimated that the cost to U.S. businesses
for only four Windows-based infections, Nimda, Code Red, SirCam and Love Bug, was about $13 billion. These infections
were possible because of the unusually poor security design of Microsoft Windows. No other operating system has had
However, the U.S. government seems to be taking little or no action to correct the problem. One
reason may be that there is an unusually close relationship between Microsoft and top U.S. government agencies. For
example, Howard Schmidt, vice chairman of the White House's National Critical Infrastructure Protection Board, was
previously Microsoft's chief security officer. Scott Charney, Microsoft's current security officer, is a former federal
Microsoft is one of the computer industry's top contributors of political money, according to the Top Contributors spreadsheet of
the Center for Responsive Politics
[opensecrets.org]. Microsoft contributed $2,997,854 to political campaigns for the 2002 elections.
There are people in the U.S. government who heavily favor the un-enlightened interests of U.S.
businesses. For example, see the Computer &
Communications Industry Association's [ccianet.org] July 24, 2002 news release, CCIA Opposes Hollywood Vigilante Legislation
[ccianet.org], which discusses a bill sponsored by Congressman Howard Berman of California. The bill would allow big
companies to intrude upon or destroy web sites if they think the sites are infringing their copyrights. Will Rodger of
the CCIA has been quoted as saying,
"The larger question, which the [U.S.] government seems to be ignoring, is, why
aren't we looking at the problems caused by a monoculture, a single operating system which serves as a single point of
failure on the Internet? If there are 60,000 Windows viruses, fewer than 100 Mac viruses, and maybe a dozen Unix
viruses, why aren't the problems with Windows an issue?"
Senator John McCain [senate.gov] and many others say that the U.S.
government has been corrupted by money disguised as campaign contributions. (Those who live
outside the U.S. may need to be told that Senator McCain is a Republican, the same political party as President Bush.)
A December 6, 2002 CNN article
Documents: Donors promised political access [cnn.com] mentions another method of corruption. The article says,
'When Microsoft Corp., a $100,000-plus donor to Republicans, planned to
attend the party's major fund-raising gala in 2000, it asked to be
seated next to "Sen. (Paul) Coverdell or leadership, Commerce Committee
or Judiciary Committee," according to a GOP memo. At the time, the
company was battling a major antitrust case that threatened to break
the company into two. The memo added Microsoft did not want to sit with
Sen. Orrin Hatch, R-Utah, a major critic.'
Support for Microsoft products may be affected by ongoing legal
vulnerabilities. The antitrust case against Microsoft is now 12 years old. See the
timeline [washingtonpost.com] by the Washington Post. ABC
News also indexes information about the cases; see
Microsoft vs. DOJ: An Index to Microsoft Trial Coverage [abcnews.go.com].
A group called
[procompetition.org] publishes a text-only timeline it calls
Timeline of Events Surrounding Microsoft Antitrust Case
[procompetition.org]. ProComp is an "umbrella organization for companies and groups supporting the
Department of Justice's action against Microsoft".
In summary, Microsoft was found by the courts
to have broken the law. The case has resulted in considerable
bad feeling toward Microsoft.
Companies may want to evaluate the possible
future problems in partnering with, and being dependent on, a
company that has broken the law.
For more information about the Microsoft anti-trust
case, see the November 5, 1999 U.S. government document
Court's Findings of Fact [usdoj.gov]. The 207 double-spaced
pages of this document list abuses for which Microsoft was found
guilty. There are numerous sentences like this one: 411. Many
of the tactics that Microsoft has employed have also harmed consumers
indirectly by unjustifiably distorting competition. A legal
documents company, FindLaw, has better indexing of this document:
Antitrust Trial Findings of Fact [findlaw.com].
The U.S. Department of Justice maintains an
index of the current case,
United States v. Microsoft Current Case [usdoj.gov].
The case was decided on November 1, 2002. Section
J on page 7 of the final decree, which begins "No provision of
this Final Judgment shall", is interpreted by most technically
knowledgeable people to mean that basically there is no penalty
for Microsoft, because all of Microsoft's abusive behavior is
For a list of all the official U.S. government
documents of United States of America v. Microsoft Corporation,
index of Judge Colleen Kollar-Kotelly's actions [uscourts.gov].
These PDF format files on the official U.S.
government web site give the details:
Opinion on the State Settlement, and
Settlement Order [all uscourts.gov].
The case is not over. There will be an appeal.
Also, U.S. state governments and governments outside the U.S.
are continuing to pursue legal action.
Because of the common perception that Microsoft
has broken U.S. law and yet not been forced to pay a significant
penalty, there is considerable resentment of Microsoft. Microsoft
is considered by many to have participated in corrupting the U.S.
government, partly through
giving money to politicians [opensecrets.org]. The outcome
of the case may increase the distrust of Microsoft and hasten
the rate at which companies change to other operating systems,
such as RedHat Linux and
Linux, and other office software, such as the excellent
Open Office [openoffice.org]. Companies don't want to use
software from an organization that is not trustworthy because
software can be programmed to have hidden operations. Mandrake
and RedHat Linux and Open Office are publicly designed and supported
software, and are completely free.
The Washington Post discussed perceptions of
the Court decision in the November 2, 2002 article,
Microsoft Pleased; Foes Critical [washingtonpost.com].
The anti-trust case was started partly because
of Microsoft's aggressive actions toward Netscape, a company that
made an Internet browser and Internet server software. It is interesting
to note that Microsoft lost that contest anyway. Many people consider
is the best browser and e-mail software, and that
[apache.org] is the best Internet server software. These are both
publicly supported, free programs. Apache server is the most popular
Internet server software in the world.
restricts your software options. When
you use Microsoft Windows XP, you are prevented by the license from using
valuable software that competes with Microsoft's. See Brian Livingston's
column [infoworld.com] in which this is discussed, beginning
in the fifth paragraph. The license says:
"Except as otherwise permitted by the NetMeeting, Remote Assistance,
and Remote Desktop features described below, you may not use the
Product to permit any Device to use, access, display, or run other
executable software residing on the Workstation Computer, nor
may you permit any Device to use, access, display, or run the
Product or Product's user interface, unless the Device has a separate
license for the Product."
Although this restriction is probably illegal
even in the United States where it was written, a large company
might not feel that it could risk legal involvement with a rich
company like Microsoft, even if it knew it would win.
The license restriction apparently is partly
directed toward preventing the use of
excellent free software designed in the AT & T research labs
that were formerly in England.
article on a web site that is very pro-Linux and open software
gives another testimonial about the usefulness of VNC:
"I used to work for IBM and one of my great achievements (ok,
small achievements) there was to save a particular very large
client a great deal of time and money by recommending and then
implementing a remote control support option using VNC."
is a single point for failure. There
are many other big shortcomings in Windows XP. Windows XP, and
all current Windows operating systems, have a file called the
registry in which configuration information is written. There
are several files which, all taken together, Microsoft calls the
registry, but the one that causes most of the problems is, in
Windows XP, called SOFTWARE. (The name is in all caps and has
no file name extension.) On one machine, for example, this file
is 25.69 megabytes; it is a huge file considering that it contains
If this one large, often fragmented, file becomes
corrupted, the only way of recovering may be to re-format the
hard drive, re-install the operating system, and then re-install
and re-configure all the applications.
The registry file is a single very vulnerable
point at which failure can occur. Microsoft apparently designed
it this way to provide copy protection. Since most entries in
the registry are poorly documented or not documented, the registry
effectively prevents control by the user. There are many areas
like this where Microsoft's design conflicts with the needs of
Microsoft's documentation includes language
that gives the proper sense of fear about corruption of the registry.
The Microsoft Knowledge Base Article number
Q318159, Damaged Registry Repair and Recovery in Windows XP
"When a registry hive becomes damaged, your computer may become
unbootable, and you may receive one of the following Stop error
messages on a blue screen:
- Unexpected Shutdown
"CAUSE: Registry damage often occurs when programs with access
to the registry do not cleanly remove temporary items that they
store in the registry. This problem may also be caused if a program
is terminated or experiences a user-mode fault."
The article says, "The hotfix that is described in this article automatically repairs
the registry during startup, ..."
However, the article does not say that this
only fixes one kind of damage, and cannot always fix this kind
of damage. The registry is a primitive database that cannot always
be repaired. There are many programs from other companies that
try to repair registry damage, but they also cannot repair all
kinds of damage. Putting the configuration information in one
file has caused some of the best educated people on earth to lose
time and money, all so that Microsoft can make a crude kind of
about Registry Problems The problem
with the registry is this. Suppose the registry becomes corrupted,
but the software that the corruption affects is not used for a
considerable time. After the corruption occurs, the computer is
upgraded, perhaps with new application software, perhaps with
new drivers. Then maybe new system preferences are applied. Suppose
the company has saved backups of all previous versions of the
registry on CD (an unlikely event).
See the problem? Since all the software is
connected to all the other software by the registry, corruption
that goes unnoticed for a while can create an impossible situation.
If the company goes back to the original, known good registry,
they must give up all the time they spent upgrading the computer.
This may be substantial, especially since they may not have complete
records about what upgrading was done.
In actuality the situations caused by the registry
are far, far more complicated than this. For example, you may
think that some failure you are having is caused by registry corruption.
However, it may take far too much time to prove whether that is
the case. If you think of all the combinations of difficult circumstances,
you will see that having most configuration settings in one file
is sometimes devastating for the user.
Consider that the person who is using the computer
probably has an important job in the company, and wants to use
the computer, since only some functions don't work, but others
do. Consider that a repair person must be supervised 100% of the
time at some companies, because of security needs.
There seems to be nothing like this in the
Linux or BSD operating systems. First, there is no single file
in which corruption can make an entire installation worthless,
even if the user has backups. Second, there is far better error
checking, so corruption of any kind is less likely to occur. With
Windows XP, sometimes a faulty program can cause the entire OS
to become unstable. (I have personally seen this at least 50 times.)
My experience with Linux is that the OS just throws the faulty
application out of memory and comes back and says, okay, what
else do you want to do?
With Linux, a software upgrade that you much
later discover was bad causes you to re-install a known good version.
With Microsoft Windows XP, because of the connection between all
programs by the registry, you may have to start over with a re-formatted
hard drive. This usually takes many hours, especially in
situations in which a company employee uses a system with special
adjustments or programs, as is often the case. Installation and
configuration of all the programs used by a professional graphic
artist, for example, may require 30 hours or more. A graphic artist
might use numerous graphics packages and utilities, and also a
word processor, an address book, accounting software, text utilities,
color balancing software, and other programs, for example.
Users have always had the option of making
backups of the registry, but making useful backups is often
difficult or impossible. Backing up the registry in Windows XP
is even more difficult because the registry in now not in the
two files system.dat and user.dat, but is spread to several files,
with one containing most of the information. Windows XP prevents
making copies of any of these files with the xcopy.exe program
or any other copy program. So, you cannot create your own backup
tools, as you could in Windows 98.
Windows XP cannot copy some of its own files. Windows
XP cannot make functional backups of the Windows operating system
or of the installations and settings of the applications.
Microsoft Windows 98 can copy all of its
own files. Using a program called xcopy32.exe,
which is supplied, Windows 98 can copy all of its files to another,
blank hard drive to make a fully working copy of all of the operating
system and applications.
Microsoft Windows XP is crippled. It is
designed to be unable to copy some of its own operating system
files. This article from Microsoft discusses
the policy of not supporting the making of functional complete
backups under Windows XP:
Q314828 Microsoft Policy on Disk Duplication of Windows XP Installation
[microsoft.com]. See the section, Microsoft Policy Statement,
"Microsoft does not provide support for computers on which Windows
XP is installed by duplication of fully installed copies of Windows
XP. Microsoft does support computers on which Windows XP is installed
by use of disk-duplication software and the System Preparation
The meaning of Microsoft's policy, "Microsoft does not provide support" is also that, if you have tools from other companies for
making backups, Microsoft could make changes that prevent those
tools from operating.
The wider significance of Microsoft's policy
is somewhat hidden. Since almost all programs use the XP operating
system's registry file, if you cannot make a functional copy of
the operating system you cannot make a functional copy of all
your application installations and configurations.
There are other software companies that make
products for creating functional backups, but these products don't
work well. They cannot, for example, run under Windows XP, because
XP actively prevents that. The backup tools from other companies
must run under another operating system; to use them it is necessary
to exit Windows XP, restart the computer, and load the other operating
As was mentioned, Microsoft could break the
third-party backup software at any time by issuing necessary software
upgrades that also prevent the third-party backup software from
functioning, as the company has done in other cases. See, for
Sneaky service packs [infoworld.com], an August 26, 2002 column
by InfoWorld writer Brian Livingston, who is perhaps the best-known
computer industry columnist.
Note that Microsoft's Sysprep software does
not provide a workable backup method in most cases. Sysprep images
are for preparation of initial installations of Windows XP only,
and support only the exact hardware for which they were made.
In cases in which there is a hardware failure a year or more after
initial purchase, it would be unusual if the replacement hardware
Because the configuration information for the
motherboard and the configuration information for the applications
are mixed together in the registry file, the registry tends to
prevent you from moving a hard drive containing the Windows XP
operating system to a computer with a different motherboard. That's
another implication of the above Microsoft policy. So, if you
have a motherboard failure, and a good complete backup that you
made using tools you got from someone other than Microsoft, you
may not be able to recover unless you have a spare computer with
the same motherboard.
"What is your name and address?"
"Can we invade your privacy?"
Only technically knowledgeable people
know how to avoid signing up for a Microsoft Passport account
during initial use of Windows XP.
Most people are honest and also intimidated
by the complexity of a computer system. Apparently about 95% do
whatever they are asked on the screen. They give their personal
information to Microsoft. They don't realize that, if they feel
forced to get a Passport account, they should enter almost completely
fictitious information, since the real question is not "What is your name and address", but "Can we invade your privacy". The honest answer to this is "No, you cannot invade my privacy", and the only effective way to communicate that is to give completely
Passport accounts are advertised as a way of
making it easier to buy online, because the account identifies
you to online sellers. In actuality, Passport accounts allow Microsoft
to make money from every online transaction. Any money paid by
sellers to Microsoft is ultimately paid by the buyer in higher
prices, of course.
There is absolutely no need for Microsoft's
Passport. There is a free Internet browser called
[mozilla.org] that provides the same benefit to the user as Passport,
but doesn't involve the extreme privacy invasion of the Microsoft
method. Mozilla's Password Manager (under the Tools menu choice)
remembers what you type when you supply any personal information,
not just passwords. Next time you visit that web page, Mozilla
asks if you want the web form information supplied automatically.
If you want, Mozilla can encrypt all of your password and credit
card and other form information; you then enter your master password
to access the automatic data entry.
The Mozilla browser is very highly regarded
among computer professionals. It has other features that don't
exist in Microsoft's Internet Explorer browser. Mozilla is open
source software, which means that anyone can read the instructions
that the program uses. The source code of Microsoft's Internet
Explorer is hidden to anyone but Microsoft employees.
Users may not want to give away their personal
information to Microsoft, the company that has been the world's
biggest source of Internet security risk. There are many, many
examples of that risk. For example, Microsoft's Hotmail contained
a defect that allowed anyone to read anyone else's email. For one
of the many stories, see the August 30, 1999 article,
Hotmail hole exposes free email accounts [CNET]. Microsoft's
Passport is partly based on Hotmail accounts. See also the CNN article,
Web site provides access to millions of Hotmail messages [CNN.com].
In an article titled
Hotmail hole exposed free email accounts [abcnews.go.com]
ABC News reported that one of the web pages that demonstrated
the vulnerability was written on June 7, 1998, more than a year
before Microsoft fixed the problem. Given the ease of using the
vulnerability, and the wide publicity before it was fixed, it
seems plausible that tens of thousands of people visited Hotmail
email accounts without using passwords.
Since it is the educated people who have computers,
Passport accounts help Microsoft build a database of the personal
lives of educated people. Microsoft knows when they connect and
from what IP address (which tends to show the area), for what
kind of help they ask, and information about what they are doing
with their computers, including what music they like. It is not
known, and there is no way to know, how much Microsoft or other
organizations make use of this information, or their plans for
future use. It is also not known if there are vulnerabilities
that allow unauthorized people or organizations to access Microsoft's
In the past, Passport has been shown to have
zero security. See the Wired News article,
Stealing MS Passport's Wallet [wired.com].
On August 8, 2002, the U.S. Government's Federal
Trade Commission (FTC) ordered Microsoft to stop lying about its
Passport service. The FTC's order is titled
Microsoft Settles FTC Charges Alleging False Security and Privacy
Microsoft's response to the FTC order was to
lie about the significance of the order in an
gives Microsoft the ability to prevent users from seeing their
own documents and data. Not only has
Windows XP definitely gone further in the direction of allowing
the user less control over his or her own machine, but with Palladium,
Microsoft apparently intends to finish the job: Microsoft will
have ultimate control over the user's computer; users won't even
be able to read their own data without permission from Microsoft.
This Register article discusses where Microsoft wants to go:
MS Palladium protects IT vendors, not you [theregus.com].
See this ZDNet article, also:
MS: Why we can't trust your 'trustworthy' OS [zdnet.com].
Functionality in Windows XP In some
areas, Microsoft Windows XP has reduced functionality. For example,
the command line interface does less in some ways than the CLI
in Windows 98 SE (Second Edition). The CLI is a big embarrassment
because of its limited capabilities, but at least in Win 95 it
worked. With every version since then it has worked less well.
(There are two kinds of command prompt [cmd.exe and command.com],
and, according to Microsoft employees, the differences between
them are not fully documented.)
The command line prompt sometimes begins to
display short file names. Microsoft employees say that Microsoft
has no fix, although someone not connected with Microsoft did
make a work-around.
Cutting and pasting into a command line program
often puts successive extra spaces before each line. Microsoft
employees say that there is no plan to fix this.
The fast paste mode that is in Windows 98 is
gone in Windows XP. Microsoft employees say there is no plan to
The DOS QuickEdit mode sometimes flashes wildly
when trying to edit from a DOS box.
There is a DOS program called START.EXE that
can be used to start other programs. But it does not operate the
same way as in other versions of Windows. It starts a program,
but cannot be made to return control to the command line program
as previous versions did. There is no technical reason for this;
it is just one of the shortcomings that are allowed to exist.
People often say that DOS has gone away. But
Microsoft still calls the command line interface "DOS", and in Windows XP Microsoft has added new programs for configuring
the OS that work only under DOS.
There are many other insufficiencies in Windows
XP. Sometimes when you press a key while using Windows XP, it
is seconds until there is any response. Apparently there is something
wrong with the CPU scheduler in XP, because there are a lot of
complaints about this in the forums and MS people have said that
they are working on it. On one particular fresh installation of
XP, on an Intel motherboard with either a Matrox G550 or an ATI
Radeon video adapter, it requires 18 seconds to display a directory
listing of 94 items. This is apparently related to a defect in the
video software, not the adapter drivers.
As was mentioned, something is wrong with the
taskbar and the Alt-Tab display of running programs under Windows
XP. If there are a lot of programs, not all of them are displayed.
The order jumps around in a seemingly random way.
A reader sent a diagram showing that, when
there are more than 21 programs loaded, the programs over 21 are
shown, or not shown, in an order that is not easily guessed. Sometimes
when a program is not represented on the taskbar it can look as
though it is no longer loaded. This can be dismaying when the
program contains a complicated setup, as when doing research on
the internet and loading numerous web pages.
think the Windows XP user interface is poorly designed. As
people use their computers more, they become more reliant on good
design. Recently, Apple Computer released an operating system
that has a version of Unix underneath and Apple's design for the
user interface. Apple's article,
Switch to Mac OS X (Macintosh Operating System 10) [apple.com],
discusses the differences in user experience. The article is meant
for software companies who are designing Apple versions of their
existing Windows programs. The article gives a good idea of the
flaws many people perceive in the Windows XP design.
When companies pick an operating system, they
are partly guessing the future. The investment in software is
huge, not because of the cost of the software usually, but because
of the training and maintenance. If a company makes the wrong
guess, they may in the future need to spend a lot of management
time, employee time, and money in switching to a new system. This
makes it necessary that top managers understand the direction
the industry is going.
The combination of an excellent user interface and
the power of Unix underneath has led many computer
professionals to consider Mac OS 10 presently the world's best
operating system. Acceptance is slowed because there is no version
that will run on Intel or AMD processors, the kind that most people
is widely disliked. It seemed that
there were a lot of negative comments about Microsoft. Searches
on Google for the words "hate Microsoft" or
"hate Microsoft XP" returned many, many results. Not all these results are associated
with disliking Microsoft, but the intensity and accuracy of the
discussions on even the last page of the search results gives
a general idea. (The plus signs in the search terms mean that
the term is required.)
Some of the web pages appeared soon after the
introduction of Windows 95, such as
Why Hate Microsoft?? [tripod.com] and
Why many Computer Lovers hate Microsoft: Questions & Answers
Some of the people who dislike Microsoft write
for industry publications, such as Daniel Dern at Byte.com, whose
August 6, 2001 article,
Why I Hate Microsoft - This Week [byte.com], discusses his
problems with Microsoft's licensing provisions.
Some of the articles in general interest publications
are surprisingly technical, such as the June 1999 article in the
Business Report (Boulder County, Colorado, USA),
programmers love to hate Microsoft -- code out of control
The articles sometimes go into considerable detail, such as
Why I hate Microsoft [euronet.nl] and
The SMASH MICRO$OFT page [zip.com.au].
Apparently users are becoming much more technically knowledgeable, and beginning to resist practices
that they previously did not understand.
A lot of the dislike of Microsoft is caused by Microsoft's hostile behavior. Dislike of Microsoft
first became strong among people who weren't computer users when Microsoft's Bill Gates testified in the anti-trust
case, and was perceived by many to be lying. Internal Microsoft documents such as those called The Halloween Documents [opensource.org] discuss the
impossibility of using FUD to compete with Open Source software. FUD stands for "Fear, Uncertainty,
Doubt"; it is deliberate lying to take advantage of people who have less technical knowledge. See the
section labeled "Key Quotes" in the Halloween Document I [opensource.org].
There have often been stories of Microsoft
using its operating system monopoly to cause trouble for other
software companies. An example is the August 1, 2000 WinInfo article
Microsoft knew about, ignored SP1 [Service Pack 1] personal firewall
issues [wininformant.com]. Here's a quote from the article: "Microsoft refused to fix the problem despite numerous complaints
during the lengthy SP1 beta". Microsoft's behavior caused a huge amount of lost time.
Merely documenting the problem would have saved many people many
It is difficult to evaluate what this strong
negative sentiment toward Microsoft might mean to a company with
10,000 employees. Will it make Microsoft less able to hire good
programmers, and therefore less able to fix security vulnerabilities?
If an alternative to a Microsoft product appears, will the negative
sentiment result in rapid movement away from the Microsoft product,
making it less economically viable?
XP Service Pack 1 On September 9,
2002, Microsoft released Windows XP Service Pack 1 (SP1). This
included, according to Microsoft, 311 kinds of fixes, involving
more than 1,600 files. However, apparently none of the problems
mentioned in this article were fixed.
Although Microsoft says that there are 311
kinds of fixes in Windows XP SP1, industry writers have claimed
that there are fixes that Microsoft has not documented.
The Microsoft article,
Release Notes for Windows XP Service Pack 1 [microsoft.com],
lists the defects that have been found in SP1 since it was released.
Bruce Kratofil, an industry writer, said about Microsoft's automatic
updating process: "There could be a whole lot of grief if this stuff gets automatically
updated without you knowing about the issues ahead of time." Automatic updating makes changes to the user's computer without
the user's knowledge.
Some people report major problems after installing
SP1. For example, see the September 20, 2002 PC World article:
Win XP Update Crashes Some PCs [pcworld.com]. (To put this
issue in perspective, most users are not having problems.) Those
who decide not to install SP1 must fix a very serious security
defect immediately. See the September 28, 2002 Gibson Research article,
XPdite, or XP's Service Pack 1, clicking on a simple, but malicious,
URL can delete the entire contents of your directories. [grc.com]
On one computer in which the author of this
article installed SP1, the operating system power options were
changed so that the system was allowed to go into Standby mode.
The computer, which has an Intel motherboard of a type that is
currently being sold by Intel, locks up when it goes into standby.
All work is lost. Only someone quite knowledgeable would guess
why the computer was ceasing to function.
Microsoft has a history of allowing defect fixes
to change the operating system settings without notice. Also,
often installing new hardware, or a contact failure that seems
to the system that hardware has been removed, or repairing the
operating system by reloading, changes the system settings without
notice. For example, in Windows 98 Second Edition, changing networking
driver software resets the network to the least secure setting.
There is no warning.
Microsoft taking us? There are many
other indications of where Microsoft is taking its customers.
People who buy Microsoft mice don't get the full functionality
until they let the mouse software (!) connect to Microsoft's computers.
Microsoft makes it quite difficult to upgrade
a computer to fix defects if it isn't connected to the Internet.
Sometimes the downloadable updates lag behind those available
with Windows Update, that requires that the computer be connected
to the internet. The downloadable updates are not in an order
that makes it easy to decide what you need.
Windows Media Player reports your music choices
to Microsoft. The
EULA (End User License Agreement) for a security defect fix [bsdvault.net]
to Windows Media Player gives Microsoft complete control over
your computer: They own it, not you. That shows that Microsoft
can and will be sneaky. (The EULA says that it is limited to Digital
Rights Management, but Microsoft is trying, with Palladium, to
extend Digital Rights Management to everything you do on your
computer.) This gives an idea of the moral limits felt by Microsoft.
See also the 12th paragraph of a
comment about the settlement of the Microsoft anti-trust case
[usdoj.gov], on the DOJ web site.
Another indication of the direction Microsoft
is going is that, in Windows XP, menus are sometimes 7 levels
deep. This seems to show a lack of ability to manage the development
of useable software.
control leads to more unhealthy control. Managers
at Microsoft seem to be trying to create a situation in which
Microsoft operating systems are not independent software, but
are dependent on Microsoft computers. They apparently feel that
there is no limit to the control they should have, and are strongly
determined to extend that control.
The attempt to take more control, and to take
more control without adequate explanation, is a huge gamble with
investor's money. If it strongly alienates people from Microsoft,
there may be a time when the company has difficulty selling even
Wanting more control, and a desire for control
that cannot be controlled, is a common psychological problem.
For example, dictators of governments often test the limits until
they destroy themselves.
Design effective resistance to abuse. Human
society in general is not effective at stopping abuse. People have a difficult time being clear about abusiveness, and therefore
about protesting it and stopping it. It is especially difficult for the average person to feel clear about something technical
like software. People tend to blame themselves rather than the software that should serve their needs.
Instead of efficiently moving to limit the destructiveness of the abuser, the abused people often begin to
attack each other. Often technically knowledgeable people have the presumption that, if they know something another person
doesn't know, that gives them a license to attack the other person, or to feel superior. The fighting among themselves of people
knowledgeable about computers is part of the reason there has been very little effective resistance to Microsoft's abuse.
Microsoft's self-destructiveness does not mean that the user should be self-destructive. There is no need to
apologize for using Microsoft software, as many people do who know a lot about computers. The correct solution to abuse is
persuading the abuser to stop being abusive. Rather than feel embarrassed because Microsoft is abusive, action needs to be taken
to prevent the abuse. If you protest effectively against Microsoft abuse, you are not against Microsoft; you are more
pro-Microsoft than Bill Gates.
P.O. Box 14491
Portland, OR 97293-0491
E-Mail: ms-article AT myrealbox DOT com
(Take out the spaces, change AT to @, and change DOT to a period to e-mail the author. The coded e-mail
address helps discourage misuse of the address by computer robots that harvest email addresses for sale to those who send
This version was made available on February 16, 2003. It is revision #1 of that day. (file micro08h.htm)
The latest version of this article can be found
An equivalent address is
(Always select View/Reload on your browser,
so you read the version on the web site, and not the version you
read before, that was stored in your computer.)
If you want other people who have an Internet
connection to read this article, please send them this link, rather
than sending the article by e-mail. That way they will read the
This article may be sent to anyone by e-mail
without permission from the author, provided that no changes are
made, and provided you have some knowledge of the person to whom
you are sending the e-mail.
If you print this article with no changes,
you may give it to anyone you know. Other use requires permission.
Copyright 2002-2003. Futurepower ®
is a trademark in the U.S. and other countries.
Please mention errors and shortcomings to the
author so that he can correct them.
Microsoft and Windows XP are trademarks of
Go to top
Visits since September 12, 2002: