Criticism of Windows XP: Difference between revisions

Criticism of Windows XP deals with perceived issues with security, performance and presence of product activation.

Security issues

Security concerns have long been an issue with Microsoft products. Windows XP has been criticized for its susceptibility to buffer overflows, malware, viruses, trojan horses, and worms. Security issues are compounded by the fact that users, by default, receive an administrator account that provides unrestricted access to the underpinnings of the system. If the administrator's account is broken into, there is no limit to the control that can be asserted over the compromised PC. Nicholas Petreley for The Register notes that "Windows XP was the first version of Windows to reflect a serious effort to isolate users from the system, so that users each have their own private files and limited system privileges."^[1] Windows XP Home Edition also lacks the ability to administer security policies and denies access to the Local Users and Groups utility. It is also find unstable by most consumers, which rather prefer bying Windows XP Professional. Windows XP Home Edition was dubbed The most unstable Microsoft OS after Windows Millennium Edition.

The Windows operating system has long been a tempting target for virus creators. This is logical due to the fact that the Windows market share is huge, and that Microsoft's closed source development methodology has been slow to react to security holes, such as those in Internet Explorer ^[2]. Furthermore, security holes are often invisible until they are exploited, making preemptive action difficult. Microsoft executives have stated that the release of patches to fix security holes is often what causes the spread of exploits against those very same holes, as crackers figured out what problems the patches fixed, and then launched attacks against unpatched systems.

Many attacks against Windows XP systems come in the form of e-mail trojan horses which are sent by worms. A user who opens the file attachment(s) can unknowingly infect his or her own computer, which then e-mails the worm to more people. Notable worms of this sort that have infected Windows XP systems include Mydoom and Bagle.

In August 2003 the Blaster worm, which became one of the most well known Windows worms, exploited a vulnerability present in every unpatched installation of Windows XP and capable of compromising a system even without user action. Windows XP was also vulnerable to the Sasser worm, spread by using a buffer overflow in a remote service present on every installation. In May 2004, Sasser quickly spread through computers running Windows XP and Windows 2000. Increasingly widespread use of Service Pack 2, and greater use of personal firewalls, appears to have been making worms like these less common.^[3]

Spyware and adware are a continuing problem on Windows XP and other versions of Windows. Spyware is also a concern for Microsoft with regard to service pack updates; Barry Goff, a group product manager at Microsoft, said some spyware could cause computers to freeze up upon installation of Service Pack 2. ^[4] In January 2005, Microsoft released a free beta version of Microsoft AntiSpyware which attempts to remove spyware and adware from computers. Microsoft AntiSpyware has since been renamed to Windows Defender.

Windows XP offers some useful security benefits, such as Windows Update, which can be set to install security patches automatically, and a built-in firewall. However, if a user doesn't install the updates for a long time after the Windows Update icon is displayed in the toolbar, Windows will automatically install them and restart the computer on its own. This can lead to the loss of unsaved data if the user is away from the computer when the updates are installed. Service Pack 2 enables the firewall by default. It also adds increased memory protection to let the operating system take advantage of new No eXecute technology built into CPUs such as the AMD64. This allows Windows XP to prevent code from being executed on areas of memory flagged with an NX bit and can stop some buffer overflow exploits from running arbitrary code.

Service Pack 2 attempts to remedy problems with users running untrusted code with the Attachment Execution Service that records the origin of files in alternate data streams attached to files downloaded with Internet Explorer or received as an attachment in Outlook Express. For example if a user tries to run an executable File downloaded from an untrusted security zone, Windows XP with Service Pack 2 will prompt the user with a warning.

Product activation

While product activation and licensing servers are common for business and industrial software, Windows XP gave many casual computer users their first introduction to it. The system was introduced by Microsoft to curb illegal distribution of Windows XP.^[5] Activation requires the computer or the user to activate with Microsoft within a certain amount of time in order to continue using the operating system. If the user's computer system ever changes — for example, if two or more relevant components (see list below) of the computer itself are upgraded — Windows may refuse to run until the user reactivates with Microsoft.

There have been privacy fears about the nature of the data transmitted to Microsoft. Microsoft has released details about the nature of the information transmitted ^[6], which includes a cryptographic hash of the following ten values:

• Display adapter name
• SCSI adapter name
• IDE adapter name
• Network adapter MAC address
• RAM amount (as a range, e.g. 0–64 MB, 64–128 MB, etc.)
• Processor type
• Processor serial number (if applicable)
• Hard drive device
• Hard drive volume serial number
• CD-ROM/ CD-RW/ DVD-ROM identification

This information is used to seed the generation of a number which, along with the CD Key and country of installation, is transmitted to Microsoft. According to Microsoft, no specific details about the hardware are transmitted. However, as key changers and keygens were soon available on the Internet after Windows XP's release, many users managed to circumvent the product activation process.

Notable critics

The Free Software Foundation was leading a campaign called "BadXP" against XP on these grounds, as well as because it is an example of prominent proprietary software.

User interface and performance

Critics have claimed that the default Windows XP user interface (Luna) adds visual clutter and wastes screen space while offering no new functionality and running more slowly. Supporters of the new interface praise its task-oriented nature and the automatic grouping of related windows on the taskbar, and automatic hiding of unused system tray icons, to reduce clutter, and point out that the higher nominal system requirements of Windows XP allow it to easily handle the increased processing demand. By changing the start menu and turning off theming it is possible to return to the Windows Classic interface. This is slightly faster but many consider it to be less visually attractive.

CNET's web site lists hundreds of positive and negative reviews of Windows XP Home^[7] and Professional^[8] from users. David Coursey, Executive Editor of ZDNet's AnchorDesk, ^[9] and Paul Thurrott, who runs SuperSite for Windows,^[10] have both written positive reviews of the operating system. Steven Garrity has written an article displaying the inconsistencies throughout the user interface.^[11]

Internet Explorer Vulnerabilities

Internet Explorer runs by default with the same level of privilege as the logged in user. Consequently, Administrators are always at heightened risk to any form security vulnerability when using Internet Explorer, as malicious software running under Internet Explorer will be able to exploit the Administrator's extended privileges under the operating system.

Tools such as DropMyRights go some way to address this by limiting the Internet Explorer process to that of a basic or limited user, but are not installed by default.

LUA Bugs

A LUA bug is a scenario where limited users are not able to perform certain actions that they ought to be able to. For example, LUA users are unable to change the timezone under Windows XP. The timezone that Windows XP displays to a user is cosmetic, and not the same as the actual time used by the underlying operating system, which uses UTC time for operations such as Kerberos authentication. Similarly, Windows XP does not allow the clock to be viewed in read-only mode by a LUA user who does not have permission to change the system time. ^[12]

LUA bugs force many organizations to authorize their end users to have higher levels of access than should otherwise be necessary according to the principle of least privilege. These users are consequently at greater risk when they use applications like Internet Explorer, because any malicious code targeting a vulnerability in Internet Explorer will also be able to exploit this elevated level of access.

Antitrust concerns

In light of the United States v. Microsoft case which resulted in Microsoft being convicted for illegally abusing its operating system monopoly to overwhelm competition in other markets, Windows XP has drawn fire for integrating user applications such as Windows Media Player and Windows Messenger into the operating system, as well as for its close ties to the Windows Live ID service.

In 2001, ProComp claimed that the bundling and distribution of Windows Media Player in Windows XP was a continuance of Microsoft's anticompetitive behavior^[13] and that the integration of Windows Live ID (at the time Microsoft Passport) into Windows XP was a further example of Microsoft attempting to gain a monopoly in web services.^[14] Both of these claims were rebutted by the Association for Competitive Technology (ACT) and the Computing Technology Industry Association (CompTIA).^[15][16] ProComp is a group including several of Microsoft's rivals, including Oracle, Sun, and Netscape. ACT and CompTIA are both partially funded by Microsoft. The battle being fought by fronts for each side was the subject of a heated exchange between Oracle's Larry Ellison and Microsoft's Bill Gates.^[17]

Microsoft responded on its "Freedom to Innovate" web site,^[18] pointing out that in earlier versions of Windows, Microsoft had integrated tools such as disk defragmenters, graphical file managers, and TCP/IP stacks, and there had been no protest that Microsoft was being anti-competitive. Microsoft asserted that these tools had moved from special to general usage and therefore belonged in its operating system.

To avoid the possibility of an injunction, which might have delayed the release of Windows XP, Microsoft changed its licensing terms to allow PC manufacturers to hide access to Internet Explorer (but not remove it). Competitors dismissed this as a trivial gesture.^[19] Later, Microsoft released a utility as part of Service Pack 1 (SP1) which allows icons and other links to bundled software such as Internet Explorer, Windows Media Player, and Windows Messenger (not to be confused with the similar-named Windows Live Messenger, formerly MSN Messenger) to be removed. The components themselves remain in the system; Microsoft maintains that they are necessary for key Windows functionality (such as the HTML Help system and Windows desktop), and that removing them completely may result in unwanted consequences. One critic, Shane Brooks, has argued that Internet Explorer could be removed without adverse effects, as demonstrated with his product XPLite.^[20] Dino Nuhagic created his nLite software to remove many components from XP prior to installation of the product.^[21]

In addition, in the first release of Windows XP, the "Buy Music Online" feature always used Microsoft's Internet Explorer rather than any other web browser that the user may have set as his/her default. Whether this flaw was intentional or simply an oversight is unclear. Under pressure from the United States Department of Justice, Microsoft released a patch in early 2004, which corrected the problem.^[22]

See also

• Windows XP
• Criticism of Microsoft
• Criticism of Internet Explorer
• Criticism of Windows Vista

References

1. http://www.theregister.co.uk/security/security_report_windows_vs_linux/#singleuser
2. http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html
3. http://www.channelregister.co.uk/2005/03/17/f-secure_websec/
4. http://smh.com.au/articles/2004/09/03/1093939116391.html
5. http://www.microsoft.com/piracy/basics/activation/
6. http://www.microsoft.com/piracy/basics/activation/mpafaq.asp
7. http://reviews.cnet.com/Microsoft_Windows_XP___Home_Edition/4852-3672_7-6534881.html
8. http://reviews.cnet.com/Microsoft_Windows_XP___Professional/4852-3672_7-6534868.html
9. http://reviews-zdnet.com.com/4520-6033_16-4205723.html
10. http://www.winsupersite.com/reviews/windowsxp.asp
11. http://actsofvolition.com/archives/2001/december/windowsxprough
12. Margosis, Aaron (2006-02-06). "What is a "LUA Bug"? (And what isn't a LUA bug?)". Microsoft Developer Network Blog. Microsoft. Retrieved 2007-08-30.
13. http://www.procompetition.org/headlines/04_whitepaper.pdf
14. http://www.procompetition.org/headlines/WhitePaper6_21.pdf
15. http://www.techlawjournal.com/home/newsbriefs/2001/05f.asp
16. http://www.wired.com/news/antitrust/0,1551,44170,00.html
17. http://money.cnn.com/2000/06/28/technology/oracle/
18. http://www.microsoft.com/freedomtoinnovate/newsletter/finnews_060501.asp
19. http://news.com.com/2100-1001-269800.html
20. http://www.litepc.com/xplite.html
21. http://www.nliteos.com/
22. http://support.microsoft.com/?id=833998

External links

• Windows XP Software compatibility site