Criticism of Windows XP: Difference between revisions

For criticism applying to several or all versions of Microsoft Windows, see Criticism of Microsoft Windows.

Criticism of Windows XP deals with issues with security, performance and presence of product activation that are specific to the Microsoft operating system Windows XP.

Security issues

Windows XP has been criticized for its vulnerabilities due to buffer overflows and its susceptibility to malware such as viruses, trojan horses, and worms. Nicholas Petreley for The Register notes that "Windows XP was the first version of Windows to reflect a serious effort to isolate users from the system, so that users each have their own private files and limited system privileges."^[1] However, users by default receive an administrator account that provides unrestricted access to the underpinnings of the system. If the administrator's account is compromised, there is no limit to the control that can be asserted over the PC. Windows XP Home Edition also lacks the ability to administer security policies and denies access to the Local Users and Groups utility.

Microsoft executives have stated that the release of security patches is often what causes the spread of exploits against those very same flaws, as crackers figure out what problems the patches fix, and then launch attacks against unpatched systems. For example, in August 2003 the Blaster worm exploited a vulnerability present in every unpatched installation of Windows XP, and was capable of compromising a system even without user action. In May 2004 the Sasser worm spread by using a buffer overflow in a remote service present on every installation. Patches to prevent both of these well-known worms had already been released by Microsoft. Increasingly widespread use of Service Pack 2 and greater use of personal firewalls may also contribute to making worms like these less common.^[2]

Many attacks against Windows XP systems come in the form of trojan horse e-mail attachments which contain worms. A user who opens the attachment can unknowingly infect his or her own computer, which may then e-mail the worm to more people. Notable worms of this sort that have infected Windows XP systems include Mydoom and Bagle. To discourage users from running such programs, Service Pack 2 includes the Attachment Execution Service which records the origin of files downloaded with Internet Explorer or received as an attachment in Outlook Express. If a user tries to run a program downloaded from an untrusted security zone, Windows XP with Service Pack 2 will prompt the user with a warning.

Spyware and adware are a continuing problem on Windows XP and other versions of Windows. Spyware is also a concern for Microsoft with regard to service pack updates; Barry Goff, a group product manager at Microsoft, said some spyware could cause computers to freeze up upon installation of Service Pack 2.^[3] In January 2005, Microsoft released a free beta version of Windows Defender which removes some spyware and adware from computers.

Windows XP offers some useful security benefits, such as Windows Update, which can be set to install security patches automatically, and a built-in firewall. If a user doesn't install the updates for a long time after the Windows Update icon is displayed in the toolbar, Windows will automatically install them and restart the computer on its own. This can lead to the loss of unsaved data if the user is away from the computer when the updates are installed. Service Pack 2 enables the firewall by default. It also adds increased memory protection to let the operating system take advantage of new No eXecute technology built into CPUs such as the AMD64. This allows Windows XP to prevent some buffer overflow exploits.

Product activation

Product activation is used by Windows XP to curb illegal distribution of the operating system.^[4] Activation requires the computer or the user to activate with Microsoft within a certain amount of time in order to continue using the operating system.

Microsoft has released details about the nature of the information transmitted during the activation process, which includes a cryptographic hash of the following ten values:^[5]

• Display adapter name
• SCSI adapter name
• IDE adapter name
• Network adapter MAC address
• RAM amount (as a range, e.g. 0–64 MB, 64–128 MB, etc.)
• Processor type
• Processor serial number (if applicable)
• Hard drive Model
• Hard drive volume serial number
• CD and/or DVD drive identification

No specific details about the hardware are transmitted, but rather a hash of the above information combined with the CD key code and country of installation.

If the user's computer system changes in certain ways — for example, if two or more relevant components in the list above are changed — Windows may refuse to run until the user reactivates with Microsoft.

Key changers and keygens available on the Internet are able to circumvent the product activation process, allthough it is illegal to use one.

User interface and performance

Critics have claimed that the default Windows XP user interface (Luna) adds visual clutter and wastes screen space while offering no new functionality and running more slowly. Supporters of the new interface praise its task-oriented nature and the automatic grouping of related windows on the taskbar, and automatic hiding of unused system tray icons, to reduce clutter, and point out that the higher nominal system requirements of Windows XP allow it to easily handle the increased processing demand. By changing the start menu and turning off the theming, it is possible to return to the Windows Classic interface. This is slightly faster but may be considered less visually attractive.

CNET's web site lists hundreds of positive and negative reviews of Windows XP Home^[6] and Professional^[7] from users. David Coursey, Executive Editor of ZDNet's AnchorDesk, ^[8] and Paul Thurrott, who runs SuperSite for Windows,^[9] have both written positive reviews of the operating system.

Least User Access (LUA) Bugs

A LUA bug is a scenario in which users with limited privileges are not able to perform certain actions that they ought to be able to perform. For example, LUA users are unable to change the timezone under Windows XP. This should be permitted because the timezone that Windows XP displays to the user is simply cosmetic, and is not the same as the actual time used by the underlying operating system. Similarly, Windows XP does not allow the "Date and Time Properties" dialog to be viewed in read-only mode by a LUA user who does not have permission to change the system time. Reason for this is that Windows interprets Real Time Clock data (BIOS time) as local time, so changing of the time-zone cause changing of the hardware settings, which is prohibited for unauthorized users.^[10]

LUA bugs force many organizations to authorize their end users to have higher levels of access than should otherwise be necessary according to the principle of least privilege.^{[citation needed]} These users are consequently at greater risk when they use applications like Internet Explorer, because any malicious code targeting a vulnerability in Internet Explorer will also be able to exploit this elevated level of access. Add-on tools such as DropMyRights address this by limiting the access of specific processes (e.g. Internet Explorer) to that of a basic or limited user.

Antitrust concerns

In light of the United States v. Microsoft case which resulted in Microsoft being convicted for illegally abusing its operating system monopoly to overwhelm competition in other markets, Windows XP has drawn fire for integrating user applications such as Windows Media Player and Windows Messenger into the operating system, as well as for its close ties to the Windows Live ID service.

In 2001, ProComp – a group including several of Microsoft's rivals, including Oracle, Sun, and Netscape – claimed that the bundling and distribution of Windows Media Player in Windows XP was a continuance of Microsoft's anticompetitive behavior^[11] and that the integration of Windows Live ID (at the time Microsoft Passport) into Windows XP was a further example of Microsoft attempting to gain a monopoly in web services.^[12] Both of these claims were rebutted by the Association for Competitive Technology (ACT) and the Computing Technology Industry Association (CompTIA), both partially funded by Microsoft. ^[13][14] The battle being fought by fronts for each side was the subject of a heated exchange between Oracle's Larry Ellison and Microsoft's Bill Gates.^[15]

Microsoft responded on its "Freedom to Innovate" web site,^[16] pointing out that in earlier versions of Windows, Microsoft had integrated tools such as disk defragmenters, graphical file managers, and TCP/IP stacks, and there had been no protest that Microsoft was being anti-competitive. Microsoft asserted that these tools had moved from special to general usage and therefore belonged in its operating system.

To avoid the possibility of an injunction, which might have delayed the release of Windows XP, Microsoft changed its licensing terms to allow PC manufacturers to hide access to Internet Explorer (but not remove it). Competitors dismissed this as a trivial gesture.^[17] Later, Microsoft released a utility as part of Service Pack 1 (SP1) which allows icons and other links to bundled software such as Internet Explorer, Windows Media Player, and Windows Messenger (not to be confused with the similar-named Windows Live Messenger, formerly MSN Messenger) to be removed. The components themselves remain in the system; Microsoft maintains that they are necessary for key Windows functionality (such as the HTML Help system and Windows desktop), and that removing them completely may result in unwanted consequences. One critic, Shane Brooks, has argued that Internet Explorer could be removed without adverse effects, as demonstrated with his product XPLite.^[18] Dino Nuhagic created his nLite software to remove many components from XP prior to installation of the product.^[19]

In addition, in the first release of Windows XP, the "Buy Music Online" feature always used Microsoft's Internet Explorer rather than any other web browser that the user may have set as his/her default. Whether this flaw was intentional or simply an oversight is unclear. Under pressure from the United States Department of Justice, Microsoft released a patch in early 2004, which corrected the problem.^[20]

See also

• Criticism of Microsoft
• Criticism of Internet Explorer
• Criticism of Windows Vista
• Windows refund

References

1. Security Report: Windows vs Linux | The Register
2. The strange decline of computer worms | Channel Register
3. Windows needs to be clean for new patch - Breaking News - http://www.smh.com.au
4. http://www.microsoft.com/piracy/basics/activation/
5. http://www.microsoft.com/piracy/basics/activation/mpafaq.asp
6. Microsoft Windows XP - Home Edition Ratings. Windows User Opinions
7. Microsoft Windows XP - Professional Ratings. Windows User Opinions
8. My first look at Windows XP: It's great. Here's why
9. Paul Thurrott's SuperSite for Windows: Windows XP Home Edition and Professional: The SuperSite Review
10. Margosis, Aaron (2006-02-06). "What is a "LUA Bug"? (And what isn't a LUA bug?)". Microsoft Developer Network Blog. Microsoft. Retrieved 2007-08-30.
11. http://www.procompetition.org/headlines/04_whitepaper.pdf
12. http://www.procompetition.org/headlines/WhitePaper6_21.pdf
13. News Briefs: May 26-31, 2001
14. MS Launches Counter PR Attack
15. Oracle's Ellison rips into Bill Gates - Jun. 28, 2000
16. http://www.microsoft.com/freedomtoinnovate/newsletter/finnews_060501.asp
17. Microsoft changes Windows license terms | CNET News.com
18. XPlite and 2000lite Uninstall Windows components
19. nLite - Deployment Tool for the bootable Unattended Windows installation
20. The "Shop for music online" link starts Internet Explorer instead of your default Web browser in Windows XP

windows was one of the most sold software