Do it Yourself Mojave

Do it Yourself Mojave

Summary: Yup. I'm now a Vista user. As I mentioned in a previous post, circumstances have recently required that I buy a new desktop PC.

SHARE:

vistadesktop.jpg

Yup. I'm now a Vista user.

As I mentioned in a previous post, circumstances have recently required that I buy a new desktop PC. It's not that I wasn't happy with my old PC -- it was a generic ASUS M2N32 Athlon X2 5000+ with 4GB of RAM and an ATI HD 2400 graphics card and various removable disks that I had pieced together for various different types of application and OS testing. I ran XP SP3 and various distributions of Linux on it, and I was more than happy with how it performed. I had a number of various quirky problems with different permutations of Vista on the box over the last year or so, and could never get it to run properly -- but interestingly enough I was able to get Windows Server 2008 with Hyper-V running on it just fine. For the most part, I simply avoided using Vista for most of my software testing, except in the case where I could virtualize it on my servers which had plenty of RAM and CPU to spare -- I didn't have the desktop horsepower to really run it correctly. I also had no business reasons for using it, the applications which were designed for it such as Office 2007 ran just as well on XP, and quite frankly, I'm a server/mid range OS guy and most of the glitz and fancy features of the OS just don't appeal to me.

Click on the "Read the rest of this entry" link below for more.

Nevertheless, fate intervened. My wife, Rachel, has been using a 4 year old HP XW4100 Dual Pentium 4 for several years now. Rachel has been part time real estate agent, restaurant consultant, and general queen of the household -- she keeps track of the bills, takes care of my appointments and some of my press correspondence, and in general, functions as my unpaid admin. That system running Windows XP with 1GB of RAM and Office 2003, Firefox, and a number of her other favorite programs had been running pretty well and fit her needs accordingly. In the 4 years since she's been using it, it had a second OS re-install, because like many of my testing machines, it gets a lot of abuse.

Recently, the machine which was upgraded in the last 6 months to 2GB of RAM has been less than responsive with the more demanding applications she wants to use. It was time for Rachel to get a better machine -- so I decided to give her my existing desktop, fully cleaned up, with a new XP SP3 install with all her applications re-installed and her data migrated over. She's now up and running, and happy as a clam.

Of course, this left me without a desktop computer besides my work laptop, which I had dare not do any software testing on -- my ThinkPad is to be treated like an acropolis, because without it, I can't do most of my job-related work. So I searched the Internet for a moderately priced machine that would be more or less equivalent to what I had before and I wouldn't care too much about if I had to junk it in 3 years. I picked a Dell Inspiron 530 from COSTCO's web site, which is currently on sale for $599 without a monitor. The Intel Core 2 Quad Q6600 with 4GB of RAM and a 500GB hard disk was more than sufficient for my purposes, and I'd be hard pressed to build a cheaper machine from OEM parts myself that was as well integrated and had a 2 year on site support warranty. It also came preloaded with Vista Premium.

I contemplated  wiping the machine and throwing Ubuntu and XP on it, which is my preferred workstation OS dual boot combo. But after hearing all the news of the Mojave Experiment, and reading the various TalkBacks to several of my arguably "anti-Vista" posts on this blog, I decided to run my own little usability study -- I would stick with Windows Vista for at least a month as my primary productivity and workstation platform. Linux would be relegated to my virtualized server OSes which I could console in remotely.

My Inspiron 530 arrived this week, all shiny and new. I thought I would be able to use it as-is out of the box with Vista, but to my surprise, the Quad-Core 4GB machine barely would run my most favorite Windows applications adequately with all the Vista bells and whistles turned on. It performed like a slug, to put it gently. Sure, I could have turned a bunch of the effects off, but if I was going go use a machine designed for Vista, why wouldn't I want to run it with its most optimal settings so I could experience it as Microsoft had intended it?

What would have been a powerhouse for XP or Linux turned out to be a very entry level machine for Vista, and it needed a bit of  "pimping" to get up to spec. For starters, despite having a fully-capable 64-bit CPU, DELL handicapped the machine with the 32-bit version of Vista Premium instead of the 64-bit edition, and the box only has a single built-in 10/100 Ethernet connection instead of a Gigabit -- fine for your average home user with a SOHO broadband Internet connection, but I move some pretty big files around on my network. I guess this is where they shaved off some of the costs. So much for using Dell's OEM pre-load -- I ended up having to wipe the disk with an new Vista SP1 64-bit Ultimate install, courtesy of my MSDN account (and what would normally cost $400 retail)  and shoving in one of my spare Netgear PCI Gigabit Ethernet cards, something that would cost about $25-$40 if I had to go out and get one.

vistarating.jpg

My machine's Vista vitals after upgrading to 64-Bit Ultimate and a new nVidia GPU.

After playing with the machine a bit, I also discovered that the built in Intel graphics chip was woefully underpowered for running the default Aero configuration and doing any photo editing. It only had an analog SVGA output -- my high end Samsung 20" monitor with DVI inputs wouldn't look so good with that. So I ran out to Staples and grabbed the baddest graphics card they had in stock, a PNY NVidia GeForce 8500GT graphics card,  a mid-range business graphics adapter for Vista which I arguably overpaid $30 for.  I re-ran the Vista-built in performance tests and came up with an overall score of 4.8. Not too shabby for  $750-$800.00 worth of Tier 1 OEM Chinese-manfactured hardware. Woohoo!

After getting the hardware all set, I threw my standard suite of applications and utilities on the machine. Before my beloved "hecklers" cry foul and accuse me of putting some weirdo software and tweaks on the box, you can see for yourself what's on the list:

vistasoftware.jpg

Admittedly, for my single "tweak" I disabled User Account Control (UAC) because after running for several hours, it drove me absolutely berserk every time I had to install a new app, and as a sysadmin-type with a root god complex I wasn't going to let this OS push me around. It also interfered with the operation of Synergy2, because every time the UAC prompt went off it would sever my remote mouse and keyboard connection from my docked laptop. Call it amateurish, call it unsafe, it was either going to be that, or this experiment was ending and this albatross was going to become a full-time Penguin.

Now that I resolved the initial hardware issues, so far, so good, although I can't say that there are features in Vista that are so compelling that my applications really run any better now than they did on an equivalent 2GB Windows XP VM running under Ubuntu, or in a XP dual-boot on the old machine with 3.5GB RAM, which I still perceive to be a more responsive configuration due to the much lower hardware requirements on a very respectable desktop box. I did notice a considerable increase in application startup performance after sticking a 1GB USB keychain into one of the spare USB 2.0 ports for ReadyBoost, but geez, wasn't 4GB of RAM enough for this thing?

Because of a recent PC migration, have you also decided to run your own "Mojave" tests? Talk Back and let me know.

Topics: Software, Dell, PCs, Ubuntu, Servers, Operating Systems, Laptops, Intel, Hardware, Windows

About

Jason Perlow, Sr. Technology Editor at ZDNet, is a technologist with over two decades of experience integrating large heterogeneous multi-vendor computing environments in Fortune 500 companies. Jason is currently a Partner Technology Strategist with Microsoft Corp. His expressed views do not necessarily represent those of his employer.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

107 comments
Log in or register to join the discussion
  • Vista security broken - Black Hat

    http://www.theinquirer.net/gb/inquirer/news/2008/08/08/vista-security-rendered-usless
    bjbrock
    • Here's the full paper on the presentation ...

      [b]"Impressing Girls with Vista Memory Protection Bypasses"[/b]:

      http://taossa.com/index.php/2008/08/07/impressing-girls-with-vista-memory-protection-bypasses/

      When Nate McFeters gets back from Black Hat I believe we're going to have some very interesting discussions on several of the blogs here at zdnet. ;)
      MisterMiester
    • Hmmmm....

      What will these "Vista is WAY more secure" zealots say now? I take all these discussions jokingly but some of those guys seemed to rest their lives on Vista's improves security.
      storm14k
      • I think they'll point to the bit....

        ...where they say this is a reusable exploit which can be ported to other operating systems and which requires the user to allow stuff on their machine.

        Or possibly the bit where they haven't actually demonstrated it effectively or allowed MS to view it to see if it can actually be blocked or not.

        Or even the bit The Inquirer (LOL) didn't mention:

        "[i]Finally, we will discuss what Microsoft can do to increase the effectiveness of the memory protections at the expense of annoying Vista users even more.[/i]"
        Sleeper Service
        • Really ?

          [i]...where they say this is a reusable exploit which can be ported to other operating systems and which requires the user to allow stuff on their machine.[/i]

          Well here's a link to the paper for the presentation:

          http://taossa.com/archive/bh08sotirovdowd.pdf

          A quick search for "Linux" or "OS X" or even "other operating" returns nothing. It's not about "other operating systems" the paper is a proof of concept about "Bypassing Browser Memory Protections" with Vista.

          Truth hurts, doesn't it? ;)
          MisterMiester
          • Really???

            Have you read this article? Try the second from last paragraph.

            http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1324395,00.html

            "Dai Zovi stressed that the techniques Dowd and Sotirov use do not rely on specific vulnerabilities. As a result, he said, there may soon be similar techniques applied to other platforms or environments."
            transposeIT
          • The question is as always...

            What can they do once they get in? If they can't elevate to a root account on *nix then your home folder is the only thing in danger and that can be backed up. Then theres the question of AppArmor and SELinux. I'm still planning to research them more but apparently they will have a problem with your browser trashing a home directory.

            Now the articles say that theres not much MS can do because its a core design flaw but it didn't say that about the other platforms yet.
            storm14k
          • Doesn't Anyone Read?

            Here is the conclusion of the paper:

            [i]In this paper we demonstrated that the memory protection mechanisms available in the latest versions of Windows are not always effective when it comes to preventing the exploitation of memory corruption vulnerabilities in browsers. They raise the bar, but the attacker still has a good chance of being able to bypass them. Two factors contribute to this problem: the degree to which the browser state is controlled by the attacker; and the extensible plugin architecture of modern browsers.

            The internal state of the browser is determined to a large extent by the untrusted and potentially malicious data it processes. The complexity of HTML combined with the power of JavaScript and VBscript, DOM scripting, .NET, Java and Flash give the attacker an unprecedented degree of control over the browser process and its memory layout.

            The second factor is the open architecture of the browser, which allows third-party extensions and plugins to execute in the same process and with the same level of privilege. This not only means that any vulnerability in Flash affects the security of the entire browser, but also that a missing protection mechanism in a third-party DLL can enable the exploitation of vulnerabilities in all other browser components.

            The authors expect these problems to be addressed in future releases of Windows and browser plugins shipped by third parties. [/i]

            The proof of concept for the presentation does not talk about Linux and/or OS X, but specifically talks about the Windows platform.

            Whether additional platforms at this time can or can't be compromised is not the issue. Notice what Dai Zovi said

            [i]"there [b]may[/b] soon be similar techniques applied to other platforms or environments"[/i]

            No mention of any other specific platforms or environments that may be affected. The potential security intrusion for Windows is here [b]right now[/b], there is evidence.
            MisterMiester
          • Hey, if it works then...

            ...it works and we'll need to see how MS deal with it - which the paper's author's indicate they can.

            So, rather than jump to conclusions on the say so of one or two journalists on something that MS haven't even looked at, I think I'll wait until the paper is formally presented, MS have had time to review the findings and then present any potential solutions before consigning Vista to the bin.

            Which, since the authors mention in their conclusion (which you kindly posted):

            "[i]The authors expect these problems to be addressed in future releases of Windows and browser plugins shipped by third parties.[/i]"

            looks like won't be happening for a good while yet. :)
            Sleeper Service
          • @sleeper - They're Not Journalist ...

            [i]So, rather than jump to conclusions on the say so of one or two journalists on something that MS haven't even looked a ...[/i]

            They're not journalist, they're computer security researchers Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. Their paper is not about any "any new vulnerabilities". It's about a major design flaw:

            [i]Researchers who have read the paper that Dowd and Sotirov wrote on the techniques say their work is a major breakthrough and there is little that Microsoft can do to address the problems. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista's fundamental architecture and the ways in which Microsoft chose to protect it.[/i]

            http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1324395,00.html

            From the same article even security expert Dino Dai Zovi is in agreement:

            [i]"The genius of this is that it's completely reusable," said Dino Dai Zovi, a well-known security researcher and author. "They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over.[/i]

            [i]"This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista," Dai Zovi said. "If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they're safe because they're .NET objects, you see that Microsoft didn't think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force."[/i]

            This isn't a "patch" that can be rolled out with the next Tuesday delivery or a new service pack. This is a fundamental design flaw of the underlining Vista security model that both researchers and others in the security community are in agreement.

            This goes back to my original post. When Nate McFeters gets back from Black Hat it's going to be very interesting on some of the blogs here on zdnet. I suggest everyone bring some popcorn. ;)
            MisterMiester
          • I know...

            ...who they are, however the article posted at the beginning related to the Inquirer who most certainly are journalists.

            So The Inquirer (LOL) posts the story whilst conveniently omitting that the paper's authors state that they expect the problem to be resolved by later versions - and does this means letter versions of Windows or service packs? - and changes to third party browsers.

            Meanwhile we have Dai Zovi leaping up and down like an excited poodle when MS haven't even had a chance to respond. Given the amount of times we've heard that Windows is doomed because of some exploit or other which either fails to materialise or is quickly nullified I'm going to reserve judgement until we've got a clearer idea of what's going on here.
            Sleeper Service
          • From the sounds of it

            the real problem is in the basic design of browsers and plug-ins. I'm pretty sure plugins run at the same privilege level as the browser process on all OS'es. The real problem is any vulnerability in any plugin the user chooses to install can compromise the entire browser. I don't think it would matter if you were using FF or IE either. We'll have to see how it pans out.
            LiquidLearner
        • Has nothing to do with other OS's.

          It's about MS making false claims. Claims that their OS is somehow the ultimate in security when in fact there is nothing secure about it.

          If man makes it, man can break it - any OS. MS would have you believe that somehow their OS doesn't follow this rule. THAT is what the article on Vista's security is about.
          bjbrock
          • No, it's not

            [i]If man makes it, man can break it - any OS. MS would have you believe that somehow their OS doesn't follow this rule.[/i]

            No, that's not true at all. They have never claimed their OS to be infallible. Of course there are vulnerabilities. They all have vulnerabilities. To even pretend like anyone (outside of rabid fanboys...) has ever claimed 100% security out of any operating system just makes you sound foolish.
            laura.b
          • no

            Its about some nerdy pro linux fanboys tub thumping and misleading people.
            Of course it helps that the kind of people that read the register and such sites are pro linux fanboys too!
            jdbukis@...
          • But it isn't.

            It doesn't claim 100% security for any OS.
            The point of this isn't that it's a new vulnerability - every OS has those.
            The idea is that this is a basic problem that can't be patched because it's
            fundamental to the relationship between browser design philosophy and
            Windows design philosophy.
            2+2=5
      • A relative term.

        "What will these 'Vista is WAY more secure' zealots say now?"

        Nothing is perfect. "More secure" can be relative and even a bit subjective. Vista [b]does[/b] have more protections than XP does, and breaking it requires a lot more effort than breaking XP.

        The only truly secure machine is an isolated machine.
        CobraA1
        • Its very early but...

          The articles just makes it seem that Vista is now wide open without much of a fix. Its still early though and I couldn't imagine there not being a way to shut this down. However it sure will be fun to laugh at the zealots while they do. :-)
          storm14k
          • There are fixes for DEP

            There are fixes, at least for DEP. Work only with software that is compatible with DEP, and set it to be turned on always.
            CobraA1
          • As is typically the case the article are not very accurate.

            At least when it comes to Vista.
            ye