OldNFO has an important post about how Microsoft is moving very aggressively to a 100% online subscription licensing model. This is important enough that I won't excerpt any of this; instead, you should go read the whole thing. It's not too long, but if you care about the security of your home network (especially the whole who has access to my data and can I even know thing), go read. I'll wait.
What this means is that you don't own any Microsoft software. Sure, you may think that because you paid them money (most often when you bought your computer - some of that purchase price went to Microsoft in the form of a license fee for Windows). But you actually don't own "your" copy of software. At all.
Rather, you have the right to run the software on your computer. That may not seem like a big difference, but it is. The license agreement (you know, the one you didn't read before you clicked "I Agree") allows Microsoft to change the terms of the agreement at any time, at their pleasure.
Microsoft has just done this in a big, big way. Key new stuff in Windows 11 is:
- AI integrated with your operating system
- Online presence is critical for lots of Windows now (e.g. AI)
- Windows will nag you until you put all your data online (OneDrive) whether you want to or not.
The proper technical term for that first bullet point is that your Windows operating system is essentially now an "AI Agent" which if you are a regular reader you know is very, very bad security juju.
Combine this enormous security hole with the requirement to essentially be online 100% of the time (bad security) and the liklihood that OneDrive will slurp all your data to some Internet black hole in a Microsoft data center, Windows is simply unsecurable.
Yes, I know that is inflammatory, but there is simply no way that you can get assurance that your security is sane. I say that as someone who has spent decades inn Internet Security (and particularly in security assurance). Not to put too fine a point on it, but I don't think that I could get decent assurance that things aren't going "bump in the Net". For most of the readers here, it's not even worth trying.
So what do you do, assuming that you are not a tech nerd like me?
Interestingly, Microsoft has just flipped the technical script on this. It used to be that it was easier to stay on Windows than to move to alternatives like Linux. Now that's out the window, at least if you want to protect your data from that OneDrive vacuum cleaner and whatever the AI agent will do to you.
But this is admittedly a big step for a lot of people. So as it turns out, you can "kick the tires" on all the different flavors of Linux without installing it. All you need is a web browser.
This is really slick. The Linux equivalent of the Windows Start Menu lets you try all the apps (I use the Office apps which are every bit equivalent to Word and Excel, etc, and will save files in Microsoft format like .DOCX).
Take a few weeks poking around, you will likely see that it's not a big learning curve.
This may finally push me over the edge. I have resisted because of the learning curve but I have grown increasingly disgruntled. Thanks.
ReplyDeleteHow secure is the Apple operating system? Better than windows but still has backdoors? If so can I run Linix on a Macbook pro?
ReplyDeleteRichard, thanks. I have a post tomorrow about "Why Linux Mint"
ReplyDeleteJuvat, MacOS is solid. There's a lot less bloatware.
You can run Linux on a Macbook but it's probably not worth it until the computer is end-of-life.
I spent 20+ years in IT/MIS. In the latter years my customers were asking about "the cloud". I'd explain to them, when your data is on the cloud the owner of the cloud owns your data, and can, at their whim cut you off. Some opted for the cloud, most, especially the law firms did not, understanding the ramifications. Microsoft, I supported MS products, but left them for Linux in 2006 and haven't looked back.
ReplyDeleteI posted this over at Bustednuckles. I too am going to traverse to Linux very soon. I am letting my local computer guru do it at his shop as I have some proprietary medical software(it is compatible with Linux) do teh chore so it is seamless. I am tired of microsoft win 10 and it's overlord win 11, and it's intrusiveness in having me convert to win 11 everyday I get a big ad before my browsers load asking me to switch and that is even before I would agree to use it as it is obnoxious!
ReplyDeleteStarted using Linux last century ( Mint since it came out and Brave browser) Load a version on a thumb drive and take it for a ride. Learning curve can't be that hard. I have programs (Often free) for anything I need to do.
ReplyDeleteI've been running Linux since 1995. I still keep a Windows 7 PC for some Ham Radio software, but everything else is Linux.
ReplyDeleteIf you can run Windows, Linux is not that hard. I use Linux Mint but you may have other needs. There are lots of choices. I suggest staying in the top 20 of Distrowatch.com if you're starting new.
ReplyDeleteI noticed Windows propensity for slurping personal data. Now, I keep my active data files on Network Accessed Storage (Fancy name for a flash drive plugged into the back of the router). This data gets backed up periodically to an external hard drive that is only turned on for backup.
Thanks for the link BP! And yes, imagine your HIPAA or financials getting on the web, much less your 'secure' or 'classified' information.
ReplyDeleteI dabbled in Linux in years past and had a couple of desktops and a laptop running Ubuntu and Linux Mint. Worked fine for me, but the resistance was strong. Now I have a laptop with windows as our only computer, as that is what my most dearest demands. I may have to reconsider.
ReplyDeleteThanks for that website Borepatch as I am looking at some other distributions than Ubuntu. I am an intermediate Linux user and have been using it since 1994 when someone loaned me a CD with a release on it. Until my wife needed MS Office for some work we had been using Linux for our home systems. I had to use MS Windows to work from home but now am retired. The only reason I have it now is to run some Ham software that just doesn't work using WINE. I will not "upgrade" to MS Windows 11.
ReplyDeleteHi MaddMedi & BillB; One thing that has endeared me to Linux is its ability to run God-forsaken old equipment. Until something broke I could no longer replace, I used to install Linux Mint on a 12 year old netbook; mainly to see how long I could keep it going. This saved my bacon when HP abandoned my old HP printer, my Linux netbook would still run the printer when Windows would not.
ReplyDeleteI'm currently running Linux Mint on a refurbished Dell Latitude 5420 that I paid about $300 for. It's faster than the Win 11 machines.
To have a test drive a little closer to home, install "Ventoy" on a good sized, blank thumb drive. Then you can copy however many different operating system .iso files to the drive you want. Reboot from the thumb drive, and Ventoy will let you pick an operating system. It's a terrific way to see how the OS will operate on your hardware without actually installing it.
ReplyDeleteA few days ago, I was telling a friend that our PCs have gone from being the connection to the better parts of humanity to being in the worst neighborhood imaginable. I mean, they're not murdering people in front of us, but there isn't a day that I don't get a half dozen spams that are attempted robbery, and that's only the ones I'm sure of.
ReplyDeleteWhat Microsoft is doing is holding the door open for someone (their AI agent) that's going to go through my files to find anything they can profit from.
I find if I absolutely need Windows for something it's easier to run a Virtual Machine on Linux. If by some chance I get a virus while running Windumbs I just blow the VM away and restore it from an non-virus infected backup.
ReplyDeleteFor my hardware, I've had better luck with the Debian edition of Linux Mint than with the Ubuntu based version. MX Linux also works well for me.
ReplyDeleteJust FYI: some folks may find that Ubuntu's "AppArmor" security features may interfere with accessing some tools or some sites. This isn't a bad thing: AppArmor can be "tuned" locally, or turned off completely. It protects specific applications under Ubuntu, but doesn't protect the kernel itself.
ReplyDeleteFedora and Red Hat (and some others) use Security Enabled Linux (SELinux) kernels, which can be "tuned". Unlike AppArmor, SELinux protects the kernel against certain types of accesses from either external or internal locations (e.g. "read" or "write" access to kernel resources).
All Linux systems have UFW (Uncomplicated Firewall) to protect unused IP ports. This tool makes it easy to tune your system by "closing" ports to traffic - but it is a "coarse" solution.
To fine-tune network-based security, there's "iptables" which allows blocking specific IP addresses - or ranges of IP addresses - from specific IP ports - or ranges of ports.
When properly administered, these tools can "lock down" a system fairly well. Then, using a tool like "fail2ban" which continuously scans your authentication log (among other logs), you can mostly defeat brute force attacks by locking a specific IP address from using a specific network tool given amount of time.