Re: Vista beta vs. OSX

Mojo <bil_gates_fudge_packer@xxxxxxxxxxxxx> wrote:

> Check out this comparision from Paul Thurrott's Super Site for Windoze
> Note: he's comparing the Vista beta (read vaporware) to Tiger (OSX.4)
> that is here today and being in the real world by millions of Mac
> users.:-)
>
> Enjoy:
>
> http://www.winsupersite.com/showcase/winvista_beta1_vs_tiger_02.asp

excellent read. more proof MS is about to release a still born product.

Windows Vista Beta 1 vs. Mac OS X "Tiger" (Part 2)

In part one of my comparison of Windows Vista Beta 1 and Mac OS X 10.4
"Tiger," I looked at three key aspects of each system: Look and feel,
desktop search, and data visualization and organization. For the most
part, OS X came out well ahead of Windows Vista, as you'd expect, since
it's a polished finished product. Vista, meanwhile, is all knees and
elbows, an awkward teenager on its way to maturity. Microsoft will iron
out the details, I'm sure, but the end result will likely not change
much. Specifically, OS X will always be elegant, and Windows will almost
certainly lag behind in the fit and finish department. The only
questions are how much Vista will improve when compared to previous
Windows versions, and whether it will be enough to keep customers from
moving to OS X.

In this second part of the comparison, we'll look a little deeper, and
examine security, networking, and power management. Whereas the features
in the first part of the comparison where largely related to user
interface issues, this time we're dealing more with the nitty-gritty of
safety, connectivity, and productivity. Let's jump right in.

Security

Microsoft claims that Windows XP and, by extension, Windows Vista, were
architected for security, thanks to their NT roots. That claim is,
however, bogus. Windows NT was designed in the pre-Internet days, and
though the system's architecture is extensible, modern Windows versions
are further hobbled by the inclusion of the buggy and insecure IE Web
browser and other design mistakes. In short, Windows is a house of cards
that seems increasingly incapable of handling today's demands.

Mac OS X, meanwhile, was truly designed for excellent security, thanks
to its wonderful UNIX roots and clean architecture. And OS X, for
whatever its worth, benefits from its relatively small market share,
compared to Windows: Because the OS X user base is so small, few hackers
ever bother to try and attack the system. Windows, meanwhile, is a
minefield of constant hacks and attacks.

Therefore, OS X is, in many ways, more secure than Windows is today. But
Microsoft has spent the last several years re-engineering its operating
systems and applications to be more secure, and that ongoing work will
ultimately result in a system that is quite secure and more easily
securable than any of the competition. Put succinctly, Apple can't rest
on its laurels. Though some of OS X's security prowess can be chalked up
to design decisions, much of it is because it is simply based on others'
work. If hackers do turn their attentions to OS X, it's unclear whether
Apple can respond as quickly as can, say, Microsoft. The evidence thus
far is pretty damning.

So how does the security of OS X Tiger really compare with that of
Windows Vista Beta 1 and the subsequent Community Technical Previews
(CTPs)? It's a tough call. The Vista beta adds some security features
that OS X has had for years, and it does have a few niceties that OS X
lacks. But it's hard to vote against OS X here. The Vista beta, after
all, is still Windows. And though it's unlikely that pre-Beta 2 versions
of Windows Vista will be targeted by a wide range of hackers, future
releases most certainly will be. So in some ways, any discussion of
security now is somewhat academic. We'll have to see how Windows Vista
fares in the real world when it's released.

All that said, we can at least compare some of the more important
security features from each release.

Logon

Windows Vista, like XP before it, offers a Welcome screen for logging on
to user accounts, by default, in non-managed environments. Optionally,
you can switch this to the old fashioned Logon window style of signing
in, which is the standard for managed environments. This is the screen
where you need to hit CTRL+ALT+DEL to enter your logon credentials.

It's hard to see where Microsoft is heading with the logon procedure in
Vista. In XP, you can set up four user accounts during initial machine
set up, all of which are administrative accounts without any passwords.
In Vista Beta 1, however, you don't yet have the chance to create user
accounts during setup, because this feature hasn't been implemented yet.
So you have to logon initially with the Administrator account, for which
you cannot specify a password during interactive setup. Lovely.

Tiger, meanwhile, is secure out of the box with regards to user
accounts. That's because OS X supports a better native security model
than does Windows. In OS X, the root account (which is the equivalent of
the Administrator account on a Windows system) is disabled by default.
And even those user accounts with administrator-level privileges are
safer thanks to a graphical version of the UNIX "sudo" command, which
provides an authentication dialog box any time you try to do something
that could harm the system (Figure). You provide an admin-level user
name and password (which in most cases will be identical to the account
you used to logon to the system in the first place) and the
authentication is granted for just that single act. For all other
actions, the system reverts to your standard user-level access.

Not surprisingly, Microsoft is copying this system for use in Windows
Vista. So Windows users will soon see the same kinds of authentication
dialogs (Figure) in Windows as we see now in OS X. There are just a few
problems with doing so this late in the Windows life cycle. First,
Windows was never designed to accommodate this type of authentication
process, so the entire system has to be retrofitted to work with user
lowered permission levels and pop-up the dialogs when needed. Second,
and perhaps most damagingly, the millions of available Windows
applications out there today all assume that the user has total control
of the system. So Vista will have to be kludged in an unprecedented way
to accommodate backwards compatibility. The way it will do so is messy,
and involves virtual folder structures that fool legacy applications
into believing that they are accessing an older Windows version.

Comparing that system with the cleanly designed OS X is almost comical.
If Microsoft can pull it off--and this is an uncertainty at this
writing--Windows will finally pick up security functionality that the
Mac has enjoyed for years. My educated guess is that Vista won't be as
secure as OS X, however, because cobbled together systems are rarely as
foolproof as those that were designed correctly from the start.

Parental controls

One area in which Apple has done a commendable job is parental controls,
which let parents set up and manage user accounts for their children. In
Tiger, you can turn on and configure parental controls for a variety of
system components, including Mail, Finder & System, iChat, Safari, and
Dictionary (Figure). For example, if you turn on parental controls for
Mail, you can configure exactly which people (email addresses) your
children can correspond with and optionally send you permission emails
when the child attempts to contact someone else (Figure). If you
configure the Finder & System parental controls, you'll see a wide
variety of options including a Simple Finder, and a list of acceptable
applications (Figure).

Windows XP has nothing like this, but Microsoft is jumping on board the
parental controls bandwagon with Windows Vista. Now, when you create a
new account, you can choose from Computer administrator and Limited user
as before, but you can also choose to enforce parental controls and
collect computer usage information about that user (Figure). Right now,
there isn't a lot to configure, per se. Microsoft has built in a
facility for controlling video game accessibility based on industry
standard content ratings, but that's about it (Figure).

Because it's not yet clear how pervasive Vista's support of parental
controls will be, I can't really compare it accurately to OS X yet. But
give Apple credit for delivering on parental controls well ahead of
Microsoft.

Data encryption

Both Windows Vista and OS X offer a way for users to encrypt data on the
hard disk, preventing data theft in the event that a system is
physically stolen, and the hard disk is removed and placed in another
system. The encryption facilities in OS X are bare bones, while Windows
Vista (like XP before it) offers a much more well-rounded solution.

In Windows Vista betas, you have a variety of encryption options. In the
past, Windows supported the Encrypting File System (EFS), a feature of
NTFS, which allows users to arbitrarily encrypt the contents of any
folders on the disk. To do so, you must select a folder in Windows
Explorer, right-click it, choose Properties from the pop-up menu, and
then click the Advanced button in the Properties dialog that appears.
Then, you click the choice labeled "Encrypt contents to secure data"
(Figure). When you apply this change, Windows will ask you whether you
want to apply that change to just the current folder, or to all of the
subfolders and files it contains as well. Any files and folders you copy
into that folder, or create within that folder, will be encrypted as
well. And if you copy encrypted data out of that folder to another
location on your hard drive or the network, it will be unencrypted.

EFS is a great solution, but Windows Vista goes it one better with full
volume encryption, which is part of Microsoft's Secure Startup
technology. Available in the Enterprise and Ultimate editions of Windows
Vista (see my Windows Vista Product Editions showcase for more
information), Secure Startup requires a Trusted Platform Module
(TPM)-based chipset on the PC motherboard and protects the entire hard
disk. As you might expect, the feature is aimed largely at enterprises
whose employees work on critical corporate data.

On the OS X side, Apple offers a feature called File Vault that secures
your entire home directory with encryption (Figure). The theory here is
the same: If the computer gets stolen, thieves can't access your private
data. However, File Vault isn't exactly granular. It's either on or off,
and you can't specify which folders to protect; it just protects the
entire home folder. The reason this can be a problem is that encrypted
files need to be decrypted on the fly, which can be a time consuming
process. Microsoft's EFS, though somewhat hidden in the Windows UI,
offers more options.

Firewall and system services

While both Windows Vista and OS X Tiger include personal firewalls, only
the firewall in Windows is turned on by default. This is somewhat
curious, given the high profile problems Windows XP users faced before
Microsoft turned on its firewall with the release of XP Service Pack 2
(SP2) in 2004. The OS X Tiger firewall is easily enabled, but you have
to find it first, and it's not clear at first glance where you'll find
it in System Preferences. It turns out it's hiding in Sharing, and not
the more obvious Security or Network options.

In any event, Apple does a good job of disabling unnecessary or
potentially dangerous system services when an OS X system starts up. All
network services, for example, are disabled by default. Too, Apple uses
a Keychain feature to protect different credentials in a single,
encrypted location. The system Microsoft uses for storing credentials is
bizarre because it's dependent in part on which edition of Windows you
are using (XP Home and the other editions handle this differently) and
whether you're using Active Directory. Looking forward, it's clear that
users will need to store more, not fewer, passwords and other
credentials. A system like Keychain would be a huge boon for Windows
users, but I don't see anything like that happening (at least not yet)
in the Vista betas.

Anti-malware, or stuff Windows needs that OS X does not

Part of me wants to laud Microsoft for adding anti-malware, antivirus,
and antispyware features to Windows Vista. I've always argued that this
sort of technology, unlike say, Windows Movie Maker, should be included
in the base OS. But you have to kind of wonder why Windows users need so
much help. Why is it that Windows Vista has to have all these
facilities, plus Internet Explorer 7's Protected Mode, the new user
security system, and all the other neat security features that Microsoft
is adding? Is Microsoft really charging users for better security?

Yeah, actually, they are. But before anyone gets all excited about that
fact, remember that security companies like Symantec and McAfee have
been making millions of dollars off Windows users for decades. It was
only a matter of time before Microsoft added this functionality to the
OS. Those companies knew this day was coming.

That OS X needs none of the security refinements that Microsoft has been
forced to add to Windows Vista is somewhat telling. As I noted earlier,
OS X is more secure than Windows for two basic reasons: It has an
excellent and proven security model, and because it's less-used than
Windows, it's a much smaller attack target. But the fact remains that no
one has ever written a successful virus for OS X. I wish the same could
be true of Windows Vista. But it won't be, now will it?

It would be irresponsible of Microsoft to not add extensive new security
features to Windows Vista. I just think it's a shame that the system
needs these features in the first place.

Security updates

Both Microsoft and Apple provide regular security updates via an
automated or semi-automated OS-level service. Curiously, Microsoft has a
much better record than Apple in this category, and has actually
pioneered OS self-updating with Windows Update, Automatic Update,
Software Update Services (SUS), and, most recently, with Microsoft
Update. In the Windows space, Windows Update and Microsoft Update are
essentially the manual software updating tools, providing users with
access to critical security updates as well as less critical updates
such as new versions of Windows Media Player. Automatic Updates (AU), of
course, is the service that will automatically download and (optionally)
install critical security updates as they become available. Windows
Update and Microsoft Update are actually ActiveX-based Web sites, which
is most bizarre. This type of critical service should be native to the
system, and not be based on exploitable Web code, in my opinion. That
said, I'm unaware of any successful Windows Update spoofing attacks.

On the OS X side, all of this work is handled through the Software
Update application. While you can check Software Update for new updates
manually, you can also configure it to check for updates on a regular
basis (say, daily) and download important updates in the background
while your working, just like AU. However, Software Update cannot be
configured to automatically install security updates, which I find
somewhat confusing.

Configured correctly, Software Update will alert you when new updates
are ready to be installed, whether they are security updates or minor
changes to iTunes.
Final security thoughts

In short, Mac OS X is more secure than Windows today, and will likely
remain so even after Windows Vista is released. That said, Microsoft is
making some valuable and concrete changes to Windows Vista with regards
to security, and while it remains to be seen how this system will fare
in the real world, I have little doubt that Vista will be far more
secure than its predecessors.

Networking

Both OS X and Windows include powerful networking features that make the
systems equally valuable for home and corporate networks. And both Apple
and Microsoft offer competing technologies that seek to make it easier
to discover and access devices that are connected to a network. For
example, Microsoft has pushed an ill-fated technology called Universal
Plug-n-Play (UPnP), while Apple has touted a similar technology called
Bonjour (previously called Rendezvous). I'm not so much concerned here
about the low-level networking features that both OSes offer--I think we
can all agree that both Windows and OS X support TCP/IP reasonably well,
for example. No, I'm more concerned with home each system exposes
networking functionality to the user.

Let's take an obvious example. I have a wireless network at home and I'd
like to get both a Windows Vista-based notebook and an Apple PowerBook
connected to it. Which is "easier" will depend largely on your
definition of ease-of-use. Windows Vista, like it's predecessor, is
notification-heavy, providing you with constant updates on the state of
the wireless network, which often makes me think that it's going on and
offline all the time. Meanwhile, OS X is quiet about wireless
networking. If the system spies a network to which it can connect, it
will do so, and quietly. The only indication you'll get that anything
happened is that the wireless networking menu item will change to
indicate the connection.

As with everything Windows, the wireless networking tray icon in Windows
Vista is a front-end to a wide range of functionality. If you click it
or double-click it, you'll get the Status dialog box for that connection
(Figure). From here, you can also link to the Wireless Network
Connection applet that debuted in XP SP2 (Figure). If you right-click on
it, you can access various options (enable, disable, repair, status),
launch the Wireless Network Connection applet, change Windows Firewall
settings, or open Network Connections, through which you manage all of
the wired and wireless connections on your system (Figure). Whew.

OS X, by comparison, is much simpler. If you click the wireless
networking menu item, you'll get a drop-down menu to enable and disable
the wireless networking adapter (called Airport), choose which wireless
network to which to connect, create a new wireless network, and so on
(Figure). Simple. Plus, there's one thing OS X can do that Windows
can't: Share a wired Internet connection via wireless. Why that's
impossible on Windows, I'll never understand.

Mac OS X can also easily access network shares on Windows PCs and
servers, though I don't quite get why the system can't supply simple
shortcuts to the actual shares. Instead, you can navigate Windows
networks and machines directly from the Finder. But when you want to
access individual shares, you do so from a weird Connect dialog. It
would be handy if this were more integrated into the system, as is the
handy Network special shell folder in Windows Vista (called My Network
Places in XP), which lists all of your locally available shares by
default.

The fact that OS X can access Windows shares at all is, of course,
excellent. So I'm nitpicking here. Overall, I'd say that both Vista and
OS X offer excellent networking capabilities, as you would expect of any
modern OS.

Power management

Both Windows and Mac OS X also offer a wide range of power management
options. However, OS X has always had an advantage in one key area: When
a Mac system goes to sleep, say when a user closes the lid on his
PowerBook, the system goes to sleep instantly. And when that system is
woken up, again, the change, again, is instant. This is most decidedly
not the case with Windows. That said, Windows does offer a Hibernation
mode that is quite handy, especially for notebook users: When configured
to enter Hibernation mode, a Windows system writes the contents of RAM
to the disk and then restores that RAM image when the system is
"restarted." The end result is a system that boots more quickly than it
would from a cold start, and one that is still running all of the
applications that were running when it went into Hibernation. Another
advantage of Hibernation is that, unlike Sleep mode, it doesn't trickle
down the battery. Your system is literally off when it goes into
Hibernation.

In Windows Vista, Microsoft is attempting to get the best of both
worlds. In addition to all of the power management features it offered
in previous Windows versions, Microsoft is adding two key features to
Vista that will make it particularly appealing to road warriors. First,
Vista will include an instant-on function that will return Sleeping
system to a usable state in about 2 seconds, or roughly on par with Mac
OS X systems. Second, Microsoft is bundling a new Mobility Center
control panel (Figure) in Vista that seeks to combine all of the
functionality PC makers had been providing in those bizarre third-party
mobility management applications. In its current form, Mobility Center
is rough-edged, but we'll see how it develops over time.

Microsoft has also changed the way a mobile PC notifies users of power
management functionality in Vista. The new Power Management notification
icon in the system tray, confusingly, provides access to four different
interfaces (seriously). If you mouse-over it, you'll see a pop-up window
describing power consumption (Figure). If you single click it, a
different pop-up will appear, letting you select a power plan (Figure).
If you double-click it, the confusing new Power Options dialog appears
(Figure). And if you right-click it, you'll get a contextual menu
providing access to options confusingly named Power Options and
Properties. Sigh.

Power management in OS X is much more straightforward. Mac portable
systems typically display a battery status meter in the menu bar, which
provides you with the amount of charge left or, when plugged in, the
amount of time left until the system is fully charged (Figure). Power
management options are configured in the Energy Saver preferences panel,
which lets you choose between plain English modes like Better
Performance and Better Energy Savings, or fine-tune power management for
both battery-based and plugged-in systems (Figure).

Overall, I find Mac OS X to be easier to use with regards to power
management, and I give Apple the nod for its instant-on/instant-off
functionality. That said, I use Hibernation exclusively on my PC laptops
and love it. If Microsoft can pull off instant-on in Windows Vista, then
that system will be at least as functional as OS X, if not as good
looking.

So what have we learned here? Once again, the maturity and refinement in
OS X has won out over the still-in-development Windows Vista. This
shouldn't surprise anyone really, and of course Vista can only improve
over time. At some point, however, features will be frozen and we'll
know where the two systems stand. At that point, it might be fun to
update this comparison. But we're not done yet, of course: In part 3,
I'll examine the different printing architectures employed by each OS,
the unique features found only in Windows Vista, and the unique OS X
Tiger features that Windows lacks. And then we can declare a winner, of
sorts, at least until we have a more feature-complete version of Windows
Vista to evaluate.
.

Loading