Re: [Bulk] Re: For me, OpenBSD is the operating system that "just works".
On 30 April 2011 22:21, Mark Felder wrote: >> You're missing the point. > > I don't see what your point is at all. You're argument is basically like saying, "Well, I can't stop drunk people and other incompetents from driving, so there's no point in even trying to do the things that are within my power to drive safer. I mean, really, if you can't keep drunks off the road, then you may as well either never drive if you really want to be safe, or accept that you're taking risks and drive drunk too!" Or hey, we can't prevent the spread of disease no matter what, short of staying in isolation, so why bother washing our hands? And hey, we can't stop the people upriver from polluting our river with all kinds of nasty pesticides and fertilizers, so why even bother trying to grow as organically as we can? Let's just get some of Monsanto's Roundup-Ready Soy over here and douse it with several herbicides, and use lots of fertilizers and pesticides. Because even if we use normal, non-GMO plants and don't use weird pesticides and herbicides and fertilizers and do good things like crop rotation and not monocropping, we can't prevent the people upriver from contaminating our crops! I reject that. > The whole time you've been asking for > block level encryption that is cross platform instead of addressing why > using an encrypted archive for transportation is not sufficient. This should > cover 99% of your needs. They're better than nothing, but they're a mess and often fail to encrypt metadata. The primary purpose of compression tools is to compress things, encryption is just added in as an afterthought sometimes. If you have too many files and it's just too > inconvenient to use an archive then why not have the files on a secured > server with an encrypted disk and have them get the files over HTTPS or > SFTP? Either way the files will end up unencrypted on the other person's > computer whether you like it or not. > > > Regards, > > > Mark Because it's Chimayo where the farmers are more concerned about water rights than internet connections, and the internet is subsequently not suitable for running a server off of.
Re: [Bulk] Re: For me, OpenBSD is the operating system that "just works".
You're missing the point. I don't see what your point is at all. The whole time you've been asking for block level encryption that is cross platform instead of addressing why using an encrypted archive for transportation is not sufficient. This should cover 99% of your needs. If you have too many files and it's just too inconvenient to use an archive then why not have the files on a secured server with an encrypted disk and have them get the files over HTTPS or SFTP? Either way the files will end up unencrypted on the other person's computer whether you like it or not. Regards, Mark
Re: [Bulk] Re: For me, OpenBSD is the operating system that "just works".
On 30 April 2011 18:38, Kevin Chadwick wrote: > On Sat, 30 Apr 2011 14:31:37 -0400 > Kraktus wrote: > >> If Eve did know about cracking into Windows computers, then of course >> Alice's plan would be foiled unless she could persuade Bob to switch >> to a better operating system -- not likely, since he's so stubborn -- >> or waited for him to come to her, which could easily take several >> months given how busy he is. > > How about a bootable openbsd usb which asks for the key on boot up. You know, that's a really good idea. And for the stated purpose, it wouldn't really matter if OpenBSD supported the network card, or the cd drive; as long as it supported the hardware well enough to boot to a nice shell, which should cover a wide variety of computers, this should work. On Sat, 30 Apr 2011 13:31:37 -0500, Kraktus wrote: >>Try to imagine a more mundane scenario. > Mark Felder wrote: > All of your scenarios are ridiculous. Just share the files in an encrypted > archive and get over it. > Any time you allow your "super secret" files to exist on a computer you don't > own or maintain > you cannot be sure the files have not been compromised. It doesn't matter if > a cross platform > block level encryption exists -- if you're allowing the files to be decrypted > by an OS you don't > run you might as well assume the files have been compromised on some level. > Just because > they're block level encrypted doesn't mean it's impossible for a > rootkit/trojan running with root > privs to read those files once Bob decrypts them so he can read them. You're missing the point. Just because there are security aspects outside your control (e.g. Bob's poor choice of operating system) doesn't mean you should totally give up on those security aspects in your control (e.g. Alice's operating system, whether or not the data is encrypted during transit). Rookit/spyware/trojan is often the result of a remote attacker. Encryption is for local attackers. Okay, so Bob's choice prevents Alice from having much chance at all of being able to protect against remote attackers. That doesn't prevent her from protecting her data against Eve, the meth addict and strictly local attacker, while taking her data to Bob. Now, maybe scenarios like that don't arise in a corporate situation where the corporation gets to decide everyone's operating system and can force everyone to use OpenBSD if they want to. But they do arise in personal situations for those of us who use OpenBSD in our personal lives.
Re: For me, OpenBSD is the operating system that "just works".
On Sat, 30 Apr 2011 13:31:37 -0500, Kraktus wrote: Try to imagine a more mundane scenario. All of your scenarios are ridiculous. Just share the files in an encrypted archive and get over it. Any time you allow your "super secret" files to exist on a computer you don't own or maintain you cannot be sure the files have not been compromised. It doesn't matter if a cross platform block level encryption exists -- if you're allowing the files to be decrypted by an OS you don't run you might as well assume the files have been compromised on some level. Just because they're block level encrypted doesn't mean it's impossible for a rootkit/trojan running with root privs to read those files once Bob decrypts them so he can read them.
Re: [Bulk] Re: For me, OpenBSD is the operating system that "just works".
On Sat, 30 Apr 2011 14:31:37 -0400 Kraktus wrote: > If Eve did know about cracking into Windows computers, then of course > Alice's plan would be foiled unless she could persuade Bob to switch > to a better operating system -- not likely, since he's so stubborn -- > or waited for him to come to her, which could easily take several > months given how busy he is. How about a bootable openbsd usb which asks for the key on boot up.
Re: For me, OpenBSD is the operating system that "just works".
On 30 April 2011 13:50, Kraktus wrote: > On 30/04/2011, Kevin Chadwick wrote: >> On Sat, 30 Apr 2011 12:04:32 -0400 >> Kraktus wrote: >> >>> What the encrypted external drive *does* do is protect me from a thief >>> who jumps me along the way, while I am carrying the data. >> >> In which case vnconfig and bioctl are just fine. You seem to be jumping >> about, you can use the following for portability two of which you've >> now mentioned. I'm not sure what you're getting at except you can only >> trust yourself, maybe or are you just hoping for some insight. >> All the products for windows I've seen (so far) have flaws >> (even ignoring network attacks), a users/managers job is to realise and >> manage them. Ah! you're thinking corporate. Try to imagine a more mundane scenario. Alice uses OpenBSD on her home computer. She is not running a server. She has this awesome secret recipe for macaroni and cheese, and she wants to share it with her cousin, Bob. Her cousin Bob is very busy and does not have time to come and see her, so she has to go and see him. Unfortunately, Bob is not security-minded and is running Windows. (Or perhaps, if she's lucky, he's running Mac or Ubuntu.) Alice's computer is a big heavy desktop that is not easy to transport. Alice decides to put her secret recipe for macaroni and cheese on a USB drive formatted with ext2 or FAT32, because both OpenBSD and Windows can read those file systems. Alice is afraid that Eve might try to steal her secret macaroni and cheese recipe to support Eve's meth addiction. Eve, being a brain-damaged meth addict, doesn't know about cracking, not even into Windows, so she's going to try to steal the USB drive and mount it on her own computer. Alice wants to prevent Eve from being able to do this, so she encrypts the recipe with GPG. However, a few months later, Alice has 511 secret recipes she wants to take to her cousin Bob. Encrypting them individually is too much trouble. She wants block-level encryption, and, due to the lack of cross-platform block-level encryption software available, settles on a hardware solution. She makes two trips to avoid transporting the data and the key at the same time. If Eve did know about cracking into Windows computers, then of course Alice's plan would be foiled unless she could persuade Bob to switch to a better operating system -- not likely, since he's so stubborn -- or waited for him to come to her, which could easily take several months given how busy he is. > If my friend uses OpenBSD too. Well, I could dream. > >> Openssl is pretty cross platform but AES. Windows + encryption, >> is there any point. > > Sure, if transporting the data over the internet rather than physically. > > Sure there's a point. I can't stop people from using Windows, as much > as I may want to, and encryption at least helps against a local > attacker while the otherwise untrustworthy Windows computer is off. It > also helps while the USB drive transporting data is off. To protect > you against that thief who jumps you on the way there who is hoping > for data he can sell to support his drug habits. Okay, he can still > reformat and sell the physical drive, but at least he can't try to > sell your data if it's encrypted. > >> If you think so maybe in specific scenarios, then I don't know how >> difficult truecrypt would be to port. > > Impossible, given that the Truecrypt license looks like it was written > by someone who likes suing people. It would be easier to port softraid > to Windows, because unlike Truecrypt, softraid is under a friendly BSD > license. Of course, that would require actually knowledge of > programming on Windows, but at least a person wouldn't be sued for the > mere attempt. There are other things that are also under much > friendlier licenses than Truecrypt. I think dm-crypt has already sort > of been ported to Windows, and it's probably GPL. > >> There's always gpg ready to go in ports and available for windows. > > True. There's also some zip programs that also offer encryption. > That's all file-by-file. It's just a shame that there's no > cross-platform block-level encryption programs, unless you resort to > hardware solutions. Well, technology moves fast; maybe I'll get my > wish in five years or so.
Re: For me, OpenBSD is the operating system that "just works".
On 30/04/2011, Kevin Chadwick wrote: > On Sat, 30 Apr 2011 17:11:21 +0200 > Thomas de Grivel wrote: > >> 2011/4/29 Kraktus >> >> > On 28/04/2011, Kevin Chadwick wrote: >> > > On Wed, 27 Apr 2011 18:56:57 -0400 >> > > Kraktus wrote: >> > > >> > >> So, I think OpenBSD tops the list of operating systems that "just >> > >> work". The only thing I really wish for is more encryption options >> > >> for >> > >> softraid. > >> >> I don't understand what makes you feel more secure giving access to your >> private data to an untrusted OS ? Once you hand the key it's just like an >> unencrypted block device, right ? Or do you have some magic userland >> preventing kernel from seeing your decrypted data because your heap is >> encrypted too ? lol >> > > I figured similar but after a couple of looks back I guessed! he meant a > restricted ssh account to access the data in his home that isn't > encrypted. That's perfectly doable now with vnconfig for blowfish or > bioctl for aes?? No, I just meant there are a multitude of different threat models. Not all attackers are remote. Some of them are local. You know, the thief who breaks into your house, grabs the computer, and proceeds to mount the filesystems on your hard disks from his own hard disk running his own operating system, where he is root or administrator or whatever. At this point, OpenBSD is moot, since your OpenBSD isn't running, his operating system is running. Or the jealous wife of the guy who invited himself over for dinner one time, without telling you he had a wife, and said wife thinks that just because of that you must be sleeping with her husband, and subsequently breaks into your house and steals your computer to search for evidence. Or the guy who things your husband cuckolded him with his wife, breaks in, steals the shared computer, and tries to look at your husband's Windows partition. (Reverse the genders if you are male.) Or the thief who jumps you while you are carrying data to your friend's computer. Local attackers. So you want to encrypt the data so that, while said data is not in use, the local attacker just sees a bunch of gibberish. Except sometimes data needs to be shared with people who use other operating systems, unfortunately, and then you need cross-platform encryption. >> Come on, encrypting disks comes only a long time after securing the system >> itself, trusting your private data wont help you trust the OS. > > Your firefox profile may well be writeable under the above scenario > which may? later help give away your key. Well, sure, there's lots of attacks against different types of encryption depending on the specifics of the situation. And only a subset of people and organizations, e.g. the NSA, are in any position to perform many of those attacks.
Re: For me, OpenBSD is the operating system that "just works".
On Sat, 30 Apr 2011 12:04:32 -0400 Kraktus wrote: > What the encrypted external drive *does* do is protect me from a thief > who jumps me along the way, while I am carrying the data. In which case vnconfig and bioctl are just fine. You seem to be jumping about, you can use the following for portability two of which you've now mentioned. I'm not sure what you're getting at except you can only trust yourself, maybe or are you just hoping for some insight. All the products for windows I've seen (so far) have flaws (even ignoring network attacks), a users/managers job is to realise and manage them. Openssl is pretty cross platform but AES. Windows + encryption, is there any point. If you think so maybe in specific scenarios, then I don't know how difficult truecrypt would be to port. There's always gpg ready to go in ports and available for windows.
Re: For me, OpenBSD is the operating system that "just works".
On 30/04/2011, Thomas de Grivel wrote: > 2011/4/29 Kraktus > >> On 28/04/2011, Kevin Chadwick wrote: >> > On Wed, 27 Apr 2011 18:56:57 -0400 >> > Kraktus wrote: >> > >> >> So, I think OpenBSD tops the list of operating systems that "just >> >> work". The only thing I really wish for is more encryption options for >> >> softraid. >> > >> > And more people using OpenBSD, so the data I send to them is more >> > secure. :-) >> >> And so I don't have to spend so much time repairing other people's >> computers, or having to feel so insecure when borrowing others' >> computers. >> >> Imagine walking into a library, signing up to use a computer, and >> being greeted by a friendly OpenBSD login screen. Or even a FreeBSD >> one. Or even a Linux one. Or just something that isn't Windows. But of >> course, that's just a dream. >> >> Which is why it would really be nice to have cross-platform >> block-level software encryption. Sometimes it is necessary to use a >> computer you don't have control over, and be able to access at least >> some of your data from that computer. Multi-booting is also sometimes >> unavoidable, e.g. if your employer requires you to use Photoshop, you >> really want to learn a foreign language with commercial software, or >> whatever the situation is. >> >> I've been looking into hardware solutions recently. A few examples: >> http://www.addonics.com/products/diamond_cipher/ >> http://www.addonics.com/products/cipher/CCEXA256.asp >> Hitachi's full disk encryption for laptop drives (really hard to find; >> manufacturers advertise the encrypted drive, but when it arrives in >> the mail, it turns out to be the unencrypted, freely-exportable >> version) >> >> The first would help for moving encrypted data between different >> computers running different operating systems; the second and third >> would help for encrypting a multi-boot computer but still allowing the >> different OSes to read each others' file systems. Unfortunately, >> there's some obvious weaknesses. In many ways, the Addonics key, being >> on a physical medium, has many of the same vulnerabilities as your >> house key. Unless you can shell out a grand to be able to generate and >> replicate your own keys, or reverse engineer the formatting so you can >> do it from OpenBSD, you're stuck letting them generate the key and >> make the copies. Unlike a password stored in your memory, it can be >> lost/stolen. (Of course, your memory might have limits on how strong a >> password you can remember, so the ideal would be to require both a >> strong key stored on a physical medium, *and* a user-remembered >> password, which could be accomplished either by encrypting the key >> with the password, or else by layering a physical-key based encryption >> and a password-based encryption.) It's probably either ECB or CBC, >> neither of which is particularly impressive. As for the Hitachi >> encryption, the length of the password is severely limited by your >> BIOS. In fact, your BIOS might not even let you enter a password. >> Also, every hardware-based encryption system I've seen is either AES >> or something even older and weaker, so if you want Twofish or >> Threefish, you can only get that from software, so far as I know. >> > > I don't understand what makes you feel more secure giving access to your > private data to an untrusted OS ? Once you hand the key it's just like an > unencrypted block device, right ? Or do you have some magic userland > preventing kernel from seeing your decrypted data because your heap is > encrypted too ? lol > > Come on, encrypting disks comes only a long time after securing the system > itself, trusting your private data wont help you trust the OS. Now quit > bragging around with technical words and go read some actual books. Not tech > specs. > > -- > Thomas de Grivel > http://b.lowh.net/billitch/ The OS helps against remote attackers. The encryption is for local attackers, and even then only if they try to attack when you aren't actually using the data. (You know, sneakily, rather than jumping you while you're using the computer.) (It only helps against remote attackers when you aren't actually using it, or, more to the point, haven't typed in your password or inserted the key or whatever.) So, in short, encryption doesn't make me feel any safer against remote attackers, or even local ones who jump you while using the computer. Okay, so suppose I write up a story while using OpenBSD and want to show it to someone, but I have to travel to meet that person. So I need to put the story on some sort of portable medium: a cd, usb drive, or whatever. Unfortunately, that person is a Windows user, and Windows can't read softraid encypted volumes. So I use a hardware solution. True, the encryption won't protect me once my story hits Windows. Unless my friend uses Truecrypt or Bitlocker or something, which they probably don't, the best I can do is try to make my story only hit their RAM (where it will be decrypted
Re: For me, OpenBSD is the operating system that "just works".
On Sat, 30 Apr 2011 17:11:21 +0200 Thomas de Grivel wrote: > 2011/4/29 Kraktus > > > On 28/04/2011, Kevin Chadwick wrote: > > > On Wed, 27 Apr 2011 18:56:57 -0400 > > > Kraktus wrote: > > > > > >> So, I think OpenBSD tops the list of operating systems that "just > > >> work". The only thing I really wish for is more encryption options for > > >> softraid. > > I don't understand what makes you feel more secure giving access to your > private data to an untrusted OS ? Once you hand the key it's just like an > unencrypted block device, right ? Or do you have some magic userland > preventing kernel from seeing your decrypted data because your heap is > encrypted too ? lol > I figured similar but after a couple of looks back I guessed! he meant a restricted ssh account to access the data in his home that isn't encrypted. That's perfectly doable now with vnconfig for blowfish or bioctl for aes?? > Come on, encrypting disks comes only a long time after securing the system > itself, trusting your private data wont help you trust the OS. Your firefox profile may well be writeable under the above scenario which may? later help give away your key.
Re: For me, OpenBSD is the operating system that "just works".
2011/4/29 Kraktus > On 28/04/2011, Kevin Chadwick wrote: > > On Wed, 27 Apr 2011 18:56:57 -0400 > > Kraktus wrote: > > > >> So, I think OpenBSD tops the list of operating systems that "just > >> work". The only thing I really wish for is more encryption options for > >> softraid. > > > > And more people using OpenBSD, so the data I send to them is more > > secure. :-) > > And so I don't have to spend so much time repairing other people's > computers, or having to feel so insecure when borrowing others' > computers. > > Imagine walking into a library, signing up to use a computer, and > being greeted by a friendly OpenBSD login screen. Or even a FreeBSD > one. Or even a Linux one. Or just something that isn't Windows. But of > course, that's just a dream. > > Which is why it would really be nice to have cross-platform > block-level software encryption. Sometimes it is necessary to use a > computer you don't have control over, and be able to access at least > some of your data from that computer. Multi-booting is also sometimes > unavoidable, e.g. if your employer requires you to use Photoshop, you > really want to learn a foreign language with commercial software, or > whatever the situation is. > > I've been looking into hardware solutions recently. A few examples: > http://www.addonics.com/products/diamond_cipher/ > http://www.addonics.com/products/cipher/CCEXA256.asp > Hitachi's full disk encryption for laptop drives (really hard to find; > manufacturers advertise the encrypted drive, but when it arrives in > the mail, it turns out to be the unencrypted, freely-exportable > version) > > The first would help for moving encrypted data between different > computers running different operating systems; the second and third > would help for encrypting a multi-boot computer but still allowing the > different OSes to read each others' file systems. Unfortunately, > there's some obvious weaknesses. In many ways, the Addonics key, being > on a physical medium, has many of the same vulnerabilities as your > house key. Unless you can shell out a grand to be able to generate and > replicate your own keys, or reverse engineer the formatting so you can > do it from OpenBSD, you're stuck letting them generate the key and > make the copies. Unlike a password stored in your memory, it can be > lost/stolen. (Of course, your memory might have limits on how strong a > password you can remember, so the ideal would be to require both a > strong key stored on a physical medium, *and* a user-remembered > password, which could be accomplished either by encrypting the key > with the password, or else by layering a physical-key based encryption > and a password-based encryption.) It's probably either ECB or CBC, > neither of which is particularly impressive. As for the Hitachi > encryption, the length of the password is severely limited by your > BIOS. In fact, your BIOS might not even let you enter a password. > Also, every hardware-based encryption system I've seen is either AES > or something even older and weaker, so if you want Twofish or > Threefish, you can only get that from software, so far as I know. > I don't understand what makes you feel more secure giving access to your private data to an untrusted OS ? Once you hand the key it's just like an unencrypted block device, right ? Or do you have some magic userland preventing kernel from seeing your decrypted data because your heap is encrypted too ? lol Come on, encrypting disks comes only a long time after securing the system itself, trusting your private data wont help you trust the OS. Now quit bragging around with technical words and go read some actual books. Not tech specs. -- Thomas de Grivel http://b.lowh.net/billitch/
Re: For me, OpenBSD is the operating system that "just works".
On 28/04/2011, Kevin Chadwick wrote: > On Wed, 27 Apr 2011 18:56:57 -0400 > Kraktus wrote: > >> So, I think OpenBSD tops the list of operating systems that "just >> work". The only thing I really wish for is more encryption options for >> softraid. > > And more people using OpenBSD, so the data I send to them is more > secure. :-) And so I don't have to spend so much time repairing other people's computers, or having to feel so insecure when borrowing others' computers. Imagine walking into a library, signing up to use a computer, and being greeted by a friendly OpenBSD login screen. Or even a FreeBSD one. Or even a Linux one. Or just something that isn't Windows. But of course, that's just a dream. Which is why it would really be nice to have cross-platform block-level software encryption. Sometimes it is necessary to use a computer you don't have control over, and be able to access at least some of your data from that computer. Multi-booting is also sometimes unavoidable, e.g. if your employer requires you to use Photoshop, you really want to learn a foreign language with commercial software, or whatever the situation is. I've been looking into hardware solutions recently. A few examples: http://www.addonics.com/products/diamond_cipher/ http://www.addonics.com/products/cipher/CCEXA256.asp Hitachi's full disk encryption for laptop drives (really hard to find; manufacturers advertise the encrypted drive, but when it arrives in the mail, it turns out to be the unencrypted, freely-exportable version) The first would help for moving encrypted data between different computers running different operating systems; the second and third would help for encrypting a multi-boot computer but still allowing the different OSes to read each others' file systems. Unfortunately, there's some obvious weaknesses. In many ways, the Addonics key, being on a physical medium, has many of the same vulnerabilities as your house key. Unless you can shell out a grand to be able to generate and replicate your own keys, or reverse engineer the formatting so you can do it from OpenBSD, you're stuck letting them generate the key and make the copies. Unlike a password stored in your memory, it can be lost/stolen. (Of course, your memory might have limits on how strong a password you can remember, so the ideal would be to require both a strong key stored on a physical medium, *and* a user-remembered password, which could be accomplished either by encrypting the key with the password, or else by layering a physical-key based encryption and a password-based encryption.) It's probably either ECB or CBC, neither of which is particularly impressive. As for the Hitachi encryption, the length of the password is severely limited by your BIOS. In fact, your BIOS might not even let you enter a password. Also, every hardware-based encryption system I've seen is either AES or something even older and weaker, so if you want Twofish or Threefish, you can only get that from software, so far as I know.
Re: For me, OpenBSD is the operating system that "just works".
On Wed, 27 Apr 2011 18:56:57 -0400 Kraktus wrote: > So, I think OpenBSD tops the list of operating systems that "just > work". The only thing I really wish for is more encryption options for > softraid. And more people using OpenBSD, so the data I send to them is more secure. :-)
Re: For me, OpenBSD is the operating system that "just works".
On 4/27/11 6:43 PM, Amit Kulkarni wrote: So it turns out I had this spyware. None of the AVs detected it. cut I tried a Mac, but ultimately had the same problem, without all the crashing. Just removed 11 viruses, that I know of, from my mac laptop. That's called a Mac attack. Mehma
Re: For me, OpenBSD is the operating system that "just works".
> So it turns out I had this spyware. None of the AVs detected it. > However, I did see a suspicious process running, looked it up, and > found out what it was online. I had to boot into Safe Mode to remove > it. Then there was another one. Keylogger, screenshot-taker... a nasty > piece of work. Kept crashing my computer. None of the major AVs I > tried detected it. I couldn't find anything suspicious on the list of > running processes. Eventually, I detected it with one of the really > obscure independent malware scanners. Even then, it could only tell me > it was, not actually remove it. Nothing seemed able to remove. > Couldn't remove it from Safe Mode, either. Couldn't find directions to > remove it. Re-installing removed it, but like the cat, it just kept > coming back. > > I tried a Mac, but ultimately had the same problem, without all the crashing. And Macs are very very pricey. > Now, all operating systems have their uses, but I don't fully > understand what people mean when they say Windows "just works". Sure, > it "just works" when you first boot it up. But if you just rely on AVs > and Windows Updates to protect you, and often even if you take > stronger security measures, sooner or later, it has a tendency of not > working any more. They say Windows 7 is more secure than previous > versions, but even if that's so, that hasn't stopped my friends from > asking me to fix their not working Windows 7 computers. Which I do, > even though I think the best way to secure a Windows box is to > disconnect it from the internet and encrypt it, because even though I > think it's silly of them to expect Windows 7 to "just work", and then, > rather than replace it when it proves otherwise, insist that I restore > it to a working state, they're my friends and I care about them. And > then I try to lock it down as best I can without making things too > user unfriendly for them, which might delay the inevitable moment when > they come and ask me to fix it again. Consequently, much of what I > know about Windows security comes from trying to find the Windows > equivalents of BSD features. The Windows equivalents are never as > good. > It is so insane to get Windows 7 to work nowadays. I just can't get it working. I am a normal locked down user but it freezes from time to time. Just like you said, you have to fiddle with safe mode, remove trojans, remove malware and still they keep coming back. A few months ago, Windows networking was working, now it doesn't. I quit. I am not interested in fixing those problems anymore. Its much easier to work in non-Windows environment. The learning curve is not that steep and it is rewarding. > So, I think OpenBSD tops the list of operating systems that "just > work". The only thing I really wish for is more encryption options for > softraid. all this to request softraid encryption? :-)
