Windows and Linux on netbooks… what stays on?

Right now, there’s a lot of debate among computing enthusiasts about whether Microsoft’s claim of 96% sales on netbooks is true… or meaningful. I tend to believe the percentages, but I don’t think it means what Microsoft seems to imply it means (“We’re better. People prefer us”). I do believe Windows users would rather stick with something familiar than switch to something else, especially if the two are around the same price. I also believe the Linux options on netbooks were badly marketed (and in many cases, badly implemented). It certainly doesn’t help that when you go to HP’s or Dell’s websites and try to order a Linux netbook, you’ll be told HP recommends Windows for everyday computing or Dell recommends Windows Vista Home Premium. Are you really going to tell me sales would have been the same if both the Linux and Windows pages said HP recommends Linux for everyday computing or Dell recommends Ubuntu Linux? Microsoft pays those OEMs money or cuts them deals to have those phrases plastered all over the sites, and with good reason.

Let’s see. I’m a consumer. I can go with Windows, which I’m already familiar with and which Dell recommends, or I can go with… U… bun… tu? which Dell doesn’t appear to recommend? And when I pick the Ubuntu option, Dell says I can “upgrade” to Windows (Windows is clearly better, since it’s an upgrade)? I think I’ll go with Windows. Of course. Why wouldn’t I?

So, yes, I can believe the 96%, but it doesn’t mean consumers were offered a fair choice and decided they liked Windows better and that Linux sucks. It means Microsoft strong-armed its way into the netbook marketplace, just as it always did with other markets. It’s like if we have a race and I bring my fans to the stadium and kick your fans out. Then I jam a cleat into your shin, stick gum on the bottom of your running shoes, and bat your ears just as the gun goes off. Oh, and the officials running the track meet are on my payroll. After I “win” the race, I brag to everybody that you’re slow. It doesn’t mean I’m a faster runner than you. It means I’m a bully and a cheat.

I have to confess I’m even tempted to get a Windows netbook myself, even though I’ve promised myself I won’t buy any more Microsoft products, even if I’m just planning to install Linux right over it. Why? Look at the selection out there! I’ve checked NewEgg, Amazon, just about every vendor I can find, and the Linux selections keep getting slimmer and slimmer. And they also tend to be the older models. If I want to get the best netbook out there right now (in terms of hardware specifications and battery life), it’s about US$349 from Asus and runs Windows XP—it’s one of the newer Eee PCs. If I want to get the best Linux netbook available right now, it’s about US$500 from HP and doesn’t even have a third USB port or VGA out.

The most popular Linux netbook options out run Linpus Linux Lite (crippled Fedora) and a specialized (i.e., crippled) Xandros Linux. The Dell Mini 9 looks okay and gets decent reviews but doesn’t have a hard drive bigger than 16 GB. And the HP Mini Mie also looks great but is really expensive when spec’ed out and still hasn’t fully ironed out its Ubuntu implementation (even though their new interface for Ubuntu looks pretty).

Vendors, are you listening to me? If you can offer the following, I can guarantee you your Linux sales will be gangbusters:

  • Stop recommending Windows on your Linux netbook pages.
  • Offer a Linux netbook under US$400 with 7 or 8 hours of battery life, an actual hard drive with a lot of space, 3 USB ports, a 92%-95%-sized keyboard, and VGA out.
  • Use a Ubuntu variant but make sure the interface is useful and the video playback isn’t choppy

As long as the Linux options are crippled (either on the hardware or software fronts), then, yes, people will keep buying Windows netbooks. Some people may buy the Windows netbooks just to install Linux on them, but if Windows is either the only option, the cheapest option, the option with the best hardware features, or all three of the above, then Windows will continue to outsell Linux on the netbook front.

I’ll close with some excerpts from Amazon reviews:

Asus doesn’t offer the 1000HA with Linux. I don’t know what they’re thinking here. I’m forced to buy yet another Windows license that will never be used

I loaded Ubuntu Linux 8.10 to have a dual-boot system and I must say it runs Linux very well — no problems on the Linux side.

I bought this Windows XP model, just because there is no Linux equivalent of Eee PC 1000HA on sale(Asus, are you listening?).

Installed Easy Peasy linux, based… right out of the box. I did manage to hose windows xp, which is fine, since I’m not interested in running it

Linux was actually faster, and easier to set up (more plug and play, and no questions to answer). It started up each time much faster

I was primarily looking for a netbook with some form of linux installed on it, but I liked the size and battery life of this one so I went ahead and bought it.

I love my Eee PC 701. At some point I want to upgrade it, and I hope at that time there’ll be some decent Linux options out there.

Conficker worm – silent is still deadly

I find the “news” coverage of Conficker to be absolutely disgraceful. Is this what passes for journalism?

I want you to imagine that there is a parasite that can invade your body and reside in there indefinitely. Once in your body, it could give you a heart attack, it could poison your blood stream, or it could make your liver fail. Once the parasite was discovered to be in the wild, doctors discovered that you could avoid getting the parasite by simply washing your hands before you ate. They also figured out that the parasite was going to change shape on a certain day. As that day approaches, people who haven’t been washing their hands go into a panic. They don’t know if they have the parasite or not. They start running to quack doctors who say they’ll make sure to protect these people against the worm if the potentially infected individuals just buy a prescription subscription for a special drug. After the parasite changes shape, though, no one’s had a heart attack or failed liver yet. So all the parasite-infected people celebrate that the parasite hasn’t done anything.

What?! Did I miss something?

Yes, the scenario I’ve just described in biological terms is exactly what just happened with the Conficker worm that’s infected an estimated 10 million Windows computers.

Microsoft discovered a flaw in its operating system and patched the flaw back in October 2008. The latest iteration of the Conficker worm, which takes advantage of this flaw, began surfacing around November 2008 and kept infecting Windows computers for months. The experts all knew that on April 1, 2009 the infected computers would have the worm checking for updated instructions from its creators.

Then the panic came in. Oh, no! It’s coming! It’ll be the end of the internet as we know it. I’m turning off my computer that day. If I buy this antivirus software will it protect me? Hide the children! Oh. Nothing happened? It has the power to attack and bring down major websites and government systems or steal personal information but nothing appeared to happen today? Oh. Okay. It was a big joke then. Ha ha. Who cares if I’m infected? I’m just going to go on my merry way.

Uh, no. First of all, Windows users should regularly install Windows updates. This was patched even before it was a real threat. And it doesn’t matter if the world didn’t seem to end today. The Conficker worm has the power to do serious damage, and no one knows when it’ll decide to do that damage or what kind of damage it will decide to do. It doesn’t mean you fly into a panic as if it were Orson Welles’ reading of War of the Worlds. But it doesn’t mean you go on your merry, care-free way either.

Educate yourself. Protect yourself. Be sensible. Conficker is dangerous but instead of flying into blind paranoia, just take practical and level-headed steps to protect your computer and your personal information. Silent can still be deadly, and I’m not just talking about flatulence.

Should Linux users hush up about Microsoft?

Someone linked to Good Linux Users Don’t Talk About Microsoft on the Ubuntu Forums. I started to type up a reply, and then it got so long that I figured it was more of a blog entry than a forum post. Besides, who wants to hear about our broken toilet flush, anyway?

Okay, let’s see. So “good Linux” users can’t bash Microsoft, but “bad Linux users” can be bashed as morons? Okay. I don’t really see how that works.

I do agree that if Linux users want others to use Linux (and not all Linux users say they do) they should focus more on what Linux can do than on what Windows can’t do. It’s the same for anything in life, really. You have more respect for a political candidate who says “I’m going to do this, this, and that good things” instead of “My opponent has done this, this, and that bad things.”

But it’s only natural for people to compare two competing alternatives, especially if most of the users of one alternative used to use (or still use) the dominant product. If almost every Toyota owner used to own a Honda, then you bet you’d hear a lot of Honda-bashing from Toyota owners.

I see this a lot with Mac users, too. There are some very vocal anti-Microsoft and anti-Windows Linux users online, but in person all the Linux users I know are pretty level-headed about things (use what works for you, I prefer Linux), and the most vocal anti-Microsoft and anti-Windows sentiment I hear in real (in-person) life is from Mac users who were former Windows users.

It’s the same trick that the bully from elementary school used to use. You put others down to make yourself feel better. Well, if you’re not 100% sure you like your new choice, you may feel tempted to put down your former choice to reassure yourself you made the right new choice. It’s like when people start reminiscing about their exes and then a friend says “Oh, he was such a jerk anyway. You’re so much better without him.” He may, in fact, have been a jerk, but why do you need such assurance that you’re doing better now? It’s because there’s a little part of you that wonders whether you should still be with him. And for every Linux or Mac user who does spend the bulk of her energy putting down Windows, I often wonder if that’s where it’s coming from.

I kind of see both sides of it. On the one hand, there are many deplorable things Microsoft does, and there are many things I don’t like about Windows. It doesn’t make sense to ignore corporate bullying practices, vendor lock-in, or bad default security practices. On the other hand, focusing your energy solely on what “the competition” is doing wrong isn’t a good “sell” for your own “product.” You should spend most of your energy talking about what Linux is good for.

This goes to a larger sociological issue when it comes to operating systems. You see a lot of dumb back-and-forth arguments about “Which is better, Mac or [understood to be Windows] PC?” or “Is Linux ready for the desktop?” Well, obviously no one’s going to come to a unanimous conclusion, because there is none. No one operating system can be everybody’s preference or suit everyone’s needs. And no one operating system needs to.

My wife can love her Mac OS X and that doesn’t bother me. I can love my Ubuntu and not bother others with it. And our friends can use Windows to their heart’s content, and I won’t bother them. As a matter of fact, even though I prefer Ubuntu, I use Windows at work every day, and I divide my home time almost equally between my wife’s Macbook Pro (with Mac OS X) and my own Eee PC (with Ubuntu). So I’m familiar with all three operating systems and can appreciate their respective pros and cons.

If someone says “Do you think Linux is ready for the desktop?” I would probably respond “I don’t think there’s a definite answer to that. It’s better to tell me what your computer habits and budget are, and then I can tell you whether a Mac, a Windows PC, or a Linux PC is best for you.”

The key is really being able to talk intelligently about what works for whom instead of trying to pit operating systems in a battle out of which only one winner can emerge.

Do you filter the help you give online?

I’m a moderator on the Ubuntu Forums, and we have a policy about log-in-as-root tutorials (especially logging in as root graphically), which is basically that they’re banned. We don’t let people post instructions for logging in as root graphically. You can read here about the justification for that.

It’s a little odd, though. I’m in favor of the policy, but I also know that if someone does a simple Google search, she can find instructions for logging in as root graphically in Ubuntu. So we’re not, with our policy, preventing people from logging in as root. We’re simply not helping them to do it. Does that matter?

I don’t know if it does, but I still refuse to help people do what I think they shouldn’t be doing. I filter my help. I love helping people out. The internet is a wonderful place, because I help tens, hundreds, possibly even thousands of people I don’t even know by just typing a few sentences.

If, however, I get the impression someone is trying to get me to do her homework for her, I say “Do your own homework.” Of course, I could be inadvertently doing someone else’s homework for her—someone who’s clever enough to rephrase the question instead of copying the homework question verbatim into an online forum. I don’t know if I am.

Likewise, if someone says “I forgot the password to my computer. How do I get in?” I don’t know if that person is a kid who’s trying to find out her parent’s password to get around a parental filter. And I don’t have a foolproof method of thwarting malicious password cracking requests, but I generally tell people how to reset the password instead of telling them how to crack the password (even though I know how you can crack passwords). If you reset a password, you have access, but the person who used to have that password knows you have access, since the old password no longer works. If, however, you crack the password, you could stealthily be using that person’s account without her knowing it.

Do you filter out your help? Or do you figure information is so easy to find that if you don’t tell someone how to crack a password, she’ll just do a Google search and find it herself? Does it matter who pulls the trigger or not if the trigger gets pulled?

The antivirus paranoia culture

Recently, I’ve spent some time looking at the computer section of Yahoo! Answers, and it’s a fascinating place from a sociological perspective. If the questions and answers popular there are indicative of what common attitudes and practices are among Windows and Mac users, then this is how a typical user operates:

  • Install free antivirus software
  • Install Limewire and use it to download copyrighted songs and movies as well as software cracks.
  • Run as administrator all the time (no limited user account).
  • Get infected with a virus or rogue.
  • Ask for suggestions about a better antivirus.
  • Consider that maybe paid antivirus solutions may be more effective than free ones.
  • Consider that Frostwire may be safer than Limewire.
  • Switch antiviruses.
  • Switch P2P application.
  • Get infected again.
  • Try to remove the infection with MalwareBytes.
  • Spend hours trying to remove infections with various other programs.
  • Eventually give up and reformat entire drive without backing up files.
  • Continue cycle.

There also seems to be a popular misconception that Windows’ malware problem has to do primarily with its popularity and not any flaw in security (like running as administrator by default all the time). So when a trojan (which requires user stupidity, not a flaw in the security of the operating system) appears for Mac OS X, the Windows users on Yahoo! Answers say “Aha! See? Macs get viruses too. They’re no more secure than Windows” and the Mac users on Yahoo! Answers say “Oh, no. What antivirus should I use to protect my Mac? I thought Macs were immune to viruses.”

I hope you see the problem here. Antivirus software companies may not be so nefarious as to actually create viruses (though maybe they do—we don’t have any irrefutable evidence either way), but they have definitely created a culture of paranoia and not just healthy fear.

Most computer users are paralyzed when it comes to security. They have no concept whatsoever as to what makes a computer secure or insecure. They just think “If I run ‘the best’ antivirus software, I can do whatever I want and my computer will be safe.”

Yet, I’d be willing to bet that most of these people would be better at spotting a fake valet before handing over the keys to their cars and would know better than to actively seek out burglars to give out their bank ATM cards and PIN codes to.

What can we do to turn around this culture of paranoia and turn it into proper, healthy fear properly channeled through education and good practice?

I used to be part of this culture, back when I was an exclusive Windows user. I got malware of some kind and panicked. And I thought if I just got a “better” antivirus and changed from Internet Explorer to Firefox that my security would be so much better.

It wasn’t until I got more familiar with the worlds of Mac OS X and Ubuntu that I realized privilege separation matters. Yes, it’s theoretically conceivable that malware could infect a limited user account if it were designed that way, but if it did and was detected in a short amount of time, then it could be easily removed. Malware as it is now thrives because it digs deeply into the Windows system files so that booting into safe mode or trying to use system restore to get rid of it isn’t enough. If you use a limited user account, no system files will be affected, and if malware were ever designed to affect a limited user account, you could just delete that account and carry on.

More importantly, the paranoia comes from a total lack of understanding about how computers become infected with malware. They have the same understanding of computer diseases that “doctors” had about human diseases centuries ago. It’s a bad humor. It’s punishment for doing something evil. It’s not germs you actually have to come in contact with.

A lot of malware comes in not through software flaws but through user flaws. Social engineering is a great way to get malware installed because Microsoft, Apple, and Linux developers can do nothing about it through better programming. If you can trick the user into installing “the codec you need to watch this video” or “this pirated version of iWork” or “this cool new software,” then any kind of built-in security goes out the window.

Couldn’t these users who suffer from such paranoia and ignorance save themselves a lot of heartache if they did a few simple things?

  1. Use a limited user account in Windows
  2. Take ten minutes to read up on social engineering and how not to be a victim of it
  3. Back up personal files regularly
  4. Use Norton Ghost or Acronis True Image to image a working installation so a reinstall wouldn’t take so long
  5. Install system security updates

The way a lot of people run their computers, it’s like having rampant unprotected sex and then getting an HIV test every six months. That won’t stop HIV! Get a condom! Computers have condoms too, even though Microsoft doesn’t make them very easy to put on.