Oh come on. You're a professional (right?), you should know better than to say this kind of crap. You know what your problem is? You think NAT is a security mechanism -- it's not. Just because we have spent the last ten-plus years having the Firewall also perform network address translation, doesn't mean the two roles have anything to do with eachother -- they don't. NAT is a workaround for the problem of limited IP address spaces; it says so right in the freakin' abstract of the original NAT RFC (1631), which was published in 1994! Don't assign it responsibilities it wasn't designed to have!

IPv6 can (and should) be firewalled just as IPv4 can (and should). It's always a good idea to have a device between your Internet connection(s) and your in-house systems that makes decisions about whether or not packets going to & from certain IP addresses+ports should be allowed through. But, seriously, who cares if the source or destination address is IPv4 or IPv6?

But that's not what they're doing! There is no remote code execution vulnerability on Windows 2000, XP, or Server 2003. Only Vista and Server 2008 are susceptible to remote code execution. This is a Denial of Service vulnerability on NT 5.x systems, and you have to have the firewall disabled (and, indeed, no stateful hardware firewall at all) in order to be vulnerable.

The details are here:

http://www.microsoft.com/technet/security/bulletin/ms09-048.mspx

It's fine to criticise Microsoft for not releasing a patch for XP, but let's at least get the facts about the vulnerability straight, first, yeah?

Ed Bott did a bunch of research on what the Windows 7 three application limit really means:

http://blogs.zdnet.com/Bott/?p=844

In short, he says that:
- Windows Explorer, Command Prompt, Task Manager, Control Panel applets, other Windows system tools don't count
- Many applications that run as system services and present themselves through the notification area (aka system tray) don't count (anti-virus, firewall, little utilities, etc) ...
- The version he tested doesn't exempt installers, but Microsoft said that they should be
- Internet Explorer is NOT exempt, but there is no limit on the number of tabs you can open
- If you don't like the three-app limit, there is a built-in way in Windows to upgrade to a higher edition that doesn't have the limitation. You don't have to reinstall Windows or lose your data or anything; it's just an online purchase and a change of product key, and the upgraded features are unlocked with a reboot

So it's not like you're screwed if your computer came with Starter and you need more. But if you don't need more, hey, you just saved some money....

shims just sound like a lame hack. using a shim means you've given up on elegance and respectability

Shims allow Microsoft to fix bugs in Windows without affecting applications. Changing how any API call works, even to fix something that is clearly wrong, can cause major problems, because there could very well be applications out there that rely on the broken behaviour.

I'll give you a practical example. In Windows 7, they fixed the CreateFileEx() API call, which is used to create and open files. Pretty much every application out there uses this API, so changing how it works would be about as dangerous as changing how a core CLI utility on Unix like "sed" or "grep" works and then rolling out the change to production systems around the world.

The bug in Vista (but has existed in Windows for quite some time) is that if you were you request exclusive read access on a file that you do not have full access to, Windows would silently change your lock on that file to "shared read" access. Which is, of course, not what you asked for. There are plenty of other cases in CreateFileEx() where the API call will fail if you ask it to do something your user account doesn't have permission to do. They fixed this in Windows 7, but this is obviously a case where fixing a bug in Windows will cause many applications to crash or not function properly.

In order to provide this bug fix, and therefore make Windows better, they've added in a new (optional) application compatibility manifest that new applications can use that says, "hey, I want the Windows 7 behaviour!", and this CreateFileEx() fix -- as well as a number of other bug fixes -- will be in place for your application. Microsoft is saying that they will also maintain that defined compatibility level through future versions of Windows, too, i.e. on Windows 8, you'll get the Windows 7 API behaviour.

Sure beats having to keep up with KDE's world-breaking changes every few years, don't you think?

There really is no other good way of going about this. An "elegant and respectable" solution would probably involve every software company, ever, fixing every bug in their software, ever, that prevents their application from being compatible with Windows 7. What do you suppose the chances of that happening are? You might as well be a seven-year-old girl asking for a live unicorn for your birthday... you just might have better luck! A lot of software that needs to run on Windows is in-house jobbies written years ago by people who'd just learned the difference between "If" and "While" BASIC statements. It would likely cost a lot of money to scour the whole code-base and fix it... and that's if they even still have the code and can find someone to do the work! (What if the contractor ran off with it and is holding it for random? I've got a friend who's dealing with that very issue right now!!)

Microsoft's solution to this problem is to give IT people the ability to analyze the software they have to run and to apply shims to make it work. Microsoft will even help companies with this, often for no cost at all.

Elegance is nice, but it can be prohibitively expensive. Shims are for the real world.

Short answer -- No.

First of all, the obvious: Microsoft started working on Windows 7 late in 2006, even before Vista was released. Netbooks became popular in 2008. 2007 worldwide sales of Netbook-type machines were less than half a million.

Any self-respecting computer programmer knows what's really going on. When you spend months or years working on a major new release, you're often struggling to get the new stuff working at all. Your managers are pushing you to get the thing out the door; deadlines are looming; adding more people to the team would probably be counterproductive since they'd only slow down the people who need to be 100% focused on finishing things up.

Once you get that x.0 release out the door, you take a vacation, reintroduce yourself to your wife and kids, putter around at work for a while, and then dive back in and make your code faster, cleaner, more reliable, more useful. The x.1 release that follows ends up being the one everyone likes; people say "It's what x.0 should have been!" ... Right? That's what happens!

And that's exactly what's happening with Windows 7. This isn't a major "reinvent the wheel" release... it's all about optimization, performance, better user interfaces, and tacking on some new things that have become popular since Vista was released, like proper support for SSD drives, multi-touch, multi-core GPUs, and so on...

Microsoft has published a complete list (in CSV form) of all the domain names that Conficker will try to contact through June 30, 2009. That's 249 of them a day, for a total of 113,500 domain names.

http://blogs.technet.com/msrc/archive/2009/02/12/conficker-domain-information.aspx

Why? The patch for this vulnerability was released four months ago, and the latest round of Windows Updates (a couple of days ago) include a scan & remove of Conficker.A and Conficker.B. As for the Autorun variant of this attack, Microsoft has published a KB article covering various ways to prevent it. Of course, if you don't have anyone working in your offices over the weekend, nobody's likely to come in and plug in infected USB devices.

Sure, but that precise behaviour happens all over the world in practically every industry. You set a price based on what a local market will bear, not based on a single world-wide price. There's just too much variance in incomes and the cost of doing business, to do it any other way.

Case in point, the United Kingdom -- Brits always complain that everything is more expensive than in the United States, but what they don't appreciate is that they also generally make more money and have lower expenses than a typical American that does the same work.

This has nothing to do with technical restrictions. The problem is that Microsoft needs to be able to sell Windows at a price point that is suitable for nations with lots of poor people.

Take Thailand for instance -- it was actually that country's government that approached Microsoft back in 2003 and said, "please help us get computers to our poor people", and XP Starter Edition was created as a result. A lot of people in Thailand can't even begin to dream of the kind of power we take for granted with a modern Macbook, Latitude or Thinkpad. If they're lucky, they'll be able to get their hands on something of a 2000 or 2001 vintage. These aren't power-users with multi-megabit broadband and iPhones... these are people who want to do utterly basic things with a computer.

What would happen if Microsoft were to start selling Vista Starter Edition for 1,000 baht**? That's about $30 USD right now, which goes a long way in upcountry Thailand (you can eat very well there for 50 baht a day). People may be willing to pay that, but they wouldn't be willing to pay 3,000 baht** for Vista Home Basic, especially if they don't actually have a computer that can take advantage of all the extra features and ability to run more apps.

So, then, you wonder why they don't just offer Vista Home Premium in Thailand for 1,000 baht, so that it more closely reflects the price point vs. average income that you'd see it at in Western countries? The problem, of course, is that you'd end up getting a whole pile of shady operators who'd buy up legit copies of an uncrippled Vista Starter in Thailand, apply the English user interface pack to it, then sell them in the United States for a fraction of what Microsoft is asking for Vista Home Basic, and they'd make a big profit, and Microsoft would lose the sale.

That's why Microsoft makes Starter Edition both very cheap by Western standards, but generally unpalatable for that market, which (as we see here on Slashdot) balks at these kinds of restrictions.

Finally, I suspect this whole thing about using Windows 7 Starter Edition on Netbooks in first-world countries is bupkiss. By the time Windows 7 comes out towards the end of the year, Netbooks will have evolved enough in power and storage that they should be able to run Windows 7 Home Premium without any difficulty.

(** these are the actual prices)