Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Cygwin, why does my lab recommend to NOT use it?

  1. Feb 12, 2009 #1
    I have been using cygwin since a long time now, but my system administrator recommend that we no longer have cygwin installed on the lab computers because it is "in bad shape". I have also seen this on ROOT's website. "http://root.cern.ch/root/Version522.html" [Broken]"

    What is this poor state that they speak of? What harm will come if I install it on my home laptop? I have been Googling, but I havent found anything about this.
    Last edited by a moderator: May 4, 2017
  2. jcsd
  3. Feb 12, 2009 #2


    User Avatar
    Science Advisor
    Homework Helper

    I don't know about cygwin. The recent versions of gcc are fair-to-poor on Windows systems, though -- there are programs I can't compile properly anymore.
  4. Feb 12, 2009 #3
    I think they say it have something to do with some backdoor open or a Trojan built into it or something along that lines.
  5. Feb 12, 2009 #4


    User Avatar
    Science Advisor
    Homework Helper

  6. Feb 12, 2009 #5


    User Avatar
    Science Advisor
    Homework Helper

    gcc is one of the best compilers, it is generally far more standards compliant than MS.
    The only issue with cygwin is that if you are using many different old apps compiled for different versions of the cygwin library it can be a pain to make sure they all get the correct one.

    There is also mingw-msys which is gcc but using windows runtime libraries.
  7. Feb 13, 2009 #6
    Why does Root (which is the standard analysis software for CERN experiment), have on their website that cygwin is in very poor shape?
  8. Feb 13, 2009 #7
    Okay, so I spoke to my system administrator, and he says that cygwin has a problem where a lot of the mirror sites have been infected with trojans. He said the only trusted one used to be Aargon, but then they started having problems as well, so he just say that we should not use it on our PCs in the office.
  9. Feb 13, 2009 #8
    Hello profroopchan.
    I think your system administrator must have a misunderstanding. If there are trojans or even just corrupt files on any mirror site, they will fail either the md5 checksum test or the setup.ini digital signature check; setup.exe will refuse to install an invalid or tampered package.

    What has probably caused your admin to think this is that some of the most common antivirus packages have been repeatedly hitting false positives on standard Cygwin utilities quite a bit over the past year - AVG in particular has had multiple failures in this regard. So it's easy to think that something downloaded from a mirror site was trojanned, when in fact the mirror site is carrying a perfectly valid file and it's just the anti-virus at the receiving PC making a mistake.
  10. Feb 13, 2009 #9
    There are a number of known problems in current GCC when compiled for windows, relating mostly to exception handling with DLLs in use. (There are also a lot of backwardly-incompatible changes in recent GCC that make it more demanding of strict standards compliance in C++ usage than it used to be, and these are also a very common cause of being unable to compile old programs with newer versions; it's worth making sure that the old code wasn't just slightly invalid in some technical way or other). There aren't as many of us working on the windows ports as there are on e.g. linux, so it doesn't get as much attention.
    However, please do report bugs that you find to the GCC mailing list, as we will try and take care of them. There is an effort under way to bring the windows versions up-to-date and get everything working properly for them.
  11. Feb 14, 2009 #10
    The Root website first put up that warning about Cygwin's gcc when it was gcc version 3.2. Cygwin currently uses gcc 3.4 which is a much better compiler (largely due to Dave Korn, who also posted on this forum). It's also true that some of the people who have been contributing to Cygwin's mailing list are people trying to get Root to behave better on Windows.

    I have had cygwin on my laptops for many years now, and have had Root compiled with gcc for more than 6 years. From root versions 4.00.08 to 5.20. I've compiled it myself on occasion (to get Ruby and Python binding support), but of late have been using the precompile binaries as they come with everything I've needed.

    I've complained on the Root websites about this (mostly) unfounded prejudice without much luck. They push Microsoft's VC++ compiler, but that means giving up posix paths, the same Makefiles, etc... I use the same Makefile to compile stand-alone executables that dynamically link against the root libraries on Cygwin/gcc and linux with no problems.

    The only issue that is true is that it compiling with gcc on Cygwin can be quite a bit slower than compiling using VC++. This almost never matters, but you'll notice it when building very large packages.

    Long-story-short: I highly recommend using Cygwin/gcc's version of Root.

    Charles Plager

    p.s. The warnings about viruses and mal-ware are, well, crap.
    Last edited by a moderator: May 4, 2017
  12. Feb 18, 2009 #11
    Why would a library have a trojan built into it? It seems that it'd likely be related to the work everyone else at your company is working on. Cygwin and MinGW do take two different approaches. I recall from a time when I had an assignment which used POSIX threads, that it didn't seem that I could compile it using MinGW. But, I wasn't really trying to get it compiles on Windows and was only curious.

    But, in anycase, I don't know why people use either of the two on Windows, when Windows has the POSIX-certified Interix. Yet, I don't have an intimate knowledge of any of the three.
  13. Feb 18, 2009 #12
    I'm not convinced that Interix (now Microsoft's SUA) is POSIX-certified (although that's somewhat irrelevant). Second, Root is built for Cygwin and not for SUA/Interix. And is SUA/Interix still being maintained?

  14. Feb 18, 2009 #13


    User Avatar
    Science Advisor
    Homework Helper

    POSIX certified doesn't mean very much. You can specify subsets of POSIX for machines which don't have a filesystem, don't have threads, or a network etc.
    So you can be perfectly POSIX compliant by having a header file just saying - no fileio, no stdio, no network, no memory etc.

    This is what NT did, it was POSIX compliant (in order to sell to government) but the POSIX sub-system couldn't use the network, threads, windows or most of the features of NTFS. So it was officially POSIX and totally useless.

    The bad memory of this and since MS doesn't exactly go out of it's way to promote it, means that the new POSIX stuff in server2003 (Interix became services for unix) gets ignored.

    MS pulled a similar trick with Orange book/C2 security. They submitted a machine without networking under the section which assumes physical security of the console. They then advertised NT as military grade secure - yes it was assuming the machine wasn't on a network and had an armed guard on the keyboard !
  15. Jan 3, 2010 #14
    the false positives are coz cygwin works sort of like rootkit.
    as the correct md5/sha hashes are available, they're no big deal.

    the real problem is cygwin tends to fail mysteriously.
    for example, their official site list some major programs known not to work along with it.

    and it's not surprising if a physicist (like the professor of the OP) prefers the minimalist way (the mingw fork) to cygwin.

    let me end this with a reference to the discussion on reddit (not necessarily my viewpoint):

  16. May 28, 2010 #15
    Cygwin is nothing like a root kit. This statement is just silly.

    There are several programs that are known to interfere with Cygwin. These programs interfere with many others and not just Cygwin and are generally doing bad things. I have never heard of any program that is interfered with by Cygwin.

    There are several good reasons to prefer Cygwin. It has an environment that is much more similar to linux and that makes porting code to Cygwin much easier than MingW. It has precompiled versions of Root, for example. ...

  17. Sep 20, 2011 #16
    Gentlemen. I am not a tech guy, although I am a competent Windows user. My computer was recently acting weird when browsing. I looked at the network and sharing window and clicked on "show me all the files and folders I am sharing". There came up a very long list of what looked like names followed by references to cygwin folders. I used RegScrub Vista to search out and remove all registry references to cygwin and did the same by searching the folders. (Cygwin had previously been uninstalled, these were leftovers.) The browser seems to function better and the hourglass does not show stuff loading when the page has already completed. Is this a trojan? I don't know enough to be sure, but it certainly seemed suspicious to my non-geek eyes.
Share this great discussion with others via Reddit, Google+, Twitter, or Facebook