Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : I am convinced... : Re: I am convinced... Server Time
3 Sep 2024 21:18:11 EDT (-0400)
  Re: I am convinced...  
From: Orchid XP v8
Date: 21 Dec 2010 15:38:41
Message: <4d111051$1@news.povray.org>
 
On 20/12/2010 06:41 PM, Warp wrote:

>    On the subject of virus scanners in particular, I'd say that the very
> need to have such scanners is a symptom of fundamentally bad OS design.

I'd go along with that.

>    The unix philosophy of OS design has always been a step or two closer
> to the safer design (with respect to computer viruses and other malware)
> then the typical DOS/Windows (and other similar OS's in the past) design.
> The reason for this is that unixes have always been designed to be
> multi-user operating systems while DOS/Windows has been designed to be
> a single-user OS with no regard to security.

That's pretty much it, right there.

>    The DOS/Windows design always took basically the exact opposite approach:
> Whatever the user wants to run or do, the OS allows.

For a machine which is physically incapable of being networked, this is 
a perfectly reasonable way to proceed. The Commodore 64 and the ZX 
Spectrum had exactly the same "flaw" in their design. Only if a computer 
is *capable* of being used by more than one person does any question of 
"security" even exist.

> Unfortunately it took over 20
> years for Microsoft to rid itself of this mentality (for some reason MS
> has always been very slow to adopt certain ideas).

*This* is where it all went wrong.

Remind me: Is this or is this not the same Microsoft that famously took 
the additude of "oh, this 'Internet' thingy is just a trendy fad; it'll 
never last"? For a long, long time they seemed to believe that 
networking was somehow "unimportant".

Either way, when they realised the true situation, they should have 
changed their design practises. Radically.

> NT had security, but it wasn't even intended for normal users.

No, it wasn't. Which is a pitty, because it was quite a good OS.

Still, the main OS kernel lives on in some form. The Win9x kernel is 
gone, and 2000, XP, Vista and 7 are all based (increasingly loosely) on 
the NT kernel series.

In some ways, NT actually has *more* security features than Unix. For 
example, take file security. Under Unix, I can set permissions for one 
user, one group, and everybody else. Under NT, I can set permissions for 
as many users and user groups as I damned well like. And this isn't a 
theoretical ability; I use it extensively in my day job. Not only that, 
but Unix has umask, while NT actually allows you to set the default file 
permissions on a per-folder basis. And to reset the permissions on all 
the files in a folder easily. Hell, I can even control who is allowed to 
*see* the permissions on a file or folder.

On top of that, you make the OS log a record every single time a 
particular action is performed on a given file. (Unix, on the other 
hand, doesn't even provide a way for a process to be *notified* when a 
file changes, much less to log such changes at the OS level.) Again, I 
can control this at the file level, so I only get log entries for files 
that I actually care about, not every single file in the entire 
filesystem. And not for every action, and not for every user.

And that's just files. You can also set permissions controlling who is 
allowed to kill a given process. Or clear the print jobs in a given 
queue. And more besides. (Sadly, the OS GUI doesn't expose most of this 
very useful control, and there are certainly no CLI tools for this 
either. Indeed, if you want to set file permissions, you can *only* do 
it via the GUI. Well, no, now there's PowerShell which can probably do 
it...)

> It wasn't until XP that some
> *semblance* of security was introduced (yet, nevertheless, the mentality
> of the regular user being by default the superuser was still there

NT was where the big security changes happened. Before NT, any talk of 
"security" was a nonesense. XP is just the first really well-known 
consumer OS to feature these changes. (Windows 2000 didn't really get 
noticed much, for whatever reason. Note that Windows 2000 /= Windows ME.)

Unfortunately, it turns out that 99% of all Windows software still 
*assumes* that it has permission to do everything. And thus, you come up 
with stupid glitches like, for example,

   Nero claims that you do not possess a CD burner, *unless* you are 
logged in as a superuser.

One could argue that it's not so much /Microsoft/ that is slow to adapt, 
of even it's /users/. No, it's the people writing Windows software. If I 
had a penny for every time I've had to do something stupid just to make 
the buggy, barely-functional device driver for some crappy cheap-arse 
piece of hardware work...



Of course, Microsoft don't really help themselves sometimes. They have 
an almost obsessive tendency of making everything as scriptable, 
programmable and customisable as possible. I guess because all those 
extra features look good on the tin?

For example, if you use Outlook (not Outlook Express) you can create an 
"email" which is actually a full-fledged application, in effect. (This 
might also require Exchange, I'm not sure.) It ranges from simple stuff 
like sending out appointments and questionnaires, right up to building 
complex fillable forms, and having the server receive the responses and 
do non-trivial processing with them, possibly producing additional 
emails in response. Stuff like that.

All of which is very *powerful* and everything. But the net result is 
that everything from emails to Word documents to spreadsheets, 
databases, presentations, and so forth all can have arbitrary executable 
code embedded in it, and more often then not executed immediately as 
soon as you touch the time, often without you even realising it. This 
enables you to create very "rich" documents. For example, the other day 
I saw a PowerPoint presentation which is like a hyperlinked, browseable 
product catelogue. Very impressive stuff. And it's no secret that you 
can use Access to build what ammounts to a desktop application.

If you think in terms of shiney features, all of this sounds fanstastic. 
If you think in terms of computer security, all of this sounds like a 
catastrophy just waiting to happen. I mean, who thought that a *word 
processed document* being able to alter the local filesystem was a good 
idea?! Most users have no clue that you can do this. But I promise you, 
you can. (Or, you could. These days as soon as you open a Word document, 
you have to OK a dozen messages just to make it open, regardless of 
whether it does anything even mildly dangerous.)

Of course, having access to the local filesystem allows a Word document 
to be part of a big happy desktop application, developed using just MS 
Office. Why write a GUI application when you can just customise Word a 
little, and use a flat XML file as your database?

Now, if the system had been designed with security in mind from the 
start, nobody would have done anything so stupid. But now all these 
features exist (and, weirdly, continue to be designed), and somehow you 
have to make it secure. MS's idea of "make it secure" isn't "disable 
local filesystem access unless there's a damned good reason to enable 
it". It isn't even "check whether the macro tries to access the local 
filesystem" (which is trivially checkable). No, it's "slap a big, fat, 
flashing warning on top of EVERYTHING, dangerous or not". Because, let's 
face it, that's very easy to code.

And after the 198th time the user sees this annoying, unecessary error 
message, they just stop paying attention. And then when a *real* threat 
comes along, the user will blindly and automatically click "yes, please 
run this unsigned code". Because they've had to click it a thousand 
times before in order to get stuff done.

This is not "security". The whole XP Security Center is nothing more 
than a nag screen that constantly whines at you. "Turn on updates. 
Install a pricey AV product. Turn on the firewall." It does nothing to 
actually increase security. (Automatic updates themselves may do. But 
Linux has copied that idea too now...)



Really, there are several reasons why Windows (and related MS products) 
are less secure than their Unix counterparts:

- Microsoft failed to realise that networks would become "important" 
(and hence, security would be necessary).

- Once they did decide that networking actually was the future, they 
implemented lots of security stuff but failed to really make full use of it.

- There is now a huge codebase of cheap, buggy, unsupported software 
which people expect to work on Windows. If you start actually doing 
things in a secure way, most of this software will break. (This is 
technically a GOOD THING, but it doesn't sound very good to the people 
who just want to do their stuff.)

- Microsoft thinks that endless rafts of whizzy features are more 
important than computer security. (That's quite a serious problem, right 
there.)

- Unix is the OS for computer experts. Windows is the OS for idiots so 
stupid that arguably they shouldn't be let near a computer in the first 
place. Wanna guess which one has the biggest security problems?

- Windows systems outnumber Unix systems 10^4 : 1. Wanna guess which one 
most people spend their time trying to attack?

-- 
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.