>>> Wrong perspective. Development was actually from CP/M's "access control?
>>> just lock the f*** room door" concept to there.
>>
>> Yes. And it has taken them a spectacularly long time to figure out that
>> this model is ineffective today.
>
> Not really. It has been around in NT since when? Ever since the first
> version, I guess.

It still puzzles me that NT was designed as "business only". It's a 
pity, really. It was quite a good OS...

That being the case, Windows Vista is still the first OS aimed at the 
casual user base which actually has half-decent security.

>> The company's goals seem to be to promote a /sense/ of security rather
>> than actually /being/ secure.
>
> Typical end users want to just "buy" their security (or, better yet, get
> it for free), and not invest any of their own time into it. So Microsoft
> serves this market segment with the best security you can buy for money
> alone: The mere illusion of it.

Yes, perhaps that's the real problem here...

(I would say "so why don't they make a business version with *real* 
security?" And then I realise that most PHBs /also/ think that 
"security" is a product that you can just buy.)

Post a reply to this message

>> Granted, backwards compatibility didn't help them at all. But I'm pretty
>> sure there are better solutions than what they actually came up with.
>
> Remember that when you're talking about security, the result is to break
> things. Security in this sense means "preventing things from working as
> programmed." Hence, you can't increase security effectively without
> breaking backward compatibility. It's a careful balancing act you have
> to do.

...which completely explains how Vista and 7 managed to be more secure 
while not breaking everything in sight.

Oh, wait. No it doesn't.

It also doesn't explain why Windows couldn't have done this 10 years ago.

Post a reply to this message

On 06/06/2011 09:02 PM, Darren New wrote:
> On 6/6/2011 11:22, Orchid XP v8 wrote:
>> ...which the on-demand scanner is *still* going to detect...
>
> Again, the on-demand scanner is the worst possible way, efficiency-wise,
> to detect such things. Where "efficient" means "minimal impact to actual
> users." It should be a last resort, not a primary mechanism.

You have a point. Scanning a file after each time it's modified would 
seem the best approach, but I'm not aware of any product that does this yet.

>> Heheh. These are the people who thought "hey, let's make it so that every
>> home user has full admin rights by default". Yes, I'm sure they know a
>> thing
>> or two about security. ;-)
>
> I'm sure they do. And I'm sure every programmer in Microsoft *wanted* to
> not make that the default. That business cases mean you lessen security
> doesn't mean the security team doesn't know how to do security.

OK, how about this:

This is the company that produced a web server where you can completely 
defeat all access controls and fetch files you don't have permission to 
fetch just by using backslashes in the URL rather than forward slashes.

This works because:

1. The server neglects to check for invalid characters in the URL (such 
as backslashes).

2. The server uses a list to determine file access rather than 
properties of the files themselves (e.g., FS-level file security).

3. The server blacklists files that you can't access rather than 
whitelists files that you can access, causing it to fail-open rather 
than fail-closed.

4. Because the restricted URLs have forward slashes and the user typed 
an equivalent path with backslashes, a textual match routine returns no 
matches, and the URL is allowed. (This also means that any /other/ way 
to generate a semantically equivalent but textually distinct URL would 
/also/ bypass all security.)

Yes, /clearly/ MS knows how to design systems that are fundamentally secure.

>>>> That's a valid argument for a file server. But even in that case,
>>>> you (or
>>>> somebody else) still has to *access* the file.
>>>
>>> But the other person might not have a virus scanner.
>>
>> If the file is on a file server, then each time you try to access it,
>> the AV
>> product on the server will perform an on-demand scan.
>
> Sorry? What file server?

If the file exists on another PC and that PC has an on-demand virus 
scanner, than whatever way you access that file, it's going to trigger 
that PC to perform an on-demand scan. So I'm not seeing how a file on a 
PC with an AV product can pose a threat to other systems.

Post a reply to this message

On 6/7/2011 1:12, Invisible wrote:
> That being the case, Windows Vista is still the first OS aimed at the casual
> user base which actually has half-decent security.

XP had half-decent security. Pretty much the same security as Vista, except 
that Vista runs admin programs in a different screen space to avoid shatter 
attacks. You're still logged in as an administrator by default. If you mean 
the UAC, most people don't pay any attention to whether that makes sense to 
be popping up or not.

> (I would say "so why don't they make a business version with *real*
> security?"

They do. You just have to actually use the one you have.  XP had real 
security. About as good as UNIX (and better in some ways) as long as you 
didn't log in as administrator by default. No amount of technical security 
is going to force people to use it.

-- 
Darren New, San Diego CA, USA (PST)
   "Coding without comments is like
    driving without turn signals."

Post a reply to this message

On 6/7/2011 1:15, Invisible wrote:
> ...which completely explains how Vista and 7 managed to be more secure while
> not breaking everything in sight.

In what way are they more secure?  Remember everyone bitching that they had 
to buy all new hardware like new scanners and printers and stuff for Vista? 
Why do you think that happened?

> Oh, wait. No it doesn't.

How many Win3 programs broke when you tried to run them under Win2000?

(Answer: Lots and lots.)

> It also doesn't explain why Windows couldn't have done this 10 years ago.

See above. By now, nobody really complains when a Win3 or Win98 program breaks.

-- 
Darren New, San Diego CA, USA (PST)
   "Coding without comments is like
    driving without turn signals."

Post a reply to this message

On 07/06/2011 02:29 PM, Darren New wrote:
> On 6/7/2011 1:12, Invisible wrote:
>> That being the case, Windows Vista is still the first OS aimed at the
>> casual user base which actually has half-decent security.
>
> XP had half-decent security. Pretty much the same security as Vista,
> except that Vista runs admin programs in a different screen space to
> avoid shatter attacks. You're still logged in as an administrator by
> default.

Really? I thought they finally changed that in Vista.

Post a reply to this message

On 6/7/2011 1:23, Invisible wrote:
> You have a point. Scanning a file after each time it's modified would seem
> the best approach, but I'm not aware of any product that does this yet.

Yes you are. You just ad hominem'ed them out of your memory.

> So I'm not seeing how a file on a PC with an AV
> product can pose a threat to other systems.

I write a program that writes out an executable file that has a virus in it. 
(Like, say, the copy command.) I write that file to a USB stick, and I give 
it to you.

Or, as has actually happened in the past, you install a program off a 
commercial CD that has been created on a machine that is infected, and which 
therefore includes a virus.

-- 
Darren New, San Diego CA, USA (PST)
   "Coding without comments is like
    driving without turn signals."

Post a reply to this message

On 6/7/2011 6:32, Invisible wrote:
> Really? I thought they finally changed that in Vista.

Really. The first account you create is an administrator account. (I may be 
misremembering, but I'm pretty sure that's the case, since you have to frob 
with privileged things in order to log in as administrator without being in 
safe mode.)

-- 
Darren New, San Diego CA, USA (PST)
   "Coding without comments is like
    driving without turn signals."

Post a reply to this message