10 years ago today: Bill Gates kicks arse over security Sunday marks the tenth anniversary of Bill Gates's trustworthy computing memo, which made securing applications from the ground up a key priority at Microsoft for the first time. The directive followed a period during which Redmond took a sustained shelling over the instability and insecurity of its software, especially in …
The security debate is necessary (and not that boring). What is boring is the vitriol and bile spewed out, the use of examples from years if not decades ago to make a point about the security position of a product now.
It appears to me that the windows product is trying to lock down the product without losing usability whereas the various Linuxes (Linii?) Are working at the same problem from the opposite direction. That movement benefits us all... The mindless namecalling just makes you look like a bedroom warrior and cheapens any valid points you may have
>> the windows product is trying to lock down the product without losing usability whereas the various Linuxes (Linii?)
1) On MS Windows there is still no central repository to conveniently and securely look for, install and update most applications.
2) Due to the MS Windows architecture, most updates require reboots.
3) Despite the Bill's memo 10 years ago, Windows is still teaming with malware dangers (see, e.g., the recent stuxnet, zeus, ramnit), so users are given the so called "anti-virus software" in lieu of proper security, this brings other troubles and inconveniences .
OK, where do you exactly see user-friendliness in all that?
>>1) On MS Windows there is still no central repository to conveniently and securely look for, install and update most applications.
Let's be honest here.
The Linux user needs a respository if he is not up to the challenge of compiling from source and resolving any remaining issues.
There is no such thing as a universal repository that works across all Linux distributions. That can be a beast for both the user and the developer.
There can and likely will be barriers to downloading and installing programs which aren't quite "free" enough to meet the geek's standard of purity.
The repository which offers the novice little more than a bare listing of applications and resources is pretty much useless.
_____
In his next breath, of course, the geek will whining about the "walled garden" of the app store and the platforms it serves.
>> 2) Due to the MS Windows architecture, most updates require reboots.
Not true in Windows 7.
Trust me on this one. Secunia's PSI tracks the OS and 191 programs on this machine, all up to date, and nary a reboot in sight.
_____
>> Windows is still teaming with malware dangers (see, e.g., the recent stuxnet, zeus, ramnit), so users are given the so called "anti-virus software" in lieu of proper security
The only Windows malware I see these days is the stuff which slips through Firefox's defenses and detected almost instantly by MSE.
It isn't often that malware can be traced back to a mainstream download site for Windows:
http://arstechnica.com/open-source/news/2011/03/malware-in-android-market-highlights-googles-vulnerability.ars
http://arstechnica.com/business/news/2011/12/google-pulls-22-malicious-android-apps-to-prevent-fraudulent-charges.ars?comments=1&start=0#comments-bar
> Let's be honest here.
That would be nice.
> The Linux user needs a respository if he is not up to the challenge
> of compiling from source and resolving any remaining issues.
This is not true.
There are many ways of obtaining software. The distro-supplied repo is inevitably the most convenient way, but far from the only one.
> There is no such thing as a universal repository that works across all Linux distributions.
Nor should there be. That would make all distributions homogenous - and that's exactly what we *don't* want.
There are, however, a couple of common formats, and tools to convert between them.
> There can and likely will be barriers to downloading and installing
> programs which aren't quite "free" enough to meet the geek's standard of purity.
Cobblers. That's simply untrue.
> The repository which offers the novice little more than a bare listing
> of applications and resources is pretty much useless.
I don't think any such repository exists. All the ones I've supply descriptions of each package in the metadata (which you necessarily get). Perhaps you'd like to give us an example of this mythical repo?
Vic.
Funny, I all ways felt that the worst mistake MS ever made was the Windows Registry and MS's failure to secure it properly. I can see a lot of use for a central repository, but allowing unrestricted access to it seems like a massive failure.
At least with Linux you have to be root before updating critical components.
re: The Registry.
Access to the Registry is controled by ACLs, by default it can only be edited by an Administrator level ID (other than the user specific HKCU). The granular nature of its ACLs means that individual settings can be allowed to be set globally by different groups/users, something which isn't possible in a conf file, where it's the whole file or nothing.
You can bar loading any tool which accesses the Registry for editing with a local or global policy, or allow users/groups access to bits that you want them to have, and not others.
Yes you are right, but...
The problem is the flawed windoze security model, and the way mickeysoft allows windoze to be managed. In XP the default set up is an administrator and an awful lot of standard packages expect admin privilege by default. Even when installing office some parts of MS office can be configured to install if required.
When MS adopted the “let the package install the software it needs approach”, it gave all security control to the package installers, installing and updating software should be an admin function, not a user function.
The place were I work at the moment is even worse, the server with all the installation software is wide open, if you want to install a piece of software, tell the admins you need a licence and install it your self!!!!!
>>Let's be honest here.
Exactly, no hypocrisy, please.
>>The Linux user needs a respository if he is not up to the challenge of compiling from source and resolving any remaining issues.
Well, not true. I can install source packages + to resolve all the issues on apt-based system I do:
su (sudo) aptitude build-dep whatever-pakage
on FreeBSD make clean install in the /et/ports dir and all dependencies are taken care of in the make script.
>>There is no such thing as a universal repository that works across all Linux distributions.
Let me ask, why would you need one universal repo? Maybe competition is good, not bad? Even IE9 is a much better product than it used to be thanks to FF,Chrome and others.
>>That can be a beast for both the user and the developer.
I do not think that you know what you're talking about. Compiling for a particular distro is not a big deal at all. Everything is free and open source.
Self-compilation just takes more time on older machines.
>>The only Windows malware I see these days is the stuff which slips through Firefox's defenses and detected almost instantly by MSE.
I can see it on friends PCs quite often including compromised accounts sending spam to me. Nothing slips through ff's defenses on my GNU/Linux. Maybe the system allowing infections is the culprit?
>>Not true in Windows 7.
>>Trust me on this one. Secunia's PSI tracks the OS and 191 programs on this machine, all up to date, and nary a reboot in sight.
Do IE9 updates need any reboots? According to the forums and one of the reg's recent article there will be an improvement on win 8, as it is still annoying for quite a few windows users: http://www.theregister.co.uk/2011/11/16/windows_8_auto_updates/
Modern Linux distributions such as Ubuntu are arguable much more easy-to-use when it comes to installing new software. Just go to the graphical respoistory interface, where you can browse a huge list of software. Mark what you want installed and then click "OK". That's it. All dependencies will be pulled automatically. That's much more convenient than the typical Windows installer program.
Then, the patching mechanism. In Ubuntu, it is a part of the operating system which performs *all* patching. Mostly without reboots. Not the funny collection of half-working and resource-hungry update programs you find on windows.
Regarding security in general, the Linux concept is transparent and effective - you normally run as non-root and switch to root to perform system administration tasks (such as installing sw or adding a user). On VISTA we had a braindead-concept of being nagged for the Admin password for each and every operation. Less convenient and in the end-result less secure than the Linux root concept.
More advanced security such as sandboxing or SE Linux indeed require some level of expertise *to set up*, though not necessarily to *use*. Using AppArmor, any Linux application can be secured against a malware attack, while the sandboxing of Windows seems to be either a third-party app (Sandboxie) or limited to a few applications such as IE8 or some Adobe products and Google Chrome. Windows apparently does not allow to prohibit applications the access to FAT file systems - one of these typical MS FAILs.
Again, Linux far ahead of Windows and certainly not more complex. Maybe you simply don't understand proper Unix security concepts and you should educate yourself before making silly statements ?
>>"Regarding security in general, the Linux concept is transparent and effective - you normally run as non-root and switch to root to perform system administration tasks (such as installing sw or adding a user). On VISTA we had a braindead-concept of being nagged for the Admin password for each and every operation. Less convenient and in the end-result less secure than the Linux root concept."
I accept that Vista prompted for elevated privileges too frequently - thankfully fixed for Win7 - but I'm genuinely finding it hard to distinguish between your description of Linux's "switch to root" and Windows "nagging for the admin password".
Seriously, what's the difference? To me they both read as the same process.
The standard process in linux is that you perform su -l root and then you have a root shell until you close that shell. You are prompted for the root password exactly once. It is similar when you perform certain administrative actions via Ubuntu GUI tools. VISTA would ask for the password again and again if you were not logged in as Administrator. And, you can easily remove yourself access to windows files and not even the Admin account allows you to even delete the file. What you must do then is to disable UAC and reboot. Simply Horrible.
If you use the Ubuntu "sudo" command, it will prompt for the admin user password once and cache that in that shell window for a short time, and that timeout will be restarted as soon as you enter a new sudo command. So you effectively type the admin password only once in most situations.
To clarify, it would be Linuxes or more accurately Linux distributions. Linii is just wrong on so many levels I don't know where to begin. Briefly, the word ends in -ux not -us, is not Latin, is genderless, and is a proper noun. Further, -ii isn't appropriate pluralisation in any language of which I am aware. Now then, repeat after me, octopuses, octopi, octopodes.
Yes, it's the one with the pedantic grammar nazi icon on the sleeve, why?
This post has been deleted by its author
I know stuffing sense into Brits when it comes to grammar is hopeless, since even English uni professors don't understand the fundamentals, but still:
-us -> -i
-i + -us ->i+i
I did not think we were talking about Linius ... as stated previously, I do not know a language that has a -ii for plurals, either.
Its like this: some people have every justification for spewing bile and vitriol. These people are often corporates who pay *millions* on Microsoft licensing every year and are getting fucking sick of it, see? Not just "bedroom warriors" as you pleased to naively put it. Although there are also a few individuals who are sick of Windows making their already busy lives a major pain in the arse with spy and malware, viruses and compromised data as well.
It isn't cheap name-calling at all. Now -- if you could be bothered to get your head out of your arse you would see that in comparison to other things, Windows, in spite of major security rethinks, over two decades has STILL got a security model that is horribly and needlessly compromised and opaque.
This isn't progress, no matter how hard *you* try to justify it.
Thankyou for making my point in a more eloquent fashion than I could. The tone of your comment and the 'pull your head out of your arse' comment has automatically made me less likely to trust what you have to say even though you may be a world reknowned expert on information security for all I know.
You misunderstood the 'bedroowm warrior' part by seeing that as an ad hominem when it was a plain appeal to improve the level of debate on this subject.
Nowhere do I endorse the windows security model and even contrast it by the more easily securable *nix (nothing is completely secure unless you remove the user from the equation), hell its better than it was but would you prefer to still have autorun by default, no prompts and checks about running install programs and wide open ports. Who in their right mind would?
Microsoft a security leader ? Since when ?
Okay, I'll admit that Windows 7 has a slightly different approach to kernel management than any other Microsoft OS ever made, but that does not change the fact that most driver installations still end up in a reboot of the PC.
Whatever Microsoft does with Windows won't change the fact that it's entire structure is a security hazard. UAC does not change the efficiency of rootkits, and anything that fools the user can turn the PC into a zombie.
Not to turn into a penguinista, but one has to admit that zombifying a Linux computer is a rather difficult proposition, next to the ease with which a Windows platform can be owned, as they say.
So no, sorry. It's not the noise you make that makes you a musician, and it's not the blaring PR coming out of Redmond that makes a leader in security. A leader in security is secure by design, and Windows is shot to pieces from the ground up on that subject.
But Windows is getting better, that I admit. Windows 7 is the best Windows I've had yet, and much more stable than XP was, even in its SP2 configuration.
XP is at SP3 btw, and has been stable for some time.
Regretably, many corporates still run XP/IE6 on older PC's so Redmonds security legacy is set to continue for a few years yet. It's not without some irony that the companies who should be on top of their security, are the ones using the least secure platform.
Thankfully, when they do upgrade, they'll probably go straight to 7/IE9 thus completely bypassing the Vista trainwreck. Small mercies, an' all that.
"and even a security leader, whose example other IT giants would do well to emulate."
Err, from where I sit, the landscape is pretty much unchanged. MS may well have improved its security, but so have "the others". The exodus to Linux continues, finally the CEOs who simply signed on Redmond's line for web services have woken up to the fact that there are more reliabel alternatives to IIS and as tablet computing pushes its way into offices and begins to replace the desktop, Redmonds grasp of control over the office is slipping.
As corporates make the move over to *nix based servers (which they are doing, in the droves) they are not doing it because they enjoy installing new software. Security is the driver and *nix still proves to be miles ahead of MS as it has for years and years.
My kids already prefer to use their smartphone or Kindle to access the web than the crusty old PC in the corner ... mostly because it is virus ridden and sprinkled in malware and adware.
I can only assume your "security leader" quote came from your advertising department ;)
The article is right in that MS has done a lot (though started with a pretty crap design for Windows+IE integrated), and that Adobe appears far worse now considering its code base must be a tiny fraction of Windows.
But I laughed at your comment "the crusty old PC in the corner ... mostly because it is virus ridden and sprinkled in malware and adware". Why are your family suffering that?
Any pro-Linux person should start by setting up computer(s) for family & friends, not giving the kids sudo, and then being *officially* allowed to be smug in such debates.
...when did Adobe get to import masses of userspace code into the kernel, Microsofts ongoing huge mistake? A mistake founded on their continuing preference for screwing competitors over looking after customer security, accompanied by an unjustified belief in the quality of the their own code.
What Adobe tells us though is you don't even need the special privileges Microsoft give their own userspace software to break a Windows system, Adobe may be shite but security failures in their shitware are also failures in the underlying OS.
Windows is still based on adding security to a fundamentally unsecured OS, this is security by moving target. If only the snipers weren't quicker than Microsoft.
>>Windows is still based on adding security to a fundamentally unsecured OS, this is security by moving target. If only the snipers weren't quicker than Microsoft.
Exactly, well formulated! No matter what that 10-year old memo said, it must have been flawed. Things haven't been changed. For Windows security people still rely on antivirus software due to the deficit of the said security in the OS's design.
Please get over you dislike of AV software, there is AV for linux and likely you'll be needing it more as linux gets more popular. Also AV on PCs takes up some of the role of systems like SE linux, monitoring and preventing access or changes to certain files.
As for "things haven't changed", yet again, you give yourself away as not knowing about Windows, much has changed, UAC, the default disabled admin account, runas, generally forcing developers to behave better and not code for Admin accounts, just to scratch the surface.
Incidentally, this morning I setup a RHEL 6 server and it didn't stop me logging onto the GUI or via ssh with root. IIRC as I'm mainly a Red Hat based Linux user: Ubuntu doesn't allow users to run as root, but the default user is so close to root that it makes no odds, very much like MacOS.
>>there is AV for linux
it is designed to either "treat" dual-boot (or off the live media) WINDOWS PCs or a (mail) server filtering and handing to stuff for Windows clients
>>ikely you'll be needing it more as linux gets more popular.
There more non-Windows web and mail servers that are accessible to the Internet. So according to your logic, there should be some infections happening right now. Where is it? Android infrastructure malware is the result of voluntary installation of the said malware, not visiting "infected websites", inserting an infected SD or getting through RPC network.
On the other hand, the idea to contract an infection and then only try to fight it with some obscure means rather than follow the transparent preventive technology is FLAWED.
How does your AV finds that a PC is infected? What about false negative or false positive?
>> I setup a RHEL 6 server and it didn't stop me logging onto the GUI or via ssh with root.
Well you must've allowed it yourself by editing gdm/kdm or whatever in /etc/pam.d/, right? Since the default is not to allow graphical root sessions. I agree root should be listed in the DenyUsers variable by default. I kept it on my FreeBSD. sshd is not running/installed itself by default though
>>Ubuntu doesn't allow users to run as root, but the default user is so close to root that it makes no odds
???? what are you're trying to say here? default user has to enter his/her password for every admin job. There is no way to run a script for it without knowing the users password. As far as ssh is concerned it takes harder to guess the users name through pam, if ,e.g., you user name is not "mike" or "john"
You have to remember the human factor.
Offering free smilies or sample videos on a site should sound alarm bells. Receiving emails from Dr Koomba Arimba of the Nigerian Central Bank (Agent Todd McBright from the FBI) offering to send you money via an ATM card should also send people running to the hills.
But they don't run to the hills, a small proportion are duped.
Build an OS that doesn't use Admin as the default login and that enforces correct permissions and data separation would go a long way to removing the GUM from the problem.
Trouble is the GUM have a voice through their buying power and if they don't like being told that they can't do something because it's dangerous they will go elsewhere where they can.
Microsoft have unfortunately been hoisted by their own petard and have to match the expectation of a non technical public while trying to provide a secure environment.
I recently installed Windows 7 on a new self built PC. When I went to get the updates I started a process that took hours and reboot after reboot. Patches on top of patches on top of patches.
Then when I'd got them all applied and disabled all auto patching because I want to select when I get them, it started downloaded more behind my back.
Sorry Microsoft this is a total failure of design or should I say 'what design?'
Other Operating systems don't put you through this torture. Is it any wonder that many people don't apply any patches at all?
you had a change with Windows 7 to simplify the whole process. You didn't for that you get a FAIL.
Must try harder.
"Then when I'd got them all applied and disabled all auto patching because I want to select when I get them, it started downloaded more behind my back."
You want to learn how to disable all auto patching then. Try reading what's on the screen when it offers the choice of "download and notify" versus "just notify" versus "none". Unless you've already been rooted, the very last of these most certainly doesn't carry on downloading stuff.
"Other Operating systems don't put you through this torture. Is it any wonder that many people don't apply any patches at all?"
Really? You try installing a Linux distro from the same era as the initial Win7 release. You'll get *lots* of patches offered, including kernel updates that require a reboot, only to be followed by fresh app updates now "unblocked" because the kernel has gone in. Depending on your distro, you'll also be offered a major distro upgrade or two, which aren't the default option. If you are unfortunate enough to use Ubuntu, you'll find that you can't do a distro update to the very latest in a single jump. You'll need at least two steps.
Microsoft *do* suck, but advocates of rival operating systems need to get their facts right if they want to be taken seriously.
Well, I do use a Linux Distro that predates Windows 7. RHEL 5 to be exact.
Yes there are lots of patches if I install from the 5.0 ISO's. If I use the 5.7 ones there are an awful lot less.
So what if there are lots of patches. One download operation. One patch application and one reboot.
Job done!
Yes I did disable all (well as many as I could) the options to stop any more patches from being downloaded. This included a registry hack as well. IT still didn't stop it.
But why are they telling me that yep, you have downloaded all the patches then an hour or so later there are suddenly more. They were not new ones by any measure.
Finally, what sensible company designs a system that by default causes you to save your work so that the OS can reboot to apply the patches it has just downloaded?
What if you are away from the PC for a couple of minutes. Bang you have lost your work.
Sorry. There is no other word to descride their patching system but FAIL. FAIL and thrice FAIL.
Paris because even she wouldn't put up with this mess.
> You try installing a Linux distro from the same era as the initial Win7 release.
I do that regularly.
> You'll get *lots* of patches offered
Indeed. And updating them really isn't a big deal.
> including kernel updates that require a reboot
Kernel updates are one of the few things that really *do*require a reboot, unless you're using ksplice (which I don't).
But Windows requires reboots for far more than kernel updates...
> only to be followed by fresh app updates now "unblocked" because the kernel has gone in
Got any references for that? Because it seems remarkably untrue, by my experience.
Vic.
Ken, you seem to be unfamiliar with GNU/Linux, because
>>You'll get *lots* of patches offered, including kernel updates that require a reboot
Far from being true if you do NOT compile kernels from source, where you do apply multiple patches to get from, say rc1 to rc5, or even revert some previous patches.
Otherwise, binary upgrade will bring you from 2.6.3*-*-generic to 2.6.35-31-generic in one step + whatever other other updates are available. This all will require one reboot for the kernel update. You can install a bunch of other kernel versions too.
>>If you are unfortunate enough to use Ubuntu, you'll find that you can't do a distro update to the very latest in a single jump. You'll need at least two steps.
In that case you're still more fortunate than using MS Windows. You can upgrade free of charge and pain, with LTS you can skip two (4 ) versions until next LTS is available. You can place your all data to an external /home dir and fresh install (would take about 15 mins)
Yep, I'd agree with all that too.
I get annoyed by Linuxes. I've just freshly downloaded and installed Linux Mint (yep, I sit on both sides of the fence). First thing it did was insist on fetching 258MB of patches. So why couldn't they keep the original download up to date and stop wasting my time and their expensive bandwidth?
Where MS do quite well in my opinion is that they differentiate between updates that are security related and those that are just improvements. Linuxes don't, at least not obviously so in Update Manager. The result is that Linuxes get patched an awful lot more mostly because the original distro apparently wasn't a finished polished product.
BTW does anyone know yet how the hacker who breached kernel.org a while back managed to get root privileges escalation? We all know that the source code for the kernel wasn't affected (phew!). But the implication is that there is still a way of getting root privileges that only the hacker knows about. That ought to be a worry for every Linux user out there.
I agree with you about functionality change in linux popping in at updates - I have had my MythTV system (two frontends, one backend, running on different linuxes) completely kacked up on more than one occasion because the backend updated, changed the protocol before the distro that the frontends work on had been updated to the new version. I now no longer update them.
> So why couldn't they keep the original download up to date and stop wasting my time and their expensive bandwidth?
The original download is a versioned version of that linux distribution (for example Ubuntu 11.10) so if they changed the original distribution then they would have to change the version number.
> First thing it did was insist on fetching 258MB of patches.
As opposed to the last time I installed a version of windows. It insisted on:
1) Updating the updater followed by a reboot.
2) Installing patches (multiple times) followed by a reboot
3) Installing service pack followed by a reboot
4) Updating the updater followed by a reboot.
5) Installing patches followed by a reboot.
Unfortunately I have to install a version of Windows 7 this week so I'll see if there has been any improvement.
> BTW does anyone know yet how the hacker who breached kernel.org a while back managed to get root privileges escalation?
Did he get root privileges? I thought he just gained access by compromising one of the kernel maintainer's computers (which was running a version of windows) and grabbing his user name and password for kernel.org. This gave him enough privileges to do what he wanted.
I decided to move my install of Windows 7 Premium forward just to see how it has changed:
Half way through the install the installer decided it needed a reboot (#1) before it could continue.
At the end of the install it rebooted (#2).
Installed updates (194Mb). At the start of the update I had to agree to a license which I did and then left it running. Came back later to find it had stopped before installing all of the patches and was waiting for me to make a decision about IE9. Made my decision and left it to complete the update. After the update it rebooted (#3)
Checked for update and there were 7 available so installed these (estimated size between 76Mb and 450Mb!!) and rebooted (#4).
Checked for updates and there was another 7 (different from previous 7) so installed them (size 22.6Mb) followed by another reboot (#5)
Checked for updates and there was 1 available so installed it (28.8Mb). No reboot needed!!!
Checked for updates and there was 6 available (wtf!!) so installed them (76.2Mb). No reboot needed!!!
Checked for updates and it is up to date.
So far there has been 5 reboots and 5 different lots of updates installed, totalling between 400 and 770Mb.
I have yet to install any anti virus or office software.
Someone seems to have missed the point, by a country mile.
The only people whose security MS really care about are the content providers and their pigopolist (Andrew's term, if I remember rightly) friends in the media business.
As long as Windows appears to prevent unauthorised access to their extremely valuable content, as long as security by obscurity provides an illusion of impenetrable end to end encryption for the 'content' between disk and screen, security of the users (and even of the IT departments) is a secondary consideration.
The rest you must work out for yourself.
The main reason blackhats are targeting adobe acrobat/flash these days more than they target IE is down to market share more than anything...
While no single browser has more than 50% market share, flash and acrobat are still installed on over 90% of machines making them prime targets.
Microsoft is by no means a "security leader", they still have by far and away the most insecure os currently available (not counting intentionally insecure systems used for training like dvl)...
Windows still has some major design flaws which impact security too, the file locking design and by extension the broken patching system (patches often appear installed, even if part of the install has failed), the crude file extension determine filetype (and executability) mechanism especially combined with hiding extensions by default, the ability to authenticate using password hashes directly, the default listening services (even on a standalone workstation) plus the practice of hiding these behind a software firewall rather than turning them off..
Then you have all the bloat required to support such an ageing patchwork codebase, plus all the additional crufty ways they try to work around the old design flaws, such as the fake registry and filesystems used to trick programs that expect to be installed/used as an admin user etc..
MS are stuck with a horrendous mess of a product, and no matter how much they try to polish it it's still going to be a turd... They'll never be a security leader until they ditch all the legacy cruft and start again from scratch.
"Trustworthy computing" turns out to mean adding cryptographic signatures everywhere, down to bootloaders. With added "security" chips everywhere. It doesn't do much for security --cue malware signed by governments-- but instead it sees use for shutting out the competition, taking away control from owners of the hardware, that sort of thing. Where they're still insisting UEFI isn't gonna do that, honest (except that it will) they wrote it right into the windows8-on-arm spec. And still industry watchers haven't caught on to the trend.
The only "security" redmond knows and understands is taking everyone else in a headlock in return for ever more money. In that they're very reliably predictable. But presenting it as anything that would benefit anyone but them, is more than a bit disingenious.
These johnny-come-latelies only deserve massive demerits for being inexcusably tardy with their feeble "security initiatives". There, too, they've never exceeded the cringeworthy lows comparable to their "get the facts" campaigns. Then again, this is a bit of a troll by a fanboi, but so poorly done one might think the writer actually believes his own tripe. I've seen better.
"The only "security" redmond knows and understands is taking everyone else in a headlock in return for ever more money."
Too true. Microsoft are like the worst kind of "the terrorists will win!" propagandists when it comes to appealing to people's fears purely to stitch things up for their own benefit.
This article really seems to have been a case of money well spent by Microsoft. But the world has become more sophisticated: nobody buys into "unicorns and rainbows" self-congratulatory "news" pieces any more.
Something the most ardent Linux or MacOS supporter will have to agree on, is that the “Trustworthy Computing Initiative” saved Microsoft. Ten years ago Microsoft’s march into the Datacentre was stopped in its tracks with IIS & RPC wide-open attack surfaces laughably poor in the internet age. The desktop was even worse when a laptop exposed naked to the internet could catch a virus that could have down a global network.
To come out and say “our products suck; we know how serious it is; but we’re going to fix it before anybody can steal our bacon” is brave, bold.. and evidently worked because the hot topic for desktop migration is Window7 and not Linux. Gates did not do the weasel thing and blame the DCE RPC stack they’d ported from Unix.. but took it on the chin.. we should all commend them on that.
The initiative didn’t stop at network security, it included dumbing down Office Automation (on .NET replacement for VBA.. with further safety options) and raining in .NET web-start.. leading to the imminent open-sourcing of .NET to help Azure.
We’ve all got used to a chastened Microsoft, and many lament the lack of downfall, but survival is the most remarkable thing about the tenth anniversary.
It is very interesting to see that even British journalism falls for American Corporate propaganda messaging, if it is just nicely, powerful worded. "Rah-Rah" should be a term everbody knows in the Anglo World.
Mr Gates is indeed very good in inventing nicely sounding terms such as "Security Development Lifecycle". But that is much more words than substance. Just about a year ago it was discovered that Windows contained 20-year-old code for parsing icon images. That code was executed inside the kernel, had several buffer overflows and was actively used to infect systems with malware.
If Microsoft were really serious about security, they would first prohibit the normal operations of a PC in Admin mode, or at least they would discourage users to do so via various technical measures. They would try to educate users about the Admin-user risk.
Then, they would innovate in the programming language aspect, as C++ based buffer overrruns and bad pointers are not god-given, rather they are and artifact of C and C++. There are ways to systematically avoid these threats without sacrificing much performance, but that would be serious actiona, not just propaganda.
If you'll look at MacOS or Ubuntu, you'll find that the default user created is in fact the same, that is: Someone who can elevate their own privileges subject to a prompt.
As for being able to login at root or admin by default - This is always a bad thing to be available as a default setting, enable it by manual admin intervention if required, ok, but not as default.
had windows 7 for about 2 years now never had a problem with it never had any malware and the updates only come into play when i shut down the pc it takes a little longer to shut down so what, I never get a banner tell me I need to restart my pc and for the average 400 million windows 7 customers who turn of they pc's and laptops every day updating its not a problem
when you compare win7 with XP there's no comparison, win 7 is vastly more secure than xp and I'm guessing win 8 will be even more secure than win 7, that fact is if you want windows to be fully secure you would have to give over full control of you system to Microsoft like people already do when using ios devices.
Seriously, the other day, windows wanted to install some updates, I clicked "Ok". Some time later, Windows came back with "You need to restart to complete the installation of updates." I chose to postpone by 4 hours (the maximum I could choose), after 4 hours, the thing came up again, so, again, I chose to postpone for 4 more hours .... 4 hours later my system rebooted without further notice !!! Yes, this is windows 7.
I would "expect" a message saying "System going down for maintenance in 1minute", like I see on Unix, but no .... I lost some work that time ...
"Why on earth do people whine about having to reboot once a frigging week (at most)?"
No, the whine is that it rebooted WITHOUT his permission or notification.
After all of the debates and pros and cons of OS, my vote always goes for Linux because *I* can decide what it can and can't do, even if that choice is dumb, it is still *my* choice.
In comparison to the two companies mentioned. Apple has always had piss poor security, but no one bothers to target them because their install base is so small. It's all very well saying Microsoft should redesign Windows from the ground up, but they aren't in Apple's position where only a handful of people will get pissed off if legacy software breaks. And you try explaining to an end user why his Windows has suddenly changed for "security". The average user is an ignorant, arrogant moron who thinks knowing how a computer works means they will get less sex.
At least MacOS X clearly differentiaties between Admin (root) mode and normal user mode. Whatever the circumstances are, Apple has managed to get normal users adopt a proper security model, while MS still thinks people are too stupid for that.
And your explanations are rather weak, by the way.
You don't know much about Windows post XP, you keep making assertions about Windows that are plain wrong. Windows has not allowed logon by Admin account since XP, Windows has had a system similar to sudo or the Mac OS "enter the password for admin access for this program" since this time too.
While Windows does ship with the admin account disabled, it does (by default) create an account with Admin rights on first install.
As for UAC, it's similar to Sudo, but not the same. Sudo requires an admin to enter his or her password (and optionally user id). In the case of the OSX GUI it's also process specific. As such it's relatively safe to leave the mac unattended even if it is logged in with an admin account (although that is something I never do and would not recommend).
UAC, on the other hand, is not as secure. If you are logged in with a normal user account, UAC functions the same way as Sudo does. If you are logged in with admin rights, it just asks you to press a button to confirm what you've just asked it to do.
And yes, I have extensive experience of Windows 7 and OSX.
In my experience, the underlying security of a computer is determined <10% by the OS and >90% by how it's configured. I've encountered very secure Microsoft servers and Unix/Linux setups that would make a grown man weep and rend his garment.
Security is always a trade-off, mostly against performance and usability. There have been attempts to build an OS with security built in (e.g. Multics), but they are rarely encountered in everyday use because they're too slow and harder to use/program.
The real problem with Windows (10 years ago, when BillG was writing and Windows 2000 was shiny and new) was that ease of installation had been prioritised. Every possible service was enabled by default. You could train a chimp to insert a CD and hit the 'return' key repeatedly and you would end up with a (barely) working system, but a very insecure system. Linux at that time was far more demanding. You needed to have a significant clue about the configuration of the hardware and how various IP protocols work if you were to have any chance of successful setup.
Today things have moved on to the point where repeating the chimp experiment with a 2008 Server disk would produce a reasonably* secure system. Most services are disabled by default, which means more work when you want to add a new service, but a more secure system. Linux distributors, meanwhile, have been putting work into simplifying the installation process of their various flavours, though I still think it's more demanding than Windows and I think they intend to keep it that way. The more 'security conscious' the Linux distribution, the more they disdain this simplification process.
Of course, these days most vulnerabilities are in apps rather than the underlying OS. And users lacking even a modicum of security awareness are an even greater threat (and always will be).
* Good enough for many normal commercial purposes, though I wouldn't recommend it for MI6 to hold their Agents database or an EFT system for a bank.
Working on a clients PC, finally after hours if frustration I figured out why it wouldn't start. I left it to do some work onsite. After arriving back I was horrified to find that the cat got into my workshop. Not only that but it curled up asleep on the keyboard of the machine I had been working on, and left a win7 installation disk in.
Yup Installed a fresh copy of window 7. Thankfully I clone systems before I work on them.
An earlier poster though the issue with windows security is the registry. This is so true
THE WINDOWS REGISTRY IS TO BLAME!
THE WINDOWS REGISTRY IS TO BLAME!
THE WINDOWS REGISTRY IS TO BLAME!
100's of types of possible entry types that are used in startup. Debugging entries that allow you to replace any program with another seemlesly.
BY DEFAULT THERE IS NO SECURITY ON THIS DATABASE
TOOLS EXIST FOR RAW ACCESS BYPASSING ALL MS SECURITY PERMISSIONS
Wrong on all counts.
By default the Registry is only editable by admins, and has its ACLs setup so that non-admin users can only edit their own portions of the registry.
How do you propose replacing system files which are locked for the whole time the computer is running, if they aren't done at boot/preboot time? This is allowed, controlled by the registry but can only be set if ACLs allow.
The registry cannot be edited by anything, if the "don't allow registry editing tools" policy is set.
The registry cannot be edited by non-MS tools (short of booting outside of Windows) unless the ACLs have been specifically setup to allow editing.
1. My cat did install a fresh copy by sleeping on the keyboard
2. Yes you can tighten up security on a windows machine, but the low hanging fruit is the registry.
Get access to any of the entries used in the startup, and its game over. With a home machine that's a given. UAC might protect you, its not like any malware authors will pay the $100 to MS to get their software signed, when there's signed stuff that is exploitable. At least with other systems they have independent config files, with the security of each of the files easily checked.
3. The Byzantine nature of the registry, means you have nice little entries like HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\debugger wich allows you to transparently replace any executable with any other. FUN! Oh and I lost count at the types of entries that could be used to deploy hostile payloads in the startup, it was something close to 100 types.
4. A secure windows machine HAS to have the registry tightly controlled for the above reasons, it also must have the backup services tightly controlled. I've got nice little scripts to make rsync work properly on windows, it uses the Volume Shadow Copy service. It will happily read ANY file in use.
5. I also have code that will read and edit any registry type file. Its python code and I believe it will work equally well on a windows machine as to the linux where I use the system.
6. Oh that policy setting, last time I looked simply disables the registry editor. Whilst it is part of securing a system, you have to do much more than that.
7. Sure yes I do repair windows systems using a linux based DHCP boot, so yes I get into it by offline booting, as they say "if you have physical access". Mind you that's likely to change with "secure boot". The first virus that infects an ARM unit will be fun!
When I'm fixing systems I would guess that 80% can be fixed with registry editing the rest some file has been corrupted, normally a driver.
Ever seen, on a home machine, a program to set the security ACLs on registry entries?
My beef is that the registry is used for EVERYTHING "One config file to rule them all! ...and in darkness bind them!"
Operating Systems are not our worry, we patch OS until we are blue in the face and we only secure less than 20% of the problems out there. 3rd Party is the biggest security threat to our organization patch wise and it is lead by Adobe and Oracle with Oracle the most worry as they will not patch publicly known vulnerabilities a multiple years later down the road. They swallowed too much than they can handle and seem to have no staffing on security patching of any of their code bases. That's what I lose sleep over, not Widows or OS X.
Do you really believe windows is less secure? I dont.
Have you compared the source code for some random ms exploit vs one for linux/unix ? Or do you just inanely blabble on about how insecure microsoft software is without any evidence?
I've not seen anything 'new' or 'exciting' on linux since they "introuced" aslr and noexec stacks. How is that "moving faster" than microsoft?
The complexity for windows exploits is WAY higher than is required on linux. And I mean; really. The reason there are more of them, is certainly not because it's an easier target - it's not; but because it's an immensely more profitable one.
And how many of the these exploits are actually for microsoft software instead of something that runs atop its operating system?
Apart from proper practices (never running as root to perform regular operations), Linux does have at least two advanced security systems:
AppArmor
and
SE Linux.
Both are a kind of generalized sandboxing technology, which MS still does not provide for Windows. In addition to that open source has a very good track record of security, because the software authors cannot easily hide stinking heaps of insecure code.
You confuse level of activity with level of security.
A UNIX inspired system is secure by design, failures are almost all implementation errors, fixing them doesn't break user apps (unless they were already broken). With a working security model there's simple less work to be done. Adding mitigation support like address randomisation and noexec blocks is a failsafe, not primary security, something wise to do but secondary.
Windows started as a deliberately insecure system that has accreted layer after layer of bolted on security and individual hole patches. It's hardly surprising there's more visible activity in the Win world, they're trying to patch their way to the position UNIX started at. Because they baked in the poor security design long ago every fix has a serious risk of breaking apps and brings ever more complexity (and fragility) to the shuddering heap.
The biggest problem MS have if that by defualt local users are made admins. Considering most home user will have only one account created during the OOBE. Even with UAC changes happen to the registry and file system usually due to social engineering and malware living the internet cache. Just provide a password prompt and details of what the program is doing. Link it with a database of dodgy exes (like ie9 does with downloads) to make user think before installing that virus checker that came up on a banner which they've never heard of.
>>No, only the FIRST user, created during the installation, is an admin (with quite some similarity to the root account on Linux).
Absolutely not true about the Linux and *BSD.
As far as Ubuntu is concerned, it uses sudo, no root account is active (directly root is not allowed to login). To elevate privileges one has to enter his/her user password (if you're in the admin group by default in /etc/sudoers). Any attempt without sudo to do it will produce "you do not have permissions....." or similar. Is it the same on Windows?
On the systems, such as Fedora, Debia, FreeBSD with activated root account you have to specifically create passwords for both root and your own account. You can disable the root getting yourself a sudo configuring /etc/sudoers file as above.
MS gets lots of malware just as Ford's escorts and such are easy to steal, because there's lots of them and people are blase about security.
If you spent time writing an OS2 virus it'd be wasted just to infect 10 users, why not pick the mass and more will get through.
Fast as MS secures, better virus and malware arrive, chicken and egg, always will be.
DEA have the same, you only find the drug smugglers latest way when you actuallly catch one, until then you are unaware......you cant write an AV software for a virus that has yet to be created and once found there is the product lifecycle or would people rather it be let out before testing ?
And to the "if you ran Linux crowd", I have 70 share traders here who have enough problems remembering their usernames, let alone teaching them software that isnt idiot's level
Windows is not THAT bad nowadays. In fact a well maintained, patched windows system is no more at risk than a similar Linux box. With one Caveat...
I know my way around windows, I'm not an idiot, I dont click things I shouldnt, I run a sensible AV package and periodically scan my PCs. I've yet to get seriously burnt. I do run *nix machines too and I can report a similar result there. I'll bet pretty much every el reg readr can concur with this, nothing too controversial.
But I'm what most people would call a professional or power user.....
My customers on the other hand, are at worst, complete oiks online and no matter what I put on their Windows boxen they will invariably come back in six months time, infested. And therein lies the rub. Windows security HAS gotten a hell of a lot of better. But the amount of low hanging fruit for malware attacks, bait and switch, trojans etc has exponentially increased. When Code Red tore through the net there wernt that many homes that had always on broadband, a handfull of PCs and sproglets causing merry hell on Facebook. Granny wasnt online and your parents would sit in front of corrie all night. These people dont know all the tricks, tips and above all, common sense aproaches you and I do. Hobbling them with an incredibly restrictive *nix install wont work. They'll turn everything they can off or get 'bob' round the corner to put his bootleg XP Vol licence on it.
The OS vs OS thing is becoming more moot than ever as I'm now seeing home users on *nix too and they are having the same issues. So having fixed this hurdle maybe we really now start to look at education.
Its a bit like giving your grandma an 18 wheeler truck and telling her to go play in the traffic and HOPE no one gets seriously hurt. Your average Joe Net User has about the same hope online.
This post has been deleted by its author
This post has been deleted by its author
MS security policy is a bit like ford saying here is a new easy to drive car - just don't bother with the middle pedal ( or the one on the left in the US)
Its fine when you're just going around an empty car park but twenty-two years ago the internet took off and now we're all out playing on the roads.
Sorry - you're gonna have to learn how to use the middle pedal or get a chauffeur.
I'll admit Microsoft has gotten a lot better about security (and yes, certain other big names in the field would do well to follow their lead), but a leader in security they are not. Only a fool trusts Windows to play without antivirus and some sort of firewall.
Then again, I run antivirus even on my print server running Debian that's cut off from the internet, so maybe I'm just paranoid.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
