10 years ago today: Bill Gates kicks arse over security Sunday marks the tenth anniversary of Bill Gates's trustworthy computing memo, which made securing applications from the ground up a key priority at Microsoft for the first time. The directive followed a period during which Redmond took a sustained shelling over the instability and insecurity of its software, especially in …
The security debate is necessary (and not that boring). What is boring is the vitriol and bile spewed out, the use of examples from years if not decades ago to make a point about the security position of a product now.
It appears to me that the windows product is trying to lock down the product without losing usability whereas the various Linuxes (Linii?) Are working at the same problem from the opposite direction. That movement benefits us all... The mindless namecalling just makes you look like a bedroom warrior and cheapens any valid points you may have
>> the windows product is trying to lock down the product without losing usability whereas the various Linuxes (Linii?)
1) On MS Windows there is still no central repository to conveniently and securely look for, install and update most applications.
2) Due to the MS Windows architecture, most updates require reboots.
3) Despite the Bill's memo 10 years ago, Windows is still teaming with malware dangers (see, e.g., the recent stuxnet, zeus, ramnit), so users are given the so called "anti-virus software" in lieu of proper security, this brings other troubles and inconveniences .
OK, where do you exactly see user-friendliness in all that?
>>1) On MS Windows there is still no central repository to conveniently and securely look for, install and update most applications.
Let's be honest here.
The Linux user needs a respository if he is not up to the challenge of compiling from source and resolving any remaining issues.
There is no such thing as a universal repository that works across all Linux distributions. That can be a beast for both the user and the developer.
There can and likely will be barriers to downloading and installing programs which aren't quite "free" enough to meet the geek's standard of purity.
The repository which offers the novice little more than a bare listing of applications and resources is pretty much useless.
_____
In his next breath, of course, the geek will whining about the "walled garden" of the app store and the platforms it serves.
>> 2) Due to the MS Windows architecture, most updates require reboots.
Not true in Windows 7.
Trust me on this one. Secunia's PSI tracks the OS and 191 programs on this machine, all up to date, and nary a reboot in sight.
_____
>> Windows is still teaming with malware dangers (see, e.g., the recent stuxnet, zeus, ramnit), so users are given the so called "anti-virus software" in lieu of proper security
The only Windows malware I see these days is the stuff which slips through Firefox's defenses and detected almost instantly by MSE.
It isn't often that malware can be traced back to a mainstream download site for Windows:
http://arstechnica.com/open-source/news/2011/03/malware-in-android-market-highlights-googles-vulnerability.ars
http://arstechnica.com/business/news/2011/12/google-pulls-22-malicious-android-apps-to-prevent-fraudulent-charges.ars?comments=1&start=0#comments-bar
> Let's be honest here.
That would be nice.
> The Linux user needs a respository if he is not up to the challenge
> of compiling from source and resolving any remaining issues.
This is not true.
There are many ways of obtaining software. The distro-supplied repo is inevitably the most convenient way, but far from the only one.
> There is no such thing as a universal repository that works across all Linux distributions.
Nor should there be. That would make all distributions homogenous - and that's exactly what we *don't* want.
There are, however, a couple of common formats, and tools to convert between them.
> There can and likely will be barriers to downloading and installing
> programs which aren't quite "free" enough to meet the geek's standard of purity.
Cobblers. That's simply untrue.
> The repository which offers the novice little more than a bare listing
> of applications and resources is pretty much useless.
I don't think any such repository exists. All the ones I've supply descriptions of each package in the metadata (which you necessarily get). Perhaps you'd like to give us an example of this mythical repo?
Vic.
Funny, I all ways felt that the worst mistake MS ever made was the Windows Registry and MS's failure to secure it properly. I can see a lot of use for a central repository, but allowing unrestricted access to it seems like a massive failure.
At least with Linux you have to be root before updating critical components.
re: The Registry.
Access to the Registry is controled by ACLs, by default it can only be edited by an Administrator level ID (other than the user specific HKCU). The granular nature of its ACLs means that individual settings can be allowed to be set globally by different groups/users, something which isn't possible in a conf file, where it's the whole file or nothing.
You can bar loading any tool which accesses the Registry for editing with a local or global policy, or allow users/groups access to bits that you want them to have, and not others.
Yes you are right, but...
The problem is the flawed windoze security model, and the way mickeysoft allows windoze to be managed. In XP the default set up is an administrator and an awful lot of standard packages expect admin privilege by default. Even when installing office some parts of MS office can be configured to install if required.
When MS adopted the “let the package install the software it needs approach”, it gave all security control to the package installers, installing and updating software should be an admin function, not a user function.
The place were I work at the moment is even worse, the server with all the installation software is wide open, if you want to install a piece of software, tell the admins you need a licence and install it your self!!!!!
>>Let's be honest here.
Exactly, no hypocrisy, please.
>>The Linux user needs a respository if he is not up to the challenge of compiling from source and resolving any remaining issues.
Well, not true. I can install source packages + to resolve all the issues on apt-based system I do:
su (sudo) aptitude build-dep whatever-pakage
on FreeBSD make clean install in the /et/ports dir and all dependencies are taken care of in the make script.
>>There is no such thing as a universal repository that works across all Linux distributions.
Let me ask, why would you need one universal repo? Maybe competition is good, not bad? Even IE9 is a much better product than it used to be thanks to FF,Chrome and others.
>>That can be a beast for both the user and the developer.
I do not think that you know what you're talking about. Compiling for a particular distro is not a big deal at all. Everything is free and open source.
Self-compilation just takes more time on older machines.
>>The only Windows malware I see these days is the stuff which slips through Firefox's defenses and detected almost instantly by MSE.
I can see it on friends PCs quite often including compromised accounts sending spam to me. Nothing slips through ff's defenses on my GNU/Linux. Maybe the system allowing infections is the culprit?
>>Not true in Windows 7.
>>Trust me on this one. Secunia's PSI tracks the OS and 191 programs on this machine, all up to date, and nary a reboot in sight.
Do IE9 updates need any reboots? According to the forums and one of the reg's recent article there will be an improvement on win 8, as it is still annoying for quite a few windows users: http://www.theregister.co.uk/2011/11/16/windows_8_auto_updates/
Modern Linux distributions such as Ubuntu are arguable much more easy-to-use when it comes to installing new software. Just go to the graphical respoistory interface, where you can browse a huge list of software. Mark what you want installed and then click "OK". That's it. All dependencies will be pulled automatically. That's much more convenient than the typical Windows installer program.
Then, the patching mechanism. In Ubuntu, it is a part of the operating system which performs *all* patching. Mostly without reboots. Not the funny collection of half-working and resource-hungry update programs you find on windows.
Regarding security in general, the Linux concept is transparent and effective - you normally run as non-root and switch to root to perform system administration tasks (such as installing sw or adding a user). On VISTA we had a braindead-concept of being nagged for the Admin password for each and every operation. Less convenient and in the end-result less secure than the Linux root concept.
More advanced security such as sandboxing or SE Linux indeed require some level of expertise *to set up*, though not necessarily to *use*. Using AppArmor, any Linux application can be secured against a malware attack, while the sandboxing of Windows seems to be either a third-party app (Sandboxie) or limited to a few applications such as IE8 or some Adobe products and Google Chrome. Windows apparently does not allow to prohibit applications the access to FAT file systems - one of these typical MS FAILs.
Again, Linux far ahead of Windows and certainly not more complex. Maybe you simply don't understand proper Unix security concepts and you should educate yourself before making silly statements ?
>>"Regarding security in general, the Linux concept is transparent and effective - you normally run as non-root and switch to root to perform system administration tasks (such as installing sw or adding a user). On VISTA we had a braindead-concept of being nagged for the Admin password for each and every operation. Less convenient and in the end-result less secure than the Linux root concept."
I accept that Vista prompted for elevated privileges too frequently - thankfully fixed for Win7 - but I'm genuinely finding it hard to distinguish between your description of Linux's "switch to root" and Windows "nagging for the admin password".
Seriously, what's the difference? To me they both read as the same process.
The standard process in linux is that you perform su -l root and then you have a root shell until you close that shell. You are prompted for the root password exactly once. It is similar when you perform certain administrative actions via Ubuntu GUI tools. VISTA would ask for the password again and again if you were not logged in as Administrator. And, you can easily remove yourself access to windows files and not even the Admin account allows you to even delete the file. What you must do then is to disable UAC and reboot. Simply Horrible.
If you use the Ubuntu "sudo" command, it will prompt for the admin user password once and cache that in that shell window for a short time, and that timeout will be restarted as soon as you enter a new sudo command. So you effectively type the admin password only once in most situations.
To clarify, it would be Linuxes or more accurately Linux distributions. Linii is just wrong on so many levels I don't know where to begin. Briefly, the word ends in -ux not -us, is not Latin, is genderless, and is a proper noun. Further, -ii isn't appropriate pluralisation in any language of which I am aware. Now then, repeat after me, octopuses, octopi, octopodes.
Yes, it's the one with the pedantic grammar nazi icon on the sleeve, why?
This post has been deleted by its author
I know stuffing sense into Brits when it comes to grammar is hopeless, since even English uni professors don't understand the fundamentals, but still:
-us -> -i
-i + -us ->i+i
I did not think we were talking about Linius ... as stated previously, I do not know a language that has a -ii for plurals, either.
Its like this: some people have every justification for spewing bile and vitriol. These people are often corporates who pay *millions* on Microsoft licensing every year and are getting fucking sick of it, see? Not just "bedroom warriors" as you pleased to naively put it. Although there are also a few individuals who are sick of Windows making their already busy lives a major pain in the arse with spy and malware, viruses and compromised data as well.
It isn't cheap name-calling at all. Now -- if you could be bothered to get your head out of your arse you would see that in comparison to other things, Windows, in spite of major security rethinks, over two decades has STILL got a security model that is horribly and needlessly compromised and opaque.
This isn't progress, no matter how hard *you* try to justify it.
Thankyou for making my point in a more eloquent fashion than I could. The tone of your comment and the 'pull your head out of your arse' comment has automatically made me less likely to trust what you have to say even though you may be a world reknowned expert on information security for all I know.
You misunderstood the 'bedroowm warrior' part by seeing that as an ad hominem when it was a plain appeal to improve the level of debate on this subject.
Nowhere do I endorse the windows security model and even contrast it by the more easily securable *nix (nothing is completely secure unless you remove the user from the equation), hell its better than it was but would you prefer to still have autorun by default, no prompts and checks about running install programs and wide open ports. Who in their right mind would?
Microsoft a security leader ? Since when ?
Okay, I'll admit that Windows 7 has a slightly different approach to kernel management than any other Microsoft OS ever made, but that does not change the fact that most driver installations still end up in a reboot of the PC.
Whatever Microsoft does with Windows won't change the fact that it's entire structure is a security hazard. UAC does not change the efficiency of rootkits, and anything that fools the user can turn the PC into a zombie.
Not to turn into a penguinista, but one has to admit that zombifying a Linux computer is a rather difficult proposition, next to the ease with which a Windows platform can be owned, as they say.
So no, sorry. It's not the noise you make that makes you a musician, and it's not the blaring PR coming out of Redmond that makes a leader in security. A leader in security is secure by design, and Windows is shot to pieces from the ground up on that subject.
But Windows is getting better, that I admit. Windows 7 is the best Windows I've had yet, and much more stable than XP was, even in its SP2 configuration.
XP is at SP3 btw, and has been stable for some time.
Regretably, many corporates still run XP/IE6 on older PC's so Redmonds security legacy is set to continue for a few years yet. It's not without some irony that the companies who should be on top of their security, are the ones using the least secure platform.
Thankfully, when they do upgrade, they'll probably go straight to 7/IE9 thus completely bypassing the Vista trainwreck. Small mercies, an' all that.
"and even a security leader, whose example other IT giants would do well to emulate."
Err, from where I sit, the landscape is pretty much unchanged. MS may well have improved its security, but so have "the others". The exodus to Linux continues, finally the CEOs who simply signed on Redmond's line for web services have woken up to the fact that there are more reliabel alternatives to IIS and as tablet computing pushes its way into offices and begins to replace the desktop, Redmonds grasp of control over the office is slipping.
As corporates make the move over to *nix based servers (which they are doing, in the droves) they are not doing it because they enjoy installing new software. Security is the driver and *nix still proves to be miles ahead of MS as it has for years and years.
My kids already prefer to use their smartphone or Kindle to access the web than the crusty old PC in the corner ... mostly because it is virus ridden and sprinkled in malware and adware.
I can only assume your "security leader" quote came from your advertising department ;)
The article is right in that MS has done a lot (though started with a pretty crap design for Windows+IE integrated), and that Adobe appears far worse now considering its code base must be a tiny fraction of Windows.
But I laughed at your comment "the crusty old PC in the corner ... mostly because it is virus ridden and sprinkled in malware and adware". Why are your family suffering that?
Any pro-Linux person should start by setting up computer(s) for family & friends, not giving the kids sudo, and then being *officially* allowed to be smug in such debates.
...when did Adobe get to import masses of userspace code into the kernel, Microsofts ongoing huge mistake? A mistake founded on their continuing preference for screwing competitors over looking after customer security, accompanied by an unjustified belief in the quality of the their own code.
What Adobe tells us though is you don't even need the special privileges Microsoft give their own userspace software to break a Windows system, Adobe may be shite but security failures in their shitware are also failures in the underlying OS.
Windows is still based on adding security to a fundamentally unsecured OS, this is security by moving target. If only the snipers weren't quicker than Microsoft.
>>Windows is still based on adding security to a fundamentally unsecured OS, this is security by moving target. If only the snipers weren't quicker than Microsoft.
Exactly, well formulated! No matter what that 10-year old memo said, it must have been flawed. Things haven't been changed. For Windows security people still rely on antivirus software due to the deficit of the said security in the OS's design.
Please get over you dislike of AV software, there is AV for linux and likely you'll be needing it more as linux gets more popular. Also AV on PCs takes up some of the role of systems like SE linux, monitoring and preventing access or changes to certain files.
As for "things haven't changed", yet again, you give yourself away as not knowing about Windows, much has changed, UAC, the default disabled admin account, runas, generally forcing developers to behave better and not code for Admin accounts, just to scratch the surface.
Incidentally, this morning I setup a RHEL 6 server and it didn't stop me logging onto the GUI or via ssh with root. IIRC as I'm mainly a Red Hat based Linux user: Ubuntu doesn't allow users to run as root, but the default user is so close to root that it makes no odds, very much like MacOS.
>>there is AV for linux
it is designed to either "treat" dual-boot (or off the live media) WINDOWS PCs or a (mail) server filtering and handing to stuff for Windows clients
>>ikely you'll be needing it more as linux gets more popular.
There more non-Windows web and mail servers that are accessible to the Internet. So according to your logic, there should be some infections happening right now. Where is it? Android infrastructure malware is the result of voluntary installation of the said malware, not visiting "infected websites", inserting an infected SD or getting through RPC network.
On the other hand, the idea to contract an infection and then only try to fight it with some obscure means rather than follow the transparent preventive technology is FLAWED.
How does your AV finds that a PC is infected? What about false negative or false positive?
>> I setup a RHEL 6 server and it didn't stop me logging onto the GUI or via ssh with root.
Well you must've allowed it yourself by editing gdm/kdm or whatever in /etc/pam.d/, right? Since the default is not to allow graphical root sessions. I agree root should be listed in the DenyUsers variable by default. I kept it on my FreeBSD. sshd is not running/installed itself by default though
>>Ubuntu doesn't allow users to run as root, but the default user is so close to root that it makes no odds
???? what are you're trying to say here? default user has to enter his/her password for every admin job. There is no way to run a script for it without knowing the users password. As far as ssh is concerned it takes harder to guess the users name through pam, if ,e.g., you user name is not "mike" or "john"
You have to remember the human factor.
Offering free smilies or sample videos on a site should sound alarm bells. Receiving emails from Dr Koomba Arimba of the Nigerian Central Bank (Agent Todd McBright from the FBI) offering to send you money via an ATM card should also send people running to the hills.
But they don't run to the hills, a small proportion are duped.
Build an OS that doesn't use Admin as the default login and that enforces correct permissions and data separation would go a long way to removing the GUM from the problem.
Trouble is the GUM have a voice through their buying power and if they don't like being told that they can't do something because it's dangerous they will go elsewhere where they can.
Microsoft have unfortunately been hoisted by their own petard and have to match the expectation of a non technical public while trying to provide a secure environment.
I recently installed Windows 7 on a new self built PC. When I went to get the updates I started a process that took hours and reboot after reboot. Patches on top of patches on top of patches.
Then when I'd got them all applied and disabled all auto patching because I want to select when I get them, it started downloaded more behind my back.
Sorry Microsoft this is a total failure of design or should I say 'what design?'
Other Operating systems don't put you through this torture. Is it any wonder that many people don't apply any patches at all?
you had a change with Windows 7 to simplify the whole process. You didn't for that you get a FAIL.
Must try harder.
"Then when I'd got them all applied and disabled all auto patching because I want to select when I get them, it started downloaded more behind my back."
You want to learn how to disable all auto patching then. Try reading what's on the screen when it offers the choice of "download and notify" versus "just notify" versus "none". Unless you've already been rooted, the very last of these most certainly doesn't carry on downloading stuff.
"Other Operating systems don't put you through this torture. Is it any wonder that many people don't apply any patches at all?"
Really? You try installing a Linux distro from the same era as the initial Win7 release. You'll get *lots* of patches offered, including kernel updates that require a reboot, only to be followed by fresh app updates now "unblocked" because the kernel has gone in. Depending on your distro, you'll also be offered a major distro upgrade or two, which aren't the default option. If you are unfortunate enough to use Ubuntu, you'll find that you can't do a distro update to the very latest in a single jump. You'll need at least two steps.
Microsoft *do* suck, but advocates of rival operating systems need to get their facts right if they want to be taken seriously.
Well, I do use a Linux Distro that predates Windows 7. RHEL 5 to be exact.
Yes there are lots of patches if I install from the 5.0 ISO's. If I use the 5.7 ones there are an awful lot less.
So what if there are lots of patches. One download operation. One patch application and one reboot.
Job done!
Yes I did disable all (well as many as I could) the options to stop any more patches from being downloaded. This included a registry hack as well. IT still didn't stop it.
But why are they telling me that yep, you have downloaded all the patches then an hour or so later there are suddenly more. They were not new ones by any measure.
Finally, what sensible company designs a system that by default causes you to save your work so that the OS can reboot to apply the patches it has just downloaded?
What if you are away from the PC for a couple of minutes. Bang you have lost your work.
Sorry. There is no other word to descride their patching system but FAIL. FAIL and thrice FAIL.
Paris because even she wouldn't put up with this mess.
> You try installing a Linux distro from the same era as the initial Win7 release.
I do that regularly.
> You'll get *lots* of patches offered
Indeed. And updating them really isn't a big deal.
> including kernel updates that require a reboot
Kernel updates are one of the few things that really *do*require a reboot, unless you're using ksplice (which I don't).
But Windows requires reboots for far more than kernel updates...
> only to be followed by fresh app updates now "unblocked" because the kernel has gone in
Got any references for that? Because it seems remarkably untrue, by my experience.
Vic.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
