Alexander Schreiber wrote:
On Mon, Jan 18, 2010 at 07:57:20AM -0700, Richard
wrote:
In article <4B53ABD9.1080105 at
philpem.me.uk>,
Philip Pemberton <classiccmp at philpem.me.uk> writes:
It's worked three times for me... No
guarantees for others, I just use
*nix-type OSes because I don't like the swiss-cheese security (if it's
even *that* good.. wire mesh probably has less holes) of Windoze.
Yeah, VMS is such a piece of crap when it comes to security.
*sigh*
Windows isn't VMS, despite the rather obvious similarities between VMS
and Windows NT kernel internals. The really annoying thing about Windows
security is that Windows has all the fundamental kernel level
infrastructure to be far more secure than standard Unix, with much more
fine grained security and privilege separation. Only ... as far as I'm
aware, this is pretty much unused, even by Microsoft. Probably because
properly securing a workstation environment (and that is where most
Windows machines are used) without putting it into so much of a
straightjacket as to be useless is _hard_. And requires active thought
at the design phase of the user land software. Look how long it took
for most application vendors to more or less grasp the idea of a
multi-user system on Windows ...
And so convenience wins over security, again.
This is gonna be my last post on Windows here, honest. The above is
true, at least for Windows up to XP. There was a legacy of code that
assumed it had Admin privileges, and would not run otherwise. This
caused Microsoft to decide to run users as Admins by default to maintain
compatibility (and convenience) which at one time were paramount to
security. This just encouraged more software to assume it could do
anything, and so the cycle repeats.
Windows Vista and Windows 7 are slowly breaking this trend. User
accounts are no longer privileged by default. Registry and file
accesses are virtualized, so bad apps that want to write to protected
areas (like %windir%\system32, or the system registry hive) are told
they *can* but the writes/reads are actually done to a different, safe
location in the user's profile where possible, or denied where Microsoft
has decided to put their foot down. This allows (most) bad applications
to continue to run, while allowing the introduction of a much better
security model for Windows. The intent is to winnow down the pool of
these bad apps over time and eventually turn off the virtualization
altogether.
(see
http://msdn.microsoft.com/en-us/library/aa965884%28VS.85%29.aspx).
That is all, you may return to your regularly scheduled programming now.
Josh
Regards,
Alex.