Slashdot Mirror
Windows Is 'Insecure By Design,' Says Washington Post
Circuit Breaker writes "A Washington Post article says Microsoft Windows is insecure by design. Quote: 'Between the Blaster worm and the Sobig virus, it's been a long two weeks for Windows users. But nobody with a Mac or a Linux PC has had to lose a moment of sleep over these outbreaks -- just like in earlier "malware" epidemics. This is not a coincidence.'"
There's a large difference between "Windows is insecure by design" and "Windows was not designed to be secure or with security in mind" just as there's a significant difference between saying "Impalas are deathtraps by design" and "Impalas were not designed with safety in mind".
That said, and though the Post's article was a little muddled in general I agree with the spirit of the article in that
1). It's reprehensible that Microsoft apparently didn't have security (a broad term, but the literature to define it is out there) as a guiding design principle when they designed Windows, and
2) As a result of this, Items central to the functioning of Windows do not lend themselves to good security.
The old DOS/Windows had security as a pretty secondary concern, it was just about getting things to run and not crash a lot of the time. NT/2K/XP is much imrpoved, but it still suffers from this legacy. For example, it's still difficult to run users in non-Admin roles because some applications expect the user to have full Admin rights. Only when most of these applications are update will the ability to use real user security settings become practical.
Here's a modest proposal: Microsoft should use some of its $49 billion hoard to mail an update CD to anybody who wants one.
The sorts of people that would think to order such a CD in the first place are likely already patching their machines. Others will get the CD and misplace it, forget about it entirely, or mistake it for something like an AOL disc and toss it in the trash.
The coolest voice ever.
what about web server worms? apache is much more used than iis, but this didn't help iis...
indeed...
:/
I've had to patch and put up to date almost a dozen systems in my free time these weeks. Not seeing one penny for that since they all belong to friends and family...
That aside from the bozos at work that got hit and the flood of questions along the lines of "my computer keeps rebooting on me everytime I connect to the Internet... what can it be?..."
And people wonder why techies are grumpy...
~
~
:wq
I'm really not trying to be a troll here, but if a CS department requires a specific type of operating system (and probably the software that runs on said OS) in order to teach, then it's probably not worth the money to attend. Sure, learning to program with Microsoft's code du jour might help in the short term, but nothing beats teaching fundamental computer science principles in the long term.
What happens when the next big thing comes along and all the CS grads are stuck with C# as their sole reference point?
Obligatory Response:
The argument sort of breaks down when you talk about webservers, with Apache solidly in front with % usage, yet it's the smaller-target MS offering that is the one hit with exploits.
There's something more fundamental about the differences in security -- yes, MS is a bigger target, but that doesn't mean that it can't also happen to be the easiest target (and it is).
This is a bit unfair. Microsoft identified the problem and offered updates long before the worm hit the streets. Microsoft cares about the security of Windows, but it was the stupidity of the users which led to the compromise of their systems. If a Linux hole is found, nearly ever user would update to fix the change, because the average user of Linux knows what putting it off may entail. The average Windows user does not have the same computer knowledge, and hence, Microsoft gets the blame. Just another MS bashing is what it is!
A blog like any other.
Not only for that reason.
I don't have Windows anywhere and haven't for several years now. I don't run Outlook. But it turns out that at least one of the current batch of worms spoofs email addresses.
So all week I've been getting email messages from postmaster@ saying "...your message to so-and-so will not be delivered because it contained the SoBig worm, we advise you to download a security update from..." I wrote a couple of them and got two responses from mail admins saying essentially "Yes, we know it spoofs your email, sorry there's nothing we can do, please understand that we're under tons of pressure on our end, everyone is infected, this worm sucks, you have it easy, you run Linux, stop complaining!"
Anyway, people are receiving messages marked "from" my email address and are getting infected with a worm as a result. Obviously one or several people (editors, management, etc.) that have me in their Outlook address books have become infected and now the worm is spreading from their machines and spoofing my email address as the source. I totally resent this and actually worry about my liability.
Do I now have to trademark my own email address or something and then include a disclaimer in my email saying "This email address is my trademark, you are not allowed to add me to your address book in any way"?
The crap Windows security model has certainly affected me, a non-Windows user.
STOP . AMERICA . NOW
Funny, you say that. That excuse is getting to its old age.
.pif and .vbs (Here you stop user interaction for virus to be downloaded)
But it makes a great difference (on Windows) right in a moment after you:
step1) Disable Internet Connection to Explorer and Outlook (almost no one virus can connect to internet to download it's other part or upgrade, because they mostly use ActiveX download object)
step2) Start using Mozilla or Opera or even better Thunderbird and Firebird (in this step you disable IFrame and OCX viruses)
step3) Teach users not to open
Problem with Windows is not 95%, but IE and Outlook are made as centerpart of the system, thus allowed to any action no matter how stupid it is.
Based on that: YES, Windows is insecure in its roots.
Signature Pro version 1.13.2-3 release 83.5 beta3try7 after-breakfast edition
Also, don't forget the Mac and Linux users who unfortunately happened to be in the address book of some poor Windows user. I'm about to go nuts from the 50-100 autoreplies from corporate virus scanners, and I know I have it easy.
...
Give me a break. Linux (and Mac) don't have a huge share of desktops, but more and more companies (the kind of companies you want to hack and steal credit card numbers from) are running Linux-based servers. The source code for Linux is on millions of computers, naked to the world.
I learned about preventing buffer-overruns when I was in high school. This "most computers are running Windows" excuse for viruses is a cop-out, plain and simple.
Auto-reply to ACs: "Truly, you have a dizzying intellect."
The size of the windows audience has something to with the sheer number of viruses & worms, but that doesn't mean that mean that BSD/Mac OS/Linux are automatically just as insecure as Windows. Microsoft hasn't exactly gone out of it's way to ensure that users are safe and secure (not to the extent that OpenBSD has anyway)
Furthermore, *NIX has a massive presence in the server closets of the world. A worm that/virus that exploited these systems could be very lucrative for a malicious individual.
- Stealing corporate data (so we could find out who exactly SCO buys the stuff McBride is smoking from)
- DDoS attacks with OC-3 (rather than DSL/Dialup/Cable)
- Spam directly from the mail servers
There are certainly good reasons to write *NIX worms/viruses, but I think a combination of cluefull administration, a well designed OS, and to (a smaller extent) obscurity work together to make them a particularly hard target (when compared with Windows)
The only way to get everyone patched (moreso than the auto-download and ready to install of Windows) is to force everyone to patch. However, there would be several dupes on slashdot about how our rights are being taken away and how Microsoft can look into our computer. A step further, if people started using Linux, you might see the same thing with Linux...
This is my digital signature. 10011011001
Comment removed based on user account deletion
Computer industry? WHAT COMPUTER INDUSTRY? The VAST majority of these big viruses exploit who's products? All togerther now: MICROSOFT. This isn't Apple's fault, Macromedia's fault, iD's fault, or anyone else. These things are almost all MICROSOFT's. Finally someone in the media seems to get it.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Even some Linux default installs have security holes. It's all in how it's done, not what it's done with. Are we supposed to throw out everything written in C now, too?
You are not the customer.
Where you are wrong, and the Washington Post is correct is that Windows doesn't have to be intentionally flawed to be 'flawed by design'. Something can be flawed by design as far as security goes just in neglecting to design a proper security model to begin with. Windows is flawed because it wasn't designed to be secure from the beginning, and newer versions, even those written after Microsoft started to become more aware of the need for security, have been hamstrung by their need to retain backwards compatibility with older versions and for software written for older versions which in many cases just won't install and/or run correctly on a properly locked down installation of Windows. Whether Microsoft intentionally designed in security flaws isn't what matters, what matters is Windows, as it is currently designed and implemented has some inherent design flaws which make it less secure than it needs to be. Among them are the fact that so much Windows software relies on being able to write to system directories (to add DLLs, etc) to be installed, which leads most people to allow too many users to be able to access too many files. Another is the fact that Microsoft built in scripting which allows too much access to low-level functionality (in other words, it doesn't run everything in a restricted sandbox) into just about everything, including the email clients and office software most Windows users depend on. Another is the fact that executability is based on file extension and not by permissions, if it wasn't, then people wouldn't be able to accidently execute malicious downloads so easily. This problem is compounded by the fact that by default most Windows facilities and software likes to hide the file extension.
The Washington Post article is not a troll or flamebait, it is a very necessary wake up call to the average Joe Windows users. If more of them had patched their systems and used mail clients other than Outlook or Outlook Express as you have, then these viruses/worms wouldn't be such a big problem. Without the mainstream press letting these people know, they will not get the message.
You know, being funny aside, you just demonstrated one excellent point: Users should have enough rights to have work done, but not so much to easily screw up the system. Don't use root privilege in vain!
Why are attachments allowed to do *anything* on the computer?
Uhh, because some of us know our way around well enough to get programs from people that we want to run. Saving to HD and then running doesn't change a thing. To say you shouldn't be attaching executables is silly. People should be safe: know who sent them the mail, know what it is they are running, and run an up to date virus scanner, as well as keep their system patched.
If you are talking about automatic running of attachments, that is a different story, but I want my computer to do what I tell it to do.
Users running NT based versions of Windows are effectively forced, or annoyed, into running as admin. This happens for a number of reasons:
* Old software runs as admin only. Stuff that came out during the DOS/Windows days, much of it pretty recent, simply won't run as anything but admin. This is a nasty legacy thing, and is a vestige of the horrendous design of Win95/98/ME.
* Too much new software runs as admin. For example, if you want to run Microsoft's own Age of Empires, it only installs as admin, and only runs as admin. This is a new application made by the mothership, and clearly, fits into the home scenario as the article. I'd guess that at least 20% of the apps on my Win2k box require admin rights.
* Too many housekeeping functions require admin.
* It is a relative hassle to run a program with admin rights when not admin. The most common way is to -right click on the program's icon, and then select Run As, and then enter the admin password. Ugh.
* Even for the disciplined, quick user switching allows admin to stay logged in, most likely still running OE or some other security nightmare.
The upshot is that if a user even understands the concept of not running as admin, they are forced to, or get lazy and do so.
I've set up several users on Win2k, and taught them about security, and why they really, really don't want to run as admin. Months later, they all are.
This will be a problem if Linux ever becomes widely adopted by home users, and why Lindows runs as root by default.
Didn't Apple get this figured out? Why haven't everyone else copy them as usual?
Jonathan
If you digitally signed all of your electronic communication then you could effectively get rid of this worry. People who trusted your key would know immediately that this was a spoof.
kojent
PGP sign all your email, that way you will be able to prove that an infecting email did not originate from you. Also the very fact that it is a windows worm and you run Linux should indemnify you.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I wonder how many people read the EULA's? I bet the numbers are related (and small).
Little Brother, watching the watchers
Okay, maybe I should have turned on the firewall before connecting to the Intenet. I didn't realize the virii were scanning so relentlessly and quickly. I also thought that the idea of turning on a software firewall on a brand-new install seems a little dumb. All the firewall does is prevent incoming connections to insecure ports. If Microsoft knew when they shipped the OS that the ports would likely be found insecure, why wouldn't they just turn them off by default? I mean it is one thing to buy Norton Firewall on the presumption that they are fixing Microsoft's broken security model but why would I use a "security fix" that comes on the same CD as the program that introduced the security hole in the first place! It seems totally illogical to me.
To you and nikal, PGP does not prove X did not come from you, it only proves that X did come from you. Even if you are using PGP it is quite easy to send an unsigned message.
Only somebody else's signiture, establishing that it came from them, could begin to establish that it did not come from you, and you would still need to establish that you aren't that somebody else, since having multiple signitures is trivial. (It would probably be reasonably satisfactory under most normal circumstances, though.)
They cease to be liable the moment you click "I Agree"
~
~
:wq
True, but far worse: Microsoft quite intentionally continues to make Windows and Office etc insecure on PURPOSE, as a side effect of offering full programmability of email, Excel, etc.
There wouldn't be any email viruses nor spreadsheet viruses nor Word document viruses if these apps were lobotomized -- if they could not be programmed.
But Microsoft continually makes the business decision that adding the power of programmability to every app is much more important than the resulting insecurity.
The vast majority of Linux apps do not allow that kind of programmability -- even when extension languages like Guile/elisp/etc are available in Unix apps, programs aren't automatically and blindly run whenever some hapless user receives email or views a spreadsheet or whatever.
Conversely, whenever that kind of programmability is added to Unix apps, if it is triggerable just by receiving/viewing a file, then Unix viruses will become far more rampant. (A small saving grace is that the Unix viruses mostly, but not always, will run as some user rather than as root, but this is really only a small issue.)
This should be a wake-up call to teams like Gnumeric; just yesterday on Slashdot Gnumeric was criticized for not supporting every single MS Excel feature, and Jody Goldberg replied that hopefully it would include those by next year. But any Unix app that is 100% compatible with a MS app will be virus prone!
Quote from a poster on that story:
Mmm-hmm, and there goes security.
(Story link: Gnumeric Now Supports All Excel Worksheet Functions )
The really sad thing is that the marketplace clearly agrees with Microsoft about this tradeoff: corporate and personal users are far more concerned with having the power of macros/Visual Basic/etc built in to everything than with even basic security.
Professional Wild-Eyed Visionary
Today I sat down at my computer when I got a MSN message from a friend. That friend is complete noob with computers and now he had a problem.
.... After awhile, me trying to explain him how to scan for viruses. Yeah! It found a virus named blaster and I THINK he got it removed...
.... I, after awhile, get him pointed to the windows update and the patch for blaster. Again I think he got it installed ....
.... I try to explain him how to use windowsupdate but is almost giving up since he just dont get he just gotta press scan for updates and then install updates. Well in the end he gives up and says he dont care ....
This is pretty much what was said:
Friend: Hey. I got a problem with my computer. It has shut itself two times today, without me doing something. What do you think is wrong? I heard something about a virus.
Me: Yeah there is a few major virus's flowing around the net right now. Have you patched your system?
Friend: Patched ? ?
Me: Yeah. You know downloaded updates for windows.
Friend: No..
Me: Oh well. Here is a link to a virus scanner try and run that first.
Me: Good now to update your system.
Me: So, Now I suggest you update your system with patches from windows update.
Friend: Why? What should I waste time download all that? What good does it do me ?
Me: Well... It secures your system, give you updates to windows programs and IE and new drivers. You know. Makes it upto date.
Friend: But how do I do it ?
And there is the entire windows Security problem. Users that just come to their computer to surf abit and download a few programs like kazaa or emule just dont feel the need for updates. And they end up spreding the viruses to the entire net. Oh.. And it dont help that MS dont allow pirate versions of windows to be updated fully. I can see why it would in sense suck for them to give free updates to people that havent payed for the system. But people dont get updates when its all blocked. Which in end leads to viruses like this to run wild.
It dosen't have to be legal liability to cause trouble. A pissed off client, boss or girlfriend can be plenty of liability to have to deal with. If they have trouble understanding the actual causes, then good luck reasoning with them.
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
Your reply is the best so far; however, just take a step back and listen to my point.
Do you think we should write an article that claims that Henry Ford invented the automobile as a device to kill people 'by design'?
People get in vehicles drunk and run into families of four, killing them all. Do you think that this unintentional side effect was, 'by design' when the engineers created the vehicle? Was it 'by design' when man created beer or wine?
I think I'm being treated VERY unfairly by most responses here.
I give you one more example.
When the hammer was designed, do you think the designer intended it to be used to kill people? Or how about the baseball bat?
This is being over-analyzed by so many techies, that I think the clear facts are being missed. That which is, the article is misleading and doesn't contain a fair wording of facts. Put yourself in the shoes of others. Take a breath and look at my point.
I'm not an XP lover, but it's the OS that's on my computer. It just is. I play games and run Photoshop and other programs...so I use XP because my favorite programs all run on this OS on fairly cheap hardware.
Now, I may be doing something wrong here, but I've NEVER had a virus. I've never had a problem with a worm or anything really. XP hasn't even crashed on me before....ever. I've had programs hang up or crash...but the OS itself hasn't crashed.
And this has been the same on the 2 different machines that I've run XP on.
But yet, I always hear about everyone raking XP and Windows across the coals all the time. Yet I've never ever experienced nor do I know anyone anyone that's ever had major problems with XP. Oh, I know people out there have problems...but it's just that I personally have never known any.
Why is that? Now, as I said, I'm not an XP zealot at all. I could take it or leave it. But after reading here on Slashdot the evils of Windows and XP it would seem that my machine should have burst into flames months ago, yet it's going on day after day, never turned off, always hooked to the net...and chugging right along.
And I'm not really doing anything special. I keep up with all the updates to XP...which takes about 2 minutes out of my week. And I have basic Norton Antivirus running. I have Seti@home running when I'm away from the machine and I do a disk clean up and defragment maybe once a month or so.
So again, I must be doing something wrong (or right) to where XP doesn't give me one iota of problem.
I'm not praising XP...at least I don't mean to be praising it. You only see people bashing Windows, never praising it. To praise it would mean being thrown out of geekdom. So I think if XP or NT is working for you, you keep your mouth shut or just talk about how great Linux is.
I guess your mileage may vary.
"Music is everybody's possession. It's only publishers who think that people own it." - John Lennon.
In a response to a recent story, someone mentioned that UNIX standards were generally based upon specifications which had been made publically available for comment.
This is something that many take for granted, but it is quite important. RFCs are discussed publicly, and people review protocols independently of specific implementations. This means that the protocols themselves are refined, and implementors only have to worry about correctly coding to a given specification.
Under Windows, the specification is often "whatever works with this code is fine". This invites much less review of the protocols, and since the protocols are ill-defined, it's difficult to determine whether the protocol has been implemented correctly.
Somebody get that guy an ambulance!
Right on. My experience was the same. I was immunized from BLASTER on July 17th according to the log from MS Update. It's very hip and au courant to ignore MS Updates, because they're a pain, and their Service Packs don't have a great reputation. But updating early and often has kept me out of trouble.
When I started getting Sobig emails on Tuesday, I even took the time to call two of my friends (who subscribe to some of the same lists I do) to warn them not to trust emails with attachments. I had to explain the whole concept to them, but they got it. I got 40 the first day, 20 the second and only a handful since. And I had no desire to open any of them.
The biggest threat that Windows poses is that from users who are totally clueless... they turn on their machine thinking it's some kind of "email machine" and nothing else. Not a clue there are threats or risks out there. And no indication from Windows, or Outlook, or IE that anything they do could be unsafe. Windows update works, at least this time it did. They're not going to get more saavy, so there's no harm in telling people to use windows update.
Tell your friends:
1. Don't preview email
2. Delete email you don't know or trust
3. Don't open attachments if they're not absolutely known and expected
3. Update early and often
The article is right, Windows is dangerous. MS isn't going to tell the consumer, because that would threaten their (considerable) cash flow.
I'll shut up now.
Everything I've ever learned the hard way was based on a statistically invalid sample.
MS is at fault, the root of it, to be sure.
It's kind of funny, but I didn't have any problems with either of those viruses in any of my three WinXP machines. Maybe it was the common sense (Sobig) or the fact all my machines were updated (MS Blaster)or the common sense that 300 e-mails with the same attachment from people I don't know might, just might be a virus. This is not to mention of course the firewall, pestpatrol, and Norton Antivirus. Now, you might say, "well hey, my linux box had none of that, wasn't patched, no firewall, nothin!" but think for a few seconds. These viruses were programed for windows, not linux/any other os. Of course your non-windows computer was not infected, because the virus/worm was not made for it. So before you get on your high horse, remmember it can happen if someone bothers to write it.
Mac and Linux not targeted? Taking the view of a malicious hacker, why would you bother coding a virus that only affected a minority of computer users? If Linux ever really makes it mainstream, you may find it's just as susceptible.
Well, checking the oil I'd put more akin to checking free resources. Same for most of the other fluids in the car, short of fuel. fuel's akin to turning the thing on in the first place. Do these people need to know how to operate the turn signals, trunk release, windshield wipers, domelight, etc? I'd rate them as your basic intelligent car owner.
As for changing fluids out, the computer equivalent would be to a backyard mechanic, who handles oil and antifreeze coolant. Maybe checks the tranny fluid and takes it somehwere if it doesn't look right. Changes out burned out lights, etc. Stuff that is mostly covered in the owner's manual, or at least has stuff like fluid quantities. In computers, I'd equate that with being able to hook up external devices and get them to work, being able to remove stuff from C:\WINDOWS\START MENU\PROGRAMS\STARTUP, configure basic network settings from instructions for something like DSL or Cable. Calls for support or a technician when something out of this range goes wrong.
A+ certified techicians would equivalently handle basics, like replacing alternators, starters, draining transmission fluid, replacing water pumps, checking differential gear oil, lubing the suspension or steering parts, replacing obviously bad water hoses, and the like. Stuff that stands out. By comparison to computers the person would be able to replace hard disk drives and CD-ROMs, install video cards, install the OS from scratch for the default configuration, configure sound support, and the like. Maybe even dig into the registry a smidgeon.
And above that you'd have your power-technicians, who would be up there with not being afraid to remove stuff like engines, axles, transmissions, steering columns, dash boards, interior parts, etc. These people would be able to play with advanced networking, deal with driver and IRQ conflicts, handle tweaking of the OS, dig into the registry a bit, etc.
Beyond that, you find different people who can rebuild engines or transmissions in their sleep, modify sheet metal artistically, handle advanced upgrading of suspension, and the like. They would in computer equivalents be specialized, but very talented. They probably wouldn't even do much of the lower-level work unless they had to, because they would be more valuable higher.
Well, that was quite long enough of a ramble...
Do not look into laser with remaining eye.
>> this virus wasnt particularly microsofts fault
If you're talking Sobig.F then yes, it is definitely Microsoft's fault.
In the early 1990s, people got laughed at (or gently educated) if they suggested 'I got that virus through email'. It just didn't happen.
Then MS turn up with their inherently insecure 'Automatically run stuff that's emailed to you' email client, actually build it into the OS (thus ensuring greater take-up than would otherwise have been achieved) and email viruses became commonplace.
The only way this virus wasn't Microsoft's fault is that they didn't write it themselves. The environment it runs in, that enabled it, is entirely and absolutely due to insecure design by MS.
~Cederic