Slashdot Mirror
Windows Is 'Insecure By Design,' Says Washington Post
Circuit Breaker writes "A Washington Post article says Microsoft Windows is insecure by design. Quote: 'Between the Blaster worm and the Sobig virus, it's been a long two weeks for Windows users. But nobody with a Mac or a Linux PC has had to lose a moment of sleep over these outbreaks -- just like in earlier "malware" epidemics. This is not a coincidence.'"
"Windows is better than most operating systems at easing the drudgery of staying on top of patches and bug fixes"
emerge -u world
how _hard_ is that?
It was posted because people have been saying for a long time that windows is insecure, but Joe Shmoe computer user won't know that (you mean there's computers that don't run windows?) until it gets some attention in the mainstream media. This is the media attention a lot of linux geeks have been waiting for.
Some of us alternative OS users were actually affected by the virus, even if we weren't infected. In addition to the Net slowdown, the friggin SoBig.f virus forges emails. So if you have any windows using acquantainces, or even people who received a forward with your address on it, the SoBig.f virus will cheerfully send out copies of itself purportedly from you! It doesn't just stop at the address book either, but allegedly scans documents on the drive to harvest addresses. Evil, evil thing. So, no computational loss, but potential harm to reputation, even though it's easy to prove via the headers that it did not originate from you, the vast majority of those windows users who get infected with emails bearing your From: line don't know a header from a hole in the head.
And we certainly see this on the Web, where Apache on Linux greatly outnumbers Microsoft IIS on Windows. Oh wait, no we don't.
http://rocknerd.co.uk
"all this evidence for the need for operating system diversity in the corporate realm"...?
That seems to be a rather easy thing to say if you're not actually trying to manage a business with a large, complex interconnected system of technologies... having spent a rather painful amount of time (actually, more like an amount of rather painful time) in very large companies (35000 PC users at all levels of use), I have to say that a desire for OS diversity is far from an obvious choice. I'm not saying it's a bad idea, just a potentially unpractical one in many real corporate situations.
Working with the single devil you know as opposed to a vast army of individually varied devils may be preferable, at least in theory.
I find it much easier to secure a Linux/*BSD box than a Windows one. Even though I use Win 2000 daily as a programmer. I'm pretty sure I'm not alone in that predicament.
Just keep in mind that a large part of the internet infrastructure does not run Windows, but they (the servers) still seems to do okay, apart from the odd sendmail/bind/openssh bug ;-)
I agree. The Washington Post is a very well known newspaper that many people get. Even my father(who subscribes to WP) read the article this morning and showed it to me because he thought I might find it interesting. He isnt the type to read stuff like slashdot. Just a note..I saw it at news.google.com this morning.
The Television Wiki
Not only are the security implications horrendous in the MS products, but servicing them is a nightmare ....
This story just caught me at a bad time ... I have been trying to do a file/printer sharing between 2 computers running Win 2000 Prof and Win XP Prof using a hub. You would think it would be plug and play, and a little bit of configuration - and that is how I set out my cost estimates for a small business that wanted me to do it for them ... big mistake ...
It is 3 days past now. I have read probably 100 + articles to understand the security implications for these windows products .... Used all sorts of keywords in google to get many articles to see how the damn networking is done in the first place. And I am now thoroughly confused, tired, and am spending a lot of unpaid hours getting this damn networking done. FOR GOD's sake I am trying to network two products from the same company ... How could MS screw it up and make it such a nightmare .... and do such dumb stuff as not turning the security features on by default so that I don't even know what I am exposing, all the patches that are being issued faster than I can download ...
To see a world in a grain of sand, and then to step back and see the beach where the sand lies
I think my favorite part in the article is when the author suggests that MS should use their massive cash pile to mail out a CD of updates to every single customer that wants one. Considering how many CDs AOL sends out (and yes, I know they are bleeding money), wouldn't it make sense to partner with AOL, who is already producing discs, and make them multi-session, so that MS could use the already pervasive CD distribution systems in place to get updates out?
I can't believe no one thought to suggest this before. And if MS was REALLY SERIOUS about making security their #1 priority, it would be a pittance to part with and give their customers a much-needed sense that MS actually does care about their customers.
The question is, do they really care more about the customer or the bottom line?
A family member of mine got a new Windows XP system, installed it, and tried to download the security patches. Before the XP system managed to download the patches, it had already been 0wned by Blaster. It's really hard to keep a Windows system up-to-date when you can't connect to the Internet to update it.
My solution?? I used Red Hat Linux to download the patch, and wrote it on some media. Of course, he can't really completely wipe his hard drive to be sure he's safe from any other attacks. Why? If the drive is fully wiped, Windows XP can't be installed any more - on his system, the CD doesn't contain the entire OS!
Of course, I'm writing this from a Red Hat Linux system that has a nice built-in firewall, a "root" account that's not normally used, no externally-accessible ports, and lots of other designs that make it far more resistant to attack in the first place. Yum.
- David A. Wheeler (see my Secure Programming HOWTO)
If every software maker followed these Microsoft specifications Windows would be a much better operating system. A good example of a broken app is Palm Desktop. First of all, it only works with one user. Second, to install it, you have to give the limited user admin rights, install it, and bring them back down to limited rights. It's the same for Documents To Go. Talk about a PITA - and notice that neither of the apps boxes have the Windows logo on them.
On the subject of liability, I wonder why Microsoft is never held liabel for the billions of dollars that these incidents cost the world's economies. A little forethought this would never have happened.
Imagine if Ford were to sell a car with a fundamental problem. One that potentially cost lives. They did and they had to recall it.
Now these virus epidemics probably bring down some rather critical computers and potentially cost lives. (Yeah, yeah, mission critical machines should be kept uber patched...)
Microsoft really comes across as untouchable.
Free Gamer - Free games list and commentary
I now have a new signature on my emails:
*In light of the ability of some email viruses (eg SoBig.F) to spoof this address regardless of whether my machine is infected or not (for instance, pulling my address from a Windows user address book to use as a fake return address), if this statement is not included, consider a message from me to be a virus*
I figure that will be good, going out a few dozen times a day. I urge everyone to pen something similar. Cause, ya know, MS can never have too much bad press... erm, room to innovate.
Also fact: System relies on file extensions to differentiate between executable and non-executable files, which in my mind is a bit worse.
Anyway, as for your requirement for "INTENT." Back when the CodeRed came out, work gave me the responsibility of locking down our IIS servers. Back then I didn't have any experience with IIS so I did the smartest thing I could come up with - started reading and convinced work to send me to a one day SANS seminar. Well, the instructor told a story from an MS employee of how MS figured it was cheaper enable crap like Internet Printing and the like by default than it was to eat the cost of projected support calls they would get from people who wanted the feature but couldn't figure out how to enable it.
IOW, enabling everything in IIS was done because it saved MS a few bucks. That is a design decision. It was intentional and most importantly it was insecure.
You still want to mince words on this?
I don't want knowledge. I want certainty. - Law, David Bowie
With write priviledges only to their own sandbox, then, none of this would be happening. Instead, you've got IE and Outlook running as a user's account, so, despite the prevalance of a workable user based access control list based security system in Windows, Microsoft does not use it where it really counts. Dumb dumb dumb.
This is my sig.
That's why I tell my family: If you want help with your computer, buy a Mac. I don't support PCs.
Just about everyone in my family has a Mac.
It's a win-win for me, since the amount of support you have to do for a Mac user is virtually nil -- they just work. :-)
Windows security, (don't laugh) on NT 5 and up is not too shabby (when properly done... not to say that it is "secure", no systems plugged into electricity and a network are). The problem is not the security model, it's the default level of security applied out of the box. The default level is so lax, it is WISHING it were swiss cheese!
There are so many open orifices by default, it's, honestly, frightening to release a Windows system to the wild of being connected to the Internet without extensive preventative measures. Of course, keeping safe in a Windows environment is very possible but almost exclusively for technically savvy people, the rest of the Windows users (almost all of them) are running Windows with it's default pants down, bent over, with a giant neon "Rape Me" sign on them.
Sigh. Perhaps someday MS will enable some more of their security features BY DEFAULT on Windows (well, lets say, all of them, and then let users drop their computer's drawers if they choose to). Until then, look at it this way... MS's (deliberate?) default swiss cheese security keeps many a person employed plugging the holes.
If it were secure by default and kept itself in great working order automatically, what use would anyone have paying techies to do that? In a strange way, I owe my continued employment to MS's poor default practices.
-Joe
If we're all god's children, what's so special about Jesus? - Jimmy Carr
As sick as defending Microsoft makes me feel, I'm going to have to point out that your analogy isn't fair. A more apt analogy would be Ford making a car with a radio so defective that the car would explode if it received a signal of a certain frequency. Ford learns of this and initiates a recall. People ignore the recall, and then someone hijacks an antenna two weeks after the recall has been initiated and broadcasts said signal of said frequency. Cars explode.
Did Ford send the signal out? No, so they are not directly liable. Did they attempt to correct this problem before it was taken advantage of? Yes. Should such a disastrously massive problem have been allowed to make it into the final design? Microsoft do share some liability for the damage done, but not all of it. It was, after all, their incompetence that created the problem in the first place. Is it all their fault? No, sorry.
The other angle to look at is the cost of installing the patch. Since Windows requires you to reboot after changing all but the most trivial aspects of your system, this makes installing the patch extremely inconvenient for many server administrators. Administrators have no such excuse with a Linux system, which really only requires a reboot after changing the kernel. On Windows boxes, however, such required restarts can end up costing a lot of money, especially if the patch breaks a service that the server is running. So, one thing Microsoft could do would be to reduce the amount of required restarts. Good luck, since the GUI is the operating system, unlike a *nix box, where it's just another process that can be terminated without bringing down the system.
As I said, I now feel sick for sticking up for the pricks in Redmond.
I'm late to the party with this reply, but I'm posting it anyway for posterity. Someday I'll find this message and link back to it.
Windows IS insecure by design. The Virii and worms that are happening now are pissing people off. In the future, Microsoft will bring the 'security' scheme from the XBox to Windows... code will have to be signed by Microsoft in order to run on Windows. the press will love it, and you will see tons of articles saying things like "Microsoft gets Security Right" and "Microsoft Announces the End of Virii".
And in the end, you and I won't be allowed to fire up a compiler and write a trivial little 'Hello World' program without buying a runtime license from Microsoft, which will be embeded in every program you write.
Innovation will be stifled... I doubt Microsoft will be very license-friendly to Sun, or Apache, or Cygwin, etc.
Microsoft's own lax security is a plan to pave the way to their heavy handed takeover of your computer.
mark my words.
please please please PLEASE do not reference wired if you wish to garner any kind of respect.
and just for reference (as a person who works hell desk (tech support) for linux servers) i have not yet met a single person affected or infected by slapper. unix and unix derivatives are vastly more secure because of the way they were designed. not to mention most distro's dont leave 45 uneccasary things running by default, hence the admin of a unix box has to do less to be decently secured.
i will admit this virus wasnt particularly microsofts fault. but we have been doing this same routine for 8 -10 years now with them. sooner or latter they are going to have to own up to it, and yes microsofts systems are inherintly insecure. and no i dont run anything M$ on anything i own or admin.
i am also very aware that i am having a bad spelling day.
"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe." --Albert Einstein
I just took my son to college this weekend and set his pc up for him. (Ah yes, dad knows FAR more about computers that jr...)
We dropped his stuff off in his dorm and discovering there was only one ethernet jack in his room we left for Best Buy to grab a cheapy hub so he could plug his LINUX box, his PS/2 and his roommate all into the single lan jack.
Well, we blew off the hub because his roommate called his cell phone and said he was "bringing a *thing* from home to hook both of *them* up at once"..
So, assuming he was talking about a hub we blew that off. Well, we got back and discover the roomy had plugged a cordless phone into the lan jack. I pulled the cord and announced that they were lucky system security didn't come up and billy club someone for crashing planet earth into the mooon by plugging the phone into the lan jack. The roomy was sitting there looking like he had crapped his pants.
I plugged my son's pc into the lan and fired it up to make sure it was configured properly with the college system and it was fine.
My son is using Mandrake 9.1 w/KDE 3.1.3tex.
Now, when you fire up Linux *MOST* people are going to say something, it's different you know and if a NORMAL person has a few brain cells functioning, they will notice something is different and not only ask questions but come over to watch..
Nope. Roomy sat there waiting for his chair to blast off, he could have been watching me pilot the starship Enterprise as far as he knew.
I very quickly drew the conclusion that this kid was not only dead in the head, his computer skills are less than ZERO.. I asked him what he has, he told me he has a laptop with Windows 98. Whee! How fun can that be??!!
There were hundreds of kids lugging brand new Compaq and Dell boxes in and they *ALL* had big fat, "WINDOWS XP installed" stickers on them.
You can bet your ass that those kids will be ate up with that shit, probably already, if not for sure by the coming weekend.
Those kids, by dragging all those XP boxes in were building a big petri dish for the script kiddies to play...
I can say this. I'm damn glad my kid is using Linux, I don't have to worry about him getting caught up in all these childish virus/worm/trojan games. This shit has gone way, way too far.
I'm not going to pump all my money into repairing his PC (600+ miles from home) every few days, dumping money down the toilet on anti-virus crapware that does not work, and paying $200 for an OS that just brings you constant headaches.
I told my son that if he wants to stay in that school then the Linux stays on his PC and M$ is forbidden on his machine. If he changes it or let's someone change it, that's it. He goes to local community college with the local idiot beerheads..
why not offer them a choice?
I'll help you move to linux for free, or I'll charge you $50 to fix your system this time.
tell them the charge will double each time they need help, for either system.
Humpty Dumpty was pushed.
...Or, "The Tecn Commandments of Windows Security."
I run Linux on my servers, but for compatibility, certain programs I need, etc., etc., my workstations use XP. I haven't patched anything. I don't trust the patches and especially not the Service Packs. They can break things and slow things down. If my box is working, why tempt fate? There are a few, very simple things to do that will keep Windows almost entirely secure:
1 - No scripting host. If you don't need it, kill it.
2 - No Outlook. Outlook is bad. IE is almost as bad. Everyone should know this by now. And if you must use it...
3 - Don't open file attachments from anybody unless you know what the hell they are! Why is this so difficult? Well, it's because people never...
4 - Unhide the file extensions. You wouldn't eat something from a package simply labled "food" without having some clue what's in it, so why double-click an icon without knowing what it will do? Learn what these extensions are, and Google it if you're not sure what a given one means.
5 - Don't use IE if you don't have to. Mozilla's now advanced and stable enough that you should almost never have to use IE to properly view a site. I never have a problem with popups, and I've never had my browser hijacked. Using IE tempts people to break #6...
6 - Read the question before you answer "Yes." Do you walk around at work slackjawed and answering "yes" to every question you're asked without listening? If you weren't specifically looking for what a site wants you to install, chances are you don't need it.
7 - Firewall. Buy a $30 broadband router, build a Linux gateway, enable XP's own, built-in, pre-installed firewall, or get something like Zone Alarm, depending on your needs and/or level of computer literacy.
8 - Don't download software without knowing exactly what it is. Read the license agreement. Sure, I like to check out neat toys on Download.com too, but not if I have to install Gator or GAIN to use them. See #6. Read!
9 - Check your processes. and read what's going on in there. Google each one. This is a pain in the ass the first time, but do it once and then you'll know when something's not supposed to be there.
10 - Watch who gets your email address. Get two. One for ordering/registering things, and one that you only give to real people.
That's it. I run no antivirus software and my system thanks me for it with good performance. I have not loaded a Service Pack, a patch, anything. None of this is difficult. These rules are simple enough for almost anyone to follow, and the major ones are extremely easy.
As someone who works in security, "insecure by design" has a precise meaning to me, which I've not seen mentioned here yet. The developer's intentions have nothing to do with it. "Insecure by design" means every implementation of a given system will share a common set of security vulnerabilities. In other words, the design (think API or protocol) itself is flawed. No implementation is safe.
Example: The design of the http protocol does not provide any method of running arbitrary code from the client on the server. A perfectly implemented web server will contain no remote vulnerabilities of this type. Flaws in particular web servers like IIS are caused by mistakes in the implementation, not the http protocol itself. The protocol is secure by design with regard to this attack.
Contrast this with a protocol whose design is insecure. Nothing in the SMTP spec addresses the issue of spam. High-volume anonymous message injection is allowed by the protocol. Solutions to spam have to be implemented externally with things like blacklists and filters (which are considered external even when run during the SMTP transaction as they aren't part of the SMTP protocol itself). No SMTP server, no matter how perfectly implemented, can both completely follow the SMTP spec and reject all spam. Thus SMTP is insecure by design with regard to spam.
Nebulous terms like "windows" and "secure" mean next to nothing by themselves. What is "windows"? The NT kernel? The win32 API? The set of programs and services enabled by a default install? Secure against what types of attacks?
For reasonable definitions of the above, the statement "Windows is insecure by design" certainly makes sense. Take "windows" to mean the win32 API and "secure" to mean enforcement of access control. Remember the shatter attacks discovered last year? That's a flaw in the design of the win32 API. No implementation is safe. It fits the definition of "insecure by design" perfectly. And Microsoft has alluded to more such vulnerabilities lurking in the win32 API (remember when they said they couldn't reveal all the APIs for security reasons?).
Democracy is two wolves and a sheep voting on lunch.
Exchange rates don't mirror cost of living, necessarily. The Aussie
buck isn't worth as much as the US buck on the international market,
but that isn't because the Aussie buck won't buy as much, locally,
as the US buck will buy in the US.
An example: the exchange rate between where I live (Galion Ohio)
and lower Manhattan is 1:1 -- one dollar from here is worth exactly
one dollar from there. Yet, an entire family here can live on less
money per month than the rent of a two-room apartment there.
The exchange rates do have an impact on the cost of living, as they
have an impact on the cost of some items, but not everything is
priced proportionally.
Here, $10/hour is a decent wage for a single person in a blue-collar
or entry-level position. I take home about that amount after taxes,
working as an entry-level computer troubleshooter (basically, a
one-man part-time IT department at a place too small to have a
full-time IT department), but a professional programmer would
certainly make more than that (except, I doubt if we have any in
the area). Fourty minutes' drive south of here there's a big
white-collar area (Worthington/Westerville, suburbs of Columbus --
conference complexes, marketing firms, shopping malls, and
three-quarter-million-dollar houses[1] as far as the eye can see)
where someone in a position equivalent to mine would make triple
my wage and struggle to get along. Rent is much higher there;
food costs more; everything costs more. A lot of people live up
this way and commute to work down there.
[1] Nobody would build a house that expensive in Galion, because
it wouldn't have resale value. We have a sparse handful of
houses in town worth two hundred thousand or a little more.
Part of it is that the land here is much cheaper.
Cut that out, or I will ship you to Norilsk in a box.
As an ex Windows admin, the thiing that I found most difficult about Windows was not a lack of security by design. Downloading the patches and keeping the AV up to date will suffice normally. No, the problem of windows, to me, lies in that it is a fucking mess.
/bin, /usr/bin, /usr/local/bin etc, confusing for a newbie), but the fact that Windows has literally tens of dozens of directories that belong to the system, that are both undocumented and not self explanatory, as well as the registery, which is an inconsisten fucking mess if there ever was one are things that make windows a pain.
This may sound ludicrous in view of the jungle that one faces when one moves through a *nix directory tree on the command line (e.g. why is there
On top of this there are so many design decisions that are superficially a good idea, but make things hell when one goes beneath the hood. An example is the desktop. From a visual point of view it might make sense to only store data in my documents and below that, which is also encouraged by the open/save dialogue, but the My Documents sits in a deep sub folder in the real directory tree. The actual dialogue boxes of so many system controls are anything but friendly. While the wizards make things simple in a linear way, they are a stop gap measure screwed on top of a system that is anything but consistent and visually well though out otherwise.
To me it seems that MS designs it's system in that the core OS team has first go at making the bitch work, and after they are done, the mess is passed on to the UI team which then has the pleasure of slapping crap like wizards and My Documents and tons of irritating marketing reminders (passport, messanger bla bla bla, hide those icons so you can't find them again) on top of the system so that MS can call it "User friendly".
Fucking bullshit.