Slashdot Mirror
Windows Is 'Insecure By Design,' Says Washington Post
Circuit Breaker writes "A Washington Post article says Microsoft Windows is insecure by design. Quote: 'Between the Blaster worm and the Sobig virus, it's been a long two weeks for Windows users. But nobody with a Mac or a Linux PC has had to lose a moment of sleep over these outbreaks -- just like in earlier "malware" epidemics. This is not a coincidence.'"
If 80% of the computers on the Internet were running OS X or Linux don't you think there'd be more Mac and *nix malware?
Now I'm not saying one OS is more secure than another (although that may be the case as well), just an easier and more effective target.
'He was a dreamer, a thinker, a speculative philosopher... or, as his wife would have it, an idiot.' - Douglas Adams
Site feels slow, so ....
By Rob Pegoraro
Sunday, August 24, 2003; Page F07
Between the Blaster worm and the Sobig virus, it's been a long two weeks for Windows users. But nobody with a Mac or a Linux PC has had to lose a moment of sleep over these outbreaks -- just like in earlier "malware" epidemics.
This is not a coincidence.
The usual theory has been that Windows gets all the attacks because almost everybody uses it. But millions of people do use Mac OS X and Linux, a sufficiently big market for plenty of legitimate software developers -- so why do the authors of viruses and worms rarely take aim at either system?
Even if that changed, Windows would still be an easier target. In its default setup, Windows XP on the Internet amounts to a car parked in a bad part of town, with the doors unlocked, the key in the ignition and a Post-It note on the dashboard saying, "Please don't steal this."
Not opening strange e-mail attachments helps to keep Windows secure (not to mention it's plain common sense), but it isn't enough.
The vulnerabilities built in: Security starts with closing doors that don't need to be open. On a PC, these doors are called "ports" -- channels to the Internet reserved for specific tasks, such as publishing a Web page.
These ports are what network worms like Blaster crawl in through, exploiting bugs in an operating system to implant themselves. (Viruses can't move on their own and need other mechanisms, such as e-mail or floppy disks, to spread.) It's canonical among security experts that unneeded ports should be closed.
Windows XP Home Edition, however, ships with five ports open, behind which run "services" that serve no purpose except on a computer network.
"Messenger Service," for instance, is designed to listen for alerts sent out by a network's owner, but on a home computer all it does is receive ads broadcast by spammers. The "Remote Procedure Call" feature exploited by Blaster is, to quote a Microsoft advisory, "not intended to be used in hostile environments such as the Internet."
Jeff Jones, Microsoft's senior director for "trustworthy computing," said the company was heeding user requests when XP was designed: "What customers were demanding was network compatibility, application compatibility."
But they weren't asking for easily cracked PCs either. Now, Jones said, Microsoft believes it's better to leave ports shut until users open the ones they need. But any change to this dangerous default configuration will only come in some future update.
In comparison, Mac OS X ships with zero ports open to the Internet.
The firewall that's down: A firewall provides further defense against worms, rejecting dangerous Internet traffic.
Windows XP includes basic firewall software (it doesn't monitor outgoing connections), but it's inactive unless you use its "wizard" software to set up a broadband connection. Turning it on is a five-step task in Microsoft's directions (www.microsoft.com/protect) that must be repeated for every Internet connection on a PC.
Mac OS X's firewall isn't enabled by default either, but it's much simpler to enable. Red Hat Linux is better yet: Its firewall is on from the start.
The patches that aren't downloaded: Windows is better than most operating systems at easing the drudgery of staying on top of patches and bug fixes, since it can automatically download them. A PC kept current with Microsoft's security updates would have survived this week unscathed.
But hundreds of thousands, if not millions, of Windows systems still got Blasted, even though the patch to stop this worm was released weeks ago.
Part of this is users' fault. "Critical updates" are called that for a reason, and it's foolish to ignore them. (The same goes for not installing and updating anti-virus software.)
The chance of a patch wrecking Windows is dwarfed by the odds that an unpatched PC will get hit. And for those saying they don't
Funny - I pactch regularly and taught my family to do the same.
I had no problems over the past two weeks.
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
"But nobody with a Mac or a Linux PC has had to lose a moment of sleep over these outbreaks"
I don't know what they're talking about. I might be using Linux, but those Windows machines just killed the network that I was plugged into.
I'm only paranoid because everyone is against me...
I've had to patch and put up to date almost a dozen systems in my free time these weeks. Not seeing one penny for that since they all belong to friends and family... :/
Upgrade them to Linux. I did it a year ago and my sister surf the internet, mail and chat without problems since that. And I get her a pentium 333Mz. Thats enought for what she use.