Gates: 'You don't need perfect code' for Security
securitas writes "ITBusiness has an interview from the Microsoft Professional Developers Conference where Bill Gates says 'You don't need perfect code to avoid security problems.' Instead he suggests that users acquire and properly configure firewalls and make sure that they keep their software patches up-to-date. Considering that Microsoft says it is focused on security, the comments from the Chief Software Architect aren't inspiring, especially beacuse the underlying attitude seems to contradict the idea of well-written, secure code. What kind of message does that send to the developers who work for Gates?"
Umm, design flaws - no. Windows has a vastly superior (and admittedly more complicated) security _model_ to Unix. This is not debatable. You not only don't have to run as 'root' (which is a Unix concept, not a Windows concept), you can revoke and grant specific priveleges.
Seriously, get a clue. Windows's security problems are related to application coding, not OS design. The design is far in advance of Unix.
Let's see.. I have root on a Unix WS. I have local Admin access on a windows workstation. Guess which OS grants me global access to network file systems? It ain't Windows.
Hint: 'sudo -u cat ~some_user/somePrivateFile'.
Of course you do anything on a local host. My point is that NFS is what most people use, and it's flawed.
The Anti-MS crowd must find it convenient to make these distinctions in one case, and ignore them in another.
NFS isn't Unix, but when the latest Outlook or IE flaw comes around it's all lumped in and they claim the OS itself has a bad design. How convenient.
NFS is the _main_ remote file system protocol in Unix. Put a map of of all Unix installations, throw a dart, and you will probably hit a site using good old NFS v2 or maybe v3.
I'm sure when there's a CIFS bug you're quick to point out that this doesn't reflect badly on Windows, it's only one of many filesystems available?
Pure hypocrisy. Unix has a terrible history of security flaws. Sendmail, X11 (still insecure), RPC, buffer overflows in miscellaneous applications, NFS, NIS, OpenSSL/SSH flaws that affect _multiple_ applications, setuid binary flaws, environment variable/LD_LIBRARY_PATH/LD_PRELOAD type flaws, apache bugs, the list does not end.
The Windows low level architecture is more powerful, you have more control over _everything_. In Unix you basically have "root" or "not root". And if you look at the contortions people have gone through to get around that flaw it's really humorous.
Windows's problems are more of common trend of sloppy programming in specific instances, not inherent design flaws. The same issues have plagued (and still plague) Unix for decades.