Vista the Last of Its Kind

An anonymous reader wrote to mention a TechWorld story about Windows Vista. According to the Gartner Group, Windows Vista is likely to be the last of its kind. "The problem is that the operating system's increasing complexity is making it ever more difficult for enterprises to implement migrations, and impossible for Microsoft to release regular updates. This, in turn, stands in the way of Microsoft's efforts to push companies to subscription licensing. The answer, according to Gartner, is virtualization, which is built into newer chips from Intel and AMD, and has become mainstream for x86 servers through the efforts of VMware." Speaking of Vista, C|Net reports that a new release candidate is on the way. The average tester should expect it by the end of September.

Latest BS from Gartner

[owlstead]

And it's late as well. I don't believe so much in virtualization on this level to create security. I mean, how are the components going to communicate? Sockets? Sockets are their own security problem. Microsoft clearly thinks in the same direction. What we need is a more fine-grained security model, in which applications only get the resources they need. Applications themselves also must be able apply the same security directives to their internal components. Just assigning a user per application won't work either, I mean, I would like to continue to work with my text editor as myself.

Currently, applications can install themselves anywhere they want. They can destroy everything I own, including most things in the registry. They can take every bit of CPU power they like. Any amount of memory. Any amount of threads. Any amount of desktop space (including the whole lot through DirectX). They can even take away my keyboard. I don't think you can solve this by just giving every application it's own CPU and operating system. You can do this by restricting access, and by letting the OS take care of the installation and access conditions (maybe not configuration).

The way to do this is to create dependencies with modules, and create security managers to handle access. This is e.g. part of the Java security model, which is sadly hardly ever used. Microsoft has it's own copy of that of course. It's in .net and works with assemblies. Where Microsoft has an advantage is that it owns the Windows operating system, and can therefore easily use a centralized Virtual Machine (as in MSIL virtual machine), installation procedures etc.

I've little doubt that this is the direction Microsoft is thinking for the long run. Unfortunately they don't seem to grasp it on the same abstraction level that Sun can, so it will probably take time. No doubt it will take double that time for Gartner to understand it. Just running every app in its own OS is much easier to grasp, especially when it is already there.

Re:MS Windows != Every OS

[senatorpjt]

there's nothing wrong with shipping a kernel and a firewall on the same disk, but the firewall shouldn't be in the kernel!

The firewall is in the linux kernel.

Re:MS Windows != Every OS

[abigor]

iptables is a part of the Linux kernel. There is a userspace program called 'iptables' that acts as a front end, but all packet filtering, rule traversing, etc. happens in kernel space.

Linux does not have well-defined interfaces, particularly not at the kernel level. Just ask any driver writer.

Re:MS Windows != Every OS

[kimvette]

Can you point out the built-in to the OS equivalent of IE in Linux? You can't, because it doesn't exist.

Sure can. Check out KDE's konqueror and KHTML. It integrates very nicely into kwin (the window manager), is embeddable, providing the help engine, integrates with various services/daemons via plugins and extensions, provides integrated and seamless web, help, and file browsing, can also act as a media player (through plugins and extensions), a smarter "search/find" feature than Microsoft will ever deliver in Windows, and if elevated permissions are required for a task, you will either be prompted for the password or the action is simply disallowed (depending on the plugin or extension) unless you specifically start konqueror with su/kdesu. Also, an integrated terminal window is provided so you can run tasks on files in a directory without having to clutter your desktop with separate Xterm windows.

In summary: konqueror in KDE is what MSIE/Explorer tried to be in Windows, and more.