Security Isn't Just Avoiding Microsoft

Jay Singala noted a story which points out "It's time for all the people who have entertained this fantasy to stop deluding themselves. How would life without Microsoft be different? It wouldn't be in any meaningful way for those in charge of network security; there would just be a different vendor peddling the dominant operating system."

Re:More secure?

[Corporate+Troll]

If not for microsoft, the word "rootkit" might not exist?

Is this a joke I hear whooshing past my head or are you being serious. You know that "root" part of "rootkit", it talks about the Unix superuser known as "root". The roots (pardon the pun) of a rootkit are most definitely in the Unix heritage. Look it up for yourself.

M$ lack of Security comes from

[Joe+The+Dragon]

Apps that where design back in the 9X and 3.1 days where there was little to no multi user, admin vs user, common dirs, and so.
Apps that need admin so they can auto update them selfs
A/V apps like Norton home that needs a admin users logged in for it to be able to get the updates.
Games copy protections that needs admin to run that should be other ways to do this with messing the the ide drivers or needing admin just to check if you have a good copy of the game.

It would be a big help if MS came out with a common update system that is easy for games and other apps to use and is free for developers to use. Then you can at lest get rid of having to deal with games and other apps having there own built in updates and needing admin just to run them as some force you to get the updates to use them. This system can also make it easy to keep your whole system up to date. You will just need to be an admin to run that common update system or even let it be setup to auto run in the back round at system level. Also MS needs to let get the all of the updates form windows update using auto update. Runas does not work for windows update in windows xp and 2000 and you need to run that to get the Optional updates.

Also put the full video drivers on windows / M$ update.

Re:The problem is Window's insecure architecture.

[Foolhardy]

IE consists of a front-end launcher and a few shared libraries that implement parts of the back-end like an HTML renderer. The only thing that the IE back-end is integrated with is parts of shell environment. It's a few shared libraries that are loaded into iexplore.exe, and explorer.exe when it needs to do HTML rendering. OSX has a similar architecture, called WebKit. KDE also shares Konqueror's back-end.

IE is just a few user mode shared libraries. It doesn't have hooks into the kernel. It runs with whatever privileges the user has; it doesn't have some magical security back door. It's not used by any system services. A vulnerability in IE can lead to the compromise of the process it is loaded into, but that's true of any library. IE's vulnerability record is awful, but it can only compromise the system as much as any of your other applications. If IE was a totally standalone program, its security track record would be exactly the same; it's (in)ability to compromise the machine exactly the same. If you run an app as admin, and its compromised, the entire machine is compromised. If you run an app as a normal user, and its compromised, only the user's account is compromised. IE has nothing to do with the security architecture of Windows.

In court, Microsoft said that IE was an integral part of the Windows experience, and that removing it would diminish that experience and break their right to sell a software package with whatever features they liked.