Craig Mundie Blames Microsoft's Product Delays On Cybercrime

whoever57 writes "In an interview in Der Spiegel, Craig Mundie blames Microsoft's failure in mobile on cyber criminals. Noting that Microsoft had a music player before the iPod and a touch device before the iPad, he claims a failure to execute within Microsoft resulted in Microsoft losing its 'leadership.' The reason for the failure to execute, in his words: 'During that time, Windows went through a difficult period where we had to shift a huge amount of our focus to security engineering. The criminal activity in cyberspace was growing dramatically ten years ago, and Microsoft was basically the only company that had enough volume for it to be a target. In part because of that, Windows Vista took a long time to be born.'"

Cyber criminals

Yep, cyber criminals armed with chairs...

Re:Cyber criminals

[K.+S.+Kyosuke]

Hah, wait till Chair Man comes to the rescue! (I know the public identity to his secret one, but I won't tell!)

Were MS Assets Available?

[BoRegardless]

If MS had wanted to start a new division for mobile devices, it had the cash to do it. Mundie's excuse doesn't cut it.

If what he is saying is that he and Balmer are so much of a micromanagement team that they couldn't handle one more project and still tell everyone what to do, I can buy that as an excuse.

Re:Were MS Assets Available?

[DarkOx]

That and attempting to duck responsibility for the security situation is a little pathetic too. Yes, the people responsible for crime are the criminals. If someone hacks you trashes you site, steals you trade secrets whatever that cracker is the responsible party. Just like if someone breaks the glass in my window reaches around and opens the lock, they own the breaking and entering. That does not mean however its not a good idea take steps to protect you valuable assets, because we know there are bad actors out there.

The reality is most of us want an operating system where the security controls are effective. Microsoft was forced by the market to 'focus on security' because businesses really were going to start jumping ship for alternatives like Apple desktops and Linux in back office (an in some cases the front office too). If Microsoft had made a correct allocation of resources to security in the first place they would not have to sideline so many other efforts to fill in the deficit later.

Re:Were MS Assets Available?

[jhoegl]

I also like the theory that because Windows XP was the only OS for 5 years or so, it made it more porous. So once Vista came out, it somehow caused problems for hackers.
Shill article is terrible.

Re:Were MS Assets Available?

[MysteriousPreacher]

I feel for Mundie. My construction business went through something similar. After many happy years of designing and building sub-standard residential properties, we were caught off-guard when people began to exploit the tendency of our houses to catch fire, explode, and be easily burgled.

As the largest builder of houses, we were a common target. We lost our lead in commercial buildings because we had to devote a lot of resources to learning how to build houses that lasted more than a few days.

it's easy in hindsight to say that electrical insulation is useful, or that gas pipes should not leak, or that front doors be made of something more sturdy than cardboard. Back then we had no reason to assume that anything of those things were ever going to be important, and I assume everyone built houses that were prone to sudden annihilation.

We're not entirely blameless. This would never have happened if people had kept naked flames at least 30ft away from the houses. The cardboard doors on the houses not at the time exploding and/or burning, was only an issue because criminals were trying to burgle houses.

Never designed to be network-aware

[jabberw0k]

Windows (and MS-DOS before it) was not originally designed to be network-aware, much less network-safe. MS-DOS was a thinly disguised clone of Digital Research's CP/M, circa 1974. CP/M, as a personal computer operating system, was specifically designed not to have any sort of security, versus what was seen as the draconian measures taken by "mainframe mentality" operating systems like UNIX (from Bell Labs, 1969).

It was no surprise to anyone that an operating system that treats all programs and operations as fully privileged, when connected to a global network, treats everyone in the world as a sysadmin. Microsoft's campaign, then, was to somehow graft basic security features into an o/s that never had them, without horribly breaking every existing application.

That they succeeded even a little is a triumph of engineering.

But they would have saved everyone, including themselves, a huge amount of time and money by using something more UNIX-like as the design basis of Windows NT in the early 1990s. Apple learned that lesson with OS/X. Microsoft had Xenix years before, but threw it away. We, and Microsoft, are still suffering the consequences.

As so-called "smart" phonecomputers and tablets further fragment the marketplace, it won't be the PC that "goes away" but, at long, last, Windows and the CP/M heritage. The UNIX way wins at last... Huzzah!

Re:Never designed to be network-aware

[Alomex]

was specifically designed not to have any sort of security, versus what was seen as the draconian measures taken by "mainframe mentality" operating systems like UNIX (from Bell Labs, 1969).

pffffft (spits coffee out) Unix security what?

Unix was designed as an experimental operating system for a lab setting and hence had the weakest security of all OSes at the time. In fact, old timers will remember the common quip from the 80's and early 90's: Unix security is an oxymoron.

Here's a sample quote from 1986:

"UNIX Security" is an oxymoron. It's an easy system to brute-
force hack (most UNIX systems don't hang up after x number of login
tries, and there are a number of default logins, such as root, bin,
sys and uucp). Once you're in the system, you can easily bring
it to its knees (see my previous Phrack article, "UNIX Nasty Tricks")
or, if you know a little 'C', you can make the system work for you
and totally eliminate the security barriers to creating your own
logins, reading anybody's files, etcetera. This file will outline
such ways by presenting 'C' code that you can implement yourself.

For example: 1) the original Unix did not even have disk quotas. 2) as late as the early 1990s any regular user could bring the entire system down with a simple stty command, 3) wall used to be enabled to all users by default which included the ability of writing control characters in someone else's TTY 4) the password file containing the encrypted passwords used to be publicly readable which opens the system to offline attacks 5) to this date, *nix does not support well the concept of application ownership of a file which leads to programs requiring their own user account, which is another kludge.

Unix security today is a hard won battle by many people who patched up the original Unix system. Even so it is still subpar compared to big iron mainframe security.

Re:Never designed to be network-aware

[terjeber]

Oh, there are so many mistakes in this drivel that I am at loss as to where to start. Well, let's begin at the beginning.

Windows (and MS-DOS before it) was not originally designed to be network-aware

And how is that relevant? The Windows NT source code is not based on, and contains no, DOS code. DOS, and Win16 software runs in emulation on Windows since Windows NT, that is Win2K, WinXP etc. There is very little difference between the way Linux runs Win16 software (on Winw) and the way WinNT based OSs run Windows software. WinNT was designed from bottom-up to be a network operating system. In many ways, it has far more network awareness and security built in than does, for example, Linux.

The base of the Windows you are running today was designed to be similar to VMS from DEC, an operating system that actually had the "mainframe mentality".

draconian measures taken by "mainframe mentality" operating systems like UNIX

BZZZZ! WRONG! Unix was written as a "personal" operating system that would be a lot simpler than the operating systems under "mainframe mentality" (whatever that was at the time) and would free its users from the rigors of time-share systems etc.

no surprise to anyone that an operating system that treats all programs and operations as fully privileged

Windows hasn't done that since before Win2K. In WinNT (but that was sadly later dropped) a Microkernel mantra was used, where even most drivers ran in user-space rather than in kernel space. Graphics drivers were later (in Win2K as far as I can remember, but don't quote me on that) moved to kernel space.

Microsoft's campaign, then, was to somehow graft basic security features into an o/s that never had them

Oh, so wrong, so wrong. Clueless drivel in fact. Windows NT had far more security features than most desktop Unices at the time, and Windows still has a much more sophisticated security model than, for example Linux. Even the basic file system security of Windows is heads and shoulders above most Linux file systems.

Honestly, if you want to post about the technical underpinnings of something, you really should get a basic clue fist. Repeat after me
There is no DOS code in the Windows operating system.
Windows was built from ground-up based on VMS as a network-aware, multi-user operating system
Windows has better file and run-time security than almost any personal operating system in use today, including OS/X and Linux.

That, you see, is reality. Not the nonsensical drivel you posted.

Re:Never designed to be network-aware

[CajunArson]

Shush you! Your irresponsible knowledge of history and politically-incorrect use of "facts" are getting in the way of us praising the perfect security of anything associated with UNIX!

Now excuse me while I go purge my SSH logs of all those pesky login attempts that I'm sure are all coming from only Windows machines since Microsoft forces everyone to use SSH on Windows. I'll ignore all those nmap reports that indicate the attack machines are actually compromised Linux boxes in Asia since its theoretically possible for someone to lock down a Linux box, therefore ALL Linux boxes are always perfectly admined and cannot be hacked!

Re:Never designed to be network-aware

[terjeber]

For the record, the rubbish Craig Mundie says in the referenced article seems like drug-induced nonsense. Microsoft dropped the ball on security by basically, in Win2K defaulting to run anything under the "root" user, which was a stupid idea, but understandable, most users of Win95/98/ME would have been lost if the security in Windows had actually been used properly.

Re:Never designed to be network-aware

[gbjbaanb]

ohhhh shit, the world's just been turned upside down - Unix is for personal, hack-style users and Windows is for mainframe, secure datacentre applications?! :)

Of course you're right - Dave Cutler did a great job with the original WNT, and Linux was a crashy bit of crap for many years, but things change and Linux had a load of good engineering put into it, and WindowsNT had a load of crappy engineering put into it.

So today, the faults with Linux lie in the original design flaws, and the faults with Windows lie in the bodged up crap that was added by other teams in Microsoft. (however, I'd take a slight contention about Windows NT security model - it started life really well, simple to use and understand. Today even running as administrator you don't have administrator privileges, then there's the overly complex way of applying some security aspects, and then there's the different models of security that just don't use the underlying model that worked so well - for example I once attended a course from MS about MTS and in there they talked of security roles. I put my hand up and asked "why have roles when you could have used Windows groups?" The guy ummed a little, gave a little laugh and said "ah yes, I see where you're coming from with that... next question"). Obviously some team at MS had decided to roll their own security system rather than rely on the underlying thing, and this is what still happens today.

Re:Never designed to be network-aware

[Waffle+Iron]

Windows (and MS-DOS before it) was not originally designed to be network-aware

And how is that relevant? ... The base of the Windows you are running today was designed to be similar to VMS from DEC, an operating system that actually had the "mainframe mentality".

It's relevant because for many years they shipped their OSes configured "out of the box" to bypass or hobble much of that wonderful-on-paper NT security model. This was so they could preserve the nonrestrictive DOS/Win95 the user experience that people were so used to. The security technology might as well not be there if nobody actually uses it.

This problem was compounded by a lack of quality control on much of the system code outside of the kernel itself. Remember when the half life to 0wnage of a fresh XP box connected to the Internet was measured in minutes?

Re:Never designed to be network-aware

[Dr.+Evil]

NT4 moved the graphics into the kernel. It was controversial back then. http://technet.microsoft.com/en-us/library/cc750820.aspx

The biggest PITA to run outside of an administrative account was the software. It wasn't until XP that software *started* to work as a 'user'.

Microsoft made big leaps in security in the past decade. Security advisory/patch cycles to entrypoint randomization, driver signing, code signing, policy refinement, non-executable stacks, WSA, antivirus etc.

I don't buy that this cost them their leadership. Crappy decisions did. I'll add that ironically, because they didn't create marketplaces like itunes, their music player almost *relied* on piracy "cybercrime" for their marketshare.

Re:Never designed to be network-aware

[MightyYar]

I'm not up on the current conspiracy theories, but my understanding was that the notion that Microsoft STOLE CP/M was debunked. It's pretty clearly patterned off of it, IMHO. At least the command line interface is superficially very similar.

Re:Never designed to be network-aware

[Alomex]

Would you care to explain what is kludgey in using the uid namespace to also provide per-application ownership?

Gladly. The main problem is that user space and app space are orthogonal. Good security requires the ability to say "this file shouldn't be touched by anyone other than joe blow using acrobat reader". Each of the two parameters, namely userid and appid are independent and need to be treated differently.

So just because joe blow is a superuser this doesn't mean that all of his programs should run in that mode. In fact this deficiency is what eventually lead to the deprecation of su in favor of the sudo command, itself an 80s addition to Unix and not really popular until the mid-to-late 90s. It is an attempt to try to prevent unwanted inheritance of the su privileges to one and all applications.

This way for example, the java sandbox would be created by the OS rather than by the JVM sandbox kludge. The OS knows that the browser is not allowed to write to disk except to ~/.cache and ~/,downloads and you don't have to worry about what is the payload. You also want to have a per app+directory quota, to avoid denial-of-service attacks via disk/user account overflow.

All of these things were already available in 70s mainframe operating systems and greatly increase security. They were echoed in the Mac design which completely forbade the wrong app from opening a file (itself a bit of an overkill, as it made it impossible, for example, to hand edit a postscript file or to print a manually generated postscript file)

In fact most commercial flavors of unix are aware of this, and hence support an extended form of Access Control Lists (ACLs). However these have never taken on as all implementations feel awkwardly grafted into the file system.

Re:Never designed to be network-aware

[DarkOx]

Windows has better file and run-time security than almost any personal operating system in use today, including OS/X and Linux.

Thank you for your post I was waiting for someone to set the record strait. I do take some exception with your final thought though.

The NT Kernel has better file and run time security than pretty much everything else out there. That is true, but in practice its not and has never been used fully. The presentation and application layers of Windows pretty much until failed to expose lots of the features until Server 2003. Even now many of them are not widely used because making much use of them tends to break functionality up the stack.

Yes they are there and you can harden a special purpose windows box to the point where I would strong doubt the best pen tester could get it. On the other hand prior to Windows 7 it impossible to do that to a more general use desktop and have it be usable. It is much much better on Windows 7, Server 2008, and though.

Re:Never designed to be network-aware

[Pinhedd]

MS-DOS took a very similar approach from an interface perspective but that's about it. Underneath the hood its neither a clone nor a clean room re-implementation of CP/M.

There's a very thorough article in IEEE Spectrum by an author who used modern disassembly, debugging, and code similarity techniques and applied them against various versions of DOS and CP/M. Everything led him to a dead end.

http://spectrum.ieee.org/computing/software/did-bill-gates-steal-the-heart-of-dos/0

Re:Never designed to be network-aware

[serialband]

I realize that you're joking, but you're supposed to automatically rotate your logs. If you're constantly purging the those attempts, you're doing it wrong. Run fail2ban or denyhosts and turn on your firewall.

Linux/Unix is only as secure as the security minded sysadmin can manage. Windows has actually become more secure in the last 4-5 years. They had to because of all the attacks on them. Linux has to play catch up now. The whole network advantage someone else mentioned is now long gone.

I will say that I like the easy to use command line tools in Unix/Linux, but those exists in Windows as well, you just have to download them. If you know how to script in Windows, you can manage an equivalent number of computers as you would on Linux. The only reason you have a lower computer to Windows Admin ratio is because we have so many fly-by-night MSCEs who only really know the GUI tools and don't know how to remotely script the same thing to apply to hundreds of systems rather than visit them at the console.

Re:Never designed to be network-aware

[makomk]

The more additional 'features' you add, the more likely the average user* will screw them up and open a hole.

Not just the average user either; it's easy for the average developer to screw up and leave a hole too. For instance, under Windows many application installers need to install one or more system-wide services (it's basically mandatory if you want to do automatic updates). As part of the service installation process, you need to specify the ACL to be applied to the newly-created service. Lots of app developers such as Adobe screwed this up and set a generic wide-open ACL, which meant any user on the system could get root by editing the service configuration and pointing it at a malicious executable they'd created.

I seem to recall this and other interesting holes weren't spotted until someone designed an automated checker and gave it a full model of how Windows security worked because it's just that complicated.

Obviously the dog ate their decent designs...

[tylikcat]

He's discussing the time period right about when I finally bailed on MS. I had been trying to be a security advocate for my group for a couple of years - and was told over and over again that users don't want security, and who cares? (Admittedly, the group I'd worked for before that, which was more server focused, was also more security focused.) ...and then the security initiative began, and while I was cheerfully packing up my office, I suddenly had coworkers stopping by, picking my brain and trying to get me to give them my phone number so I could, continue to work for the company I was so eager to depart from, for free. And, of course, the security infrastructure they produced was incredibly annoying and non helpful for most users. (Somewhere in here my not particularly computer literate mother switched over to linux.)

Of all the stupid statements I've heard coming out of Microsoft about why they have made lousy products and terrible missteps which were, inaccountably, not embraced by customers, this has got to be the stupidest.

Mobile? The core problem continues to be that mobile is much more about hardware (which Microsoft itself has finally acknowledged). And even aside from the hardware, more about clean interface design than market dominance.

What bufoonery.

Here we go...

"Microsoft was basically the only company that had enough volume for it to be a target"

Tying security to volume of installs shows, to me, a lack of understanding of the actual models underlying the operating systems.
Windows is an entirely different creature from say Linux. Linux is merely the kernel, everything else is a package. A properly secured linux box, (proper PAMs, selinux, permissions, Least user privs, and minimum packages) != a hardened windows box. They are not even close. Volume has little to do with the security models. I hate that is always pops up. As if.

It took Vista a long time to be born...

[The+Rizz]

In part because of that, Windows Vista took a long time to be born

Too bad they didn't use that extra time to abort...

Well duh

[Solandri]

The reason for the failure to execute, in his words: 'During that time, Windows went through a difficult period where we had to shift a huge amount of our focus to security engineering.

You took an OS which effectively ran with superuser privileges (DOS) all the time, and added a graphical shell on top of it (Win95, Win98). You then tried to switch it to a more secure user / superuser model, but you made it so inconvenient that it was easier for everyone to just run as superuser all the time (NT, 2k, XP). Finally you started trying to enforce running as a regular user except when needed (Vista). But the industry had had a decade to acclimate to running as superuser, so you were met with so much resistance you had to scale it back (7). Of course you're going to have a huge security problem.

You should've just bitten the bullet and enforced the user / superuser paradigm as early as you could have. i.e. Back when the Internet became big, around when Windows 95 came out, you should've realized the future was for all computers to be networked, and that user vs. admin privileges were going to become very, very important. But no, you took the easy way out and stuck with the one-computer one-user model, and you've been paying the price for it for the last decade and half. You made your own bed; it's disingenuous to now blame someone else for having to lie in it.

Part of being a good leader (of a group, country, market, whatever) is to foresee and recognize what's going to become important or a problem in the future, long before your followers do. A good example is what the NSA did with DES. They had done enough secret research into DES that they knew of a vulnerability; and when DES was proposed as a standard they made some secret changes to it which eliminated that vulnerability before the public was even aware of it. Your job as a leader is to act on that foresight, even if your followers can't see what you see and complain about it. If you can't do that, you just aren't cut out to be a leader.

Re:Well duh

[QuietLagoon]

You should've just bitten the bullet and enforced the user / superuser paradigm as early as you could have. i.e. Back when the Internet became big, around when Windows 95 came out, you should've realized the future was for all computers to be networked

Bill Gates, that great visionary at Microsoft, famously missed the onslaught of the Internet. He didn't even see it coming until he had to play catch-up.

Re:Yeah, we remember the Zune.

[jimicus]

He can't possibly be talking about the Zune. It came out in 2006; the iPod came out in 2001 and was on its fifth revision by the time the Zune came out.

Build it right the first time

[number6x]

When Windows first came on the market it was not the market leader. It did not have years of legacy code or legacy applications holding it back. It could have been built more secure from the ground up.

All of Windows competitors competed in the same market with the same 'cyber-criminals'. They built products that better withstood attack. All of the parties building products for sale in all of these markets were subject to the same market forces. By the time we got to the world of touch surfaces, music players and phones, Microsoft had a few things it could have used to its advantage: $49B in the bank and market dominance. They are complaining that they had to re-direct resources to make Windows secure. Then they should have tapped into their reserves and gotten more resouces!

Maybe if they didn't waste money on ads for churros and running shoes with Jerry Seinfeld and put that money towards product development they would have succeeded.

Microsoft failed in these markets because they failed to understand what consumers wanted. They have no one else to blame but themselves.

Build procucts people actually want to buy.

Re:Build it right the first time

[plover]

When Windows first came on the market it was not the market leader. It did not have years of legacy code or legacy applications holding it back. It could have been built more secure from the ground up.

No, it could not have been built securely from the ground up. It was built on the legacy of MS-DOS, which was more of a boot-loader than an operating system. The security model was the old one of physical isolation - if you wanted the contents to be secure, you put it in a room and locked the door. As all security was external, there was no consideration of security in the products being written, and there were a lot of them. As Windows evolved from 1 to 2 to 3, they still had a rich legacy of DOS apps they had to continue to support. End point security came in the form of protecting the system from disk-borne viruses. Then along came Ethernet adapters, and with networking began the job of isolating users. Security was handled at the server level, because the primary threat model was unauthorized people accessing applications and data. Windows still didn't have a networking API at the time -- networking meant remotely mounted files.

When Windows 95 came around, they did a better job of hiding DOS beneath the covers, while retaining the ability to run MS-DOS programs. But that still meant no security at the OS level. A true multitasking kernel was required to secure the machine. They had one in the form of NT, but NT's incompatibility with the PC games of the day meant it was never suitable for average home users.

In the 1990s, what was far more important to Microsoft's security than "cybercriminals" was IBM. OS/2 was a real 32-bit multitasking OS, and Warp was being released in 1995. Microsoft had to get something out the door immediately. Keep in mind that they were still six years of work away from releasing a real multitasking kernel suitable for the home, but they didn't have six years, so they rushed Windows 95 out the door. They used that time to get people writing Win32 games and wean people off the legacy of DOS. But that meant security continued to take a back seat to everything.

Had Microsoft bit the bullet and tried the NT kernel route for the home users back in 1995, they would have sold nothing to the home market, and OS/2 would have sealed the fate of Windows.

Microsoft made their choices based solely on dominating the market. Delivering real security would have meant the death of Windows, and everyone on Slashdot would probably be bitching about OS/2 and AIX today. It would have been better for the world, but that's the way the cards played out.

Translation

[folderol]

It's everyone else's fault. Not ours.

Re:"executional missteps"?

[gbjbaanb]

Ximinez: Hm! She is made of harder stuff! Cardinal Fang! Fetch...THE COMFY CHAIR!

[JARRING CHORD]

[Zoom into Fang's horrified face]

Fang [terrified]: The...Comfy Chair?

[Biggles pushes in a comfy chair -- a really plush one]

Ximinez: So you think you are strong because you can survive the soft cushions. Well, we shall see. Biggles! Put her in the Comfy Chair!

but Ballmer used and threw an office chair - see, he managed to fuck up even this simple act of corporate motivation.

Ximinez [with a cruel leer]: Now -- you will stay in the Comfy Chair until lunch time, with only a cup of coffee at eleven. [aside, to Biggles] Is that really all it is?
Biggles: Yes, lord.
Ximinez: I see. I suppose we make it worse by shouting a lot, do we? Confess, woman. Confess! Confess! Confess! Confess

ah... well, I suppose he does try to make up for it by shouting a lot.

Re:Cry Me a River

[DarkOx]

Yes and the worst part is the very argument shows top brass at Microsoft still regard security as a distraction rather than a key design requirement in their products.

Re:Microsoft and Apple Tablets

[UnknowingFool]

My interpretation is that Apple embraced touch and built their OS around it while MS tried to shoehorn it into Windows and call it a tablet.

Microsoft was run by idiots.

[knorthern+knight]

I remember Redhat 6.x from the ealy 2000's. It installed with all services+listeners running by default. Stuff like SMTP and RPC and bind was listening. For a Redhat install, the only safe way to install was from CD. Then run "lsof -i" and see what services are listening to the internet, and spend the better part of an hour shutting them down, and/or uninstalling them altogether. Worms like L10n and Ramen were rampant. After a lot of yelling+screaming Redhat finally listened, and stopped installing that stuff by default. Installs could be done without needing a firewall. The worms went away.

Microsoft was run by a bunch of idiots who wanted everything to "just work". One of the advertising claims for Windows 3.1 was "ease of administration". You could send a script as an email to all users in the office, and they simply had to click on it and it would re-configure their PC as you desired. This worked great in a 10-person office before the WWW. On a hostile web/internet, it was a disaster waiting to happen.

In order to make things "just work" for home PCs, Windows defaulted to NetBIOS/NetBEUI and RPC all turned on. This was one of the causes of all the worms that spread by portscanning. To make things worse, by Win98SE, *YOU COULD NOT TURN OFF RPC EVEN IF YOU WANTED TO*.

The "Autorun" mentality was another problem. We all know about sticking a USB key into a Windows machine, and it "automagically" ran stuff. That was not the only such problem.

Excel had "autoexec macros" that ran when you fired up the spreadsheet. MS' first response was to change Excel to set a bit in the file header of the spreadsheet, flagging that it had autorun macros, and Excel shouldn't run them if the user had changed his Excel config to disallow autorun macros. It didn't require genius for bad guys to save a spreadsheet with autoexec macros, and edit the file header of the spreadsheet with a hex editor, telling Excel that the spreadsheet was "safe". Excel then proceeded to run the autoexec macro when loading the spreadsheet, regardless of the user's settings. That was eventually fixed.

Outlook Express (known "affectionately" as "Outhouse Excuse") also "auto-rendered" files. This allowed photos to be displayed inline, and music files (WAV, etc) to be played automatically. The "security" consisted of filtering against a list of safe file extensions (WAV, JPG, etc), and then handing off the file to the OS to run. The OS ignored the extension, and determined the file type by checking the file header, then it handed off the file to the appropriate program. So the bad guys renamed "virus-installer.exe" to "song.wav", and it was automatically executed. This is how SirCam and Bubble-Boy wormed their way around the web.

And then we get to Active X, known "affectionately" as "Active Hacks". This was the mechanism behind so many "drive-by-downloads". What made it worse was that Active-X was rammed down people's throats by Internet Explorer. Let's say you disabled Java, Javascript, and Active-X in IE.

* Java was Sun's product. You launched a webpage with a Java applet, the applet didn't download and run, but the rest of the page displayed properly. IE "degraded gracefully".

* Javascript (originally called "Livescript") was Netscape's baby. You launched a webpage with javascipt, the javascript didn't run, but the rest of the page displayed properly. IE "degraded gracefully".

* Active-X was Microsoft's baby. A lot of webpages had Active-X code. When IE came across a page with Active-X, and IE had Active-X, then IE came to a screeching halt, and put up a modal dialogue about how "This page may not display properly". It would not budge until you clicked OK. With all the Active-X applets on the web, IE was effectively unusable with Active-X disabled. Just like UAC several years later, people got sick and tired of clicking "OK" every 30 seconds, and simply enabled Active-X in IE. That was what kept drive-by-downloads going.

Microsoft have only themselves to blame.

Pipes and filters

[jabberw0k]

The whole idea of "The UNIX Way" is that files are just files ... and that you accomplish tasks by running files as streams through various pipes and filters. This is utterly at odds with requiring file associations to any particular program. You can use vi or Emacs or pico or whatever you like to edit a .c file. You can use Emacs to edit a PostScript file... you can use any of half a dozen common programs to edit a .docx file... It's the "Apple way" of forbidding anything but the Anointed Holy Programs from operating on my files, that is broken.

NT had to be backwards compatible?

[dgharmon]

.. "The problem isn't that NT-based operating systems are inherently insecure. The problem is that .. NT had to be backwards compatible with existing applications" ..

Why didn't they run older apps inside a virtual DOS machine like on OS 2?