I thought that the compiler that Microsoft has made available at no charge understood only the C# language. Do you claim that somebody has rewritten the MySQL database engine in C#?
I didn't know that the free compiler only supported C#. I stand corrected.
There exist two popular GCC distributions for Microsoft Windows operating systems: Cygwin and MinGW. (MinGW is GCC that uses Microsoft Visual C++'s C runtime library.) I wrote my comment in the context of Chanc_Gorkon's belief that people who port MySQL to Cygwin waste their time. Or do you claim that the port of MySQL to MSVC compiles cleanly in MinGW?
I agree that MinGW is a closer match, since it uses the same runtime libraries as MSVC. I'm not suggesting that a port to MinGW would be trivial, but it isn't completely impractical either. I admit that I haven't tried to actually do any of these things; I only wanted to point out that there are alternatives to MSVC.
I don't know exactly how the POSIX subsystem handles graphics functions. I assume it runs under some kind of window, provided by win32. The video adapter (and input devices, for that matter too) can't be shared. Something in software has to arbitrate between different programs; basiclly, GDI provides regions for that purpose. The win32 subsystem takes over the display as soon as the display driver is ready during startup; it only gives it up for a blue sceen. SO since win32 has exclusive control over the video adapter, everything else (posix included) must use it.
I guess DirectDraw, with a video buffer would be more direct. I suppose you could even commandeer the display device, during startup, stall win32 from initializing, and use the display yourself directly from kernel mode. That's more work than it is worth IMO.
GDI is a subset of Win32; the native (executive) api does not handle graphics functions. Historically (before nt4) GDI was implemented entirely out-of-process by csrsrv.dll in csrss.exe (the win32 subsystem server). But starting with nt4, most of win32 moved into kernel mode (supposedly for speed) in win32k.sys, and the kernel itself became more dependent on win32. Here is a link to more information.
There are plenty of services you can disable from the Services MMC snap-in. You can even do it from the command line (XP or later) with sc.exe.
Still, there are services that can't be stopped, and can't safely be disabled.
Plug and play- not sure why you would want to stop this, but you can't.
SAM- security would be shot without this.
Event log- services and drivers wouldn't be able to report errors and auditing wouldn't work without this.
RPC- it would be nice to stop this, or at least disable the network portion; it seems to be the source of many remote vulnerablilties.
Not to mention the entire win32 subsystem Also, the add/remove programs beginning with at least win2k is crippled; there are many things not required for basic services to work that can't be uninstalled there. Media player comes to mind. 'Hiding' them is not a good solution.
We run an online testing and certification engine, written in perl. It WAS hosted on a Win2K/IIS box, but about once a week the server would lock up with IIS hitting 100% CPU utilisation and the only way to 'fix' it was to reboot. The same code's been running on a Redhat 9/Apache server for about 2 months now with no downtime.
The only way to fix it was to reboot? Why don't you try stopping and then restarting the web service?
I'm not trying to defend software that stalls like that, but restarting the entire operating system is overkill.
Windows does not deal with local exploits, ever. Imagine all the programs that create files in C:\WinNT\Temp. All the programs that read from registry entries. I would bet the vast majority of these could be exploited without a thought. There are probably thousands/millions of local exploits in windows. But you never see patches for them. Because nobody cares. Windows isn't designed to be "multiuser". They are trying to shove it into that role, and it won't fit.:0 Or if it fits, it will be disasterous.
I don't see anything in my \Windows\Temp directory. Do you know of any privleged services that actually use temp files? There are some things from VS.NET in the current user's temp directory, but hijacking those won't help much (only that user has acces to them). Windows can be multi user; ever used Terminal Services? Each user (non-admin) is sandboxed. Some of the default settings suck but they are usually easy to change. (For example, normal users, by default, can shut down the system; this is unacceptable for multi-user. It can be easily changed by removing the shutdown privelege from the users group.)
Windows generally does not operate in a multiuser fashion, so these exploits are not as pertinent. Having written Windows software for years, I can tell that if local exploits ever become a concern for Windows (e.g. if Windows ever goes multiuser in a big way, where a local user may want to exploit the machine), almost every Windows application will have big problems with local exploits, since they have been built assuming that the local system is single-user and temp files and registry entries are assumed to be safe.
Ever heard of 'terminal services'?
Care to name any specific local exploits? Every file, registry key and every other system object has an ACL; WinNT certainly IS securable and multi-user. Running every user as an Administrator and expecting security is pointless though; it's almost like running everything as root in unix.
Local exploits generally use buffer overflows or hijack split-second temp files to do their nastiness.
I can't think of any system processes that use temporary files. (unless you count page files, but those are opened exclusively.) I suppose that a buffer-exploit is a big risk; Microsoft has a bad reputation for those.
What? I have a K6-2 300 with 128MB running WS2k3 and it takes mabye 1 minute total to log on(faster than my RH9 install). Even faster resuming from hibernation. Sure, that's about double the system but still...
I can get all kinds of stuff to run. Including Office. Usually, MS programs are better behaved than average. Still, you are right in saying that many things require more priviliges than they should need to run. I guess this is a more fundamental difference in the coding ideologies between UNIX and Windows. Many Windows programs implicitly require access to everything, whereas UNIX programs are usually better behaved.
To work around this, I recommend you download "su/sud" by Didier Cassereau. You can get it at http://www.loa.espci.fr/winnt/. Then create a cheapo cmd script: call it suaa.cmd (for Switch User to Administrator Auto), use SU with an administrator's name and password, running the desired program.
su -u Admin -p 123 -c %1 exit
Change the shortcuts of picky programs to "suaa.cmd X" where X is the program name. NOTE: if the command line includes any parameters or spaces, be sure to enclose it in quotes. Granted, this breaks the machine's security against malicious users, but you can at least avoid running Internet Explorer as an administrator. You can go the other way too: su also works for normal users.
And um, no Windows File Protection fixes it. When a crappy installation program overwrites a system file, WFP sliently replaces it with the correct (newest) version. That's what that big 'dllcache' folder is for.
The real security wisdom of Mac OS lies in its internal architecture and how the operating system works and interacts with applications. It's also something Microsoft unfortunately can't accomplish without a complete re-write of the Windows software -- starting with ripping out the bug-riddled Internet Explorer that serves as the Windows version of "Finder." (That alone would seriously improve Windows security, methinks.)
What does explorer's search have to do with security? How is it insecure?
Next paragraph, he complains that Windows's out-of-the box config (leaving so many things running) is bad. I agree. MS is improving in that area; WS2k3 is much better. Not being able to stop/disable RPC is an issue, however. I don't know what's so hard about disabling services anyway. You can even do it from the command line; just tell users to go Start->Run and type "sc stop messenger" to stop messenger, and "sc config messenger start= disabled" to disable it.
The next paragraph about installation is bogus. It is crappy installation programs that overwrite system files, and system file protection (min win2k) makes it a non-issue. I wish there was an example of a patch doing all of those things to configuration, since I don't know what he is talking about.
Don't like media player? Don't use it. There are plenty of alternatives; I recommend Winamp 2.
Many of the security concerns he points out are easily remidied by not running everything under admin, or at least avoiding crapware.
Unlike Windows, Mac OS X requires an administrator password to change certain configurations, run the system updater, and when installing new software. From a security perspective, this is another example of how Apple takes a proactive approach to system-level security. If a virus, remote hacker, or co-worker tries to install or reconfigure something on the system, they're stymied without knowing the administrator's password stored in the hardened System Keychain.
What do you mean, unlike Windows? You have to be an admin to install mostly anything, or change most computer settings on Windows.
I used the app access control panel in Windows to use Mozilla, and it works fine. There is nothing forcing you to use MS Media Player, Outlook Express, or IE for the internet. It IS more work to use a different shell than explorer (which uses IE a lot), but there are alternatives to that too.
Yes, 'Trustworthy Computing' is a thin marketing slogan, but the issues the author tries to bring up are a combination of unsubstantiated and easy to work around.
OK: on my laptop I am playing an ogg(220kbps) with winamp, watching a 640x272x24fps(995kbps)divx video off a CD in (another) winamp. cpu usage stayed at about 80% with those. So I set Mokney's Audio to compress several files at belownormal priority to use up the rest of the cpu's time (it got 20%-40% of the cpu's attention.) No audio, video or other skips. (yes all at the same time)
This is a P4M1.6, 256 MB of DDR266. It even has a crappy integrated S3 pro savage DDR video chipset (with shared video memory.) The peak commit charge during that was about 150MB.
And yes, this is under WinXP, sp1. The kernel is not one of XP(NT)'s weak points.
Care to provide any specific examples of things that the OS is doing what the apps should, or vice versa? The only thing I am aware of is office using modified drawing code from Windows in the GUI.
Go to Start->Run and type "sc stop messenger" to stop the service and "sc config messenger start= disabled" to disable it. Or you can just disable and restart.
It sounds like you have more expierence than me; I just assumed that NT had always crahsed from CSR's death.
I think the main reason to move the GUI into kernel space was to reduce the cross-process overhead. Why they didn't move everything into win32k.sys is beyond me.
...I wonder if CSR's critical status has anything to do with the 'RtlSetProcessIsCritial' function it depends on.
Reduced robustness? Before NT4, the GUI was run in CSRSS.EXE. If CSR died, the kernel would die too. Even in modern versions of NT, where CSR still handles a few console things, CSR's death will take down the whole system. From microsoft.com:
Stop 0xC000021A or STATUS_SYSTEM_PROCESS_TERMINATED
This Stop message occurs when a user-mode subsystem, such as Winlogon or the Client Server Runtime Subsystem (CSRSS), is fatally compromised and security can no longer be guaranteed. The operating system switches into kernel-mode and generates this error. Because Windows 2000 cannot run without Winlogon or CSRSS, this is one of the few situations where the failure of a user-mode service can bring down the system. Running the kernel debugger is not useful in this situation because the actual error occurred in a user-mode process.
I keep hearing about how horrible the Windows registry is because it is "one big binary lump" that contains everything. You mean like the databases that are in filesystems? A binary format doesn't mean that it is bad. If you have a corrupted binary file, yes it will be harder to recover when the original software can't, but there are many things to mitigate damage to binary databases, like journaling. The file tables in ext3 and NTFS are journaled to make them easy to recover. In Windows NT, all registry hives are journaled, too (notice the filename.log files?). So is an active directory database. I don't know about Exchange, but it may also be jorunaled. Another thing is that the winnt registry is NOT one big file. Each user has their own regisrty hive in their profile. The current config part of the registry (for the executive, and services) is under %system32%\config\system, the software tree is under.\software, the SAM has two hives, security and SAM. On top of that, there are.sav backup versions.
The registry has ACLs too, and even defaults protect the local machine (as opposed to current user) registry from normal users. Besides, apps are supposed to put all of their settings under \software\company name\program name. It's not Mirosoft's fault if some third party designer doesn't follow the rules, and it's not any worse than programs dumping random config crap into/etc.
Yeah, add this ACL your profile, or better yet- everything in 'Documents and Settings':Everyone-Execute File-Deny. Linux execute flag = NT execute file privelege, only with ACLs you can be more specific about just who can run what. Besides, compared to your steps, I wont suck up yet another partition on my hard drive.
You can always slipstream your XP iso so that SP1 is already installed.
Ever heard of 'Enable VGA mode'? (when you've installed bad video drivers)
XP supports changing video drivers without restarting; I have no expierence with ATI drivers, but the others I have used don't even ask for a restart when switching from 'Standard VGA.' It depends on the old driver being able to stop nicely.
You are including game updates in the Windows installation?
At the end of 2nd list, ever heard of 'Safe Mode'?
Patching doesnt always mean restarting.
There is little reason to patch if your system is secluded, at home, behind a good firewall.
Umm, nope. It doesn't matter if your are in the ADMINISTRATORS group. You can easily delete a file or change the ACL.
1. Why are you running everything under the Administrators group? 2. By default, administrators have the 'take ownership' clause you are referring to. They can take ownership of any object, and the owner of an object can always change the ACL. You can change that policy, so that anyone you want, or no one has permission to take ownership. It's under "local policies\user rights assignment\take ownership of objects."
The installer uses the permissions of the user you've selected.
Where do the registry settings go?
If you use the/profile switch(default), they go to the selected user. Use the/noprofile switch, and they go to the original account's profile. This is all from runas/?.
Slashdot Mirror
I thought that the compiler that Microsoft has made available at no charge understood only the C# language. Do you claim that somebody has rewritten the MySQL database engine in C#?
I didn't know that the free compiler only supported C#. I stand corrected.
There exist two popular GCC distributions for Microsoft Windows operating systems: Cygwin and MinGW. (MinGW is GCC that uses Microsoft Visual C++'s C runtime library.) I wrote my comment in the context of Chanc_Gorkon's belief that people who port MySQL to Cygwin waste their time. Or do you claim that the port of MySQL to MSVC compiles cleanly in MinGW?
I agree that MinGW is a closer match, since it uses the same runtime libraries as MSVC. I'm not suggesting that a port to MinGW would be trivial, but it isn't completely impractical either. I admit that I haven't tried to actually do any of these things; I only wanted to point out that there are alternatives to MSVC.
I don't know exactly how the POSIX subsystem handles graphics functions. I assume it runs under some kind of window, provided by win32. The video adapter (and input devices, for that matter too) can't be shared. Something in software has to arbitrate between different programs; basiclly, GDI provides regions for that purpose. The win32 subsystem takes over the display as soon as the display driver is ready during startup; it only gives it up for a blue sceen. SO since win32 has exclusive control over the video adapter, everything else (posix included) must use it.
I guess DirectDraw, with a video buffer would be more direct.
I suppose you could even commandeer the display device, during startup, stall win32 from initializing, and use the display yourself directly from kernel mode. That's more work than it is worth IMO.
I thought you could get just the command-line compiler (.net era) for free.?
I'm sure Borland has a free Windows command line compiler. And there is always GCC.
GDI is a subset of Win32; the native (executive) api does not handle graphics functions. Historically (before nt4) GDI was implemented entirely out-of-process by csrsrv.dll in csrss.exe (the win32 subsystem server). But starting with nt4, most of win32 moved into kernel mode (supposedly for speed) in win32k.sys, and the kernel itself became more dependent on win32. Here is a link to more information.
Still, there are services that can't be stopped, and can't safely be disabled.
Plug and play- not sure why you would want to stop this, but you can't.
SAM- security would be shot without this.
Event log- services and drivers wouldn't be able to report errors and auditing wouldn't work without this.
RPC- it would be nice to stop this, or at least disable the network portion; it seems to be the source of many remote vulnerablilties.
Not to mention the entire win32 subsystem
Also, the add/remove programs beginning with at least win2k is crippled; there are many things not required for basic services to work that can't be uninstalled there. Media player comes to mind. 'Hiding' them is not a good solution.
I'm not trying to defend software that stalls like that, but restarting the entire operating system is overkill.
Care to name any specific local exploits? Every file, registry key and every other system object has an ACL; WinNT certainly IS securable and multi-user. Running every user as an Administrator and expecting security is pointless though; it's almost like running everything as root in unix.I can't think of any system processes that use temporary files. (unless you count page files, but those are opened exclusively.)
I suppose that a buffer-exploit is a big risk; Microsoft has a bad reputation for those.
What? I have a K6-2 300 with 128MB running WS2k3 and it takes mabye 1 minute total to log on(faster than my RH9 install). Even faster resuming from hibernation.
Sure, that's about double the system but still...
To work around this, I recommend you download "su/sud" by Didier Cassereau. You can get it at http://www.loa.espci.fr/winnt/.
Then create a cheapo cmd script: call it suaa.cmd (for Switch User to Administrator Auto), use SU with an administrator's name and password, running the desired program. Change the shortcuts of picky programs to "suaa.cmd X" where X is the program name. NOTE: if the command line includes any parameters or spaces, be sure to enclose it in quotes.
Granted, this breaks the machine's security against malicious users, but you can at least avoid running Internet Explorer as an administrator. You can go the other way too: su also works for normal users.
And um, no Windows File Protection fixes it. When a crappy installation program overwrites a system file, WFP sliently replaces it with the correct (newest) version. That's what that big 'dllcache' folder is for.
Next paragraph, he complains that Windows's out-of-the box config (leaving so many things running) is bad. I agree. MS is improving in that area; WS2k3 is much better. Not being able to stop/disable RPC is an issue, however. I don't know what's so hard about disabling services anyway. You can even do it from the command line; just tell users to go Start->Run and type "sc stop messenger" to stop messenger, and "sc config messenger start= disabled" to disable it.
The next paragraph about installation is bogus. It is crappy installation programs that overwrite system files, and system file protection (min win2k) makes it a non-issue. I wish there was an example of a patch doing all of those things to configuration, since I don't know what he is talking about.
Don't like media player? Don't use it. There are plenty of alternatives; I recommend Winamp 2.
Many of the security concerns he points out are easily remidied by not running everything under admin, or at least avoiding crapware.What do you mean, unlike Windows? You have to be an admin to install mostly anything, or change most computer settings on Windows.
I used the app access control panel in Windows to use Mozilla, and it works fine. There is nothing forcing you to use MS Media Player, Outlook Express, or IE for the internet. It IS more work to use a different shell than explorer (which uses IE a lot), but there are alternatives to that too.
Yes, 'Trustworthy Computing' is a thin marketing slogan, but the issues the author tries to bring up are a combination of unsubstantiated and easy to work around.
Can't find a lightweight web browser? What about lynx! I bet it would run just fine under console.
OK: on my laptop I am playing an ogg(220kbps) with winamp, watching a 640x272x24fps(995kbps)divx video off a CD in (another) winamp. cpu usage stayed at about 80% with those. So I set Mokney's Audio to compress several files at belownormal priority to use up the rest of the cpu's time (it got 20%-40% of the cpu's attention.) No audio, video or other skips. (yes all at the same time)
This is a P4M1.6, 256 MB of DDR266. It even has a crappy integrated S3 pro savage DDR video chipset (with shared video memory.) The peak commit charge during that was about 150MB.
And yes, this is under WinXP, sp1. The kernel is not one of XP(NT)'s weak points.
Care to provide any specific examples of things that the OS is doing what the apps should, or vice versa? The only thing I am aware of is office using modified drawing code from Windows in the GUI.
Go to Start->Run and type "sc stop messenger" to stop the service and "sc config messenger start= disabled" to disable it. Or you can just disable and restart.
Requires sc.exe, included with winxp.
It sounds like you have more expierence than me; I just assumed that NT had always crahsed from CSR's death.
I think the main reason to move the GUI into kernel space was to reduce the cross-process overhead. Why they didn't move everything into win32k.sys is beyond me.
...I wonder if CSR's critical status has anything to do with the 'RtlSetProcessIsCritial' function it depends on.
What... ASCII pr0n??
I keep hearing about how horrible the Windows registry is because it is "one big binary lump" that contains everything. You mean like the databases that are in filesystems? A binary format doesn't mean that it is bad. If you have a corrupted binary file, yes it will be harder to recover when the original software can't, but there are many things to mitigate damage to binary databases, like journaling. The file tables in ext3 and NTFS are journaled to make them easy to recover. In Windows NT, all registry hives are journaled, too (notice the filename.log files?). So is an active directory database. I don't know about Exchange, but it may also be jorunaled. Another thing is that the winnt registry is NOT one big file. Each user has their own regisrty hive in their profile. The current config part of the registry (for the executive, and services) is under %system32%\config\system, the software tree is under .\software, the SAM has two hives, security and SAM. On top of that, there are .sav backup versions.
The registry has ACLs too, and even defaults protect the local machine (as opposed to current user) registry from normal users. /etc.
Besides, apps are supposed to put all of their settings under \software\company name\program name. It's not Mirosoft's fault if some third party designer doesn't follow the rules, and it's not any worse than programs dumping random config crap into
Yeah, add this ACL your profile, or better yet- everything in 'Documents and Settings':Everyone-Execute File-Deny.
Linux execute flag = NT execute file privelege, only with ACLs you can be more specific about just who can run what.
Besides, compared to your steps, I wont suck up yet another partition on my hard drive.
You can always slipstream your XP iso so that SP1 is already installed.
Ever heard of 'Enable VGA mode'? (when you've installed bad video drivers)
XP supports changing video drivers without restarting; I have no expierence with ATI drivers, but the others I have used don't even ask for a restart when switching from 'Standard VGA.' It depends on the old driver being able to stop nicely.
You are including game updates in the Windows installation?
At the end of 2nd list, ever heard of 'Safe Mode'?
Patching doesnt always mean restarting.
There is little reason to patch if your system is secluded, at home, behind a good firewall.
This is all from runas