Virus Issue 2

CB ubuntu-users at crispin.cb-ss.net
Sun Mar 27 08:31:21 UTC 2005 

Andre Truter wrote:
> 
> 
> 
> One of the main problems are that Windows is based on DOS, which was
> designed as a single-user, non-networked OS.  As Windows evolved, it
> was never re-written from scratch, they just built security layers on
> top of the insecure base and the security is based on additional
> software running, it is not implemented in teh kernel or filesystem
> itself.

Andre, this is true of the Win95 family, but not true at all of most 
Windows OS's running today. XP & Server 2003 are build on NT, which was 
built using the latest technology of its day. NT and it's successors 
have nothing at all to do with DOS. DOS programs run on it via a 
distinct subsystem.

> 
> The problem is design.  Because Windows is so popular and so easy to
> breach, it is targeted, not only because of the user.

There are some design elements in Windows' security problems. But they 
are 'shallow' aspects of design (esp. extensive use of RPC), and these 
are gradually being stripped out.

Most of the security problems with Windows are actually more due to 
default configuration, and due to the way the default configuration has 
established 'cultural' traits in WindowsLand eg. using Administrator 
logins for everythinbg (this has been worsened by 3rd party apps also 
assuming use of the Administrator). Entirely MS's fault, I'd agree, but 
not really due to the design of Windows as such; rather, it's been due 
to MS shipping Windows in a form that is as easy for end-users to get 
started with as possible. A bad decision; I'll warrant it was made by 
marketing types.

I've worked in a server farm using around 3000 Windows (NT/2000/2003) 
servers (web, database, Exchange, and others), without any  security 
issues arising. Essentially all it took was a bit of sensible server 
configuration, and solid operational routines. This would not be 
possible if Windows' security problems were really ones of fundamental 
design.

Be critical of MS, by all means (I am, and no longer use a single MS 
product, for anything). But advocacy is  at its most powerful when it's 
fair.

More information about the ubuntu-users mailing list