Another look at Windows security - or the lack thereof

-
I posted about Windows security here earlier in the week. I'd found the collection of quotes on a Yahoo message board that ended with the advice of Mike Danseglio to "nuke" infected systems and then reload Windows. Now there's this commentary from no less than Robert X. Cringely:
Last week, a Microsoft data security guru suggested at a conference that corporate and government users would be wise to come up with automated processes to wipe clean hard drives and reinstall operating systems and applications periodically as a way to deal with malware infestations. What Microsoft is talking about is a utility from SysInternals, a company that makes simply awesome tools.

The crying shame of this whole story is that Microsoft has given up on Windows security. They have no internal expertise to solve this problem among their 60,000-plus employees, and they apparently have no interest in looking outside for help. I know any number of experts who could give Microsoft some very good guidance on what is needed to fix and secure Windows. There are very good developers Microsoft could call upon to help them. But no, their answer is to rebuild your system every few days and start over. Will Vista be any better?

I don't think so.
The killer to Microsoft's security efforts is the proliferation of stealthed root kits that virtualize the environment Windows runs in, literally hiding beneath the operating system. They're nearly impossible to detect, let alone remove. It's no wonder that Microsoft is now saying just to reformat and reinstall.

And the insecurity of Microsoft Windows goes hand-in-hand with the design of the PC. The PC was initially meant to be open, just like the Apple II the original PC was competing against. Over time the hardware has stayed open, and thus insecure. Any attempt to provide hardware lockdowns has resulted in accusations that the Big Corporations what to lock down Your Personal Computer for their nefarious (and profitable) ends. Everything from Intel's unique hardware ID on the Pentium III to Microsoft's Palladium to current TPM hardware chips. Until there is strong security support in the hardware (and I don't mean user vs. supervisor mode) there won't be strong security in the operating system. The only company that could pull it off would be Apple. I hope they do. That will drive even more people to the Mac platform, and put greater pressure on the rest of the hardware vendors to clean up their act. Apple has the greatest chance for succeeding because they design both hardware and software.

Comments

Post a Comment

All comments are checked. Comment SPAM will be blocked and deleted.

Popular posts from this blog

A Decade Long Religious Con Job

-
Image
I rarely write inflammatory (what some might call trolling) titles to a post, but this building you see before you deserves it. I've been seeing this building next to I-4 just east of Altamonte/436 and Crane's Roost for nearly 12 years, and never knew who owned it. Today on a trip up to Lake Mary with my wife I saw it yet again. That's when I told her I wanted to stop by on the way back and poke around the property, and photograph any parts of it if I could. What I discovered was this still unfinished eighteen story (I counted) white elephant, overgrown with weeds and yet still under slow-motion construction. It looks impressive with its exterior glass curtain walls, but that impression is quickly lost when you see the unfinished lower stories and look inside to the unfinished interior spaces. A quick check via Google leads to an article written in 2010 by the Orlando Sentinel about the Majesty Tower. Based on what I read in the article it's owned by SuperChannel
Read more

Ten Reasons to Ignore Ten Reasons to Dump Windows and Use Linux

-
There is a tradition amongst the hard-core Linux aficionados to extol Linux's various virtues as a list of 10 or more reasons to substitute (as in "dump") an existing Windows installation with Linux. There's no reason to point them all out; a simple Google search (" 10 reasons to use Linux ") will provide you with such lists stretching back through the years, as well as hours of entertainment. One very recent list caught my eye over the weekend, published by PCWorld. Their article, " Ten Reasons to Dump Windows and Use Linux ", seems to have hit a nerve with me. Normally I just ignore such journalistic pap, since the majority of it comes courtesy of one ill-informed blog or another (such as this one). But in this instance a "real" publication put some time and journalistic "credibility" into this list, which places it in front of a wider audience than the typical blog poist (again, such as this one). So let's consider al
Read more

Former Eclipse user re-evaluates Eclipse 3.3M5

-
Image
I've been using NetBeans for a while now, starting with version 4.2 in beta. One of NetBeans' key selling points (in my not-so-humble-opinion) is Java GUI building with Matisse . That feature continues to be quite powerful and unrivaled, especially for a free-as-in-beer IDE. I even wrote a lovely paean to the wonders of NetBeans and why I moved away away from Eclipse to NetBeans . Now, it looks like I may have to eat some of those tastefully written words. What you're looking at above is a complete Ruby on Rails project hosted and running within Eclipse 3.3 Milestone 5 on Windows XP. Milestone 5 was released this past Friday, February 9th. I installed it Saturday, and then went on a plugin hunt to fill out additional features and capabilities. Why did I decide to re-install Eclipse, especially a milestone? So that I could get a complete integrated development and test capability in one convenient package for Ruby on Rails. Like a lot of other folks I've been playing
Read more