Skip to main content

Another look at Windows security - or the lack thereof

I posted about Windows security here earlier in the week. I'd found the collection of quotes on a Yahoo message board that ended with the advice of Mike Danseglio to "nuke" infected systems and then reload Windows. Now there's this commentary from no less than Robert X. Cringely:
Last week, a Microsoft data security guru suggested at a conference that corporate and government users would be wise to come up with automated processes to wipe clean hard drives and reinstall operating systems and applications periodically as a way to deal with malware infestations. What Microsoft is talking about is a utility from SysInternals, a company that makes simply awesome tools.

The crying shame of this whole story is that Microsoft has given up on Windows security. They have no internal expertise to solve this problem among their 60,000-plus employees, and they apparently have no interest in looking outside for help. I know any number of experts who could give Microsoft some very good guidance on what is needed to fix and secure Windows. There are very good developers Microsoft could call upon to help them. But no, their answer is to rebuild your system every few days and start over. Will Vista be any better?

I don't think so.
The killer to Microsoft's security efforts is the proliferation of stealthed root kits that virtualize the environment Windows runs in, literally hiding beneath the operating system. They're nearly impossible to detect, let alone remove. It's no wonder that Microsoft is now saying just to reformat and reinstall.

And the insecurity of Microsoft Windows goes hand-in-hand with the design of the PC. The PC was initially meant to be open, just like the Apple II the original PC was competing against. Over time the hardware has stayed open, and thus insecure. Any attempt to provide hardware lockdowns has resulted in accusations that the Big Corporations what to lock down Your Personal Computer for their nefarious (and profitable) ends. Everything from Intel's unique hardware ID on the Pentium III to Microsoft's Palladium to current TPM hardware chips. Until there is strong security support in the hardware (and I don't mean user vs. supervisor mode) there won't be strong security in the operating system. The only company that could pull it off would be Apple. I hope they do. That will drive even more people to the Mac platform, and put greater pressure on the rest of the hardware vendors to clean up their act. Apple has the greatest chance for succeeding because they design both hardware and software.

Comments

Popular posts from this blog

cat-in-a-box channels greta garbo

So I'm sitting at my computer, when I start to notice a racket in back. I ignore it for a while until I hear a load "thump!", as if something had been dropped on the floor, followed by a lot of loud rattling. I turn around and see Lucy in the box just having a grand old time, rolling around and rattling that box a good one. I grab the GX1 and snap a few shots before she notices me and the camera, then leaps out and back into her chair (which used to be my chair before she decided it was her chair).

Just like caring for Katie my black Lab taught me about dogs, caring for Lucy is teaching me about cats. She finds me fascinating, as I do her. And she expresses great affection and love toward me without coaxing. I try to return the affection and love, but she is a cat, and she takes a bat at me on occasion, although I think that's just her being playful. She always has her claws in when she does that.

She sits next to me during the evening in her chair while I sit in mi…

first night for the gingersnaps

The first night has passed and the two have managed to survive, in spite of what their tiny hearts might have thought when first arriving. Greebo, the larger of the two, has been in hiding the entire time so far. Ponder has spent the time zipping in and out of hiding spots, checking things out, and learning just how comfortable pillows are for resting your head.

During the night I felt the tiny body of Ponder hitting the bed as he leaped up on the side, and then climbed to the top to run around on top of me. At least once he play-attacked my fingers. He might be small but his claws are still quite sharp.

When I got up in the morning the bowl of cat kitten food was fairly well depleted. It's been refilled and fresh water put in the big dish on the floor. I'm assuming that both Greebo and Ponder are feeding and drinking. I have seen Greebo under the furniture peeking out at me when I went looking for him. I'm leaving him alone while he continues to adjust.

So far the guys h…

vm networking problem fixed

Over the weekend I upgraded to Windows 8.1, then discovered that networking for the virtual machines wouldn't work. Then I tried something incredibly simple and fixed the problem.

Checking the system I noticed that three VMware Windows services weren't running; VMnetDHCP, VMUSBArbService, and VMwareNatService. VMware Player allows you to install, remove, or fix an existing installation. I chose to try fixing the installation, and that fixed the problem. The services were re-installed/restarted, and the virtual machines had networking again.

Once network connectivity was established there was exactly one updated file for Ubuntu 13.10, a data file. This underscores how solid and finished the release was this time. Every other version of every other Linux installation I've ever dealt with has always been succeeded by boatloads of updates after the initial installation. But not this time.

Everything is working properly on my notebook. All's right with the world.