Skip to main content

Another look at Windows security - or the lack thereof

I posted about Windows security here earlier in the week. I'd found the collection of quotes on a Yahoo message board that ended with the advice of Mike Danseglio to "nuke" infected systems and then reload Windows. Now there's this commentary from no less than Robert X. Cringely:
Last week, a Microsoft data security guru suggested at a conference that corporate and government users would be wise to come up with automated processes to wipe clean hard drives and reinstall operating systems and applications periodically as a way to deal with malware infestations. What Microsoft is talking about is a utility from SysInternals, a company that makes simply awesome tools.

The crying shame of this whole story is that Microsoft has given up on Windows security. They have no internal expertise to solve this problem among their 60,000-plus employees, and they apparently have no interest in looking outside for help. I know any number of experts who could give Microsoft some very good guidance on what is needed to fix and secure Windows. There are very good developers Microsoft could call upon to help them. But no, their answer is to rebuild your system every few days and start over. Will Vista be any better?

I don't think so.
The killer to Microsoft's security efforts is the proliferation of stealthed root kits that virtualize the environment Windows runs in, literally hiding beneath the operating system. They're nearly impossible to detect, let alone remove. It's no wonder that Microsoft is now saying just to reformat and reinstall.

And the insecurity of Microsoft Windows goes hand-in-hand with the design of the PC. The PC was initially meant to be open, just like the Apple II the original PC was competing against. Over time the hardware has stayed open, and thus insecure. Any attempt to provide hardware lockdowns has resulted in accusations that the Big Corporations what to lock down Your Personal Computer for their nefarious (and profitable) ends. Everything from Intel's unique hardware ID on the Pentium III to Microsoft's Palladium to current TPM hardware chips. Until there is strong security support in the hardware (and I don't mean user vs. supervisor mode) there won't be strong security in the operating system. The only company that could pull it off would be Apple. I hope they do. That will drive even more people to the Mac platform, and put greater pressure on the rest of the hardware vendors to clean up their act. Apple has the greatest chance for succeeding because they design both hardware and software.

Comments

Popular posts from this blog

cat-in-a-box channels greta garbo

So I'm sitting at my computer, when I start to notice a racket in back. I ignore it for a while until I hear a load "thump!", as if something had been dropped on the floor, followed by a lot of loud rattling. I turn around and see Lucy in the box just having a grand old time, rolling around and rattling that box a good one. I grab the GX1 and snap a few shots before she notices me and the camera, then leaps out and back into her chair (which used to be my chair before she decided it was her chair).

Just like caring for Katie my black Lab taught me about dogs, caring for Lucy is teaching me about cats. She finds me fascinating, as I do her. And she expresses great affection and love toward me without coaxing. I try to return the affection and love, but she is a cat, and she takes a bat at me on occasion, although I think that's just her being playful. She always has her claws in when she does that.

She sits next to me during the evening in her chair while I sit in mi…

vm networking problem fixed

Over the weekend I upgraded to Windows 8.1, then discovered that networking for the virtual machines wouldn't work. Then I tried something incredibly simple and fixed the problem.

Checking the system I noticed that three VMware Windows services weren't running; VMnetDHCP, VMUSBArbService, and VMwareNatService. VMware Player allows you to install, remove, or fix an existing installation. I chose to try fixing the installation, and that fixed the problem. The services were re-installed/restarted, and the virtual machines had networking again.

Once network connectivity was established there was exactly one updated file for Ubuntu 13.10, a data file. This underscores how solid and finished the release was this time. Every other version of every other Linux installation I've ever dealt with has always been succeeded by boatloads of updates after the initial installation. But not this time.

Everything is working properly on my notebook. All's right with the world.

sony's pivotal mirrorless move

I'm a died-in-the-wool technologist, even when it comes to photography. I have always been fascinated with the technology that goes into manufacturing any camera, from the lenses (optics) through the mechanical construction, the electronics involved, and especially the chemistry of the film and the sophistication of the digital sensor. It's amazing that the camera can do all it's asked of it, regardless of manufacturer.

Of all the types of cameras that I've really taken an interest in, contemporary mirrorless (again, regardless of manufacturer) are the most interesting because of the challenging problems the scientists and engineers have had to solve in order to build a compact but highly functional camera. In particular I've followed the sensor advances over the years and watched image quality climb (especially with μ4:3rds) to exceed film and rival one another such that there's very little difference any more as you move from the smaller sensors such as 4:3r…