Sign In/My Account | View Cart  

advertisement

AddThis Social Bookmark Button

Weblog:   Microsoft gets serious about security
Subject:   Really?
Date:   2004-03-10 15:45:09
From:   tlaurenzo
Actually I would take issue with Windows being less secure than some other solutions. There are a number of reasons for this, some of which reflect poorly on Microsoft's past decisions, and others which are just a matter of having to support security-hole-ridden legacy clients and protocols until the end of time (I mean, if modern Unix's were required to support all of the r* commands for compatibility reasons, what would we be saying about security). Other problems are due to the silly way that Windows users typically run their systems as admins.


Perhaps what bothers me the most is not that the default installation is inherently insecure (I mean, other OS's install with pretty loose policies for legacy reasons... every installed a vanilla copy of Solaris?). The real problem is how tough it is for a "smart" user (or even an expert) to secure a windows system without the aid of third party tools (ie. firewalls, a/v software, etc). I mean, if I go to another OS (ie. Linux or OS X), even if it starts out with insecure defaults, I can quickly configure very restrictive firewall policies and utilize non-privileged logins to cover myself. On windows this is not so easy or configurable, and until very recently was not even possible (without 3rd party software).


Then even with IP firewalls, many users have to run Netbios in one form or another. This means that ports 137 and 139 must be opened. Unfortunately, since Netbios is a foreign network protocol tunneled over IP, virtually all services on the system are accessed through these ports. There is no effective means to say "I want to allow file sharing but disallow mmc management access" at the network level.


I know that if another OS were the primary contender for user's desktops it would be the main target, but I have to think it wouldn't be as bad for most of the alternatives. Despite how good it feels to have Microsoft addressing some of these issues, it is just going to take them a long time to undo the damage done from twenty years of lousy and capricious design decisions. A lot of other systems were designed in an environment that had to be mindful of security concerns, whereas MS technology for many years just tried to bulldoze through the problems after the fact.


Windows is less secure than most other systems. They're working to change that, but it is true.
Full Threads Oldest First

Showing messages 1 through 1 of 1.

  • Really?
    2004-03-10 15:48:55  tlaurenzo [View]

    Sorry, first sentence should read:


    I would take issue with the statement that Windows is not less secure than other systems
Showing messages 1 through 1 of 1.