| Weblog: | Microsoft gets serious about security | |
| Subject: | Thank God! | |
| Date: | 2004-03-10 13:43:53 | |
| From: | jinjelsnaps | |
|
But that's not because Windows is inherently more insecure than other operating systems.
|
||
Showing messages 1 through 1 of 1.
| Showing messages 1 through 1 of 1. |
Resource Management: A Critical Look at RAII Michael Feathers
The Logs That Bind.. Michael Feathers
Outside the Design Boundary Michael Feathers
Can a program lie to you the way a story or essay can? Andy Oram
©2009, O'Reilly Media, Inc. (707) 827-7000 / (800) 998-9938 All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. |
About O'Reilly
Academic Solutions Authors Contacts Customer Service Jobs Newsletters O'Reilly Labs Press Room Privacy Policy RSS Feeds Terms of Service User Groups Writing for O'Reilly |
Content Archive Business Technology Computer Technology Microsoft Mobile Network Operating System Digital Photography Programming Software Web Web Design |
More O'Reilly Sites
O'Reilly Radar Ignite Tools of Change for Publishing Digital Media Inside iPhone makezine.com craftzine.com hackszine.com perl.com xml.com Partner Sites InsideRIA java.net O'Reilly Insights on Forbes.com |
Can we have some facts to back this point up? When people actually compare design decisions made by Microsoft and by Linux/Mac OS X developers, they've found that up until very recently Windows has always taken the 'least secure, easiest to use' route. (i.e. Let's enable potentially dangerous feature X for customers so that it will 'just work'.) Doing things like leaving IIS on by default on Win 2K and leaving the RPC port open (even on XP IIRC) were not prudent moves from a security perspective. Their IIS security model also gives too much permission to certain extensions, unlike Linux/Apache. Once you involve other MS products like Office and particularly Outlook, we could go on and on about poor security decisions. In fact, IMHO, they're red flags that the company has in the past not taken security as seriously as it should have.
I do applaud Microsoft for their increased attention to security, but realistically, most of this attention is very recent and due directly to massive exploits of various security holes. Linux and Mac OS X were designed from the ground up to avoid leaving obvious holes open for people to exploit, taking a "closed unless you open it" approach to security. Any platform can be exploited, but some have historically done a better job of "locking the doors" and keeping people out than others.
People who are inexperienced with computers and use an older version of a Microsoft OS (like Win 98, ME or in some respects 2000) very much need to deal with a bunch of security issues that they don't even understand just to keep their machine from being hijacked by a virus or worm. If MS had took some reasonable security measures from the start, measures that Unix has been using for decades, then these people wouldn't have to constantly be updating their OS and firewall protection just to keep using their computer.
While it is very true that some portion of this problem is due to Microsoft's dominance in the desktop OS market, they really could have made some prudent decisions that would have avoided possibly a large majority of these exploits from ever taking off. If you dismiss the 'zealots' without even trying to figure out whether or not they actually have a point, then are they really the zealots here?