I received a link in my email at work today, which contained an opinion about Windows Vista. I thought the article was abnormally correct, which caused my hands to flurry across the keyboard and spit this out (slight edits for context and security):Warning: Vista technical rant incoming...
-----------------------------------------
I would say that the title of the article should read "Vista logged fewer vulnerabilities in its first year than XP, Red Hat, Ubuntu, and Apple Mac OS X did in their first years, but annoyed the living tar out of nearly everyone who used it."
Granted (and I agree) that Vista is inherently more secure, a computer that is turned OFF is also more secure. Vista blocks user productivity with its User Account Control, forcing a confirmation prior to ANY administrative system change. I would bet that it is the number one feature users disable (or ask someone to disable) when they use Windows Vista, yet is the number one stopping feature of Vista's security. "Are you SURE that YOU want to make this change?" every few minutes makes any computer user want to club baby seals.
Rather than blocking/confirming administrative changes, why not rewrite the kernel so the OS doesn't drop its pants every time a browser extension goes awry. Data Execution Prevention = the RIGHT way to secure an OS. We need more fundamental code changes that support legitimate software and foul illegitimate software (see: development dollars). Microsoft Windows is NOT the only offender in this realm (see: profit margin).
If Vista hadn't been created to be a DRM 7-layered media cake, it might have had a shot. Adoption of the OS has largely been due to consumer OEM sales, lack of understanding of how to order XP instead, and tough licensing practices. Their corporate acceptance has been abysmal. Windows 7 is already in the works and rumors have it that a beta could be out as early as 14 months from now. Vista could be the blip on the radar like the-os-that-should-not-be-naMEd.
*** This Vista link is a great article because of the statement from Rich Mogull, founder of Securosis LLC: "I think a measure of vulnerabilities, with criticality, mapped to exploitability, mapped to active exploits, is a more interesting metric...It would be a good follow-on," If you look at the stats, he is very correct. More drop-the-pants vulnerabilities occur in OSes other than Windows, but market share provides opportunity for exploitation. I'd wager that if OS X had the market share Windows does, we'd be in worse shape for security. At least we'd have a prettier-looking version of User Account Control that might stay my bat-hand from maming innocent aquatic mammals.
Oh, and all of this was written from my webmail in Windows Vista. *sigh*
posted by Paul @ 1:13 PM
4 comments
4 Comments:
There sure is a lot of pants-dropping going on at Microsoft, sounds like.
the-os-that-should-not-be-naMEd gave me a good chuckle.
In the end will there be a secure os? Probably not. Hackers are always a step ahead it seems. They do a lot of the critical thinking of how the os works. Maybe we just need an OS made by a hacker like dvd jon or something. I have still not used vista to this day (still on XP at work and they dont intend on upgrading any time soon) so at least I haven't been annoyed by it yet.
A dvd jon os would probably throw the world into chaos. I'd buy it.
I'm behind you 100%!! Even if I only understood 60% of what you said.
Post a Comment
<< Home