dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4
share rss forum feed

scross

join:2002-09-13
Cordova, TN

3 edits
reply to Tuulilapsi

Re: Are you using security protection

The registry in a huge weak spot in Windows, for starters. What a conveniently centralized location to implement all kinds of nastiness! I had to manually clean up an ugly, registry-centered infection once - because even the most powerful anti-malware programs of the time couldn't find it, much less clean it up. (These anti-malware programs were already loaded and running on that system before the infection occurred, BTW. Some of them got replaced after this particular battle, while the remainder got upgraded - and stay upgraded - and some additional ones were added.) It took a considerable amount of investigation and work on my part, but ultimately I was successful. Most PC "experts", however, would have just given up on it pretty quickly and completely wiped the box - OS, programs, data, and all.

And even on a "clean" (assumed to be uninfected) system, the registry is often such a cluttered and nasty mess that a sane and reasonable person is usually afraid to go near it. They might occasionally run a registry scanner, though, which will almost always call out so many real and potential registry problems that it makes even the most hardened PC cynic (like me) blanch!

Now, like many things in Windows, it may be true that as of late Microsoft has attempted to address issues here (I haven't really kept up with the latest). But this type of after-the-fact remediation tends to fall into the "too little, too late" category; also generally into the "we'll promise a lot more than we will actually deliver" category, too. And until basically every Microsoft PC out there gets upgraded or replaced and reaches this level of "maturity" (a term that I use loosely here), then essentially the entire ecosystem still remains at risk.

It's true, though, that the end user is the weakest link, and that social engineering and such will remain a huge danger point. Which is one reason why smart organizations these days are moving away from the "PC on every desktop" paradigm, and back towards a more centralized, controlled, and secure environment.

PS: I noticed a bit too late that you specifically asked about other operating systems. OK, then. I've worked on true enterprise-class systems (which were originally designed and implemented decades ago, before Windows even existed) that among other things (a) secure the individual programs in such a way that they can't really be tampered with - and if they do get tampered with, they won't even load, much less run; (b) don't generally allow you to make critical system-level software changes without direct physical access to the system - which usually requires a special password, and often a special key or key-like device, plus placing the system in a special maintenance mode (granted this can be inconvenient at times, especially for remote systems, but these types of system-level changes are relatively rare - unlike Windows updates); (c) have always had powerful, flexible, multi-level, all-but-unbreakable security built-in, from the ground-up (not as some late-to-the-game relative afterthought); (d) have never had a successful virus or other similar malware attack that I'm aware of - and although some theoretical attacks have been speculated about on paper but maybe never executed outside of a special test environment (AFAIK), the vendor went ahead and addressed these theoretical weaknesses with software updates anyway (unlike Microsoft - and too many others - who will leave known exploit vectors unpatched for months or even years).

I can't speak specifically to Linux or OS X or OpenBSD (although I know OpenBSD takes great efforts to be secure by design, and Wikipedia gives a good overview on this), the fact that they are all derived from Unix - itself a relatively enterprise-class system, with a long operational history, and generally designed and built by people who knew what they were doing - means that they started from a sounder foundation. And while none of these systems - not even then one that I described above - can be assumed to be defect-free and totally secure, their "attack surface" is generally much, much smaller than that of Windows (even in its new, "improved" versions), and they suffer less from the legacy problems that have plagued Windows from day one.


David E Cox

@wideopenwest.com
Very nice post. Essentially the entire windows ecosystem(planet) is so corrupt it needs a new foundation (great flood), and a rebuilding of a new platform.. I agree, and I see this happen so much for example FF is becoming so bloated these days they really need to sort of just start over. Essentially they have a contaminated bloodline on their hands.

Unix, and it's derivatives, I believe had a stronger foundation partly because the people doing it loved what they were doing, it really wasn't done for profit. While Microsoft has greed, corruption, and the lust of money at the core of what they do. They lack the passion, love, and drive these other OS's had when they grew up, and spawned derivatives. It's the old adage that anything done for greed is blessed by satan, anything done for love is blessed by God. Essentially Windows is a cursed system because of the greed that drove it's execution, rather than the passion that drove Linux/Unix type systems along.

It makes perfect sense, and it means MS will likely never fix it. The world needs to wake up and move away from it to let it die. The longer people buy boxes with Windows on it, the longer people wait in line for each new release spending hundreds of dollars, the longer this abomination will plague our world. I think we can all do our part by educating people about alternatives, then ensuring we help them move to them. Ubuntu or Mint are outstanding operating systems to install for general consumers! Secure, virtually problem free, easy to use, attractive, and feature rich.. So why do we keep installing windows on their machines?

I hope MS drops the ball on their next few releases, so much so, that people collectively start moving to alternatives, which will then force game developers to develop on these other boxes. It's a crime right now how developers in the game business essentially ignore the linux market, and we need to reverse this - which would then put the final nail in MS's coffin. Deny Microsoft money, any way you can, and you starve the beast.