dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
7725

trparky
Premium Member
join:2000-05-24
Cleveland, OH
·AT&T U-Verse

1 recommendation

trparky

Premium Member

The battle of the operating systems... Windows vs. The UNIX World

The idea behind this post is to compare and contrast the two very different platforms that dominate both desktop and mobile computing. Windows and the UNIX world. And when I say UNIX I mean the original UNIX, Linux, and OpenBSD/FreeBSD.

First, we’re going to look at Windows. Windows harkens back many, many years. For the purpose of this article we’re going to go back to dark old days of Windows 9x. Back in those days Windows was a very open platform in which anyone could do anything they wanted. There was no such thing as user permissions or access rights in Windows 9x. You could simply sit down in front of a Windows 9x system and proceed to completely trash it, there was nothing stopping you from doing it.

Since then we have had Windows NT but for the sake of compatibility Windows has had to bring many of the ideas from the dark old days of Windows 9x (and all of the bugs associated with it) along for the ride. It’s only recently, within the last decade, that the idea of locking Windows down and securing it has become an important thing to do. Unfortunately it will be a major up-hill battle because of the amount of legacy code that festers in the Windows code base.

This is why I say that it would be in Microsoft’s best interest to simply scrap what Windows is today and go back to the drawing board. They have done it with Internet Explorer in Windows 10 and made a completely new and standards compliant browser engine, namely Project Spartan. If they can do that with Internet Explorer they can certainly do the same thing with the core of Windows and simply layer a compatibility layer on top of the new Windows core to allow for older programs to continue to function. This would be very similar to what Apple did when they changed over from the Motorola platform to the Intel platform, I believe it was called Rosetta.

Now let’s take a look at Linux. It was built from the ground up to be a highly secure operating system. The system was built from the ground up to be a multi-user system in which each user runs in their own user context thus bringing about the idea that a regular user can’t trash the operating system, only the user with root permissions can change the system. The fact that there have been so many vulnerabilities is simply because the system is written by flawed being (humans) thus will always be flawed. But when you look at many of the vulnerabilities that Linux has they have been nowhere near as bad as those found in Windows. The number of highly exploitable vulnerabilities have been far less than those found in Windows. True, there have been some real doozies found lately but the sheer number of them have been far less than the number of real doozies found in Windows. This statement can also be applied to FreeBSD/OpenBSD.

MacOSX and by extension iOS, is based upon a BSD core and thus has inherited many of security traits from the UNIX world. Yes, both of Apple’s operating systems have been found to be vulnerable as well but like their UNIX-like brothers they haven’t been nearly as bad as Windows.

Now, let’s look at Android. True, it does have it’s roots in the UNIX world in which the core of Android is very much a Linux-based system but like Windows, Android allowed for data to be passed back and forth between apps. Only recently Android has really attempted to sandbox apps off from one another using Linux-based file system permissions that rope off areas of the file system and prevent apps from reading and writing data to areas of the operating system and file system that they don’t own access rights to. You can see this in how they have put many restrictions on external SDCards and how those permissions have essentially made having a MicroSD card in your device a rather useless thing to have.

Windows too has been attempting to do that same thing. If you look at the ModernUI apps that run on Windows 8/10 those apps are very much sandboxed off from one another and can only read and write data through specifically crafted APIs that Microsoft has developed to prevent apps from reading and writing arbitrary data.

On Apple iOS, apps can’t simply share data among one another because each app runs inside a very tightly controlled sandboxed environment and only recently, with iOS 8, can apps share “some” data through very secured and controlled application APIs which are referred to as App Extensions by Apple. This has resulted in a very secured computing environment in which data is not shared and even if it is shared it is shared in a very secure manner.

I have a feeling that computing in the future will be a very sandboxed affair. Yes, an open platform where you can do anything you want is nice but as we have seen it can be very much abused.
dave
Premium Member
join:2000-05-04
not in ohio

1 edit

1 recommendation

dave

Premium Member

quote:
For the purpose of this article we’re going to go back to dark old days of Windows 9x.
Long before Windows 95 was released, some of us Windows users were using Windows NT, which was a system with user permissions, etc., etc.

It seems false to compare a system that's nothing to do with today's Windows, when the direct ancestor of today's Windows had been in use for 2 or 3 years. Everyone knows Windows-out-of-DOS was not a grown-up operating system; that's why Microsoft wanted it gone, and why it is gone.
quote:
Since then we have had Windows NT

To repeat: Windows NT shipped long before Windows 95.
quote:
This is why I say that it would be in Microsoft’s best interest to simply scrap what Windows is today and go back to the drawing board.
History shows it takes about a decade to mature an operating system. So, rewrite is not happening. Especially if absolute compatibility is required.
quote:
If they can do that with Internet Explorer they can certainly do the same thing with the core of Windows and simply layer a compatibility layer on top of the new Windows core to allow for older programs to continue to function.

That's a reasonable 1-sentence description of the NT architecture. There's a native API (NtFooBar) with a Windows subsystem on top.

If they did it again, why would it be any different?

trparky
Premium Member
join:2000-05-24
Cleveland, OH
·AT&T U-Verse

1 recommendation

trparky

Premium Member

said by dave:

Especially if absolute compatibility is required.

That needs to be done away with. Like what I've tried to say in the parent post, much of the security issues we have today is because of old code that's long been forgotten about. Supporting everything under the sun is why we're in the mess we're in today.

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

1 recommendation

Kilroy

MVM

Here's a reality check. How many copies of this "new" windows do you think they would sell when all of the programs that everyone already owns don't work? It is the same thing as going from Windows to Apple or iPhone to Android.

The only possible way to do it would be to go back to DOS or Windows version we used to have where you could buy the DOS version for $10 less than the Windows version, but the Windows version had 100 features you probably wouldn't use or need. Even then it would be a hard fight. A business can't overnight drop Windows support for new Windows, they have 100s of applications to make work, some purchased, others in house creations.

trparky
Premium Member
join:2000-05-24
Cleveland, OH

1 recommendation

trparky

Premium Member

So basically Microsoft is screwed by the very fact that they are the industry standard. They are stuck between a rock and hard place.
trparky

1 recommendation

trparky

Premium Member

Unless Microsoft really starts pushing the whole idea of ModernUI apps. Remember, ModernUI apps run inside a completely sandboxed environment in which anything that runs inside of it can't break out into the rest of the operating system.

As much as we all hate ModernUI apps, I have a feeling that they will be the future of Windows apps. Everything will be ModernUI, completely sandboxed from the rest of the OS and only permitted to access data through approved Microsoft APIs.
dave
Premium Member
join:2000-05-04
not in ohio

1 recommendation

dave to trparky

Premium Member

to trparky
Would Linux ever have got beyond a hobbyist's toy if it hadn't implemented Unix-compatible syscalls?

No GNU userland for a start.

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

sivran to trparky

Premium Member

to trparky
I don't hate ModernUI apps, but there's a time and a place for them. Namely, on a small touch-enabled screen.

My hatred of Outlook and Lync 2013 stems from problems other than their ugly resemblance to ModernUI apps.
dave
Premium Member
join:2000-05-04
not in ohio

1 recommendation

dave to trparky

Premium Member

to trparky
said by trparky:

and only permitted to access data through approved Microsoft APIs.

How would that differ from today? Apps use Windows APIs. Malware use Windows APIs.

It's not like interprocess communication facilities are accidental - they exist because they're useful to apps. Once upon a time, operating systems provided no way for two programs to share data - each executed in an isolated virtual machine.

Imagine the fuss if there's no way for you to write code that manipulates data stored in a file owned by a Microsoft app. That would change quicker than you can say "antitrust".

trparky
Premium Member
join:2000-05-24
Cleveland, OH

1 recommendation

trparky

Premium Member

There's got to be something that Microsoft can do to curb the tide of malware because it's really getting out of hand. Making everything run in a sandbox would put an end to malware.
trparky

1 edit

1 recommendation

trparky to sivran

Premium Member

to sivran
But starting in Windows 10 ModernUI apps can run in a window on a desktop which should make them virtually indistinguishable from traditional Win32 desktop apps. The only difference is that the app would run in a more sandboxed environment. And that's a good thing.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

1 recommendation

Nanaki (banned) to trparky

Member

to trparky
Sure not male a new os for a decade and let their market share drop to where well linux and osx are at now. Malware is driven by the market share. More market share more malware less market share less malware.

It is why mac osx and linux had zero malware for decades. They did not have the market share to attract the authors of the crap. Now with smart phones getting people interested in the desktop/laptop versions of their smart phones os or the os that is under it all the market share has went up.

trparky
Premium Member
join:2000-05-24
Cleveland, OH
·AT&T U-Verse

1 recommendation

trparky

Premium Member

I figure that eventually we will all be getting our apps from "app stores" in which the apps are vetted by a central authority. They will have their code approved, signed, and delivered to us via "app stores" and will get seamless updates without us thinking about it.
trparky

1 recommendation

trparky

Premium Member

I do know for one thing, keeping our programs up to date is a bitch and a half. True, there are utilities that help notify you about updates but they still need some kind of user feedback to start the update process.

Most users have no idea what they are doing on a computer hence the reason why we see so many out of date programs on the computers that many of us work on for friends and families.

Linux has software repositories that users who do have Linux installed can simply open up and see updates for a number of different programs that are installed on their machine. Why in God's name Windows doesn't have this, I have no idea. It would certainly help in keeping many people's systems clean of viruses and other sorts of malware because more often than not the malware gets on their systems through outdated software (I'm looking at you Adobe Flash!).
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

1 recommendation

Nanaki (banned)

Member

Oh i have wanted to see a repository set up like Linux has for windows for years. But i don't see that working with closed source programs.

trparky
Premium Member
join:2000-05-24
Cleveland, OH
·AT&T U-Verse

1 edit

1 recommendation

trparky

Premium Member

I don't claim to know that answers to many of the issues that face the Windows world but I do know one thing, the Windows world is losing the war.

One step forward, two gigantic steps back. That's what seems to keep happening in the Windows world. And don't tell me that this is happening just because Windows owns the majority of the market. We know that there are massive security holes in Windows that have yet to be discovered and patched.

The whole idea is that with all of the money that Microsoft has at their disposal I can't for one second believe that they haven't done a complete code audit on the entirety of the Windows source code library. Why I say is that some of these past security patches have seriously left me shaking my head wondering just what the hell Microsoft is doing. That and the fact that we've had so many patches that have gone wrong over these past few months.

What is going on inside the halls of Microsoft? A lot of the tech news sites talk about this growing issue. The fact that the upcoming Windows 10 will be forcing people to take every Windows Update disturbs me considering just how many of these have been failures.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

1 recommendation

Nanaki (banned)

Member

It is about market share. And linux is chock full of serious undiscovered vulnerabilities. Heart bleed and shell shock were both decades old flaws only recently come to light. How long they were known by the bad actors who knows. We only just found out about them.

Napsterbater
Meh
MVM
join:2002-12-28
Milledgeville, GA
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO

1 recommendation

Napsterbater to trparky

MVM

to trparky
said by trparky:

The fact that the upcoming Windows 10 will be forcing people to take every Windows Update disturbs me considering just how many of these have been failures.

You knows that it's only forced for the beta right?
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

1 recommendation

Nanaki (banned)

Member

Updates have always been forced in beta for ms least in the software i have tested for them. They want every ones os config the same during testing other than drivers of course.

I had heard that fud being tossed around on the web fore a while that and how much information the beta gathers etc.

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

2 recommendations

sivran to trparky

Premium Member

to trparky
said by trparky:

I do know for one thing, keeping our programs up to date is a bitch and a half.

Not everything needs to be updated.

I generally keep browser and email client updated, and browser plugins. But I've no need of updates for Notepad++, or Xshell, or Q-Dir unless I have a particular reason to. And of course, I must mention Winamp, which I haven't updated in over a decade.

And I'd like it to stay that way. I don't want to get my software only from some centrally-controlled repo, especially if updates are forced (no way would I use Winamp 5.x!).
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

1 recommendation

Nanaki (banned)

Member

Hey another fave program of mine notepadd++

trparky
Premium Member
join:2000-05-24
Cleveland, OH

1 recommendation

trparky

Premium Member

EditPad Pro myself; it has crap tons of things in it like syntax highlighting for when I write HTML, CSS, Javascript, and PHP code. It even has a built-in FTP program.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

1 recommendation

Nanaki (banned)

Member

I've used both and sitepad pro. Sppro rocked for html amd vrml a 3d markup langiage for 3d web pages and 3d chat. I wrpte 20 tp 50 k lines pf code for one project. Fun stuff hehe. I moss those days. Sadly vrml is mostly dead.

dennismurphy
Put me on hold? I'll put YOU on hold
Premium Member
join:2002-11-19
Parsippany, NJ

1 recommendation

dennismurphy to trparky

Premium Member

to trparky
You are forgetting your history.

UNIX is not inherently secure. It has, has had, and will continue to have, many security problems.

I suspect you weren't using Unix around the Morris worm times.

Nor were you around when rsh/rlogin were popular.

Or when I could do things like get root access on a 3B1 just by starting a mail client.

Unix had multi-user design from the ground up, but no, security was NOT a forethought. Nor was it the case for Linux.

It's just been around a long, long time. And it's still far from perfect.

I have a Synology NAS at home. What I see running under the hood makes me cringe. Security-wise, it's a disaster... and my professional security credentials are WAY out of date. What I see is awful - and I suspect that's par for the course on just about any embedded platform.

I'm usually a pro-Unix guy - I've made a career and then some out of it - but to kid myself and think it's inherently secure by design? Mistake #1 ......
dave
Premium Member
join:2000-05-04
not in ohio

1 recommendation

dave to trparky

Premium Member

to trparky
said by trparky:

The whole idea is that with all of the money that Microsoft has at their disposal I can't for one second believe that they haven't done a complete code audit on the entirety of the Windows source code library.

Money doesn't understand code, so money won't fix code.

Throwing more developers at code makes it worse, not better.

Fred Brooks said pretty much the same thing.

maartena
Elmo
Premium Member
join:2002-05-10
Orange, CA

1 recommendation

maartena to trparky

Premium Member

to trparky
One thing I like about Windows is that if you have an old 32 bit program from 1998 that you just happen to like, there is a pretty good chance that it will actually still run on Windows 8.1 (and probably Windows 10) now in 2015, where if you happen to have a linux app from even 2005, you will run in all sorts of dependency issues because it depends on an older version of a library that you have a newer one of, and you can't get rid of the newer one because a newer program needs it, etc....

Windows has a very long backwards compatibility with lots of software. Not all software of course, such as the software that really utilizes some parts of the system kernel (such as anti virus and whatnot), but you won't run in to trouble if you wanted to start your Netscape WYSIWYG editor from 1998.

I have had a long history of using Linux. I used Redhat version 3 back in the 90s to see if it could replace my Windows 95 back then, and was disappointed. I also played with OS/2 Warp for a while. Eventually, I settled into Windows 98, and from there Windows 2000, then XP and so forth. I have installed many linuxes over the years, and Linux Mint 17 is the latest I have played with on a laptop. And although the linuxes have become nicer, more flashy, better interfaced, they still all suffer from the same problem: Too many developers. Too many branches. Too many distributions. And too many unfinished projects of developers that gave up because well.... they didn't get paid, and found a job coding for someone who did.

Linux was truly born out of enthusiasm, but it wasn't born to serve the masses, and it never will. It took YEARS to reverse-engineer a NTFS read/write, when they actually COULD have licensed the technology from Microsoft, which is what companies like Norton did for their Ghost software.... but then they would have to keep the source closed. It took years before people could sync their iPhones, and they still have problems with it today.

That all said, I have been around for a long time. The first computer I owned was a Commodore 64. And sometimes I see one on craigslist and it makes me want to buy it just out of nostalgia. The first PC I owned ran DOS 3.3, and I actually went out and bought DOS 4.0 on 5"1/4 floppy disks. I actually DID run Windows 2.11 for quite a while, it was the first version of Windows I installed and used. Windows 3.0 was such a huge improvement, let alone Windows 3.1x!

By that time, I became an IT professional and supported Novell Netware 3.11 and NT Server 3.51. I remember spending $8,000 on server that had 32 MB of RAM and 2 GB of disk space. Thank god it was the bosses money. He wanted the "Microsoft Mail" platform in-house, which eventually became Microsoft Exchange.

Microsoft has been around for a long time, and I think they will be around for a hell of long time more.

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

1 recommendation

Kilroy to trparky

MVM

to trparky
Security isn't convenient. The biggest security problem is the loose nut between the chair and the keyboard.

The more secure Microsoft makes the OS the more whining will come from the users that it is too hard. Remember UAT? How many people turned off UAT rather than deal with until their machine was configured how they wanted it?

Next add all of the programs and hope that none of them creates a security issue. Superfish anyone?

dennismurphy
Put me on hold? I'll put YOU on hold
Premium Member
join:2002-11-19
Parsippany, NJ

1 recommendation

dennismurphy to maartena

Premium Member

to maartena
said by maartena:

One thing I like about Windows is that if you have an old 32 bit program from 1998 that you just happen to like, there is a pretty good chance that it will actually still run on Windows 8.1 (and probably Windows 10) now in 2015, where if you happen to have a linux app from even 2005, you will run in all sorts of dependency issues because it depends on an older version of a library that you have a newer one of, and you can't get rid of the newer one because a newer program needs it, etc....

You should check out the Solaris Binary Compatibility Guarantee. One of the many, many reasons I think Solaris still has a future.

Basically, if it ran on Solaris 2.6, it's guaranteed to run today. In fact, lots of code that actually ran on SunOS 4 will still run today.

Tremendous difference between Linux and Unix.... I'm a Unix-head, not a Linux-head.

(and yes, I was an OS/2-head for a long time too... My desktop has gone from Commodore -> DOS -> DESQView -> OS/2 -> Linux -> OS/2 -> Solaris -> OS/2 -> Mac OS X)... OS/2 reined as the long-term champion until OS X came around.

BronsCon
join:2003-10-24
Fairfield, CA

1 recommendation

BronsCon to Nanaki

Member

to Nanaki
said by Nanaki:

Heart bleed and shell shock were...

... vulnerabilities in userland applications that exist in many systems, including many systems running a Linux kernel.

Heartbleed was a vulnerability in OpenSSL, not Linux. OpenSSL is a library used by various applications, including Apache (cross-platform, including Windows), mIRC (Windows only), OpenVPN (cross-platform, including Windows), well, I could list them all day, but you get the picture.

Shell Shock wa a vulnerability in the Bash shell, which can run on pretty much any UNIX-like system, including Lunix, any flavor of BSD, and OSX. Hell, it even runs on Windows if you have a UNIX compatibility layer installed. Again, not a Linux vulnerability; none of my systems were vulnerable, as they all use dash and ZSH and don't even have bash installed.

JohnInSJ
Premium Member
join:2003-09-22
Aptos, CA

JohnInSJ to trparky

Premium Member

to trparky
said by trparky:

This is why I say that it would be in Microsoft’s best interest to simply scrap what Windows is today and go back to the drawing board.

Really? The NT kernel did exactly that. I'd have to say your Windows internals knowledge is a little off.
said by trparky:

but like Windows, Android allowed for data to be passed back and forth between apps.

Um... what?
said by trparky:

I have a feeling that computing in the future will be a very sandboxed affair.

Sure. In the server world we have containerized deployment (»www.docker.com/) and of course everyone loves VMs for carving up compute resources.

Honestly, today - like every day since the first tube glowed to life - the weakest security link is the monkey in the chair.