OSNews

Sure, because we know all other operating systems are security perfect.

Let's put it this way : while technical merits can be debated in much details, a much simpler observation to make is that Windows powers more than 90% of the world's desktops and laptops.

If some piece of software has such a large market share, unless it is built with supernatural attention to security concerns, it will always be broken by crackers at a much faster rate than flaws are fixed, and therefore should not be used by people who are worried about the security of their computers.

Can we agree on that ?

Edited 2012-09-26 14:21 UTC

Yes, we can.

But this only makes the other platforms, ignored platforms, not more secure.

See what is happening to Mac OS X, now that it has a user base big enough to attract attention.

Or how easy it is to hack certain Android mobile phones.

And let's not forget if the operating system does not make use of proper sandboxing, an owned process will have all the rights as the user account it runs under.

This is enough to make your "My Documents", $HOME, /Users/username visible to the world.

We will only get more secure OS, when the mainstream OS finally adopt microkernel architectures, with enforced sandboxing for all applications.

Additionally moving away from C to more strong typed languages without buffer overflows by design, would help reducing the amount of attack vectors.

Of course, once you car manipulate assembly, the language used to compile the code does not matter that much. So my last remark can be compensated by making static analysis tools part of the standard compiler toolchain.

And there it is my turn to fully agree with you.

In my pessimistic opinion, no current OS should be considered to be truly secure. There only are those that attract cracker attention, and those that don't.

Mobile OSs do attempt to take some steps toward a proper security infrastructure (think Android's permission system), but implementation is often so piss-poor that users still have to blindly rely on some godlike sysadmin's opinion about what is secure and what isn't. Which is some truly awful denaturation of what the personal computing concept is supposed to stand for.

Edited 2012-09-26 20:17 UTC

This is why I am following how Mac OS X sandbox model, or WinRT picks up in the mainstream OSs.

We already have capabilities in BSD, AppArmor and SELinux in GNU/Linux, but few take advantage of it.

It is also nice to see Minix3 picking up speed, and Hurd still progress, although very slowly.

All these sandboxing mechanisms can probably be used for nefarious purposes, by the mainstream OS vendors. On the other hand we really need to improve security beyond the basic user/group model most OS offer.

The problem with all these approaches that try to add sandboxing functionality to existing OSs, is that sandboxing is only useful if users and developers are aware of its existence and ready to deal with it.

We have billions of Windows users out there who have been trained for decades to give root access to any "installer" program. How are Microsoft supposed to teach them that they should now be wary of such behaviour and expect a fine-grained description of what the program is up to ? Same thing for all these Mac users that know for sure that "If that Flash installer from abodeflashdownload.com wants to make changes to my computer and displays a window with a lock on it, I should sure give it my password !"

And then you have Fedora and iOS, which completely fail to understand what sandboxing is about and hide its existence away from users altogether...

Because of this legacy user problem, it seems to me that sandboxing can only be successfully implemented in new OSs or incompatible and rebranded forks of existing OSs. It is also just too bad that all too often, OS manufacturers also use it to force some locked-down "application store" down user's throat, making a bad name of an otherwise perfectly fine technology among expert users.

Even then, it won't be effective. No matter how tightly you sandbox something, you're eventually going to have to give it permission to access something. Whether it's a wordprocessor that you need to let access your documents folders (both local and remote) or a VOIP application that a user wants running on start-up, you will have to give it permission to access something outside of its own resources unless you want to end up like the Apple app stores. That approach works to an extent, but forces a massive inconvenience on more knowledgeable users. Not only do we not have access to the filesystem (which I could live with if I had to) but we can't send a file across to another application. Say I have an audio project which I'm recording. I then want to send portions of it over to an audio editor rather than a multi-track recorder program… oops, can't do that with iOS.
The long and short of it is that you will never have a perfect security mechanism. It doesn't matter how well you sandbox. When users are involved, you cannot prevent them from doing something stupid. It's rather like various systems of government in that respect: they look great on paper, but then you get people involved and somehow it never turns out as expected.
I think the best approach would be iOS-style sandboxing (notice I did not say having a locked down app store) but you need to allow either filesystem access or the ability to otherwise share data between applications. The instant you do that, you've essentially broken your sandbox. You have no choice however, if you want a fully-functional, productive environment. A balance between security and usability is, I think, the best we can ever hope for.

Do you Linux people seriously need to keep trolling every windows thread? Neither os is perfect where security is concerned, that's all there is to it. Isn't this getting a bit ridiculous?

A lot of linux users are too pained by the fact that we aren't in the Windows 95 era anymore. They're too pained by the fact that Windows 7 is a great desktop OS with enormous improvements in stability and security since the Windows 95 era. And lastly, they're very bitter that the linux desktop is still a joke and never took over the world like it has `been about to do` since, well, forever in their minds.

I'm a daily linux user myself -- have been for over a decade now -- and I'm constantly annoyed by those lamers too.

There is a command line tool named "bcdedit" shipped with Windows. ;-)

Let's hope not, else we'd see this little gem essentially shoved to the side with no further work done on it. MS has too many side projects already, unfortunately.