Linked by Eugenia Loli on Wed 8th Dec 2004 20:48 UTC, submitted by Nicholas
Editorial I just spent the last several days reading the lengthy essay "Ying and Yang of Security" which explores the origins of security on the personal computer and explains why the current models are outdated. It seems to argue that security systems designed to keep the system safe are relics of the days of mainframes when the system was more important than the user, but for a personal computer the user is more important than the system.
Permalink for comment
To read all comments associated with this story, please click here.
by drsmithy on Thu 9th Dec 2004 04:55 UTC

It all comes back to the multi-user permissions system that is locked in, and just plain expected. That permissions system, in terms of security, sets something a *nix apart from Windows in terms of inherent technology. This is a fairly basic concept, and just means not everything runs with the same privledges.

The multiuser aspect of NT is just as inherent and just as expected. It was designed from the beginning and from the ground up as a multiuser OS.

In fact to a degree, you could make a damn good argument that Windows could be called a *nix, even if it's not actually on the family tree. It all depends on how you are going to choose to define a *nix.


At the kernel level, the differences aren't vast and certainly aren't show-stoppers.

By my understanding at the kernel level the differences _are_ pretty vast.

Microsoft was designing winNT back in the very early 90's, I believe it was announced in 1991, & WindowsNT (NT=new technology) was released in beta in 1992 with a full release in 1993.

The NT project began in 1988.

WindowsNT was Microsoft's first full 32bit OS, and was originally supposed to be based on IBM's OS2/Warp technology.

This is wrong, NT and OS/2 Warp have nothing in common (apart from NT's OS/2 API personality).

Personally I'd say 10.3 is where I'd make this cutoff, but many would say 10.2... and some would say 10.4 and I wouldn't really disagree strongly with them for it. Which means depending on how you look at it, it was either 6 to 7 years to almost a decade or more from the time Apple bought their OS from NeXT until they had something solid that the majority of their users could were good to go on.

In contrast, many would say WindowsNT 4.0 was when Microsoft hit that point technologically, with many saying Windows 2000 was where they hit that point in terms of compatibility, with WindowsXP being the endgame. WindowsNT 4.0 shipped in 1996, with 2000 shipping in, well, 2000, and WindowsXP shipping in 2001. Depending on how you look at it, Microsoft either took 8, 3, or 9 years to get to around the same relativistic place.

The primary differences in this comparison being Microsoft started from scratch while Apple bought a fully-functional OS and did little more than slap a new display system and GUI on top of it.

Mac users used to joke about Windows needing an 'uninstaller', while they could just drag something to the trash, but this is quickly becoming an untrue concept for a lot of software. Pick any particular program on the Mac, and your average can only make a best guess as to where the hell it's writing out it's data and preferences files.

This isn't really true either. IME OS X apps are excellent at restricting themselves to the appropriate parts of the system (/Applications and ~/Preferences mainly).

As mentioned, MU paradigms are designed to the keep the system safe, and to minimze the damage one user can do. The 'system' is of very, very little value to most users. All of their value is locked up in their 'user' files: their music, their term papers, their emails, their IM histories, their images and their movies.

This really is bang on the money. So few "geeks" seem to grasp this concept - one need look no further than Slashdot and the multitude of "but under Linux the user can only delete their own files" comments.

A word on disproportionally [...]

This is good. He "gets it".

I mentioned several times that NT+ has the same sort of permissions style systems that the various *nixes have, but that they aren't really imposed.

This is not true at all. The permissions *are* imposed, it's just the default configuration leaves the typical user as an Administrator (roughly analagous to 'root').

However, there isn't really a 'sudo' functionality built in via the GUI, where if the user does want to mess with things globally they can by entering their password. They have to log in as an admin user to do what they want, then go back to the other user.

This is incorrect. The GUI has "Run As" (right click an executable or shortcut, or shift-right-click a Control Panel applet). The GUI aspect has been builtin since Windows 2000 and available for free download from Microsoft for earlier versions.