posted by Neeraj Singh on Mon 23rd Apr 2007 19:02 UTC

"Dear SJVN, 3/3"

The best you can do about security issues is testing and review. A lot of this is done by Microsoft. For example, almost every new file format parser they produce is subjected to fuzz tests, which randomly mutate the parse stream to ensure that errors are properly caught. The result: Microsoft does not appear very often on this list of Kernel bugs, which are mostly the result of fuzzing attacks; IE also handles these sorts of fuzz attacks quite well. But it only takes one such exploit to have widespread chaos and compromise of many PCs.

Sure, security on Windows is not flawless. But, we have come a long way from 2002, when there were massive internet worms and you could rightly say that Microsoft had a huge security problem. People keep repeating the lie that Windows has Swiss-cheese security and is easy to exploit. If you wish to deny this, I'd like to see technical details about what areas you think are insecure and why. Also, it would be a bonus to explain how you might fix the problem without entirely breaking what works. From this point on, hardening Windows is just a matter of iterative improvements to the OS (read: monthly patches), as is the case with any other open system. We could argue either way about the speed of patching, but this is not a very exciting argument and it's more important to look at the speed at which patches are distributed than the time it takes to create them, in my opinion. As we saw in the big Sasser and Blaster fiasco, the most dangerous time is between patch creation and widespread deployment.


My rant may seem like it's focused against Steven J. Vaughn-Nichols, but that's not really what this is about. I'm tired of the endless spewing forth of uninformed, technically wrong, and ultimately boring opinions about Microsoft products. MSFT may not be as nimble as Apple or as well-regarded as Google, but they still have large cadres of talented engineers. I don't care that much either way about their corporate practices, but I do care about the design of their products and how those features compare to competitive products.

What I really long for is more enlightenment on the web, and OSNews in particular, about the topics of discussion. People may not know all of the technical details of the systems they use or the systems they don't use (I'm looking at you, Linux advocates), but I think it would be a much more worthwhile and spirited exercise to try to learn about how things work as a community. As OS Enthusiasts, we grow more from sharing our informed opinions than by sharing strident ignorance.

About the Author
PlatformAgnostic is recovering from writing a filesystem for his OS class. If you have a strong technical grasp of a non-Windows Operating System and wish to do a joint article comparing and contrasting some core areas of your system with Windows, please contact him. Some topics I'd like to discuss are filesystems, debugging support, IPC mechanisms, VM design, kernel synchronization, I/O architecture, or anything else of this nature.

If you would like to see your thoughts or experiences with technology published, please consider writing an article for OSNews.
Table of contents
  1. "Dear SJVN, 1/3"
  2. "Dear SJVN, 2/3"
  3. "Dear SJVN, 3/3"
e p (0)    156 Comment(s)

Technology White Papers

See More