Linked by Adam S on Sun 29th Jun 2008 16:10 UTC
Windows "Microsoft Windows has put on a lot of weight over the years" writs Randall Stross in a recent New York Times blog entry on Windows' legacy code. "Beginning as a thin veneer for older software code," he continues, "it has become an obese monolith built on an ancient frame. Adding features, plugging security holes, fixing bugs, fixing the fixes that never worked properly, all while maintaining compatibility with older software and hardware -- is there anything Windows doesn't try to do?" Does Microsoft have the business savvy or guts to rewrite Windows?
Thread beginning with comment 320668
To view parent comment, click here.
To read all comments associated with this story, please click here.
luzr
Member since:
2005-11-20


They could have done better, but I think (hope) the message here is "Vendors, make your software run as standard user, cause that's what you will be getting in 7". I am sick and tired of cleaning and reinstalling infected friends' PCs.


I believe that this one is a common misconception - the idea that "standard user" will somehow solve security problems.

In fact, this is quite stupid idea. The only thing that will be achieved this way is moving malware to "standard user" area as well.

And in the end, it is user's data what is the most valuable in PC (with emphasis on "Personal" here). What is the point of securing admin when viruses and trojan can still damage user's work?

Of course, with multi-user servers this is a different topic, but we are speaking about "personal OS" here.

BTW, I am speaking from personal experience. The only malware I ever had was Linux worm that happily lived in regular user acount with poor password... happily spreading ever after...

Reply Parent Score: 2

sonic2000gr Member since:
2007-05-20

Sure,the user data is the most important. So, why would you like granting half the Internet access to them, by allowing a system wide, bot-net type infection?

Just imagine how much more powerful malware is when you grant it admin rights. The all admin model, is simply flawed.

Reply Parent Score: 3

luzr Member since:
2005-11-20

Sure,the user data is the most important. So, why would you like granting half the Internet access to them, by allowing a system wide, bot-net type infection?

Just imagine how much more powerful malware is when you grant it admin rights. The all admin model, is simply flawed.


I do not really argue that admin model is flawed, but for personal computer, it is rather "unelegant" than security flawed.

I other word, moving to "standard user" does not solve the problem of "granting half the Internet access to user data", at least as long as standard users are allowed to have some access to Internet.

Also note that most of current malware is not that typical old viruses. What we have now is rather malicious scripts or even webpage links coming by email and requiring some sort of user interaction.

The real trouble is that if malware comes in email and even requests user to e.g. click that stupid vista security message box, about 0.1% of users will be glad to comply. Enough to spread the malware and steal data...

In short, moving to "standard user" solves much less than most geeks expect.

Reply Parent Score: 1