Conceding that its strategy of patching Windows holes as they emerge has not worked, Microsoft plans next week to outline a new security effort focused on what the company calls “securing the perimeter,” a company executive told CNET News.com.
Microsoft Moves Beyond Patches
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
There’s something that always bugged me about Windows. Whenever you patch an application, or Windows. Or simply install a new program, you need to reboot. Now with *nix, you don’t have to. In the worst case, you need to restart the service. Why can’t Microsoft do that? It would make things much simpler. They have the resources for it. This is why people are not patching their servers, because they can’t take them offline most of the time.
>Why can’t Microsoft do that?
They probably can. But they don’t want people to mess around with command lines or complex issues. It is much easier and bug-free way (and less support costs for them), to simply ask for a reboot. The economics and ergonomics side of it makes business sense.
Why mess with command line if there already is a simple GUI for restarting services? It’s not like someone has to write a 200-character one-liner for restarting a service
Years ago Microsoft would have bought a pair of companies and release their products free with Windows. Now it will “go further into the market of providing AV software” and have “a deeper relationship with firewall providers”. Have Microsoft changed or is it the same thing with different names?.
I think the next gen windows that ships with most services switched off by default will be a big help in this situation as well as the services that have network access have only private network address access by default (192.168.)
If they can have auto security updates turned on by default for home users then that should also help the problem. Most security patches are under a meg in size so even dialup can handle that. I would think the chances of a patch breaking your computer versus a virus destorying it would be a acceptable risk too.
Thoughts?
I remember back in the days when I used Windows at home. I was using Norton Anti-Virus. I was updating itself all the time, no user interaction needed. No reboot. Now that’s what I call good software. Rebooting a home PC is no biggie. Rebooting one server when you have several doing load-balancing is no biggie either. But when you have just a few servers, you can’t really take one offline 3-4 times per week to apply patches. They should at least come up with something better for their servers OS.
Using a GUI to restart the service would first require that the user know that there is such a GUI, then that the service needs restarting, and probably that the user know something else as well.
Most of the MS users (not talking about admins) don’t know about these deep, convoluted issues. A GUI is almost as bad as the command line for them.
The real question is: “Why doesn’t MS make stopping and restarting the service part of the patch?” Unlike Eugenia, I’m going to guess that they can’t, with 100% reliability. I’m guessing that there is non-zero probability that trying to do that will either leave the system unstable, or fail in restarting the service, or both. The important point is that any problem here becomes a support expense. Cheaper to require a reboot. Besides, even Win2k gets flaky after a few days without a reboot.
//
Or simply install a new program, you need to reboot. Now with *nix, you don’t have to. In the worst case, you need to restart the service.
//
This is actually a problem with the underlying filesystem/kernel.
Programs can’t write to a file that is in use(memory). So that means that if the program is running (and if its a system patch,you’re system is running), it cant be patched/changed.
UNIX on the other hand can ‘write’ to in-use files (techincally it happens later,but its pretty seamless).
The only thing it cant update on-line is the kernel,because obviously you cant change the kernel while its being used.
So why dont they fix it? It would probably be a big pain to have to change the kernel completley.
“Programs can’t write to a file that is in use(memory). So that means that if the program is running (and if its a system patch,you’re system is running), it cant be patched/changed.”
Ok. So tell me this, the registry is always running in memory correct? So now, as soon as you make a change to the registry, it is applied in memory. Isn’t that writing to actual stuff in memory? If you can do it for it, why not do it for files as well?
There is no such thing as “support expense”. If your Windows breaks, Microsoft would help you only if you pay extra. It’s not support expense, it’s support profit.
User knowledge? If a user wants to avoid reboots, he can learn to do that. It takes about 5 operations to do this from Services panel (Open Control Panel, go to Administrative Tools, go to Services, choose requireds service, click Restart button). A monkey can learn to reboot the service that the patch mentioned, so a well-trained user would be capable of this, too.
100% reliability was never required for doing stupid things like integrating a browser into OS, but suddenly restarting a service – an operation that can be accomplished with a couple of commands on virtually any OS is an unsafe operation that can bring system down? It looks like MS needs to hire some programmers (rather then marketing staff).
I dont think the registry is always in memory.
The registry is a place to store settings,there would be no reason to always be running it.
BUT, if it is always in memory,the changes would just happen after a reboot.
After win98, MS ‘silenced’ the “cant write to file, in use” messages, so you dont know if something was actually written to.
Yes, you can’t overwrite the file that is in use. So you
1. Terminate service
2. Overwrite the faulty executable with a new one
3. Start the service
While we appreciate misinformation, Windows XP comes with three service incidents. Feel free to read up on it on Microsoft’s site.
And contrasutra, that is also not true. If you try opening a movie that is currently downloading (open file handle), you will get this error in newer Windows versions as well. You can copy the file and then run it if you urgently need access to the file.
Patches are an issue at different levels. On other news I pointed to the Repair level: you repair a WindowsXP system with the repairing method provided by the Installation disk, and all security updates (+27) are wiped off.
Been away from Windows for awhile, but I find it hard to believe that XP doesn’t do single-writer/multiple-reader access. The Windows kernel isn’t that rinky-dink. I think the error might just be something WMP does in user-space.
Actually, with the coming new Linux kernel you CAN replace a running kernel, see kexec.
It looks interesting. I’m not sure how it does it.
Ugh, sorry, my enter key got stuck ;-(
Its perfectly simple-all they have to do is have all unneeded services switched off by default (file sharing,RPC etc). You then have a section in control panel or whatever where you can turn these on if they are needed. Also when you turn these on there should be a simple explaination of what the service does and the security implications of turning it on. There should also be an option to connect to the internet and look for any security patches for the service you are turning on.
Its not rocket science for f…ks sake
You’re probably right. Truth be told, I don’t use Windows very often. Im a Linux guy.
Kobold: What if you are using WindowsUpdate? Even if you disable the service before running it, it will still prompt you to restart!
they are an issue, but not the major one for a Desktop OS like WindowsXP.
The major issue are internal security breaches like the RPC DCOM buffer overflow recently exploited by the worm msblast.exe, completely bypassing any firewall and antivirus control. Only stop was/is system patching, and that’s really SERIOUS: ROOT.
Unfortunately, Msblast haven’t said the last word, everybody knows that in the near future we may expect the worst for quite a large number of off-guard WindowsXP systems.
Well, that’s pretty much how it’s done NOW.
Right now, you can set a service to manual, that way it is always off unless some application needs it, then it starts it. Or you can set it to disable, where the user is the only means of turning the service back on. Or of course automatic, which is always on.
By the way, RPC is a required service.
Actually, not true. If you had any decent firewall (software or hardware), it would have stopped MSBLAST, because it closes that port.
I believe the internal XP firewall even blocks that port.
Actually nope. contrasutra stick to Linux, it has nothing to do with open ports unless you want to close the Generic Host Process for Win32 Services and have no working Internet connection (that’s pretty easy). So a firewall is no good when your RPC DCOM has an exploitable buffer overflow. I don’t need a firewall to stop an Internet connection, hint: you don’t connect.
Why is RPC a required service?
I can set up a Linux or FreeBSD box that has NO ports open and still happily surf the net,chat on IRC,msn etc etc
Then when i need,for example,ssh to be running i simply start the service. There is no need for ANY ports to be open on a home desktop machine (im talking about listening ports not the random ones that are opened on outbound connections)
Actually, the RPC port for Windows is 135 (I believe), if you close this port via a firewall, MSBLASTER can’t get to you. It doesnt even know you exist(if you stealth it).
Ive been blocking MSblaster attacks for a while with this. Even when I didnt have the patch (long story).
Now, if for some reason you need this port, you have a problem, but almost no one uses that port.
MarkH: Its not required, its just on by default, Just turn off the DCOM service.
Sorry for the double post,but:
http://forums.sygatetech.com/vb/showthread.php?s=&threadid=6703
Its Sygate explaining how to block MSBLASTER with a FIREWALL, even without the patch.
Here’s a cute little tool that’ll fix Windows DCOM issues right up, once and for all… the mighty DCOMbobulator!
http://grc.com/dcom/
This guy often makes me smile…
My point EXACTLY. The RPC service is not required. I happen to have a D-Link ADSL router running that has no ports open so it effectively hides my windows machines sitting behind it. So for me the Blaster worm has not been a problem. Im simply saying theres no reason why MS cant close all ports on Windows by default. If you look at the services on a NT/2000/XP machine you will see a hell of a lot of stuff running thats not really needed.
>> My point EXACTLY. The RPC service is not required.
Not exactly correct: the RPC service **IS** required.
The R in RPC does not mean remote as between different computers, but remote as bet beween different programs. They may be on the same or on different computers.
RPC uses different transports (tcp,udp and a local in-memory transport).
What should be disabled by default is the tcp/udp transport.
> They probably can. But they don’t want people to mess around with
> command lines or complex issues. It is much easier and bug-free way
> (and less support costs for them), to simply ask for a reboot. The
> economics and ergonomics side of it makes business sense.
Messing around with command lines and complex issues. I fail to see why “command lines” need to become part of the process. A command line is not a do or die part of upgrading a system on the run. Believe it or not, there ARE gui frontends to things like ports, portage and apt-get. Hell, most OSX updates can be done without a reboot.
Inability to upgrade the OS at runtime is simply a sign of poor design. It is impractical to restart a large cluster of servers every week when Microsoft releases a new patch. This brings up new issues like installing backup/temporary servers that run while this takes place. In the real world, this isn’t practical and that is why most of today’s serious number crunching is done on *nix.
As for it being “easier”, have you even considered how much R&D Microsoft have? Individuals coding in their basement are able to produce *FREE* OSes that don’t require reboots with updates. Hence, why should I pay Microsoft thousands of dollars for an OS that needs to restart to apply something like a patch to internet explorer. Most of these patches don’t even touch core system components yet they require a reboot. I must say that I’m not at all impressed.
Your comment about being “bug free” doesn’t hold ground either. Properly designed system components (daemons. etc) should be able to deal with in-flight maintenance. This is all what being fault-tolerant is about. Do you really think they power-off the international space station to perform routing maintenance? Absolutely not. They power-down a small, isolated section of it and the rest of the modules are designed to be able to continue running.
Before defending Microsoft or any company for that matter, I’d suggest thinking about how much they can afford to invest and what the requirements of their customers are likely to be.
if any of the clowns whining about everything running under windows as :root: and having no capabilities to block msblaster without the use of an external firewall actually have the faintest clue what the local ip security policy editor, user policy editor, and adapter filters can be used for. Right, they don’t even know they exist.
You don’t need a firewall to block msblaster or any other stupid worm, just create a decent ip filter and ip security policy ruleset. You should be doing this anyway. There is no excuse not to.
You don’t have to give NT services any access to the local system. Run them under a specific user and jail them into a directory.
“Ok. So tell me this, the registry is always running in memory correct? So now, as soon as you make a change to the registry, it is applied in memory. Isn’t that writing to actual stuff in memory? If you can do it for it, why not do it for files as well?
”
Well, it has nothing to do with file handling. As for most problems in NT-like, it comes from the registry, which cannot send messages to the required services. For example, if you change the setting autoload of the cd rom, you should normally reboot the system to take it into account.
Cmdline has really nothing to do with it; rebooting for patches doesn’t make sense at all : it is one big, big default of windows. BUT, 95% of reboot are really not required in fact, it is more a safety trick used by a lot of people. I almost never reboot my windows when I am asked to, because it doesn’t change anything.
By the way, I loved the stupid comment of most people here (as always, now). You people really think that microsoft programmers don’t know the way how services are restarded under Unix ? If it was that easy, it would have been trivial to implement it.
That’s a pity that now OSNEWS is more and more a troll farm, with stupid comments from everywhere, linux zealots, windows zealots, etc… Just see the 25 stupid comments about a JOKE from one journalist in the other microsoft related thread.
By the way, I loved the stupid comment of most people here (as
always, now). You people really think that microsoft
programmers don’t know the way how services are restarded
under Unix ? If it was that easy, it would have been trivial
to implement it.
They know, perhaps, but their underlying systems architecture probably makes it less than trivial to implement without breaking backwards compat with countless things, which is precisely the reason for half of Windows’ problems, since they’re entirely unwilling to break that (Windows Server 2003 being somewhat of an exception).
“They know, perhaps, but their underlying systems architecture probably makes it less than trivial to implement without breaking backwards compat with countless things, which is precisely the reason for half of Windows’ problems, since they’re entirely unwilling to break that (Windows Server 2003 being somewhat of an exception).
”
that was exactly my point; as I am not a native English speaker, it may have not been clear
But you ‘ve sumed up what I wanted to say
The Microsoft security expert at the information session I just attended advocated “Defense in Depth” as the corporate perimeter is evaporating.
Strange that they would title their security initiative “Securing the perimeter”.
Not exactly correct: the RPC service **IS** required.
For most people, it is not required in any way, shape, or form. Your average user has no applications that utilize RPC.
The R in RPC does not mean remote as between different computers, but remote as bet beween different programs. They may be on the same or on different computers.
RPC uses different transports (tcp,udp and a local in-memory transport).
What should be disabled by default is the tcp/udp transport.
Except that most people that are actually using RPC are using it over TCP. RPC’s primary purpose (from an application developer’s point of view) is to allow you to use the same code to communicate between application components regardless of where they reside, and generally if you’re never going to use the components on different computers (and your users aren’t requesting this functionality) you don’t use RPC to do it, you use normal COM objects or other local means of communication between your objects.
On the other hand, very few people use RPC over the internet (as opposed to internal networks), so it’s usually safe to block RPC calls from external sources (in other words, block the port on the firewall).
Except that most people that are actually using RPC are using it over TCP. RPC’s primary purpose (from an application developer’s point of view) is to allow you to use the same code to communicate between application components regardless of where they reside, and generally if you’re never going to use the components on different computers (and your users aren’t requesting this functionality) you don’t use RPC to do it, you use normal COM objects or other local means of communication between your objects.
On the other hand, very few people use RPC over the internet (as opposed to internal networks), so it’s usually safe to block RPC calls from external sources (in other words, block the port on the firewall).
Just a quick question, does CORBA suffer from these types of security issues? (no, this isn’t a snide COM vs. CORBA comparison 😉 )
This is actually a problem with the underlying filesystem/kernel.
No, it’s not. NT is highly modular and just about anything can be stopped and restarted if need be.
Most patches you *can* avoid a reboot with, by ignoring the reboot dialog and/or restarting any affected services.
As someone else said, the real question is why they don’t just have the patch installer do this – there’s no technical reason why it can’t be.
Realistically speaking, it’s a good idea to reboot all machines on a semi-regular basis, just to make sure they actually come back up correctly.
“Most patches you *can* avoid a reboot with, by ignoring the reboot dialog and/or restarting any affected services.
As someone else said, the real question is why they don’t just have the patch installer do this – there’s no technical reason why it can’t be.”
This is a true statement for the most part. The main reason for reboots is that unfortuantely the lots of patches do not just patch a single service, but will patch system dll’s as well. When this happens the system does need a reboot so the currently running windows kernel will use the updated dll instead of what it has loaded in memory from the last time it loaded before the patch was applied. Since you can’t stop and restart the kernel while it is running, that is why the reboot.
is not with the initiative itself, but in Microsoft becoming more and mroe complex by default. Integrating Palladium, plus a “deep connection with the firewall”, and an anti-virus program on top of XP or longhorn means the system will be very complex code wise, especially as more and more interaction of the OS with .NET and DirectX “subsystems” occurs.
At what point is an OS too complex? I’d say we are nearing the limits. There is no way that Microsoft can find every overflow, overrun, breach, etc. in the 1.5gb of bloated, hacked, and patched code of XP.
What assurances do we have that Longhorn, whenever we get it, will be any more secure? These 50,000 monkeys have already had 20 years to get it right.
“At what point is an OS too complex? I’d say we are nearing the limits. There is no way that Microsoft can find every overflow, overrun, breach, etc. in the 1.5gb of bloated, hacked, and patched code o”
But the OS itself is far from that. Windows is bloated : sure, but linux, too. FreeBSD, too (no troll here, I like these three OS, but at first, I tried Linux 3 years ago because of the bloat in windows, and I was quite disapointed : Linux is not very clean either).
You cannot make a 1.5 GO OS bug free : of course, but frankly, a linux distrib with basic stuff and a good DE is maybe around 1 Go ( Debian + X + a very few application + a light DE like XFCE is already bigger that win95…).
The thing about security is that not all the code need to be carefully written for not that bad security (it doesn’t mean it shouldn’t
). Frankly, I am not conviced that a linux with SSh by default, some nfs servers, etc… would be very secure. The problem of windows is that too much stuff are enabled by default, and the crappy IE security (problems from outlook come mostly from IE, which is the html engine of outlook). Why RPC by default ? Why registry access by default ?
The patch stuff is doomed from an average user point of view. If Joe user would have RH, or anything else, I tend to think it would be the same : the user doesn’t care about that. When I see a friend of mine, who asks me to “repair” his computer, nothing is up to date.
The thing is : all OS, linux, windows, FreeBSD, Mac OS X, are far too complex for average user, and worth, the average user doesn’t need this complexity.
One doesn’t need to have 1 or 2 Go of programs to write a letter, go to the internet and listen to music. I think microsoft is the first to understand that, with XP media edition (which is very bloated, I suppose, BUT with minimal functionnality).
BeOS understands that, in a way, but they failed completely to use this idea.
What assurance do we have? Look at Windows 2003. Not only does it have huge breakthroughs from a Windows security point of view, but there has been a lot of code cleanup, droppage of legacy, etc…
“We hear customers telling us there is a problem,” he said, adding that several companies offer patch management automation as a solution. “I wish I were announcing a (patch management) product or acquisition because it’s a market where we could make money.”
So we’re gonna pay Microsoft to patch it’s own holes…
MS will probably not include anti virus software with Windows, probably not a more advanced firewall either. By doing that, they would risk more problems like the IE/Media Player incidents.
Most likely they will cooperate with a few companies to see how Windows can better support av/fw software. I’ve heard of some trojan horses that disable security programs, so mabye Windows will have an API to integrate these kinds of software with Windows, so that they are more protected (and are more effective).
Except that most people that are actually using RPC are using it over TCP. RPC’s primary purpose (from an application developer’s point of view) is to allow you to use the same code to communicate between application components regardless of where they reside, and generally if you’re never going to use the components on different computers (and your users aren’t requesting this functionality) you don’t use RPC to do it, you use normal COM objects or other local means of communication between your objects.
You are mixing up the object technology RPC or COM with the transport issue. Both RPC and COM can talk to the local and a remote computer. It is just a matter of addressing – everything else is transparent.
BTW MS is exposing only very few services via tcp – most are exposed via named pipes which requires file sharing to work.
The absolut stupid thing is that the RPC port mapper is listening on all interfaces on port 135 (not RPC).
Any thinking designer would have treaded them like the file services that by default do not listen on dialup connections.
Just a quick question, does CORBA suffer from these types of security issues? (no, this isn’t a snide COM vs. CORBA comparison 😉 )
No CORBA will **NEVER** suffer from these security problems since:
– the programming language C can not be used with CORBA objects
– strcpy is not allowed in CORBA applications
– free and malloc are not allowed in CORBA applications
But if I am wrong and these three things can be used in CORBA objects, you can get the same problems and anything else.
2003? The same one that required patches immediately after release?
Yes, 2003, which didn’t have a single patch until a couple of months AFTER it was released, and to date has only had 2 vulnerabilities found that effects it’s default configuration.
Don’t spread FUD.
Not fud. Just pointing out that Microsoft did not go far enough to break compatibility, redesign the OS, and fix the holes-otherwise, they would need to patch right away, right?
If there were issues, there was no proessing need to ship the code out the door-they could have waited another 6 months to iron out the last of the security issues.
I’m actually pro-Microsoft, being a bit of a gamer, but let’s be honest: it’s going to take a massive rewrite to make the OS truly secure.
Now, the approach they they seem to be taking is: since we have so many security issues, we need a robust firewall and anti-virus program up integrated into the OS.
Add paladium/drm/trusted-computing to this, and yes, it sounds like you’d get a fairly secure system, but not if you don’t break backward compatibility, and not if you use existing bloated code as a basis for the new OS. You are essentially bolting on solutions to problems that you created.
Some replies:
contrasutra
This is actually a problem with the underlying filesystem/kernel.
it could be a filesystem problem with FAT, but, knowing how filesystem drivers work, it isn’t anymore. Actually, it’s just a per-file setting specified by the opener that the kernel merely obeys to
File access sharing is probably there for compatibility with OS/2, Windows 3.1 or DOS, and it cannot be removed entirely (group policies entirely depend on the users’ registry file being non-deletable and non-writable to), even if it has caused security issues in the past (you could disable… group policies by keeping the policy files open for exclusive access – I don’t remember how did they fix this, but it was a hack). Just forcing all files to be opened for shared deletion access would be enough to fix almost all problems with patches, but I don’t see that happening
However, disabling access sharing with a memory patch isn’t hard at all, and it could be easily done on a running kernel too
Anonymous
RPC uses different transports (tcp,udp and a local in-memory transport).
What should be disabled by default is the tcp/udp transport.
Server-side RPC transports could be disabled or uninstalled individually until Windows NT 4. On Windows 2000 and later they cannot be any more. No, I don’t know why
PainKilleR
[…] and generally if you’re never going to use the components on different computers (and your users aren’t requesting this functionality) you don’t use RPC to do it, you use normal COM objects or other local means of communication between your objects.
Well, try to guess what does COM use for inter-process calls
CooCooCaChoo
Just a quick question, does CORBA suffer from these types of security issues? (no, this isn’t a snide COM vs. CORBA comparison 😉 )
Yes, it’s intrinsic to the concept of network-transparent RPC itself. Microsoft should have taken the issue much more seriously
Marshall
I would think the chances of a patch breaking your computer versus a virus destorying it would be a acceptable risk too. Thoughts?
The problem is that, in the case of Slammer for example, the newest, shiniest security patch might UNDO previous patches, thus you have downtime to take a server down for patching AND the patch might break your system AND you might remain vulnerable to viruses anyways. So, for systems that are properly protected by a network security layer, security patching is -at best- a complete waste of time. [1]
m
Actually nope. contrasutra stick to Linux, it has nothing to do with open ports unless you want to close the Generic Host Process for Win32 Services and have no working Internet connection (that’s pretty easy). So a firewall is no good when your RPC DCOM has an exploitable buffer overflow. I don’t need a firewall to stop an Internet connection, hint: you don’t connect.
Two words: whitelist firewall
Okay, so that’s actually four words.
http://web.proetus.com/reference/fwpolicy_pix.html
Good Grief,
GG
——————
[1] Functionality patches are a different story.
Yes Microsoft charges for SOME support incidents, but NO they DON’T make a PROFIT on it. They don’t even break even.
Also, not all patches require a reboot these days. Yes, some do, but some don’t.
Finally, people don’t always understand that restarting a service and rebooting the entire PC will have the exact same effect, depending on the server’s use. Example: You’re running your server to serve web pages and the patch requires that IIS be restarted. Either way service gets interrupted.
you hit the nail on the head.
>>>I’m going to guess that they can’t, with 100% reliability. I’m guessing that there is non-zero probability that trying to do that will either leave the system unstable, or fail in restarting the service, or both.
you guessed right! as a microsoft admin who has started/restarted his own services, written scripts to stop/start/restart services since NT 3.51, i can testify, that NT services (2k, xp is nt) hang all the time.
like murphys law….if it absolutely MUST NOT HANG…
you can bet your arse it will.
oops, i guess i need to restart the server….and kick off 827 users from the shares.
all because a print queue hold 341 jobs is stuck, and the spoolers service will not stop, start or restart.
Justin, you can’t just go and re-write an OS. Heck, it’s usually a bad idea to re-write software from scratch, especially when so much work has been put into it. Generally, rigerous code-review will produce much better results, as it saves a lot more on time and money.
There will always be issues with the OS. There will always be issues with any piece of software. Waiting another 6 months to release it isn’t going to do much.
Not fud. Just pointing out that Microsoft did not go far enough to break compatibility, redesign the OS, and fix the holes-otherwise, they would need to patch right away, right?
[…]
I’m actually pro-Microsoft, being a bit of a gamer, but let’s be honest: it’s going to take a massive rewrite to make the OS truly secure.
There is no reason whatsoever to redesign and/or rewrite Windows NT. There’s nothing at all wrong with the fundamental design (which is excellent) – nearly all problems come from either a) coding bugs, b) poor default settings and c) a large number of incompetent sysadmins. The only thing a rewrite/redesign could conceivably help with is (a), and even there time and money would be better spent with a code audit.
Incidentally, (a) is something .NET is targeted at addressing, (b) is an institutional/culture problem and (c) is merely a side-effect of the dot com boom that will self-correct given time.
NT has all the security features of Unix and more besides. The problem is utilising them effectively without breaking too much stuff – some Microsoft is historically loathe to do (see entire Windows 9x line of products)
And this is all ignoring the simple and inescapable fact that there is a vastly greater proportion of Windows machines in a vulnerable environment than any other type of machine. Of *course* they’re going to have more visible security problems.
hi guys im a new user so i just need some info pls.
i have downloaded and installed all security patches from windows update, now if i need to reinstal windows where are all the patches ept….why must i re download all the patches. by the way im using WIN XP pro.
<There is no reason whatsoever to redesign and/or rewrite Windows NT. There’s nothing at all wrong with the fundamental design (which is excellent) – nearly all problems come from either a) coding bugs, b) poor default settings and c) a large number of incompetent sysadmins. The only thing a rewrite/redesign could conceivably help with is (a), and even there time and money would be better spent with a code audit.>
You just proved my point. If the OS suffers from coding bugs, then the OS is too complicated for even Microsoft’s own coders, and as such, a fundamental re-write should occur, if only to enable Microsoft to adequately support the OS. If what you are saying is: hey, bugs happen, I agree, they do, but simply saying that the OS is “close enough” and shipping it is just bad for business. Surely they already have a code audit/QA process in place before shipping.
Also, what can really be done about the default settings. Ever try turning off some of the services, one by one, to see what happens? You can cripple the computer pretty quickly that way. So, there are multiple, interdependant processes that are necessary for the OS to function. Some of which you’d like to turn off, but cannot, like workstation, since it’s also used for internal processes, as a dependency.
A good way to check this out is to load a copy of 2003, and convert it to a desktop. Since everything is turned off by default, that means you have to go in, and for each feature you want to use, you have to enable that process, as well as all of the dependencies.
Then you see that there is a fundamental issue with the way things interact in the Windows OSes-each additional process that you add means that I increase the likelihood of including some exploitable bug into the running processes of the OS.
I won’t argue the sysadmin comment, since that’s definitely true. But, whose fault is that? Who let all these morons have a job…..reminds me of the old monty python sketch: “its a fair cop, but society is to blame”
“Don’t worry, we’ll be charging them too!”