On Tuesday 09 April 2002 02:06 pm, Jere Retzer wrote: > Seems like everyone is going to philosophize so I might as well join: > > 1) Security holes are proportional to bugs is proportional to lines of code > -- Win 2000 is what--30 million lines? Sometimes I think this "estimate" is used as an excuse for bad code. It makes it seem as if security flaws are inevitable, so why bother. With proper attention, this sort of problem should be a minor problem, not a regular occurrence. > 2) Microsoft philosophy of embrace, > extend, 3rd party developers makes it inherently easy to hack Microsoft makes a number of rules for developers as to what they can and cannot do. Unfortunately, they ignore those rules when it is to their own advantage. For example, in order to get MS Office to work on NT Terminal Server, you need to give everyone WRITE access to the system directory. > 3) Win is so > large and complex now it will never be secure Not without a rewrite and not without breaking a great deal of backwards compatibility. I don't think it will happen if they continue to allow features to drive the OS at the expense of everything else. > 4) Exponential growth in infrastructure attacks and net criticality demand > controlled, accountable access > > IMHO, we need to look ahead to the time of always-on, always-reliable > networks with minimalist client operating systems (ie, a simple browser), > services hosted on secure servers not user machines, a reinvented 'sandbox' > along the lines planned with Java, and controlled/accountable access to the > Internet. We also need to take account that sometimes the best defense if to not be connected to the net at all. Current Windows versions seem to assume that you have a connection to the net for each and every machine that you have. (They are not the only ones, BTW. Many other software companies make the same assumption.) People have been sold on the idea that the have to be able to "surf the web" and get e-mail from anything and everything that they lose sight of what the machine is for in the first place. For example, there should be no reason why air traffic control systems should be connected to a public network. Yet it happens, usually because someone involved insisted that they had to have net access. There are many other types of infrastructure systems that should not be connected to public networks. The military and related agencies understood that back when people who were clued made the decisions. Since such things are now in the hands of higher ranking and less technically skilled people, more and more systems that should not be available to the rest of the world are. It becomes even worse when they allow systems with a low fault rate get replaced by systems known for their failures. (Can you say "blue screen of death"? I knew you could!) No system should accidentally be rendered inoperable by user error. (Especially in a mission critical environment.) If "someone entered a zero in the wrong place, so the system froze", then you need to rethink using that OS at all. Such things are not acceptable in a mission critical environment, even more-so on a warship. There are people who go out of the way to ding Microsoft for everything, there are some who go out of the way to forgive Microsoft for everything. They are unwilling to see the flaws in Microsoft no matter how much data is put before them. They are unwilling to see clear and blatant evidence of Microsoft misbehavior, no matter how obvious. The excuses get to be a bit much to those who actually remember the past beyond the last press release. But that does not stop the faithful from proseletizing to the unconverted. (For without such conversion of the masses, their tithes, or license fees, would be meaningless.)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:50 PDT