The Compleat Iconoclast |
...Vote For Your Favorite Wench... mld, August 13, 2003 at 3:21:00 PM CEST Blaster32 "The day Microsoft make something which doesn't suck is probably the day they start making vacuum cleaners" Ernst Jan Plugge My phone had been ringing off the hook with folks whose computers have gone down. Spent last night figuring out how to fix it, and have fixed a few more machines today. The money's cool, but WTF can't M$ write secure code? Didn't Bill Gates stand on his hind legs in front of God and everybody a few years back and start talking about a "Trustworthy Computing Initiative?"
spc, 8/17/03, 2:31 AM
It is actually harder than it looks
A truely secure system is one that had to be designed in from the beginning. SMTP (the email protocol) was not designed with security (or authentication really) in mind and while it has had some measures bolted on, it's still way to easy for exploit (spam wise). You also have to remember the Microsoft culture. Microcomputers (or home computers) were intially used by a single person nearly exclusively, so things like administrative rights, user profiles, etc. were never a real concern of Microsoft (why should I have to log into my own computer?). You would think that the networking explosion of the mid/late 80s would have fixed some of the problems, but Microsoft never addressed those issues (Novel I think did, but Novel is not Microsoft). Unix, at least, has 30 years of multiple users per computer, which means administrative rights, user profiles, etc. so it's a bit more mature than what you find on Windows, so the concept of things like security is more baked in to the core of Unix and Unix applications than those from DOSland. You also have issues of programming languages. Most of Microsoft Windows (and Unix) is implemented in C, which is, as computer languages go, pretty low level and it requires you to manually manage some aspects of program design that are too easy to mess up. Most security problems fall down to buffer overruns, which happen when a programmer only expects X number of characters to fill a buffer, and assumes that the program will never receive more than X number of characters but more data is actually given, overwriting important data and/or code of a program. Some of these are easy to find, others nearly impossibly so. And another reason why Micorosft is taking it on the chin (more or less) is that on the desktop, we have a monoculture with Windows making up over 90% of all desktop computers in use, which makes for a very large target indeed. The Internet Worm of 1988, only targetted two types of computers, Sun workstations, and VAXes, two of the most popular machines on the Internet at the time, and it was only able to infect about 10% of all hosts on the Internet (and it was felt, mostly because of the low speed of everything back then). And because of the relatively low number of infections, the worm is no longer active (in fact, it was erradicated in a few days)---I'm still receiving hits from machines infected with Code Red and Nimda, which first hit in what? 2000? 2001? ... Link ... Comment |
...up and running for 8286 days
last touched: 9/11/15, 7:48 AM ...login status...
hello, stranger.
i live for feedback. schmack me with your syllables... but first you have to login. it's free. ...search this site...
...menu...
...new posts and comments...
...bloggus amicus...
... beth
... capt. napalm ... craniac ... emdot ... genee ... gina ... kc ... macker ... rosalie ... sasha ... seajay ... spring dew ... stacia ... timothy ... wlofie ...antville amicae...
...obligatory blogrolling...
... steven den beste ... jack cluth ... susanna cornett ... cox & forkum ... kim du toit ... glenn frazier ... jane galt ... stephen green ... h-town blogs ... charles johnson ... james lileks ... robert prather ... bill quick ... glenn reynolds ... donald sensing ... rand simberg ... mike spensis ... andrew sullivan ... spinsanity ... bill whittle ... wretchard ...daily stops...
...headlines from space.com...
|