« A Near Miss (Update) | Main | Time Machine »

August 26, 2003

Designer Bugs

Well, you asked for it! Akshley (as my daughter would say), you failed to stop it! You had the chance to end the Microslash articles and I got a whole 1 comment and a two trackbacks from members (1 and 2) of the blog strategy committee. Now that article got a lot of hits and yet people either couldn't be bothered leaving a comment OR (my preferred option) they like a little bit of Microslosh bashing.

Well, first cab off this particular rank would have to be this article from the Washington Post:


Microsoft Windows: Insecure by Design
Between the Blaster worm and the Sobig virus, it's been a long two weeks for Windows users. But nobody with a Mac or a Linux PC has had to lose a moment of sleep over these outbreaks -- just like in earlier "malware" epidemics.
This is not a coincidence.
The usual theory has been that Windows gets all the attacks because almost everybody uses it. But millions of people do use Mac OS X and Linux, a sufficiently big market for plenty of legitimate software developers -- so why do the authors of viruses and worms rarely take aim at either system?

On a serious note, this question has merit and multiple answers. Apart from any Microslosh bashing there is the point of technical competance. People running Linux are (IMHO) more capable of dealing with a virus and therefore it is less likely to spread. In the Mac arena there is also the overhead of complexity, as a long-time Unix programmer, I would content that prior to MacOS X, writing code for the Mac was *harder* than for the PC. This would require a slightly higher level of intelligence that what is generally available to the average script kiddie.


Even if that changed, Windows would still be an easier target. In its default setup, Windows XP on the Internet amounts to a car parked in a bad part of town, with the doors unlocked, the key in the ignition and a Post-It note on the dashboard saying, "Please don't steal this."

That has to be the quote of the article. I have been emailing it to all the PC support geeks I know and they all groan but agree - the default configuration is insecure. That is not to say it can't be made safe, just that it isn't safe by default.


...The vulnerabilities built in: Security starts with closing doors that don't need to be open. On a PC, these doors are called "ports" -- channels to the Internet reserved for specific tasks, such as publishing a Web page. These ports are what network worms like Blaster crawl in through, exploiting bugs in an operating system to implant themselves. (Viruses can't move on their own and need other mechanisms, such as e-mail or floppy disks, to spread.) It's canonical among security experts that unneeded ports should be closed. Windows XP Home Edition, however, ships with five ports open, behind which run "services" that serve no purpose except on a computer network. "Messenger Service," for instance, is designed to listen for alerts sent out by a network's owner, but on a home computer all it does is receive ads broadcast by spammers. The "Remote Procedure Call" feature exploited by Blaster is, to quote a Microsoft advisory, "not intended to be used in hostile environments such as the Internet."

So the company that touts their OS as being "internet ready" and "where do you want to go (on the Internet)" forgot that in fact it was not intended for such use. Sure. It is also worth noting, although this shows my age, that I can vaguely remember when the alerts were raised in SunOS 4.0 about RPC calls. The suggestion was that rexd and unfiltered use of rpc could be a security risk and so there were patches and other workarounds prepared (like the earliest version of tcp wrappers). That would have been in the late 80's. Interesting to see that it is still turned on in Windows.


...Windows XP includes basic firewall software (it doesn't monitor outgoing connections), but it's inactive unless you use its "wizard" software to set up a broadband connection. Turning it on is a five-step task in Microsoft's directions (www.microsoft.com/protect) that must be repeated for every Internet connection on a PC. Mac OS X's firewall isn't enabled by default either, but it's much simpler to enable. Red Hat Linux is better yet: Its firewall is on from the start.

Interesting to see if this will be rectified in the next release of MacOS X. Also worth noting that the services (referenced above) are, by default, turned off in MacOS X. You need to turn them on explicitly with the relevant warnings displayed when you attempt to do so.


...The patches that aren't downloaded: Windows is better than most operating systems at easing the drudgery of staying on top of patches and bug fixes, since it can automatically download them. A PC kept current with Microsoft's security updates would have survived this week unscathed. But hundreds of thousands, if not millions, of Windows systems still got Blasted, even though the patch to stop this worm was released weeks ago. Part of this is users' fault. "Critical updates" are called that for a reason, and it's foolish to ignore them. (The same goes for not installing and updating anti-virus software.) The chance of a patch wrecking Windows is dwarfed by the odds that an unpatched PC will get hit. And for those saying they don't trust Microsoft to fix their systems, I have one question: If you don't trust this company, why did you give it your money?

Talk about getting your money's worth in this article. Another golden quote. If you can't trust them to patch the system, how can you trust them in the first place. Well in a real data-centre environment, there are usually transitions between "environments". A change to production would start in development. Then proceed to unit test. After that, it moves into integration or system test and then finally into production. This is done to ensure that changes do not adversly affect production environments. The problem is that the transition sequencing and testing take time and cost money and previous experience with Microslosh service packs has made it very clear that the testing is not something you can afford to shortcut. In theory, assuming everything is lined up, there is probably a three month cycle through this environment. In practice it is likely to be much longer. For UNIX servers, we sometimes shortcut the sequence (reduce the testing phase) because we can trust the vendor - from experience the vendor tests the patches carefully and clearly documents the changes. For Windblows, this is simply not an option.


...The lack of any limit to damage: Windows XP, by default, provides unrestricted, "administrator" access to a computer. This sounds like a good thing but is not, because any program, worms and viruses included, also has unrestricted access. Yet administrator mode is the only realistic choice: XP Home's "limited account," the only other option, doesn't even let you adjust a PC's clock. Mac OS X and Linux get this right: Users get broad rights, but critical system tasks require entering a password. If, for instance, a virus wants to install a "backdoor" for further intrusions, you'll have to authorize it. This fail-safe isn't immune to user gullibility and still allows the total loss or theft of your data, but it beats Windows' anything-goes approach.

There is a reason for not solving this problem - applications. In the UNIX world (and MacOS X is Unix), there have always been users and so applications learned a long time ago to store important "application" files somewhere central and "user" files and preferences (and licences) somewhere local. In Windblows, there is no clear distinction between a user owned file that belongs to the user and a user owned file that belongs to the application. Clean programming, better design and licencing issues all abound and cannot be easily solved by the supplied tools unlike say MacOS X where the choices have been constrained and limited into a set that work or say Linux where technical users will refuse to implement non flexible solutions.

The biggest issue with this style of working is when vendors try to port PuC (Politically unCorrect) applications to the other environments. A prime example would be an application like E-Gate (a message broker) where filenames are still .dll and .exe and the distinction between product, log, configuration, management and data is completely jumbled (and fails to scale across users or applications).

Note in particular that Microslosh does know how to solve some of these problems (otherwise Office for Mac would not exist) but they cannot solve the whole problem (try using Office for Mac with the /User filesystem on another disk).


...Because Microsoft blew off security concerns for so long, millions of PCs remain unpatched, ready for the next Windows-transmitted disease. Microsoft needs to do more than order up another round of "Protect Your PC" ads. Here's a modest proposal: Microsoft should use some of its $49 billion hoard to mail an update CD to anybody who wants one. At $3 a pop (a liberal estimate), it could ship a disc to every human being on Earth -- and still have $30 billion in the bank.

And here is an even better solution. Stop making Windblows altogether. Make a GUI that looks like WindBlows and invest in something like WINE. Sell the WindblowsGUI + WindblowsOriface + WindblowsWINE and give away Microsoft Linux with every copy. Make the money from updates and applications and become the biggest Linux vendor. You can't beat them, join them.

Posted by Ozguru at August 26, 2003 08:08 PM

Comments

If you can't trust them to patch the system, how can you trust them in the first place
Its not that we trust them. Its that nothing decent will run on any other platform. Unless you invest in a 'Games Machine' like PS2, X-Box, G-Cube etc, you cannot get decent games for anything else. Go to your local Mac store and look at the range. Pitiful. (and its not just games). I use a PC because I need / want to. I ensure my safety by being behind a (proper) firewall, antivirus and Gateway. I've been targeted 53 times in 3 days by virii, but I'm still standing. PC's would be perfectly safe if people wern't so stupid.

Posted by: Peskie at August 26, 2003 08:08 PM

Heyyy Mr.Woodchuck - pretty nice and interesting article. Though I'm sure that most people in the world will continue to use WindBlows because: 1. People love default. That's why they don't bother chaging default settings on most electronic/software products. And that's why they'll be okay with the default OS that ships with their PC. 2. Microsoft will continue to ensure that for an average lay user, using Windblows will be easier to use than a Linus-based OS...even with a Windows-like GUI. 3. The seamless(sic!) arrangement b/w Windows, Office, IE etc. is almost perfect for a lazy, couldn't-care-less user who just wants to get his/her work done. I don't think there's a comprable alternative yet to that(I know about StarOffice, Mozilla etc.) That said, when I buy my computer I'm definitely getting a Linus version, even if it is a second OS.

Posted by: Jivha at August 26, 2003 08:08 PM

:: Go to your local Mac store and look at the range. Pitiful. (and its not just games). Eh? That's not true. Tell me something you can do on your PC that I can't do on a Mac.

Posted by: Raena at August 26, 2003 08:08 PM

I can play Midtown Madness 2. Is that available on Mac? I can use Copy on a webpage, Paste into an email and get the entire copy, including images. Can you do that on a Mac? I can open files (like a CSV file) with any program I want instead of just the default program (Why would you want to? the default is eXcel, which is useful, and I also open in Notepad for quick editing) Can you do that on a Mac? Can I design basic HTML for my webpages in a Notepad style program?? Can you hook your mac up to all our PC's during a LAN and play games, share files and such? If you can answer yes to ALL those questions, I'll buy a Mac!

Posted by: Peskie at August 26, 2003 08:08 PM

I'm not familiar with Midtown Madness 2. I have, however, invested in a games machine. But: I can send an entire page, including images, as good old HTML. There's probably a way to copy and paste, but I normally send it as an attachment. The mime-type takes care of the rest. (I don't, however, and neither should you, because HTML mail is freakin' rude.) I can use any old program I like - not just the 'der'fault, and not just the app that created it - to open a CSV, a text file, a JPEG, a RTF, a TIFF, an MP3, a Paintshop Pro document, et cetera, et cetera. If you don't know how to do this on a Mac, it's because you never bothered to learn how. It's been possible for years. I normally open CSV's in Excel, although it's nice sometimes to pick at the text in a text editor. I can design basic HTML (*and* complex, but I'm a professional) in (paid for) BBEdit, (free, Notepad-analog) TextEdit, at the command line with pico, or I can use any number of fine freebies and shareware you may care to name. (I use BBEdit, and if you're still using Notepad, you'll find UltraEdit 32 kicks ass for such things.) To connect to your LAN, I would: a) plug it in b) Oh wait, there is no b. All done! (Unless you want me to have a static IP, in which case b. would be 'type it in.') So, what did you want to play? Unreal Tournament 2k? Quake III? Diablo, or Warcraft maybe? How about Desert Siege? Oh yeah, here's that PowerPoint presentation you wanted for work. I currently host the following services for my home LAN: - SMB/CIFS (ie, Windows file sharing) - FTP server - a print queue for the very nice HP Photosmart printer (the USB cable won't reach to the PC) - a web server (Apache, natch) I can do all those without third party apps. Here's your Mac. That'll be $1,400 please.

Posted by: Raena at August 26, 2003 08:08 PM

MAC vs. WINDOWS Recently, many computer users have asked why viruses and worms are affecting Microsoft Windows machines but not Macintoshes. Well, the answers are many and varied.

Posted by: Interested-Participant at August 26, 2003 08:08 PM