Like most people I'd like to see more secure offerings from Microsoft but regardless of the "highest priority" status awarded to security I believe MS will continue to make functionality their main focus. For any software shop, large or small, producing useable, functional software has to be the main driver and indeed Microsoft has produced highly functional software that "techknow-nothings" can use straight away and be productive, straight away. It is not just a Microsoft problem that with increased functionality comes higher risk of vulnerability. I cannot think of one feature rich piece of software that can be considered as secure. In essence your list of requirements takes an MS computer and almost strips it down to nothing more than a mere calculator. Your suggestion of doing away with the Registry is non-sensical, IMO. What are the other ways of storing system information? Text files? And in terms of user friendliness, the Registry Editor provides an easy to use interface for modifying system settings for anyone who has spent even half an hour researching it. Would you rather people used notepad to edit text files? Consider the config.sys file of OS2 - that's certainly not the way to go. With Win2K Microsoft have sorted permissioning issues in the Registry and now they've got it half decent you want rid of it? The Registry was introduced way back in Windows 3.x and most administrators are now used to and comfortable with it. The costs involved of learning something new would be high to say the least. And cost is probably why everything is enabled by default. The total cost of ownership is drastically lowered if something works straight away rather than have an admin spend time coming along to turn it on and configure it. (Btw, I too would like to see things come disabled first and enable them if needed, however, I do see certain justification in the status quo.)

Whilst I agree with many of the entries in your wish list, such as being able to run more services as low privileged users rather than SYSTEM, and the separation of data from control, others I believe are unreasonable and the arguments put forward specious, and no alternative solution provided. You ask that MS scrap SOAP. Should Oracle or Apache do the same or any of the others SOAP-enabling their products? SOAP doesn't just allow any old RPCs through the firewall: there must be a web server and application on the other end that specifically understands those RPC calls. An attacker can't just say, "Please create a wscript.shell object and call run for me".

I'd rather see Microsoft invest more in Q&A and this means asking the _right_ questions and having a team that can give the _right_ answers and this done even before the first version of Developer Studio is fired up as well as during and after. I'd like to see Microsoft create and publish secure coding practices and not just have their developers adhere to them, but be seen to adhere to them. Further to this, the consumer would benefit more if developers were held accountable for shoddy work. 3 strikes and you're out. Maybe too Draconian but you get the idea.

I like Microsoft product because of the functionality already discussed. I don't like the security vulnerability it brings. If Microsoft can keep the functionality but remove the vulnerability then they're onto a winner.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/315/10089#10089