MS Windows has been brilliant for backward compatibility, but it's also one of its achilles heels, and it makes the OS quite baroque (and at times broke). We're talking third millenium technology built on top of 1990's built on top of 1980's built on top of 1970's tech. It's like a modern city built around cow paths.

Unix was built as a multi-process multi-user operating system with security from the beginning. The MacOS has not focussed as highly on backward compatibilty as it has advanced, which enabled it to migrate to a Unix kernel and thus inherited it's original design benefits around security issues.

It's not just sheer numbers that makes the Microsoft OS vulnerable, it's been endemic to the design.

Another problem that has made Windows vulnerable has been the attempt to enable all programs to do *everything*. For example, the ActiveX software was intended to be like Java, but it basically openned the door for Internet Explorer to do things like shut your computer down. I saw a demo in 1997 or 1998 where just by loading a URL, a hacker could get into the user's computer, make debits from his bank accounts, and shut down his computer. It was extremely dangerous, and thank goodness ActiveX downloads never caught on.

On the email side, MAPI and MS Outlook openned a back door to email automation that creates unexpected things from happening, like sending an email to all your addressbook when you open an email.

Such designs aren't very good software hygiene, or at least, it makes it hard to have good software hygiene. But on the other hand, Mr. Bill does seem to have a knack for moving his company and operating system around to cover the issues that weren't there in the design in the first place. So the world is safer now with Windows XP (though I do feel safer running Firefox as a browser than Internet Exploder on my Windows box). But the Mac/Open Source people aren't just envious of Microsoft's Imperial Domain over the PC OS Market.

Harold Shinsato

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/236/32144#32144