Well here is my response to this…

If I had the choice
I would buy a Macintosh,
but I lack the funds.

P.S. Spiders are awesome. It’s quite fun to put other bugs in their webs to see how they react.

Ian: No hard feeling to you too, Ian. My e-mail address is xierox (at) gmail d0t c0m

• James

“Windows XP built upon Windows 2000’s security model, which was not yet complete when 2000 was released. It was far better than win9x, but not as advanced as XP’s.”
Windows 2000 can both limit system priveledges and limit users interaction with other users files. (Which is what I claimed originally. I did not say that 2000’s security model was as complete as XP’s.)

“A hack is not a fix, or at least not a good one; it should be a temporary solution at best. The author is saying instead of building on top of 10 years worth of crap, they should have revamped the core of the operating system to be more multiuser-oriented.”
Windows NT is an entirely different codebase from Windows 95. Switching codebases isn’t a hack.

“explorer.exe is both Internet Explorer and Windows’ own file manager. (try typing a local directory name into IE, or a web address into explorer- you’ll see what I mean). When a web browser is integrated into the OS’s core file managing software, a vulnerability in the browsing half could potentially expose the entire local filesystem to a malicious attacker.”
The only parts of the filesystem that would be exposed by an exploit would be the parts of the filesystem that the user would normally have access to based on the ACLs. The same would be true with any Firefox exploit.

“Do I really need to explain the difference between kernel space and user space to you? The operating system, that is, kernel space, has full access to all aspects of the system. User space has only what access the kernel gives it. A well-designed OS provides very little, if any, user space access to kernel space. The author’s point is that far, far too many things in Windows are implemented in kernel space and access to that kernel space is given out willy-nilly, since applications need those routines. If there’s a bug, the entire kernel(and thereby the entire system) could potentially be exploited.”
As I’m not sure exactly how Windows interacts with the kernel space on the specifics, I cannot answer this second of your critique.

“The beauty of Unix is that a normal user account cannot hose the system if exploited. You have to admit that it’s very, very easy to hose a windows box, even as a normal user.”
If you running under a User account in Windows, I don’t see how you can hose the entire operating system. The only portions of the OS that I can write to are my personal Documents and Settings folder. The rest is just read and execute by default.

“If you want to have a higher degree of granularity between the two, you use something like sudo, which allows you to grant certain users access to any subset of the superuser privileges.”
I did not realize this. I thought sudo was just a way to run one command under root while leaving the terminal still logged in under the user account. I stand corrected.

“Besides, the whole idea behind a multiuser system is that one does not need superuser privileges to perform everyday activities. In the office environment of which you speak, you’re either an end user, in which case you need internet, email, word processing, spreadsheets, etc., none of which should require superuser privileges, or you’re a systems admin, in which case you are the superuser.
No response here needed as I agree with you.

“See above. A hack is not(or rather, should not be) a permanent fix.”
I still don’t see how changing codebases is a hack rather than a fix. (Unless you know something that I don’t about the NT codebase that I don’t know.)

“So you propose cutting users off from browsing the internet?”
On the server machine, yes.

I understand the author to be saying that Windows cannot do headless non-local administration and because of this the Windows server machine would be vulnerable to browser exploits. This is why I said you could just disable access to the browser executables to mitigate this problem as this would fix the problem if Windows could not do remote administration.

However, Windows can do remote administration:Using Remote Desktop for Administration for remotely managing computers running Windows Server 2003 can greatly reduce administrative overhead in any Windows Server 2003 environment.
Administrators can access servers from anywhere: be it inside the computer room, or from halfway around the world over a WAN, VPN, or dial-up connection. They can start time-consuming batch processing jobs like tape backups, disconnect, and then dial-in to the corporate network at a later time to check the progress.
Server application and operating system upgrades can be completed remotely, as well as tasks that are not usually possible unless the administrator is sitting at the console—for example, domain controller promotion/demotion and disk defragmentation.
Server file system tasks, such as copying large files and virus scanning, are much more efficient when performed within a Terminal Services session, rather than using utilities that are executed on a client computer. And administration tasks are quicker and more intuitive than using command-line utilities, although it is still possible to open up a command shell. (Source: http://www.microsoft.com/windowsserver2003/techinfo/overview/tsremoteadmin.mspx)

“This is what is referred to as argumentum ad hominem, which is a logical fallacy. In a nutshell, you’ve attacked the author’s character in trying to further your argument. This may work in Congress, but I don’t buy it.”
I meant it as more of a statement of my opinion about the author.

“Pardon the sarcasm, by the way- it’s just my personality, don’t take it too seriously.”
Okie dokie.

Also, let me just say that I think that what Linux has managed to do is amazing. I have not yet used it near to the extent that I would like and plan to experiment with it more in the future.

That said, I still believe the security model implmented by Windows to be better, and that is all I’m trying to say.

• James

No hard feelings, James

Ian and James, I know both of you in real life and know that you’re not (very ) scary or anything, so Ian, let me know if I could provide James with your email address so that you could continue this conversation that way. Thanks!

(I’m not mad, upset, or even at all annoyed at you guys, just so you know. I just would like to keep comments somewhat on topic. Thanks for understanding.)

“This is very easy to do in Windows. Just deny that particular user (or group) access to cmd.exe.”

Unless you decide to implement your plan where normal users are isolated from the internet, this is trivial to circumvent: just find cmd.exe or a cmd.exe replacement like 4NT on the web somewhere and use it from the restricted account.

“Recently? Windows 2000 (which was released in 2000) was released in the first quarter of the year 2000! At the time of this article’s publication, that was nearly five years prior.”

Windows moved to a multiuser model in 2000. Unix had been founded on a multiuser model when it was designed in the sixties. Linux was designed to be a free Unix, even in its initial release in 1993. Last time I checked, 40 years was more than 5 years.

“I’m fairly certain Windows 2000 had this. In fact, considering how alike (in many respects, but not all) Windows 2000 and Windows XP are, I’m almost positive.”

Windows XP built upon Windows 2000’s security model, which was not yet complete when 2000 was released. It was far better than win9x, but not as advanced as XP’s.

“No duh. What? You would have had them keep the old design? First you criticize them for ever having the old design, (which I believe only existed in the Desktop version of Windows; I think Windows NT had mutliuser design, but I’m not sure) and then you criticize them for fixing it!”

A hack is not a fix, or at least not a good one; it should be a temporary solution at best. The author is saying instead of building on top of 10 years worth of crap, they should have revamped the core of the operating system to be more multiuser-oriented.

“Please tell me exactly how a vulnerability in Internet Explorer is exposing the system any more than a vulnerability in Mozilla Firefox when they both run in the user space in which they were told to launch.”

explorer.exe is both Internet Explorer and Windows’ own file manager. (try typing a local directory name into IE, or a web address into explorer- you’ll see what I mean). When a web browser is integrated into the OS’s core file managing software, a vulnerability in the browsing half could potentially expose the entire local filesystem to a malicious attacker.

“In the above architecture, a flaw in the graphics rendering routines cannot do global damage to your computer because the rendering functions do not have direct access to the most vulnerable system areas.

This only happens if you are in Admin.”

Do I really need to explain the difference between kernel space and user space to you? The operating system, that is, kernel space, has full access to all aspects of the system. User space has only what access the kernel gives it. A well-designed OS provides very little, if any, user space access to kernel space. The author’s point is that far, far too many things in Windows are implemented in kernel space and access to that kernel space is given out willy-nilly, since applications need those routines. If there’s a bug, the entire kernel(and thereby the entire system) could potentially be exploited.

“Linux has got to be one of the crappiest multi-user designs I’ve ever heard of. Unless you do a crapload of work with groups and system binaries, you’re either superuser or you’re a user. Linux administration sucks. There’s no way to effectively lower the priveledges of the superuser account so any any environment where some person’s daily job (i.e. in an office environment) requires that they need above-user priveledges, they need to user the superuser account which gives them access to everything. Gee. Linux handled that one beautifully.”

The beauty of Unix is that a normal user account cannot hose the system if exploited. You have to admit that it’s very, very easy to hose a windows box, even as a normal user. If you want to have a higher degree of granularity between the two, you use something like sudo, which allows you to grant certain users access to any subset of the superuser privileges.

Besides, the whole idea behind a multiuser system is that one does not need superuser privileges to perform everyday activities. In the office environment of which you speak, you’re either an end user, in which case you need internet, email, word processing, spreadsheets, etc., none of which should require superuser privileges, or you’re a systems admin, in which case you are the superuser.

“Yes, let’s blame them for a design that was originally bad, but which they have fixed. And for the record, Windows 2000 on is based on the Windows NT codebase, which is completely different from the Windows 9x codebase.”

See above. A hack is not(or rather, should not be) a permanent fix.

“If you’re so concerned about web-browsing based vulnerabilities, why not just disable access to the Mozilla and Internet Explorer binaries? It’s that simple. And in my solution as opposed to his, you still have the ease of use that a GUI provides.”

So you propose cutting users off from browsing the internet?

Furthermore:

“The author is an idiot who obviously has never used Windows to any great extent. He makes several glaringly erronous statements and honestly looked further than Slashdot comments for his facts.”

This is what is referred to as argumentum ad hominem, which is a logical fallacy. In a nutshell, you’ve attacked the author’s character in trying to further your argument. This may work in Congress, but I don’t buy it.

Pardon the sarcasm, by the way- it’s just my personality, don’t take it too seriously.

Any further critique is welcomed

[quote]Windows has only recently evolved from a single-user design to a multi-user model[/quote]
Recently? Windows 2000 (which was released in 2000) was released in the first quarter of the year 2000! At the time of this article’s publication, that was nearly five years prior.

[quote]Windows XP was the first version of Windows to reflect a serious effort to isolate users from the system, so that users each have their own private files and limited system privileges.[/quote]
I’m fairly certain Windows 2000 had this. In fact, considering how alike (in many respects, but not all) Windows 2000 and Windows XP are, I’m almost positive.

[quote]This caused many legacy Windows applications to fail, because they were used to being able to access and modify programs and files that only an administrator should be able to access. That’s why Windows XP includes a compatibility mode - a mode that allows programs to operate as if they were running in the original insecure single-user design. This is also why each new version of Windows threatens to break applications that ran on previous versions.[/quote]
God forbid, in adding to and revamping and OS, some stuff should be different from what it was last release! Oh, heavens no! You mean you can’t always have perfect compatibility from release to release?! GOOD GOD HOW WILL WE SURVIVE? Users might actually have to upgrade! :-O

[quote] As Microsoft is forced to hack Windows into behaving more like a multi-usersystem, the new restrictions break applications that are used to working without those restraints.[/quote] No duh. What? You would have had them keep the old design? First you criticize them for ever having the old design, (which I believe only existed in the Desktop version of Windows; I think Windows NT had mutliuser design, but I’m not sure) and then you criticize them for fixing it!

[quote]Microsoft made the Netscape browser irrelevant by integrating Internet Explorer so tightly into its operating system that it is almost impossible not to use IE.[/quote]
Microsoft made Netscape irrelevant by preying on user’s laziness. Most users won’t go searching for another browser because Internet Explorer does what they need! “impossible not to use IE”? Hardly.

[quote]Windows XP represented progress, but even Windows XP could not be justifiably referred to as a true multi-user system.[/quote]
Please tell me why the heck this was in here? The type multi-user switching this guy is talking about does not enter into the security of a product in the slightest.

[quote]When Microsoft integrated Internet Explorer into the operating system, Microsoft created a system where any flaw in Internet Explorer could expose your Windows desktop to risks that go far beyond what you do with your browser. A single flaw in Internet Explorer is therefore exposed in countless other applications, many of which may use Internet Explorer in a way that is not obvious to the user, giving the user a false sense of security.[/quote]
This is an unfounded statement that is often quoted, but never backed up with proof. Please tell me exactly how a vulnerability in Internet Explorer is exposing the system any more than a vulnerability in Mozilla Firefox when they both run in the user space in which they were told to launch.

[quote]In the above architecture, a flaw in the graphics rendering routines cannot do global damage to your computer because the rendering functions do not have direct access to the most vulnerable system areas.[/quote]
This only happens if you are in Admin.

[quote]Case and point: The Windows XP service pack 2 already has a growing history of causing existing third-party applications to fail.[/quote]
No it’s not. This is the cause of Microsoft rewriting a significant portion of the operating system.

[quote]Windows Depends Too Heavily on the RPC model[/quote]
I would attempt to answer this, except for two reasons:I do not know much about RPCThe author has shown so much ignorance about matters much more basic than RPC, I don’t trust him to get his facts straight.

[quote]Linux is based on a long history of well fleshed-out multi-user design[/quote]
Linux has got to be one of the crappiest multi-user designs I’ve ever heard of. Unless you do a crapload of work with groups and system binaries, you’re either superuser or you’re a user. Linux administration sucks. There’s no way to effectively lower the priveledges of the superuser account so any any environment where some person’s daily job (i.e. in an office environment) requires that they need above-user priveledges, they need to user the superuser account which gives them access to everything. Gee. Linux handled that one beautifully.

[quote]In addition, users associated with services such as Apache, MySQL, etc., are often set up with user accounts that have no access to a command line. So if a malicious hacker somehow breaks into the MySQL user account, that hacker cannot exploit that vulnerability to issue arbitrary commands to the Linux server, because that account has no ability to issue commands.[/quote]
This is very easy to do in Windows. Just deny that particular user (or group) access to cmd.exe.

[quote]In sharp contrast, Windows was originally designed to allow all users and applications to have administrator access to every file on the system. Windows has only gradually been re-worked to isolate users and what they do from the rest of the system.][/quote]
Yes, let’s blame them for a design that was originally bad, but which they have fixed. And for the record, Windows 2000 on is based on the Windows NT codebase, which is completely different from the Windows 9x codebase.

[quote]Microsoft has employed to create this barrier between user and system is still largely composed of constantly changing hacks to the existing design, rather than a fundamental redesign with multi-user capability and security as the foundational concept behind the system.[/quote]
See above response.

[quote]This may be one of the most important differentiating factors between Linux and Windows, because it virtually negates most of the critical security vulnerabilities that are common to both Linux and Windows systems, such as the vulnerabilities of the Mozilla browser vs. the Internet Explorer browser.[/quote]
If you’re so concerned about web-browsing based vulnerabilities, why not just disable access to the Mozilla and Internet Explorer binaries? It’s that simple. And in my solution as opposed to his, you still have the ease of use that a GUI provides.

It was at this point that I quit reading the article.

Any questions, comments, and critiques are welcome.

• James

As to the second link, it does not enter into our debate at all (although I will read it just the same as it seems informative) so I’m not sure why you posted it.

You bashed Windows on three fronts: 1. It costs 2. It is insecure (and you seem to imply that it cannot be made as as Linux) 3. It is not stable. I responded to all three. I made no claim as to which EULA was more or less restrictive for the end user.