Fog Creek Software
Discussion Board

Can Windows ever be secure?,3959,5264,00.asp

Old news (May 13, 2002), but not .that old

"Jim Allchin [that vi guy], Microsoft's senior vice president for Windows, warned in testimony Tuesday that too much disclosure of technical information in the wrong areas would benefit hackers and create more opportunity for virus attacks."

Compare this disposition to that of open source's  "many eyes" philosophy:

Certainly begs the question "can windows ever be secured?".

Certainly in the thread "Is Linux more Secure than Windows" nothing was offered by the MSFT fan club other than "Security is impossible, so quit whining"  Which is in keeping with the party line coming out of Redmond these days.

Can a Windows workstation install ever be secure without a 3rd party (most likely linux or BSD) firewall guarding the door?

If so, then what references would a person read to insure security on a single workstation install?  (Several references were given in the Linux thread)

nat ersoz
Friday, November 7, 2003

Alchin's warning doesn't derive from Windows being more vulnerable than Linux, but from disagreeing with the premise that exposure equals security.

Although Schneier and other luminaries favour disclosure, it's also possible to consider the way, for example, presidential itineraries and many other security issues are handled. Intelligence agencies don't reveal the names, addresses and routes-to-work of their operatives.

Friday, November 7, 2003

I doubt it. Windows is a product from a large company that makes alot of money. Their goals differ. I ask, can linux/bsd ever be profitable?

Tom Vu
Friday, November 7, 2003

> Certainly begs the question "can
> windows ever be secured?".

I wonder - was "ultimate security" a design requirement for Windows?

I think not.

I think that they wanted to have as much features as possible, in order to sell as many Windows licenses as possible.

Features usually sell products.

If MS has to decide between improving the graphics of a certain widget, which all people see, and improving security, which few people see and acknowledge, they do the former.

So - I belive that, until now, security was a very low priority for Microsoft.

Because of the current PR programs regarding Windows security, they consider it more important, now.

And, because they consider it more important, they shall secure it.

I mean, it's that simple.

The only problem is that they can't do this in one month - it will probably take more than a year.

Friday, November 7, 2003

There's always a balance between security and usability. The best way to secure your computer is by putting it in a safe. Very secure... but not very productive :-)

It wouldn't hurt if Windows came with a good stateful firewall, turned on by default, along with an anti-virus + anti-spam package.

Frederic Faure
Friday, November 7, 2003

Uh, can Linux ever be secure?

Last I checked there were security breaches still being found in Linux and other UNIX operating systems on a regular basis.  Sure, they tend to be found more in Windows these days, but if there's a new Linux hole found every month and three Windows holes found every month, that's still plenty of insecurity to go around, and none of the systems currently deployed can really be considered "secure" as some sort of absolute term.

Security is always a balancing act with convenience and cost.  Clearly Windows biases things a bit more towards convenience, which I think is the right choice for them.  Most UNIX vendors bias more towards security, which is right for them (but means they'll never take over the mainstream desktop user market). 

Mister Fancypants
Friday, November 7, 2003

There is no solid evidence that the open source "many eyes" development model is any more secure (or any less) than the closed source model.  People can argue what they "feel" is a better approach, but that's about it.  There's pleanty of examples of both models failing (SQL Slammer, sendmail exploits, etc).

Also, a closed source development model does not necessarily preclude review of the source code by outside parties.  I know that Microsoft regularly has third parties review their source code.

And, to answer your question about leaving Windows exposed to the Internet without a firewall: Yes, you can.  As long as you have your patches up to date, and you don't have unnecessary services turned on.

A firewall is not a substitute for good secuirty practices internal to your network.  That's true for ANY platform.  "Hard and crunchy" on the outside, "soft and chewy on the inside" doesn't work.  Just think of all those corporate laptops out roaming around.  Any one of them could be compromised, and then cause problems once they're connected behind your firewall.

There are pleanty of resources for locking down Windows.  Microsoft's Baseline Security Analyzer is the best starting point.

Myron A. Semack
Friday, November 7, 2003

"nothing was offered by the MSFT fan club other than "Security is impossible, so quit whining"  Which is in keeping with the party line coming out of Redmond these days."

Last time I checked, a security expert saying that *any* system on the internet could be "100% secure" would be grounds for firing him. Or, to put it another way, "the only way to make a system 100% secure is to take out the network card, unplug it, and lock it in a vault"

If there's a need for internet packets to go from the wild to your server, you've got a security vulnerability. The issue has always been risk analysis and risk mitigation.

Also, IMHO, asking "I have to choose between Windows and Linux - which platform is more secure?" translates to "I have no idea what I'm doing, but I'm going to hire a lot of people and throw money around until we're bankrupt. Can you help?"
Choosing a platform (Windows or Linux) has a thousand variables - what do you want to do? What internet access do you need? Where are your vulnerabilities? What scalability do you need? What are your data storage requirements? What will affect your TCO most? What talent pool do you have access to? etc, etc, etc.

Asking "which platform is more secure" is a bald-faced indication that you have no idea what you're doing.

In addition, poor sysadmins or security policies will render either platform's security abilities worthless, and that's where a vast majority of breaches come from.

Now, given all that, I really think that arguing over which platform is more secure is a flat out waste of time. The concern is "how do I best secure what I have?"


Friday, November 7, 2003

"" "Security is impossible, so quit whining"  Which is in keeping with the party line coming out of Redmond these days.""

Exactly.  If not this drivel we get "blah blah more popular, larger target blah blah that's why it has more holes blah blah"

On another note.  Microsoft can't even seem to make their servers work correctly until the 4th service pack.  Case in point, just put in a new x445 with 10 gb ram.  I enable /PAE to use the extra ram.  Looking through knowledge base I see that it is only SP4 on Win2k Advanced server that makes this even work correctly.  "We're enterprise quality.  Really we are.  Really.  I'm serious.  Really."

I've fired Microsoft.  I can't stand working with their broken shit anymore. 

Not heading for Linux either.
Saturday, November 8, 2003

IMHO, MS won't get serious about security because it can't.  Its culture is based around competition (which isn't too bad a culture for a business), not engineering.  As long as they spend their time worrying about their competitors, they can't spend the time needed to make really solid releases.

Spend 3 years working on another system, be it Unix or OS X or what-have-you.  Then go back to windows.  Every time I tried (and I really did try to give them a fair shake, several times), the flaky engineering got to me.  This is obviously subjective, but it's the only measure I have.  My feelings using windows alternates between wanting to vomit and to throw the machine on Gates's head*.  Others seem to get along fine by it, but I personally don't know one person who's spent more than a couple of months on another OS and happily came back to Windows.  I honestly get the feeling that  the MS fans I've talked to credit them with all the innovations of the entire industry, because they've never seen the 'real world' of computing.  It's an ecosystem and MS seems to put a hood over its users, telling them that MS is the center of the world. 

Between their machiavellian business strategy and the thick layers of BS, I just can't stand them.

Sorry for the rant.  It just flows whenever "MS" and "engineering" come to me.

* I'm just a naturally violent person.  It's in the blood.

H. Lally Singh
Saturday, November 8, 2003

I don't think most Windows customers are willing to pay the marginal cost of good security. A Windows license is currently something like $100-200. Securing Windows to the same level as OpenBSD would probably double that at least. MS would lose a lot of sales if the basic Windows client was $400.

Dan Maas
Saturday, November 8, 2003

Comparing Windows against Linux is unfair.  Windows
is a platform and Linux is just a kernel.

You have to include the security holes of Linux plus the
security holes of Apache, Php, Mozilla, Thunderbird, Perl,
the hundreds of shell utilities and perl modules.

The default installation of a RedHat distribution needs
plenty of patching.

Amour Tan
Saturday, November 8, 2003

The biggest security flaw is poor password management.
Most users choose an English word as their password.  Just
launch an attack using words in the dictionary and the site
is doom.

Hundreds of web sites get defaced that way everyday.

Amour Tan
Saturday, November 8, 2003

"Spend 3 years working on another system, be it Unix or OS X or what-have-you.  Then go back to windows.  Every time I tried (and I really did try to give them a fair shake, several times), the flaky engineering got to me.  "

That is exactly what I mean.  Maybe I am too much of a perfectionist, but when I choose a server product I wan't performance and reliability and security.  I don't want to wait for the 4th service pack to have something as big as highly touted as /PAE to finally work.  That is unacceptable.  I also detest the Windows design paradigm assuming a user is going to watch the screen at all times and be only too happy to click on the plethora of dialog boxes that pop up. 

Case in point.  Reading a book on SQL Server Backup and Restoration the author cites a company that didn't have good backups because no body logged on to the console to notice that the tape backup software was waiting for a response to a yes / no dialog box.  I am not sure if it was Windows backup or a third party backup software.  My point is how the hell is that enterprise ready software?  Server products should NOT be written to expect a user to tell it what to do.  It should be set it and forget it.  It is all these damn desktop programmers that extrapolate their design practices to server products.  Those design practices are fine for the desktop but have no place on the server.

Not headed for Linux either
Saturday, November 8, 2003

*  Recent Topics

*  Fog Creek Home