[rescue] [geeks] Windows monoculture (was Last Call - Ultra 5/10 parts)

Carl R. Friend crfriend at rcn.com
Tue Mar 11 19:59:57 CDT 2014


    On Tue, 11 Mar 2014, Andrew Hoerter wrote:

> Not that I relish defending Windows, but two of the biggest malware
> vectors in the Windows world are Adobe Flash and the Java browser
> plugin.

    Adobe Flash is a morass of problems that may well be unresolveable,
and, personally, I suspect that some of those "problems" were quite
deilberately engineered into the package.  That Java is a problem is
virtually inexcusable as the thing was originally designed to run in
a high-walled sandbox.

> Microsoft can't be blamed for the sins of others.

    This puts me in the same boat as Mr. Hoerter.  Microsoft have
certainly committed their share of evils over the years, but the
overall picture plainly shows that there's more blame involved than
can realistically be aimed at Redmond.

> In theory, the NT security model is far richer than traditional Unix,
> but it all goes out the window (heh) when ordinary user accounts are
> administrator-equivalent.

    NT, as the R&D successor to VMS (codenamed "Mica" at DEC) is now
actually a very capable and robust kernel.  True enough, it was a
steaming POS in its early incarnations (just like VMS), but really
by the time that Mica/NT 5 came out it was pretty darned good.  At
issue is the amount of stuff that Microsoft allow to run in kernel
mode (mainly video drivers and that ilk) that represent the most
serious threats.  If something vectors in through Flash and tweaks
a vulnerability in a video-card driver that Microsoft didn't write
is it *really* Microsoft's fault?

    As far as user-level accounts running with admin privilege, MS
have tried to address that but it's worth recalling that the average
computer user (like a recreational drugs user) has no concept of
systems administration any more than the recreational drugs user has
an understanding of why the things work.

    The biggest problem -- by far -- is that there are more computers
in use on the planet than there are experienced systems professionals
who can look after them.  Is it really the manufacturer of the chain-
saw who's at fault when an incompetent (and I am using the term in a
non-derogatory way there, just to disambiguate) user cuts his fingers
off?

    (On the notion of incompetence: All of us, without exception, began
life that way.  There is no shame whatsoever in that.  Competence is
gained through learning and experience, and to achive it takes longer
in some things than others.  I can run a chainsaw; I drive a manual
transmission car; and I professionally admin computers.  Guess which
took the longest to acquire and the most work to stay atop of.)

    Cheers!

+------------------------------------------------+---------------------+
| Carl Richard Friend (UNIX Sysadmin)            | West Boylston       |
| Minicomputer Collector / Enthusiast            | Massachusetts, USA  |
| mailto:crfriend at rcn.com                        +---------------------+
| http://users.rcn.com/crfriend/museum           | ICBM: 42:22N 71:47W |
+------------------------------------------------+---------------------+


More information about the rescue mailing list