Thursday, September 15, 2005

Windows security

In a recent interview with seattlepi, Bill Gates of Microsoft has this to say about security:
Software in general, whether it was from Microsoft or somebody else, was not set up for an environment where all the computers were connected together.
The comment quite profoundly reflects Microsoft Windows' approach to networking. Through its history, Windows has always been a system for personal use and productivity. The basic philosophy of Windows (until recently, maybe) has never been that of a networked system. Worse, there seems to be no design-level thinking involved to address security.

Till today (in Win XP), the only thing that prevents me from fiddling with C:\WINDOWS folder on a PC is a warning in Explorer that says "this folder contains system files and should not be disturbed", with a helpful "show the contents of this folder" right below it. And even that does not apply to any executable program which could just possibly contain malicious code. Oh you'll come across Windows file permissions all right. Try this - install a fresh copy of Win XP on a new drive and try and access your My Documents folder on your old hard drive. It'll be locked and you'll have to painfully thread your way across re-establishing yourself as the owner and giving recursive read/write permissions to your old My Documents folder before you can get access. Yet, strangely enough, you can open and modify critical system files in C:\WINDOWS\SYSTEM32 without doing anything except clicking on "Show the contents of this folder" link. True, there are "limited accounts" in Windows XP, but you can't even change the timezone on your own with a limited account (a flaw that should be corrected in Vista, according to Deepak).

Unix on the other hand, was designed to be a multi-user system, which forced a system of security to be created and enforced. Even the first version of Unix (1974?) boasted the ability to handle two users at a time, and therefore no non-administrative user in Unix has ever been authorized to modify system files. And yet, even as a non-privileged user on any Unix system, I can download, install and run my own Window manager, development environment, web browser, email client, IM client etc., which is probably why I've only heard complaints about being given "limited access" only from Windows users. In Unix few users expect, or need, administrative (root) access.

The absolute worst period for Windows security was when SP1 was released. I remember trying to setup Windows XP computers in NTU in 2003, when the network was infested with worms. If you tried to do a straight Win XP install connected to the network, your computer would become infected within five minutes of the brand new operating system starting up - way before you had time to patch the system. The operative method then was - install with the network disconnected, install any firewall, enable the firewall and only then dare to connect that RJ45 cable.

The hordes of security issues resting around Windows have, thankfully, forced Microsoft to take proactive measures, and I think that they're actually doing pretty well after the release of SP2 because of Windows firewall. Whereas once it was always the latest versions of Windows XP to be attacked because Microsoft couldn't patch it up fast enough, these days an up-to-date SP2 system is relatively well protected and in fact the latest Zotob worm actually went back to targeting Windows 2000 computers, and even that was handled pretty well. Hopefully Vista will improve even on that and make security a minor issue as opposed to a major headache.

Firewalling, though, has been around as a standard feature in *nix since before Windows 95, because the designers anticipated the problem and did something to overcome it. What Microsoft needs to do is think ahead and think prevention to earn the label of making a secure OS.