Friday, April 29, 2005

Was Integrating IE and Windows Explorer a Good Idea? Part II



Excel-web sharing of spreadsheetsThe discussion on the JOS forum related to whether Windows was poorly designed or not continues. Myron takes the general position that Windows was not poorly designed and that most security vulnerabilities in Windows are based upon buffer overflows. I disagree. Here's the latest:
(Picture credit R C Vaughn)

#1 List a security vulnerability that was caused by poor design. So far you haven't. All you've done is make vague statements.

Follow me here...

#2 How is the registry a security vulnerability? And how is it poor design? I wish Linux had a registry.

Examples: how is it that malware can write to the registry and secrete away a myriad of automatic, surreptitious startup options? Wouldn't it make sense (at least) to let the user in on that little secret? Extra credit - how is it that the default address book was programmatically accessible without some sort of authentication step, the cause of scores of email worms and untold labor hours?

#3 While one could argue that COM is very complicated, I don't think you could call it "poor design". If you think it is, please cite some specific examples.

It's a horrible design. Simply put - why do you think SOA/SOAP/UDDI/etc., for example, have de facto replaced *COM* and CORBA as the leading method for marshalling services (even localhost services)? Because *COM* and CORBA were so great? No, because they were overly complex and nightmarishly difficult to work with: i.e., poorly designed.

#4 "DLL hell" is more the fault of crappy installers than anything.

And why, then, has Microsoft dramatically evolved DLL handling by the OS over the years? It's been a huge point of weakness in the OS and you should readily admit it. They do.

#5 No, browser helper objects aren't a security vulnerability. BHO's don't magically install themselves. They are installed by a user after clicks Yes. If you disapprove of an extensible browser interface, then you must really hate Mozilla plug-ins.

And how does the average user list the installed BHO's - most of which are pure malware? How about removing them? If your Mom has a BHO polluting her machine, what's your recommendation for getting rid of it? Some third-party product? BHO's are, flat out, a security _nightmare_. Poor design: think CRUD without the RD and you've got BHO's.

#6 Mandatory access control is certainly an improvement, although I don't think it's quite ready for mainstream deployment yet. It is available in Windows via 3rd party add-ons. Either way, you can't cite this as proof that Linux is somehow "better deisgned" than Windows, since this is a fairly new addition to the Linux kernel.

Please name a third-party Win32 product that adds MAC - I've been looking for one and have not found a thing. I sincerely would like to see one for a project I'm working on.

#7 I could argue that Microsoft's ACL and Active Directory system allows for far more granularity than Unix's UGO system.

The ACL/ACE structure is quite powerful and I would agree that in many ways it is superior to the Unices approach. That said, the relative merits of ACLs are tangential to the overall security of a box... compared with, say, MAC/RBAC integrated at the kernel level.


JOS: An ongoing discussion
 

No comments: