No, not me. My net.friend Alistair. He read this article and got a touch annoyed about some of the untruths and misconceptions present in the article, so he decided to respond. Not that I blame him; while this article raises some good points (which I’ll get to in a minute), it also perpetuates some astonishingly wrong myths and legends. Read his response here. A quick summary of Alistair’s points:
- Ever heard of RunAs?
- There are more than two types of users in a default modern Windows installation.
- 39+ separate privileges, discretionary file and registry ACLs, and guidelines/best practices on how to use them for security since the days of NT4.
- ActiveX is only as insecure as the user behind the keyboard.
- People who are spending too much time fighting spyware and viruses need to take a look at their behavior.
- People who need to reinstall Windows on a regular schedule need to take a look at their behavior.
Let me chime in here on points 3, 5, and 6:
39+ separate privileges, discretionary file and registry ACLs, and guidelines/best practices on how to use them for security since the days of NT4: by all means, Microsoft has made their share of mistakes in the security market. NT4 and the Windows 9x codebase were not really ready to be on the Internet, but the lion’s share of the blame has to be on developers (and users) who ignored all of the guidelines that Microsoft put out and did really stupid things. I’ve lost track of the number of programs I’ve seen that could be run with a non-admin account if the developers had ever bothered to document exactly which permissions you needed to a) install and b) run the thing. Alistair also makes a valid point when he points out that many people circumvent the default file ACLs by not using the My Documents folder or taking the time to properly move their home directory. Microsoft could bundle a Move Home Directory Wizard which did the right thing, but then people wouldn’t use it. And let’s face it — lazy developers aren’t just a Windows problem. How many bad CGI and PHP scripts are out there that effectively open up a web server to any attacker? Granted, the UNIX security model is simpler than the Windows model, but it by no means fixes all problems and the seeming simplicity invites even experienced users to shoot themselves in the foot from time to time.
People who are spending too much time fighting spyware and viruses need to take a look at their behavior: my wife might get upset with me for pointing this out, but the one computer in my household that needs the most TLC is hers. Why? Because she goes to a lot more strange and risky websites than I do, and we keep strict control over where our kids are allowed to point their browsers. She’s got friends and family who send her those asinine online greeting cards, little Internet gamelets, and she has quite a few online games that she go plays. In order to do all of that effectively, she’s got to accept a lower limit of security, and a lot of those sites want to install spyware. Once I got her to understand that I wasn’t saying that she was the problem, but rather than she was putitng her system at a higher level of risk by her choices, she’s gotten smarter about which sites she visits and her computer has been more stable.
People who need to reinstall Windows on a regular schedule need to take a look at their behavior: More of the above. I had an installation of Windows 2000 that lasted for four years without major issues, and that was after two motherboard upgrades and a switch from SCSI to IDE. Our home network runs on a strict principle of separation of privilege: my wife and I have admin access, but not on our regular accounts. The kids don’t even have admin access, which means Steph or I need to approve all new software installs. Unlike many home users, I’ve got a domain set up, so we’ve even got a proper OU structure in place for easy Group Policy management. A little bit of forethought and user education save a lot of maintenance time down the road. I finally switched my home network over to Windows precisely because the combination of Active Directory and Group Policy allow to manage a lot of this stuff automatically, rather than having to either check it manually or spend a lot of additional time setting up custom scripts or installing additional software packages (and then tying them together with scripts) like I did on UNIX.
Don’t get me wrong — I’m not trying to turn this into Windows vs. UNIX, as I use and love both. But Windows is not the insecure codebase that people think it is, if you’re using a modern version (yes, all you Windows 9x users — I’m looking at you) and using it in accordance with best practices and common sense.