OK. Windows for a long time gave everyone administrator priviledges by default, and many/most programs for Windows require admin rights to do anything useful, which equates to the same thing (forcing everyone to run as admin). How many people here don't run as Admin on a regular basis in Windows? You can argue that these people are idiots, or you can argue that the nature of Windows demands it; I would argue the latter. Any operating system (for example OS X, Linux) which does not give everyone admin rights by default would be inherently more secure than one that does. Vista is changing its security model not to give everyone admin rights, from what I read, so even Microsoft (finally) realizes this. Doesn't change the fact that up to and including Windows XP, any user has the ability to delete nearly any system file.Originally Posted by Cid
Installing a program in Windows invariably requires admin rights because system-wide folders are accessed and the Registry is edited. In other operating systems (OS X, Linux) users can install programs on a per-user basis without touching the rest of the system. I would argue that an operating system where most programs make system-wide changes of this sort is inherently less secure than the opposite.
Windows has a single point of failure (the Registry) which nearly any program has rights to edit. If this wasn't true, spyware and adware and viruses would have a much harder time of things. Other operating systems (OS X, Linux) do no have such a wide-open, freely-editable single point of failure. Windows allows things like Sony music CDs to install programs without user interaction which fundamentally change or break the operating system at its lowest levels. Other operating systems do not (OS X, Linux).
Windows has tons of crap directly tied into the kernel. No web browser should he inexorably tied to the operating system in such a way that a browser crash = a system crash. Other systems do not have such things (Linux, OS X to a lesser extent). I would argue that a system whose kernel is more neatly separated from large, complex programs like web browsers is inherently more secure.
Windows XP before SP2 (possibly before SP1?) came with many services running by default, accessible to remote connection. Other operating systems do not (OS X, various flavors of Linux). I would argue that an OS that is listening on ports which are easily exploitable (and have been exploited in large numbers, e.g. Blaster), by default, from the moment you install, without the user doing anything, without informing the user that it's even happening, is less secure than one which does not. I would also argue that not knowing to check your OS for running background services does not make a person an idiot. Do we expect grandma to portscan her computer to make sure her OS vendor isn't incompetent? It's like shipping a car with 4 lug nuts loose on each tire and calling people idiots when their tires fall off.
Windows determines whether something is an executable file by its file extension, and also hides file extensions by default from users. Other operation systems do not (OS X, Linux). This allows someone to do nice crap like send you a wallpaper.gif.exe file and then you have a 50/50 chance of knowing what kind of file it really is. And Windows will happily and blindly execute it. Linux executes a file only if the executable flag is set, and then on a per-user basis. I would argue that Windows is far too lenient in what it considers an executable.
Windows is overly complex and bloated. Opening a file in Notepad requires something like 12 or 16 system calls, I remember reading in one of my programming textbooks. (A system call is when a program makes a request of the kernel.) This is a bit ridiculous. The simpler an OS, the less opportunity for security holes. The more things running in user space, the better. I would argue that Linux at least, and possibly OS X, are simpler and have much more running in user space rather than kernel space, and are therefore less likely to have holes which have the ability to affect the system as a whole.
I could go on, but that's enough. Unless you know of specific ways that Linux and OS X are FAR LESS secure than Windows, which make up for all the things I've mentioned above, you must admit that Windows is inherently less secure.
You may as well make the argument that a house with no doors or windows is not more secure than a bank vault because given enough time and enough people trying, they could get into the bank vault too. Or that the ONLY reason normal houses are robbed more often than bank vaults is because more people have normal houses than bank vaults.
All operating systems are insecure, yes. All programs have bugs, yes. But some have far more problems than others.
Reply With Quote