[Discussion] Speaking of Windows Security...

Tue Apr 6 11:52:45 PDT 2010

Bill,

I think there needs to be couple of clarifications:

1) The "safe" Chrome and IE8 do not run on XP. They run on Vista or Windows 7. The claim of the 
report is that Mandatory Integrity Control (MIC) is a feature of Vista and Windows 7 which can be 
utilized by browsers to make browsing safer, and that Chrome and IE8 are two browsers which utilize 
that "technology".

The point of the article is to dump XP and move to a "modern" operating system. Plus to justify 
Microsoft's decision to build that "technology" into the operating system rather than into the browser. 
Because if they built it into the browser then XP users would have the so called added security.

2) Saying that MIC fixes security problems is like saying that putting "do not touch" signs on all your 
valuable property fixes a security problem caused by removing your front door from its hinges. Using 
Windows (any version) is like taking your front door off its hinges. Being proud of a new security 
system that consists of "do not touch" signs is missing the point.

The fundamental problem with Windows is that (huge portions of) the operating system (all versions) 
is designed to be remotely executed. And then we are all suprised that there are security issues.

Microsoft's security answer in Vista was to create a pseudo administrator ID, while hiding the real 
administrator ID, and then throw up a dialog box asking permission any time an application/process 
tried to do something potentially harmful. The problem is the average user (including me) has no idea 
when to give permission and when to not give permission.

The problem Microsoft faces is that XP is too popular and people want to continue using it. Microsoft 
does not make money when people continue to use XP; they make money when people buy new 
operating systems. (Sounds very much like the Warp vs eComStation issue). Installing and/or 
upgrading to a new operating system is a very difficult task for most average users. So most average 
users will never do it. They wait until they get a new machine. And since processor speeds have 
stablized, there isn't all that much incentive to upgrade. 

Doug Clark

On Tue, 06 Apr 2010 06:54:58 -0700, Bill Nicholls wrote:

>
>Windows XP Users:
>
>I just found this today and suggest you might want to move to Chrome or IE8 as your browser, as 
the report shows that it is more secure than Firefox.
>
>Bill
>
>"This advantage is not one that is merely hypothetical, either. In common with other vendors, 
Microsoft assigns a risk rating to every security flaw, and Internet Explorer flaws on Windows Vista 
and Windows 7 have quite consistently had lower risk ratings than those same flaws on Windows XP. 
Why? Because the flaws are greatly restricted by the MIC barrier. Microsoft might be biased, but 
there are security researchers who concur; Charlie Miller, so successful at pwn2own, regards Chrome 
and IE 8 on Windows 7 as arguably the safest Web browsing platform. It's no coincidence that these 
are the browsers that use MIC sandboxing. The protection works."
>
>Full Article: 
http://arstechnica.com/microsoft/news/2010/04/why-microsoft-did-the-right-thing-in-ditching-xp-for-ie9.
ars
>
>
>
>

Thanks

Douglas Clark