[Discussion] Speaking of Windows Security...

Tue Apr 6 13:55:42 PDT 2010

I agree with point 1, but on 2, MIC in the browser would only protect 
the browser, not the whole OS. As much as I disagree with a *lot* of 
what MS does and has done, this report I quoted nails a lot of issues 
about security.

Remember, BG is no longer in charge and a new man has done a real job 
with W7. In addition, MS was the security laughing stock until just 
recently. They did the security in order not to lose big customers who 
were unhappy (or worse) because of what it cost to protect and recover 
from virus and trojan attacks. MS *had* to get their security game on, 
and in the case of XP, this meant changes at the core level, which meant 
a lot of code had to be rewritten.

Vista was another hard lesson on how not to write an OS. Result - Win7 
was out on time and ran cleanly (if not perfectly) from the start. Those 
two lessons and changes have made even Vista 'good enough' and W7 even 
better.

Like a lot of people, I have to run Windows for certain applications 
such as Photoshop and others. Under XP, Photoshop was not completely 
stable, under Vista it's solid.

I really wish eCS had grown to having some emulation capability, or 
virtual windows support because it would have continued as my primary. 
Now, regrettably, I run a big Vista system and a small eCS system for 
backwards compat. with old familiar and useful programs. I also run ten 
Suse Linux systems, three for file servers and all of them running BOINC 
for climateprediction.net in the PacificNorthwest team, which I founded 
in October of 2004.

I've come a long way from a small OS/2 system in 1991, a beta from IBM. 
That grew and multiplied and morphed and reconfigured until I reached my 
current config, just a bit over the top. :-}

An old saying comes to mind: "The right tool for the job."

Now my toolbox is much bigger, the work is more complex. I miss the 
earlier more comfortable and less complex environment, but what I am 
doing requires most of what is in place. There are a few Linux systems I 
could consolidate, but I've been too busy. And sailing season is coming 
up - I've got a new boat, an Ericson 323. Puget Sound is the best place 
to sail IMNSHO.

Later folks,
BillN

On 4/6/2010 11:52 AM, Douglas Clark wrote:
> Bill,
>
> I think there needs to be couple of clarifications:
>
> 1) The "safe" Chrome and IE8 do not run on XP. They run on Vista or Windows 7. The claim of the
> report is that Mandatory Integrity Control (MIC) is a feature of Vista and Windows 7 which can be
> utilized by browsers to make browsing safer, and that Chrome and IE8 are two browsers which utilize
> that "technology".
>
> The point of the article is to dump XP and move to a "modern" operating system. Plus to justify
> Microsoft's decision to build that "technology" into the operating system rather than into the browser.
> Because if they built it into the browser then XP users would have the so called added security.
>
> 2) Saying that MIC fixes security problems is like saying that putting "do not touch" signs on all your
> valuable property fixes a security problem caused by removing your front door from its hinges. Using
> Windows (any version) is like taking your front door off its hinges. Being proud of a new security
> system that consists of "do not touch" signs is missing the point.
>
> The fundamental problem with Windows is that (huge portions of) the operating system (all versions)
> is designed to be remotely executed. And then we are all suprised that there are security issues.
>
> Microsoft's security answer in Vista was to create a pseudo administrator ID, while hiding the real
> administrator ID, and then throw up a dialog box asking permission any time an application/process
> tried to do something potentially harmful. The problem is the average user (including me) has no idea
> when to give permission and when to not give permission.
>
>
> The problem Microsoft faces is that XP is too popular and people want to continue using it. Microsoft
> does not make money when people continue to use XP; they make money when people buy new
> operating systems. (Sounds very much like the Warp vs eComStation issue). Installing and/or
> upgrading to a new operating system is a very difficult task for most average users. So most average
> users will never do it. They wait until they get a new machine. And since processor speeds have
> stablized, there isn't all that much incentive to upgrade.
>
> Doug Clark
>
>
>
>
> On Tue, 06 Apr 2010 06:54:58 -0700, Bill Nicholls wrote:
>
>    
>> Windows XP Users:
>>
>> I just found this today and suggest you might want to move to Chrome or IE8 as your browser, as
>>      
> the report shows that it is more secure than Firefox.
>    
>> Bill
>>
>> "This advantage is not one that is merely hypothetical, either. In common with other vendors,
>>      
> Microsoft assigns a risk rating to every security flaw, and Internet Explorer flaws on Windows Vista
> and Windows 7 have quite consistently had lower risk ratings than those same flaws on Windows XP.
> Why? Because the flaws are greatly restricted by the MIC barrier. Microsoft might be biased, but
> there are security researchers who concur; Charlie Miller, so successful at pwn2own, regards Chrome
> and IE 8 on Windows 7 as arguably the safest Web browsing platform. It's no coincidence that these
> are the browsers that use MIC sandboxing. The protection works."
>    
>> Full Article:
>>      
> http://arstechnica.com/microsoft/news/2010/04/why-microsoft-did-the-right-thing-in-ditching-xp-for-ie9.
> ars
>    
>>
>>
>>
>>      
> Thanks
>
> Douglas Clark
>
> _______________________________________________
> Discussion mailing list
> Discussion at lists.possi.org
> http://lists.possi.org/mailman/listinfo/discussion
>
>    