Can we lay to rest the notion that Microsoft Windows' poor track record for security is nothing more than the inevitable result of popularity? Chad Perrin makes clear what he thinks of the Windows OS.
Can we lay to rest the notion that Microsoft Windows' poor track record for security is nothing more than the inevitable result of popularity?
Let's set aside any formality and objectivity for a moment. Let's make this personal.
It's easy to say that the debate over the reason for MS Windows' poor security track record rages on, but the truth is that there is no debate. There are two camps, and they do disagree with each other, but it's not really a debate. Debate implies that both sides engage in some kind of discussion. When one side tries to discuss matters of security principles, including the rationale for those principles, while the other repeats oft-heard refrains that have no basis in logic and refuses to examine the matter in any further depth, "discussion" is not the result.
The first camp (because I tend to like them more) is made up of people who understand technical principles of security, and think deeply enough to realize that correlation does not imply causation. They know that a number of key factors contribute to better security. Attention to some of these factors looks something like this:
- Employ diligent, responsible, and transparent development.
- Employ layered defense strategies.
- Empower and protect responsible users.
- Monitor key resources.
- Reap the benefits of public review.
- Respond quickly, effectively, and transparently to vulnerability discovery.
- Respond responsibly to new security challenges with innovation and honesty.
- Test solutions for correctness.
- Treat diseases rather than mere symptoms.
- Use least privilege authorization schemes by default.
Many people in this first camp regard Microsoft Windows as a wart on the face of software security. Those who do not have that harsh a view of MS Windows tend to simply regard the poor security of the operating system as something to be worked around to gain the benefits of using the same OS as much of the rest of the world -- dubious though those benefits might be, at times.
The second camp includes the people who adopt axiomatic notions about security that support their biases. The extent to which these notions turn out to be meaningful and effective as principles of security is essentially a matter of luck. Sometimes some point or two from the above list might sneak into their own ad-hoc lists of principles, but other ideas about what works for security usually pollute the field as well:
- Better products are what we need to provide better security.
- Doing it right means you don't have to test it.
- I don't have anything on my computer worth a security cracker's time.
- Keeping the design of the system secret keeps it secure.
- More popular software is always less secure.
- More security features and security applications always means more security.
- Only bad people with something to hide care about privacy.
- Only professionals need to think about security.
- Security is incompatible with usability.
- Vulnerability counts are reliable measures of security.
Many people in this second camp regard Microsoft Windows as equivalent, or even superior, to any and all competitors and alternatives. They will often defend it to the bitter end, though their defenses typically devolve quickly into logical fallacies and simple attempts to shut up those who disagree with them. There is probably a connection between accepting fallacious principles of security, whether implicitly or explicitly, and engaging in fallacious argument in defense of a largely indefensible OS.
The MS Windows security picture
The implications of these ideas about what constitutes good security design -- both the good ideas, and the bad -- should mostly be fairly obvious. In many cases, links to articles that help further explain or illustrate each point are provided.
Many of the good points are quite contrary to the design principles of Microsoft Windows, if we can even call them "design principles" with a straight face. Many of the bad notions pertain to Microsoft policy, the implicit reliance of MS Windows security on third-party software, and the reasons people choose MS Windows over more secure alternatives.
I find it likely that this will spark some debate. Most of my readers are likely to be unsurprised to discover that I am unimpressed with the security characteristics and record of Microsoft Windows, the flagship operating system for a company that ignored an important security vulnerability for eight years. Still, even I have been called a Microsoft shill once or twice in TechRepublic discussions, just because I dared to suggest some other software providers might also have less than perfect records and motives.
Lest my thoughts on the matter of MS Windows security -- developed over years of experience and analysis, both personal and professional -- should be less than clear to some readers, I thought it time to lay it out in plain English:
I believe that using MS Windows for almost any purpose is a mistake. It is an incredibly badly designed OS buttressed with layer upon layer of poorly designed features that are, in many cases, intended to place band-aids on gushing neck wounds, with any security functionality only bolted on after the fact as a largely ineffective afterthought. To imply a positive relationship between MS Windows and security is to lie, perhaps primarily to yourself.
Call it bias if you must, but it is bias born of deep familiarity on both a personal level and a professional level with both MS Windows and a fair number of alternatives.