On 13 June 2013 11:25, Byte Soup <bytes...@gmail.com> wrote: > I think we can agree that partially the success of windows has made it a > target for criminals and malware. So if for whatever reason tomorrow we saw > a massive uptake then where would that leave us? Would it really be a good > thing?
I think this is possibly /the/ single greatest red herring and straw man put up by Windows advocates and I'm really sorry to see it repeated on a Linux list. No, Windows' insecurity is not a product of its popularity. Windows' insecurity is a product of its poor, compromised design. To highlight 2 areas: #1 Until Vista, all standalone systems' primary user accounts had full admin privileges by default. #2 The Windows web rendering engine relies upon loading and executing binaries from untrusted remote sources with full local privileges. #1 means that you run as root all the time. This is /insane./ It's why I won't use Puppy Linux: it does the same, because its creator came from Win98 and is too ignorant to see that there is a problem. #2 is ActiveX. MS wanted to kill Netscape, but all the cool plugins were for Netscape: Flash, Java etc. So, it did 2 things: #2a: it invented its own plugin format: ActiveX. This was OLE for the Web. OLE means running binaries inside web pages. "Embrace & extend": stated company policy. #2b: it gave IE away for free. This is anticompetitive behaviour & is thus illegal under US & EU law. So, MS bundled it deep into Windows, making it the rendering engine for the Explorer file manager, for the desktop itself, for the help system, for the bundled email client, etc. So all HTML, JPGs, GIFs, and all other Internet format files on Windows were rendered in IE's rendering engine. That means Windows Picture Viewer, Write/Wordpad, /everything./ So any exploit that targets IE targets /all of Windows/. You can't even look at a file without triggering the exploit. And by default, that ran with local privileges, which means with full root privileges. This is /insanely/ stupid, but marketing and legal insisted, so it happened, because MS is run by the marketing dept. It's kinda sorta patched up now but the damage is done. /This/ kind of thing is why Windows is insecure. It is easy to defeat the "it's because it's popular" argument using simple deductive logic: * Apple's OS X is hugely popular. * OS X is a Unix. * It is the most popular desktop/portable Unix ever; it has sold more copies than all the others put together. * It is commercial and the hardware it runs on is expensive. * Also, one of its primary customer bases is technophobes. * OS X has not been compromised. There are no OS X viruses in the wild. (Yes, there are Trojans, but that's different - they don't spread unaided.) * Apple owners are richer than PC owners because Apple kit is more expensive than PCs. * Yet there are no exploits targeting this valuable market. * Why? Because OS X is secure by design. Windows is not. The only OS X malware has to trick the user into entering an admin password, because the design is good. *Any* OS is insecure if the user consents to manually installing stuff. You cannot protect against a willing accomplice sitting at the machine. This logically demonstrates that it is not Windows' popularity that makes it unsafe; it is its design. -- Liam Proven • Profile: http://lproven.livejournal.com/profile Email: lpro...@cix.co.uk • GMail/G+/Twitter/Flickr/Facebook: lproven MSN: lpro...@hotmail.com • Skype/AIM/Yahoo/LinkedIn: liamproven Tel: +44 20-8685-0498 • Cell: +44 7939-087884 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
