Reality: A Place Bill Gates doesn't Visit
How else can you explain this:
I mean, it’s fascinating, maybe we shouldn’t have showed so publicly the stuff we were doing, because we knew how long the new security base was going to take us to get done. Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine. So, yes, it took us longer, and they had what we were doing, user interface-wise.
Hmm. So let me get this straight: Apple copied all the Vista features, because MS was being careful about security? And OS X gets hacked every day? Sheesh, I'm not about to claim that OS X is perfect (it's not), but exploits against it are extremely rare. Against Windows? Too numerous to count, and I'll be astonished if Vista improves on that track record more than incrementally.
Here's the thing: The OS X kernel is Unix based, and Unix is simply a better frame on which to build than the one MS is using. If MS wanted to really change the game, they would have to do what Apple did: explicitly break from the past, and build a new Windows. They aren't willing to do that, and it leads to two things:
- Slow (and slower over time) release cycles, as the agglomeration of cruft gets worse
- The steady leak of security issues that are inherent in trying to secure a basically insecure starting point
Maybe it is time for Gates to leave - he's clearly living in a different reality from the rest of us.
Technorati Tags: security
Comments
I disagree
[Ayende Rahien] February 3, 2007 13:50:01.000
The problem is not with the kernel.
The problem is with the default the OS shipped with.
I think that you'll see that Vista has a much better track record security-wise simply because by default you are not an administrator.
It is easy to say that MS should dump all their old use base and start from scratch, but that leaves a LOT of people out in the cold, and that is not something that is in Microsoft best interests.
Vista is bad no matter what spin you put on it
[Andres] February 3, 2007 14:12:59.000
So it turns out that, in about 8 days, some guy that was irritated with the DRM in Vista found a way to completely circumvent it by, essentially, turning off the requirement to have signed drivers. In particular, the guy explained that even if Microsoft patched Vista, it wouldn't matter because by that time his unsigned driver was in kernel space so he could unpatch it as needed. And if Microsoft used technology to monitor the patch, his unsigned driver in kernel space could simply turn off the patch monitoring too.
Now if you have arbitrary code in kernel space, well... what is it that you cannot do?
That is an unsecure OS not by default, but by design.
And to make it even worse, it makes it much more attractive to turn off the signed driver requirement because then you can use your expensive equipment to watch your own movies without running into issues with DRM. So in addition to being insecure, there is actually an incentive for you to make it insecure so its security does not get paranoid on you.
In short, Gates is just throwing FUD around. Get a Mac or use some free variety of Unix.
[Rick] February 3, 2007 18:44:38.000
Andes, just get a Vic-20 or a Atari 800
he's clearly living in a different reality from the rest of us.
[brett] February 3, 2007 18:49:36.000
Bill Gates can afford to live in what ever reality he chooses !
I think you have a bit of old fashioned thinking
[Gunnar] February 3, 2007 21:12:50.000
mac's security is about where microsoft's as on NT, it will take them years to catch up (if they ever do)
non executable heap and non executable stack? vista = yup. mac = nope.
heap randomization and stack randomization? vista = yup. mac = nope.
on and on it goes
http://www.matasano.com/log/611/gunar-petersons-os-security-features-chart/
"The first fact to face is that UNIX was not developed with security, in any realistic sense, in mind; this fact alone guarantees a vast number of holes. " Dennis Ritchie
Hmm
[ James Robertson] February 5, 2007 7:37:08.000
Gunnar,
That explains the near zero level of attacks that hit Macs compared to those that hit Windows how, exactly?
Like, say, this
Apples and Oranges
[Gunnar] February 5, 2007 9:43:34.856
James - people say that you cannot compare apples and oranges, yet they are both handheld, round, and edible fruit that grows on trees. Windows is far from invulnerable. However, Vista has made major security advancements over its competitors in the widely adopted operating systems world. It will still get dinged with security vulnerabilities because it is by far the biggest and best target for many attackers. However, the US Marines have a far higher casualty rate than the Norwegian Army. Are the US Marines less well trained, not as well equipped than their Norwegian counterparts? Hardly, they operate in far riskier environments. I am fine teeing off on Microsoft when they deserve it, and historically they have not done a great job with security, but I also think that if they put serious effort into creating a more advanced security system that the industry should learn from it.