|Home » Industry Watch
Not A Problem
Herr Torvalds might have to sue.
Jürgen Schmidt at heise Security says he's found two exploits in Windows XP SP2; Microsoft say they're not a problem as they require 'manual intervention'.
Ah, the Vole... Some things never change.
- The Love Bug of May 2000 caused an estimated $5 billion in damage world-wide. It required manual intervention.
- AnnaK which followed the same Xmas caused several billion dollars in damages. It required manual intervention.
And so forth.
Security experts have repeatedly pulled out their hair over this one: users sometimes jump through hoops to open stupid email attachments that they already suspect contain malware and they can't figure out why.
It would seem we're back at square one with the education of the world - and of Microsoft software architects and engineers: it makes no difference how malware gets on the system; if it is allowed to wreak havoc once it is there, something is wrong.
Anyone can at any time download bad software. Poorly written software even - it doesn't have to have bad intentions. Just junky stuff that doesn't do what it's supposed to do or does it poorly or has potentially damaging side-effects.
It's basic computer science - Operating Systems 101 - to be aware of this danger and to be properly prepared for it. A good operating system will never let any software run rampant on a system.
Now try telling that to the Chief Software Architect at Microsoft.
Windows is so unutterably shitty that as soon as any program gets to disk, it can basically clean up and wipe out - everything.
The Love Bug was effective not because it hacked its way through security hoops but because it just used what was available - total computer control through an asinine scripting language no one had ever used.
AnnaK was the same - they're all the same.
The trick, you morons in Redmond, is not clairvoyance - not trying to figure out in advance whether a particular program is going to be nasty - but in having on-disk security - 'security within the perimeter'.
Windows has never had this security and never will. As Bill Joy, principal author of BSD and cofounder of Sun Microsystems said:
'They took systems designed for isolated desktop systems and put them on the net without thinking about evildoers.'
Microsoft will never have 'security within the perimeter' - they lack the talent and certainly the direction, and the abortive SP2 changes absolutely nothing. The absolute best thing they can do is release 'Microsoft Linux' (it's there, hidden away in a room in Redmond, be so sure of it) but then of course we'd have another problem, perhaps even bigger than the present one.
Microsoft are known for begging, borrowing, and above all stealing 'OPC' - 'other people's code'. But it's worse: they don't only steal it; they 'enhance' it - by their own definitions this is 'enhance', by anyone else's it's 'bastardise', 'moronise', 'destroy'. In three syllables, Microsoft are notorious in the industry for their unfailing ability to completely ruin good code.
Count on them already having done it with their copy of Linux as well.
- They completely ruined Berkeley Sockets on Windows. Berkeley Sockets are good, they're the mainstay of our Internet; Microsoft's 'rewrite' of the code left every Windows box leaking memory all over the place for all time.
- OpenGL on Windows first shipped with device drivers written by Microsoft - drivers that turned out to be SO POOR that Silicon Graphics, the creators of OpenGL, had to step in, learn Windows device driver programming, and write the drivers themselves - all without recompense. Microsoft's typically shitty job was jeopardising the Silicon Graphics name.
If it's good, count on Microsoft ruining it. If it can be bungled, count on Microsoft bungling it. They're good at that, those Microsofties.
And Microsoft can't buy their way out of this one: no one with any brains and branch integrity wants to work for them.
And don't forget: Windows XP SP2 is not really rolling out to home users yet. The nightmare begins today, 25 August 2004.
Wait until everybody can get their hands on it. Do you really think Microsoft, the shittiest company in the world, have suddenly been capable of doing an about-face? When so many of their previous 'service packs' have only led to further exploits and more bugs and broken networks world-wide?
Have you forgot exactly why 'Blaster' made it through? Because 600,000 Windows machines were totally ruined by the previous Microsoft update and no one wanted to play with Microsoft anymore?
This company have come out suddenly with a product that works?
Laugh all you want at their forays with Windows; fear and tremble the day they finally switch horses and claim they invented Linux.
Herr Torvalds might have to sue.