Thread: computer clocks
View Single Post
  #141   Report Post  
Stefek Zaba
 
Posts: n/a
Default
Mary Fisher wrote:

Mary it is obvious that you don't understand the differences between linux
and windows.

That's true. Nobody's explained it.

Ah - a challenge! Let's see if I can do it in under 30 lines. No, this
line doesn't count. Nor does this one.

The roots of Windows are in providing a graphical user interface layer
on top of a small, single-user machine. That single user is/was assumed
to have full authority to do anything at all on the machine - access all
memory, all disks/files, perform arbitrary input-output operations on
all devices. This absence of "privilege separation" was total for all
versions of Windows before NT: so, the ol' Windows 3.1 on top of DOS,
Win95, Win98, WinME. Importantly, the business model that MS pursued on
top of this technology was to offer terms to PC builders which made it
financially lunatic for them to offer any other opearting system (OS)
alongside Windows, to attract as many third-party developers of hardware
and software products to their OS, and to keep the interface specs for
Windows technologies changing just fast enough to make it possible to
keep up but not to also track other OSes. During this critical
market-acqusition phase, stuff which made it harder to develop for
Windows or harder to use was *right* *out* - and that included security.

The Unix world - where Linux lives - started from a very different
place. Its roots are as an OS to let a number of "unprivileged" users
share an expensive, well-administered mainframe, while still allowing
those individual users to do their own software development. By default,
there's little an "ordinary" user running an "ordinary" program under
Unix/Linux can do to najjer the whole system or other users on the same
machine. Throughout the initial growth period of the PC (1980s/early90s)
Unix-on-PC scarcely existed; and the software packages which ran on Unix
were specialised "big-iron" things - "serious" databases, and some
specialised scientific/engineering stuff. It kept a place in university
Computer Science departments because of relatively open licensing
conditions for those users.

By the early 90s, MS had ambitions for a "grown-up" OS. They devloped
the core - the "kernel" - of NT around then. (At least they ripped off a
good design - they bought in Dave Cutler and others from DEC, who were
shown in a subsequent legal action and settlement to have incorporated
chunks of design and actual code from their earlier employer in NT.) NT
- on which Win2000, WinXP, and future MS OSes are based - does have
"privilege separation". However, it isn't necessarily *used* widely. For
concrete examples: in their older 3.51 release of NT, MS left the
graphical user interface stuff "outside" the kernel, running at a less
privileged level. But this slowed things down too much - made a PC
running NT 3.51 fell really sluggish next to a W95 box. So, they yanked
all of that code into the kernel - improving performance, but making it
a lot easier for poorly-written or malicious software to do Bad Things
to the whole system. Similarly, XP "Home Edition" means all the software
you run (both "deliberately" and that's run on your behalf) does so as
"Administrator", with effectively unlimited rights. Only in the last
couple of years have MS started to act to make security be of the same
order of importance as ease-of-use.

This business of "privilege separation" is the technical heart of why
viruses, worms, and the whole clan of malicious software has a
significantly easier time spreading under Windows than under Linux or
the other Unix-derived OSes (OpenBSD, NetBSD, FreeBSD, and Mac OSX):
under the Unix model, the user environment in which some piece of
unwanted code gets to run is restricted; under the Windows model, it's
significantly less restriced.

What's massively frustrating about this to computer professionals is
that it's all blindingly obvious and inevitable, and was being warned
about throughout the last 15 years and more. And much as it's been
economic pressures which have led MS to rationally prioritise features
over security, many believe it's only a change in the imposed economic
climate - making software producers liable for the foreseeable damage
their design decisions cause - which will change the industry's behaviour.

Damn, over the 30 line mark. Ah well. Hope it helps someone... Stefek
Reply With QuoteReply With Quote