Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: A simple, rhetorical, question

__/ [ John Bailo ] on Monday 15 May 2006 03:04 \__

> Roy Culley wrote:
>> I surf the web as most PC users do. I never worry about what sites I
>> visit. Yet security advisory after security advisory for Windows flaws
>> state disable activeX or only visit trusted sites! What the fuck is a
>> trusted site?
> Windows security for Internet is designed around "zones" -- so there is
> Local Zone, Intranet Zone, Internet Zone.   Basically you can assign levels
> of trust (low, medium, high) to specific sites.

This  does not justify the concept. A trusted site should have nothing  to
do  with  security. Paternal control is a whole different animal.  Content
which was properly peer-reviewed (e.g. Wikipedia) is another.

>> Take email attachments. I receive them like anyone else. Do they cause
>> me harm? No. Even if I choose to save the attachment it isn't going to
>> run unless I explicitly allow it.
> But say it's a .vbs (VB script) and you are tricked into clicking on it?
> Or if it is an ActiveX object, which is essentially a Windows application
> that you download from a web site -- it can have all sorts of access, since
> it/you are running at admin level.

This  is  not  a proper excuse. Roy Culley makes a valid and  good  point.
Windows has made the Internet dangerous, at least in the conceptual-level.
Not  only has surfing become dangerous to its user (take Netcraft  toolbar
as  proof), but the whole community suffers. A net citizenship wherein one
citizen  is allows to have spam spewed passively (affecting _everyone_) is
worrisome, to say the least.

>> My question is: why does Windows make using your computer on the
>> Internet so dangerous?
> Because the GUI runs at Ring 0.   You the user, have ultimate privilege,
> and programs can run "as you" and basically run commands as if you were
> sitting there and typing them in.

This remains inexcusable. The main point is not being being addressed.

>> The answer is: Windows is insecure by design. Bandaid solutions are
>> the best they can oofer for many exploits.
> Windows was never designed for the Internet.  It was designed for corporate
> networks and WANs that were insulated with their own firewalls and other
> levels of security.   There was no design consideration for an independent
> node, directly connecting to the Internet.    The MS design model is one of
> cells within cells of trust and relationships.   That is the NT security
> model, where an admin of one domain brokers trust between other domains and
> individuals (one Microsoft document went so far as to describe it as the
> sort of relationships that drug dealers have with their higher ups and each
> other!  Cutting the product down to the final end user!)

That  being  the case, Windows should not be distributed for use over  the
Internet.  Firewalls  don't  cut the deal. If a new O/S  gets  built  from
scratch  to  accommodate  for a multi-use, secure model, that  will  be  a
different  scenario.  At present, neither XP not Vista are ready  for  the
Net.  They call it "people-ready" in TV ads, but it is by no means  secure
or "Net-ready".

Best wishes,


Roy S. Schestowitz      |    Reversi for free: http://othellomaster.com
http://Schestowitz.com  |  SuSE GNU/Linux   ¦     PGP-Key: 0x74572E8E
  7:00am  up 17 days 13:57,  12 users,  load average: 0.44, 0.62, 0.68
      http://iuron.com - help build a non-profit search engine

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index