Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: A simple, rhetorical, question

__/ [ Mark Kent ] on Monday 15 May 2006 08:30 \__

> begin  oe_protect.scr
> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> espoused:
>> __/ [ John Bailo ] on Monday 15 May 2006 03:04 \__
>>> Roy Culley wrote:
>>>> I surf the web as most PC users do. I never worry about what sites I
>>>> visit. Yet security advisory after security advisory for Windows flaws
>>>> state disable activeX or only visit trusted sites! What the fuck is a
>>>> trusted site?
>>> Windows security for Internet is designed around "zones" -- so there is
>>> Local Zone, Intranet Zone, Internet Zone.   Basically you can assign
>>> levels of trust (low, medium, high) to specific sites.
>> This  does not justify the concept. A trusted site should have nothing  to
>> do  with  security. Paternal control is a whole different animal.  Content
>> which was properly peer-reviewed (e.g. Wikipedia) is another.
>>>> Take email attachments. I receive them like anyone else. Do they cause
>>>> me harm? No. Even if I choose to save the attachment it isn't going to
>>>> run unless I explicitly allow it.
>>> But say it's a .vbs (VB script) and you are tricked into clicking on it?
>>> Or if it is an ActiveX object, which is essentially a Windows application
>>> that you download from a web site -- it can have all sorts of access,
>>> since it/you are running at admin level.
>> This  is  not  a proper excuse. Roy Culley makes a valid and  good  point.
>> Windows has made the Internet dangerous, at least in the conceptual-level.
>> Not  only has surfing become dangerous to its user (take Netcraft  toolbar
>> as  proof), but the whole community suffers. A net citizenship wherein one
>> citizen  is allows to have spam spewed passively (affecting _everyone_) is
>> worrisome, to say the least.
>>>> My question is: why does Windows make using your computer on the
>>>> Internet so dangerous?
>>> Because the GUI runs at Ring 0.   You the user, have ultimate privilege,
>>> and programs can run "as you" and basically run commands as if you were
>>> sitting there and typing them in.
>> This remains inexcusable. The main point is not being being addressed.
> Except it does address it in a way, in that Microsoft used a completely
> inexcusable design, knowing that it was insecure.  They deliberately
> designed it to work this way.  Sort of 'virus-ready'.
>>>> The answer is: Windows is insecure by design. Bandaid solutions are
>>>> the best they can oofer for many exploits.
>>> Windows was never designed for the Internet.  It was designed for
>>> corporate networks and WANs that were insulated with their own firewalls
>>> and other
>>> levels of security.   There was no design consideration for an
>>> independent
>>> node, directly connecting to the Internet.    The MS design model is one
>>> of
>>> cells within cells of trust and relationships.   That is the NT security
>>> model, where an admin of one domain brokers trust between other domains
>>> and individuals (one Microsoft document went so far as to describe it as
>>> the sort of relationships that drug dealers have with their higher ups
>>> and each
>>> other!  Cutting the product down to the final end user!)
>> That  being  the case, Windows should not be distributed for use over  the
>> Internet.  Firewalls  don't  cut the deal. If a new O/S  gets  built  from
>> scratch  to  accommodate  for a multi-use, secure model, that  will  be  a
>> different  scenario.  At present, neither XP not Vista are ready  for  the
>> Net.  They call it "people-ready" in TV ads, but it is by no means  secure
>> or "Net-ready".
> I have major issues with Microsoft's own drug-dealer model, though.
> Aside from anything else, drug-dealing is notoriously violent and highly
> insecure...

Windows:  the  drug deal of O/Sen: giving you a free dose/sample and  then
you  are  hooked  (chackled/locked in) for life. Before you know  it,  you
start with cocaine (Professional Edition) and, later on, heroine (Ultimate
Edition).  But  it's never not your fault. You couldn't help it because  a
necessary-yet-basic feature was 'locked'.

Best wishes,


Roy S. Schestowitz      | Vista: Windows XP with bling-bling, nothing else
http://Schestowitz.com  |  Open Prospects   ¦     PGP-Key: 0x74572E8E
  9:40am  up 17 days 16:37,  8 users,  load average: 0.30, 0.58, 0.59
      http://iuron.com - knowledge engine, not a search engine

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index