Sun, Dec 26 2004 15:42
Hey, Directions on Microsoft? Aren't you going after the party not causing the problem?
I'm reading Directions on Microsoft's Top 10 issues that Microsoft has for challenges in 2005 and I'm pulling one paragraph out that in particular [I think] needs clarification. In the Directions on Microsoft article they state:
“Security has always been near the top of our Top 10 list, but despite laudable efforts by Microsoft, such as a drop-everything-else code review, security is still a problem. In fact, the bad guys seem to be winning. Before anyone gets on the Internet the first time these days they need a PC already protected by the latest service packs and security patches, an antivirus program, an antispyware program, and training on how to avoid phishing exploits. Although Microsoft arguably bears little direct responsibility for these problems, the company has the most to lose if these security issues persist. Furthermore, Microsoft is in the best position of any vendor to address the problems. Some useful next moves? Make it possible to run Windows all day without requiring administrative privileges and work with other players on standards that will make it easier to authenticate the senders of e-mail.
"Security problems raise the cost of managing Windows clients, and make the perennial thin-client alternative more viable. This year, Microsoft has to deliver the improvements it promised for patching corporate PCs, and not let development of future product versions interfere with keeping current ones secure."
—Michael Cherry, Lead Analyst for Windows”
Mr. Cherry? Office applications and Internet explorer run FINE as a user and do not need administrative privileges. It 's my stupid APPLICATIONS that are coded stupidly that need these rights. And even in SuSe [a Linux distribution] there are times to adjust the monitor, to apply patches, to install software that you need to Sudo [the equivalent of Administrator rights - or the Windows equivalent of RunAs]. I just recently loaded up SuSe and looked in absolute horror at this screen:
See that box that says “Keep password“? You and I both know that your home user/end user is going to click that box and say “sure“ save my password because it's a pain to type in that really long strong password I gave the machine when I built it. What's the insecurity [or insanity] of saving the administrator password so the next worm du jour that blasts through a SuSe box will have admin rights? We cannot dumb down these desktops like this and keep these boxes secure! The bad guys are winning and the sooner we all figure out that we should be fighting “them“ and not flighting the “who has the better Operating system“, the better off we will be.
Look at these applications in my office that REFUSE to run in user mode. So I ask you? Who's at fault? Microsoft applications DO run in user mode. It's my third party stuff that doesn't. I say that it's not Microsoft that needs to make 'Windows' run as user, but rather that we get tools to help us identify how stupidly these applications are coded and then go and beat up THOSE vendors to make them either set the right permissions as they load on “just that registry key” or code better in the long run. I don't need them to make Windows run as a “user” ...it does... I need Microsoft to give me tools to help me identify my vendors that are the dumb ones.
Ask for the right solution to the real problem, I say.
Filed under: Rants