February 07, 2005
Microsoft SuckinessAn article title "Why Does Windows Still Suck?" recently appeared on SFGate, and thence on Slashdot.
The title is a bit misleading; the events happened a year ago (before Windows XP SP2 shipped), and even then the author describes his SO's computer as a "creaky Sony Vaio PC laptop". So she was probably running -- what -- Windows 2000 or something? Well, no surprise there. The same thing happened to me when I put a Windows 2000 machine out on the wilds of the Internet. I had to do a clean install of XP SP2, but now the machine seems fine on the Internet. Buy Viagra now. Well, almost fine. No, really, I have not detected any spyware on the new system.
The article purports to be fair and balanced, but of course it isn't. He uses an analogy with a car (common target of bad computer analogies): "Here is your brand new car, sir. Drive it off the lot. Yay yay new car. Suddenly, new car shuts off. New car barely starts again and then only goes about 6 miles per hour and it belches smoke and every warning light on the dashboard is blinking on and off and the tires are screaming and the heater is blasting your feet and something smells like burned hair. You hobble back to the dealer, who only says, gosh, sorry, we thought you knew -- that's they way they all run. Enjoy!"
Of course it's not like that. As he said, the computer worked fine before she put it on the Internet. It's more like, you get a brand new car. Works great. Then you take it to a war zone and drive down the middle of the street. The tires get punctured, the windshield cracks, the engine explodes. Yes, the car stops working.
Sure, Microsoft continued to sell convertibles when it should have been selling up-armored Humvees, but the fact is it really is a war zone out there. But the article glosses over the real question, which do Macintoshes have thicker steel, or do they (for whatever reason) have virtual red crosses painted on them? The article states: "And I know, finally, the argument that says that if the world was using Macs instead of PCs, the hackers would be attacking the Macs...Which is, of course, mostly bull. I'm no programmer, but I know what I read, and I know my experience: the Mac OS architecture is much more robust, much more solid, much more difficult to hack into. Apple's software is, by default, more sound and reliable, given its more stable core." Since I worked on the Windows core I am pretty confident that it is just as reliable and stable as Mac OS X; the vulnerabilities you see exploited are mostly not in the Windows core, and if they are, they are not due to any fundamental issue with the architecture of Windows, but are just plain bugs.
As the author says, he has no way of knowing this; his end-user experience can't really give him direct insight into the architecture of the OS, only empirical evidence. At its heart, his argument is circular; the Mac has fewer attacks because it is more robust, and the proof of its robustness is that it has fewer attacks. It reminds me of the special shoes I wear, the ones that keep crocodiles away.
Posted by AdamBa at February 7, 2005 10:17 PM
TrackBack URL for this entry:
Ha, I've heard so many people over the years talk about the Windows architecture not being as good as Linux or the Mac. Its almost like when managers start talking about building synergies - a bunch of crap. And how can these people start talking about something they have never seen?
Posted by: Richard Threlkeld at February 8, 2005 06:36 AM
"Since I worked on the Windows core I am pretty confident that it is just as reliable and stable as Mac OS X;"
Have you worked on the Mac OS X core? If not, then you can't really make that statement any more than the "journalist" can.
It's like me saying "I've been a man all my life, but I've seen women before and talked to them so they are pretty much just like men."
Posted by: Scott at February 8, 2005 10:21 AM
As a programmer I think that all systems have vulnerabilities, but Microsoft has been blase about using good security practices, and more important, jumping on problems and fixing them when they occur. I think that only Microsoft apologists believe the "other systems would be as vulnerable if they were as popular" theory. I still fail to detect any sense of Microsoft using heroics to try to stop the shame.
Posted by: John at February 8, 2005 05:46 PM
Scott, I have not worked on Mac OS X, but I know it's based on BSD, and I know something about Unix architecture. Plus unlike the author, I *am* a programmer. There's no magic here; they're both modern operating systems that differentiate user-mode from kernel-mode, have a preemptive scheduler and virtual memory manager, etc. In other words, they are both NOT Windows 9x.
Posted by: Adam Barr at February 8, 2005 09:15 PM
Analogies are more often than not, a gross misrepresentation of reality. Comparing cars to software is mindbogglingly stupid.
Posted by: guywhohatesanalogies at February 9, 2005 12:08 AM
Security is not only matter of kernels and cores. It have to be consern to all the way up to the user. Even one flaw is enough to corrupt the whole system.
Well, if you read slashdot you will know that the ActiveX controls are pointed as the biggest security flaw by design.
Posted by: Ivan at February 9, 2005 05:00 AM
Saying that the windows core is just as robust as the OS X core may or may not be true, but its a specious argument: end users couldn't care less about whose core is more robust. They do care about whether the entire systems is robust. That includes everything from the email program to the web browser to the control panel.
And you can try and rationalize your way out of it as much as you want, but facts are facts: the Mac OS X system as a whole is much more robust than Windows. Even Windows XP SP2.
Posted by: Andrew Shebanow at February 9, 2005 10:12 AM
Well, this is my first comment on the Internet on anything.
I don't know how old you all are, but I'll be 47 in April. My parents met at IBM in the early 1950's. I've been around computers ALL MY LIFE. Perhaps you all have been too. But if you're younger than I am, you probably did not experience first-hand the profound changes that have characterized the "Information Revolution." (See the "Megatrends" series by Naisbett.)
I learned FORTRAN IV as a junior in high school as my first programming language. I worked as an intern at EDS in the late 70's (anyone out there ever write code on a Data General NOVA or ECLIPSE?...); a Software Specialist (programmer) at DEC in the 80's (... a PDP-8 or PDP-11? A VAX? Thick-wire ETHERNET? [what's THAT?]); and as a Staff Engineer (wireless networking) at Motorola in the 90's (can you say "802.11 Architect"?). Now, as a consultant, I sit back and take it all in. At the same time, a developer today has it much easier and much harder than I did.
The fact of the matter is this:
No system is secure anymore. By definition, "distributed computing" is not controlled. No one is responsible. Not since the advent of "personal computing," and of course, the Internet.
In the "old days," access to system-wide resources required Access Privileges. These were controlled by a System Manager, usually someone who WAS NOT PART of the application coding development process. This person would review the programmer's code and make sure the code DID NO HARM to the system.
When IBM released "The PC," that was it. Anyone and everyone could do anything to the system. Us programmers are always (or more appropriately, "were") suspicious of code we didn't write ourselves.
Of course back then, we were an elite group. The farther back you go, the more elite this group gets. Today, almost anyone with even superficial knowledge of a computer (which to my amazement seems to be about 1/5 the population of this planet) can write code. Can you do this? ---- PRINT "Hello World." ---- Presto, you're a computer programmer.
You all have inherited a world your (parents, probably) predecessors have created. [Bill Gates is perhaps the Luckiest Man in the History of the World. He was in the right place at the right time. The Stars were Aligned for him.] You (Microsoft) have a responsibility to respect what we did and the world we created for you. There is a difference between a bug in your program and intentional malicious programming. For the most part, application code is still (I think, I hope) subject to peer review. It is the rouge, "out there in the War Zone," that has ruined perhaps the greatest innovations of the 20th Century.
This has been around as far as I know, forever. Back then, it was a real challenge though to get what we used to call "... job security ..." into application code. Some guys (I'm not being sexist -- I never met a female programmer until 1983!) wrote in "self-destruct" code into their work. If it wasn't disabled, say monthly, it wiped itself out. Even when restored from BACKUP TAPES, it's still there. Only very sharp-eyed System Managers could catch the malicious code during the review process.
Does all this smack of some TOTALITARIAN STATE to you all? ABSOULETLY. Consult your CS 101 textbooks: There are pictures of "Computer Rooms" which had controlled access, long before keycards. There was a reason to CONTROL ACCESS -- if security was compromised, that was a MAJOR ISSUE. The data on a computer system is, and always has been, considered a company's most valuable asset.
Distributed computing changed all that. Perhaps today's environment in which you guys at Redmond work, is in some respects, my fault. I was one of the first guys at DEC to connect a PC/AT to a DECNET network. (Yes, IBM couldn't connect a PC to their own network, SNA -- it didn't support something called TCP/IP.)
The DECNET network was connected to ARPANET through an IP Gateway. And then, there you could be, writing code in BASIC on the PC, accessing any and all system functions, to a whole lot of systems. Hacking was Born.
The Beginning of The End. The Alpha and the Omega.
I remember thinking, "This (uncontrolled network access) is a double-edged sword: I could now distribute processing loads and eliminate 'sneaker-net,' but with the wrong intentions, this could be a real problem." Apologies. However, back then, we were focused on solving business issues, primarily interconnecting disparate systems. [This was a function of the Vendor Wars (IBM vs. The Rest of the World) of the 1970's.] The notion of system security was still prevalent, but it was ASSUMED that someone connected to the Network had already been authenticated. Not true today. So, what can be done? MAC, Windows, UNIX, LINUX, et.al., it doesn't matter. Each does something pretty well. (Perhaps some are "better" than others, but I still suspect it depends on what you want to do. If you want to build a new programming language, UNIX -- if you want to wreak havoc on a large installed base of users, you probably want Windows.) Did you ever hear that "History repeats itself..."? Like it or not, at this point in time, Microsoft is to the computing community what IBM was to them 30 years ago: "Do it our way, or else." But, I digress. This post is all over the place, but to me, all the issues are interrelated. (It would make more sense if my paragraph breaks stayed in place.) Microsoft pursuing a patent on the IsNot operator? Stop the World, I've seen everything. The state of the Computing World is one big mess, and it's getting worse almost by the week. I never envisioned the world like this -- but I had nightmares, and it seems like they are becoming reality. More to come.
Posted by: Jay in Chicago at February 23, 2005 11:18 AM