Even as a well known "windows hater", this is hyperbole. It's not insecure by design really. In fact in principle it's a lot better than anything Unix side due to the ACL and security model. It did however exist before anyone gave a crap about security, was implemented in a vastly insecure language and runtime and grew to a huge size and surface area and that is hard to fix retrospectively.
I'll give Linux a stab here: half the stuff I can run can write to my ~/.profile if it wants to. Anything which can read ~ is a problem because there's where all my important shit is...
Sure it is. Features like Recall, which the article mentions, are insecure by design.
> the ACL and security model
I'm not sure how this is any more secure than "Unix side". But in any case the security holes in Windows are not problems with its filesystem (at least not now that FAT is no longer used).
> Anything which can read ~ is a problem
Which in a properly configured Unix system is your user and root, and that's it. So don't run things you don't trust as your user or root. Which should be obvious common sense to anyone who uses a computer.
> Sure it is. Features like Recall, which the article mentions, are insecure by design.
I'm going to be honest: I'm not bothered about Recall security. It'd be on a single user machine which contains my data anyway. There are many more tasty morsels out there if a keylogger gets on it. Like the contents of my Keepass DB or my online banking PIN, neither of which Recall would be party to but anything that runs as my user shouldn't be able to see. Plus I'd probably turn it off anyway. I mean I do appreciate people kicking them in the balls which is due.
I'm not sure how this is any more secure than "Unix side". But in any case the security holes in Windows are not problems with its filesystem (at least not now that FAT is no longer used).
As for ACLs, check NT kernel architecture, particularly object security descriptors. Particularly Windows 2000 onwards. Quite elegantly put together, but with layers of crap over them.
>Which in a properly configured Unix system is your user and root, and that's it. So don't run things you don't trust as your user or root. Which should be obvious common sense to anyone who uses a computer.
So I'll have to create another user account to run a web browser, my mail client, a software package manager or a compiler?
Do you think that Microsoft won't use that data in their telemetry somehow? Probably not as raw data, but as a locally AI-distilled version of it? Linked to your microsoft account, which is almost impossible to not link nowadays if you're not an expert?
Don't you agree that the data was in the initial version accessible by all local users on the same machine? Would you consider that a security leak?
Anything which could be exploited will be exploited, the only question is how long it takes.
> So I'll have to create another user account to run a web browser, my mail client, a software package manager
Not if you trust those things. And if you don't trust them, you shouldn't be using them.
> or a compiler?
On my personal machine, yes, I have a separate user account for development, such as compiling programs. Creating new user accounts on a Unix machine is pretty simple.
I don't think this is a good solution, both because the so-called "sandboxing" isn't all it's cracked up to be, and because you now have to depend on each individual app vendor to push you security updates, instead of just your Linux distro.
The really paranoid would probably be using BSD with jails, which AFAICT is one area in which the BSDs are ahead of Linux.
> it's a lot better than anything Unix side due to the ACL and security model.
Better is subjective. It's maybe more capable. It's also easier to create confusing DACL structures that do not do what you think they do or leave surprising gaps in coverage.
> and grew to a huge size and surface area and that is hard to fix retrospectively.
We added network cards to everything at the same time networks finished moving from being isolated to being permanently globally interconnected. Machines that had a multi user capability (that didn't cost thousands) fared this transition better than those that did not.
> Anything which can read ~ is a problem because there's where all my important shit is...
It wouldn't matter if it's ~ or not. The software runs as you and so can access anything anywhere you have rights to. Which is why chroot, namespaces and pledge all exist, and windows really does not have equally secure equivalents to these technologies. To the extent it does, commercially available software does not seem to take any advantage of it.
Then again, running an agent that actively screen shots your desktop periodically and then saves those unencrypted to any part of the hard drive is a bad idea regardless of the imputed confidence you have in the security of the operating system itself.
> Better is subjective. It's maybe more capable. It's also easier to create confusing DACL structures that do not do what you think they do or leave surprising gaps in coverage.
There is nothing confusing about it at all. The problem tends to be poor understanding and poor default configuration in all these things. I mean the same can be said for the average linux user, who ambles on in and 777's everything.
We added network cards to everything at the same time networks finished moving from being isolated to being permanently globally interconnected. Machines that had a multi user capability (that didn't cost thousands) fared this transition better than those that did not.
I've run windows terminal services for about 20 years on and off. They did fine. Hell half our clients are still running citrix and terminal services.
It wouldn't matter if it's ~ or not. The software runs as you and so can access anything anywhere you have rights to. Which is why chroot, namespaces and pledge all exist, and windows really does not have equally secure equivalents to these technologies. To the extent it does, commercially available software does not seem to take any advantage of it.
Windows has full virtualization at service and process level if you want to have it. Device guard/credential guard and app-v for example. I agree with your last point that commercial software doesn't take any advantage of it, but neither does firefox which will quite happily shit on your ~/.profile...
Hey I rather like the idea of taking screenshots and dredging them for info. It'll immediately stop MSPs writing all their clients' passwords in a .txt file on their desktop (I've seen this several times)...
It comes up as an item in our internal corporate audits all the time. The fact that parent and child can have independent access is a surprising one in most mental models and a problem that just doesn't exist in the simpler unix model.
The ability to create permissions for things that don't even exist yet is another surprising thing that catches administrators up. It does not help that the windows GUI tooling is exceptionally inferior compared to the command line tooling.
This is on production servers in sensitive environments. That linux home users chmod 777 is one thing, but I don't see the same types of problems in professional linux environments; granted, you don't see as many comparable linux environments at all. Likewise, explorer makes it easy to just "give permissions to Everyone" and I've seen that just as much in home installations. In any case, these are probably not great comparisons.
Fortunately tools to fix this issue on Linux exist, like Bubblewrap and Dbus-Proxy, but they require custom configuration per software, so almost no distro uses them directly, but we do have Flatpak that basically uses both of these tools under the hood, unfortunately, it also has its own "limitations", like the amount of packages and some weird behavior in some packages.
I'm trying to solve this issue by using both of these tools with NixOS [1], where I can choose how much security I want for each package, like limiting the files that they can access and/or the entire dbus (practically simulating Flatpak). I mostly use it on proprietary software, like Games, as they have a history with RCEs...
In the end, security is a tradeoff with convenience.
i have spent quite some time prowling windows system files,and letme tell you,
the windows system is set up to allow processes to pass data, and tags, and alternate execution streams out of band. Read the code for the winAPI and you will see it.
this above, and the corporate behaviour, is why im a not windows guy
The gulf between what the average person knows and what they would need to know in today's world to live an autonomous self-directed life with full agency, free from covert coercion by large corporate entities, is truly staggering. Every now and then I contemplate writing a book or a series of blog posts with all the things that I wish someone would tell me if I were a young person today, but then I read articles like this which remind me of the magnitude of the task and it takes all the self-control I can muster just to avoid curling up in a fetal position and sinking into the pit of despair, let alone actually start writing.
If the average person was living an "autonomous, self-directed life", I don't think Windows security holes would rate compared with stockpiling enough food to last through winter.
Of course, we are on what, 30 years of trying and failing to certify protection against attackers with moderate attack potential [1][2].
Page 53: “The evaluator will conduct penetration testing, based on the identified potential vulnerabilities, to determine that the OS is resistant to attacks performed by an attacker possessing Basic attack potential.”
Maybe at some point we will start believing what they achieve in their certifications rather than what their marketing spews.
What's clickbait about it? It's the title of the article as written by the author. How would one even go about automatically flagging "clickbait" titles? Obviously the term means different things to different people.
Well, Windows UAC was the last user facing push for security. It remains to be seen what Satya thinks, especially of the recent security failures on the backend (the windows client vulnerabilities is a constant and has always been).
The recent "insecurity" pushes are more of getting microsoft to "catch up" to google/facebook in terms of making their users a product they can sell. I'm sure they feel left out as chromebooks have eatin' into their market and supply such nice metrics for advertisers.
Chuckles.
Intel and AMD provide ME/AMT/SPS and PSP respectively on their whole x86-64 CPU range, which are embedded SOC : a CPU (based on quark for intel) and basic OS (said to be from Minix 3 for intel as well), nested within the CPU in the way they cannot be disabled as they are serialized to logical CPU init, "microcode style". Add obfuscated code modules, cannot be completely removed whatever everyone could do up to now. It can access to the network stack and has an "always on" behavior once the system is simply plugged to the power.
If you're security concerned, the OS stack is quite a... secondary issue to you.
You will have to consider switching to an open RISC architecture (Risc-V someone ? Strangely enough or not, EU seems quite fan of this on-the-rise-again architecture) AND a linux distribution.
For sure, for sensitive applications, having a cheap, secure and versatile architecture would be better than making DSPs or issuing hardly scalable and pricy FPGA solutions (well, lots of communication equipements' mainboards still uses them)
Qube OS is nice, but when people are paid to get things done security is not forgotten but cut by a thousand paper cuts. It might all seem to be based on a secure design somewhere but even in small teams of 50 people you will always find people who have made short cuts.
One obvious thing for the government to do would be to stop buying Microsoft products due to national security concerns. The NSA, AFAIK, already runs Linux.
I remember a few years back AT&T execs/investors talking about HBO when they bought it, that they didn't care what product HBO made, their goal was to capture more of a person's life interacting with media they owned. Like at the highest levels, leadership viewed their lane to extract profits was the entirely of a person's available free time, against hiking or cooking or transit and entertainment just happened to be the vehicle to do it.
When it comes to Microsoft and others, their active business strategy always seems to be overlapping sectors of power and software just happens to be the vehicle to do it. Recall is just the latest tentacle of the strategy.
If a capitalist company with a specific product focus, within a specific market is a healthy cell, I see this type of company as a cancer and think we should treat it just the same. Starve it or destroy it, and if we can't destroy the company then we can imprison investors for this kind of monopolistic behavior.
Knowing hacker news likes myopia and not discussing such concepts as power, my ask to you is how many years do we tolerate this same overreaching behavior from the same places? I'm at 25 now for Microsoft specifically.
What's really annoying me today is the security holes Microsoft is adding – by design – into Windows.
I mean of course Microsoft Recall. This delightful AI addition to the next generation of Windows PCs would have taken regular snapshots of everything you do on your computer.
Security and privacy are not the same thing. I get the frustration about Microsoft's security practices, but equating those two is a mistake.
100% nonsense. Windows itself is as secure as Mac or Linux, and the other points (OneDrive, Recall) are security tradeoffs that make way for features (sort of like how you don't keep your computer in an air-gapped fallout shelter in a file cabinet with a note that says "beware of the leopard". You traded security for convenience, congratulations!)
I'll give Linux a stab here: half the stuff I can run can write to my ~/.profile if it wants to. Anything which can read ~ is a problem because there's where all my important shit is...