In today’s Washington Post, tech writer Rob Pegararo takes a look at why Microsoft Windows has such poor security – and why Mac OS and Linux don’t.
Simply put, it’s because of the poor design for end users, which makes it too difficult or annoying to close security holes.
In its default setup, Windows XP on the Internet amounts to a car parked in a bad part of town, with the doors unlocked, the key in the ignition and a Post-It note on the dashboard saying, “Please don’t steal this.”
… Windows XP Home Edition, however, ships with five ports open, behind which run “services” that serve no purpose except on a computer network.
“Messenger Service,” for instance, is designed to listen for alerts sent out by a network’s owner, but on a home computer all it does is receive ads broadcast by spammers. The “Remote Procedure Call” feature exploited by Blaster is, to quote a Microsoft advisory, “not intended to be used in hostile environments such as the Internet.”
Jeff Jones, Microsoft’s senior director for “trustworthy computing,” said the company was heeding user requests when XP was designed: “What customers were demanding was network compatibility, application compatibility.”
But they weren’t asking for easily cracked PCs either. Now, Jones said, Microsoft believes it’s better to leave ports shut until users open the ones they need. But any change to this dangerous default configuration will only come in some future update.
In comparison, Mac OS X ships with zero ports open to the Internet.
… Windows XP includes basic firewall software (it doesn’t monitor outgoing connections), but it’s inactive unless you use its “wizard” software to set up a broadband connection. Turning it on is a five-step task in Microsoft’s directions (http://www.microsoft.com/protect) that must be repeated for every Internet connection on a PC.
Mac OS X’s firewall isn’t enabled by default either, but it’s much simpler to enable. Red Hat Linux is better yet: Its firewall is on from the start.
… hundreds of thousands, if not millions, of Windows systems still got Blasted, even though the patch to stop this worm was released weeks ago.
… The chance of a patch wrecking Windows is dwarfed by the odds that an unpatched PC will get hit. And for those saying they don’t trust Microsoft to fix their systems, I have one question: If you don’t trust this company, why did you give it your money?
Microsoft, however, must share blame, too. Windows XP’s pop-up invitations to use Windows Update must compete for attention with all of XP’s other, less important nags — get a Passport account, take a tour of XP, hide unused desktop icons, blah, blah, blah.
… Windows XP, by default, provides unrestricted, “administrator” access to a computer. This sounds like a good thing but is not, because any program, worms and viruses included, also has unrestricted access.
Yet administrator mode is the only realistic choice: XP Home’s “limited account,” the only other option, doesn’t even let you adjust a PC’s clock.
Mac OS X and Linux get this right: Users get broad rights, but critical system tasks require entering a password. If, for instance, a virus wants to install a “backdoor” for further intrusions, you’ll have to authorize it. This fail-safe isn’t immune to user gullibility and still allows the total loss or theft of your data, but it beats Windows’ anything-goes approach.
I often rail against Windows and the Microsoft monopoly here. It’s another one of those issues that I just can’t wrap my mind around – why in the world do people choose Windows when the alternatives are so much better? Heck, even my step father – a computer novice if ever there was one – has suddenly realized how much he misses his Mac now that it’s been missing for 3 weeks. He calls me up asking when he’ll get it back, because he’s so sick of using the PC instead.
