unix	home : computing : winsecure

I wrote this as a response to a Microsoft Employee's "14 point security plan" for keeping your home computer safe. He tried to compare your computer with a security deposit box at a bank. Google it and read it yourself, it's quite humorous.

Your blog is frequented by geeks. Is it any wonder that most responses are of the "good post dude, every user ought to do that?" Unfortunately, that's patently absurd expectation.

In case you didn't notice, there's been a little trend that started, oh, about 8 years ago. It's often known as a product life cycle and computers are mainstream these days. That means that geeks (traditional early adopters) are no longer the majority of the computer users. We're so far into the product life cycle that we're well into minority status.

When you take that simple fact into account, your bank analogy really falls apart. In order to access a lock box at the bank, one need only to walk into the bank and present the key. A friendly employee will open the vault door and either allow you to enter or retrieve the box. The valuable contents can be dealt with as the key holder wishes. In computer terms, that a "user friendly interface".

In order to maintain the security of my valuables, I do not need to:

buy additional 3rd party security enhancements.
hire sentries to stand outside the vault.
replace the locks with my own.
return every 90 days to have the lock rekeyed.
build my own security enclosure around the bank
hire sentries to stand outside the bank doors.
fill all the holes in my lockbox with J.B. Weld
read banking trade rags to make sure my banks security is constantly up to date
buy a second lock box in another bank in case my bank vault crashes.
insist that "strangers" not be allowed in the bank

Having a (very necessary I might add) 14 point security plan in place just to surf the web, check email, print a few photos from the digital camera, and buy a few iTunes songs for the iPod seems a bit silly for a device that's supposed to make the digital lifestyle easy. These are the forces that are driving the personal computer sales today and most people don't care to spend a half day of each week keeping their computer secure. One needs only to witness the rampant spread of virii, worms and malware to hear the peoples voice.

Many of us could foresee a day when Microsoft's lack of attention to security would DoS the internet, again, and again, and again. We were screaming about it to Microsoft 8 years ago when Grandma was buying a computer so she could email Junior at college. We tried everything to find a replacement for Windows. We went to God-forsaken lands like Mac OS (classic), Linux, BeOS, OS/2, and anywhere that might provide a safe haven from "which one is the "cntrl-alt-del" key?" questions our family members would ask.

Life as a geek was quite limited because even if you were a alternate OS developer, you would be forced to use Windows as well. Having two or three computers at our desk was the norm. The problem was simply that there wasn't anywhere else to go, until Mac OS X.

OS/2 had potential, BeOS had potential, Linux has potential, but until OS X, nobody had gotten the desktop OS right. It arrived as a very pretty GUI on top of a robust UNIX foundation. Finally, a desktop OS that would undergo months of daily use between reboots. There was protected memory so Word crashing didn't require rebooting the system. The virtual memory is first rate, and something Microsoft really should have copied by now.

When my father-in-law needed a new computer, we convinced him to buy an iMac. Now when he clicks a button, something predicable happens every single time. He doesn't have spyware or virii to worry about. He has never changed his password. His wireless network will allow the neighbors unrestricted access. He doesn't know or care if a particular web site is "high risk" or not. He doesn't spend money on 3rd party security products. His firewall is built into the OS. He doesn't need to visit web sites to keep his computer up to date (that happens once or twice a year when I visit).

That's "user friendly". He wakes the computer up to import some new photos into iPhoto and then does a quick slideshow for his guests. He's mastered his computer, and he glows as his guests ooh and ahh over his photographic prowess. He launches a web browser and reads my blog to see how his favorite daughter and I are doing. He logs onto eâ ¢Trade to see how his nest egg is doing. He checks his email and then goes back to living the rest of his life. That's how the majority of todays personal computer users "use" their systems.

If Microsoft wants to stave off this threat, it's pretty darned simple. Do the same thing Apple did. Pitch Win32 into the recycle bin and develop a modern OS. Go find the best of breed Open Source UNIX operating system and use it as a foundation for your new OS. Write a Win32 emulation layer for legacy software. Embrace open standards going forward. Make your software interoperable. Include a BSD/Linux binary emulator with a full complement of developer tools. Make it easy for developers to "./configure; make install" their software for your platform.

This time around, make it secure from the moment you turn it on. Write every line of code with security as a consideration. Users should never be able to log in as Administrator. Since you can't get users to remember (and thus use) secure passwords, require a biometric or hardware based (flash drive) security credential in order to authenticate an administrator. Include three with every OS license.

Last modified on 4/25/05.