24/01/2007
Thoughts on the evolution of Operating Systems
Linux is a multiuser operating system “designed to be secure by design”. Each user has it’s own home directory and can only execute applications that the Administrator (root) of the system has allowed him to. That means that users that want to run priviledged applications must either have root’s permission to do so or are asked for a password to escalate their priviledges. So every linux user not only knows the difference of a simple user and the “root of all evil”, but is well aware of where/when to use passwords, what are file permissions and so on and so on. A linux user has (or had, until recently) given up pretty graphics in favor of a more stable, more secure and more “free” operating system.
Windows is a (multiuser?) operating system with emphasis on usability. Since the first windows versions, the users of windows got used to being able to do almost everything without ever being asked for another password than the one at the login screen. Sometimes there wasn’t even such a login screen. A windows user is used to doing administrative tasks with his every day account. Most windows users don’t even know about file permissions and how to use them on their system. That makes life both easier and riskier.
Until broadband came to our lives at the very end of the 20th century, when Windows 98 and ME ruled the IT universe, windows users had very little to fear. While they only exchanged files with their friends on floppies and cdroms, and their computers were not 24/7 online, remote exploits, internet worms and trojans were unknown words to them. A decent antivirus was the only thing required. Windows 98/ME did not even have “services” running on them by default (apart from shared folders). During that time Microsoft only had to worry about making their users’ OS easier and more beautiful. And they were pretty successful in that.
Their server (NT) version though had tons of problems. It was very incompatible with a lot of software and was easily attacked by internet worms. The number of service packs for NT reached a ridiculous number, and still Microsoft couldn’t handle all the problems. Their enhanced server edition, Windows 2000 was a lot better than NT, but the security weaknesses remained. What made Windows NT and Windows 2000 so insecure was that they were supposed to be 24/7 online. The bad guys attacked WinNT and Win2K because they could then use them for their own purposes. A hacked win98 box behind a dialup was useless compared to an always online windows server. While more and more windows 2000 servers were getting online and worms hammered them, more and more people started bitching Microsoft about it. Microsoft tried to fix problems those problems with numerous service packs, but that wasn’t enough.
Then came Windows XP, the first Microsoft OS for users that had various services enabled by default. At the same time more and more people started having broadband at their homes. Now the bad guys had something new and more powerful to fiddle, and it wasn’t long until the first remotely exploitable problems appeared. The bad guys created worms and trojans that attacked WinXP, the OS of millions users. Users’ machines are millions more than server machines, and they were all probable targets/victims for those worms. If a remotely exploitable vulnerability was somehow found for Win98, the impact would be a lot smaller because the number of online PCs was a lot smaller back then . Every remotely exploitable hole found for XP drove users crazy. XP was not designed to be secure, it was to designed to be a _lot_ more beautiful than 98/ME. It was designed with multimedia, games, office work, etc in mind. People started asking for more than an antivirus for their PCs and a new word came to every windows user life, “Firewall”. Then came service pack 1, then service pack 2…and problems still existed and will exist even if a service pack 3 is launched sometime in the future. One of the basic problems with Microsoft XP is that it doesn’t help users understand how and when to use the Administrator account. Most users create a user with Administrator privileges during XP’s installation process and then run their machines with that admin account. This is _plain_ wrong. Every windows XP user feels that he can do everything he wants with his PC without ever being asked for a single password. So when something infects their PC and runs with their user’s privileges, it actually runs as the administrator of the machine. This leads to total destruction.
Vista is said to have a different approach to security though. It has supposedly been built from scratch with security in mind. Users are now ‘just users’ and their default account does not have administrative privileges. So every time they want to do an administrative task dozens of warnings appear before them. That supposedly ensures that nothing can run with administrative privilege unless the user explicitly wants it to be that way. Someone I know who used Vista told me that Vista makes you think that it’s for more advanced users than XP was. All these notifications that pop up asking you for permission to do this and that, makes you feel a bit uncomfortable. New users of computers, that first stumble upon Vista will feel much more uncomfortable with that OS than they would feel if their first OS was XP. And that’s bad for a “Windows OS”, every version until Vista was easier to use than the previous one, apart from Vista…which is harder.
Microsoft with Vista acts as parent who has spoiled their children for a veeeery long time, giving them free chocolates and candies even though they knew that by doing this they hurt their children’s health, and are now trying to put them on a diet. And this just can’t be done. Windows have spoiled users for more than 10-15 years and it’s too late to start telling people, “Hey mind your security!”. “Your account is now on a diet, no more candies for you”.
When Vista starts spreading among users (maybe in 1 year from now?), users themselves will eventually understand more and more about security concepts. They will start to understand why it is so important that the administrative account is something completely different than theirs and why they should only “touch” it occasionally. Vista might be a lot more beautiful as an OS but it will be a lot more difficult for users to “manage”. Nag screens will be all over the place. Passwords might be frequently asked to change something fundamental for the system.
Where does this lead ? Users will get more and more acquainted with the whole administrator’s rights idea and Linux will not look so much like an alien OS to them. The transition from Windows to Linux for users will get easier and easier as linux becomes (slowly and painfully) more good looking and windows becomes (slowly and painfully) more secure.
Every OS has a different beginning and a different approach on evolution, but they tend to meet at some place in the future. They have just taken different roads to reach their goal. Windows prefers user-friendliness over security and stability and linux prefers it the other way around.
Filed by kargig at 03:28 under General,Internet,Linux,Privacy
1 Comment | 6,311 views