Comment Re:Psychology plays a role (Score 1) 1091
I can't say that replacing a Microsoft monoploy with a Linux monopoly looks like any advance to me. Linux development is still way behind Windows in terms of features, in particular security features. Security does not only come from lack of bugs, it is also a matter of support for security features and tight integration of those security features.
I've been a Unix admin for over 15 years and a Windows "admin" occasionally since Windows 3.1. This statement smacks of someone reading the NT kernel books without actually using these OS's in real life.
I agree that the services the NT kernel provides (such as Kerberos-like tickets and authentication token passing) are great in theory (although I could have a whole other discussion over whether the Access Control List idea is way more trouble than it's worth vs. the Unix approach), in the end the "Windows Operating Environment", as I like to call it, doesn't make use of this functionality. The applications that everyone uses on top of this rather sophisticated kernel ignore this functionality and turn the machine back into a "personal computer", giving you full access to wreak havok on the machine. Tight integration? Give me a break.
I remained unconvinced that the Windows way is better than the Unix way. The Unix security model is simple and effective. The multi-user history of Unix means it has a good handle on the problems that Windows is trying to retrofit.
I think we all agree that kernel bugs are rare (for either OS), and the entry point to any machine on the Internet are the services it makes available to the network. These are the concerns. I don't expect Unix or Windows to be better or worse at bug-free code for their services. Software sucks universally. However, I believe the Unix model lends itself to better isolation of problems with network services and preventing spread of things like viruses/worms. As I said however, it's certainly possible. I don't think anyone is denying Unix has been lucky because we're less interesting. (And sendmail? Come on - it was one of the first applications to be exploited - we all learned from that. Except maybe MS!)
And Windows code reviews? New security religion? I'm not holding my breath.
I've been a Unix admin for over 15 years and a Windows "admin" occasionally since Windows 3.1. This statement smacks of someone reading the NT kernel books without actually using these OS's in real life.
I agree that the services the NT kernel provides (such as Kerberos-like tickets and authentication token passing) are great in theory (although I could have a whole other discussion over whether the Access Control List idea is way more trouble than it's worth vs. the Unix approach), in the end the "Windows Operating Environment", as I like to call it, doesn't make use of this functionality. The applications that everyone uses on top of this rather sophisticated kernel ignore this functionality and turn the machine back into a "personal computer", giving you full access to wreak havok on the machine. Tight integration? Give me a break.
I remained unconvinced that the Windows way is better than the Unix way. The Unix security model is simple and effective. The multi-user history of Unix means it has a good handle on the problems that Windows is trying to retrofit.
I think we all agree that kernel bugs are rare (for either OS), and the entry point to any machine on the Internet are the services it makes available to the network. These are the concerns. I don't expect Unix or Windows to be better or worse at bug-free code for their services. Software sucks universally. However, I believe the Unix model lends itself to better isolation of problems with network services and preventing spread of things like viruses/worms. As I said however, it's certainly possible. I don't think anyone is denying Unix has been lucky because we're less interesting. (And sendmail? Come on - it was one of the first applications to be exploited - we all learned from that. Except maybe MS!)
And Windows code reviews? New security religion? I'm not holding my breath.
