About | Buy Stuff | News | Products | Rants | Search | Security
Home » Resources » Rants

What's Wrong With SP2

Week of February 14, 2005

Don't ask - if the stone still isn't wet, keep spitting on it.
 - Modern Scandinavian Proverb

'Advanced Security Technologies' - who's kidding who? Microsoft have the worst track record on security in the industry - in fact they're the only company with a consistently bad reputation in the area. How is it they fail, time and again, at what the others never have issues with?

Marketing: Bill Gates is not an inventor; neither is Steve Ballmer; neither are any of the pirates working in Redmond. The god of marketing lays down the law in a very different way.

Bill and Steve know it's not important - or even desirable - to invent things. The losers try to invent things; the winners like Bill and Steve let the suckers take the chances; if it turns out the inventors were right, you 'scramble': introduce a vaporware product of your own, 'fud' the competition, and use your monopoly power to destroy everyone and everything.

Microsoft didn't invent MS-DOS; in fact they resisted attempts to change it, to fortify it, to make it into something viable. They didn't invent the GUI either, and initially just 'slapped' on some 'semi-graphic' hodgepodge on top of MS-DOS.

Neither did they invent XP or its forerunners - they stole it, and that's a legal matter that's gone to history. Bill and Steve lured Dave Cutler of Digital Equipment Corporation into 'borrowing' a DEC operating system and make it their own - for which they settled out of court with DEC. And despite the skills of Cutler, XP and 2K and NT turned out worse than DEC's VMS because it had to be force-fitted onto existing Microsoft 'technologies'.

Cutler was good, but Cutler came from an unconnected era. When VMS first shipped and was bought up by the US DOD, security holes were all over the place, and when NASA began building 'DECNET' networks with it, the Australian hackers moved right in - and almost delayed a space shuttle takeoff as a result.

Today we're connected and 'hodgepodge' doesn't do it anymore (if it ever did). You can't slap together an operating system, and you can't succeed at hyping the market forever - the system will fall apart at the seams and your customers will sooner or later wake up and smell the bugs.

Security Model

SP2 - and all Microsoft systems before and after - lack a security model. Actually they don't have much in the way of models at all - but the important one in our day and age is the 'security' one.

Ease of use and security are always at opposite ends of the spectrum. Users need security; they also need to be able to do things with their operating environment.

The Radsoft XPT - its very existence and success - is proof substantial that SP2 has no security model: most of what the XPT does should not be possible on any OS worth its reputation. In fact any number of programs from other companies fall in the same category: they're doing things that self-protecting, self-respecting systems would not permit - not without secure authentication and privilege escalation.

On SP2 everything is possible because nothing by default is disallowed.

Look at the plethora of viruses, trojans, spyware programs, keystroke loggers, zombie generals - look at it and ask yourself: should these things be possible on a secure system?

Look at all the add-on software being sold on the SP2 market: firewalls, anti-spyware utilities, anti-virus utilities - look at it and ask yourself: should you have to pay extra for this protection - shouldn't your computer have given you this from the beginning - with no additional hassle or cost?

Consumer Awareness

You don't have to be a rocket scientist to get onto the Internet, but you have to know enough to be able to avoid the bad products and home in on the good ones. You have to also understand that Microsoft have done an incredible deal in the computer market, destroying competition hand over fist so their third-rate products could be in the lead - and make them richer and richer, all the while you end up pulling out your hair and cursing your computer hardware up the walls.

It's not your fault - but if you know better, it's your issue if you just let it go. Computer stores are inundated with Microsoft products - Bill and Steve have got that part down all right - but they're not the only ones available - and you will be the one to suffer if you don't look twice at what's offered and make a better choice for you and yours.

There will always be Microsoft freaks who want to defend their home team, who find some extraordinary way around the fact that Microsoft have over 100,000 viruses in the wild and the competition have none. They'll always think it's 'cool' to tinker with SP2 and 'OK' to suffer through another day.

And hackers will always love SP2 (but run Unix on their own) because it's such an easy target.

But as Confucius (reputedly) once said:

'The way out is through the door.'

Or as the Scandinavians might say:

'There's the wagon - just get your ass in it.'

At the end of the day it's all about you - you and no one else. You get out now and you might find some peace and some reason to still be connected. If you don't, your tomorrows will always be the same as today.

Don't think twice about SP2. The question was never what was wrong with it anyway; the question has always been if there's anything right about it.

And the answer will always be: 'no'.

Protect yourself - enjoy surfing.

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.