|Home » Security
Microsoft: The Truth and the Consequences
As bad as it gets.
The EFF have declared Microsoft Windows and Microsoft products unfit for use. They're not the first but their declaration may prove to be the most dramatic.
MicroSoft originally specialised in compilers and language interpreters. Their first major product was MBASIC for the MITS Altair. After a stint in Albuquerque upstairs from a brothel they moved to Seattle.
MicroSoft's big break came with the licensing of MS-DOS to IBM where it was renamed PC-DOS (and revised somewhat). IBM let MicroSoft continue to license the system on their own. Once the IBM PC clones started to appear MicroSoft started making money. This was Gates' 'big break': the generosity shown him by IBM.
It was at the autumn Comdex convention in Las Vegas in 1983 Bill Gates got caught with his knickers down. Dan Brocklin's VisiCorp had developed a GUI for the IBM PC called VisiOn. Bill was taken aback with shock, attempted to heckle the people at the VisiCorp exhibit, declared loudly VisiCorp were behaving unethically, lied to the media in claiming his own corporation had a similar system under development, then closed his own exhibit 'in protest against VisiCorp' (ahem) and returned immediately to Seattle.
Where he called an emergency meeting to discuss the situation. Microsoft had for some time had access to Apple Macintosh technology, tasked as they were with providing the spreadsheet program Multiplan for the platform, but they had nothing of their own to compare with VisiCorp.
Steve Ballmer, late of Proctor & Gamble, was called in to head the new 'GUI' project. A name was found - 'Windows' - and for the next two years Microsoft worked frenetically to produce a product Bill Gates had told the media was already in 1983 all but complete.
Windows 1 was released in December 1985. It wasn't much to look at or work with. In fact it couldn't be used much at all. It provided a 'semi-graphical' interface with a shell program called the 'MS-DOS Executive'. There were a few 'applets' available: a minimal text editor, a calculator, and a print settings panel. But none of the windows could move on screen because they hadn't yet mastered the arcane art of 'bit blitting'.
Bit 'blitting' ('bit block transfer') is the 'art' of masking bits in video memory to effect the move of an object against a static background. This was something Alan Kay's Smalltalk team at PARC had more or less perfected - and something Apple had also achieved - but for the moment Microsoft would have to play 'catch up'.
The early window attribute WS_OVERLAPPED reveals the truth. When Microsoft first found a way to achieve bit blitting they introduced a new window attribute for the window manager USER.EXE to use. If the WS_OVERLAPPED bit was set then USER.EXE would allow the window to move about on screen. It if was not set - then no, the window couldn't be moved.
As time went by and Microsoft updated their Windows system, WS_OVERLAPPED was finally redefined as 'zero', meaning it no longer had any meaning whatsoever. But in the beginning it was vital - that's why it existed.
PCs back then - no matter the interface they ran - were unconnected. People used diskettes to transfer data between computers. Some PCs used gateways to IBM mainframes; this was seen as a move by IBM to outflank Digital Equipment Corporation who with their 'minicomputers' had encroached on IBM territory - something the IBM directors never forgave.
Whatever: aside from the IBM mainframe gateway - whereby IBM PCs would function as 3270 terminals - PCs remained unconnected.
The 'operating system' on PCs wasn't much of an operating system. Which is one reason it was instead called a 'disk operating system'. An operating system is actually a much more complex thing. MS-DOS operated the disks. It set up a basic architecture for storage in 'secondary memory', had the command interpreter COMMAND.COM, and so forth. It was a disk operating system - and not an operating system per se. Or what today is sometimes called a 'server operating system'.
Down the coast Apple had come out with their Macintosh to replace their Apple computers. The latter also had a 'disk operating system' rather than a true operating system. For computers this trivial no more was necessary. As Apple advanced to the Macintosh things immediately became more complex. Yet neither Apple's original Macintosh nor Microsoft's Windows were in any sense real operating systems.
Much of the professional computer world stayed with Microsoft and IBM through these years. Windows itself was jointly owned by Microsoft and IBM, as was IBM's OS/2. Professional organisations, long used to working with IBM, opted to stay with IBM.
NetWare & Windows 3.1
Novell's NetWare - especially version 3.10 - became a standard in corporate networking in the early 1990s. These networks were still not connected to any outside network for the most part - NetWare simply provided a platform agnostic way to store data coming from client machines, whether they be IBM PCs, Macintoshes, or anything else.
When Windows 3.1 hit the market in 1992 it caused a sensation - a real 'dent' in the universe. The world went hysteric over it and Microsoft and Bill Gates had to work hard to keep up with demand. They hired an extra 7,000 temps to help package the product, hired a number of jumbo jets to fly the packages out, hired a fleet of lorries to pick up the shipments at the airports, and Bill Gates himself flew to the orient to try to find more diskettes - they were namely running out.
In one fell swoop Bill Gates turned his corporation from a mediocre 'also ran' into a major player and turned himself into a billionaire.
The way through the door is with the operating system, Bill had learned the hard way. And once you get the system through the door you begin leveraging the actual cash cow software - in other words MS Office and similar products. If you control the operating system you control the market. Bill Gates hadn't always understood this; but once he got it he never let it go.
Microsoft started by attacking WordPerfect, the word processing standard of the day. WordPerfect was everywhere - on pre-Windows PCs, on minicomputers, everywhere. After several months of hard marketing and tactics where WordPerfect cried foul, Microsoft established MS Office and MS Word as players. WordPerfect was on its way out. It would take a while longer for it to hit the road through acquisitions by Borland and Corel but the writing was already on the wall.
WordPerfect cried foul because they'd been promised specs on the new system that never turned up. They winged the code on their own with expected results - and of course were blamed for the mishaps.
In the meantime, down the coast, Apple were finally making headway with their Macintosh. Apple and Adobe had virtually invented the desktop publishing market and Mac sales were finally taking off. But Apple sold a hermetically sealed unit for the graphics people and Microsoft sold an 'operating system' that would run on anyone's PC clone.
Susan Kare made the original Mac icons. She more or less defined how icons would look and function. When Jobs left Apple Kare followed him to Redwood City and NeXT. There she found out about Keith Ohlfs whom she hired in to make the icons for NeXT. She then contracted with Bill Gates to produce the 4-bit coloured icons for Microsoft Windows.
And all the while this is going on Tim Berners-Lee at CERN in Switzerland is working on a subset of SGML he calls 'HTML', an Internet protocol he calls 'HTTP' or 'hypertext transfer protocol', and an application he's decided to call 'WorldWideWeb'. It was built on a NeXT computer and Sir Tim claimed in his book the job couldn't have been done with any other machine.
It took several years for Tim's 'web' to catch on but by the beginning of the 1990s - while Microsoft were still running their Windows 3.1 - things started to happen with that web. Mosaic became Netscape Communications Corporation and for $29 you could get a good browser. By 1995 with the release of Windows 95 the web was a fait accompli and the Internet revolution was underway.
And it's here we begin to see difficulties. The PC - with or without Windows - has been a 'standalone' system all these years. Thanks to David Cutler formerly of Digital Equipment Corporation the system is in 1992 far more sophisticated than it was ten years earlier; but because Microsoft insist on forcing Cutler's design into legacy markets and architectures the system can never achieve satisfactory operability.
An operating system must do much more than spin the hard drives. It has to provide for mandatory secure login. It has to enforce privilege granularity - ordinary user are not allowed do anything they please and the system will be true multiuser - something the 'standalone' PC and the Mac traditionally were incapable of.
An operating system must be able to protect itself and the hardware resources. No user can be able to access the computer hardware directly. Security demands at least a 32-bit system so one has ample addressing capabilities as well as the ability to protect process memory from interlopers. Resources must have an owner and the system must make sure no proprietary data from one process is accessible by any other process. And so forth.
Microsoft have spent millions over the years getting security certificates for their so-called operating systems but the fine print each and every time explains the certificates only apply to 'standalone' systems with no external drives and where the possibility of 'interlopers' is by definition ignored.
That an operating system must be capable to protect itself is a very crucial thing. Too many stories have already been seen in the media about Microsoft systems crippling automobiles, warships, airports, operating theatres, and so forth.
Real operating system aren't allowed to do this. Built from the beginning to function as real operating systems, they have the code they need to see when things are going south and to avert disaster. All systems go down from time to time - mainframes can go down perhaps once per year, Linux and Unix systems can from time to time need to be restarted - but none come close to what Microsoft do with their systems.
Microsoft systems weren't written to be 'real operating systems' from the beginning. And no amount of patchwork helps once the insecure product is out the door. It's empirical but so far proven by too much experience: you can't secure a system initially not built with security in mind. Just look at what Microsoft are doing and you'll understand.
The greatest harm Microsoft and the media are doing right now is not bursting the 'Windows centric' bubble they have most ordinary home users living in. These poor people think computing has always been the way Microsoft products behave when it's as far from the truth as can be. They see and hear of the dangers out there online and they think it applies to everyone. It doesn't. It only applies to Microsoft Windows and Microsoft products.
You Are Naked
Bill Gates, Microsoft Windows, and Microsoft users all got caught in the door. The door swung open in the 1980s and early 1990s with MS-DOS and Windows 3.1. And by that time Bill Gates had a virtual monopoly and everybody was running Windows. And then the door slammed shut again with the advent of the Internet. The whole world was already on Windows - and then the name of the game changed overnight.
Back in 1995 you used a Mac if you worked in graphics shop. If you worked in a bank or financial institution - or as a programmer for them - you used a PC. There were other systems around as well but the PC was dominant. As long as you weren't working directly with graphics odds were you were on a PC (or programming for them).
NetWare meant office computers were connected; but these were still largely private networks. The advent of the Internet changed all that. Suddenly everybody was naked.
Accessing a web page is not exactly the same thing as turning on the television. To get a web page in a browser window you have to contact the remote site and send them a 'return address' so the other party knows where to send the data. Web pages aren't unidirectional like television transmissions. Television signals go out and antennas can pick them up anywhere. With web pages it's all recorded - your IP goes into the logs for everything you do. The very fact you can be found online means you are naked - and vulnerable.
Addressing this vulnerability is much the same as addressing any potential attack on a real operating system: resources are properly locked down, there are barriers all over the place once you're inside, the file systems and the OS kernel work hand in hand to keep law and order, the system protects itself and protects users from other users and from unwanted interlopers, and so forth.
But standalone systems can't do that. There are no users defined on these 'systems'. There's just a computer and perhaps someone who turns the power on. These systems never took 'multiuser' into account. And to this day most Windows users really believe 'my computer' is not a lie.
The very fact you can have multiple processes running simultaneously makes it painfully obvious a system of today must be multiuser. Processes must run with different privileges and priorities. They must have different access to computer hardware. Someone must be able to administer the system at the same time not just anyone should be able to do it. Computers - even personal computers connected today to the Internet with but one user - are shared resources. That's what so many Windows users don't understand and that's where Windows crashes and burns time and again.
Windows today - David Cutler's VMS Windows - has 'multiuser' but it's not being done in a way used by 'real' operating systems. No matter the access tokens and whatnot Cutler's brought in, the Windows 'system' is still eminently corruptible.
Windows doesn't have a 'root' user account. It has a 'SYSTEM' account with comparable privileges but it's not a user login account. On the other hand the account group 'Administrators' can at any time 'usurp' system resources owned by 'SYSTEM'. And inasmuch as most Windows software runs on an Administrators account then any rogue program at all has access to the entire machine.
So many patches from Microsoft end up not being remedies to eliminate security holes as desperate attempts to move the holes and hide them from the interlopers. It's futile and it's foolish and it's irresponsible and the interlopers always find out where Microsoft have run off to anyway. Recent scandals with Windows Se7en (and earlier with the abortive V*STA) show how desperate the situation is.
The Truth and the Consequences
Microsoft cannot prevent interlopers from corrupting the system and the computer hardware resources. Microsoft can tell you after the fact you need to restore your system because it's been compromised but they can't stop it from happening in the first place. No other operating system does this. It's not a real operating system if you can't protect resources including the system code itself and Windows can't do that. Not today, not tomorrow, not ever.
Ordinary program files can't be protected. Rootkits are installed with the greatest of ease - and without relying on social engineering to escalate privileges. Malware abounds - over 100,000 strains in the wild. And so forth. This is the price to pay for putting a standalone single user system on the Internet without a thought to the safety of one's paying customers.
Why won't Microsoft improve things? Because they can't. Because they have so many millions of third party software titles they depend on. These titles would break under a new system. Operating system vendors need a thriving third party software market to survive - but it works the other way around too: if the third party software sector grows too big it can prevent the operating system vendor from making changes that need to be made.
Microsoft could ship Windows sandboxed in Linux; but then every Windows user would have access to Linux and third party software would just ignore Windows in the future. Microsoft would lose their stranglehold on the personal computing market.
In a world of pervasive networking even an operating system designed for single user use needs multiuser capability because without that any network transaction that can trick a user into running malicious code that will subvert the entire system. Without strong multitasking the ability of an operating system to handle network traffic and run user programs at the same time will be impaired.
As the designers of BeOS noticed, the requirements of pervasive networking cannot be met without implementing something very close to general purpose timesharing. Single user client operating systems cannot thrive in an Internetted world.
Windows gets away with having severe deficiencies in these areas only by virtue of having developed a monopoly position before networking became really important and by having a user population that has been conditioned to accept a shocking frequency of crashes and security breaches as normal.
This is not a stable situation.
- Eric Raymond