MS Titanic

Week of June 26, 2004

Most passengers did not seem to notice that the lifeboat drill that morning had been canceled. In 1912 there were no mandatory rules for lifeboat rehearsals or crew musters. The British Board of Trade's regulations were outdated, failing to keep pace with the ever increasing size of passenger liners. Lifeboat capacities were based on a liner's gross tonnage; as it stood the number of boats carried by Titanic exceeded the Board of Trade's requirements.

Microsoft is unsinkable. They're the 'gorilla' of the stock market. Investors love Microsoft because they dominate. Undaunted by the DOJ ruling against them and the cost in billions of the out of court and in court settlements that have ensued, Microsoft continue to dominate.

'Captain Smith, Titanic. Have had moderate variable winds and clear fine weather since leaving. Greek steamer Athinai reports passing icebergs and large quantities of field ice today in latitude 41.51 N. longitude 49.11 W. Wish you and Titanic all success. Commander.'

The threat against Microsoft is not from the competition. Since 1990 they have had total control of the personal computer market. No, the threat comes from elsewhere.

'Amerika passed two large icebergs in 41 degrees 27' N., 50 degrees 8' W., on the 14th April.'

The new millennium ushered in the first of the major worm outbreaks. The world had already seen the Melissa macro virus, but no one paid it any heed. The Love Bug changed everything. Shops that had left Unix behind for the far more economical ODBC gateway to Unix databases were hit hard, as were ordinary users. All but the graphics companies were running PCs with Windows. Linux was coming, but had a fraction of the 1% market share it has today.

Approaching the iceberg danger zone, Titanic remained on course, her powerful quadruple-expansion engines and single low pressure turbine drove the liner smoothly through the water at a moderate 22.5 knots. The temperature was falling fast and by 8.55 PM it was only one degree above freezing.

Chaos was total. Reports streamed in of far more dangerous vulnerabilities and new exploits waiting around the corner. Computer scientists scratched their heads in puzzlement over Microsoft's scripting which was used by no one before the 'bug' hit - a scripting that took a naive approach to security to say the least.

They noted the lack of wind and the unruffled sea. Up in the crow's nest lookouts Frederick Fleet and Reginald Lee had been told to keep a 'sharp eye peeled' for small ice and growlers.

Security experts were not late in putting the entire blame at Microsoft's door. By year's end more worms like the Love Bug had hit, and with comparable devastation.

The night was crystal clear; there was no moon and the sky was filled with stars. The sea looked as smooth as plate glass, paradoxically, a disadvantage for the lookouts. Without waves breaking around an iceberg's base leaving a wake, it would be hard to spot without reflective moonlight, especially if a berg was showing its dark side.

And so it's gone ever since, the accumulated humiliation to Windows users approaching the unbearable. Slashdot recently hosted a discussion on how, if at all, one could update a modern Windows machine without getting infected as soon as one connected the Internet cable. Some people claimed it could still be done, but they're missing the point.

Microsoft are always promising more security. Bill Gates has already apologised to the world for his poor software (but granted no refunds). Little changes. For all the clamour in Redmond, the exploits continue and get worse. Malware can today creep past even the best anti-virus utilities, and security experts in the Windows cottage industry are talking seriously of tightening Internet networks to protect the highly vulnerable core that is Windows.

Windows home users have a flexibility their corporate counterparts cannot enjoy. Any home user can at any time dump Windows out the window and install a Linux distribution or dump the entire Wintel box out the window and plunge for an Apple. They don't need approval from a purchasing department. Apple boxes are better on return on investment and Linux distributions have long been cheaper than Microsoft Windows itself.

But people cling to Windows. They do not want to believe theirs is a sinking ship. Yes, things are getting worse - nigh on untenable - but there are utilities to download, parasite detectors and anti-adware programs and anti-virus software and personal firewalls and so forth ad nauseam. All the while the sophistication of the attackers escalates, all the while the probability a Windows user can be online at all without getting infected approaches zero.

And still they won't give up. Microsoft dominates in the PC marketplace, and their Windows is the established leader. Windows users pay through the nose and with their pride to keep using the product, yet few have the wherewithal to wake up and jump ship.

There was another famous case of an unsinkable product that people just didn't want to give up on. A thousand lives were lost partly because people just didn't want to believe anything could possibly be wrong, anything could sink their ship.

Most ruthless corporate emperors survive. Few perish or fall victim to their own bad karma. History tells us that Bill Gates will survive, but the de Medicis and the Rockefellers didn't have to deal with malware. They didn't see their own products withering away from within. Standard Oil's oil didn't become polluted and unusable and the de Medici's money didn't fade. They fought and conquered other foes.

The collapse of Microsoft won't come because AOL or Linux or Apple or Sun figure out how to get to them. Microsoft will collapse only if their platform becomes unusable - only if it becomes obvious to every grandmother around the world that Windows is hopeless.

Windows is hopeless - computer scientists know that. It has intrinsic weaknesses that cannot be remedied. As Charlie Demerjian said, Windows cannot be fixed because it's not about bugs - it's about bad design.

What's so terrible about Windows design? Let's go back to the beginning.

Windows started as an application run under MS-DOS. MS-DOS was the variant on PC-DOS that Microsoft were able to licence and sell on their own, apart from IBM. As the PC clone market grew, Microsoft sold more, whilst IBM only sold PC-DOS on their own machines, which had become a minor player in the burgeoning personal computer market.

The IBM PC was grossly under-dimensioned in comparison with its Apple counterpart. Apple had been running a graphical user interface for years, thanks to the powerful Motorola processors, when Lotus, IBM, and Microsoft - the so-called 'LIM' consortium - came up with the first of two memory enhancement standards intended to narrow the gap. This first standard, EMS, was clumsy and inefficient, capable only of shuttling 32 KB of memory in and out from the main RAM board at a time. Things were still slow. Then 'LIM' met again and came out with XMS, and that changed things radically.

Most personal computers were IBM PCs or PC clones - they still are to this day. In 1989 most PC clones actually followed a 'Compaq' rather than an IBM standard, even if Compaq's 'standard' was an insistence to stick with IBM's earlier 'AT' design and not progress to the proprietary PS/2. Once Windows got moving no one could stop it, and IBM's own OS/2, lacklustre in comparison, never had a chance.

Apple GUIs were only run on Apple hardware; if you didn't own an Apple Macintosh, you couldn't run the Apple operating system. But most people did not - they had PC clones and stuck with them.

So in 1990 everything changed. The PC closed the gap to the more powerful Macintosh; the PC already had the market; Microsoft could finally get their abortive Windows off the ground; Tim Berners-Lee sat in Switzerland and slowly invented the World Wide Web; Linus Torvalds was about to start studying at the University of Helsinki; it was a closed world, and Windows, running atop what many cynics called 'a hardware interface rather than an operating system', was all right.

Novell NetWare came along and it was still a closed world. One user per PC was the big thing. Windows 3.x didn't admit of multiple users. There was no security. It ran atop MS-DOS and MS-DOS had no security whatsoever. It wasn't intended to. The question of security simply doesn't come up when talking about home computers.

Having assured himself that all was well, Captain Smith retired for the night, with the instruction 'If in the slightest degree doubtful, let me know.' Lightoller continued to peer into the darkness. Out beyond the ship's bow lay an inky, black expanse of water.

Microsoft's Open Database Connectivity became very popular, as this provided a cheap bridge to very expensive Unix databases. Before ODBC, shops had to buy very expensive Unix boxes to interface; now they could go with the relatively inexpensive PC clones and Windows.

'Ice report. In latitude 42 north to 41.25 north, longitude 49 west to longitude 50.3 west. Saw much heavy pack ice and great number large icebergs, also field ice. Weather good, clear.'

In fact, when Windows NT first came out, market analysts were totally perplexed: Microsoft kept claiming they were selling well, but the analysts couldn't see where the sales were coming from. They'd all expected NT to put a dent in the sales of 'ordinary' Windows. It wasn't until they checked their figures for the Unix niche that they finally understood.

By 11:30 PM most passengers had gone to bed, but a few night owls were gathered around a card table in the first class smoking room. In the main dining saloon, stewards preparing for Monday morning breakfast, carefully arranged gleaming silverplate and fine china edged in 22k gold on immaculate damask linen. The clock on the first class grand staircase decorated with a carved panel of two classical figures representing Honor and Glory crowning Time showed 11:40 PM.

And the world is still not connected. And NT might be based on the legendary bullet-proof VMS, but it's not the same thing, and had to bow to Microsoft contingencies all along. Its networking is messy at best, even if it's relatively secure, but when you get down to local machine level, the same thing happens: you can have more than one user registered to use a machine, but once they log in, 'it's their machine' - there's little anyone can do to prevent them from going anywhere and doing anything.

A few moments later Fleet in the crow's nest began to make out what was at first, a small, irregular black object directly in their path.

As PCs have always been considered 'personal', there was never any reason to say 'that is yours and this is mine'. Contrast this with the evolution of Unix, which started as a dumb terminal based system with a single centralised processing unit: when a Unix account logs in, it's taken automatically to its own area of the server disk - 'this is your area - stay put'.

'There is ice ahead.'

All user files fall into that area. Going outside that area - as the disk is shared by all users of the system - is verboten and can be clamped down as tight as the superuser wants.

'Iceberg, right ahead!'

But PCs aren't born that way. They're personal. Their security lies in only one user ever accessing the hardware - something like the classic server locked in a vault.

'Hard a starboard. The helm is hard over, sir.'

By 1993 the world started changing, and unbeknownst to most people, the US Department of Justice is already investigating Microsoft on suspicion of monopoly abuse. Java Beans are out the door; the Mosaic browser hits the world; and by 24 August 1995 a new version of Windows is out too. This version tries to escalate third party software to a 'secure' 32-bit platform by wrapping the old Windows and its underlying MS-DOS in a 32-bit shell. It's not secure by today's standards, even Microsoft standards, but it's an attempt to usher in 32-bit software, and if the entire system can run in 32 bits, it can use what is known as 'protected mode', which will at least isolate wayward processes from the rest of the code.

Murdoch intended to order 'hard a port' to bring the stern away from the iceberg but it was too late; she struck. And as the iceberg glided by, breaking iron rivet heads fastening the steel shell plates causing massive leakage below the waterline, tons of ice fell onto the fo'c'sle and well deck. Murdoch closed the electric switch controlling the watertight doors. Deep inside the ship's alarm bells rang as the massive watertight doors sealed each of the liner's sixteen compartments.

And David Cutler has his NT out the door, and NT is a true 32-bit system, and David is presently at work on his 'Daytona' release of NT, a total tweak of the code used in the initial offering. Soon NT 3.51 hits the market, and system administrators used to the quirks of 'ordinary' Windows are impressed by its stability.

'We were working on the fifth deck amidships baking for the next day. There was a shudder all through the ship about 11:40 PM. The provisions came tumbling down and the oven doors came open.'

But both products - Windows 95, the 16-bit version based on Windows for Workgroups with a 32-bit wrapper, and Windows NT - are still 'standalone' systems. They're meant for one user per machine. Both systems will now allow multiple login accounts, but that doesn't change the on-disk security.

Security in an operating system comes from the hard drive. What you can't access remains secure. The permissions on files determine how a program will run and what privileges it will have when it runs. If security on disk works correctly, no hack will escalate a poor peon user to superuser through a process already running.

At first there was an understandable reluctance from some passengers in first and second class when stewards ordered them to put on their lifejackets and go up on deck. To leave the warmth and safety of their stateroom at midnight when all was quiet and nothing seemingly alarming happening didn't make sense.

The traditional threats to Unix all come from trying to 'get root': either get the password to the root account or ride piggyback on a root process so the password file becomes accessible. And without root access, significant parts of the disk - of the operating system - remain out of bounds.

As the ship sank lower, any thought of protocol was forgotten in the panic to launch the two remaining boats, collapsibles A and B.

When a Windows user logs in, there is no home directory. There is for all practical purposes no 'current working directory' either. It's a standalone machine. You have your Windows/WINNT directory, you have your SYSTEM/system32 directory, and that all belongs to the system; where is your directory?

'Well boys, I've done the best I can for you. Now it's in your own hands. Do the best you can to save yourselves!'

You don't have one. You don't have a hierarchy that is yours, under which all your files - your documents, your programs, your Registry - are saved. Program Files is there for everyone; the vital Registry keys for extension associations, CLSIDs, and 'Interface's are all particular not to you the user but to the machine as a whole.

By 2:10 AM Titanic's stern had risen out of the water to an upright angle. Lights still blazing, there was pandemonium below decks where inanimate objects came to life; crockery, furniture and whatever else not fastened crashed towards the bow. In the engine spaces the massive boilers tore loose from their foundations and crashed through the bulkheads. For the hundreds of terrified passengers clinging to the stern the noise must have been unimaginable. Finally, under the incredible forces the hull was being subjected to, gave way and split in two just forward of the fourth funnel. The bow section quickly sank; the stern settled back for a few moments before it rose again vertically for the final time. The stern remained motionless against the starlit sky for a few moments before it began descending two miles to the ocean floor. As the Atlantic closed over the words on her stern - TITANIC LIVERPOOL - hundreds of passengers struggled in the icy waters.

If one user associates RTF files with WordPad, everyone using that machine must live with it - even those wont to open them in MS Word. If someone installs a new program in Program Files, it's there for everyone. If software installers go into the system's proprietary areas, everyone has to deal with it, even if Microsoft are today trying to circumvent the issue by making 'pretend' directories for this purpose. It's a shaky retrofit at best - and the user still doesn't have a proprietary area. It's all naked, exposed - and guess what: easy prey for hackers.

'She's gone, lads! Row like hell or we'll get the devil of a swell!'

Worst of all, files - especially program files - are not 'owned' by user (or the system) in such a way that the security of the disk determines the security of the running processes. Again, the PC with Windows is a standalone system - it wasn't built with security in mind.

What no one considered in the old days was that you could have software on a personal computer that didn't belong to the user: that you could, in effect, have multiple users '0wning' that machine even if only one person was actually running it. Viruses attach themselves to boot sectors or executables and spread; worms use the Internet to spread and wreak havoc; the catchword for all this today is the 'parasite'. No one considered the existence of parasites back in 1990, or even earlier when the 'personal' computer was born.

'Pull for your lives or you'll be sucked under!'

Unix was multi-user from the get-go; PC operating systems by definition were not. Given the threats out there today, Unix can cope with them because it's built from the ground up with the right security model for this threat: it has security 'on disk'. The PC has no such security when running Windows, because Windows is not really conceived as a platform in need of security - and back when Windows (and NT) started selling like hot cakes, the world was still not connected.

In the minutes and hours that followed the sinking the seabed became littered with thousands of objects. China from the à la carte restaurant; tiles from the floor of the gymnasium; a woman's high button shoe; a giant boiler from the engine room and lying in the middle of this field of devastation was the broken and shattered hull of Titanic.

Unix is multi-user; Windows is single user; no connected computer can be single user anymore. As soon as a trojan gets in; as soon as a virus makes it past the detection software; as soon as a worm hits the computer's IP and sneaks through yet another vulnerability in Windows, the 'personal' computer ceases being personal. Now there are two (or more) users on the same machine. Unix can handle this, if worse comes to worst; Windows, because its fundaments assume everything is standalone, cannot.

System administrators are now engaging in heated discussions about how easy - or how hopeless - the task of taking Windows online is. People trying to get the all-important security patches find themselves whacked the very second their computers connect. One blogger described it as 'walking through a mine field to get to a shelter'.

Over 1,500 lives were lost, frozen or drowned in the frigid North Atlantic. Of the 1,324 passengers and 899 crew on board, at the time of the collision, only 706 survived the disaster.

We're not talking irresponsibility here; yes, Microsoft could have written better code, but it's as Charlie Demerjian says: it's in the design. A product which became incredibly successful was based on a standalone architecture that's outlived its time. It cannot be retrofitted with adequate security because it's not the bugs at the end of the day, it's the fundament itself - it's not a machine meant to be used in a secure environment.

The official inquiries did little to help people understand why such a terrible tragedy could have happened.

So - will Windows users wake up? Or will they go down like the passengers and crew of Titanic, convinced until nigh on the very end that their ship was unsinkable?

Titanic's loss dismayed and infuriated the brave new world of 1912. Faith in the omnipotence of technology was badly shaken.