|Home » Security » Can't Take a Punch
The Glass Jaw
Defences are irrelevant.
Computers have to be able to take a punch too. Once upon a time most computers could do this. It's increasingly obvious some computers today cannot. Using rope-a-dope to thwart hackers isn't generally a good idea for computer systems.
Building a strategy as Microsoft do to stop each and every single punch or jab simply can't work. Especially when Microsoft Windows has a glass jaw.
Studying how Microsoft work to stop 'hacks' at the periphery it becomes obvious rather quickly that everything depends on there not being a single error in any of the code at that periphery - that not a single punch gets through and lands. This is just as unrealistic in the realm of computer science as it is in the boxing ring.
The boxing analogy might not be perfect but it's good enough to get the point across for those who do not study operating systems and computer security for a living. No fighter anywhere at any time would make it very far with the glass jaw of Microsoft Windows.
It's also important to look at what happens after the periphery is broken. Muhammad Ali proved that at least in Zaire nothing of import happens - in fact in his case he counted on the periphery being broken. But Microsoft cannot. Once the attack vector succeeds on Microsoft Windows the game is over - Windows has a glass jaw. And it's this total inability of Windows to take a punch which dooms it forever to being the security nightmare everyone today knows it to be. For Microsoft Windows is a standalone system. It doesn't have its roots in a real operating system. It started as a simple hardware interface. You can't return to a flawed design - or an inappropriate design - and make it secure after the fact. It just doesn't work.
Windows is the only system available today that can't take a punch. It's the only system not built as a 'real' operating system but as a standalone system.
Other computers didn't start as standalone systems. Only computer toys did. Real computers were never standalone. Computer toys were initially nothing but. What's a real system as opposed to a standalone system? And why is knowing the difference between the two so important?
Real Operating Systems
Also called 'server operating systems' today to distinguish them from standalone systems such as Windows, real operating systems were built with multiple users in mind and with security in mind as well. The two considerations can go hand in hand.
Assuming multiple users on the same system implies that each user be protected from the other users. No single user with any software whatsoever can be allowed to impinge on any other user. No program run by any user can be allowed to affect the programs run by another user or the data stored by another user.
And given the above it becomes obvious not only that the system itself must protect users from each other but that the system must also protect itself from both itself and other users. No user process can be allowed to corrupt the system or in any way corrupt running processes.
How the above is accomplished is of course implementation dependent but certain rules will always apply.
- System areas with system code must be 'out of bounds' for ordinary users. Users may be able to run system commands but they must not be able to corrupt system files on disk representing these system commands.
- System areas with system configuration data must also be 'out of bounds'. No user may be allowed write access to these areas.
- Users must have strictly hierarchically defined areas of the file storage for their own use. Available file system permissions must enable them to either allow access or completely prohibit access for all other users. And this mechanism must be easy and straightforward to use.
Moving from a solid multiuser architecture to a connected Internetted reality is not an issue for real operating systems. All the components are already in place.
Standalone systems are so called because they're not intended to be connected to anything. Thereof the name. One does not log into a standalone system - one simply flips the power-on button. File permissions are essentially meaningless as files are not owned by a particular user (who can then exclude use for other users). All files - and all processes - are run on the single one common account. In fact the concept of the user account doesn't even exist on the standalone system.
Apple's early pre-Macintosh computers were standalone systems. Apple's original Macintosh was a standalone system. Unix from Bell Laboratories was a real operating system. IBM's mainframe systems are real operating systems. And so forth.
The IBM PC originally ran either PC-DOS (from IBM) or MS-DOS (from Microsoft). These were not real operatings systems - they were standalone systems. They had no user accounts. Their all-important file permissions were meaningless. And so forth.
IBM never envisioned their PC being used in real life situations more than as a (3270 emulating) gateway to their mainframes. The security would remain on their real mainframe operating systems along with the user accounts the local PCs would need, along with the system resources and program files.
Safety on the Internet demands real operating systems. Both Apple and Microsoft were caught with inappropriate systems in this new Internet era. Microsoft hired on David Cutler in 1988 to build a secure (and hopefully real) operating system. Cutler was working on the Emerald/Prism project for DEC at the time. He was induced to take his project (and his research teams) to Microsoft. The 'NT' Cutler eventually built for Microsoft is largely based on his earlier VMS for DEC - a system considered to be able to take a punch. But the restructuring of NT that Microsoft demanded left the system adapting to standalone system needs and therefore anything but secure.
Microsoft have spent millions pushing their NT products through security testing in order to win certifications. But what's hilarious about these tests is that it's only the internal workings of the system that are audited. The tests themselves assume the systems being studied cannot be accessed by interlopers - the systems are assumed to not have access through remote disk drives or Internet connections. What value one can put on such a certificate in today's era of the Internet is not hard to ascertain - the certificates are basically worthless.
Given these rather obvious facts one inevitably asks why Microsoft should persist in fomenting a hopeless product on the marketplace. And the answer is unequivocally found in the marketplace itself. There are two ways Microsoft could swiftly give users a completely secure system and rid the world of hackers forever.
- Market a completely new system. Best of all would be to use a commodity system such as Linux or one of the BSDs. But to do so would break all Microsoft's third party software titles. And Microsoft need these third party titles to remain relevant. If Microsoft were to replace Windows with a secure system they'd lose their market completely.
Apple could have introduced OpenStep in 1997 but they wouldn't have got much market share. They had to restructure this excellent product to make it look like a Mac to have a chance in the market. The fact OpenStep was (and today still remains) better by a mile than anything else out there is irrelevant.
- Sandbox Windows inside a secure system. Just as open source people sometimes do, Microsoft could ship their Windows inside a BSD. Nothing from Windows itself would touch the Internet and nothing from the Internet would touch Windows. Windows itself might get infected but the BSD system would not. People would be secure alright - but people would soon realise they had other third party programs they could run as well: third party programs written instead for their BSD system and not for Windows. Microsoft would write their own ticket right out of the game.
It's no coincidence Microsoft regarded Mosaic Communications Corporation as a threat and summoned leaders of that company to Redmond to tell them in no uncertain terms they must never port their Navigator web browser to Windows. And it's no coincidence Microsoft did everything in their power to destroy Mosaic (later Netscape) and were consequently convicted by the US Department of Justice. Letting someone else inside their system (Netscape had the API) could not be tolerated. Microsoft were willing to let the matter drag its way to the US Department of Justice rather than let progress simply do its thing. They deliberately attempted to hold back the hands of the clock.
Microsoft are caught between a rock and a hard place. They need to give their customers a secure - a real - operating system to make their customers safe but they know that in so doing they will lose their market position forever.
The right thing to do is of course to give people what they need - and then fight hard to win them back. But that's not what Microsoft choose to do. Instead they choose to fight tooth and claw at their periphery, to spend literally billions on research to attempt to accomplish the impossible - namely to create a periphery that can't ever be breached. Not by a single punch. And to continue the smokescreen game using high paid 'mafia lawyers' to effect a near total media blackout.
They don't think they have a choice - because what's inside that periphery has a glass jaw.