Mini-Microsoft Cutting Room Floor

Saturday, March 17, 2007

World's Safest OS - New comment on Stirring the Microsoft Comment Pot on a Rainy Wee....

Anonymous has left a new comment on your post "Stirring the Microsoft Comment Pot on a Rainy Wee...":

OT—

Apple just angered QuickTime/web developers by completely removing QuickTime's ability to trigger scripts on pages.

I've read debates on Mac programmer threads wherein the same complaint is voiced multiple times: this breaks the core functionality of many web assets that must now be re-coded, thanks to Apple.

But the prevailing sentiment is that Apple did absolutely the right thing; it inconveniences programmers but it's an overdue security measure.

What if Microsoft took a page out of the same book and released an OS build (or even just a browser) that omitted all vb, ActiveX and .net functionality.

Yes, a lot of stuff would have to be rewritten. (A lot of stuff!) But then the OS/browser stack would be ACTUALLY SECURE. Wouldn't it be worth it?

I know I'm probably overlooking something technical here, and I'm ready to be scolded by programmers who can't wait to tell me how unfeasible this is.

But isn't there something to be said for the core idea? I mean, in the 90s microsoft permanently welded the browser functionality into the foundations of the OS in order to "prove" that forcing one browser over another was somehow necessary and unavoidable. My understanding is that this is why a popup ad can get into my registry and my .dll library and lay "lice eggs" that are extremely difficult to find and remove and which present a moving target to any filtering system.

Rip all that out, and you've still got a CGI capable, JavaScript capable, world-class browser.

My PC stays clean until I open Internet Explorer; then it's only a matter of time before I'm infected. Is ActiveX so indispensable that it's worth all this?

If I'm completely wrong about this, I would greatly appreciate it if somebody would explain why.


2 Comments:

  • Quote:
    Yes, a lot of stuff would have to be rewritten. (A lot of stuff!) But then the OS/browser stack would be ACTUALLY SECURE. Wouldn't it be worth it?

    I know I'm probably overlooking something technical here, and I'm ready to be scolded by programmers who can't wait to tell me how unfeasible this is.

    End quote.

    This is feasible. And this is how it works in mythical "real world."

    You check the "old crap" which causes problems and get people to document what it does - and problem it causes and why it causes them. Using the documentation company can kick start new implementation to replace offending piece and thus mitigate problems it is causing.

    Of course, replacing things like ActiveX will not be trivial: it is insecure because it is very fast and many applications depend on the performance. Yet it is doable.

    Though, corporate logic will not allow to throw away the sole reason why people still use Windows - backward compatibility allowing OS to boast vast number of applications. If M$ would break backward compatibility ... well customer would be (as many higher-ups softies acknowledged) better off with competing solutions from Apple or Linux vendors.

    IOW, Windows now exists (and sold) solely on premise of minimizing other costs: costs of 2nd/3rd party software acquisition - thanks to the much hated backward compatibility.

    P.S. But of course cost of Windows now - compared to competitors is greatly exaggregated. And add here all 3rd party you have to buy - like anti virus solutions. Paying $250+ for Vista??? Thank you - I'd rather spend that (and actually already spent) on making my home system Linux compatible.

    By Blogger Ihar Filipau, at March 19, 2007 at 9:07 AM  

  • Hey, thanks for responding! I knew I wasn't completely off-track.

    It's simple: my WindowsXP box won't get infected until I launch Internet Explorer. If I use Firefox, there's no problem.

    So, IE's integration is the security hole. Why? Because of VB, ActiveX, or something else. Whatever it is, take it away and the machine's secure (although some pages break).

    Simple, right?

    By Blogger Jordan, at March 20, 2007 at 7:20 AM  

Post a Comment

<< Home