Comments on: Microsoft to Automate Windows Security

By: Mark Hasty

Mark Hasty — Wed, 31 Dec 1969 18:00:00 +0000

Ooh . . . nice last line in that post.

By: bryan

bryan — Wed, 31 Dec 1969 18:00:00 +0000

I'll gladly be among the half dozen who aren't infected, thank you very much. As well, I don't have Bill Gates stuffing more poorly designed software down my throat.

"Popular windows XP software." Heh.

By: John A. Kalb

John A. Kalb — Wed, 31 Dec 1969 18:00:00 +0000

So far as I can tell, this isn't really news. You can already switch auto updates on in Windows XP. I personally just set my computer to tell me when there are updates, and I go get 'em.

By: Little Miss Attila

Little Miss Attila — Wed, 31 Dec 1969 18:00:00 +0000

Don't be snarky, Dear. I have it on good authority that there are at least ten of us in America.

By: Paul

Paul — Wed, 31 Dec 1969 18:00:00 +0000

Actually James has a hyper geek I can tell you the Mac is inherently more secure. In an effort to obtain interoperability (*cough* and a monopoly *cough*) Microsoft sacrificed inherent security repeatedly.

The security via obscurity thing is a bonus though.

Besides the security thing though, they just work better.

By: Mark

Mark — Wed, 31 Dec 1969 18:00:00 +0000

While you can turn on Windows Update downloads now, they don't automatically install, AFAIK. Once they are downloaded, a balloon will pop up telling you that they've been downloaded and that you should install them. From the quote here, it looks like these will install themselves. Me, I prefer to do it manually twice a month or so, or if I know a new virus is out and there is a hole to be patched.

By: dondo

dondo — Wed, 31 Dec 1969 18:00:00 +0000

Actually, both are true: there are far fewer Macs, which makes them a less tempting target; and Macs absoluetley are inherently safer. Windows added security as an afterthought; that's hard to achieve. The Mac (and all other Unix systems) have network security built in as a primary design consideration.

By: Ross Judson

Ross Judson — Wed, 31 Dec 1969 18:00:00 +0000

Macs are somewhat more secure than XP, although XP can be made considerably more secure if its security features are actually used; generally they are not.

Most operating systems today make a fundamental error -- that programs executed by or on behalf of a user should be given the same security privileges as that user. Programs need to be treated as unknown entities, in general, and be restricted from doing anything they are not specifically granted a right to do.

"Run As" and "suid root" need to become a thing of the past. I should be able to download any program I want from the big bad internet and execute it immediately. The OS should drop it into a secure environment and then deny it any access to resources it is not specifically granted. Generic rights templates can shortcut the situation, but should be used sparingly.

Your average computer running OS X or XP is an ecosystem most people are unaware of. We need to treat the entities (programs) living in it as individuals...

By: John A. Kalb

John A. Kalb — Wed, 31 Dec 1969 18:00:00 +0000

Mark,

From what I remember, XP Home (I use professional, which will only do what you say) does have an auto-install feature, which annoyed a lot of the privacy folks when XP first came out.

By: Technicalities

Technicalities — Wed, 31 Dec 1969 18:00:00 +0000

Pushy Pushy
Over at Outside the Beltway, James is blogging about Microsoft wanting to automate security on new Windows machines. Microsoft has been kicking around this idea for quite a while, but they seem to have made up their minds to implement

---