Donald Noble's Website

Daniel Eran has posted an interesting insight into the real reasons behind the plague of viruses and other malware for the Microsoft Windows OS, Five Architectural Flaws in Windows Solved In Mac OS X. These flaws are also “solved” in other linux/unix operating systems, although these tend to be used by more security conscious users anyway.

Flaw 1—Windows’ Interactive Services

Basically, all programmes can interact with each other without any regards to security. So viruses/malware can easily and transparently access your whole system. In mac OS X, you have to type your administrator password every time a programme wants to modify/interact with the core system. Which is a small price to pay for security. If you are installing software for all users, you expect, and can quickly type the admin password. If the prompt appears when you are opening a picture, you should get suspicious! although this has never happened to me.

Flaw 2—Windows’ opaque and illogical file system presentation

Best described by: DesktopMy ComputerDrive C:Documents and SettingsdonaldDesktop While Mac OS X and other systems show mounted disks on the desktop, these are shortcuts, and when opened do not show the user’s desktop to be at the top of the tree. They more logically show: the computer name; then any mounted disks; and underneath those, their contents.

And although OS X hides some required system files, it doesn’t hide programmes I have installed, or the preference files for these as Windows does by default.

Flaw 3 – ‘Least privilege’ is impractical and broken

Known as “run as…” under Windows, and it doesn’t work. So you need to be logged in as an administrator to do pretty much anything. So the virus becomes an administrator too! This kind of ties together with point 1, OS X prompts for the admin password, and to modify the system, you have to fire up the geeky terminal console, and type sudo commands (Superuser Do).

Flaw 4 – No signal of privilege escalation

As noted above, under OS X it is obvious when you are giving enhanced privileges. Under windows, it is not. Partly because you already need full privileges to do anything! Making a mockery of the idea of user levels.

Flaw 5 – Windows’ expensive processes

Getting technical here! Although the idea of separating potentially malicious programmes seems sensible enough to me.

Only as secure as the user

What the article doesn’t mention, and I don’t think it set out to anyway, is mention that any system is only as good as the weakest link which is often the user. If a malicious script was downloaded, and executed under OS X, it would need to be authenticated. If the user blindly does this, then there no way the system can protect itself. It’s back to Asimov’s laws of robotics, the computer should protect itself, except where this is disobeying a command from the user.

This entry was posted on Sunday 14th May 2006 in Blog, Computers and tagged Computers, internet, mac OS X, MS Windows, Windows. You can follow any responses to this entry through the RSS 2.0 feed. Comments are currently closed, but you can trackback from your own site.