Microsoft Versus
Dissecting Microsoft | Directory

Designing For Security

The most secure computer systems are those designed from the start with attention paid to security. Security can not be an afterthought. It must be part of the process from [design] to implementation to [support]. In the words of Dan Gillmor, "unfortunately, due to the basic nature of Windows -- even XP, which is definitely sturdier than its predecessors -- Microsoft's efforts to make it safer remind me of the old days when I owned a car in snow country. You can't paint over rust and expect the car to last."



Many of Microsoft's products are designed with little thought of security. For example, Outlook will execute any kind of e-mail attachment. It will also execute code embedded in HTML e-mails. E-mails exist for the purpose of transmitting messages and simple attachments. No e-mail, not even one created with malicious intent, should be able to automatically execute code on a computer. Alternatives such as Evolution and Mozilla's Thunderbird do not contain these design flaws.



Web pages (i.e. HTML documents) are intended to display formatted information. They've been enhanced to provide simple form submissions. They may contain computer code (scripts) to dynamically modify the information or formatting but shouldn't be able to do anything outside the limited environment of a web browser. Internet Explorer (IE) on Windows, however, allows web pages to manipulate the hardware and software on the host computer. For example, if the following is included in the body of an HTML document opened by IE on a Windows computer all CD drives will eject:

<script language="VBScript">
  Set oMp = CreateObject("WMPlayer.OCX.7")
  Set colCDs = oMp.cdromCollection
  if colCDs.Count >= 1 then
     For i = 0 to colCDs.Count - 1
        colCDs.Item(i).Eject
     Next
  End If
</script>



A document on a remote computer intended merely for the sharing of information should not be able to manipulate another computer. These are significant design flaws that demonstrate a lack of attention to security.

Copyright © 2004-2007 Matthew Schwartz