Who will trust MS now?

It’s far too easy to catch a virus off the internet these days. In fact I did just that last Saturday, visiting a site through a Google search that had been hacked. Home users will continue to run PCs without AV protection if they have to pay for anti-virus software subscriptions. This software really should be free – a free subscription bundled with your monthly ISP bill.

Now Microsoft has a huge responsibility to protect users. Vista is sold as being more secure than Windows XP, yet it has had to issue an emergency patch to protect everyone’s PC from a flaw in its software, a flaw that would not have been so catastrophic if it’s software was designed better.

Microsoft has been working on improving the quality of its software through an initiative called Trustworthy Computing. Windows cannot be secure by design. The software that Microsoft writes has far too many links to the internal workings of Windows. If IE was a third-party application, we wouldn’t be faced with such a major update. But Microsoft insists on making its bloody web browser integral to the Windows operating system – unlike Firefox, Safari, Opera, Chrome etc.

The more its software becomes integrated, the greater the risk of a problem in a single component affecting the whole operating system.

Frankly, I think the only way to achieve Trustworthy Computing is to separate the operating system components from application software using some kind of microkernel architecture.It may be slower than monolithic designs like Windows, but such an approach should limit the effect of buffer overflow attacks

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I am amazed how a tech journalist can say that Windows is a monolithic kernel!!

When I was taught my computer class on all the literature we had access to (as well as lots of information available on the internet) clearly explains that Windows NT (the foundation of all modern windows versions) was built as a microkernel and Microsoft maitains it that way.

For practical reasons some of the isolation had to be broken, especially between the GUI and the core OS but this was for speed sake.

However just look at Mark Russinovich's tools and you will see that windows is built around a very small api called the Native API and on top of that you have the Win32 api, now the new Win64 api and even a POSIX complaint API (yes windows can run posix software).

Everything is modular in windows and to prove it just look at what happened in Vista and slow file copy on some networks. This happened because Microsoft chose to update the very old TCP/IP stack. Because windows IS modular they just replaced the TCP/IP stack with a new one and further fine tuned it in vista sp1.

Most of the security flaws found in windows are in the Win32 layer not the core OS.

Also stating that IE is tied to the core OS is completely random at least. I am yet to see any code of IE making calls to the Native API. It simply uses Win32 JUST LIKE Opera, Firefox or any other.

The question here might be that Opera, Firefox, etc may choose to use their proprietary functions instead of using code in the win32 api that already performs the same functions.

BTW Mac OS X was such a revolution because is followed windows footsteps in that it is also a Microkernel with a small API and on top of that they build their own APIs (Apple calls them frameworks): cocoa, etc.

The commenter makes accurate statements. The article author on the other hand, is just throwing terms around without knowing what they mean.

Windows has its fair share of holes, but this is because of design decisions that have nothing to do with the kernel per se. It is more to do with the stuff that has been implemented within the Win32 layer.