Be Very Afraid

cartoon elephantI sometimes read that Macs with OS X have few security problems because the bad guys can’t be bothered attacking a minority operating system, given that more than 80% of personal computers run some version of Windows. While I’m sure there’s some truth in that, the elephant in the room is pointing out that, no, actually Windows is inherently less secure than OS X and other Unix-descended operating systems.

The problems with Windows arise from several different sources. Bugs are a universal aspect of software, with Windows probably no more prone to programming errors than anything else. However, the core parts of OS X are Open Source, which means that a huge army of volunteer programmers can investigate and find problems independently of Apple, while a very small number of people get to see Windows code.

Windows’ heritage is a problem as well, with the same code being developed and extended since Windows NT from 1993. On the way, some questionable design decisions have been made, but the system has also acquired quantities of what programmers call “cruft”: awkward and complex changes, usually made by people who don’t fully understand the code they have to modify. That often leads to bugs and oversights.

It’s ironic, perhaps, that OS X can trace its history back to the first Unix system, first released in 1969, so in a sense it’s much “older” than Windows. But that difference is actually part of the reason why Unix descendants are more secure than Windows ones. From the beginning, Unix was designed to be used by more than one person at once, computers being rare and expensive in 1969. This meant that protection and authorisation mechanisms were built in.

In contrast, Windows NT comes from a time when personal computers were common, but sharing and use of the Internet were not. The Windows NT PC was envisaged as a purely single-user machine, perhaps with access to a corporate network in the business world, but certainly not at home, and certainly never to the dangerous wide world of the Internet. (I worked with Microsoft on a project in the late 90s and the company still hadn’t corporately “got it” that the Internet was going to be important.)

The increasing complexity of newer releases of Windows was compounded by the lack of any centralised, high-level plan for security, and the company’s obsession with adding automation and user-scriptable features, Active-this and Live-that. Very, very few computer users were interested, and many of those were interested for nefarious reasons. I remember the days when it was a trivial matter to put an automatic macro in a Microsoft Word document which would re-format the hard disk of anyone who simply opened the file. Oh how we laughed.

The worst period of Windows flaws and vulnerabilities was probably around the time of the transition between Windows 2000 and Windows XP, and XP was particularly insecure until the release of Service Pack 2 in 2004, a full three years after XP itself came out. SP2 added some useful security features, the Windows Firewall probably being the most apparent to the user, but “under the hood” there were changes that made hacking exploits more difficult.

These days, Windows 7 requires far less effort to keep it secure than its predecessors, but it’s still a consideration, and even if you religiously apply updates and keep anti-virus protection current, there’s still the possibility of “zero day” attacks, in which the hackers exploit a vulnerability which was previously undetected. With the baroque complexity of Windows internals, no-one could ever declare it free from security holes anyway.

ATM with tracebackIf your Windows desktop or laptop machine is compromised, it could mean that, without your knowledge, it could be used to send large quantities of spam e-mail, or to join attacks on a website as part of a “botnet”. Even worse, as has been in the news recently, it could capture and transmit your online banking details, leaving you open to real financial damage. But because of Microsoft’s business practices, that may not be the worst of it. Windows, originally designed for a single user on the primitive PCs of 1993, has been sold for much wider uses. Even, and I kid you not, in bank ATMs. That scares me, particularly since the accompanying photo of a machine with a crashed Windows belongs to the bank where I keep my money.

Windows is also quite widely used as a server operating system, again, a purpose never originally envisioned. These machines, web servers, file stores, online business hosts, all have the same known or unknown flaws at any given time as their desktop relatives. And if you were designing a server operating system from scratch, it would be lean, efficient and simple enough to make secure, exactly what Windows isn’t.

But the worst news in recent weeks is that the German company Siemens sells Windows software for controlling industrial equipment. The sophisticated Stuxnet worm exploited a number of different Windows vulnerabilities to spread and hide itself on many of those control computers, the majority of them in Iran. Stuxnet was designed to collect information on the devices which the computer is controlling and to send it back to a remote server. (Until they were taken off air, there were two servers, one in Malaysia and one in Denmark. Both were masquerading as football websites.)

Stuxnet even has the ability to get malicious code onto the industrial control hardware itself (not Windows-based), giving it the power to set switches, open valves, run pumps and that sort of thing. And, of course, the facilities in Iran which are the focus of the Stuxnet attack are Iran’s entirely civilian, peaceful, power generating, not a way to acquire bombs, nuclear programme. Abort/Retry/Fail?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s