Difficulty and Security

Once upon a time, there was Windows, MacOS, and Linux. MacOS was a joke, so we won’t talk about it for now. Windows was easy to use, but also not quite stable and quite insecure. Linux was more difficult to use, but was also a lot more stable and secure.

This seemed like an interesting correlation: more security leads to more difficulty, and vice versa. Was this necessarily so? Both sides said no; Linux users claimed they would achieve ease-of-use without sacrificing security, while Microsoft claimed they could eliminate the stability and security problems of Windows while still keeping it easy to use. And with that, each side went to work.

We’ve been seeing one side of that work–the Linux side–gradually manifest itself. There’s no question that Linux has improved tremendously in ease of use. As the new technology has been developed, it hasn’t really affected stability more than usual; the main problem is that the new usability features are in high demand, and thus are more likely to be deployed before they’re ready.

Now the other side of that work is starting to come into focus with the recent betas of Windows Vista. So far, it seems that things are not going well:

Let’s say you have a 250GB external USB drive packed with music files, videos, pictures, and backed-up documents. When you plug it into your new computer, Vista assigns it the drive letter F:. You have no trouble viewing those pictures and playing those music tracks. But as soon as you start organizing your files into new folders, Windows Vista begins prompting you for permission to perform file operations. You have to click Continue, switch to the Secure Desktop, and then click Continue in the Consent dialog box to complete each operation.Why? Because the default permissions on that external drive give Full Control to the Administrators group, but only Read permissions to Users. And remember, you’re running with the process token of a standard user, unlike Windows XP, which gave you full credit for logging on as an administrator.

This sounds like a major blunder, but it’s not. Long-time Linux users will recognize the problem immediately: how do you secure removable media like USB sticks or CD-ROMs? We went through several iterations of that problem before coming up with a sensible solution: by default, the user who inserts media has full permissions to work with that media, and no one else should. It doesn’t sound like Microsoft has been learning from our experiences so far.

Slashdot has an article on Vista’s new security system, which has motivated some interesting analyses in the comments:

  • The new Windows ‘protection’ scheme will browbeat the user until they disable the security system (in some way or another). That way, when the inevitable virus and spyware hits the system, Microsoft can wash their hands and say that it’s all the user’s fault for making use of their computer bearable.

  • Here are the simple solutions all the windows experts are missing:Set yourself up as the owner of all files on the drive.
    Set full permissions to all files to the “user” group.

    Oh gosh gee. I don’t know how we could have been so stupid. Please forgive us for doubting the security, power, and flexibility of Microsoft operating systems.

    Dear Microsoft “experts”: You just permanently lost the user privilege security argument, and you probably don’t even know why.

  • “Granted, I have to set the ACLs on both directories and registry settings, but it’s never been very hard.”Your Momma.

    As in, ask Your Momma to do that.

  • From that review, it seems that running as a regular user will be easier under Ubuntu today than under Windows whenever it is released. There’s no excuse for that.

It’s interesting to note that Mac OS X–the successor to the previously-dismissed MacOS–is now cited as a model for implementing usable security, and that they’ve done so by building on a Unix base.