[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <9D25EC9CEF02EE449A4D64BFFA413AC8015BD835@iu-mssg-mbx05.exchange.iu.edu>
From: edge at indiana.edu (Edge, Ronald D)
Subject: RE: M$ - so what should they do?
>-----Original Message-----
>From: joe [mailto:mvp@...ware.net]
>Sent: Tuesday, June 22, 2004 11:08 AM
>To: Edge, Ronald D
>Subject: RE: [Full-Disclosure] RE: M$ - so what should they do?
>
>Almost everything you said here is user interface, not core
>Windows and why it needs a redesign. The remaining is either
>wrong or (mis)configurations.
>This illustrates exactly my point. I fully concur that much of
>the user interface needs work, I tell this to every MS
>developer I run into and many of them agree as well. They are
>working on it....
You're just jerking chains here, right? Did you read what I wrote?
Where in the world in what I wrote can you point to something
that specifies the user interface as the problem?
That is simply not true. The inability to distinguish between
being logged on as root vs. non-privileged user, and the latter
still in their sandbox be able to function, install their programs,
do their work, yet simply not have any chance to accidentally
attack and destroy the operating systems, is inherent in the
Windows design as it is, and is truly at the root of current evil.
This has zippity doo dah to do with the user interface.
ActiveX controls are program objects. They were introduced so
sites on the Internet could run programs on local computers.
This is the root of much evil. There are few who argue this now.
Many of them provide the ability to create user interface object
superior to simple HTML, but the evil they do and can do and
have done goes far, far beyond that.
I should have added a final point, and that is the Misgeburt, as
the Germans would call it, the registry. What a single failure
point, designed to be more a study in obfuscation than an exercise
in good database and system design. Even Microsoft is retreating
from the registry, according to what I have heard at the last
two database development conferences I have attended. The registry,
to be frank, sucks. It just offers crackers fruitful paths of
attack, the favorite of course being loading something in the
start key so when the computer boots next time is it is toast,
since the users is 95% sure to be running with full admin
privileges, and the program will be able to do anything it wants.
And it is so easily broken by poorly written install and uninstall
programs that I would laugh, if it were funny, but it is not.
I could go into the rise and fall of com objects and ole, too,
but like most Microsoft stuff, it rises, some fools develop using
it, and 18 months later MS changes its mind, and presto, instant
obselescene in programming. Not exactly a good investment if
you are still paying attention to ROI.
Note that I see this as a Windows user, using development and
database software on Windows, and managing 465 + machines all
but about two dozen of which are windows XP or or 2000 or 2003
servers, and a remaining handful of 2000 machines.
None of the usability features can override the intrinsic flaws
in security design that have resulted in at this moment literally
millions of Windows machines compromised world wide, and ongoing
daily nightmares in just keeping things glued together so they
work at least the majority of the time.
Ron.
Ronald D. Edge
Director of Information Systems
Indiana University Intercollegiate Athletics
edge@...iana.edu (812)855-9010
http://iuhoosiers.com
"Patriotism is not short, frenzied outbursts
of emotion, but the tranquil and steady
dedication of a lifetime." - Adlai Stevenson
Powered by blists - more mailing lists