Joao Ribeiro da Silva wrote:
The main problem with security on windows and other operating system is in their base. Unix like OSs are closed systems by default while Microsoft Windows is a open system by default.
(How good that we don't talk about "open source" software, otherwise this last sentence would really look strange ...)
On Unix like OSs in order for a user to run anything you need first to give him necessary permissions to do so. Otherwise not even a byte the user can read from whereever. On Windows you can do what so ever and then you starting removing power to a user (closing the system to that user).
But that's exactly one root of the problems. The latter model might be fine for a single-user standalone system (Dos and earlier Windows versions), but transfering it to a networked and/or multi-user system was a cardinal mistake. In principle it was clear from the beginning that this couldn't work (so they had plenty of time to rewrite it from scratch if they cared), now we're seeing the effects.
Another basic problem which you didn't mention is the tendency to blur the distinction between executable code and data. AFAIK this tendency has even increased in Windows in the last years (MS-Word macro viruses, various "active" components all over the place and many more things, even the mangling of file name suffixes, so viruses could use double suffixes to "disguise" which is so ridiculous, etc.). For the average Windows user it's quite hard to tell whether they're viewing some data (image, text, ...) which is harmless unless it can exploit a bug in the viewer program, or executing some code which is always dangerous if it comes from unknown sources.
I suppose they're doing it in the sake of "comfort" -- and for the most part I don't even see that point. Most users don't regularly receive executable programs by email or execute them from random web sites. I suppose even the average Windows user is aware of the difference between installing a program (intentionally) and viewing a picture. And if web sites weren't so overloaded with various scripting garbage, this might even benefit users, when web authors would have to learn to write proper HTML for a start (e.g., not using JavaScript for things that simple HTML forms can do just as well, which can be very annoying). But I'm digressing ...
But even if there was some "comfort" to it, it now clearly shows that the security implications are unmanageable. So if they care for security at all, they have to realize it was a wrong decision and undo it until it's too late (well, until it's even more too late than it already is ...). But as long as "opening" an email or web site can mean executing arbitrary code it contains, there's not a chance of hope for security.
BTW, this might apply just as well to Unix applications. I don't usually use this kind of programs, so I don't know how far the usual suspects have gone already (whether also for a strange sense of comfort, or just to imitate the Windows "experience"). I'd just say, beware ...
Try to map a network drive or even access to your CD-ROM it will tell you that only the system administrator can do that and because on Unix nobody works as system administrator then the system core never has a virus. In the worst case scenario only the files created by the user can be deleted or damaged not the files from other users so even if we had virus on Unix the impact over the system would be very small (to the user level only).
I've heard this argument, but I don't think it's a very strong point. On most machines the user data are more valuable than the system files. A system can easily be reinstalled, but user data may take a lot of time to recreate, or even cause financial loss. (Oh yeah, backups. Sure. Most people don't do them unless they've been *seriously* hit once or twice. I know professional programmers who don't do good backups ...)
It's true that a virus can hide in system programs and covertly spread more damage over time, but on Unix systems, they can do almost the same by manipulating the user's aliases, PATH, etc.
Both points are especially true of single-user machines, but that's what most potential victims are.
On Unix, as soon a user logs out from the system all applications running with that user permissions are forcelly terminated by the OS itself.
Not at all.
Frank