[14295] in cryptography@c2.net mail archive
Re: Reliance on Microsoft called risk to U.S. security
daemon@ATHENA.MIT.EDU (Victor.Duchovni@morganstanley.com)
Fri Sep 26 16:38:36 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 26 Sep 2003 09:47:20 -0400 (EDT)
From: Victor.Duchovni@morganstanley.com
To: Ian Grigg <iang@systemics.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <3F7355AF.B223A93C@systemics.com>
On Thu, 25 Sep 2003, Ian Grigg wrote:
> On the face of it, this is being too kind and not
> striking at the core of Microsoft's insecure OS. For
> example, viruses are almost totally a Microsoft game,
> simply because most other systems aren't that vulnerable.
>
While part of the security problems in Windows are Microsoft specific, in
my view a large part is inherited from earlier graphiscal desktop designs,
and is almost universal in this space. Specifically, when a user clicks
(or double-clicks) on an icon there is not a clear distinction between
"Run" and "View". Instead we have the polymorphic "Open".
If files always opened in a safe viewer, (e.g. clicking on a .pl file
fired up an editor, not the ActiveState Perl interpreter) a good part of
the security problem with Graphical desktops, Microsoft's, Apple's,
RedHat's, ... would be solved. The bizarre advice we give users to not
open message attachments would be largely unnecessary (one also needs to
close the the macro invocation problem, but this is not insurmountable).
It is my contention that so long as activating an icon does not
distinguish between "Run" and "View" all Graphical Shells will be
insecure.
--
Victor Duchovni
IT Security,
Morgan Stanley
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com