CNET también está disponible en español.

Ir a español

Don't show this again

Services

It's the operating system, stupid

    In response to the Perspectives column written by Charles Cooper, "Copping out on cybersecurity":

    Why just Silicon Valley? Others can help, too. Security is a problem, because users won't bother to patch, and those who do can't keep up. It's because we all use Microsoft.

    Microsoft's greatest strength is also its biggest weakness--and thus our weakness. Microsoft's strength is in building easy-to-use features in all their products. Great, but too many features work counter to security. The more stuff in there, the more stuff to break.

    Thirty years ago, we never worried about hacking, so we built the Internet in a fully trusted world. The lineage--the roots--of today's code can all be traced to the "trusted" world.

    Microsoft is no different. Its operating systems and, to some extent, its applications, were not built from the ground up with security in mind. So we're now forced to treat symptoms, not the cause.

    So what exactly is the cause of all these cyberattacks? It's the system, stupid--the operating system.

    Every OS designed for the masses shares a common architectural principle: Application permissions are bound to users. This is bad, because hackers can spoof identities, allowing them to gain control of the system. This is not conjecture; it's fact.

    In a perfect world, we'd start with a clean slate and design everything with mandatory access controls and built-in security. Building code this way would stop unwanted intrusions cold. Microsoft, are you listening?

    With 94 percent of the world using Microsoft products, it's no wonder that hackers are so darn successful.

    Louis A. Jurgens
    Executive VP, Systems Advisory Group Enterprises
    Amarillo, Texas