Is it just number of users
that makes Windows PCs vulnerable?

Aaron Sloman
School of Computer Science
The University of Birmingham
5 Jan 2006

The opinions expressed here are those of the author and
do not necessarily represent either the School of Computer Science
or the University of Birmingham.

Following a recent announcement about security risks on Windows I suggested in an email message to colleagues that people consider switching to Linux or Mac. One of the recipients, a Mac user responded saying:

> No don't ! Some believe that the only reason Mac users are
> (relatively) safe is that there is no market for virus writers.

What follows is my reply to him (slightly edited).

It is often said that the only reason why so many mischief-makers or criminals develop viruses/worms/trojan-horses that attack PCs running Windows is that there are far more PCs running Windows accessible via the internet than any other operating system.

However, there are deeper reasons.

Unix (on which linux and OSX are based) was designed from the start (like many other older operating systems) as a multi-user system.

This meant that from the start there was a notion of some things being accessible only by a super user, and different users having access to different parts of the file system, some of which could be shared others not, with some things accessible only via a super-user password.

(Though unix/linux has still not caught up with some older operating systems in sophistication and flexibility of access controls, e.g. VMS).

In contrast Mr Gates and his friends were foolishly allowed by IBM (who really knew better, but did not think the PC would go anywhere) to produce a personal computer which was designed from the start as a machine to be used by *one* person, who could therefore do anything he/she wanted, as the owner of the machine.

Early Macs had the same design flaw, I believe.

This 'personal computer' mindset even continued after IBM and other PC makers started selling personal computers for use in schools, in offices, and in families where it was obvious that they were going be shared between users.

It even continued after MS started allowing PCs to be connected to the internet.

When microsoft eventually started paying attention to the need to catch up with real operating systems, the problems of backward compatibility and badly designed code clobbered their efforts. E.g. Windows was stuck with a 640kbyte (or something similar) address space long after the hardware was available for much bigger addresses (as used in Apollo, HP, Sun, Sequent, Vax, and other systems at that time.).

I believe NT was the first well-designed operating system from Microsoft (built by people who had worked for DEC). There's an interesting historical presentation here:

XP combined NT with the 'domestic consumer' facilities of earlier versions of Windows.

However they are still badly behind in relation to proper multi-user support according to

which states:

The next client version of Windows, Windows Vista, is expected in fall 2006. According to Microsoft, this will bring enhanced security from a new restricted user mode, finally replacing the "administrator-by-default" philosophy in their former operating systems,

etc.... !!!!

The last time I looked at, several years ago, Steve Gibson had long complaints about how Microsoft had consistently ignored warnings from himself and others about what they were doing by default with XP.

I think Apple and Linux developers know better. And apple attribute this in part to use of Open Source, here

So the prevalence (and ignorance?) of microsoft users is not the only reason windows is more vulnerable than linux or OSX, or Solaris, or VMS, or HPUX, etc. etc.

In fact the prevalence of windows is what makes it relatively easy for malicious people to plant trojan horses that launch denial of service attacks and fraudulent spam that impinges even on people who use well designed operating systems, as has happened in this university.

So think again about the idea of leaving windows users to suffer while you don't!

Another colleague pointed out the following
> Just want to clear a few things up. Firstly there IS a really big
> Windows security problem at the moment - one of the biggest and most
> significant there's ever been (as it can be easily expolited on a fully
> patched system and is pretty much undetectable).
> On the other hand, there is also a hoax email going around.
> The danger is that people will hear there's a hoax going
> around and incorrectly dismiss the WMF flaw as that hoax.
In response to which I made the following comment.

It occurs to me that this is another reason in support of my frequent rants about people (usually unwittingly) setting their mail programs (especially MS outlook) to send email in html as well as plain text.

The html allows a link's true nature to be disguised: you think you are clicking on a link in the message to XXX, but actually go to another site disguised as XXX.

If messages are sent as plain text, many graphical mail readers still allow you to click on a url, but then what you think you are selecting is what you are actually selecting: what you see is what you get.

Help stamp out html mail!

If everyone set their mail programs to send ALL mail as plain text (as explained here:
I wonder if worms that broadcast from infected machines would easily override that and send html?

Can mail readers, including Outlook, Mozilla, Thunderbird, be set to translate html to plain text and display only that? If so, people would not be so easily deceived by phishing mail and dangerous security hoaxes.

A similar option should presumably be added to webmail services and the like.

> So, there really is a big Windows problem to worry about, but there's
> also a hoax to ignore. Difficult to know what information to trust isn't
> it?
Switch to Linux or Mac (to misquote the cartoon in the level 1 kitchen).

Updated: 7 Feb 2007