Microsoft still tinkering with secure-computing design

TalkBack 29 of 55:

Next »

« Previous

• Thread View
• Flat View

All through time people have said

All through time people lhave said that the average person is not qualified to run their own life. That has been the first arguement of Kings, Communists, Dictators and Despots of all sorts. Now the technical aristocracy is trying to use it to take control of the average users computer. Crap. Let's go for a truely secure operating system instead. It shouldn't be that hard to do, all we need to do is abandon some of the more worthless "features" of the current OS and make a few changes to the way it operates.
Get rid of the bundled user programs, browsers, CD burners, media players, etc.. The more ways into the OS the harder it is to close it off. The OS needs to handle file management and hardware interface, it really doesn't need to do much more KISS. The OS should be read only with a strong (6 char min, two numerics, and at least one cap) password needed to write anything to the OS directories.
All programs should be incapsulated, one root directory and subs as needed, three executable files only, an install, an uninstall, and the program file, data, supporet and configuration files as needed.
Refuse to install bundled programs. If you want to have a web usage tracker along with your peer to peer network application, you will need to install it seperately and it will have its' own root level directory with everything needed inside it.
Personal information such as user name. address. phone munber, passwords, credit card numbers etc. should be stored in an encripted file with the key randomly chosen as part of the OS setup.
Active X controls should be limeted in what they are able to do. Nothing launched or loaded without input from the user.
get rid of the cryptic names for the OS processes and programs. I should be easily able to determine what svchost.exe is and why there are 5 instances of it running on my machine as well as what csrss is and what it does.
The security settings should be strong by default. All unused ports should be turned off until they are needed. No cookies, no programs accessing the outside without user direction. The possible exception being the ability to designate things such as antivirus programs to automatically update their signature files. That should be loaded into the OS (via the write protect password) with the program and when it is authorized access. Access to the OS either at boot or from inactivity standby should be by password (different from the write protect password) with a three tries and wait arrangement (that should vastly slow down a dictionalry or brute force type of crack) used on all password accesses. The method Yahoo uses of an inage file containing a word that the user must type in to verify presence is an elegent method. The file names would obviously be encrypted by the OS so only it knows what the word is.
in essence we need to step back from this "gee wiz" stuff that serves to isolate the user from their computer and require the OS to do just what it is supposed to do. The OS should then be protected behind a barrier of passwords, encryption and write protection to keep it safe from evil programs, inept users and sloppy software.

Posted by: don3605   Posted on: 05/07/04 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
• Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
• Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now