If you ask Microsoft’s COO Kevin Turner, he’ll tell you this: “Vista today, post-Service Pack 2, which is now in the marketplace, is the safest, most reliable OS we’ve ever built. It’s also the most secure OS on the planet, including Linux and open source and Apple Leopard.” That’s what he said at the MidMarket CIO Summit held in Redmond in early April.
Really, he did. I’m not kidding. What a load of utter, utter, nonsense: If Vista is the most secure OS on the planet then I am a banana.
But before any Linux, or OS X, or UNIX users get too smug, don’t forget that those OSes aren’t all that secure either. The reason is that they haven’t been designed in such a way as to be secure or reliable.
The biggest problem with these common OSes is the size of the kernel. Not only are they too large to be easily manageable, but they also fail to obey the principal of least authority (POLA): A system should be componentized so a bug in one component cannot do damage in another, and each component should have the authority it needs and no more. In fact, these OSes load third-party device drivers, written by just about anyone, into the kernel, where they can run with unrestricted access to all memory, instructions or devices. This, according to Andy Tanenbaum, the author of Minix (the OS that inspired a young Finnish student to write Linux), “is the electronic equivalent of accepting a package from a total stranger at an airport and carrying it onto your airplane.”
Tanenbaum is also a professor of computer science at the Vrije Universiteit in the Netherlands, where work is being carried out to develop an ultra-stable and secure OS. “Since the beginning of computing 50 years ago, all serious operating systems (a few academic toys aside) have been unstructured monolithic lumps of code running in kernel mode,” he says in his project summary.
“From MULTICS to MS-DOS, through all versions of Windows and UNIX (including, Linux, Solaris and FreeBSD) this has been the model. I am proposing replacing the entire monolithic kernel paradigm with a new one consisting of small, tightly constrained modules, running in user mode and each strictly obeying the POLA.” Beneath that would be a tiny microskernel. Other included features are likely to be the ability to restart or replace faulty components on the fly during execution and an advanced, fault-tolerant file system.
Tanenbaum’s Minix 3 has just 5,000 lines of kernel code, compared to about 5 million in the Windows kernel and somewhat less than that in the Linux kernel. When I spoke to him by telephone last week Tanenbaum had this to say of the Windows kernel:
Five million lines of code! No-one can actually understand that. I have asked Microsoft why they don’t make changes to the scheduler in Windows, but they said that they can’t because they don’t know what everything does any more. By breaking up an OS into modules everything can be well defined and well understood, and problems don’t move from one part of the OS to another.
If a new generation of server OSes emerges that uses Tanenbaum’s proposed architecture, he believes they will be far more reliable — and secure — than Windows, Linux or UNIX. But for now, Tanenbaum has no doubts that UNIX (and Linux) are better than Windows. And as for Vista being the most secure OS on the planet, consider these wise words: “Just because Microsoft says something doesn’t mean that it’s true.”
Article courtesy of ServerWatch.