Windows will never be secure because of major design flaws
Let me first start off by saying that I like Microsoft Windows. I started with Windows 3.11 and have been using the entire Windows product line ever since. I’ve also developed quite a number of personal, public and enterprise applications on Windows using a variety of languages and development tools. I wouldn’t give it an “A”, because I’m not happy about certain things, but it has served my needs and the needs of organizations where I’ve worked. From a functionality standpoint, it gets the job done.
Unfortunately, from a security standpoint, I have to give Windows a “F-“. A nice big “F-” written in red ink with a circle around it. Why? Allow me to explain.
Windows is an open cesspool to anyone developing applications. Developers can store information anywhere in the registry and store executable components anywhere in the file system – this includes overwriting existing registry entries and files. They can also write “hooks” to intercept, monitor and replace operating system calls to do fancy things. While all of this is great from a functionality standpoint, it’s also the main reason why Windows can never be secured. Once a hacker obtains administrative control of a system, there is almost no way to prevent him from doing the same things that any developer can do and install things wherever he wants. To the operating system, malware is just another application being installed. As a result, it’s almost impossible to figure out what legitimate executables are supposed to be on system. Even with an automated tool, it may still be difficult to determine what is malware without a known signature.
Another operating system shortcoming is security permissions on folders and files. As we all know, the operating system is responsible for controlling access to files stored in the file system. Permissions are used to restrict certain access to an individual or group of users. When a hacker obtains administrative permissions, he can access any file he chooses. Permissions, therefore, are only there to keep honest people from obtaining unauthorized access to files – not hackers.
The final flaw to be presented in this post (there are many more) is integrity checking. Windows can’t check itself to ensure no one has tampered with it. It can’t check itself for rootkits; it doesn’t know the difference between authorized and unauthorized configuration changes; and it definitely has no means of checking third party add-on components that intercept operating system calls. When it comes right down to it, as soon as someone exposes their system to any external code, the integrity of the operating system and its security configuration is automatically suspect.
Based on these three flaws alone, why would anyone believe that it’s possible to secure Windows, prevent unauthorized access to information or detect a compromise without a known signature?
Security needs to be fully integrated into an operating system from the start. It’s not something that can be added on after the fact. If an operating system isn’t inherently secure after its been installed, it will never be secure. The security problems we are facing today is proof that what I’m saying is true.
Is it possible to design an operating system that completely denies a hacker any possible chance of obtaining administrative permissions on a computer? Yes.
Windows will never be secure until it is completely redesigned to be secure right out of the box. Believe it.