Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] For all you vi heathen ;-)



Benjamin Kowarsch writes:

 > It most certainly is not the regime under which Linux, Windows, and
 > MacOS are being developed/maintained. In their realms features
 > trump security and reliability ***more often than not***.

Historically, that's not true.  Remember, Windows NT was developed by
a team led by one of the principal developers of VMS, and is the only
personal computer operating system certified at DoD "Orange Book"
level 2.[1]  Not that that's an interesting qualification, because it
was the bare OS that was certified, and as soon as you installed any
new code or attach it to a network the certification was invalid!
Which explains a lot about adoption of high-security systems. :-)

I don't know how much of that designed-in-on-day-1 security remains in
Windows 10, but the NT kernel had huge influence on the system at
least until Windows XP.

It turns out that Windows NT 3.5 was already owned on public release
despite that history because if you asked most DPMS hosts for an
allocation of 4GB at a permitted address, you would get it, and the
virtual memory would wrap around in physical memory.  So you would be
able to access everything in your process.  The specific application
that people were interested in was direct access to graphics memory,
but I think you could see much of the OS as well.  I don't know why
this was allowed, but the result was that despite the designed-in-
from-day-1 security, Windows was insecure.

Features have always trumped security, and probably always will.  It's
not even obvious that's a bad thing, given that so far security
technology basically amounts to "you can't do what you want to do" and
features are basically "you can do what you want to do faster or with
less effort".  Risk/return tradeoff.

Steve

Footnotes: 
[1]  Level 1 certification was only available to systems installed in
a secure compartmented information facility, which by definition a
personal computer is not. :^)



Home | Main Index | Thread Index