[Previous] [Next] [Index]
[Thread]
Re: DOS and Macro Virus Discussion
>DOS is a single user operating system, which was not designed for security.
>DOS is small, simple, and allows the programs themselves to do what they
>want. The roadwork for DOS is set, its absurd to believe that anyone would
>abandon their 100 howevermany million customers by adding restriction and
>protection to system resources. This would render most DOS applications
>useless.
>And what would you hope to solve? The 1st meg of memory is unprotected even
>in protected mode!
As someone who has worked on operating system design I really wish
that people flaming MSDOS and Windows took account of the constraints
that the system was developed under.
MSDOS was written for no other reason than to provide a bootstrap loader
for Microsoft Basic and to provide O/S support to that environment.
When the PC came out 128K of memory was a very common configuration,
640K was rare, the original PC couldn't even be expanded that far using
the original memory expansion cards.
At the time the personal computing market had been created by BASIC
which was the only language capable of providing an O/S environment
within the resource and performance constraints. Remember that MSBasic
was created for machines with 8Kb of memory. The idea that anyone would
want to run multiple programs on a machine that could barely cope with
a word processor was ridiculous. This was at a time when books had to
be word processed chapter by chapter because the machine could not
cope with any more. The feature set of applications was determined by
the amount of memory available.
It is true that MSDOS developed little after its introduction. In the
early days MS failed to realise that they had control of a key piece
of technology. MS was as much a prisoner of the system as anyone else.
But MSDOS is not alone in this. UNIX has failed to develop significantly
so far as the user interface is concerned since 1970. It is still based
on a smug and complacent happy hacker attitude in which it is the
responsibility of the user to adapt to the machine, where to expect the
machine to be documented is to be a looser. In fact the more obscure
the O/S is the happier the elite are - it protects their status and
power. Like MVS, UNIX represented job security for tens of thousands
of sysops to whom it gave power over lesser mortals.
Until Intel got its act together and produced a chip that could actually
run protected mode at all there was no opportunity to make MSDOS virus
safe. That only happened about five years ago. Five years is not a long
time for an O/S to be developed in.
More to the point I never heard carping about microsoft until the
industry at large started to understand how they had blown it. Microsoft
was handed the spreadsheet, Database and Wordprocessor markets on a
plate. Lotus, Wordperfect and Ashton tate simply refused to upgrade
their product to make it windows compatible until it was too late.
There should be nothing but contempt for the loosers, the cost of
implementing OS/2 and Windows interfaces would have been insignificant
compared to the revenue stream. Unfortunately their management thought
that a corporate jet was a higher priority.
The O/S market has been handed to Microsoft in precisely the same way.
UNIX sucks and if you don't understand why you should probably chose
another business. Despite being designed with vastly greater compute
resources in mind UNIX fails to provide the basic reliability which
a mainframe operating system does, nor the lack of deliberate user
hostility of a PC or MAC. UNIX is a prime example of the commercial
success of technical incompetence.
Both UNIX and the MAC could have been saved but there was not the
management commitment. There was only time for minute incremental
change or gradiose pie in the sky projects. Nobody at AT&T could
be bothered to spend some of the hundreds of millions UNIX made on
hiring four or five good technical writers to make sense of the
system. Having the document written in house is vital because an
external writer can only describe a static system. An in-house
writer can demand that a user interface be changed to make it easier
to document. In the process the interface becomes more consistent
and understandable. It is a dielectic process.
I have rather more sympathy with Microsofts Active-X problem than
I do with Netscape's earlier security disasters. When Marc Andressen
showed SSLv1 to myself and Alan Shifman here at MIT both of us
broke the scheme within ten minutes. Alan provided a much more
extensive critique than I did. What is instructive is that afterward
Netscape never asked for comment on their fixes to the draft. Both
Alan and myself told Netscape about the random number generator
problem a year before it was independently discovered. I even went
to the lengths of writing Kipp a very detailed memo on how to fix
the problem. I believed that the problem had been solved, so
incidentally did Jeff and Taher when they joined Netscape and found
a long memo about making the random number generator work.
O.K. this is a communication problem, but what is the Web supposed
to be after all? Isn't it meant to be a mechanism for communication?
Isn't the whole point of OpenMeeting, WIT etc that we have a
collaboration tool?
The Active-X area is going to be very hard to get a grip on security
wise. Active-X still lacks a unified cognitive model, a paradigm
if you will but poetics is probably a better description. Until that
happens it will be very hard to make it secure.
Simply jumping on Microsoft because you are pissed that your UNIX
or MAC expertise is going to become as marketable as my VMS or
Genera expertise won't wash. The central problem of the computer
industry is not Microsoft exercising monopoly power, its vendors
whose managements have refused to invest in the future and have
allowed their product to stagnate in decades old technology. If
you think you are in such a company you can either hide in your
cubicle like Dilbert and wait for the company to collapse or tell them
they have a problem and if the managment can't deal jump ship before
it sinks.
Phill
References: