Improve Windows 7 security: Microsoft should do 5 things

In order to completely remove the shadow that Vista brings to Microsoft, and strive to make Windows 7 a successful business case, Microsoft still has a lot of things to do. Microsoft has promised users that the security of Windows 7 will bring a new experience to everyone. In order to do this, Microsoft must do more than just a verbal appeal. It must make radical changes to its new operating system in design, development, and management strategies. Maybe, only time will tell if Microsoft's Windows 7 will meet these requirements. However, the following five things are what I think Microsoft should do:

1. Use standard, peer-reviewed tools and protocols in all security-related functions. In the software industry, “not invented here” is one of Microsoft's most knowledgeable corporate cultures. Although Microsoft has indeed used a lot of code that is not created by itself, it has never been copied in the same way, and if possible, Microsoft is the first to buy the copyright of the code creator, and then integrate these external software or code into their own In commercial products. Even in very rare cases -- Microsoft uses code or software that it can't control for subsequent developments. Once Microsoft adopts the software or code, it can't be returned. It can only be developed internally and often in accordance with some sort of The amazing way to change its functionality usually breaks the interoperability of other branches with the same code base -- such as the BSD Unix network stack and the code used in MIT Kerberos. This has brought many security vulnerabilities to Microsoft, because the code can't really "enjoy" the collective wisdom of external developers. Microsoft needs to maintain this massive amount of code, and before that they were maintained by a number of external freelance developers. Because of this, Microsoft's remote login tools, encryption features, and security features of network protocol implementation have been questioned from the start. Taking advantage of the vast breadth and depth of peer-reviewed, best-in-class and well-tested tools is key to developing an operating system that users can trust.

2. Deploy a true, comprehensive system architecture privilege separation. Microsoft's operating system has undergone a major evolution in recent years, from early MS-DOS to MS Windows Vista. Anyone can easily see that these major changes have been carefully designed. A change that seems to happen over and over is the separation of system architecture privileges, thereby protecting critical operating system components from damage caused by unauthorized unprivileged user access. This privilege separation "looks like" has been repeated because it has not actually happened; Microsoft has only made some minor changes, it seems to solve this privilege separation problem, but when the next version of MS Windows After entering the market, the separation of privilege has never really been completed, and it has become a well-known fact. For this kind of change, Microsoft will have to make its own attempts to curb people's use of computers more difficult to detect, and stop looking for ways to allow Microsoft's software to bypass other Microsoft software security features.

3. Start taking vulnerability patches seriously. Seven years have discovered serious vulnerabilities such as SMB vulnerabilities (first discovered at least in March 2001), and the process is really a bit longer. For all Microsoft security vulnerabilities, the fastest patching cycle is MS06-001. Microsoft officially released the patch 10 days after it officially discovered the vulnerability. The SQL Slammer worm, which ravaged most of the Internet in 2003, has been "settled" by Microsoft for a long time before it really became a threat - but if the number of patches installed does not comply Microsoft's request, then the post-study patch will uninstall the previously installed patch, which will make the user's computer very vulnerable (Microsoft accuses the administrator of not effectively patching his system). At the same time, Microsoft should learn from open source projects. The latter regularly releases stable and effective security patches, and in the event of an emergency, it usually does not release bug fixes for more than a week, sometimes even in hours. Before the security of MS Windows 7 was taken seriously by most security professionals, this was a serious problem area that must be addressed. Before the beta release of Windows 7, the Microsoft has released a patch recently, which looks like a good sign, but it may just be a flash in the pan. Only time and the performance of Microsoft in the near future can really tell us the answer.

4. Don't let backward compatibility exceed the default security. This is understandable. In order to retain the customer base, Microsoft hopes to support backward compatibility. I also agree with Microsoft's efforts in this regard. However, this does not mean that features that compromise security allow for better than default security. If you have to include a security-critical feature, it should be designed as a configurable option instead of the default. And in any case, it should or not, at the expense of basic system architecture level security. A related issue is the general security default setting -- for example, the unnecessary service service running by default on the newly installed MS Windows operating system is unacceptably high.

5. Change the business model. In fact, this is indeed a security issue. Microsoft's security model is essentially an economic performance of the old security model consisting of incomprehensible paradoxes. It’s not just such a “morbid” model, but also the so-called security revenues that chase the mirage, which creates a conflict of interest between the source of revenue “security” and actual system security, which seriously damages Microsoft’s customers. group. As the IT industry and software market continue to change in the next few years, the conflicts of interest will become increasingly unstoppable, as the “traditional” business model will become increasingly infeasible. It's time to make a change. Windows 7 may not be a jumping point to a new business model, but Microsoft does at least need to make some bold decisions in this direction. Many senior IT experts and analysts have warned Microsoft that Windows 7 should be Microsoft's last version of the operating system. Another option is to continue to undermine Microsoft's reputation among consumer and business customers of home computers.

Of course, if in the past decade it has been proven that something is good for software marketing and security, then the answer is good security software design, vulnerability management policy, and other software vendor concerns. Security issues often do not play a big role in determining market share. An acceptable security image seems to be easier to implement than the actual production security product, and Microsoft has succeeded in creating such an image.

However, there are still some people who are looking for the essence of the problem through Microsoft's fascinating marketing surface, and will not simply accept Microsoft's statement of selfishness. In order to truly realize the desire for security, Microsoft will have to take a different approach to Windows 7 than before.