Mad As Hell: Metaphor 1.42
Another great offline conversation about this topic. JX Bell gave us permission to use this as Metaphor 1.42 in the “Mad as Hell” series. Enjoy.
W
—————————————————
The reason Windows people think they’re just as safe is because they’re the victim of a propaganda war about the existence of Security By Design. Microsoft tries to play both sides of Security By Design, and most people don’t even notice.
When Microsoft (and their apologists) want to explain why they’re OS seems to be a miserable piece of technology ridden with problems, they *deny* the existence of Security By Design, and say that the problem is because they are so wonderfully popular. They tell everyone that Security By Design doesn’t exist and they’d be safe “if only they weren’t so wonderfully popular!” They want you to believe only the gospel of Security By Obscurity.
But when Microsoft (and their apologists) want to explain how Longhorn will be better than the sucky situation now, suddenly Security By Design exists! Alleluia! Suddenly, you hear angels singing lofty ideas about “secure code” and “built with safety in mind”. Microsoft leaders and evangelists swear Longhorn is a godsend because “security needs to be part of the design, not a bolt-on”. Bill Gates had the chutzpah to tell the BBC that with Longhorn, he can personally promise no more malware ever again! (see http://news.bbc.co.uk/2/hi/business/4516269.stm )
Ha ha ha! Also, Longhorn users will get eternal life. And, umm, a pony!
So that’s the story of the propaganda myths of Security By Design. The truth is, and even Microsoft admits it, is that Security By Design is real. And Windows is an old product, poorly designed, repeatedly patched and patched and patched, with an incestuous tangle of subsystems that interact directly with each other and get full access to everything they need whenever they want to.
But, for your readers, how exactly is Mac OS X different from Windows?
It’s a long story, but the short version of the story goes like this…
Once upon a time, in a world full of yucky bugs and evil burglars, there was a house named Windows, and it had many doors and many windows. And they were all left open. (These are called “ports” and “services”.) All the bugs and burglars in the world could just go right in. Only a few experts know how to close the doors and the experts just couldn’t around often enough to prevent lots of bad problems. Bugs and burglars in the house! Bugs and burglars in the house! [Yes, XP SP2 helped this problem, but it’s not perfect, and lots of people run other Windows variants]
And even worse, in order to let the townspeople actually use the house, in other words to actually live in the house, Windows was designed to let anyone create new windows or doors whenever they wanted. And you didn’t even have to be in the house to create new windows and doors! You could be across town! Or if you read the newspaper, someone in another town could suddenly create problems in your town! [Browsing the Web with Internet Explorer exposes you to hackers across the world because of bugs, and also ActiveX “features”] The great power behind the risk is Administrator Privileges. With this power, it’s especially easy to create secret hidden and *permanent* doors (automated self-propagating worms/viruses and spyware) with Admin Privs. And so bad people all over town were creating new big holes in the house every hour! Bugs and burglars in the house! Bugs and burglars in the house!
Some people said “You don’t have to give people Administrator Privileges simply to live in the house!” But all those people who said that were geeks and wizards who have special knowledge of how to control big companies. The truth is that if they weren’t around to help their mother and grandmother, they would *need* all this power day-to-day (to configure the OS, to install software and drivers, etc). They would all use Administrator privileges because it’s too complicated and restrictive and confusing for average folks not to. It’s just plain hard to live in the house called Windows like without that destructive power at your fingertips.
And to make it worse for the house of Windows, it was an old house. You see, it originally was a small cottage, but over the course of many years of tubes and hammers and some scrap metal, the house’s “walls” today are really weak body armor pieced together over a period of several decades.
Somewhere in town, a bird chirped.
Way across town, there was a house called Mac OS X. In that house, there is exactly one door and really thick strong walls made from rebar and reinforced concrete. Those are called the built-in firewall and a well-designed-and-tested UNIX BSD communications security architecture. No gratuitous doors or windows (ports and services).
It’s not impossible for Mac OS X residents to create new doors and windows (opening ports, creating services), but it can only be done carefully in cooperation with whoever is keeping track of the front door and whether it’s safe right now (configuring the firewall). And even in those cases, only certain types of objects can come in (opening specific ports) — no bugs and no burglars in general. No bugs! No burglars!
When the Mac OS X residents were building their house, they realized they don’t need to be able to make doors and windows *all* the time — they don’t need Admin Privs.
So the house called Mac OS X is designed that no one can simply just *create* doors and windows whenever they want in a split second on their own. Even the mighty geeks are suddenly prompted for their password, and then they have more power temporarily only, and only for what they are doing right then. This makes it much easier to prevent people from accidentally creating new doors and windows in the house! Also, it makes it harder for bad guests (malware) to create new doors and windows. Also, it makes it harder for to trick the residents of Mac OS X into creating new doors and windows, because the password must be magically said before such destructive big things happen. So, it’s harder to create secret hidden and *permanent* doors (automated self-propagating worms/viruses and spyware) to sneak people into the house of OS X. (This approach is called “well-designed and user-friendly Privilege Escalation system and subsystem compartmentalization, while avoiding the *need* for normal average users to constantly wield dangerous Admin privileges”. The idea that OS X Admin users don’t *actually* wield root/Admin power full-time is often misunderstood, or lied about, by Windows apologists.)
The people living in the house of Mac OS X were happy. They had to keep track of their front door, and had to think carefully before announcing their password when something asked for it, but it was a good house, and a good world.
The people living in the house of Windows were riddled with bugs, and always had mosquitoes in their teeth. And burglars constantly entered their house and took everything, and they usually had 5-10 unwelcome visitors secretly watching them, eating their food, and learning all their secrets (spyware).
At the end of the day, the people in the house of Mac OS X gathered around the dinner table, talking of fun they’d had together as a family that day.
And the people suffering in the house of Windows said to all their friends “Yes, it’s an awful life, and our homes are full of bugs and burglars, but it’s only because our house’s design is really so wonderfully popular!!!”
The End.
JX Bell
http://www.jxconsulting.com
http://www.jxphotography.com
W
—————————————————
The reason Windows people think they’re just as safe is because they’re the victim of a propaganda war about the existence of Security By Design. Microsoft tries to play both sides of Security By Design, and most people don’t even notice.
When Microsoft (and their apologists) want to explain why they’re OS seems to be a miserable piece of technology ridden with problems, they *deny* the existence of Security By Design, and say that the problem is because they are so wonderfully popular. They tell everyone that Security By Design doesn’t exist and they’d be safe “if only they weren’t so wonderfully popular!” They want you to believe only the gospel of Security By Obscurity.
But when Microsoft (and their apologists) want to explain how Longhorn will be better than the sucky situation now, suddenly Security By Design exists! Alleluia! Suddenly, you hear angels singing lofty ideas about “secure code” and “built with safety in mind”. Microsoft leaders and evangelists swear Longhorn is a godsend because “security needs to be part of the design, not a bolt-on”. Bill Gates had the chutzpah to tell the BBC that with Longhorn, he can personally promise no more malware ever again! (see http://news.bbc.co.uk/2/hi/business/4516269.stm )
Ha ha ha! Also, Longhorn users will get eternal life. And, umm, a pony!
So that’s the story of the propaganda myths of Security By Design. The truth is, and even Microsoft admits it, is that Security By Design is real. And Windows is an old product, poorly designed, repeatedly patched and patched and patched, with an incestuous tangle of subsystems that interact directly with each other and get full access to everything they need whenever they want to.
But, for your readers, how exactly is Mac OS X different from Windows?
It’s a long story, but the short version of the story goes like this…
Once upon a time, in a world full of yucky bugs and evil burglars, there was a house named Windows, and it had many doors and many windows. And they were all left open. (These are called “ports” and “services”.) All the bugs and burglars in the world could just go right in. Only a few experts know how to close the doors and the experts just couldn’t around often enough to prevent lots of bad problems. Bugs and burglars in the house! Bugs and burglars in the house! [Yes, XP SP2 helped this problem, but it’s not perfect, and lots of people run other Windows variants]
And even worse, in order to let the townspeople actually use the house, in other words to actually live in the house, Windows was designed to let anyone create new windows or doors whenever they wanted. And you didn’t even have to be in the house to create new windows and doors! You could be across town! Or if you read the newspaper, someone in another town could suddenly create problems in your town! [Browsing the Web with Internet Explorer exposes you to hackers across the world because of bugs, and also ActiveX “features”] The great power behind the risk is Administrator Privileges. With this power, it’s especially easy to create secret hidden and *permanent* doors (automated self-propagating worms/viruses and spyware) with Admin Privs. And so bad people all over town were creating new big holes in the house every hour! Bugs and burglars in the house! Bugs and burglars in the house!
Some people said “You don’t have to give people Administrator Privileges simply to live in the house!” But all those people who said that were geeks and wizards who have special knowledge of how to control big companies. The truth is that if they weren’t around to help their mother and grandmother, they would *need* all this power day-to-day (to configure the OS, to install software and drivers, etc). They would all use Administrator privileges because it’s too complicated and restrictive and confusing for average folks not to. It’s just plain hard to live in the house called Windows like without that destructive power at your fingertips.
And to make it worse for the house of Windows, it was an old house. You see, it originally was a small cottage, but over the course of many years of tubes and hammers and some scrap metal, the house’s “walls” today are really weak body armor pieced together over a period of several decades.
Somewhere in town, a bird chirped.
Way across town, there was a house called Mac OS X. In that house, there is exactly one door and really thick strong walls made from rebar and reinforced concrete. Those are called the built-in firewall and a well-designed-and-tested UNIX BSD communications security architecture. No gratuitous doors or windows (ports and services).
It’s not impossible for Mac OS X residents to create new doors and windows (opening ports, creating services), but it can only be done carefully in cooperation with whoever is keeping track of the front door and whether it’s safe right now (configuring the firewall). And even in those cases, only certain types of objects can come in (opening specific ports) — no bugs and no burglars in general. No bugs! No burglars!
When the Mac OS X residents were building their house, they realized they don’t need to be able to make doors and windows *all* the time — they don’t need Admin Privs.
So the house called Mac OS X is designed that no one can simply just *create* doors and windows whenever they want in a split second on their own. Even the mighty geeks are suddenly prompted for their password, and then they have more power temporarily only, and only for what they are doing right then. This makes it much easier to prevent people from accidentally creating new doors and windows in the house! Also, it makes it harder for bad guests (malware) to create new doors and windows. Also, it makes it harder for to trick the residents of Mac OS X into creating new doors and windows, because the password must be magically said before such destructive big things happen. So, it’s harder to create secret hidden and *permanent* doors (automated self-propagating worms/viruses and spyware) to sneak people into the house of OS X. (This approach is called “well-designed and user-friendly Privilege Escalation system and subsystem compartmentalization, while avoiding the *need* for normal average users to constantly wield dangerous Admin privileges”. The idea that OS X Admin users don’t *actually* wield root/Admin power full-time is often misunderstood, or lied about, by Windows apologists.)
The people living in the house of Mac OS X were happy. They had to keep track of their front door, and had to think carefully before announcing their password when something asked for it, but it was a good house, and a good world.
The people living in the house of Windows were riddled with bugs, and always had mosquitoes in their teeth. And burglars constantly entered their house and took everything, and they usually had 5-10 unwelcome visitors secretly watching them, eating their food, and learning all their secrets (spyware).
At the end of the day, the people in the house of Mac OS X gathered around the dinner table, talking of fun they’d had together as a family that day.
And the people suffering in the house of Windows said to all their friends “Yes, it’s an awful life, and our homes are full of bugs and burglars, but it’s only because our house’s design is really so wonderfully popular!!!”
The End.
JX Bell
http://www.jxconsulting.com
http://www.jxphotography.com
source: Mad As Hell: Metaphor 1.42
