January 19, 2007 --
The biggest security problem in Windows (ignoring bugs in the code) is the
way permissions are used, such that ordinary tasks, even viewing a
web page with Flash
seems to require full Administrator privileges in Windows XP.
I suspect that
had a reasonable
Access Control List
architecture in Windows NT -- the ACLs seem to work reasonably in server
environments -- but Microsoft has yet to make permissions work reasonably
in personal desktop environments.
Both Windows and Mac OS started without any noticeable permissions model.
Windows adopted the NT ACL model in transitioning from Windows 9x to
Windows 2000, XP and now Vista.
Microsoft asserts that they have solved the problem of requiring full
administrator privilege in Vista, but many early evaluators report
I'm most curious to get my own Vista system to see for myself, but
am not ready to buy one just for that and to experience 3D windowing.
Apple transitioned to a traditional
model in going from OS 9 to OS X -- that model suits me just fine in
However, there is a gotcha in OS X: in addition to Unix-based
system infrastructure, OS X has a parallel proprietary infrastructure.
Not just for permissions, but for much of the "System Preferences" data.
An experience Monday caused an exasperated friend, a 20 year Mac user
with a computer science Ph.D., to call me for help with a repurposed
He has little Unix experience.
He had tried to establish a new user account while retaining files from
a prior user account, using classic Mac GUI tools.
The result was a non-functional mess, and he hoped I could help
him get the desired result by using traditional Unix methods.
We were both staying out of the icy weather outside and tried to sort
things out over the phone, he on eMac and me on iBook.
He opened a Terminal window and I told him what to type.
But things like chown
did not work on the eMac as they should on any other Unix system.
Maybe it was because of what he had done with the GUI.
But I did analogous things on my iBook and got different results.
After I had done a successful chown from a Terminal and then the GUI
wouldn't let me take the next steps (accidental pun), giving
messages like "Sorry - unexpected failure", I gave up.
My friend persevered and eventually got things sort of working.
He said something like, "Macs are easy to use until you
want them to do something they don't want to do".
Apple advocate poke fun at the Windows people who end up reinstalling
Windows every now and then because their systems are so messed up.
My friend is in the same boat with the eMac -- today he started preparing
to reinstall OS X 10.4.
This made me appreciate those who think Solaris and OS X should be
merged to overcome the kernel level problems in OS X and
the GUI level problems in Solaris.
Anyway, neither Mac OS nor Windows seem to have really figured
out how to have desktops with effective permission control AND ease of use.