[mdlug] Is Vista going to be the new Windows ME?

Jeff Hanson jhansonxi at gmail.com
Tue Jan 30 14:33:35 EST 2007 

On 1/30/07, Garry Stahl <tesral at comcast.net> wrote:
> It is obvious however that they have spent a great deal of time and
> effort on "their" security, I.E. DRM, and very little time on our
> security, that is the computer system.  I agree with the article, how
> much better with windows security be if the effort placed into crippling
> your system with DRM had been placed into fixing the system security?
>
> And one has to ask, is not 20 years long enough to fix a problem if you
> really want it fixed?

I think the problem is the legacy code base.  Gates has always
believed that backwards compatibility is an asset.  But it is also a
liability.  It prevents them from making radical changes to the file
and security structure.

I just set up an XP system where I intentionally moved the user
folders to another partition so that I can overwrite the system
partiton from a backup image without having to move them each time.  I
also set up all user accounts as limited users and only one admin.  It
didn't work.  The access control lists are ridiculously
overcomplicated because the underlying file system and file system
heirarchy is a suggestion, not an OS enforced structure.  It was also
difficult to get them to the other partition with the ACLs intact.
Then the first game I installed, The Sims, has all of it's user data
in it's application folder instead of the user folders.  The same goes
for many applications, even recent ones.  The only way it works is to
have all users as admins so they can write to the same files.  In
*nix, an application has to write to the user's home folder because it
can't write anywhere else unless it's running as root.

I think the best they can do is start over and use virtualization for
legacy apps.  Essentially that is what I am doing on Linux with Wine
and VMWare.  Wine for the apps that work with it (Diablo II) and
VMWare running Win98SE for those that don't.  Since each setup is
isolated in each user's home folder it reduces the risk of a Windows
app security hole compromising the system.

More information about the mdlug mailing list