dozniak wrote: do not use windows. ever. this is the lamest, least secure system.
This statement really isn't fair, not because it overstates how insecure Windows is, but because it ignores how insecure other operating systems are. None of the current OSes in common use - Windows, Mac OS X, Linux, even FreeBSD - were designed with security in mind, especially the sort of security that we are discussing, because when Unix and MS-DOS/Windows 1.0 were designed, most of the threats seen today didn't really exist except as a few proof-of-concept examples and a couple of 'funny' pranks (such as the once-notorious
'Robin Hood and Friar Tuck' virus on the old Xerox mainframes).
While a significant amount of work had been done on security in the late 1960s and early, including the early development of the
Capability-based Security Model, most of it was aimed at preventing either espionage taking place on-site, by a spy with access to a terminal but not to the CPU and disks, or memory corruption caused by a buggy process. More importantly, it was assumed by the researchers that access to computing would be limited to scientists, military personnel, programmers working for businesses and governments, and university students preparing for a career as one of the above. Even in projects aimed at public access to timesharing, such as Multics, the security concerns were primarily focused on password control, of monitoring resource usage for the purposes of billing, and ensuring process isolation.
Some of this work made its way into the mainframe OSes of the time. Some, such as hardware-based capabilities, proved too inefficient (though it may make a comeback someday, I suppose, given the vast improvements in hardware speeds since then - indeed, IIUC the Mill architecture is intended to have a limited form of that at the cache level).
But the Unix didn't do any of that. It was intended as a one-off, a stripped-down version of Multics that was never meant to see the light of day. Thompson and Ritchie deliberately excluded most of the security features that Multics had, because they wanted something that would be fast enough to play
Space Travel (a version of the Star Trek game that was making the rounds at the time, with some added graphics influenced by
Spacewar!) on a PDP-7, simple enough for two people to write in the off hours, and crucially, without all the aggravatingly bureaucratic access control and billing of Multics. In other words, it was designed to be
insecure, because Multics' security was what they were trying to get around by developing it. The first versions - until after the shift from PDP-7 assembly to C in the PDP-11, apparently - didn't even have password protection, and was a single-tasking system originally (hence the punny name).
By the late 1970s, Unix was spreading through the universities as a cheap (a few thousand USD per installation, with few places needing more than one) alternative to RSX (and later, VMS) which, due to the easy access to the source code, could also be used for courses on OS dev and system utilities. It was most definitely
not a business system, as AT&T were expressly forbidden from selling software for commercial enterprises until the anti-trust action broke Ma Bell up in 1982 - and they were required to provide source code for the academic and non-profit organizations which they could sell it to. Prior to Version 7, the license didn't even forbid republication of the source code, which is why the Lions book (which included the whole source for version 6) could be sold to other universities up until 1979.
Significant security wasn't really added to Unix until 1981, and then only because ARPAnet's upcoming switch from NCP to TCP/IP included a requirement that systems have some minimal security support (a similar story occurred ten years earlier with ITS, which was passed over by ARPA in favor of Tenex for the primary nodes due to it not even requiring passwords at the time). By then, it was already far too late to retro-fit a proper security model, even by the standards of the time.
Its descendants never were able to fix this, either, as they were still focused on other matters. Apple's priority is UX, while the Linux community has always been diffident about anything that restricts user freedom, so neither group has really made any attempt to change things from the Unix model. FreeBSD and its relatives have done more, but are hamstrung by bug-for-bug compatibility issues, and are pretty leery of restricting users as well. More importantly, they all could coast on the fact that a bigger target existed - Windows - meaning that the brunt of the attacks hit someone else.
MS-DOS came from a completely different tradition as well. When 'micro-computers' (home computers, personal computers) started to appear in the mid-1970s, they were so limited in what they could do - 4KB or less of RAM was typical (the first one, the Altair 8800, shipped as a kit with a memory board that could hold 256
bytes, which filled the entire board with ICs), paper tape was the dominant storage medium for the first couple years (and the reader was an add-on - for the first several months, the primary I/O for the Altair was the toggle switches and LEDs on the front panel), and operating systems were considered an unimaginable luxury - that just getting them to work took precedence. In 1977, as the generation 1 PCs such as the Altair, IMSAI, and Sol gave way to the Gen 2 pre-built models such as the Apple II, the TRS-80, and the Commodore PET, the tape and disk operating systems were focusing just on getting the data in and out of the storage media - most of the file systems didn't even have equivalents to the Unix RWX bits - and the idea that anyone would bother intruding on a machine meant for, and only suited for, mildly obsessive hobbyists would have been met with scorn.
MS-DOS arose in the third generation of microprocessor-based personal computers, and like CP/M, was written with no consideration for security to speak of. The file system had no subdirectories, access bits, or provision for user-defined hidden files until version 2.1, which borrowed a lot of things from Unix (which, as I already stated, wasn't exactly designed with security in mind). No one thought that these simple, monotasking, disk-oriented file managers would ever need more.
The rise of the public Internet took everyone by surprise. No one had any expectation that computers would be as ubiquitous as they have become. We are stuck with operating systems, and a model of operating system design, which treats security as a problem instead of a solution - one which puts it as the very lowest priority, at best.
And it isn't as if companies haven't tried to sell the public more secure systems. MS and the Linux Group are painfully aware of how terrible their security models are, but trying to fix them always runs into user opposition due to it being intrusive and restrictive. Hell, MS had to
remove security features from the NT kernel to make XP palatable to the consumers, not due to technical limitations but because focus groups shown the beta of XP complained about how much hassle it was. The intrusive security warnings in Vista were one of the main complaints about it, too, so they toned those down in 7, knowing full well that it would compromise security. The public simply doesn't care about security.
For the most part, neither do corporations or governments. The break-ins at Target, Sony Pictures, the Social Security Administration, and other places were all things which could have easily been avoided, but the preventatives were all deemed too expensive and/or complicated to implement - not just before they happened, but afterwards, too. It is cheaper and easier to simply swallow the costs and consequences than it is to fix the problems. The entire software industry follows the same line of thinking that gave us the
Pinto Memo.
Think you can do better? Probably not. The majority of posters here seem to forget the hard icky parts like security, while those who do take it seriously such as Brendan and myself talk a good game but have little to show for it. Most of the really useful information on security is buried in research journals which we don't even have access to, never mind read. Even if one of the operating systems here got some traction - which is about as likely as the developers' feet getting traction on the surface of Mars - the odds are it would be one which succeeded in part
because it ignored the costly and time-consuming security operations.
You know, like Unix, Linux, Mac OS, and Windows do.
TL;DR - It isn't that Windows is less secure, it is that the others can get away with insecurity as long as Windows is around to draw fire from them. The OSes we have now? Insecure by design, and they only succeeded in the first place because they were. Users, and hence developers, see security as a nuisance rather than a protection, meaning a secure OS will always fail in the marketplace, at least if it doesn't have a killer app of sufficient importance that it overcomes the
resistance to improved security by the users.
PS: Riddle me this, Brendan: if the secure computing niche you claim to be targeting exists, and is large enough for someone to make a profit filling it,
why hasn't it been filled yet? If your answer is anything along the lines of 'because no one has been smart enough to fill it before,' then I recommend you step back and take a long, hard look at your assumptions. Dozens, if not hundreds, of firms have tried to sell operating system security, and
all failed, even when they had genuinely superior products; these businesses range from one-man startups to giants like IBM, Oracle, DEC, Microsoft, and General Dynamics (yes, the monster all-encompassing defense contractor the US government is so in love with tried to tackle this, more than once), each of whom threw billions down that rat hole.
What makes you think you'll do better?