[LINK] making windows secure: sandboxie and other goodies

steve jenkin sjenkin at canb.auug.org.au
Mon Aug 7 12:19:27 AEST 2006 

Howard Lowndes wrote on 7/8/06 11:19 AM:
> Ah, but it is fit for the purpose intended - it does all the things that
> it is advertised to do as an operating system; in fact it does them so
> well that it is just not very good at preventing unwanted things from
> happening.  Think cars without seat belts - the occupants are perfectly
> safe until they hit something.
> 
> Kim Holburn wrote:
>> You know it's amazing that no-one has taken them to court yet for
>> selling a product not fit for the purpose intended.
>>

The problem is that we don't have an *engineering* specification for
Operating Systems.  I.e. not opinions nor narrative "O/S should do
stuff", but a specification like IEEE 802.11a or the RFC's...

Until we have a strict formal definition, then any old rubbish that you
can get the public to buy is just fine :-(

My *opinion* :-) of what defines an *Operating* System:

- An O/S *must* continue to *Operate* if the hardware is capable of it
  => Blue Screen of Death and Panic are *not* Operating

- An O/S's first responsibility is maintain its integrity. Then it can
provide other functions.
  => Never get compromised, Never get 'owned'. As in, *not ever*.
  => With the CPU security rings, this should be a trivial exercise.

- O/S's should provide a consistent, well defined Abstract Machine to
the user programs it hosts.
  => Should not be "undocumented" system & library calls
  => The interfaces should be persistent across releases,
     a "good" O/S will run *all* your old programs.
	[e.g. IBM z/OS still runs 1401 code from 40yrs ago]
  => POSIX is a good start for non-windowing commands
  => but it doesn't, IIRC, mention a windowing environment.
     	[X-11 is around a lot, but not great.]
	[Apple chose well not using it.]
	[I think Open/GL is being used more]

- General use O/S's should conform to formal *standards* to enable
portable applications.
  => POSIX again :-) But there are lots of extensions around.


Rob Pike has a good presentation where he makes the point that cheap,
ubiquitously available hardware has high 'variety', which has forced O/S
software to compensate...  So now we have complex O/S's, whereas people
with constrained hardware (VAX, IBM 370/390 series) don't..

It's Ashby's Law of Requisite Variety in action:
 For an O/S to present a low-variety interface (i.e. *one* audio
interface to programs), it has to cope with the huge variety of
hardware...  Otherwise called device driver hell...

Summary:
As consumers, we're stuffed because our Standards Bodies haven't defined
one of the basics - What an O/S *is* and *is not*.

cheers
stevej

-- 
Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA

sjenkin at canb.auug.org.au http://www.canb.auug.org.au/~sjenkin

More information about the Link mailing list