[Prime Choice]

They could write incredibly secure code if they would simply

1. Write program code in Ada (rather than C and its derivatives),
2. Leave out all those unnecessary bells & whistles (Eudora and Internet Explorer do not need to have their tentacles in everything...that's how these damned things infect the systems in the first place), and
3. Abandon Mickeysoft and used a more securable, open-source OS like OpenBSD, and
4. Leave the kernel, OS executables and libraries on read-only media.

These simple steps alone would enhance security enough to elimintate 99% of the problems enumerated in this article.

[beef]

"They could write incredibly secure code if they would simply

1. Write program code in Ada (rather than C and its derivatives),
2. Leave out all those unnecessary bells & whistles (Eudora and Internet Explorer do not need to have their tentacles in everything...that's how these damned things infect the systems in the first place), and
3. Abandon Mickeysoft and used a more securable, open-source OS like OpenBSD, and
4. Leave the kernel, OS executables and libraries on read-only media.

These simple steps alone would enhance security enough to elimintate 99% of the problems enumerated in this article."


I agree with you, mostly. I don't know that much about Ada except that it's object oriented. I'm surprised that these guys don't have some kind of class or wrapper around their buffers to ensure that you can't overrun them. I consider things like documents to be static, but MS and that crowd just loves to build macro languages into everything. They will do everything they can to automatically run code and then when you get infected with something they tell you it's all your fault for not going in and drilling down through every menu there is looking for the one obscure box you uncheck to shut it off. Then the automatic updater comes in to load up the latest batch of untested garbage and in the process turns it back on. I think, though, that any of these OS's can be made secure, it's just a matter of them spending time doing that instead of adding more features that nobody uses. Read-only media is good, too. I'd like to see them keep an indelible provenance for every process, detailing how it got spawned right back to the bootloader.

I am personally more worried about a digital 9/11. If I was OBL, I would do everything I could to get a bunch of my boys working at MS in the group that runs the Windows Update service.