That's my point WoW ran Win16 code unaltered, which had no concept of privilege and permission. The VDM created for a Win16 session did a decent job at virtualizing the hardware, but file system access in the Win16 world required pretty much free reign.
But clearly MS considered security important enough to build a pretty robust kernel infrastructure and file system to support it. And there was an Admin account just like Novell's Sup account. The issue is, that neither Novell, or the many UNIX systems, had a huge installed base of non-privilege-aware software to try and maintain compatibility for. Right or wrong, migrating that installed base is largely what allowed Windows to move in to the NT-based world. Could Microsoft have made the transition sooner/better? Maybe. But try to find any real user-centric Win32-based software around the time that NT came out. I had the ONLY copy of Office for Windows NT that I've ever seen. The rest of it was BackOffice/Server based stuff. All the other software around was Win16 bases, and the stuff that was migrated to Win32 targeted the Win95-based platform which didn't have account privilege or a secure file system either. Some segment of people have certainly have been vocal in the anti-trust case(s), but the majority of people I was talking about (and that Microsoft cared about because they bought product), was the ginormous existing Win3.1 user base that would simply not follow without backwards compatibility. You must have some pretty straight laced devs that you know... ;-) -sc -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Friday, June 05, 2009 10:47 AM To: NT System Admin Issues Subject: Re: My OS is better than your OS (was: Mac Anti-Malware) On Fri, Jun 5, 2009 at 12:08 AM, Steven M. Caesare<[email protected]> wrote: > However, without backward compatibility with > the Win16 world, adoption of that [Windows NT] would have not > necessarily have been a given. NT could run Win16 code. It just didn't allow system operations without admin privileges. Exactly how much of a problem that would have been, I can't say. It's certainly still a source of trouble today, so that doesn't bode well. But think of how much further along we would be *today* if Microsoft as a whole had started to consider security important back then, rather than starting in 2001. > Admittedly that doesn't make it "right", but the world/'net was a > different place then ... I don't buy the argument *at all* that "it was a different world back then". The Morris worm hit the Internet in 1988 -- before HTTP and HTML had even been invented, and well before Microsoft had discovered the web. Computer security and the concept of least privilege has been a fundamental in the industry for decades. Even NetWare 3.0 had a separate SUPERVISOR account. That fact that Microsoft chose to ignore this huge body of evidence does not make it a different world. > ... market realities (aka user desires) do tend to rule. Given everything Microsoft has done to get their way that has led to the market screaming bloody murder, not to mention bringing quite a few anti-trust lawsuits, I'm not at all willing to give them a free pass on that. >> For example, their latest and greatest software development suite >> has a long list of things that don't work right if you don't have >> admin rights. > > [sc] I rather expect that DEV environments might be a bit odd in this > regard ... The *nix and mainframe worlds have been developing software without admin rights for decades. Keep in mind that I completely understand the need for admin privileges to do system-level development (e.g., device drivers) or to install software for a "production test". But most development tasks, no. > (after all, you probably need SeDebug and other such perversions) Under *nix, I can debug processes I own without any special privileges. > I can say that from a biz software perspective, stuff from > MS has been MUCH better in the last several years. Sure. That's a good thing. About time, too. Even Office 2000 had some non-admin glitches. Despite the fact that it carried the Win 2000 Ready logo, and non-admin was a requirement for that logo program. (I guess when the software vendor is also the certification body, things get a bit loose.) > It is taking some vendors a while to catch up tho. Absolutely. It's ridiculous how often big companies that really should know better try and take this line. My point with the VS example was mainly that if even *Microsoft* still sometimes takes the position that admin rights are needed when they really shouldn't be, it's not surprising that other companies do, too. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
