A friend of mine just got a virus on his home pc. He's a meticulous Windows Updater and runs antivirus software. But the unpatched HTA bug in IE got him.
The incident got me thinking about security. It seems like Microsoft (and others) are spending most of their security time on preventing rogue programs from running. Buffer overflows and ActiveX controls getting activated by mistake are examples of programs launching that never should have launched in the first place. But this tactic won't really work in the long run. Even if you prevent all the forms of automatically launching programs, the user will sometimes launch one that contains a trojan horse or virus. And the fact is, launching software is part of what makes the web seem so integrated. If you view a PDF file in Internet Explorer, Adobe's PDF viewer launches as an ActiveX container in IE. That's a desirable feature.
I think we're going about this all wrong. What if we used Windows NTFS permissions and other security measures to properly protect the resources in the first place? What if, by default, a regular user could not modify the Windows system files? This is the strategy that Unix has been using for years. I'm not saying that fixing buffer overruns is bad. In fact, it's necessary. But we could seriously limit the damage a virus could do if users ran in a lower security mode.
But wait. Many Windows programs, including programs like MSN Messenger, won't run properly if you are not an administrator. My HP scanner software requires access to the system directories. If the user tries to run in a safer mode, much of her software won't run.
As computing professionals, it's up to all of us, not just Microsoft, to make secure computing possible. Testing our software running as regular users, not administrators, is very important. Windows has built-in security measures that, if properly used, could limit the damage a virus could do. But Windows also has a history of free-for-all access to the system directories. Until users can run their software as a regular User, they will be signed in with Administrator rights, and Windows won't be secure against viruses.
