FAQ for "Why Windows is a Security Nightmare"

Many people sent me emails about the article I wrote on Windows security problems. I appreciate the support and helpful comments offered by everyone. My response to some of the questions, and concerns expressed in the emails is given below.

It is possible to download all Windows Updates separately, and create an update CD.

I think some people are misinterpreting the article because of the context in which the slashdot link to the article was posted. The thesis of my article is not that Windows Update should be available on CD, but that Windows Registry and Windows Update exacerbate security problems on Windows.

Also, I am aware that Microsoft lets you download individual patches, and it is mentioned in the article that I downloaded some of them, but the whole process is inconvenient. Standalone downloads can be substantially bigger than downloads using Windows Update, and installing them is a hassle because of dependencies and reboots.

Microsoft has made available tools to create an update CD, so why didn't you use those?

Firstly, I was not aware of any tools provided by Microsoft for creating update CDs. Secondly, Microsoft tools require having a Windows CD in hand. My OEM never shipped a Windows CD with my notebook. Actually, many OEMs do this, so the Microsoft update tools are of no value to me, and many other individuals.

The registry is not bad; it is just the clueless ISVs who are responsible for registry problems.

I disagree! Before memory protection became standard feature in OSs it was a common occurrence for processes to interfere with one another, and crash the system. One could have blamed ISVs for that situation as well, but the right approach was to not trust the ISVs, and provide OS functionality to protect processes from one another. In my opinion, the registry is a similar scenario.

Microsoft cannot throw away the registry because of compatibility reasons, so you are asking for too much.

I have discovered a link about the Longhorn Registry that was not known to me at the writing of the article, and I have to concede that Microsoft is taking some steps to remedy the problems with the Registry.

I have never had to reinstall Windows. I think you are clueless and don't know how to maintain a system.

Some people get lucky, and others do not install/uninstall software on their PCs, but the vast majority of users do experience problems with the registry at one time or another.

RegClean works great for me. Why didn't you use it?

I know about RegClean and did use it. I did not find the program to be of much help though. The problem with registry cleaners is that they work for some people some of the time, but not for all people all the time.

Note: RegClean was not the registry cleaner that caused my PC to have boot problems.

Remote exploits are the way of life, and if you can't adequately protect your system then you deserve all the problems you got.

Not all operating systems are created equal. Some like SELinux offer users something in the way of protection. Moreover, hundred percent of computer users will never become adept at 'securing' their systems, so the bulk of the effort has to be made by OS vendors.

You should have enabled the Windows XP firewall, and that would have protected your system from worms.

As I mentioned in the article, I am not using Windows XP. Furthermore, I did not have any software firewall available at hand. I could have retrieved one from the Internet, but the Blaster Worm would have gotten me anyway before I could retrieve one. Moreover, firewalls do not protect against all vulnerabilities, so they are not a perfect solution in every situation.

You should have installed a hardware firewall, and everything would have worked OK.

A great idea, but I don't have a hardware firewall. Also, I don't believe the typical Windows user knows much about hardware/software firewalls, so this solution will not work for the majority of Windows users.

Buy yourself a Mac and OS X, and you will be rid of security problems for good.

Mac OS X is Unix, and Unix is hardly any more secure than Windows. However, it might be worth making a switch to OS X if it does not have the equivalent of the Windows Registry. Unfortunately, I don't have the spare cash to buy a Mac.

Unix is very secure, and you are wrong about what you have stated above.

When I mean secure I mean some sort of protection from remote exploits. For example, SELinux offers a decent amount of protection as it runs the standard services with the least amount of privilege they need, and confines them so that they are unable to attain escalated privileges in case they get compromised.