Dear SJVN: Please Open Your Mind

If you shout something loud enough and many people are saying it, does it become true? Some groups of people (include tech journalists and Linux advocates, such as Steven J. Vaughn-Nichols) have a psychological need to find Vista lacking. Mr. V-N has predicted that Vista will have all manner of problems, so his clear interest is to point out everything that is wrong with the OS. Who cares if he has to even make some stuff up?

I followed some of the links on SJVN’s recent article, and I’d like to address some of them. I’m going to ignore all of the links about how it’s doing on the marketplace because I frankly care more about using an OS than about who else is using it. And I’m not going to address his self-referential links because I don’t put any stock in his objectivity. The following rebuttal is organized by the linked-to articles. I don’t care about the specific points SJVN is making… I just want to show that his data is suspect or perfectly explainable.

Shutdown and startup issues:

The real source for this link is at ComputerWorld. Mary Jo Foley, a ZD blogger, adds little of her own to the article. The real article gives a mixed impression of the issue. Some people are fine and others have major problems. I have no problems, and I’m sure the people in the NT Performance labs fixed everything that they found, but one can only test on so much hardware. Between OEMs and people writing new drivers, the startup slowness can be fixed.

In the mean time, take a look at my comment, which is based on this article by John Vert. Given some time for drivers and programs to improve, and some investigation, system times can be made quite reasonable. If some software is causing problems after drivers have stabilized, I suggest complaining loudly to the maker of that program or driver (especially if it’s Microsoft itself). I really don’t know why anyone would question using Sleep rather than Shutdown on a computer. Sure, sleep “masks” a sluggish shutdown response, but it achieves the same effect and solves the problem of disabling your computer when you don’t need it. If you need a really low-power off state, use hibernate. I’d like to see some justifications for why you want to shutdown rather than doing either of the above. The boot performance is not universally bad, as SJVN posits, and will undoubtedly get better as people start using the new performance diagnostics.

Some Vista Features are annoying:

Lance Ulanoff wrote an article in PCMag (a ZD publication) about annoyances in Vista. I’ll try to address his most salient points one by one. If you have issues with the points I skipped, surely it will be worked out in the forum.

1: Complaint about IE prompts for opening Word as an HTML editor: If you trust MSWord not to have bugs when opening HTML pages, then click on a button there and you’ll never be bothered again. In general, it’s hard to know if someone clicks on something and really intends to open an external application. If you want to be a little secure and are willing to sacrifice 1.5 seconds to open an external application, then leave it as default. If you use a particular application a ton, just disable the prompt for that application. It’s not a bad balance between security and usability.

2: Changing date and time: Why do you want to do this more than once? Just have your computer change time from the network time server (as is set by default). You may need to change time zone more frequently if you’re on the go, but this doesn’t require any elevations.

5: This guy lists as an annoyance that there’s no way to scroll left and right in the start menu programs view. He asks the question, “What happens if there’s a lot of nesting?” Unfortunately, the lazy guy would rather bash Microsoft than do a 2 minute experiment to see what actually happens by creating some folders in the start menu. I’ll leave it to those reading along to do the experiment… It’s really not that hard.

6: Serial support: welcome to 2007… I understand that it sucks when old hardware becomes unsupported, but serial has been unpopular for so long. He probably has an issue with the Wacom driver in Vista rather than the OS itself since the serenum.sys serial driver still exists and I guess it must work (I have no serial ports on my machine). That is what I was going to leave it at, but then I decided to do a bit of extra investigation… Oh, look here! Google’s first hit on “Vista Wacom serial tablet” is this! Once again, I will state that Lance is a lazy person.

7: Drivers: Drivers are a perennial complaint. I will not defend the indefensible by saying that he should be enjoying his experience with Vista drivers. I have no driver problems, because I’m using pretty Lo-Fi, standard hardware. Other people have problems. Writing Windows drivers is Hard Work, and the Kernel is generally a much less forgiving environment than User-Space. Backwards compatibility does not apply as much in this regime either, because the driver is part of the OS and is expected to participate in its synchronization and locking scheme. I expect this will get better with the advent of the User Mode Driver Framework and the Kernel Mode Framework. Both of these systems present a much cleaner interface to the driver writers. Of course, none of this applies to things like Chipsets and Video Adapters, which are much more central to the system. As far as I can tell, drivers in this area are written in very close cooperation with Microsoft.

8: Some problems he reported through Windows Diagnostics haven’t been solved yet? Boo hoo! Wait a few months and check back. It’s better than before, when there was no solution most of the time and no one ever knew there was a problem. FWIW, most of my problem reports offer reasonable advice (if the driver is missing, it tells me to check the manufacturer’s site… if a major program is crashing it gives a link to the latest version or to a KB article).

9: I don’t care about the games in Vista. On the chess thing, this guy just seems to have some vision problems.

Frankly, throw-away complaints like this article are worthless to readers and to the people developing Windows. One of them (#5) isn’t even a problem but a question about what would happen in an easily testable situation. You’re always going to find someone who will complain about UI. Interface is something that everyone thinks they can understand, so everyone has an opinion to offer. It’s an example of bike shed painting.

Vista has poor security:

My approach to rebutting the security claims is to explain each of the vulnerabilities in detail. I hope to show that these bugs are rather complicated issues that are inevitable in any large software project. They have nothing in particular to do with Vista’s design and everything to do with its sheer size. Bugs like this exist in any OS, and no doubt has this sort of bug too. They often occur at interfaces between components written by two different people or in multiple generations of the OS. The positive story here is that these bugs are mitigated to some extent by Vista’s protections and that they will bother us no more once they are patched: none of the bugs represent insecure design, which is much more difficult to mitigate.

SJVN seems to misunderstand the ANI vulnerability a bit. He thinks that it is in some “Program” of some sort that is vulnerable. In fact, it’s a component of the Windowing System that is loaded into every process (user32.dll). It doesn’t make much of a difference, because it is indeed a bug. After reading the real vulnerability report (which is two layers away from the article), one sees that it’s not some sort of design flaw but merely a small coding mistake (improperly validating a size field when opening a file). It’s kind of sad that they didn’t fix it right in the first patch, so I hope the tester responsible for investigating that code fix gets “reassigned.” On the other hand, this is not kernel-mode code and it’s not running in a system or trusted context. Sure, it’s bad, but that’s what patches are for. Unfortunately, this was an unlucky case that passed through the stack overflow protections, but Vista is less vulnerable to this under IE because any malicious code will have difficulty escaping from the IE protection context.

There is only ONE bug in CSRSS, as far as I can tell from SJVN’s link, not three. This was that infamous MessageBox bug. The issue is a double-free of allocated memory in NtRaiseHardError or one of its called functions. The function has several paths of execution for dealing with error strings from the Virtual DOS Machine or from the kernel. It’s a little complicated by the fact that Windows may have to extract the error string from the memory of the process and move it to a different context in the case of the VDM. There’s a good write up at eEye Security. Once again, code bug and not design flaw. It’s pretty easy to see how this bug arose, because of some unexpected interaction between vastly different levels of abstraction within the Window Manager. The HardError function is used by deep parts of the OS to surface system errors and it just so happens that this is a convenient way to also display System-Modal error messages from service processes. How many times do you see System-Modal error boxes? This is just one of those crusty old areas of Windows that few people bang on, so rare and weird errors don’t really get caught. You’ve gotta have this stuff (I can hardly call an error reporting mechanism ‘bloat’), but you really don’t want to use it often.

SJVN seems to think that Microsoft should have rewritten every single part of the OS. Not only would that be a colossal waste of time, but it would likely create many more security bugs than we’ve seen so far. There have been major changes in Vista: huge portions of the Kernel have been changed and rather massive features have been added. The graphics model is in the process of being entirely replaced (Aero and WPF are just halfway to where Windows is eventually going). There’s no real reason to rewrite already working stuff unless its design is bad or outdated. So far, we haven’t seen design flaws. Code bugs will always happen and they’ll eventually be caught and fixed. The only clear message I have picked up from reading SJVN’s security rants is that he does not have a technical understanding of that which he complains about.

Security is a very difficult problem, however, and I’d like to explain why we cannot expect absolute freedom from exploits. Even in extremely life-critical engineering endeavors, like airplane design or even the space program, the cost of elimination all defects is too high. In these fields, every effort is made to get rid of problems through simulation, ground testing, flight testing, and general design checking. Even so, bugs slip through the cracks and aeronautical engineers have a process for managing faults. The Space Shuttle has auxiliary systems; airplanes have large margins of safety so that they can be landed even when missing half their engines or when some of their avionics fail. Also, the products of these engineering efforts are constantly maintained and checked for damage and wear. Any flaws that are later discovered are patched and if they are severe enough, the subsystem is redesigned and replaced on all instances of the product.

No one is willing to pay enough for software to justify the costs of extremely stringent engineering. We could not have had the Computing Revolution if all personal computers had to be reliable enough to be used in a life support context. Moreover, the pluggable and configurable nature of computers makes it impossible to test every complete system. And in a real engineering discipline, if something is not tested it should be assumed to be broken.

So we’ve now established that bugs will happen. Most bugs in an OS don’t have any really nasty effect, since OSes are designed with redundancy in mind (processes crash and get restarted, errors occur and are silently ignored, etc). On the other hand, even a single security bug has huge effects. You can’t really build too much redundancy around the issue… the best you can do is try to isolate the flawed code and prevent compromises from spreading to the rest of the system. This is also something that other engineering disciplines don’t have to deal with so much. Returning to Aeronautical engineering, they don’t even attempt to make planes that are safe under both normal conditions and under the bombardment of rockets.

The best you can do about security issues is testing and review. A lot of this is done by Microsoft. For example, almost every new file format parser they produce is subjected to fuzz tests, which randomly mutate the parse stream to ensure that errors are properly caught. The result: Microsoft does not appear very often on this list of Kernel bugs, which are mostly the result of fuzzing attacks; IE also handles these sorts of fuzz attacks quite well. But it only takes one such exploit to have widespread chaos and compromise of many PCs.

Sure, security on Windows is not flawless. But, we have come a long way from 2002, when there were massive internet worms and you could rightly say that Microsoft had a huge security problem. People keep repeating the lie that Windows has Swiss-cheese security and is easy to exploit. If you wish to deny this, I’d like to see technical details about what areas you think are insecure and why. Also, it would be a bonus to explain how you might fix the problem without entirely breaking what works. From this point on, hardening Windows is just a matter of iterative improvements to the OS (read: monthly patches), as is the case with any other open system. We could argue either way about the speed of patching, but this is not a very exciting argument and it’s more important to look at the speed at which patches are distributed than the time it takes to create them, in my opinion. As we saw in the big Sasser and Blaster fiasco, the most dangerous time is between patch creation and widespread deployment.

Conclusion

My rant may seem like it’s focused against Steven J. Vaughn-Nichols, but that’s not really what this is about. I’m tired of the endless spewing forth of uninformed, technically wrong, and ultimately boring opinions about Microsoft products. MSFT may not be as nimble as Apple or as well-regarded as Google, but they still have large cadres of talented engineers. I don’t care that much either way about their corporate practices, but I do care about the design of their products and how those features compare to competitive products.

What I really long for is more enlightenment on the web, and OSAlert in particular, about the topics of discussion. People may not know all of the technical details of the systems they use or the systems they don’t use (I’m looking at you, Linux advocates), but I think it would be a much more worthwhile and spirited exercise to try to learn about how things work as a community. As OS Enthusiasts, we grow more from sharing our informed opinions than by sharing strident ignorance.

About the Author
PlatformAgnostic is recovering from writing a filesystem for his OS class. If you have a strong technical grasp of a non-Windows Operating System and wish to do a joint article comparing and contrasting some core areas of your system with Windows, please contact him. Some topics I’d like to discuss are filesystems, debugging support, IPC mechanisms, VM design, kernel synchronization, I/O architecture, or anything else of this nature.


If you would like to see your thoughts or experiences with technology published, please consider writing an article for OSAlert.

156 Comments

  1. 2007-04-23 7:28 pm
    • 2007-04-23 8:45 pm
      • 2007-04-23 8:58 pm
      • 2007-04-23 10:30 pm
      • 2007-04-24 5:11 pm
    • 2007-04-23 9:19 pm
      • 2007-04-24 5:14 am
        • 2007-04-24 6:18 am
          • 2007-04-24 1:56 pm
          • 2007-04-24 6:28 pm
        • 2007-04-24 4:30 pm
          • 2007-04-24 6:37 pm
      • 2007-04-24 5:23 am
        • 2007-04-24 6:05 am
          • 2007-04-24 11:47 am
          • 2007-04-24 5:52 pm
        • 2007-04-24 4:33 pm
      • 2007-04-24 11:16 am
      • 2007-04-24 1:40 pm
  2. 2007-04-23 7:30 pm
    • 2007-04-24 7:10 pm
  3. 2007-04-23 7:43 pm
  4. 2007-04-23 7:43 pm
  5. 2007-04-23 7:44 pm
    • 2007-04-23 8:07 pm
    • 2007-04-24 3:41 pm
  6. 2007-04-23 7:47 pm
    • 2007-04-23 8:08 pm
      • 2007-04-23 11:03 pm
        • 2007-04-24 6:48 am
  7. 2007-04-23 7:47 pm
    • 2007-04-23 8:38 pm
      • 2007-04-23 9:16 pm
    • 2007-04-23 9:45 pm
      • 2007-04-24 6:53 am
  8. 2007-04-23 7:53 pm
    • 2007-04-23 8:09 pm
      • 2007-04-23 9:14 pm
        • 2007-04-23 9:17 pm
          • 2007-04-23 9:22 pm
          • 2007-04-23 9:27 pm
          • 2007-04-23 9:38 pm
          • 2007-04-23 10:47 pm
          • 2007-04-23 11:48 pm
          • 2007-04-24 12:43 am
          • 2007-04-24 1:02 am
          • 2007-04-24 3:49 pm
          • 2007-04-24 4:25 pm
          • 2007-04-24 4:52 pm
          • 2007-04-24 5:13 pm
          • 2007-04-24 6:45 pm
          • 2007-04-24 6:51 pm
          • 2007-04-24 5:15 pm
          • 2007-04-24 5:57 pm
          • 2007-04-24 6:48 pm
          • 2007-04-24 9:22 pm
          • 2007-04-25 4:53 am
          • 2007-04-25 7:32 am
          • 2007-04-25 12:12 pm
          • 2007-04-25 6:11 pm
          • 2007-04-24 4:17 pm
          • 2007-04-23 10:38 pm
          • 2007-04-23 11:39 pm
          • 2007-04-24 1:20 am
        • 2007-04-24 3:11 pm
    • 2007-04-23 10:41 pm
      • 2007-04-23 11:32 pm
        • 2007-04-24 1:38 pm
        • 2007-04-24 4:15 pm
          • 2007-04-24 4:55 pm
          • 2007-04-24 6:25 pm
          • 2007-04-24 6:43 pm
          • 2007-04-25 2:31 pm
          • 2007-04-25 8:24 pm
          • 2007-04-26 11:36 am
        • 2007-04-24 6:01 pm
          • 2007-04-24 6:22 pm
      • 2007-04-24 3:02 am
        • 2007-04-24 1:27 pm
      • 2007-04-24 3:55 am
  9. 2007-04-23 8:01 pm
  10. 2007-04-23 8:06 pm
    • 2007-04-23 8:52 pm
    • 2007-04-23 9:17 pm
      • 2007-04-23 9:30 pm
        • 2007-04-23 9:38 pm
          • 2007-04-27 6:14 pm
    • 2007-04-23 9:51 pm
  11. 2007-04-23 8:33 pm
    • 2007-04-23 8:57 pm
      • 2007-04-23 10:21 pm
      • 2007-04-24 6:18 am
    • 2007-04-23 9:02 pm
    • 2007-04-24 4:21 pm
  12. 2007-04-23 8:54 pm
  13. 2007-04-23 9:22 pm
    • 2007-04-23 9:30 pm
      • 2007-04-24 3:40 am
    • 2007-04-24 12:37 am
      • 2007-04-24 3:07 am
        • 2007-04-24 3:43 am
          • 2007-04-24 1:06 pm
  14. 2007-04-23 9:50 pm
  15. 2007-04-23 10:15 pm
    • 2007-04-23 10:43 pm
    • 2007-04-23 10:44 pm
      • 2007-04-23 11:11 pm
        • 2007-04-24 12:23 am
          • 2007-04-24 12:36 am
          • 2007-04-24 12:49 am
          • 2007-04-24 1:02 am
          • 2007-04-24 1:42 am
          • 2007-04-24 2:19 am
          • 2007-04-24 5:03 am
      • 2007-04-23 11:49 pm
        • 2007-04-24 12:31 am
          • 2007-04-24 2:24 pm
          • 2007-04-24 4:56 pm
          • 2007-04-24 5:04 pm
  16. 2007-04-23 10:32 pm
  17. 2007-04-23 10:40 pm
  18. 2007-04-23 10:43 pm
  19. 2007-04-23 10:50 pm
    • 2007-04-24 1:33 am
  20. 2007-04-23 11:41 pm
    • 2007-04-24 12:09 am
    • 2007-04-24 4:27 pm
  21. 2007-04-23 11:43 pm
  22. 2007-04-24 12:37 am
    • 2007-04-24 1:51 am
      • 2007-04-24 2:52 am
        • 2007-04-24 4:28 pm
          • 2007-04-24 5:07 pm
          • 2007-04-24 6:21 pm
          • 2007-04-24 6:39 pm
        • 2007-04-24 5:54 pm
          • 2007-04-24 6:39 pm
  23. 2007-04-24 2:00 am
  24. 2007-04-24 5:21 am
    • 2007-04-24 5:44 am
      • 2007-04-24 8:44 am
  25. 2007-04-24 5:28 am
  26. 2007-04-24 5:51 am
  27. 2007-04-24 9:20 am
  28. 2007-04-24 12:00 pm
  29. 2007-04-24 12:19 pm
    • 2007-04-24 4:36 pm
      • 2007-04-24 5:47 pm
        • 2007-04-24 6:20 pm
  30. 2007-04-24 4:27 pm
    • 2007-04-24 5:07 pm
  31. 2007-04-24 5:50 pm
  32. 2007-04-24 7:23 pm
    • 2007-04-24 8:21 pm
  33. 2007-04-24 11:24 pm
  34. 2007-04-25 3:05 am