Go On — Admit it — Microsoft Windows Has A Terrible Legacy That It Still Carries With It

An operating system stuck in the 1980s?

--

I had the great privilege of watching a magician at work yesterday. Her name is Holly Grace Williamson, and she performed a trick that few people in the audience could see — but I could see it clearly:

In the talk, it felt like I was in the programme where Penn and Teller watch a magician performing and then try to guess the trick. And, so, Holly broke into a highly secure system and where SOC analysts were watching her and that they could see what she we doing, but they couldn’t see what she had done. And, that’s what a magician does so well. In front of our noses, magicians move their hands and say “Ala-ka-zam”, and then pull a rabbit from the hat. Without the trained eye, you just can’t see where the rabbit came from. But, once you see the trick, it all becomes apparent.

So, how did Holly break into a highly secure Microsoft Windows system that was built in the Year 2023 and that was locked down and patched to the hilt? She did it because the Microsoft Windows box brings all its legacy from the past, and where the core operating system still supports the same one from DOS 3.1 and Windows 3.0. It thus has all that horrible Basic scripting and simple command shell, and with all of the WMIC commands which can open up your computer to a whole lot of data leakage.

For a while, WMIC was cool, but then we found out that it can not only be used to gather remote data from a computer but also change it. And, so, while you might lock users out of PowerShell — under the hood, Microsoft Windows is still holding on to the legacy of the past. It is thus still able to run programs that were created in the days when Bill Gates said that computers would only ever needed 640KB of memory. It’s a bit of a sham(bles)!

If Microsoft really wanted security and performance over compatibility, they would have migrated their operating system to a 64-bit and locked down the hardware long ago. And, all the legacy would have been deprecated, and then removed. But still, it rumbles on with a shiny new interface, and where the domain controller fixes many of its core weaknesses.

For Apple and their Mac OSX operating system, they had the guts to take a leap forward and dump their legacy. It was a big gamble for Apple, but a few years ago, they removed 32-bit applications and told developers to upgrade their code, or their applications would not run. For Microsoft, there has been no such thing, and where we can still run either a 32-bit program (x86) or a 64-bit program (x64). Overall, it is a rat's nest of an operating system and that shows itself all shiny and new, but in the backend, it is still the same old operating system. To me, you see this type of legacy when you run Microsoft Excel and where you can’t open two spreadsheets with the same name — even though they are in different locations:

Why have Microsoft held on to so much legacy? Well, it is what had made Microsoft great. They were the builders of compatibility, and while other companies, such as IBM, Google and Apple, have tried to move the industry towards new types of architecture, Microsoft has built its company by supporting all. But, the catch-all approach massively increases the surface area, and where Apple has locked their systems down tightly with the control of the hardware and software. This means that you get a dedicated chip on an Apple device, and whose main task is to look after your security — for Microsoft, that’s an added bolt-on.

Conclusions

If you want proper security, Apple has tight control on this, as it minimises the surface area. For Windows, it's a nightmare! Microsoft’s great strength is also one of their greatest weaknesses. Every time you open your Window’s laptop, you are actually back in the 1980s. I’ll stick with my Macbook, thank you!

--

--

Prof Bill Buchanan OBE FRSE
ASecuritySite: When Bob Met Alice

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.