« Opening Session
Time to Forget Passwords? »

Skinny-Dipping with Microsoft: Bill Cheswick

July 7, 2005 by Ping

“Skinny-dipping with Microsoft” is what Bill calls using the Internet without a firewall installed.  For his dad, this left his computer a “software toxic waste dump”.  There are about 200 new viruses a day.  There are even nice GUIs for making viruses (with clean user interfaces to boot!)

But despite having to dismiss a popup every few minutes, his dad doesn’t mind — after all, he’s still getting work done.

Several times during his talk, Bill quoted Mr. Miyagi from the Karate Kid: “Best block is not be there.” In security terms, this means turning off everything you don’t use.  On a typical Unix system there may be 30 or 40 programs that are setuid-root — but you can get by with only about four: su, passwd, chsh, and sudo.

Taking this to its ultimate conclusion, Bill proposes the hypothetical “Windows OK”, a restricted version of Windows that can be locked down after the initial software installation.  In Windows OK, there is nothing you can click on, in e-mail or on web pages, that can hurt your computer.  No downloaded programs are ever executed, no network services are running, and no documents can use macros.  Software updates are allowed from approved parties only, such as Microsoft and perhaps a couple of others.

In my opinion, what Bill is proposing amounts to feature starvation.  I can see that it would be more secure, but I just can’t bring myself to believe that it would be a realistic solution.  Does it really make sense to restrict the entire software market to one or two companies for the majority of computer users?  Imagine telling all the home computer users out there, “You can buy this computer with Windows OK, but you can’t buy any games for it.” How well is that going to sell?

This entry was posted on Thursday, July 7, 2005 at 06:02 under General. You can leave a comment here or trackback from your own site. Use the comment feed to follow comments on this entry.

bdpayne wrote:
July 7th, 2005 at 06:58

Certainly not all users would be ok with a limited feature set. However, with the rise of web-based applications and with many users only using a minimal feature set (e.g., I can think of many people that only use a web browser, mail app, and office suite), perhaps something like this would be a good option for a non-trivial subset of computer users?

Reply to this comment
 
Andrew wrote:
July 7th, 2005 at 07:34

I don’t like the use of the term skinny-dipping in this context. For most people, skinny-dipping is kind of fun and exciting. Using the Internet without protection is not fun and exciting. I think a more accurate might be something like “sleeping around”. In general, I like the use of hygiene and personal and public health metaphors to try to get the security message across.

Reply to this comment
 
mez wrote:
July 7th, 2005 at 07:41

I agree with Bill and bdpayne. My mom is like Bill’s dad; she has a very, very small number of things she wants to do, and there are many flexible features she’s always worried about using unknowningly because of the security implications. It’s not the whole market we need to restrict, but there’s a real market for the folks who can, should, and want to run restricted and safely.

Reply to this comment
Ping wrote:
July 7th, 2005 at 08:31

Given what Bill said about his dad not caring about the spyware as long as he could get his work done, it would be interesting to find out whether his dad would actually bother to buy Windows OK. The offering of Windows OK would present home users with a tough choice between the risk of infection by spyware versus the risk of not being able to use the software they want, where lots of future unknowns factor into both risks.

Perhaps the ultimate answer to that can only be told by the market. Or perhaps a better option would be not to create another version of Windows but to make the only version of Windows retain the capability to install third-party software but come configured like Windows OK by default.

Reply to this comment
Bill Cheswick wrote:
July 15th, 2005 at 07:28

Actually, my Dad wouldn’t make the determination. We, or his system administrator would. If we couldn’t bring up the minimum he needs on Windows OK, then perhaps (since I am designing this system for him) it is not done quite right.

I envision the process thus: The administrator installs Windows OK, checks the apps my Dad needs, installing software as necessary (could include games…) and then locks the machine. In the ideal implementation, neither the game nor other applications could further modify the system, including spyware installation, etc.

I think this model would be useful to naive home users, but could also extend nicely to corporate and government intranet residents. BTW, in the latter cases, the administrator could unlock and modify the system remotely using appropriate crypto. They’d be the only ones allowed to. Such remote management products already exist and are in wide use. BTW, I think there is a viable business model remotely supporting my Dad and customers like him. We techies wouldn’t mind paying a few bucks to get our weekends back.

Reply to this comment