Criticism of Microsoft Windows

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The various versions of Microsoft's desktop operating system, Windows, have received many criticisms since Microsoft's inception.

Patch time[edit]

In 2010, Google engineer Travis Ormandy criticized Microsoft for taking too long to patch (fix) a reported security vulnerability in the Windows virtual DOS machine (VDM), which was patched 7 months after Mr. Ormandy reported it to Microsoft.[1] In 2004, Marc Maiffret, chief hacking officer for security research firm eEye Digital Security, had criticized Microsoft for providing a security patch for the Windows ASN.1 implementation only after 200 days.[2]

Digital rights management[edit]

Right after the release of Windows Vista, computer scientist Peter Gutmann criticised the digital rights management (DRM) that had been included in Microsoft Windows to allow content providers to place restrictions on certain types of multimedia playback. He collected the criticism in a write-up he released in which he stated that:[3]

  • The DRM could inadvertently disable functionality.
  • A hardware functionality scan requirement could potentially shut out open source hardware.
  • The hardware architecture made unified drivers impossible.
  • Some drivers were buggy.
  • If one driver was found to be leaking content, Microsoft could remotely shut that driver down for all computers that used it, leading to denial of service problems.
  • The DRM decreased system reliability and increased hardware costs.
  • Software makers had to license unnecessary third-party intellectual property, increasing the costs for their drivers.
  • The DRM consumed too much CPU and device resources.

The analysis drew responses from Microsoft,[4] where Microsoft states some of the criticized DRM features were already present in Windows XP, and thus proven not to be a problem for customers and that these features would only be activated when required by the content being played. Other responses came from George Ou of ZDNet[5][6] and Ed Bott of ZDNet.[7] Ed Bott also published a three-part rebuttal[8][9][10] of Peter Gutmann's claims in which he details a number of factual errors in the analysis and criticizes Gutmann's reliance on questionable sources (personal blog postings, friends' anecdotal evidence, Google searches) for his analysis paper and that Gutmann never tested his theories himself.

For Windows 7, allegations were also made about draconian DRM which spurred a debate and criticism at the tech discussion site slashdot.org.[11] As with the claims about the overreaching Vista DRM, independent tech writers quickly dismissed the claims as faulty analysis. The actual problem which spurred the criticism turned out to be an unrelated problem experienced by a single user who tried to circumvent Adobe Creative Suite copy protection mechanisms by changing files. When it failed to work the user concluded that it had to be the draconian DRM of Windows.[11][12]

Integration of Internet Explorer into Windows[edit]

Windows is criticised for having the Internet Explorer web browser integrated into the Windows Shell from Windows 98 onwards. Previously Internet Explorer was shipped as a separate application.[13] One problem was that since the Explorer can not be easily replaced with a product of another vendor, this undermines consumer choice.[14] This issue precipitated concerns that Microsoft engages in monopolistic practices and resulted in the United States v. Microsoft court case, which was eventually settled out of court.

Another issue with the integration was that security vulnerabilities in Internet Explorer also create security vulnerabilities in Windows, which could allow an attacker to exploit Windows with remote code execution.[15]

In January 2009, the European Commission started to investigate Microsoft's bundling of Internet Explorer into Windows; the Commission stated:[16] "Microsoft's tying of Internet Explorer to the Windows operating system harms competition between web browsers, undermines product innovation and ultimately reduces consumer choice". The European Commission and Microsoft eventually agreed that Microsoft would include a web browser choice selection screen to Windows users' in the European Economic Area, by means of BrowserChoice.eu.[17]

Windows rot[edit]

Google, a Microsoft competitor, has criticised Windows for becoming slower and less reliable over long term use.[18]

Adrian Kingsley-Hughes, writing for ZDNet, believes that the slow-down over time[19] is due to loading too much software, loading duplicate software, installing too much free/trial/beta software, using old, outdated or incorrect drivers, installing new drivers without uninstalling the old ones and may also be due to malware and spyware.[20]

NSA backdoor allegations[edit]

In 1999 Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina found a cryptographic public key stored in the variable _KEY and a second key labeled NSAKEY.[21] The discovery lead to a flurry of speculation and conspiracy theories; such as the second key could be owned by the United States National Security Agency (the NSA), and that it could allow the intelligence agency to subvert any Windows user's security. Also researcher Dr. Nicko van Someren discovered these cryptographic keys and a third key in the ADVAPI.DLL file[22] which, at that time, existed in Windows 2000 before its release. Concerns were raised about CPUs with encrypted instruction sets which, if they existed during that time, would have made it impossible to discover the cryptographic keys.[22]

Microsoft denied the allegations[23] — Microsoft attributes the naming of the key was due to a technical review by the NSA pointing out a backup key was required to conform to regulations.[24]

No evidence other than the name of the key has ever been presented that the key enabled a backdoor.

Cryptographer and computer security specialist Bruce Schneier has also argued against the conspiracy theory[25] pointing out that if the NSA wanted a back door into Windows with Microsoft's consent, they would not need their own cryptographic key to do so.

The cryptographic keys have been included in all versions of Windows from Windows 95 OSR2 onwards.[22]

See also[edit]

References[edit]

  1. ^ "Microsoft confirms 17-year-old Windows bug". 21 January 2010. 
  2. ^ "200 days to fix a broken Windows". 13 February 2004. 
  3. ^ "A Cost Analysis of Windows Vista Content Protection". Retrieved 24 January 2011. 
  4. ^ "Windows Vista Content Protection - Twenty Questions (and Answers)". Microsoft. Retrieved 20 November 2011. 
  5. ^ Ou, George. "Does DRM really limit Vista?". ZDNet. Retrieved 20 November 2011. 
  6. ^ Ou, George. "Claim that Vista DRM causes full CPU load and global warming debunked!". ZDNet. Retrieved 20 November 2011. 
  7. ^ Bott, Ed. "Busting the FUD about Vista's DRM". ZDNet. Retrieved 20 November 2011. 
  8. ^ Bott, Ed. "Everything you've read about Vista DRM is wrong (Part 1)". Everything you've read about Vista DRM is wrong. ZDNet. Retrieved 20 November 2011. 
  9. ^ Bott, Ed. "Everything you've read about Vista DRM is wrong (Part 2)". Everything you've read about Vista DRM is wrong. ZDNet. Retrieved 20 November 2011. 
  10. ^ Bott, Ed. "Everything you've read about Vista DRM is wrong (Part 3)". Everything you've read about Vista DRM is wrong. ZDNet. Retrieved 20 November 2011. 
  11. ^ a b "Draconian DRM Revealed In Windows 7". Retrieved 20 November 2011. 
  12. ^ "Oh, the humanity: Windows 7's draconian DRM?". Retrieved 20 November 2011. 
  13. ^ Karp, David A. Windows 98 Annoyances. O'Reilly Media, Inc. p. 326. ISBN 978-1-56592-417-8. 
  14. ^ Chandrasekaran, Rajiv; Corcoran, Elizabeth (21 October 1997). "U.S. Says Microsoft Violates Antitrust Pact". Washington Post. Retrieved 27 January 2012. 
  15. ^ Manion, Art (9 June 2004). "Vulnerability Note VU#713878". US-CERT. Retrieved 7 April 2006. "There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. … IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system." 
  16. ^ "Microsoft is accused by EU again". BBC News. 17 January 2009. Retrieved 14 July 2011. 
  17. ^ "Microsoft Statement on European Commission Decision". 16 December 2009. Retrieved 10 January 2012. 
  18. ^ Keyzer, Greg (2011). "Google's Top Five Jabs at Microsoft". Computer World. PC World. Retrieved 27 January 2012. 
  19. ^ "Optimize Windows 7 for better performance". Retrieved 16 March 2012. 
  20. ^ "Windows bit-rot - fact or fiction?". 12 January 2009. Retrieved 2 December 2011. 
  21. ^ "Microsoft, the NSA, and You". Cryptonym. 31 August 1999. Archived from the original on 17 June 2000. Retrieved 7 January 2007.  (Internet Archive / Wayback Machine)
  22. ^ a b c "How NSA access was built into Windows". 04.09.1999. Retrieved 16 March 2012.  Check date values in: |date= (help) Date of that page is either 4 September 1999 or 9 April 1999, due to differences with American and European date formats.
  23. ^ "Microsoft Says Speculation About Security and NSA is "Inaccurate and Unfounded"" (Press release). Microsoft Corp. 3 September 1999. Retrieved 9 November 2006. 
  24. ^ "There is no "Back Door" in Windows". 3 September 1999. Archived from the original on 20 May 2000. 
  25. ^ Schneier, Bruce. "NSA Key in Microsoft Crypto API?". Retrieved 6 January 2012.