@Avatar of They
In general, Windows /is/ fine and secure. There are a few vulnerabilities discovered every now and again, but every few vulnerabilities in the actual operating system have been actively exploited for the past few years. (Most extant malware exploits stuff for which patches have existed for bloody ages.)
I will not say "Windows is secure." Mind you, I wouldn't say that about ANY operating system. I will say that the attack surface is much smaller today than five years ago, and that there ROI no longer favours attacking the operating system directly. Instead, the greatest ROI for an attacker is third-party software. (Usually Adobe.)
This is true of virtually everything nowadays though. Putting aside the predjudices and preconceptions we all naturally hold, all operating systems are similarly vulnerable when an application doesn’t play ball. I’ve seen Linux systems rooted because some CMS or other wasn’t compatible with SELinux, thus resulting in SELinux being disabled, and the system getting pwned. (If it’s incompatible with SELinux, there’s usually a damned good reason. Don’t use a non-SELinuxed system facing the net…)
I’ve seen plenty of Macs (and even the odd iPhone) where the user downloaded something stupid and the devices had to be wiped. (Seriously, Mac Trojans piss me off. Mac users never have any defences.)
Windows systems are unique though, because of the legacy of insecurity. Microsoft finally got it’s act together in creating a set of tools and APIs that allow applications to run in a secure fashion on it’s operating system, and none of the app vendors want to play ball. What does Microsoft do? Impose these new security features on all applications, thus breaking 80-90% of everything available for its operating system? That’s asking Microsoft to go outside and cut its own throat. Independent software vendors (ISVs) matter. People don’t actually /care/ if the computer is Windows or Mac or whatever. They care about what applications it can run, and that boils down to ISV support.
Microsoft has only two advantages over its competitors: it is easier to use and administer than anything else, and it has a larger installed base of applications. Rather than throw away one of those two advantages, it has instead embarked on the very long and difficult road of begging, pleading, cajoling, threatening and bribing ISVs to clean up their code.
Jobs just tells them to go to hell in public, then boots them out of his playground. There’s something to be said for that, but it all depends on how far he takes it. If his booting Adobe out of the sandbox was nothing more than example to scare the other devs into cooperating, then he’s probably a thousand times smarter than Ballmer could ever hope to be. If he’s actually nuts and goes on similar rampages against anyone and everyone who doesn’t play ball then he’s going to slit Apple’s wrists before they even really get started.
AFAIK Google doesn’t actually work with any ISVs for anything at all. When you are in a Google world, there is Google, Google, some more Google, Google does some things, you can use Google, oh and there’s some other websites out there, but you don’t need them because it’s all done by Google. When I think about their business model, the only thing that comes to mind is “who’s the monopoly now?” If Google were to win the forthcoming war between Microsoft, Apple, Google, Oracle and HP, then there would be only one software developer left in the entire world: Google. It’s true that (for now) they have an app store on Android, but Google has made mention many times of how much they absolutely abhor “native code”. ChromeOS is all about the web, and let’s face it, Google own the web. If there’s a good service out there, Google either clones it, buys it or rips it off. If Google won the IT wars, they would be a massively vertically and horizontally integrated behemoth.
Fortunately, that will absolutely never happen. People want choice, and this will prevent Google from every actually becoming a Monopoly in any practical fashion. There will always be another operating system, be that Linux, OSX/iOS/ Winwhatever, WebOS or Solaris. People won’t stand for the lockin…they absolutely require the ability to run applications from ISVs, and won’t have it any other way.
So what’s the solution to the security problem?
Linux: you can do anything you want, but if you want to make it secure, or remotely interoperable with all the other stuff on out platform you will have to jump through these 10,000 hoops. Otherwise your application pretty much will be ignored, or not actually work with important things like 3D acceleration. Also, please pay attention to the moving goalposts, those 10,000 hoops are constantly in motion. What do you mean that’s a pain in the ASCII? You’re just a terrible programmer!
Google: Web services, web services, web services, web services. Introducing Google whatever webservice you sunk a squillion dollars into Beta! (Please get your invite from the hype dispenser.) Oh, and you can use the android market, lol. For now.
Apple: you vill comply und you vill like it!
Microsoft: Let’s get everyone in a room and talk about our feelings. Let’s build a “developer ecosystem” and ensure that everyone has the tools they need to make any application they want. As long as you are coding you app to run on Windows, Microsoft will even help you write an application that competes directly with their own offerings. Anything and everything will be given to the Windows developers.
I will go out on a limb and say that ALL of these approaches are wrong, or at least incomplete. So there you have it, the basic approaches to handling security and developers tie in with the business model and the philosophies of the people who use, manage and oversee the platforms. Same as it ever was, with one exception:
Windows itself is finally pretty damned secure. It’s just their entire philosophical approach to giving devs enough rope to hang themselves that’s biting them in the *** now.