10 Windows myths promoted by Leo Laporte and his Twits

1 September 2009

I listen to most of the popcasts on the Twit network since 2006 and really like them, they are not super technical like most others I listen to, but they are very entertaining. However the hosts keep repeating the same incorrect statements about Microsoft Windows over and over again which is a bit annoying. The statements below are not quotes but I paraphrased them from memory.

1. Microsoft Beta Software has active debug code and runs slower than the RTM version.
The versions Microsoft releases as public betas are retail code, meaning there is no debug code active and it works just as the final version, otherwise it would be a bad test version. Windows debug versions are called "Checked builds" and are usually for driver developers, these may run slower than the retail version. You can still download and install the Windows debug symbol files for any normal Windows version to troubleshoot certain problems.

2. Windows is an old OS which carries a lot of baggage with it. OS X is shiny and modern.
OSX is based on BSD Unix, first release in 1977 and NextStep, first released in 1989. Windows NT has ideas from DEC's VMS but was designed and built in the early 90s and released in 1993. Of course OS X was only released in 2000 and incorporates some modern technologies (as do the current versions of Windows NT).

3. Windows is a single CPU platform OS limited to Intel's 386 platform
Windows NT was especially designed and built as a portable OS. So far it ran on Intel 386, AMD64, Mips, Dec Alpha, IBM Power PC and Intel Itanium. OS-X on the other hand ran on Power PC and x86 only. Using NT's architecture it is relatively easy to port it to other platforms. However Microsoft stopped support for less popular CPUs over time.

4. Security and networking in Windows was an afterthought.
The first NT based Windows (3.1) was designed as a multiuser, multiprocessor and multiplatform network operating system and had all the standard security and networking features from the start: Access Control List, user account management, a secure filesystem, TCP/IP stack etc.

5. Microsoft merged the Windows 9x and Windows 2000 code bases to form a common new Windows version with the best of the two previous families.
AFAIK, no code from Windows 9x made it into XP, it was just a tuned Windows 2000 with some extra features. Some of these were first introduced in Windows ME but that doesn't mean they used the code. Microsoft also increased compatibility with older Win16 applications and games in XP.

6. "New is bad", it's untested and insecure
This claim by Steve Gibson especially against Windows Vista is laughable, Vista is soo much more secure than XP on any level. Leo would say Windows 2000 was more secure when comparing it to XP. Are you kidding me? XP had tons of problems but only a few of them were specific to it, most of the problems were also in 2000. And 2000 has many problems that were fixed when XP came out. So does Mr. Gibson want us to wait until version 3 of his new Cryptolink product before buying it? Surely version 1 and 2 are new and therefore bad and insecure!

7. It is crazy to put the graphics subsystem and its drivers into the kernel.
That was also the opinion of the NT architects in the early 90s, so they put the graphics subsystem into user mode in NT 3.x It turned out that the hardware at the time was not fast enough for a complex OS like NT. So for NT 4.0 they moved the graphics into the kernel, a move not uncontroversial at the time. But it improved graphics performance even though it meant a less stable kernel, problems with drivers and even Blue Screens of Death. In Windows 2000 and XP the architecture was largely unchanged but for Vista they made some big changes. With current hardware fast enough, they moved the graphics subsystem back out of the kernel into user mode. This is one reason why a new driver model was needed. Of course, "new is bad" (see 6) so Mr. Gibson is still using a ten year old OS with the graphics in the kernel.

8. The registry is the root of all evil in Windows
In over 17 years of working with the registry I never had a corrupt one and any other major problems with it, and I hack around inside it quite a bit. Compare it with working with the old ini files or any flat file configuration system. Putting all of the LocalMachine hive into files would be a big mess. How would you protect a single value from being changed, while other values remain writeable? The registry has ACLs on each value. How do you remotely access the configuration of a computer without granting file access? For application level settings, Microsoft promotes the .net framework since 2001 which applications do not use the registry at all, but store it's configuration in XML files. Even non-dot.net Application use or could use this approach.

9. Never use Windows in ATMs or other devices
So they have been bluescreens on huge public screens during the Olympics and malware has been found in ATMs in Eastern Europe. But to blame that on Windows makes it too easy. BSDs usually indicate a hardware problem. If you use cheap or non compatible hardware or bad drivers it is the owner's fault. If the hardware fails, no OS keeps running. How did the viruses get onto those machines? It is likely they were put on the machine during setup, another human security problem. Of course it is easier to use existing Windows malware than to write custom malware for a specific embedded OS, but it is not impossible. I have seen Windows boxes in system critical situations with an uptime of years and no problems. I don't want to say to use Windows in all possible situations but sometimes the use of other OSes is cost prohibitive

10. Open Source is more secure
So how many people are actually looking at all the open source code? And what are the chances that many of them are doing it to find exploits they can use rather than fix. There are tons of Linux flaws found all the time by the small Unix community alone. What if all the professional crackers would spent more time on Linux code because they could actually made money from their exploits like in the Windows world. What if Microsoft would make the Windows source code public? For years this would give crackers the opportunity to find exploits more easily. Security experts reviewed every single line of active code within Microsoft and found tons of problems but still not everything and exploits still come up. So I doubt just because something is open source, it is more secure. It all depends. Many open source projects are done in a distributed fashion with developers only knowing each other by email. Some code checked in by person A and review by person B can cause a major security problem for code written by person C. At Microsoft and other traditional software houses, the team usually works closer together and such problem can be avoided by communication.

Interestingly enough, none of these myths are promoted by Paul Thurrott, the host of Windows Weekly, the Twit show covering all things Microsoft. However he also does little to debunk them.

Please note, that I am not saying anything like "Windows is better than OS X or Linux", I just want to point out some facts

Pages in this section


ASP.Net | Community | Development | IIS | IT Pro | Security | SQL (Server) | Tools | Web | Work on the road | Windows