[codedokode]

One of the reasons why such attack was possible is poor security in Windows. Port 445 that was used in an attack is opened by a kernel driver (at least that is what netstat says on WinXP) that runs in ring 0. This driver is enabled by default even if the user doesn't need SMB server and it cannot be easily disabled.

Most of services in Windows are run under two privileged user accounts (LocalService or NetworkService). Many of them are enabled by default and are listening on ports on external interface so the potential attack surface is large.

Microsoft uses programming languages like C++ that is very complicated and a little mistake can lead to vulnerabilities like stack overflow, use-after-free, etc.

Microsoft (and most companies) prefers to patch vulnerabilities with updates rather than take measures that would reduce attack surface.

Oh, and by the way Linux has similar problems. In a typical Linux distribution a program run with user privileges is able to encrypt all of the user's files, access user's cookies and saved passwords on all websites, listen to microphone and intercept kestrokes.

[muricula]

The thing is there really isn't a production ready alternative. Rust in ring 0 isn't production ready -- a lot of language features needed to run in ring 0 are nightly only. There are no widely used microkernels. Ironically, of the widely used operating systems in the world, Windows does the best job of running drivers in userland.

[aphexairlines]

Microsoft had enough resources in the 90s and 2000s to get a safe language like ocaml running at least their network services.

[muricula]

OCaml in ring 0? Anything can be done if you try hard enough I guess.

MS had a research project to rewrite the NT kernel in a C# derived language at one point. It worked, but they decided not to go ahead with it.

[codedokode]

SMB server doesn't need to run at ring 0. It doesn't need direct access to hardware or physical memory. The most safe option would be to run a copy of SMB server under user's account (but it still would allow to encrypt all of the files).

[thomastjeffery]

> Oh, and by the way Linux has similar problems.

Yes, but as free software, it inherently has better solutions.

Using a proprietary operating system is like driving a car only the manufacturer is allowed to fix. You don't get to fix the flat tire, and when the manufacturer drops support, you have to buy a new car. If you don't, these situations leave you stranded.

[zild3d]

Why do you claim C++ relates to poor security? OSX and iOS are primarily C, C++, and assembly, (objective C at the higher levels). And linux of course is C and assembly.

Are you saying all of the major operating systems have poor security because they use "vulnerable" languages?

[adrianN]

Memory corruption is the most common error that leads to vulnerabilities.

[alkonaut]

> Are you saying all of the major operating systems have poor security because they use "vulnerable" languages?

Absolutely.

[JimDabell]

Does this include OpenBSD?

[alkonaut]

Is it a program written by humans and have parts that accept user input or network input? then yes.

[JimDabell]

By that definition, pretty much all software has "poor security" regardless of language. I don't think your definition of "poor security" is proportionate or useful.

[alkonaut]

> By that definition, pretty much all software has "poor security" regardless of language.

My definition of "poor" is that it must have a babysitter to maintain and patch it. Whether or not this is the case depends on the attack surface, which of course depends on the complexity of what it does. A system that has no attack surface can be very buggy without having poor security. But an internet connected machine with modern windows/posix OS that does some useful work will likely need a security patch already within the first couple of years - and that I consider pretty poor.

[codedokode]

I think C++ is very compicated, it is difficult to write memory-, thread- and exception-safe program in it and it is easy to make a mistake that can be exploited.

[panzer_wyrm]

They are not secure. They are locked down.

[marcosdumay]

> Port 445 that was used in an attack is opened by a kernel driver that runs in ring 0.

You know, not too long ago, Linux used to run NFS on ring 0 too.

There was a good reason for those things, you can find them on the performance comparatives between CPU and network at the time.