Securing the desktop right out of existence

Stardock's Chief Technologist has taken a close look at Microsoft's early concept for their secure PC initiative (NGSCB for Next Generation Secure Computing Base). You can read the full article here.

Currently, third parties can extend Windows by having their program create a hook into the OS.  Hooks come in many forms (system hooks, shell hooks, keyboard/mouse hooks, etc.).  What they do is allow developers to intercept an OS call and divert it somewhere else temporarily and then return. Basically, they are created for the case when the developer needs to add a feature to the base OS.

For instance, want to add a new button to the title bar? You add a system hook for that.  You want your mouse to pulse when a mouse goes over a link (like the Logitech mice do), add a hook. Most of Object Desktop exists thanks to the power of system hooks. They allow developers to seamlessly extend Windows in innovative ways.

Unfortunately, they can be used to create trojans and viruses. And to that end, Microsoft's proposed solution seems to imply that secure apps won't allow any sort of hooking at all. This would not be just a disaster for ISVs but for users as well and ultimately Microsoft.  The "innovations" that ultimately make it into Windows wouldn't exist without hooks.  Instant Messaging? Would never have happened without a hook to be able to sell if a user is using the keyboard and mouse (to determine if they are "away" or not). Would Windows XP have a skinnable UI without hooking? Nope. In fact, the XP theme system uses hooks. And of course, would there have been an XP theme system in the first place without WindowBlinds in the first place that showed how it could be done?  Basically, any serious OS related innovation created by a third party relies on hooking the OS.

A system that does not allow for legitimate software developers to extend the operating system would essentially lock down the OS to being able to do only the things Microsoft thinks of. This would certainly make Linux advocates happy since corporations and individuals that want to do things with the OS that Microsoft hasn't thought of would be forced to that OS.

What is really needed is moderation. The worm viruses we are running into right now aren't due to hooks, they're due to things like scripting being allowed from Outlook Express (that program Microsoft recently announced wouldn't be updated further). Or people clicking on attachments. Or network security holes. 

Any serious solution to the security issues of Windows requires taking a careful look at what is causing these problems. If I were Microsoft, I would start looking at the network security issues (such as programs having pretty free reign over the network resources). I suspect if you polled IT managers, they are more concerned with programs that send out data over the net without the user's knowledge than the theoretical concern that someone might use system hooks to plant a virus on the system.

System hooks need to be recognized as being a crucial feature of the OS. I would go as far as to say they are a basic feature of any modern operating system. The ability for applications to cleanly extend the feature set of an OS drive innovation in future versions of Windows and keep closed source operating systems like Windows competitive with open source based OSes like Linux. They are not anywhere near the security threat represented by worms and network viruses.