Let’s face it: Windows is broken.
For three months in a row Microsoft has been sending out patches to fix over 120 bugs and security flaws each month. In June 2020, it fixed 129 issues, which is the highest number in a month in the company’s history. This was followed by the second highest 123 in July and the third highest 120 in August.
What makes things worse was that fixes that were supposed to resolve issues sometimes created more problems.
Windows 10 updates continue a pretty embarrassing run for Microsoft and almost every new monthly or feature updates appear to break more things than they fix. In recent times, Windows 10 has been plagued by an alarming number of bugs. — Windows Latest
Some examples of the mess created by Windows Update include:
- For some users, Windows October 2018 Update deleted all personal files in their My Documents folder.
- Feature Update (KB4512941) caused high CPU usage, as well as tinted colour in screenshots.
- After installing Feature Update (KB4535996), some Windows computer failed to start.
- …
Not only were fixes copious yet problematic, they sometimes came too late. One security flaw was found and reported to Microsoft in August 2018. It was already found being actively exploited by bad actors at the time. However, it was onlypatched two years later in Microsoft’s August 2020 Update. I say patched and not fixed because it did not resolve the true issue.
In BleepingComputer’s tests, this security update only removes digital signatures on MSI files modified by a JAR file.
If you append a .exe executable to a signed MSI file, the MSI’s signature will continue to remain valid, indicating it has not been modified.
So, why does Windows have so many problems, and why are the problems so difficult to fix?
In my opinion, Windows was not designed properly, has become too complex to maintain, and at least one of its design philosophy has failed.
Yesterday’s success formula is often today’s obsolete dogma. — Sumantra Ghoshal
Windows Was Born Too Early
Windows was introduced 35 years ago in 1985 and quickly became the dominant operating system on the PC platform before the Internet even existed. As a consequence, proper security design was not in Windows until too late. For example:
- There was no OS-level process isolation in Windows 95 and 98. Processes were free to read and write data in another process’s space.
- While Windows NT became the first Windows version with security built-in, it assigned administrator permission as default to each account created. This almost nullified the benefit of being a secure OS as malicious code would, by default, run as system administrator and have full access to the system.
Windows Was Too Open
Windows is an open platform. Since version 1.0 it has been providing extensive sets of Application Programming Interface (API) for developers to use and build applications for Windows. Unfortunately, in my opinion looking back from today, the Windows API has been “too open” in that it exposed too much low-level system details and granted too much power into the application developers’ hands.
To Windows application development this was both a blessing and a curse. On one hand, having access to such system details allowed developers to circumvent barriers that would be impossible to bypass on more restrictive systems. I still remember the day in 2004 when I threw my fist in the air when I figured out how to sift through all running processes on the system and hook my little “key logger” into them to silently record every line of text being entered into the input box. (Please don’t frown. I was just curious and wanted to learn how to do it. I never did anything bad with it.) My point is, such capability would make developing a screen-recording tutorial builder application much easier, wouldn’t it?
On the other hand, having deep access to the system core could easily tangle the applications with the system, or even a specific version of the system, if the developers were not careful. “With great power comes great responsibility”, however not everyone took that responsibility seriously. For example, many anti-virus software became deeply rooted in Windows core that a recent April 2020 update broke quite a few of them.
Windows Had Become Too Complex
People use Windows for various purposes. They use Windows for working on documents and spreadsheets, for building software applications, for playing video games, for sharing files and printers, for serving websites, for remotely access corporate networks, and for many more.
People also use Windows on various hardware. They use Windows on desktop PCs, on tablet computers, and on their phones. There are also many vendors for each hardware category. We have HP, Dell and Lenovo, to name a few.
Supporting this broad range of use cases and hardware configurations would be a huge burden (if not a nightmare) for any tech company.
To make things worse, Microsoft seems to believe appealing to wider user and developer base is more important than the simplicity and maintainability of the Windows software. It upgraded the Windows 10 architecture and introduced the Universal App Platform to attract app developers. It even added Windows Subsystem for Linux to try to win over Linux developers.
Backward Compatibility Was The Last Straw
In plain words, Backward Compatibility means the capability to allow software from a legacy system (e.g., an older version of Windows) to run on the current system (e.g., current version of Windows).
One of Microsoft’s design philosophies, and in my opinion a failed one, is to always maintain backward compatibility in Windows version upgrades. Here is a YouTube video (Chain of Fools 2017) illustrating how one can start from MS-DOS 3.1 and install and upgrade Windows versions all the way up to Window 10 without breaking the system functionality.
By staying backward-compatible Windows appealed to users that they can keep their beloved applications while upgrading to a newer Windows version.
Look at the scenario from the customer’s standpoint. You bought programs X, Y and Z. You then upgraded to Windows XP. Your computer now crashes randomly, and program Z doesn’t work at all. You’re going to tell your friends, “Don’t upgrade to Windows XP. It crashes randomly, and it’s not compatible with program Z.” Are you going to debug your system to determine that program X is causing the crashes, and that program Z doesn’t work because it is using undocumented window messages? Of course not. You’re going to return the Windows XP box for a refund. (You bought programs X, Y, and Z some months ago. The 30-day return policy no longer applies to them. The only thing you can return is Windows XP.) — Joel On Software
However, this also means sometimes compromises must be made to remain backward compatible. For example, buggy and insecure legacy code must remain in the newer version to provide backward compatibility. For example, the “DLL Hell” problem, where multiple versions of Windows’ Dynamic Link Library (DLLs) conflict with each other, offered a peek into the larger issue. This became more evident when, in January 2020, an actively exploited security flaw was found to reside in a legacy JavaScript engine originally shipped with IE9 (since March 14, 2011).
In my opinion, trying to remain backward compatible had prevented Microsoft from properly re-designing Windows for better software architecture and stronger security measures. When Windows had become so complex, and the developers had been cleverly finding ways of deeply rooting their software into its core, it is almost impossible even to fix a small issue without breaking any existing applications, least to say to restructure Windows for better security.
Having witnessed Windows’ entire life cycle as a developer, I had to say that now it may be time to start fresh. A thinner, cleaner and more secure “Windows Remastered” that only supports a small subset of Windows applications is urgently needed.
For corporate environment, most of our Windows machines are used for just a handful of tasks: checking emails, searching the web, editing office documents and spreadsheets, serving shared files, etc. Even better for Microsoft, these tasks are likely using their software as well (such as Office 365). This means a complete re-design without breaking corporate applications is entirely possible.
Otherwise, system administrators may be forced to look at other (and currently better) solutions. Opportunity cost for such transition is high, but it could be justified by avoiding a potential devastating Ransomware attack.
As one of these system administrators, I would rather Microsoft focused on redesigning this remastered version of Windows, than shipping new “feature updates” with features I don’t need and would potentially break my corporate systems every few months. Fear of an update breaking corporate systems has been causing delays in the roll-out of important security patches, making the already bad Windows security posture even worse.
It is time to abandon Windows and let it go. Let’s start over for something better.
