Saturday, February 24, 2007

Vista, IE, and the Bored Watchdog Problem

Windows Vista is pretty annoying, out of the box. But first, a word about Internet Explorer (IE).

Internet Explorer is suboptimal in design (and by that I mean: bad) because it is integrated into the operating system. Large chunks of code are shared by Windows and IE, which means that IE loads faster and is marginally faster in operation and 2) it violates the security principle we call "Least Common Mechanism".

Integrating IE into Windows means that when Windows is booting up (being loaded from disk into memory), it is also loading into memory much of the IE browser program. When the user clicks on the blue "e", the browser appears to load faster because much of it is preloaded. This incidentally makes IE look better compared to other browsers, so users tend to use it. Microsoft has to make money somehow.

By integrating with Windows, IE has a more direct path to get to operating system services, such as scrolling the page and reading from the network and the disk. Other programs have to contend with interface layers that the IE programmers can ignore, because it is optimized for use under Windows. There are other advantages, as well, but I don't know how much speed advantage any of this provides IE.

Least Common Mechanism means that in designing a system, it is desirable that shared means of operation between different parts of the system be minimized. I realize that's pretty jargony. In a car, for instance, if horn and the airbags are both on the same circuit, and the fuse for that circuit blows, not only can you not blow your horn to avoid the accident, but your airbags don't deploy.

A browser, being the program (apart from the virus removal tool) that gets used most in Windows, should be insulated from the operating system, so that failures in the browser do not crash the entire system.

Vista is designed to perform in a way that causes the Bored Watchdog Problem. Just as a watchdog tends to get used to cars passing in the street, too many popup windows asking for confirmation make the user tend to ignore such questions.

I predict a patch to turn off that feature.

Finally, IE (like most Microsoft software) may violate the principle of Open Design. Now, Windows geeks will go crazy if they read this, so I want to be very clear. The principle of Open Design is that the security of the system should not depend on keeping its mechanism secret. That doesn't mean that keeping the mechanism secret in and of itself makes for less security, but depending on hiding how it works does make for lower security.

No comments: