Dear fellows:
We need to put things in perspective, calm and easy. I could just say that the statement from Microsoft's CEO is false, but I'll not. Instead I'll will just describe some facts and then you reach your own conclusions.
The main problem with security on windows and other operating system is in their base. Unix like OSs are closed systems by default while Microsoft Windows is a open system by default. On Unix like OSs in order for a user to run anything you need first to give him necessary permissions to do so. Otherwise not even a byte the user can read from whereever. On Windows you can do what so ever and then you starting removing power to a user (closing the system to that user).
When a trojan or a virus infect an OS it operates under a user account, so it inherits the system previleges of the user under who's account it is running and only that user. On Windows OSs because the users by default are at least machine administrators the virus or trojan is able to do whatever that user can, so it damages the system alot more than on Unix like OSs.
Try as a normal user on Unix based systems to access the configuration files. Yes in many of them you are even able to read those files, but you can't change a thing on them. Try to delete a file in the /USR (kind of Program Files under windows) directory for example, you can't.
Try to map a network drive or even access to your CD-ROM it will tell you that only the system administrator can do that and because on Unix nobody works as system administrator then the system core never has a virus. In the worst case scenario only the files created by the user can be deleted or damaged not the files from other users so even if we had virus on Unix the impact over the system would be very small (to the user level only). On Unix, as soon a user logs out from the system all applications running with that user permissions are forcelly terminated by the OS itself. Because the Unix system administrator (ROOT) only logs in for bref moments (the way it should be used) root has no internet mail, only local mail, root has no need to browsers (you do it under or normal user account) and so on. On windows virtually any user can delete, create or modify any files, becuase by default your user is the system administrator.
Now just think a little Best regards Joao Ribeiro da Silva
On Thu, 2004-02-05 at 17:07, Joao Ribeiro da Silva wrote:
Try to map a network drive or even access to your CD-ROM it will tell you that only the system administrator can do that
That's rather system dependent. I believe in the HURD, for example, any user is able to mount filesystems in their workspace.
On windows virtually any user can delete, create or modify any files, becuase by default your user is the system administrator.
That's not true of any modern Windows OS, and hasn't been for years. On the other hand, Lindows OS does ship like that (I believe), so it's true to say there are modern GNU/Linux OSes that do ship in that state.
There are reasons why Unix is "more secure" than Windows; virtually all of them are basically down to applications. The current MyDoom worm doesn't rely on any Windows insecurity; it could probably just as easily have been implemented to attack Unix users. Perhaps our apps are designed slightly differently, and we don't have the 8.3 backwards compatibility, so the trick it uses wouldn't work against us, but it is still in essence a social attack rather than a software attack.
To be honest, I'm not necessarily convinced that it's possible to say one is more secure than the other. There don't appear to be any good metrics to measure which is more secure. Certainly, Unix has the better history. But Windows has a stronger architecture, and ought to be better in theory. Microsoft are also introducing stuff like NX soon - marking areas of memory as non-executable. Of course, that's been possible on Linux for many years, but no-one has ever shipped Linux with that configuration (to the best of my knowledge, Fedora Core 2 will be the first?).
I think I would be more interested to see statistics on the applications available: I would strongly suspect that IE and Outlook are by far the most insecure software in common use today, and that would be the area in which free software would have more advantage (better/more consistent programming practices especially). Although IE is thought of as a system component, I'm told it's still possible to separate it/run it standalone on other Windows systems. Therefore, I would still class it as an application, and I think it's the Windows applications which are weaker than Unix counterparts.
Cheers,
Alex.
Joao Ribeiro da Silva wrote:
The main problem with security on windows and other operating system is in their base. Unix like OSs are closed systems by default while Microsoft Windows is a open system by default.
(How good that we don't talk about "open source" software, otherwise this last sentence would really look strange ...)
On Unix like OSs in order for a user to run anything you need first to give him necessary permissions to do so. Otherwise not even a byte the user can read from whereever. On Windows you can do what so ever and then you starting removing power to a user (closing the system to that user).
But that's exactly one root of the problems. The latter model might be fine for a single-user standalone system (Dos and earlier Windows versions), but transfering it to a networked and/or multi-user system was a cardinal mistake. In principle it was clear from the beginning that this couldn't work (so they had plenty of time to rewrite it from scratch if they cared), now we're seeing the effects.
Another basic problem which you didn't mention is the tendency to blur the distinction between executable code and data. AFAIK this tendency has even increased in Windows in the last years (MS-Word macro viruses, various "active" components all over the place and many more things, even the mangling of file name suffixes, so viruses could use double suffixes to "disguise" which is so ridiculous, etc.). For the average Windows user it's quite hard to tell whether they're viewing some data (image, text, ...) which is harmless unless it can exploit a bug in the viewer program, or executing some code which is always dangerous if it comes from unknown sources.
I suppose they're doing it in the sake of "comfort" -- and for the most part I don't even see that point. Most users don't regularly receive executable programs by email or execute them from random web sites. I suppose even the average Windows user is aware of the difference between installing a program (intentionally) and viewing a picture. And if web sites weren't so overloaded with various scripting garbage, this might even benefit users, when web authors would have to learn to write proper HTML for a start (e.g., not using JavaScript for things that simple HTML forms can do just as well, which can be very annoying). But I'm digressing ...
But even if there was some "comfort" to it, it now clearly shows that the security implications are unmanageable. So if they care for security at all, they have to realize it was a wrong decision and undo it until it's too late (well, until it's even more too late than it already is ...). But as long as "opening" an email or web site can mean executing arbitrary code it contains, there's not a chance of hope for security.
BTW, this might apply just as well to Unix applications. I don't usually use this kind of programs, so I don't know how far the usual suspects have gone already (whether also for a strange sense of comfort, or just to imitate the Windows "experience"). I'd just say, beware ...
Try to map a network drive or even access to your CD-ROM it will tell you that only the system administrator can do that and because on Unix nobody works as system administrator then the system core never has a virus. In the worst case scenario only the files created by the user can be deleted or damaged not the files from other users so even if we had virus on Unix the impact over the system would be very small (to the user level only).
I've heard this argument, but I don't think it's a very strong point. On most machines the user data are more valuable than the system files. A system can easily be reinstalled, but user data may take a lot of time to recreate, or even cause financial loss. (Oh yeah, backups. Sure. Most people don't do them unless they've been *seriously* hit once or twice. I know professional programmers who don't do good backups ...)
It's true that a virus can hide in system programs and covertly spread more damage over time, but on Unix systems, they can do almost the same by manipulating the user's aliases, PATH, etc.
Both points are especially true of single-user machines, but that's what most potential victims are.
On Unix, as soon a user logs out from the system all applications running with that user permissions are forcelly terminated by the OS itself.
Not at all.
Frank
----- Original Message ----- From: "Frank Heckenbach" frank@g-n-u.de To: jrs@developcomponents.com; discussion@fsfeurope.org Sent: Thursday, February 05, 2004 9:49 PM Subject: Re: Question regarding an article fromMicrosft Hellas's CEO
Joao Ribeiro da Silva wrote:
The main problem with security on windows and other operating system is in their base. Unix like OSs are closed systems by default while Microsoft Windows is a open system by default.
(How good that we don't talk about "open source" software, otherwise this last sentence would really look strange ...)
Yes, no doubt about it (when I wrote it I didn't noticed, but you made me laught.).
On Unix like OSs in order for a user to run anything you need first to give him necessary permissions to do so. Otherwise not even a byte the user can read from whereever. On Windows you can do what so ever and then you starting removing power to a user (closing the system to that user).
But that's exactly one root of the problems. The latter model might be fine for a single-user standalone system (Dos and earlier Windows versions), but transfering it to a networked and/or multi-user system was a cardinal mistake. In principle it was clear from the beginning that this couldn't work (so they had plenty of time to rewrite it from scratch if they cared), now we're seeing the effects.
I think this case is directly related with the Microsoft views on network and TCP/IP services in 1996 when network and TCP/IP services where not seriouslly taken into account by Microsoft. TCP/IP services like HTTP, mail and so on were very weak on Microsoft Windows NT 3.5. Once Microsoft started to realise the power of those services and the importance of internet world wide, was already too late to make those critical changes in their system. Altought still possible, as you say. Meanwhile they didn't change the system into the right direction. Instead they implemented several services with many disregards to Network and TCP/IP protocol standards. A big mistake from Microsoft, at least in my oppinion.
Another basic problem which you didn't mention is the tendency to blur the distinction between executable code and data. AFAIK this tendency has even increased in Windows in the last years (MS-Word macro viruses, various "active" components all over the place and many more things, even the mangling of file name suffixes, so viruses could use double suffixes to "disguise" which is so ridiculous, etc.). For the average Windows user it's quite hard to tell whether they're viewing some data (image, text, ...) which is harmless unless it can exploit a bug in the viewer program, or executing some code which is always dangerous if it comes from unknown sources.
Again you are right. In my oppinion Microsoft never understood the phylosophy of 'keep-it-simple', instead they have made it so complex from the system point of view that sometimes I even wonder if they are able to fully understand their operating system behaviour. I doubt that someone on Microsoft at this point has a full view over all their operating system strenghts and weakneses. Without the full picture on this are, is at least very difficult to protect the system agains trojans, viroses and other mallicious possible attacks to their system. Instead of correcting problems from their root they patch the system to avoid a single type of attack when they come accross a problem. Are Microsoft OSs a big set of patches that runs over a badly crafted kernel, or something else.
I suppose they're doing it in the sake of "comfort" -- and for the most part I don't even see that point. Most users don't regularly receive executable programs by email or execute them from random web sites. I suppose even the average Windows user is aware of the difference between installing a program (intentionally) and viewing a picture. And if web sites weren't so overloaded with various scripting garbage, this might even benefit users, when web authors would have to learn to write proper HTML for a start (e.g., not using JavaScript for things that simple HTML forms can do just as well, which can be very annoying). But I'm digressing ...
But even if there was some "comfort" to it, it now clearly shows that the security implications are unmanageable. So if they care for security at all, they have to realize it was a wrong decision and undo it until it's too late (well, until it's even more too late than it already is ...). But as long as "opening" an email or web site can mean executing arbitrary code it contains, there's not a chance of hope for security.
I don't belive in that argument, because if Microsoft started from the begginning in the right direction like many Unix like system (eg: Linux, FreeBSD, etc) people had get used to use their applications and operating system in the same way and as easy as they use Windows today. People got use to what their OS requires and that's it. The need makes the monk.
BTW, this might apply just as well to Unix applications. I don't usually use this kind of programs, so I don't know how far the usual suspects have gone already (whether also for a strange sense of comfort, or just to imitate the Windows "experience"). I'd just say, beware ...
Try to map a network drive or even access to your CD-ROM it will tell you that only the system administrator can do that and because on Unix nobody works as system administrator then the system core never has a virus. In the worst case scenario only the files created by the user can be deleted or damaged not the files from other users so even if we had virus on Unix the impact over the system would be very small (to the user level only).
I've heard this argument, but I don't think it's a very strong point. On most machines the user data are more valuable than the system files. A system can easily be reinstalled, but user data may take a lot of time to recreate, or even cause financial loss. (Oh yeah, backups. Sure. Most people don't do them unless they've been *seriously* hit once or twice. I know professional programmers who don't do good backups ...)
In this case, I think you are right in one way and wrong in another. Why? Simple. When the programmer of a mallicious trojan, virus or any other tipe of action makes his decision on attacking another computer or computers he whants to destroy as much data as possible. He will not like the idea of the possibilty of damage the data of a single user, no he whants more, alot more. In this philosophy it's easy to understand why most of the viruses and trojans are designed forwindows where the possibility of impact and the prospect of destruction is alot higher (and simple to progam). I remember when the Virus 'I love you' stroke, I was working for Interland, the hosting compny in their offices in Amsterdam (when they had offices here). After our mail started to be infected by the virus, took me an hour open the code of the virus, change it, and using the same tecnology the virus used to spread my own virus that was a vacine for it. The only thng I did was reverting all the mallcious code inde the virus, it was very effective, after around 2 hours were no trace of the virus 'I Love You' inside the company.
It's true that a virus can hide in system programs and covertly spread more damage over time, but on Unix systems, they can do almost the same by manipulating the user's aliases, PATH, etc.
Yes, of course, but with the variaty of system configurations on Unix based systems, and other that are costumized by the systems administrators of each different company it can be a hard task to program something that will be really efficient.
Both points are especially true of single-user machines, but that's what most potential victims are.
On Unix, as soon a user logs out from the system all applications running with that user permissions are forcelly terminated by the OS itself.
Not at all.
Ok let's say for the majority of the applications this is true, only people that manipulate computers very well, like programmers and systems administrators end up to leave tasks running when logged out. What we are talking about here are the normal users, and not those taht difficultlly will ever be effectivelly attacked. Don's forget that the majority of the normal users run simple client applications under X windows and when they log out they close the applications o X closes it for them. This is the standard procedure. If we start talking about what isn't standard on this world then the possibilities are infinite giving space for what our imagination can came up with.
Frank
-- Frank Heckenbach, frank@g-n-u.de http://fjf.gnu.de/ GnuPG and PGP keys: http://fjf.gnu.de/plan (7977168E)
Joao
Joao Ribeiro da Silva wrote:
----- Original Message ----- From: "Frank Heckenbach" frank@g-n-u.de To: jrs@developcomponents.com; discussion@fsfeurope.org Sent: Thursday, February 05, 2004 9:49 PM Subject: Re: Question regarding an article fromMicrosft Hellas's CEO
Try to map a network drive or even access to your CD-ROM it will tell you that only the system administrator can do that and because on Unix nobody works as system administrator then the system core never has a virus. In the worst case scenario only the files created by the user can be deleted or damaged not the files from other users so even if we had virus on Unix the impact over the system would be very small (to the user level only).
I've heard this argument, but I don't think it's a very strong point. On most machines the user data are more valuable than the system files. [...]
In this case, I think you are right in one way and wrong in another. Why? Simple. When the programmer of a mallicious trojan, virus or any other tipe of action makes his decision on attacking another computer or computers he whants to destroy as much data as possible. He will not like the idea of the possibilty of damage the data of a single user, no he whants more, alot more.
If the lack of network security would allow the virus to spread, it will eventually reach the other users on a multi-user system anyway, even if local security prevents the direct route.
It's true that a virus can hide in system programs and covertly spread more damage over time, but on Unix systems, they can do almost the same by manipulating the user's aliases, PATH, etc.
Yes, of course, but with the variaty of system configurations on Unix based systems, and other that are costumized by the systems administrators of each different company it can be a hard task to program something that will be really efficient.
Sure, configurations are more diverse, but there are some central points (shell config files etc.) which are rather easy targets of attack, I suppose (no experience myself ;-).
On Unix, as soon a user logs out from the system all applications running with that user permissions are forcelly terminated by the OS itself.
Not at all.
Ok let's say for the majority of the applications this is true, only people that manipulate computers very well, like programmers and systems administrators end up to leave tasks running when logged out.
But we're talking about malicious programs. They could easily arrange to remain running after the user logs out (unless the user or admin has taken special measures to prevent this, which is not usually the case, AFAIK, since there are valid reasons for users to do so, such as long-running background jobs, `screen', etc.).
Frank
On Saturday 07 February 2004 11:12, Frank Heckenbach wrote:
Joao Ribeiro da Silva wrote:
But we're talking about malicious programs. They could easily
well... we're talking about humans... with a little effort we sent people to the moon. We can do anything.
Comparing windows and gnu/linux security, I would say gnu/linux is more secure, just because the programmers and administrators are more prepared.
And to end my view, I would use gnu/linux, even if it was less secure, so what is the point of discussing this? ;-)
[]s, gandhi
Ricardo Andere de Mello wrote:
Comparing windows and gnu/linux security, I would say gnu/linux is more secure, just because the programmers and administrators are more prepared.
I don't think it's *just* for this reason, it's also the design of the systems ...
And to end my view, I would use gnu/linux, even if it was less secure, so what is the point of discussing this? ;-)
At least originally it was to counter some FUD ...
Frank
Recently I wrote:
Another basic problem [of Microsoft software] is the tendency to blur the distinction between executable code and data.
Not to belabour the issue, but I was pleased to see that in the current issue of "CRYPTO-GRAM" Bruce Schneier, one of the world's leading security experts, makes the same point:
: Security vulnerabilities aren't like the weather; they don't just : happen. They are the result of mistakes: mistakes in the code, : mistakes in design, or mistakes in specification. MyDoom spread across : the Internet because of an enormous vulnerability in e-mail software: : users are allowed to execute arbitrary e-mail attachments. : : This is a bug. I know it's generally called a feature, but it's : not. It's a design flaw. It's a huge security vulnerability. And I : think it's high time we started calling it that.
http://www.schneier.com/crypto-gram-0402.html#8
Frank