Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 11-08-2005, 04:25 PM   #1 (permalink)
Junkie
 
Windows, Linux, Mac... Annoyance

I hate when people dog on Microsoft for security flaws up the wazoo. I see an article all the time about the latest virus and below that you see ignorent people saying "look another microsoft flaw switch to Mac!" Now I use linux just as much as I use windows, i'm working on my PHD in computer science and can safely say i know enough about computers, bugs, and security flaws to comment on this.

Wake up people! it is not that Microsoft is increadibly insecure it is that there are magnitudes of more people attacking windows than any other platform. Why? Because that is where the most people are. If mac or linux controlled 90% of the market you would quickly see them hit by all kinds of malware, viruses, worms, ect. All programs have these flaws in them. Maybe microsoft isn't the quickest at patching them but they aren't as bad as people make them out to be.

Now for the naysayers on this board who don't believe me here is a perfect example that proves my point. My parents are computer illeterate and not nothing about keeping a computer safe from exploits. They don't keep their virus software updated. The machine is not protected by a firewall. My parents don't patch weekly. Now the question is why don't they get hit by malware, viruses, ect? The answer is simple. They use windows 98. People have stopped writing viruses and exploits for that sytem. All the major recent worms didn't even scathe 98. Is 98 way more secure than XP? no way!

So the next time someone says I use Mac because it is so much more secure..... pop their bubble please because it is so annoying.
Rekna is offline  
Old 11-08-2005, 08:11 PM   #2 (permalink)
I am Winter Born
 
Pragma's Avatar
 
Location: Alexandria, VA
I've heard this argument before, and as someone who works in the networking security profession, I think it's a bunch of shit. Yes, some percentage of the Windows malware out there is related to the fact that it's got a very large market share. However, the overwhelming majority of the flaws are due to the fact that there really are a lot of security flaws in Windows.

Now, there's plenty of flaws in other operating systems, and the number of flaws is not at all a good indication of why you should switch. Instead, here's what you should look at: vendor response. When a flaw is discovered in Operating System Z, how long does it take for the vendor to release the patch, is the patch easily publicized and easy to install, etc. Microsoft does not exactly have the best track record for working with security researchers or for releasing patches in a timely fashion.

That said, Apple has had some pretty serious flaws in OSX that they haven't bothered patching (going on the philosophy of "it'll be patched in the next version" - don't remember exact case at the moment), and the Linux kernel admins wouldn't merge a third-party security fix to core kernel functionality if you held a gun to their heads.

Is there a solution? Nope, sorry. All operating systems have flaws - and you're never gonna fix it. However, certain operating systems are more secure than others. For instance, my OpenBSD servers are pretty hardened and I feel more confident about leaving them exposed to the internet than any of my Windows machines.
__________________
Eat antimatter, Posleen-boy!
Pragma is offline  
Old 11-08-2005, 08:27 PM   #3 (permalink)
Tilted
 
I hate when people keep trying to make this point over and over, it is irrelevant and incorrect.

1: Last I checked the super majority of the internet servers were Apache, yet the latest worm threatening to take down the Internet almost never hits Apache.

2: Using your comparsion of Mac to Windows, yes Mac's may be just as inherently insecure as windows boxes. But, as you stated there are less exploits for Mac's. They're going to get hacked, rooted, or zombied a lot less. So while Mac's may be inherently less secure they are practically more secure.

And they're pretty
Etarip is offline  
Old 11-08-2005, 08:57 PM   #4 (permalink)
Darth Papa
 
ratbastid's Avatar
 
Location: Yonder
What you're saying is true, but there's one other thing. Here's the main thing that Linux has over both Windows and Mac regarding security: it's Open Source Software.

If some Microsoft programmer makes a mistake or does something stupid, it's seen by a small handful of people who are accountable only to themselves for the quality and security of the code.

If a Linux contributor makes a mistake or does something stupid, their work is right out in public, reviewed and considered by hundreds, possibly thousands of people before it's even merged into the code tree. That doesn't necessarily mean there are fewer bugs, but it does mean that naive or thoughtless code doesn't stand much of a chance of making it into the product. Public accountability is probably OSS's strongest card, security-wise.
ratbastid is offline  
Old 11-08-2005, 09:33 PM   #5 (permalink)
Adequate
 
cyrnel's Avatar
 
Location: In my angry-dome.
Rekna, you're right none of them are secure. Assuming otherwise is asking for breaches. But some systems lend themselves more easily to security. By now you've delved into the architectures of Windows and *nix variants. Wouldn't you agree Windows tends to be monolithic vs. modular? Its weaknesses open doors through too many layers, making breaches more severe and making it harder to patch due to dependencies. (My personal hell would be maintenance coding at MS.)

Modern *nix releases have more of these problems from bloated install-eveything-kernels, but they're more easily patchable or isolated without a cascade of failures. Fewer interdependencies.

Whether or not a vendor chooses to patch is another item, and all our favorites have had good and bad days. I believe they're all getting much better at identifying, classifying, and prioritizing.

Also, I agree to a point on critical mass encouraging attacks. Similar to the biology game of life. If it's tough to find another victim among the crowd it's naturally difficult to reproduce. You still need the vulnerabilities, but having a healthy pasture of cattle is important. Mac viruses/worms need to survive longer to find victims and the resulting damage is smaller. Not a prime target for damage or profit even if Mac is your speciality.

As for your parents, I'm guessing they have reasonably safe surfing habits. Family/user personality makes a difference. If clicking the "OK/Accept" button has become a speed sport there are bound to be problems on any system. I've given up on a few cases. Better to give them a Ghost restore DVD to start fresh. Oh, the computing insanity.

As with anything it's the combination that makes reality. MS is at a disadvantage on several fronts. Some their fault, others not.
__________________
There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195
cyrnel is offline  
Old 11-08-2005, 09:39 PM   #6 (permalink)
I am Winter Born
 
Pragma's Avatar
 
Location: Alexandria, VA
Actually, cyrnel, just to nitpick, Linux is also a monolithic kernel.
__________________
Eat antimatter, Posleen-boy!
Pragma is offline  
Old 11-08-2005, 10:13 PM   #7 (permalink)
Adequate
 
cyrnel's Avatar
 
Location: In my angry-dome.
You're right. Too many thoughts compressed into "modern *nix releases". So many of these things are spectrums vs. absolutes. Advantages and disadvantages complement one other. I still believe open-ness helps counter many of the problems, even if it exposes them earlier.

It's hard to put this into quick replies without starting yet another analysis. Helps feed OS religions, no? Where would we be without... For me, these days, it's become use what works, for the task and customer, and keep it working. More time for something fun away from electrons.
__________________
There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195
cyrnel is offline  
Old 11-09-2005, 05:58 AM   #8 (permalink)
I am Winter Born
 
Pragma's Avatar
 
Location: Alexandria, VA
Normally, I wouldn't have the slightest idea about any of this, but we just covered this yesterday in my network security class. Here's some fun facts

Quote:
The monolithic approach defines a high-level virtual interface over the hardware, with a set of primitives or system calls to implement operating system services such as process management, concurrency, and memory management in several modules that run in supervisor mode.

Even if every module servicing these operations is separate from the whole, the code integration is very tight and difficult to do correctly, and, since all the modules run in the same address space, a bug in one module can bring down the whole system. However, when the implementation is complete and trustworthy, the tight internal integration of components allows the low-level features of the underlying system to be effectively utilized, making a good monolithic kernel highly efficient. Proponents of the monolithic kernel approach make the case that if code is incorrect, it does not belong in a kernel, and if it is, there is little advantage in the microkernel approach.
Monolithic kernels are the Linux and BSD distributions, Microkernels include things like Minix and AmigaOS, and there are hybrid kernels like BeOS and Windows 2000/XP/2003/Vista or Mac OS X.

The problem with monolithic kernels is this: let's say you go buy a new piece of hardware, plug it in, and install the driver that came on the CD with it. Now that driver is sitting in your kernel memory and has access to all kernel functions, all system memory, etc. Do you know who wrote the driver? Do you trust them with your data? Do you trust them to write a bug free driver to not crash your system? Bad drivers are the fastest way to bring down a monolithic kernel, and there are a variety of other security flaws that can occur with them.

Microkernels on the other hand have as little as possible in kernel space: just the core OS functionality to handle interprocess communication, virtual memory, and thread management. Everything else, including drivers, run as userland processes. The problem with microkernels is that they're traditionally much slower than monolithic kernels, simply because it has to go to user memory every time it wants to write to a device, send a packet on the internet, etc.

Hybrid kernels are basically modified microkernels. They take the microkernel approach of having next to nothing in the kernel, but then adds some other code so that it performs better. For instance, they may decide to load the device drivers into system memory while still keeping the microkernel approach of segmenting everything else out of kernel memory.

So what's the better way of doing things? I honestly don't know Either way, it's another fun fact about the "which OS is more/less secure" approach.
__________________
Eat antimatter, Posleen-boy!
Pragma is offline  
Old 11-09-2005, 07:54 AM   #9 (permalink)
Junkie
 
I agree with much of what is being said here. I'm in no way trying to say windows is better than nix or mac. In fact I prefer to use nix for many things. I'm not a big fan of macs though (maybe because i haven't used them enough, or maybe because i hate only have 1 friggen button on the mouse haha!).

My main point was this, the ammount of sanity checking needed on code to make it fully secure is next to impossible for an OS. Who wants to do formal verification of an entire OS? There will always be buffer overflow bugs that can be exploited somewhere. This is not nessarly the fault of microsoft but a problem that lies much deeper. Either in the way we have chosen to do software design (default accept vrs default deny) or in the natural complexity of code to increase vastly when doing sanity checking. Simple code segments that are 10 lines of code can quickly grow to a couple hundred lines of code with sanity checking.

My point was this saying you are switching OSes because one is more secure is being blind to the truth. At least say you are doing it because this OS is attacked less than another. Case in point the USA is probably one of the most secure nations in the world yet there are countries out there that are safer (Luxemburg maybe? Switzerland, ect) because people don't bother attacking them. The same is true with OSes.

And to the comment on my parents surfing habbits, it is true that their habbits are safer than some but not all that safe. In addition my 11 year old nephew uses their computer a lot and he definatly does not have safe surfing habbits. Plus most of the nasty viruses these days don't require you to even visit a website that contains it (love bug for example). Windows 98 was immune to the love bug.
Rekna is offline  
Old 11-09-2005, 08:50 AM   #10 (permalink)
Devoted
 
Redlemon's Avatar
 
Donor
Location: New England
Quote:
Originally Posted by Rekna
I'm not a big fan of macs though (maybe because i haven't used them enough, or maybe because i hate only have 1 friggen button on the mouse haha!).
/threadjack
All Macs now ship with the Mighty Mouse, which is multi-button and has a scrollball as well. Also, any USB mouse will work; I've used a 3 button mouse for years.
/end threadjack
__________________
I can't read your signature. Sorry.
Redlemon is offline  
Old 11-09-2005, 09:15 AM   #11 (permalink)
Lover - Protector - Teacher
 
Jinn's Avatar
 
Location: Seattle, WA
Quote:
My point was this saying you are switching OSes because one is more secure is being blind to the truth. At least say you are doing it because this OS is attacked less than another. Case in point the USA is probably one of the most secure nations in the world yet there are countries out there that are safer (Luxemburg maybe? Switzerland, ect) because people don't bother attacking them. The same is true with OSes.
I'm with Pragma on the "a bunch of bullshit" argument, and I've never needed to use a Linux distro for anything productive. There is certainly a factor of marketshare, but it's a minor factor in computer security. Think about Windows 3.11 or Windows 98. They had large marketshare, but there weren't many viruses for them. Why? Becuase the technology to exploit vulnerabilites wasn't there. As designers of malicious software get better and better, so too must the OS match the progression. Once we got past ARPAnet, the door flew up to a whole new medium for viruses to spread through. Previously, you really were only at risk with an infected floppy. Specifically, the network interfaces are the most likely areas for virus propogation, and Windows / *Nix approach it much differently. Windows left ports open, and only closed them when explicitly prompted. *Nix leaves ports closed, and only opens them with explicitly prompted. This was the first wave -- SP2 came out with Windows Firewall to change this modality, but there are still inherent security flaws of Windows that Linux has never had.

ActiveX is a prime example of a great idea that *in reality* just makes viruses easy to write. Linux browsers don't support it, for good reason -- it's very insecure and has far too much access to resources.

Similarly, Windows' tight integration of a WEB BROWSER into the operating system creates a huge flaw. Our biggest front for security-related threats nowadays, our browser, is connected to our most important software -- our OS. You won't see this in Linux distros.

These are all relatively generalistic, but there are PLENTY of OS specific vulnerabilities. Linux (typically) locks down far more with its system of users, privileges, runlevels, etc. THAT is why the majority of security breaches occur in Windows, not because they have the outstanding marketshare.

--That said, I will likely never use Linux unless it becomes far more mainstream. While recognizing the flaws in Windows' security designs, I am able to do everything that I want and need to do in Windows. I'm a very cautious user and I don't really run the risk of infection in ordinary circumstances. I can count on my drivers and programs to work how I expect them to work, and be compatible with 90% of the games and things that come out. I've installed Gentoo and others, but I got it installed and said.. "Now what?" I couldn't really do anything I COULDN'T do in Windows. Why bother? I didn't.. that partition was formatted soon after.
__________________
"I'm typing on a computer of science, which is being sent by science wires to a little science server where you can access it. I'm not typing on a computer of philosophy or religion or whatever other thing you think can be used to understand the universe because they're a poor substitute in the role of understanding the universe which exists independent from ourselves." - Willravel
Jinn is offline  
Old 11-09-2005, 11:22 AM   #12 (permalink)
Junkie
 
Quote:
Originally Posted by Redlemon
/threadjack
All Macs now ship with the Mighty Mouse, which is multi-button and has a scrollball as well. Also, any USB mouse will work; I've used a 3 button mouse for years.
/end threadjack
what about the laptops?
Rekna is offline  
Old 11-09-2005, 11:34 AM   #13 (permalink)
Devoted
 
Redlemon's Avatar
 
Donor
Location: New England
Quote:
Originally Posted by Rekna
what about the laptops?
Honestly, no idea. I've never even touched an iBook.
__________________
I can't read your signature. Sorry.
Redlemon is offline  
Old 11-09-2005, 09:13 PM   #14 (permalink)
Junkie
 
I know my friends ibook only has 1 button. it drives me crazy haha.
Rekna is offline  
Old 11-09-2005, 09:24 PM   #15 (permalink)
Adequate
 
cyrnel's Avatar
 
Location: In my angry-dome.
The laptops still have one button. They work better with one button than would Windows since the UI is designed for one, but there are times...

Plug in whatever PC multi-button mouse and it works.
__________________
There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195
cyrnel is offline  
Old 11-11-2005, 07:50 AM   #16 (permalink)
Junkie
 
yeah but who wants to carry a mouse around with their laptop?
Rekna is offline  
Old 11-11-2005, 07:56 AM   #17 (permalink)
Adequate
 
cyrnel's Avatar
 
Location: In my angry-dome.
Agreed. Just had to mention it. Lots of mac users have picked up the habit.
__________________
There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195
cyrnel is offline  
Old 11-11-2005, 08:41 AM   #18 (permalink)
Insane
 
AngelicVampire's Avatar
 
Windows does have security problems, its fundamentally not as secure as Linux systems. However most viruses exploit something that even linux cannot solve, the problem between the keyboard and the chair. I haven't had a virus on my computer for several years, I keep my antivirus upto date, my firewall up and so on, its pretty easy to avoid most viruses. The problem is that most people don't take minimal care of their machines... if people took as much care of their cars as they do of their computers the world would be a scary place!
AngelicVampire is offline  
Old 11-11-2005, 11:42 AM   #19 (permalink)
Professional Loafer
 
bendsley's Avatar
 
Location: texas
I thought maybe it was about time that I weighed in on this conversation. Granted, I am a linux fanatic. I use it everywhere I can. It's on my router, my PIX (IOS is based off of Linux), my TiVo, my home automation system, my phone system at home (asterisk), etc. However, at work, we're basically in bed with Microsoft, with the exceptions of the network monitoring system (cacti running on debian) and the Spam SMTP proxy that relays mail from the outside to the exchange server (amavisd, spamassassin, clamav, postfix, running on debian).

I see both worlds, and am open to both. There are some things I see the need for Microsoft for (ie. Office collaboration). There are others that I see the need for Linux/BSDs for.

MYTH: Safety in small numbers...

Perhaps the most often repeated myth regarding Windows vs. Linux security is the claim that Windows has more incidents of viruses, worms, Trojans and other problems because malicious hackers tend to confine their activities to breaking into the software with the largest installed base. This reasoning is applied to defend Windows and Windows applications. Windows dominates the desktop; therefore Windows and Windows applications are the focus of the most attacks, which is why you don't see viruses, worms and Trojans for Linux. While this may be true, at least in part, the intentional implication is not necessarily true: That Linux and Linux applications are no more secure than Windows and Windows applications, but Linux is simply too trifling a target to bother attacking.

This reasoning backfires when one considers that Apache is by far the most popular web server software on the Internet. According to the September 2004 Netcraft web site survey, 68% of web sites run the Apache web server. Only 21% of web sites run Microsoft IIS. If security problems boil down to the simple fact that malicious hackers target the largest installed base, it follows that we should see more worms, viruses, and other malware targeting Apache and the underlying operating systems for Apache than for Windows and IIS. Furthermore, we should see more successful attacks against Apache than against IIS, since the implication of the myth is that the problem is one of numbers, not vulnerabilities.

Yet this is precisely the opposite of what we find, historically. IIS has long been the primary target for worms and other attacks, and these attacks have been largely successful. The Code Red worm that exploited a buffer overrun in an IIS service to gain control of the web servers infected some 300,000 servers, and the number of infections only stopped because the worm was deliberately written to stop spreading. Code Red.A had an even faster rate of infection, although it too self-terminated after three weeks. Another worm, IISWorm, had a limited impact only because the worm was badly written, not because IIS successfully protected itself.

Yes, worms for Apache have been known to exist, such as the Slapper worm. (Slapper actually exploited a known vulnerability in OpenSSL, not Apache). But Apache worms rarely make headlines because they have such a limited range of effect, and are easily eradicated. Target sites were already plugging the known OpenSSL hole. It was also trivially easy to clean and restore infected site with a few commands, and without as much as a reboot, thanks to the modular nature of Linux and UNIX.

Perhaps this is why, according to Netcraft, 47 of the top 50 web sites with the longest running uptime (times between reboots) run Apache. None of the top 50 web sites runs Windows or Microsoft IIS. So if it is true that malicious hackers attack the most numerous software platforms, that raises the question as to why hackers are so successful at breaking into the most popular desktop software and operating system, infect 300,000 IIS servers, but are unable to do similar damage to the most popular web server and its operating systems?

Astute observers who examine the Netcraft web site URL will note that all 50 servers in the Netcraft uptime list are running a form of BSD, mostly BSD/OS. None of them are running Windows, and none of them are running Linux. The longest uptime in the top 50 is 1,768 consecutive days, or almost 5 years.

This appears to make BSD look superior to all operating systems in terms of reliability, but the Netcraft information is unintentionally misleading. Netcraft monitors the uptime of operating systems based on how those operating systems keep track of uptime. Linux, Solaris, HP-UX, and some versions of FreeBSD only record up to 497 days of uptime, after which their uptime counters are reset to zero and start again. So all web sites based on machines running Linux, Solaris, HP-UX and in some cases FreeBSD "appear" to reboot every 497 days even if they run for years. The Netcraft survey can never record a longer uptime than 497 days for any of these operating systems, even if they have been running for years without a reboot, which is why they never appear in the top 50.

That may explain why it is impossible for Linux, Solaris and HP-UX to show up with as impressive numbers of consecutive days of uptime as BSD -- even if these operating systems actually run for years without a reboot. But it does notexplain why Windows is nowhere to be found in the top 50 list. Windows does not reset its uptime counter. Obviously, no Windows-based web site has been able to run long enough without rebooting to rank among the top 50 for uptime.

Given the 497-rollover quirk, it is difficult to compare Linux uptimes vs. Windows uptimes from publicly available Netcraft data. Two data points are statistically insignificant, but they are somewhat telling, given that one of them concerns the Microsoft website. As of September 2004, the average uptime of the Windows web servers that run Microsoft's own web site (www.microsoft.com) is roughly 59 days. The maximum uptime for Windows Server 2003 at the same site is 111 days, and the minimum is 5 days. Compare this to www.linux.com (a sample site that runs on Linux), which has had both an average and maximum uptime of 348 days. Since the average uptime is exactly equal to the maximum uptime, either these servers reached 497 days of uptime and reset to zero 348 days ago, or these servers were first put on-line or rebooted 348 days ago.

The bottom line is that quality, not quantity, is the determining factor when evaluating the number of successful attacks against software.

MYTH: Open source inherently dangerous?

The impressive uptime record for Apache also casts doubt on another popular myth: That open source code (where the blueprints for the applications are made public) is more dangerous than proprietary source code (where the blueprints are secret) because hackers can use the source code to find and exploit flaws.

The evidence begs to differ. The number of effective Windows-specific viruses, Trojans, spyware, worms and malicious programs is enormous, and the number of machines repeatedly infected by any combination of the above is so large it is difficult to quantify in realistic terms. Malicious software is so rampant that the average time it takes for an unpatched Windows XP to be compromised after connecting it directly to the Internet is 16 minutes -- less time than it takes to download and install the patches that would help protect that PC.

As another example, the Apache web server is open source. Microsoft IIS is proprietary. In this case, the evidence refutes both the "most popular" myth and the "open source danger" myth. The Apache web server is by far the most popular web server. If these two myths were both true, one would expect Apache and the operating systems on which it runs to suffer far more intrusions and problems than Microsoft Windows and IIS. Yet precisely the opposite is true. Apache has a near monopoly on the best uptime statistics. Neither Microsoft Windows nor Microsoft IIS appear anywhere in the top 50 servers with the best uptime. Obviously, the fact that malicious hackers have access to the source code for Apache does not give them an advantage for creating more successful attacks against Apache than IIS.

MYTH: Conclusions based on single metrics

The remaining popular myths regarding the relative security of Windows vs. Linux are flawed by the fact that they are based only on a single metric -- a single aspect of measuring security. This is true whether the data comes from actual research, anecdotal information or even urban myth.

One popular claim is that, "there are more security alerts for Linux than for Windows, and therefore Linux is less secure than Windows". Another is, "The average time that elapses between discovery of a flaw and when a patch for that flaw is released is greater for Linux than it is for Windows, and therefore Linux is less secure than Windows."

The latter is the most mysterious of all. It is an imponderable mystery how anyone can reach the conclusion that Microsoft's average response time between discovery of a flaw and releasing the fix for that flaw is superior to that of anycompeting operating system, let alone superior to Linux. Microsoft took seven months to fix one of its most serious security vulnerabilities (Microsoft Security Bulletin MS04-007 ASN.1 Vulnerability, eEye Digital Security publishes the delay in advisory AD20040210), and there are flaws Microsoft has openly stated it will neverrepair. The Microsoft Security Bulletin MS03-010 about the Denial Of Service vulnerability in Windows NT says this will never be repaired. More recently, Microsoft stated that it would not repair Internet Explorer vulnerabilities for any operating systems older than Windows XP. Statistically speaking, seven months between discovery and fix might not have an overly dramatic effect on the average response time if you can find enough samples of excellent response times to offset anomalies like this, assuming they are anomalies. But it only takes one case of "never" to upset the statistical average beyond recovery.

This unsolvable mystery aside, consider whether it is meaningful to suggest that Linux is a greater security risk than Windows because the average time between the discovery of vulnerability and the release of a patch is greater with Linux than with Windows. Ask yourself this question: If you experienced a heart attack at this very moment, to which hospital emergency room would you rather be taken? Would you want to go to the one with the best average response time from check-in to medical treatment? Or would you rather be taken to an emergency room with a poor record for average response time, but where the patients with the most severe medical problems always get immediate attention?

One would obviously choose the latter, but not necessarily because the above information proves it is the better emergency room. The latter choice is preferable because it includes two metrics, one of which is more important to you at that precise moment. It is safe to assume that most people would avoid a hospital if they also knew they were likely to die of a heart attack waiting for a doctor to finish setting someone's fractured pinky, no matter how impressive the average response time for every medical emergency may be. The problem is that the above example doesn't give you sufficient information to make the best decision. It doesn't tell you how well the hospital with the best average response time prioritizes its cases. You would also benefit from knowing things like the mortality rate of emergency cases, the average skill of the resident physicians, and so on.

Obviously, the only way to produce a useful recommendation is to gather as many important metrics as possible about local emergency rooms, and then balance these metrics intelligently. It would be inexcusably irresponsible to recommend an emergency room for a heart attack based only on a single metric such as the average response time for all medical emergencies, especially when the other important information that would lead to a more ideal choice is readily available.

It is equally irrational and irresponsible to make a recommendation or a serious business decision based solely on a single metric such as the average elapsed time between a flaw's detection and fix for a given operating system, or the number of security alerts for any given product.

Any single metric is misleading in terms of importance. Let's consider the statement that there are more alerts for Linux software than Windows. This statistic is meaningless because it leaves the most important questions unanswered. Of all the security alerts, how many of the reported flaws represent a tangible risk? How severe are those risks? How likely are they to expose your systems to serious damage? These questions are important. Which is preferable: An operating system with 100 flaws that expose your systems to little or no damage and cannot be exploited by anyone except local users with a valid login account and physical access to your machine? Or would you prefer an operating system with 1 critical flaw that allows any malicious hacker on the Internet to wipe out all of the information on your server? Clearly, the number of alerts alone is not a meaningful metric for the security of one operating system over another.

Windows vs. Linux Design:

It is possible that email and browser-based viruses, Trojans and worms are the source of the myth that Windows is attacked more often than Linux. Clearly there are more desktop installations of Windows than Linux. It is certainly possible, if not probable, that Windows desktopsoftware is attacked more often because Windows dominates the desktop. But this leaves an important question unanswered. Do the attacks so often succeed on Windows because the attacks are so numerous, or because there are inherent design flaws and poor design decisions in Windows?

Many, if not most of the viruses, Trojans, worms and other malware that infect Windows machines do so through vulnerabilities in Microsoft Outlook and Internet Explorer. To put the question another way, given the same type of desktop software on Linux (the most often used web browsers, email, word processors, etc.), Are there as many security vulnerabilities on Linux as Windows?

Windows Design

Viruses, Trojans and other malware make it onto Windows desktops for a number of reasons familiar to Windows and foreign to Linux:

1. Windows has only recently evolved from a single-user design to a multi-user model
2. Windows is monolithic, not modular, by design
3. Windows depends too heavily on an RPC model
4. Windows focuses on its familiar graphical desktop interface

Windows has only recently evolved from a single-user design to a multi-user model

Critics of Linux are fond of saying that Linux is "old" technology. Ironically, one of the biggest problems with Windows is that it hasn't been able to escape its "old" legacy single-user design. Windows has long been hampered by its origin as a single-user system. Windows was originally designed to allow both users and applications free access to the entire system, which means anyone could tamper with a critical system program or file. It also means viruses, Trojans and other malware could tamper with any critical system program or file, because Windows did not isolate users or applications from these sensitive areas of the operating system.

Windows XP was the first version of Windows to reflect a serious effort to isolate users from the system, so that users each have their own private files and limited system privileges. This caused many legacy Windows applications to fail, because they were used to being able to access and modify programs and files that only an administrator should be able to access. That's why Windows XP includes a compatibility mode - a mode that allows programs to operate as if they were running in the original insecure single-user design. This is also why each new version of Windows threatens to break applications that ran on previous versions. As Microsoft is forced to hack Windows into behaving more like a multi-usersystem, the new restrictions break applications that are used to working without those restraints.

Windows XP represented progress, but even Windows XP could not be justifiably referred to as a true multi-user system. For example, Windows XP supports what Microsoft calls "Fast User Switching", which means that two or more people can log into a Windows XP system on a single PC at the same time. Here's the catch. This is only possible if and only ifthe PC is notset up to be part of a Windows network domain. That's because Microsoft networking was designed under the assumption that people who log into a network will do so from their own PC. Microsoft was either unable or unwilling to make the necessary changes to the operating system and network design to accommodate this scenario for Windows XP.

Windows Server 2003 makes some more progress toward true multi-user capabilities, but even Windows Server 2003 hasn't escaped all of the leftover single-user security holes. That's why Windows Server 2003 has to turn off many browser capabilities (such as ActiveX, scripting, etc.) by default. If Microsoft had redesigned these features to work in a safe, isolated manner within a true multi-user environment, these features would not present the severe risks that continue to plague Windows.

Windows is Monolithic by Design, not Modular

A monolithic system is one where most features are integrated into a single unit. The antithesis of a monolithic system is one where features are separated out into distinct layers, each layer having limited access to the other layers.

While some of the shortcomings of Windows are due to its ties to its original single-user design, other shortcomings are the direct result of deliberate design decisions, such as its monolithic design (integrating too many features into the core of the operating system). Microsoft made the Netscape browser irrelevant by integrating Internet Explorer so tightly into its operating system that it is almost impossible not to use IE. Like it or not, you invoke Internet Explorer when you use the Windows help system, Outlook, and many other Microsoft and third-party applications. Granted, it is in the best business interest of Microsoft to make it difficult to use anything but Internet Explorer. Microsoft successfully makes competing products irrelevant by integrating more and more of the services they provide into its operating system. But this approach creates a monster of inextricably interdependent services (which is, by definition, a monolithic system).

Interdependencies like these have two unfortunate cascading side effects. First, in a monolithic system, every flaw in a piece of that system is exposed through all of the services and applications that depend on that piece of the system. When Microsoft integrated Internet Explorer into the operating system, Microsoft created a system where any flaw in Internet Explorer could expose your Windows desktop to risks that go far beyond what you do with your browser. A single flaw in Internet Explorer is therefore exposed in countless other applications, many of which may use Internet Explorer in a way that is not obvious to the user, giving the user a false sense of security.

This architectural model has far deeper implications that most people may find difficult to grasp, one being that a monolithic system tends to make security vulnerabilities more critical than they need to be.

Perhaps an admittedly oversimplified visual analogy may help. Think of an ideally designed operating system as being comprised of three spheres, one in the center, another larger sphere that envelops the first, and a third sphere that envelope the inner two. The end-user only sees the outermost sphere. This is the layer where you run applications, like word processors. The word processors make use of commonly needed features provided by the second sphere, such as the ability to render graphical images or format text. This second sphere (usually referred to as "userland" by technical geeks) cannot access vulnerable parts of the system directly. It must request permission from the innermost sphere in order to do its work. The innermost sphere has the most important job, and therefore has the most direct access to all the vulnerable parts of your system. It controls your computer's disks, memory, and everything else. This sphere is called the "kernel"., and is the heart of the operating system.

In the above architecture, a flaw in the graphics rendering routines cannot do global damage to your computer because the rendering functions do not have direct access to the most vulnerable system areas. So even if you can convince a user to load an image with an embedded virus into the word processor, the virus cannot damage anything except the user's own files, because the graphical rendering feature lies outside the innermost sphere, and does not have permission to access any of the critical system areas.

The problem with Windows is that it does not follow sensible design practices in separating out its features into the appropriate layers represented by the spheres described above. Windows puts far too many features into the core, central sphere, where the most damage can be done. For example, if one integrates the graphics rendering features into the innermost sphere (the kernel), it gives the graphical rendering feature the ability to damage the entire system. Thus, when someone finds a flaw in a graphics-rendering scheme, the overly integrated architecture of Windows makes it easy to exploit that flaw to take complete control of the system, or destroy the entire system.

Finally, a monolithic system is unstable by nature. When you design a system that has too many interdependencies, you introduce numerous risks when you change one piece of the system. One change may (and usually does) have a cascading effect on all of the services and applications that depend on that piece of the system. This is why Windows users cringe at the thought of applying patches and updates. Updates that fix one part of Windows often break other existing services and applications. Case and point: The Windows XP service pack 2 already has a growing history of causing existing third-party applications to fail. This is the natural consequence of a monolithic system - any changes to one part of the machine affect the whole machine, and all of the applications that depend on the machine.

Windows Depends Too Heavily on the RPC model

RPC stands for Remote Procedure Call. Simply put, an RPC is what happens when one program sends a message over a network to tell another program to do something. For example, one program can use an RPC to tell another program to calculate the average cost of tea in China and return the answer. The reason it's called a remoteprocedure call is because it doesn't matter if the other program is running on the same machine, another machine in the next cube, or somewhere on the Internet.

RPCs are potential security risks because they are designed to let other computers somewhere on a network to tell your computer what to do. Whenever someone discovers a flaw in an RPC-enabled program, there is the potential for someone with a network-connected computer to exploit the flaw in order to tell your computer what to do. Unfortunately, Windows users cannot disable RPC because Windows depends upon it, even if your computer is not connected to a network. Many Windows services are simply designed that way. In some cases, you can block an RPC port at your firewall, but Windows often depends so heavily on RPC mechanisms for basic functions that this is not always possible. Ironically, some of the most serious vulnerabilities in Windows Server 2003 (see table in section below) are due to flaws in the Windows RPC functions themselves, rather than the applications that use them. The most common way to exploit an RPC-related vulnerability is to attack the service that uses RPC, not RPC itself.

It is important to note that RPCs are not always necessary, which makes it all the more mysterious as to why Microsoft indiscriminately relies on them. Assume for a moment that you create a web site using two servers. One server is a dedicated database server, and the other server is a dedicated web server. In this case, it is necessary for the database server to use RPCs, because the web server is on a separate machine and must be able to access the database server over the network connection. (Even in this case, one should configure the database server to "listen" only to the web server, and no other machine.) If you run both the database server and web server on the same machine, however, it is not only unnecessary for the database server to use RPCs, it is unwise to do so. The web server should be able to access the database server directly, because the two are running on the same machine. There is no technical or logical reason to expose the database server to the network, because it presents an unnecessary security risk.

We raise the issue of database servers because the Slammer worm, one of the most profoundly dangerous worms ever to hit the Internet, exploited one of the most inappropriate uses of RPC-like network communications ever implemented by Microsoft. Slammer infected so many systems so quickly that it practically brought the Internet to a standstill.

The Slammer worm caused havoc by exploiting two flaws in Microsoft SQL Server, a client/server SQL database server. One flaw was a most improbable feature of Microsoft SQL Server - one that allows you to run more than one instance of the database server at a time on a single machine. Here is why it is improbable. If you're not familiar with database servers, picture it this way. Under normal conditions, it makes no sense to run multiple instances of a database server on a single machine, because one instance is all that is needed, even if many different applications use it. One would be as likely to want to run two copies of Windows XP on a single machine at the same time as want to run multiple database servers on a single machine at the same time. One rarely runs multiple instances of a database server on purpose, except in high-end applications or for testing and development.

The easy way to allow multiple instances of SQL Server to run simultaneously without interfering with one another is to create an RPC mechanism that sorts out requests for data, so that a fax application queries its own copy of SQL Server, and a time-billing application queries yet another copy of SQL Server. To complicate matters, Microsoft development tools encourage the same monolithic approach Microsoft uses, so a broad range of applications - time-billing software, fax software, project management - almost 200 applications, many of them desktop applications, use the unnecessarily vulnerable SQL Server engine. As a result, hundreds of thousands, if not millions, of people use desktopapplications that depend on the SQL Server engine with multiple network services enabled, many of which are exposed to the Internet. One could hardly concoct a better recipe for disaster.

As a result, Slammer found countless machines to attack because these features are enabled by default on every SQL Server engine. While SQL Server is not yet integrated into Windows, its ubiquity across applications from fax software to time billing software made it effectively a part of a larger monolithic system, thus opening the way to an attack path that is symptomatic of a monolithic system. Unfortunately, SQL Server is likely to be tightly integrated into the upcoming new Windows File System WinFS originally slated for Longhorn. If anyone thinks integrating SQL Server into the operating system is a good idea, they should consider what happened with the Slammer worm.

Windows focuses on its familiar graphical desktop interface

Microsoft considers its familiar Windows interface as the number one benefit for using Windows Server 2003. To quote from the Microsoft web site, "With its familiar Windows interface, Windows Server 2003 is easy to use. New streamlined wizards simplify the setup of specific server roles and routine server management tasks..."

By advocating this type of usage, Microsoft invites administrators to work with Windows Server 2003 at the server itself, logged in with Administrator privileges. This makes the Windows administrator most vulnerable to security flaws, because using vulnerable programs such as Internet Explorer expose the server to security risks.


Linux Design

According to the Summer 2004 Evans Data Linux Developers Survey, 93% of Linux developers have experienced two or fewer incidents where a Linux machine was compromised. Eighty-seven percent had experienced only one such incident, and 78% have never had a cracker break into a Linux machine. In the few cases where intruders succeeded, the primary cause was inadequately configured security settings.

More relevant to this discussion, however, is the fact that 92% of those surveyed have never experienced a virus, Trojan, or other malware infection on Linux.

Viruses, Trojans and other malware rarely, if ever, manage to infect Linux systems, in part because:

1. Linux is based on a long history of well fleshed-out multi-user design
2. Linux is mostly modular by design
3. Linux does not depend upon RPC to function, and services are usually configured not to use RPC by default
4. Linux servers are ideal for headless non-local administration

Keep in mind when reading the summaries below that there are variations in the default configurations of the different distributions of Linux, so what may be true of Red Hat Linux may not be true of Debian and there may be even more differences in SuSE. For the most part, all the major Linux distributions tend to follow sane guidelines in the default configurations.

Linux is based on a long history of well fleshed-out multi-user design

Linux does not have a history of being a single-user system. Therefore it has been designed from the ground-up to isolate users from applications, files and directories that affect the entire operating system. Each user is given a user directory where all of the user's data files and configuration files are stored. When a user runs an application, such as a word processor, that word processor runs with the restricted privileges of the user. It can only write to the user's own home directory. It cannot write to a system file or even to another user's directory unless the administrator explicitly gives the user permission to do so.

Even more important, Linux provides almost all capabilities, such as the rendering of JPEG images, as modular libraries. As a result, when a word processor renders JPEG images, the JPEG rendering functions will run with the same restricted privileges as the word processor itself. If there is a flaw in the JPEG rendering routines, a malicious hacker can only exploit this flaw to gain the same privileges as the user, thus limiting the potential damage. This is the benefit of a modular system, and it follows more closely the spherical analogy of an ideally designed operating system (see the section Windows is Monolithic by Design, not Modular).

Given the default restrictions in the modular nature of Linux; it is nearly impossible to send an email to a Linux user that will infect the entire machine with a virus. It doesn't matter how poorly the email client is designed or how badly it may behave - it only has the privileges to infect or damage the user's own files. Linux browsers do not support inherently insecure objects such as ActiveX controls, but even if they did, a malicious ActiveX control would only run with the privileges of the user who is running the browser. Once again, the most damage it could do is infect or delete the user's own files.

Even services, such as web servers, typically run as users with restricted privileges. For example, Debian GNU/Linux runs the Apache server as the user "www-data", who belongs to a group with the same name, "www-data". If a malicious hacker manages to gain complete control over the Apache web server on a Debian system, that hacker can only affect files owned by the user "www-data", such as web pages. In turn, the MySQL SQL database server often used in conjunction with Apache, runs with the privileges of the user "mysql". So even if Apache and MySQL are used together to serve web pages, a malicious hacker who gains control of Apache does not have the privileges to exploit the Apache hole in order to gain control of the database server, because the database server is "owned" by another user.

In addition, users associated with services such as Apache, MySQL, etc., are often set up with user accounts that have no access to a command line. So if a malicious hacker somehow breaks into the MySQL user account, that hacker cannot exploit that vulnerability to issue arbitrary commands to the Linux server, because that account has no ability to issue commands.

In sharp contrast, Windows was originally designed to allow all users and applications to have administrator access to every file on the system. Windows has only gradually been re-worked to isolate users and what they do from the rest of the system. Windows Server 2003 is close to achieving this goal, but the methodology Microsoft has employed to create this barrier between user and system is still largely composed of constantly changing hacks to the existing design, rather than a fundamental redesign with multi-user capability and security as the foundational concept behind the system.

Linux is Modular by Design, not Monolithic

Linux is for the most part a modularly designed operating system, from the kernel (the core "brains" of Linux) to the applications. Almost nothing in Linux is inextricably intertwined with anything else. There is no single browser engine used by help systems or email programs. Indeed, it is easy to configure most email programs to use a built-in browser engine to render HTML messages, or launch any browser you wish to view HTML documents or jump to links included in an email message. Therefore a flaw in one browser engine does not necessarily present a danger to any other application on the system, because few if any other applications besides the browser itself must depend on a single browser engine.

Not everything in Linux is modular. The two most popular graphical desktops, KDE and GNOME, are somewhat monolithic by design; at least enough so that an update to one part of GNOME or KDE can potentially break other parts of GNOME or KDE. Neither GNOME nor KDE are so monolithic, however, as to require you to use GNOME or KDE-specific applications. You can run GNOME applications or any other applications under KDE, and you can run KDE or any other applications under GNOME.

The Linux kernel supports modular drivers, but it is essentially a monolithic kernel where services in the kernel are interdependent. Any adverse impact of this monolithic approach is minimized by the fact that the Linux kernel is designed to be as minimal a part of the system as possible. Linux follows the following philosophy almost to a point of fanaticism: "Whenever a task can be done outside the kernel, it must be done outside the kernel." This means that almost every useful feature in Linux ("useful" as perceived by an end user) is a feature that does not have access to the vulnerable parts of a Linux system.

In contrast, bugs in graphics card drivers are a common cause of the Windows blue-screen-of-death. That's because Windows integrates graphics into the kernel, where a bug can cause a system failure. With only a few proprietary exceptions (such as the third-party NVidia graphics driver), Linux forces all graphics drivers to run outside the kernel. A bug in a graphics driver may cause the graphical desktop to fail, but not cause the entire system to fail. If this happens, one simply restarts the graphical desktop. One does not need to reboot the computer.

Linux is Not Constrained by an RPC Model

As stated above in the section on Windows, RPC stands for Remote Procedure Call. Simply put, an RPC allows one program to tell another program to do something, even if that other program resides on another computer. For example, one program can use an RPC to tell another program to calculate the average cost of tea in China and return the answer. The reason it's called a remoteprocedure call is because it doesn't matter if the other program is running on the same machine, another machine in the next cube, or somewhere on the Internet.

Most Linux distributions install programs with network access turned off by default. For example, the MySQL SQL database server is usually installed such that it does not listen to the network for instructions. If you build a web site using Apache and MySQL on the same server machine, then Apache will interact with MySQL without MySQL having to listen to the network. Contrast this to SQL Server, which listens to the network whether or not it is necessary to do so. If you want MySQL to listen to the network, you must turn on that feature manually, and then explicitly define the users and machines allowed to access MySQL.

Even when Linux applications use the network by default, they are most often configured to respond only to the local machine and ignore any requests from other machines on the network.

Unlike Windows Server 2003, you can disable virtually all network-related RPC services on a Linux machine and still have a perfectly functional desktop.

Linux servers are ideal for headless non-local administration

A Linux server can be installed, and often should be installed as a "headless" system (no monitor is connected) and administered remotely. This is often the ideal type of installation for servers because a remotely administered server is not exposed to the same risks as a locally administered server.

For example, you can log into your desktop computer as a normal user with restricted privileges and administer the Linux server through a browser-based administration interface. Even the most critical browser-based security vulnerability affects only your local user-level account on the desktop, leaving the server untouched by the security hole.

This may be one of the most important differentiating factors between Linux and Windows, because it virtually negates most of the critical security vulnerabilities that are common to both Linux and Windows systems, such as the vulnerabilities of the Mozilla browser vs. the Internet Explorer browser.

References:

Netcraft Web Survey for September 2004
http://news.netcraft.com/archives/20...er_survey.html

Netcraft Top 50 Servers With Longest Uptime (results may differ since the information changes daily)
http://uptime.netcraft.com/up/today/top.avg.html

Unpatched PC "Survival Time" Just 16 Minutes, Gregg Keizer, TechWeb News
http://www.internetweek.com/breaking...cleID=29106061

Top 10 Benefits of Windows Server 2003
http://www.microsoft.com/windowsserv...top10best.mspx

Microsoft Security Bulletin, Current Downloads
http://www.microsoft.com/technet/sec...CurrentDL.aspx

Default Settings Different on Windows Server 2003
These settings are enumerated on several alert pages under "Frequently Asked Questions, What is Internet Explorer Enhanced Security Configuration?" The following is one such URL.
http://www.microsoft.com/technet/sec.../ms03-032.mspx

Red Hat Enterprise Linux Advance Server v.3 Security Advisories
https://rhn.redhat.com/errata/rhel3a...-security.html

CERT search for Microsoft Alerts
http://www.kb.cert.org/vuls/bymetric...er=4&count=100

CERT search for Red Hat Alerts
http://www.kb.cert.org/vuls/bymetric...er=4&count=100

CERT search for Linux Alerts
http://www.kb.cert.org/vuls/bymetric...er=4&count=100
__________________
"You hear the one about the fella who died, went to the pearly gates? St. Peter let him in. Sees a guy in a suit making a closing argument. Says, "Who's that?" St. Peter says, "Oh, that's God. Thinks he's Denny Crane."
bendsley is offline  
 

Tags
annoyance, linux, mac, windows

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 05:40 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360