----- Original Message ----- From: "Frank Heckenbach" frank@g-n-u.de To: jrs@developcomponents.com; discussion@fsfeurope.org Sent: Thursday, February 05, 2004 9:49 PM Subject: Re: Question regarding an article fromMicrosft Hellas's CEO
Joao Ribeiro da Silva wrote:
The main problem with security on windows and other operating system is in their base. Unix like OSs are closed systems by default while Microsoft Windows is a open system by default.
(How good that we don't talk about "open source" software, otherwise this last sentence would really look strange ...)
Yes, no doubt about it (when I wrote it I didn't noticed, but you made me laught.).
On Unix like OSs in order for a user to run anything you need first to give him necessary permissions to do so. Otherwise not even a byte the user can read from whereever. On Windows you can do what so ever and then you starting removing power to a user (closing the system to that user).
But that's exactly one root of the problems. The latter model might be fine for a single-user standalone system (Dos and earlier Windows versions), but transfering it to a networked and/or multi-user system was a cardinal mistake. In principle it was clear from the beginning that this couldn't work (so they had plenty of time to rewrite it from scratch if they cared), now we're seeing the effects.
I think this case is directly related with the Microsoft views on network and TCP/IP services in 1996 when network and TCP/IP services where not seriouslly taken into account by Microsoft. TCP/IP services like HTTP, mail and so on were very weak on Microsoft Windows NT 3.5. Once Microsoft started to realise the power of those services and the importance of internet world wide, was already too late to make those critical changes in their system. Altought still possible, as you say. Meanwhile they didn't change the system into the right direction. Instead they implemented several services with many disregards to Network and TCP/IP protocol standards. A big mistake from Microsoft, at least in my oppinion.
Another basic problem which you didn't mention is the tendency to blur the distinction between executable code and data. AFAIK this tendency has even increased in Windows in the last years (MS-Word macro viruses, various "active" components all over the place and many more things, even the mangling of file name suffixes, so viruses could use double suffixes to "disguise" which is so ridiculous, etc.). For the average Windows user it's quite hard to tell whether they're viewing some data (image, text, ...) which is harmless unless it can exploit a bug in the viewer program, or executing some code which is always dangerous if it comes from unknown sources.
Again you are right. In my oppinion Microsoft never understood the phylosophy of 'keep-it-simple', instead they have made it so complex from the system point of view that sometimes I even wonder if they are able to fully understand their operating system behaviour. I doubt that someone on Microsoft at this point has a full view over all their operating system strenghts and weakneses. Without the full picture on this are, is at least very difficult to protect the system agains trojans, viroses and other mallicious possible attacks to their system. Instead of correcting problems from their root they patch the system to avoid a single type of attack when they come accross a problem. Are Microsoft OSs a big set of patches that runs over a badly crafted kernel, or something else.
I suppose they're doing it in the sake of "comfort" -- and for the most part I don't even see that point. Most users don't regularly receive executable programs by email or execute them from random web sites. I suppose even the average Windows user is aware of the difference between installing a program (intentionally) and viewing a picture. And if web sites weren't so overloaded with various scripting garbage, this might even benefit users, when web authors would have to learn to write proper HTML for a start (e.g., not using JavaScript for things that simple HTML forms can do just as well, which can be very annoying). But I'm digressing ...
But even if there was some "comfort" to it, it now clearly shows that the security implications are unmanageable. So if they care for security at all, they have to realize it was a wrong decision and undo it until it's too late (well, until it's even more too late than it already is ...). But as long as "opening" an email or web site can mean executing arbitrary code it contains, there's not a chance of hope for security.
I don't belive in that argument, because if Microsoft started from the begginning in the right direction like many Unix like system (eg: Linux, FreeBSD, etc) people had get used to use their applications and operating system in the same way and as easy as they use Windows today. People got use to what their OS requires and that's it. The need makes the monk.
BTW, this might apply just as well to Unix applications. I don't usually use this kind of programs, so I don't know how far the usual suspects have gone already (whether also for a strange sense of comfort, or just to imitate the Windows "experience"). I'd just say, beware ...
Try to map a network drive or even access to your CD-ROM it will tell you that only the system administrator can do that and because on Unix nobody works as system administrator then the system core never has a virus. In the worst case scenario only the files created by the user can be deleted or damaged not the files from other users so even if we had virus on Unix the impact over the system would be very small (to the user level only).
I've heard this argument, but I don't think it's a very strong point. On most machines the user data are more valuable than the system files. A system can easily be reinstalled, but user data may take a lot of time to recreate, or even cause financial loss. (Oh yeah, backups. Sure. Most people don't do them unless they've been *seriously* hit once or twice. I know professional programmers who don't do good backups ...)
In this case, I think you are right in one way and wrong in another. Why? Simple. When the programmer of a mallicious trojan, virus or any other tipe of action makes his decision on attacking another computer or computers he whants to destroy as much data as possible. He will not like the idea of the possibilty of damage the data of a single user, no he whants more, alot more. In this philosophy it's easy to understand why most of the viruses and trojans are designed forwindows where the possibility of impact and the prospect of destruction is alot higher (and simple to progam). I remember when the Virus 'I love you' stroke, I was working for Interland, the hosting compny in their offices in Amsterdam (when they had offices here). After our mail started to be infected by the virus, took me an hour open the code of the virus, change it, and using the same tecnology the virus used to spread my own virus that was a vacine for it. The only thng I did was reverting all the mallcious code inde the virus, it was very effective, after around 2 hours were no trace of the virus 'I Love You' inside the company.
It's true that a virus can hide in system programs and covertly spread more damage over time, but on Unix systems, they can do almost the same by manipulating the user's aliases, PATH, etc.
Yes, of course, but with the variaty of system configurations on Unix based systems, and other that are costumized by the systems administrators of each different company it can be a hard task to program something that will be really efficient.
Both points are especially true of single-user machines, but that's what most potential victims are.
On Unix, as soon a user logs out from the system all applications running with that user permissions are forcelly terminated by the OS itself.
Not at all.
Ok let's say for the majority of the applications this is true, only people that manipulate computers very well, like programmers and systems administrators end up to leave tasks running when logged out. What we are talking about here are the normal users, and not those taht difficultlly will ever be effectivelly attacked. Don's forget that the majority of the normal users run simple client applications under X windows and when they log out they close the applications o X closes it for them. This is the standard procedure. If we start talking about what isn't standard on this world then the possibilities are infinite giving space for what our imagination can came up with.
Frank
-- Frank Heckenbach, frank@g-n-u.de http://fjf.gnu.de/ GnuPG and PGP keys: http://fjf.gnu.de/plan (7977168E)
Joao