A Secure OS For the Dalai Lama? 470
Jamyang (Greg Walton) writes "I am editor of the Infowar Monitor and co-author of the recent report, Tracking Ghostnet. I have been asked by the Office of His Holiness, the Dalai Lama (OHHDL) and the Tibetan Government in Exile (TGIE) to offer some policy recommendations in light of the ongoing targeted malware attacks directed at the Tibetan community worldwide. Some of the recommendations are relatively straightforward. For example, I will suggest that OHHDL convene an international Board of Advisers, bringing together some of the brightest minds in computer and international security to advise the Tibetans, and that the new Tibetan university stands up a Certified Ethical Hacking course. However, one of the more controversial moves being actively debated by Tibetans on the Dharamsala IT Group [DITG] list, is a mass migration of the exile community (including the government) to Linux, particularly since all of the samples of targeted malware collected exploit vulnerabilities in Windows. I would be very interested to hear Slashdot readers opinions on this debate here." (More below.)
Jamyang continues: "Allow me to play devil's advocate for a moment here: in the short term, moving to a platform that is perhaps less familiar to the attacker provides considerable relief, but it is essentially less difficult to write exploits for Mac OS/Linux than it is for Windows, given the many anti-exploitation mechanisms Microsoft has embedded in the last years, so in the long run, if the attackers want your data, the entire move is moot. People should choose a platform based on their productivity requirements instead of purely security. Furthermore, most of the web servers broken into during these attacks (to be used as command and control servers) were not Windows, but Linux. What do you think?(While I have the floor I'd also like to take this opportunity to plug two initiatives where Slashdot readers can directly help the Tibetan tech community, either through sharing your expertise or your cash! Firstly, one of the obstacles to migrating to Linux for a Tibetan speaker is the lack of decent Tibetan font — can you help? Secondly, Avaaz is raising funds for projects that will help End The Blackout in Tibet, including a proposal to support the deployment of Psiphon's circumvention network. Thanks, or in Tibetan, thuk.je.che!"
Lack of font? Design your own! (Score:5, Informative)
Re: (Score:3, Interesting)
Re:Lack of font? Design your own! (Score:5, Funny)
put together their own Linux distro
Dalai Linux!
Re:Lack of font? Design your own! (Score:4, Funny)
So is the new college slogan "FREE (LIBRE) TIBET!"?
Re:Lack of font? Design your own! (Score:4, Funny)
No, I think the FOSS acronym for Free & Open Source Software would become "Oppressed But Engaging In Passive Resistance Software".
I'm not sure, however, what RMS would make of the acronym OBEIPRS.
Re: (Score:3, Funny)
I'm not sure, however, what RMS would make of the acronym OBEIPRS.
He'd complain that it really should be properly named GNU/OBEIPRS.
Re:Lack of font? Design your own! (Score:5, Funny)
Dalai Linux!
It really whips the Llama's ass!
Re: (Score:3, Funny)
Dalai Linux!
Whatever you do, don't use Winamp as the media player as that would be a security breach. You see, it kicks the Lama's a$$. It tells me so every time I install it.
Re:Lack of font? Design your own! (Score:5, Informative)
You are trying to solve the wrong problem. You are assuming that you are facing random attacks from an attacker who just wants to go for some computer, any computer. In that case being on an uncommon system helps because the attacker sees less profit. However; in this specific case moving to a low usage system is the worst possible thing you can do. The attacker is the Chinese government and they have the resources and will to make special dedicated custom attacks. Moving to an OS that nobody else uses gives them several advantages.
A) the system is less likely to have had serious peer review so finding vulnerabilities should be easier for their Chinese enemies.
B) the Chinese attackers can minimise collateral damage:
note the Chinese do not want to cause needless trouble - if they release an exploit for a windows vulnerability they have a risk of damaging random US govt computers which might give a propaganda advantage to Pentagon people at the wrong moment. It's much more convenient for them if they have an easy way to identify a Tibetan computer. If only Tibetans use an OS, then attacking that OS is perfect.
Things that the Tibetans want within their system.
A) serious general stability and safety (==properly audited open source by people who take security seriously)
B) methods to recognise applications which have gone rogue (==mandatory access control per application)
C) proper systems for monitoring system changes (==tripwire etc)
D) variable security so that experts in their community can detect problems whilst others can still work (==security features such as SELinux which can be turned on gradually)
E) fully controlled but very rapid security updates (==apt / yum etc).
For me that means that they want to have serious mandatory access control / role based access so that they can build application specific traps for malware (as in SELINUX). They need to have a system they can basically trust (OpenBSD) They want to have file based intrusion detection (tripwire / OpenBSD's systems). They need to have a system where they can take updates under their own control, but mostly don't have to do that.
When it comes to what I would recommend for them that's an incredibly difficult problem. Windows is out because it fails to provide so many of the basics. OpenBSD I would love to recommend, but the impossibility of building automated updates and the lack of role based access control rules it out for me. Probably I would end up recommending a CentOS (for normal users/people without money)/RedHat (for places needing commercial support) based system with a custom update distribution in places where RedHat's update policy is insufficient or where attacks via RedHat are a fear.
One thing which is absolutely clear; Windows should be ruled out
A) The Chinese government has preferential access to the Windows source code. As such they will always know a vulnerability you don't. If you are their enemy then it can never be an acceptable system.
B) Windows is closed source and the build is under someone else's control; this means you can never be sure what is on your system and can never reduce it to just the components you need
C) Windows is closed source and won't publish the source after a security breach; this makes it impossible to isolate root causes for an attack and stop them happening again.
D) Windows is closed source and impossible to customise. This makes it impossible to set traps for malware with custom security systems and leads to a security monoculture.
E) Windows is run by a commercial entity with an interest in turning on functionality. This means that even secure systems very rapidly become insecure when used by less experienced users.
However there's one crucial problem
A,B,C,D...Z) If the user administrator is clueless they won't spot attacks so a total Linux newbie will be much worse than a Windows expert.
Overall, the advice to move to Linux isn't bad, but it's something which the Tibetan community will have to do in a very serious and planned way whilst at the same time building up the number of security experts in their community and doing serious work on this. Without that kind of effort the effect will be worse than their current situation.
Re:Lack of font? Design your own! (Score:4, Insightful)
Actually, designing a Tibetan font is rather difficult. Tibetan letters combine in complicated ways (somewhat like Devanagari, but worse), meaning that it is either necessary to produce very sophisticated rendering software/info or necessary to create a large number of pre-combined glyphs.
Re:Lack of font? Design your own! (Score:5, Insightful)
I know purists will hate this, but another solution would be to create a standardized way to display tibetan without the letter combination. Just like japanese has a more or less standardized process for displaying japanese words in the roman alphabet, a way to do something simliar in Tibetan would be useful. Spending a ton of time modifying all western software to use advanced typography to display Tibetan "correctly" could well backfire. The end result would be the effort required would result in few programs being translated at all, and another language becoming the defacto standard for computer savvy Tibetans. That road leads to youth with minimal skills in their own cultural language.
Re: (Score:3, Insightful)
Mashing everything into the roman alphabet isn't necessarily the best thing. The Japanese don't use romaji at all in any real contexts. So it's a more complex script? Make sure Unicode supports it. Update the rendering engines to handle it. No sense in forcing people to give up part of their language just to use software.
In ca
Re:Lack of font? Design your own! (Score:5, Interesting)
Also, changing your society to match the capabilities of some software is -always- the wrong way.
Sorry to be so blunt, but that's bullshit. Europe made massive changes to its writing systems with the advent of new writing and printing technologies. And that was the right thing to do because it greatly increased literacy.
Tibetan literacy rates historically have been atrocious, and even today, they are worse than many other nations. Reform and simplification of the Tibetan writing system might well be the right thing to do, and the requirements of software generally coincide with sensible simplification.
SIL Graphite Smartfont? (Score:4, Informative)
Unfortunately, the default font rendering toolkit in Linux, Pango [sil.org] is not a smart-font technology.
However, the pango-graphite [ubuntu.com] library supports the smartfont technology if fonts are authored with the appropriate tables.
I think that people need to share their experiences with designing [sil.org] smart fonts. This way, more projects know what are their options.
Re: (Score:3, Insightful)
It's not a question of purists. There aren't that many people in the world who read Tibetan. So you'd more likely do harm than good this way. Furthermore, Tibetan Unicode support is very good, so there's no need to redesign the type system. For instance, let's see what happens here:
à½-à½à¾à½à¼à½à½à½¦à¼à½-à½'à½à¼à½£à½à½à½
Re:Lack of font? Design your own! (Score:4, Insightful)
Combining letters aren't an intrinsic necessity in any language, they are an affectation and a mechanism for keeping people illiterate. European languages used to have them and got rid of them because the only purpose they serve is to restrict access to reading and writing.
Tibetan can be written just fine in an alphabetic style. It would be prudent for the Dalai Lama to make that the standard for the Tibetan community.
Re:Lack of font? Design your own! (Score:4, Informative)
Yes, I would say that it is more difficult than Arabic. In the case of Arabic you've just got positional variants of most letters, but they don't actually combine in particularly complicated ways, with a few limited exceptions that can be treated as ligatures, e.g. alif-lam. The problem in Tibet in is that you not only have vowel diacritics like in Devanagari but complex stacks of consonants.
Re:Lack of font? Design your own! (Score:4, Insightful)
And failing the thousands of monks having nothing better to do than to spend hours with FontForge, they could just import (read: infringe upon copyright) the fonts they like under Windows and place them into Linux.
The original notions put forward do mirror my initial concerns when moving from Windows to Linux. Among those concerns were a good Japanese language interface and input method, good fonts and printer support. The first two were addressed with some heavy pushing in that direction with SCIM and whatever it was that came before it... then it became as good or better than Windows. The other was just opening up some man pages or simply giving it a try... turned out not to be difficult in the slightest.
Moving to a different operating system is a seemingly daunting task to those who have never done it before and they are required, then, to think of computing in terms of what you need to do and how you might accomplish it... not something most people are accustomed to thinking about. (The same can be said about moving from Word Perfect to Microsoft Word and it was a BIG deal!)
Moving away from Windows is simply necessary judging by the kinds of attacks described. Another option might be Deep Freeze... has that been defeated yet?
One thing is for certain: one should not be stopped from performing a necessary task merely because it is "difficult." Just do it. If it seems impossible, give it a try anyway. But moving the religious leader and all his followers to Linux is definitely a workable thing to do.
Re:Lack of font? Design your own! (Score:5, Funny)
But converting the religious leader and all his followers to Linux is definitely a workable thing to do.
Re:Lack of font? Design your own! (Score:4, Interesting)
It reminds me of how Bhutan's government has developed its own Debian derivative - Dzongkha Debian Linux - which supports their native language. They have made a font for it too. Costs: around $80 000. I'm sure Tibet can afford such a price.
Re:Lack of font? Design your own! (Score:5, Informative)
Actually, There are about five free, unicode fonts that I know of for Tibetan and Dzongkha. Both Windows and Linux support these fonts, and many traditional texts have been typed in unicode. (OSX has a small problem, from what I've heard).
There are two produced by Chris Fynn TibetanMachineUnicode from THDL, and Jomolhari. Both UChen fonts.
CTRC produces four fonts (1 UChen and three Ume): CTRC-Uchen, CTRC-Tsumachu, CTRC-Betsu and CTRC-Drutsa
Additionally, Nithartha has made a proprietary unicode complying font called Sambhota.
There are also several legacy font systems which use several font files with prestacked characters and input programs.
This link http://www.aerifal.cx/~dalias/bodyig/fonts/ [aerifal.cx] should give plenty more examples.
Huh? (Score:5, Insightful)
First off, yes, that is a single sentence.
Secondly, exactly who is it who says (or can demonstrate) that cracking a Mac or Linux box is easier than a Windows box? My experience is exactly the opposite.
Re:Huh? (Score:5, Insightful)
Secondly, exactly who is it who says (or can demonstrate) that cracking a Mac or Linux box is easier than a Windows box? My experience is exactly the opposite.
The language is vague enough to be pointless. Does he mean when run by the user as root? Does he mean remote exploit vs something in the full install of ___ distro? Does he mean windows makes you click yes more times to run it?
Now half the comments will be off-topic due to that sentence.
Re:Huh? (Score:5, Insightful)
Your windows install has at least been verified by a known party.
Yes, a known incompetent party, which has very little concern for security or the vetting of source code, but has rather different interests foremost.
Re:Huh? (Score:5, Insightful)
Oh that wonderful little drama again.
Had you followed that event a bit more closely, you would have known that little snippet of code had zero (yes, none, zilch) possibility of getting into Linus' branch, where all the public releases are made. In fact judging from your post I'd say you have no idea of what really happened at all.
Do you seriously think they only introduced one problematic piece of code ?
No. I think it's one less than that. It might surprise you, but unlike some proprietary software, the big oss projects aren't big piles of mysterious crap, the developers really do understand their code.
News of successful incursions will, for obvious reasons, not be released until untold damage is done
With countless diligent people like you keeping a watchful eye, I'm sure any news of successful incursions into free/open source software will be promptly released when it happens. Or perhaps even earlier than that!
Re:Huh? (Score:5, Funny)
Yes. Congratulations. You've just demonstrated that the C programmming language makes the difference between a hack and an evaluation statement come down to nothing more than an extra "=."
Every OS sucks, because C sucks.
--
Toro
(Spot the syntax error in this post!)
Re:Huh? (Score:5, Insightful)
There are thousands of attack vectors into linux, far more than there are into any windows software.
How do you know this? A claim this large needs to be supported by something more than mere assertion.
Re: (Score:3, Insightful)
That trivially ignores the hierarchy of review and acceptance.
Moreover, you haven't provided a similar list for Windows, or Windows software.
You make some interesting arguments elsewhere, but your bias is showing.
Re:Huh? (Score:5, Informative)
You have little clue about the reality of oss code checking etc. I implore you to submit a patch to a random major oss project that causes a vulnerability and see if it becomes accepted.
Within projects there are hierarchies of developers, everyone checks eachothers code up the chain, and the lower people can check the upper chains patches also, of course with little recourse over the source tree except to perhaps fork, but people will be notified if anything malicious happens at the upper echelons.
As for you shouldn't trust any author with oss, check all code yourself, how is that any different from saying 'you shouldn't trust any proprietary code, you should check it all in a debugger and reverse engineer it yourself'?
at least oss has transparency, and you can see the trails of who has done what. I agree the packagers almost always trust upstream, but why shouldn't they? upstream will have clean packages or they will fall from grace when it is discovered by a curious third party. It is in upstreams best interest to thoroughly ensure the source is clean.
It is very non-trivial for a new developer to have a large patch accepted in a major oss project, entirely because of all of the checks and balances upstream (the people who write the software).
at the core of any successful oss project, is typically a few (2-20) core people that oversee, check everything and are dedicated to making the project a success, putting backdoors in does not help that goal.
Re: (Score:3, Insightful)
The hierarchy of review or acceptance is a joke. Nobody checks even one tenth of the packages installed on even a basic redhat install. It just doesn't happen.
Citation needed.
And I was pointing out here that you did not even mention it as a possibility.
With open source, you basically do not have the (reasonable) option of trusting the author(s). Your only option is checking every last bit yourself.
False dichotomy. You could also reasonably trust those responsible for committing changes, or publishing them. You could also hire someone to review every last change yourself. You could also assemble only packages you trust and thus provide a minimal, stripped-down version.
With Windows, those last two options are not realistic, and I see no reason to trust someone at Microsoft more than, say, Linus Torvalds or And
Re: (Score:3, Insightful)
Open a prompt ... type dpkg -l
That's the list of software that you have to trust not to contain a backdoor in order to trust your own system.
The list of contributors, package maintainers, webserver admins, ... that are implicitly trusted is ridiculously long.
Refresh my memory: how many lines of code does Microsoft say Windows has these days? Given some of Microsoft's incredible QA fails (the most recent to block access to Google) I am sceptical that they have set the bar very high.
If we can surmise anything from their OOXML fiasco, it is that Microsoft values obscurity over comprehension, product lock-in over the rigour of open debate, and most of all that Microsoft neither understands nor is able to implement its own specifications. There may or may not be int
Re:Huh? (Score:4, Insightful)
I almost can hear a child saying "but... the emperor is naked!". The track of successful attacks on the windows platform, even to secure savvy people, is too long. And some of those attacks were discovered long after the fact just because tiny discrepancies.
No, not sure if there are "formal" auditing into code that goes into kernel or major pieces of the puzzle that is open source, but from there to say that noone checks another's work at all goes a bit of distance. And there is some strenght into the "puzzle" part.
Yes, could be an infiltration in open source software if you take an army of skilled programmers for that task, that could eventually could be busted or not (the many eyes theory is not a guarantee, but is a posibility that exist).
But what if a closed source company wants to put something intended in their OS? Remember how easy was to the security experts to decipher what Conficker will do? And that wasnt even from the maker of the OS.
My recommendation would be something open source, not so edgy, that passed the test of time, but secure and functional.
Re: (Score:3, Informative)
You bring up a very important argument : trust. Who do you trust in the cases of you being the Dalai Lama and you're using linux or windows.
Windows : you're trusting Microsoft, the State of Massachusetts and the Federal Government of America. All of these organizations vet their people, every step up the ladder means more thorough checks. This means that Microsoft has the option of ratting out just about everything you know to the chinese
Linux : you're trusting everyone, everywhere with the basic smarts of
My god, you drunk deep from the koolaid (Score:5, Insightful)
Remind me again please which OS the botnet runs on? Thank you.
MS embeds all kinds of code from third parties. Drivers, libraries etc etc. It has been shown time and time again that there are huge security holes in MS code, holes that are actively exploited. It ain't for nothing that when the NSA wanted to make a proof of concept secure OS they choose linux.
You got a point, how can you trust any OS if you have not checked the code. Where you take a dive of the deep end is that you then suggest that MS can be trusted to check the code for you. Not trusting say Red Hat blindly that they checked all the code is sensible, trusting Microsoft that they checked all theirs is just plain silly. If they had, they wouldn't have so many bugs. And your fate in your goverment is bordering on the insane.
Anyway, that same goverment checks linux code. So either both are to be trusted or neither is.
Re:Huh? (Score:4, Insightful)
Re:Huh? (Score:5, Insightful)
There are thousands of attack vectors into linux, far more than there are into any windows software.
How much source code have you verified on your linux install ? Your windows install has at least been verified by a known party. Anyone wanting to get into your system will have to get past microsoft first.
Microsoft verify its software so well that it doesn't even know what it's privileged services do. They had to create an "archaeological" team to discover how their CIFS redirector works, just to be able to write the documentation the EU antitrust mandated them to write as a remedy.
It is well known that they historically never created. much less used extensive test suites.
Proof is the number of regressions you can see in their server software from one release to the other. Their testing method has always just been to run a battery of clients with Office and other "important" application to make sure they did not "break".
Now in theory getting into a linux system would require getting past redhat or canonical.
In practice, as several breaches have demonstrated, compromising ANY widely used project (who accept volunteers as full comitting members merely for showing a bit of ability) would be sufficient.
And yet there is no evidence that any reasonably popular Linux distribution is compromised.
It's easy to fantasize on what could happen, but empirical evidence shows this is mere speculation.
How many chinese spies are working on the linux kernel. Improving it, yes, but also ...
And how many have been working for Microsoft, with the added "benefit" that nobody can review the code outside of said organization? (which as mentioned above has already demonstrated it doesn't know its own code?)
Do you dare to bet your life on the answer being zero ?
As much as I can bet my life on any other hw/sw system.
A full linux install being trustworthy is dependant on tens of thousands of coders all being trustworthy (since in practice, nobody checks one another's work, and no "real" security audits are being conducted. Checking personnel is considered heresy, refusing code based on lack of credentials is something that cannot ever be mentioned).
Man so much FUD in a single sentence is staggering.
1) any major (and certainly any security sensitive project) is checked. Every single checking is normally reviewed by at least another developer. This is true both for the kernel and many other projects. So the idea that nobody checks one another work is total bullshit.
2) not only code is checked by automatic checkers for defects, a lot of cryptographic and security software is routinely certified (FIPS and others) and reviewed both internally and by external organizations.
3) There is no need to refuse code on the basis of lack of credentials, because the code is *reviewed* first. So if you do something that is not simply stupid but that is malicious you can bet none of your code will never be reviewed again, much less committed.
4) Obviously you have never developed any major FOSS software ...
You want to be secure against chinese interference ? Go to microsoft or ibm. Not because they do not have chinese spies in their organisations, but because they most likely do not have 1000 chinese spies in them.
1,10,100,1000, does it make any difference?
What you need is 1, and only 1.
Also, those spies have to get past at least a single code review (one hopes) before compromising all customer's security.
Ya, rly ?
Sorry to break the news to you : open source software, in it's current form, cannot defend against a concerted attack by any large groups of individuals. It can't be done. It doesn't have to be the chinese. It's a matter of time before isla
Re:Huh? (Score:5, Informative)
I agree with you that Linux in general isn't a very safe bet when you want to be secure, especially not if you are worried about targeted attacks.
However, that does not mean that ``open source software, in it's current form, cannot defend against a concerted attack by any large groups of individuals. It can't be done.''
There is a project called OpenBSD [openbsd.net] which does exactly what you suggest open source projects don't do: conduct security audits [openbsd.org] of their whole system.
Personally, I would trust OpenBSD much more than I would any closed-source vendor. Also, OpenBSD has a number of security features [openbsd.org] that limit the impact of any vulnerabilities not caught by the audit process.
Also, Debian [debian.org] has an audit process [debian.org] that looks not only at the base system, but also at the packages that are included in the distribution. This does not cover all packages [debian.org], but goes a whole lot further than what many vendors (particularly Microsoft) offer.
On the whole, I think you are being overly negative about security in the open source world, and too optimistic about security in the closed source world. From personal experience, I can tell you from personal experience that the idea that code in closed-source projects has to make it past "at least one code review" is simply wishful thinking. By contrast, the idea that code has to pass at least one review before being accepted is an actual reality in at least some open source projects (including Linux and OpenBSD).
So, while certainly not claiming that using Debian or even OpenBSD is a panacea for security, I have much more faith in those projects than in any closed source project.
Re:Huh? (Score:5, Interesting)
So what? China plays a long game, people could have been sent to immigrate to the US years ago. With travel to the China very common these days, could you be sure that China has not succeeded in planting spies?
Forget the kernel -- it's the compiler that is the key. Didn't someone show years ago how code could be inserted into a compiler and once it was there, there was no way to remove it -- apart from going back through the archives and finding a sufficiently old and uninfected compiler? If the compiler adds code to the kernel every time the kernel is built, you can spend forever vetting the kernel source code, but not find the vulnerability that the compiler inserted.
Re: (Score:3, Interesting)
Sure, you can watch someone's commits. You could examine every single byte of their commits, assuming they were malicious. And you could review the reviewers, assuming THEY were malicious. But you can't stop the spy from doing what they do best: collect information. What if they're finding countless bugs and simply not reporting them? I'd rather have the open source model where there are orders o
Re: (Score:3, Funny)
several decades in a little box with no windows.
Sounds like FOSS heaven
Re:Huh? (Score:5, Insightful)
I don't need to because there are hundreds of code reviews ongoing on the Linux kernel code all the time.
The key word here is Open Source. There are enough paranoids out there using the Linux kernel that I'm sure just about everything gets plenty of scrutiny. If you are a party with something to worry about, like the Tibetan Gov't in Exile you could get a few people together to vet the code that goes into your own build and monitor the patches that go in. That is something you cannot do with Windows or any other closed source product (that include Mac OS X, really, as what comes from Apple has a bunch of closed source extensions). Doing your own security review would be difficult but it is possible.
If I had to bet my life on something it sure wouldn't be Windows.
Re:Huh? (Score:4, Insightful)
Can you say the same for linux kernel contributors ?
It doesn't matter where an idea came from -- that's why Ad Hominim is a fallacy.
It matters whether it's valid.
So yes, I can say the same for the part that matters:
I'm sure that were one to dig deep enough, you'd find that the xp kernel (like some central parts of the linux kernel) has been vetted by NSA experts.
There you have it -- some central parts of the Linux kernel have been vetted by NSA experts.
Re:Huh? (Score:5, Insightful)
Especially if the sysadmins take an active role in:
A. Customizing and minimizing the installed packages.
B. Configuring a very restrictive set of firewall rules.
C. Configuring a very tight SELinux policy.
The key to Linux is to not think of it as on Operating System so much as an "OS Toolbox" that lets you build just what is needed.
Re: (Score:3, Insightful)
We're not talking about a desktop system, securing a custom network IS gonig to take planning and time, I'd hazard a guess that as SELINUX has been around longer, it better documented and more secure, additionally as redhat based distros (RHEL,centos,fedora) all come with a fair bit of SELINUX setup for you it's not too hard to tweak from that.
Re: (Score:2)
Secondly, exactly who is it who says (or can demonstrate) that cracking a Mac or Linux box is easier than a Windows box? My experience is exactly the opposite.
Cracking with a virus? Probably not very easy. However, I would imagine that it is much simpler to write a trojan script for *nix than for Windows (until PowerShell gains mindshare among Windows users). Education is the only defense against PEBKAC.
Free Tibet! (Score:5, Funny)
Re: (Score:2)
Re: (Score:2, Insightful)
First thoughts (Score:5, Insightful)
As opposed to the anti-exploitation frameworks which were present in UNIX systems from the moment they were conceived? and continually updated since? You've been listening to too much Microsoft advertising if you think they're Superior. (Competitive? Maybe. Superior? Not a chance).
Coming first isn't always the best thing (Score:5, Informative)
neither is the Microsoft approach (Score:3, Insightful)
ASLR in Linux is a novelty and usually not the default. Just like selinux is a joke.
Yes, and there's a reason for that: the Linux community apparently doesn't want them and doesn't find them useful. If enough people wanted them, they'd be on by default in the major distributions.
To bad MS has figured out how to implement it consistently.
Yes, and that pretty much tells you what's wrong with Microsoft: it's a bunch of managers deciding top down what security mechanisms Windows should use, and then they direc
A secure OS for the office of HH the Dalai Lama (Score:5, Informative)
Talk to the Bhutanese Govt. They're now using a Debian variant with localised scripts for Dzongha. Debian includes some Tibetan fonts.
That should give you 20,000 apps to leverage :) Christian Perrier who co-ordinates some of the Debian translation work may know more.
Re:A secure OS for the office of HH the Dalai Lama (Score:4, Insightful)
And each one with its own set of vulnerabilities.
Or Ubuntu, because (Score:5, Funny)
Re:A secure OS for the office of HH the Dalai Lama (Score:5, Funny)
Does it include Enlightenment?
If the only thing they run is windows... (Score:5, Informative)
Re:If the only thing they run is windows... (Score:5, Insightful)
Most of all, make sure that anyone that uses a computer is aware of the risks. Even more sure with higher clearance levels.
Single OS not good for Dahli Lama's computer (Score:5, Funny)
If *I* was in charge of the DL's computer, I wouldn't put on *only* Linux or *only* Windows or what have you. I think the DL needs a multiboot machine, and would really appreciate it if you tried to make him one with everything.
Somebody please mod this "underrated" (Score:5, Funny)
Re: (Score:3)
Re: (Score:2)
I think "last week" is a little generous. They obviously lost it a long time ago.
Paranoid Linux someday, NetBSD now. (Score:5, Informative)
http://paranoidlinux.org/ is a project to create a distribution which assumes the user is under assault from the government. Right now, it's a vaguely locked down version of Ubuntu, but someday this might be pretty cool.
In the meantime, just run NetBSD and full-disk encryption.
From wikipedia:
NetBSD provides various features in the security area. The Kernel Authorization framework (or Kauth) is a subsystem managing all authorization requests inside the kernel, and used as system-wide security policy. It allows external modules to plug-in the authorization process. NetBSD also incorporates exploit mitigation features, ASLR, MPROTECT and Segvguard from PaX project, and GCC Stack Smashing Protection (SSP, or also known as ProPolice) compiler extensions. The Verified Executables (or Veriexec) is an in-kernel file integrity subsystem in NetBSD. It allows the user to set the digital fingerprints (hashes) of files in the system to monitor by the Veriexec, and prevent the execution of them. For example, one can allow Perl to run only scripts that match the fingerprints. The cryptographic device driver (CGD) provides functionality which allows using the disks or partitions (including CDs and DVDs) for encrypted storage in NetBSD.
Re: (Score:2)
Re: (Score:3, Insightful)
For the BSD fans, this is NOT meant to flame, just to point
Re:Paranoid Linux someday, NetBSD now. (Score:4, Interesting)
My reluctance with BSD is the lack of "rich entertainment"
I use netbsd on my servers and some workstations. The lack of a rich environment is a defence against PEBAK. The problem is selling it to the users.
Done properly, the users would need to specify up front exactly what they want their system to do, so that a solution could be designed from those requirements. A lot of the time these days, secure communication is a prime requirement and BSD can certainly provide that.
Re: (Score:3, Interesting)
By "rich entertainment" you mean the proprietary stuff owners of the code can't be bothered to compile for different platforms? But we are talking security here, the least you want is to add -who knows what it does on your back- black boxes known as proprietary software.
Mp3 is no problem as there is plenty of free software for it (being a patented format is an entirely different matter). Same with many other media formats (xvid, x264, etc).
I think in your experience with *bsds, you didn't try the ports syst
Malware is the issue (Score:3, Insightful)
Not encryption or top secret stuff.
Any of the major linux distros should work fine., unicode tibetan is supported.
Practical considerations and philosophical ones (Score:5, Insightful)
First of all, converting the Dalai Lama to Linux is about the coolest IT project I've ever heard of, so congratulations
That aside, there are practical considerations and there are philosophical ones you'll want to consider. Practically speaking, no platform is 100% secure. Linux has historically been more secure than Windows. MS has made a lot of progress in the last decade or so.
The question is, do you prefer the closed-source approach or the open-source one? Would you rather the problems be hidden away, or laid out for all to find? In the closed-source scenario, knowledge of exploits may be less common, but that cuts two ways. Less attackers will be aware of an exploit, but less defenders will be aware of it as well. That may well result in the exploits that do occur being much more severe.
Beyond those practical considerations, which approach fits better with the values of the Tibetan community and the Dalai Lama in particular? In my mind, open source is the embodiment of non-attachment.
Greetings Dhali Lama... (Score:3, Funny)
Re:Greetings Dhali Lama... (Score:5, Funny)
Bias (Score:5, Insightful)
A Secure OS For the Dalai Lama?
I have absolutely no idea what Slashdot will say to a question like that.
Not only the DL (Score:2, Informative)
A very similar penetration was detected on IT infrastructure of several German govt. agencies no long ago.
Lots of internal information where uploaded to the internet before it was detected and stopped
An the trail seemed to lead... you know where.
You must not have heard (Score:5, Funny)
Re:You must not have heard (Score:4, Funny)
Apparently this Vista [slashdot.org] thing is the most secure os on the planet.
It's the small user base that keeps it secure.
Mac OS X or openBSD (Score:3, Interesting)
Something that helps (Score:5, Interesting)
Media should contain not only OS but applications in trusted configuration. No updates allowed from outside trusted entities
Use only boot media provided from trusted entity
Maybe use also something like tripwire to detect change in the OS/applications files checking changes by comparing sensitive file
Full encryption on sensitive data/drives
Use Yellow Hat GNU/Linux (Score:3, Funny)
The obvious solution is Yellow Hat GNU/Linux [stallman.org].
Seriously, this is a great project. Surely the appropriate solution is a version of either GNU/Linux, such as SELinux, or OpenBSD [openbsd.org]. No system is entirely secure, but the idea that MS Windows could be as secure as GNU/Linux or BSD is wild.
Diversify! (Score:3, Insightful)
The reason is simple: if an outside attacker can't predict what they will meet, it's much harder to get in.
And if you can get the various OSes to masquerade as each other when replying to outside queries, so much the better: an attacker could be trying to use known Mac vulnerabilities to enter a machine that from the outside looks and behaves like a Mac, but actually runs Windows or Linux.
fonts? (Score:3, Informative)
I'm a little surprised to hear that there is no good Tibetan font. Here is a list of Unicode-encoded Tibetan fonts [alanwood.net], mostly both free and libre. Do none of them meet the need?
Re: (Score:3, Informative)
I'm a little surprised to hear that there is no good Tibetan font. Here is a list of Unicode-encoded Tibetan fonts [alanwood.net], mostly both free and libre. Do none of them meet the need?
I agree-- It appears they are possibly misinformed about fonts. There are at least 2 very good True Type Unicode Tibetan fonts-- "Tibetan Machine Unicode" and "Jomolhari", both of which are more attractive, as well as more advanced in their development than Microsoft's "Himalaya" font.
your assumptions are wrong (Score:5, Informative)
Why would it be more difficult to "write" (aka implement) exploits for one operating system than another? You should be worried about how hard it is to find exploits and how quickly they're fixed.
Assuming for the moment all you care about is the actual security of your software (excluding implementation details, mis-configurations, etc), the real metric you want to be looking at is the frequency of discovery of serious vulnerabilities and the span of time from first (non-public) discovery (which may not be knowable) and the appearance of a patch you could use. Looking merely at "remote root exploits / year" and "mean time to patch remote root exploit" might not be a bad place to start.
Also, you need to think about the actual design of the operating systems in question. Without tipping my hand too much, some might say that the Unix user/superuser distinction is something Microsoft could learn from.
That being said, though, I'll tell you my opinions.
Netbsd has one of the best track records in the industry with regards to server security. The security of *nix, in general, scales directly with the intelligence of the people managing it. You can get decently far with Windows and just doing things 'by the book,' but it's got all the typical problems of monoculture and a well-deserved poor reputation.
A group of very intelligent, very technical network admins are nearly unstoppable given linux and sufficient control. A group of very intelligent people can probably make do with Windows too. Windows configured by average people may in some cases be better than Linux configured by average people.
In any event, just from reading your question, I doubt you are technical enough to undertake this at a nuts-and-bolts level. You kind of came here asking "Is Linux or Windows more secure?" You bet your ass I have an opinion on the matter, but the problem is, so does everyone else. You need to find highly intelligent people, and then use your common sense and analytical thinking to weigh their arguments. In short, stop thinking as if the answer to your question would provide security; find smart people experienced in securing things and then evaluate the tools (operating systems) as they relate to your immediate ends.
Red Flag (Score:5, Funny)
Red Flag Linux ? ;)
Oh, so you're playing Devil's Advocate? (Score:3, Informative)
For a bit more balance in the whole story, have a look at this video [youtube.com].
Anyone willing to debunk this, you're welcome; As I still have quite a quarrel with each time the Dalai Lama gets mentioned as some sort of Saint.
(This does not reflect my opinion on the whole Tibet/China debacle; I think that's as bad as it is)
Re: (Score:3, Insightful)
when the Chinese invaded. He has consistently supported democracy, equality, and human rights.
The Dalai Lama may "consistently" espouse such views in public, but his behavior outside the (western) public eye tells a different story. Even for Tibetans now residing on free soil in places such as the US, UK, Germany, and Switzerland, he behaves as a dictator-for-life and demands that they follow his decrees in order to receive travel papers, work permits, food and living allowances, etc. His regime unapologetically practices religious apartheid. Unbelievable? Check out the information and first-han
It is about the process.... (Score:3, Interesting)
The problem here is probably one of process and not operating system.
One of the ways that I manage my systems is to create a zone where hackers may go, and not go.
For example, I use a good firewall. That firewalls is allowed to communicate to another firewall. Between the two firewalls is my take down zone. This means if they happen to break through the firewall all they will get are servers that can be taken down anyways.
These take down servers are virtual machine based. So if a machine goes down, who shives a ghit because you just shut down the VM, copy the old one and restart it.
The second firewall is a non entry firewall. That means there is absolutely no way at all to get through it from the outside. Only those behind the second firewall may communicate outside. And if I need to communicate to a trusted source outside the first firewall I setup a VPN server between the two firewalls. If somebody manages to hack that VPN server, you just take it down, setup new keys, restart and away you go.
By not allowing any communication into the second firewall you stop outside hackers. Then to allow communications from the inside to the outside you setup proxy servers that are trusted to communicate to the outside. Only those proxy servers may communicate with the outside world. Without those proxy servers the inside users are cut off, but you have created a wall where you can control the entries and exits.
Re:It is about the process.... (Score:4, Insightful)
---One of the ways that I manage my systems is to create a zone where hackers may go, and not go.
The only way to guarantee that is by an air gap. If data can travel in both directions, it can gone to.
---For example, I use a good firewall. That firewalls is allowed to communicate to another firewall. Between the two firewalls is my take down zone. This means if they happen to break through the firewall all they will get are servers that can be taken down anyways.
---These take down servers are virtual machine based. So if a machine goes down, who shives a ghit because you just shut down the VM, copy the old one and restart it.
Lets assume what you say is correct. First, what protections do you have vs the hypervisor running the VMs? How do you prevent starvation of resources by de-fragmenting ill formed packets? If you don't "correct broken packets", then what prevents a fragrouter-like attack right through your network?
As per your answer of shutting down and reloading, that is not an answer to bad rules that can almost never work, for they will persist until you fix them. Then, when you bring them up, they will be hopped over again.
(trimmed gobbledegook about unhackable firewalls)
You can think that you have an unhackable setup. Fine. Perhaps you will investigate what I said, and might take action to test what I claim. But aside that you are probably just as vulnerable as the rest. All that has to really be done is your border router feed bad updates to machines requesting OS updates. Of course, crypto signatures will catch that they don't sign, but that's where we use old packages with known vulnerabilities. I'm sure in your course of duty you don't check the package date, nor do most update programs. Or, perhaps somethings watching for passwords on your external firewall. There's a nice tool called dsniff that does just that.
In the real world, if you want an unhackable network, you build the network with no external connections. It's as simple as that. The military understands that. Power companies understand that. Industrial control designers understand that. If you want to have a facade that you somehow can super-firewall so that no hacker can get in, so be it. Whatever you put on the internet can potentially end up everywhere. Just look at Wolverine Workprint or multitudes of sex tapes or other media. I'm sure there's some Presidential Helicopter schematics going around in Islamic areas right now, according to my sources.
The answer lies within. (Score:4, Funny)
BEOS (Score:3, Insightful)
Hardly any exploits at all.
Oh you wanted a USABLE OS? Well you'll need to tell me what it's going to be used for.
I smell bacon! (Score:4, Insightful)
This entire article smells like flamebait to me. I'm going to sit back and watch it burn.
How Secure Do You Want To Be? (Score:3)
The first thing you need to determine is just how secure you want your Linux to be, how much control you want, and how much expertise you can muster to implement those security policies. If you want total control and have a staff with high technical expertise, then you may want to go with Linux From Scratch [linuxfromscratch.org]. You'll have total control (and total responsibility) for everything, but it's going to require a lot of work.
On the other end is (K)ubuntu, PCLinuxOS, Mandriva, and other easy to use Linux distributions. Setup and maintenance are very easy, but they are managed outside of your direct control. You can always boot from read-only media or run the system (slowly) from CD or DVD, though. Outside of creating your own operating system and applications, though, you're probably going to have to compromise on total control. In that case, any of these distributions are more or less on equal security footing; all of them are good choices.
How paranoid you are will go a long way towards deciding which distribution you want to use.
Font is not a problem... (Score:3, Informative)
yum install tibetan-machine-uni-fonts
Of course you may hate YUM but the package is available for other distros as well. Even if you are using Windows (download the font from the url: http://www.thlib.org/tools/#wiki=/access/wiki/site/26a34146-33a6-48ce-001e-f16ce7908a6a/tibetan%20machine%20uni.html [thlib.org])
Rather than choosing a secure OS ... (Score:5, Insightful)
... you need to choose a competent admin. Remember, security is a process, not a product ...
You're utterly missing the point. (Score:5, Insightful)
It's not about the OS. I've had Windows servers remain safe for years, and Linux servers be subverted in days.
Security is an eco-system, not an OS, for example:
- granting and removing access rights, in a very conservative and up-to-date manner
- keeping an audit trail of every access
- locking confidential info so it never gets onto a laptop's HD
- having backups
- securing every cog and wheel of the system: client PCs, routers, servers, backups, admin stations...
- locking down the weakest point: users (weak passwords, copied files, printouts, espionage...)
- and many more issues.
In the big picture, the OS is fairly irrelevant. It's only a very small part of the whole system. The whole "we need to be safe - let's switch to Linux" is wrong and shows a tremendous lack of understanding of the issues.
security as a continuum (Score:3, Insightful)
with that in mind I would advocate trading a lot of usability for security - you could have an encrypted disk and run a terminal with something like nano and lynx installed - this would be pretty damn secure especially if you were running it on fairly secure hardware (did Intel ever fix the security issue that theo de raat was talking about in the Core 2s?) with something like OpenBSD as the core. This, I think would allow you (after some modifications) to allow pretty robust security. A downside though is that I'm pretty sure you might be compelled to run in English as I'm not sure how good the language support is for this sort of thing (with no GUI I can't imagine it would be great). Even so, I think if your data security is important (and lets face it, in this situation it probably is) then the trade-off might be worth while.
Of course, perhaps the more gaping hole in security is the user themselves, who could always reveal all the information they had to anyone... XKCD said it better - http://xkcd.com/538/ [xkcd.com]
Re:His Holy etc. (Score:4, Funny)
Or the English Queen?
Do you mean Her Majesty Elizabeth the Second, by the Grace of God, of Great Britain, Ireland and the British Dominions beyond the Seas Queen, Defender of the Faith, Duchess of Edinburgh, Countess of Merioneth, Baroness Greenwich, Duke of Lancaster, Lord of Mann, Duke of Normandy, Sovereign of the Most Honourable Order of the Bath, Sovereign of the Most Ancient and Most Noble Order of the Thistle, Sovereign of the Most Illustrious Order of Saint Patrick, Sovereign of the Most Distinguished Order of Saint Michael and Saint George, Sovereign of the Most Excellent Order of the British Empire, Sovereign of the Distinguished Service Order, Sovereign of the Imperial Service Order, Sovereign of the Most Exalted Order of the Star of India, Sovereign of the Most Eminent Order of the Indian Empire, Sovereign of the Order of British India, Sovereign of the Indian Order of Merit, Sovereign of the Order of Burma, Sovereign of the Royal Order of Victoria and Albert, Sovereign of the Royal Family Order of King Edward VII, Sovereign of the Order of Mercy, Sovereign of the Order of Merit, Sovereign of the Order of the Companions of Honour, Sovereign of the Royal Victorian Order, Sovereign of the Most Venerable Order of the Hospital of St John of Jerusalem?
It's bad enough using this shorthand without her non-regnal titles.
Re: (Score:3, Funny)
I just call her HRH E2R. Although sometimes I mistake that name for a postal code.
Re: (Score:3, Interesting)
Another thing you can do with Vista is enable "signed only". Root around in the security policy and you will find it. It will refuse to run any executable that is not signed. Period.
According to Microsoft's malware study 0.06% of malware is signed. Sounds like something that would eliminate most of all threats.
Re:Physical Security First (Score:5, Interesting)
Not the entire US Govt - just the state department. It was a political pissing contest over which contract was used and that Congressman Wolf didn't get a kickback if the contract went through Lenovo who was doing business out of New York. If Chinese made computers or Chinese controlled companies were the issue, they wouldn't have bought any computers. There are no computers made solely with US parts on US soil.
Computers aren't that big of a deal. You inspect for physical anomalies, wipe the HD and install the OS. You never use the default factory install as its untrustworthy. Same reason you wipe thumb drives on a standalone computer before issuing to your users.
Now if you want to talk about untrustworthy sources - there are legitimate reasons for the US govt to avoid Kasperasky A/V as the company is owned by an ex-KGB type and has connections to russian hackers.
Re: (Score:3, Interesting)
and avoid Microsoft as it is an American corporation with deep connections to the American Government... who would love to have a backdoor into computers used by other governments... and the means to remotely force "upgrades" onto those machines...
Re: (Score:3, Informative)
Yes, these levels of security from the 'orange book' is what I was thinking about when I made an earlier post that recommended an OS from Green Hills Software. They sell an 'A1' level OS, called 'Integrity'.